Skip to content

Instantly share code, notes, and snippets.

@joepie91

joepie91/gist:5437565

Created April 22, 2013 18:59
Show Gist options
  • Save joepie91/5437565 to your computer and use it in GitHub Desktop.
Save joepie91/5437565 to your computer and use it in GitHub Desktop.
Download ZIP
Raw
gistfile1.php
<?php
if (!defined("WHMCS"))
die("This file cannot be accessed directly");
/*
************************************************
*** FraudRecord Addon Module FOR WHMCS 5.x ***
*** Module Version 0.6.1
*** Main Module File
FraudRecord is a free service for online service providers (hosting companies or others), designed to help them combine their knowledge and combat against misbehaving clients. Companies can report unpleasant clients to FraudRecord, and access our database to read the information provided by other companies.
Visit http://www.fraudrecord.com/ for more information.
************************************************
*/
function fraudrecord_config() {
$configarray = array(
"name" => "FraudRecord",
"description" => "Allows integration with FraudRecord system, so that you can report and query about problematic or disruptive clients.",
"version" => "1.0",
"author" => "FraudRecord.com",
"language" => "english",
"fields" => array(
"option1" => array ("FriendlyName" => "API Code", "Type" => "text", "Size" => "18", "Description" => "API code for your reporter profile. Obtained from FraudRecord website, under 'Reporter Profiles'.", "Default" => "", ),
));
return $configarray;
}
function fraudrecord_activate() {
# Create Custom DB Table
$query = "CREATE TABLE IF NOT EXISTS `mod_fraudrecord` (
`ID_FRC` int(11) NOT NULL AUTO_INCREMENT,
`ID_CLIENT` int(11) NOT NULL,
`report_value` int(11) NOT NULL,
`report_type` VARCHAR(32) NOT NULL,
`report_data` text NOT NULL,
`report_time` int(11) NOT NULL,
`report_code` varchar(16) NOT NULL,
`report_adminid` int(11) NOT NULL,
`query_value` varchar(32) NOT NULL,
`query_time` int(11) NOT NULL,
PRIMARY KEY (`ID_FRC`)
)";
$result = mysql_query($query);
# Return Result
if($result == true)
{
// reserve first entry
mysql_query("DELETE FROM mod_fraudrecord WHERE ID_FRC = 1");
mysql_query("INSERT INTO mod_fraudrecord (ID_FRC, ID_CLIENT, report_data) VALUES (1,0,'')");
return array('status'=>'success','description'=>'Addon successfully activated. Scroll below and provide your "API Code", and activate access to administrators and sales operators.');
}
else
return array('status'=>'error','description'=>'There was a problem activating the module.');
}
function fraudrecord_deactivate() {
$query = "DROP TABLE `mod_fraudrecord`";
$result = mysql_query($query);
# Return Result
if($result == true)
return array('status'=>'success','description'=>'Addon successfully removed.');
else
return array('status'=>'error','description'=>'There was a problem removing the addon.');
}
function fraudrecord_upgrade($vars) {
$version = $vars['version'];
}
function fraudrecord_output($vars)
{
global $frc_error;
$frc_error = array();
$adminid = $_SESSION['adminid'];
$modulelink = $vars['modulelink'];
$version = $vars['version'];
$apicode = trim($vars['option1']);
$LANG = $vars['_lang'];
/**/
$action = $_REQUEST['action'];
$clientid = (int) $_REQUEST['clientid'];
if($action == 'report')
{
$display = 'report';
if($clientid > 0)
$client = frc_get_client_details($clientid);
if(isset($_POST['submit']) && $client)
{
// cleanup htmlspecialchars from whmcs inputs
foreach($_POST as $k => $v)
if(!is_array($v))
$_POST[$k] = htmlspecialchars_decode($v);
// test some fields
if(empty($_POST['text']))
$frc_error[] = $LANG['emptytext'];
if(empty($_POST['type']))
$frc_error[] = $LANG['emptytype'];
elseif(strlen($_POST['type']) < 1 || strlen($_POST['type']) > 32)
$frc_error[] = $LANG['typelength'];
if(empty($_POST['value']) || !ctype_digit($_POST['value']) || $_POST['value'] < 1 || $_POST['value'] > 10)
$frc_error[] = $LANG['invalidvalue'];
// no errors?
if(empty($frc_error))
{
// define fields
$fields = array(
'_api' => $apicode,
'_action' => 'report',
'_text' => $_POST['text'],
'_type' => strtolower($_POST['type']),
'_value' => (int) $_POST['value'],
);
// add hashed fields
foreach($client as $k => $v)
if(isset($_POST[$k.'_check']) && prepare_value($v) != "")
$fields[$k] = fraudrecord_hash(prepare_value($v));
// add some more fields if the admin adds them manually
$extra = array();
foreach($_POST as $k => $v)
{
if(!empty($v) && prepare_value($v) != "" && substr($k,0,3) == "key")
{
$n = substr($k,3);
// trim any whitespace and underscore from "key".
$extra[] = array(trim(trim($_POST['key'.$n]),"_"),$_POST['value'.$n]);
}
}
foreach($extra as $x)
{
if(!empty($x[1]) && trim($x[1]) != "")
{
// make sure each field is unique. if email and email1 is defined alread, make sure we add email2.
$c = '';
while(isset($fields[$x[0].$c]))
$c = ((int)$c)+1;
if($c)
$x[0] = $x[0].$c;
// still make sure not to overwrite
if(empty($fields[$x[0]]))
$fields[$x[0]] = fraudrecord_hash(prepare_value($x[1]));
}
}
//open connection
$ch = curl_init();
//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL,"https://www.fraudrecord.com/api/");
curl_setopt($ch,CURLOPT_POST,count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS,$fields);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,0);
//execute post
$result = curl_exec($ch);
//close connection
curl_close($ch);
if(preg_match("~OK:([0-9a-z]{16})~",$result, $response) && !empty($response[1]))
{
$responsecode = $response[1];
$insert = array(
'ID_CLIENT' => $clientid,
'report_value' => $fields['_value'],
'report_type' => $fields['_type'],
'report_data' => base64_encode(serialize($fields)),
'report_time' => time(),
'report_code' => $responsecode,
'report_adminid' => $adminid,
);
insert_query("mod_fraudrecord",$insert);
$status = "success";
$display = 'list';
$action = 'list';
}
else
{
$frc_error[] = $LANG['reporterror'];
$f = @fopen(dirname(__FILE__)."/fraudrecord.log","a");
@fwrite($f,"Date:".date("d.m.Y H:i:s")."\n".$result."\n\n------\n\n");
@fclose($f);
}
}
}
else
{
}
}
if($action == 'query')
{
$display = 'query';
if($clientid > 0)
$client = frc_get_client_details($clientid);
if(isset($_POST['submit']) && $client)
{
// define fields
$fields = array(
'_api' => $apicode,
'_action' => 'query',
);
// add hashed fields
foreach($client as $k => $v)
if(isset($_POST[$k.'_check']) && prepare_value($v) != "")
$fields[$k] = fraudrecord_hash(prepare_value($v));
// add some more fields if the admin adds them manually
$extra = array();
foreach($_POST as $k => $v)
{
if(!empty($v) && prepare_value($v) != "" && substr($k,0,3) == "key")
{
$n = substr($k,3);
// trim any whitespace and underscore from "key".
$extra[] = array(trim(trim($_POST['key'.$n]),"_"),$_POST['value'.$n]);
}
}
foreach($extra as $x)
{
if(!empty($x[1]) && trim($x[1]) != "")
{
// make sure each field is unique. if email and email1 is defined alread, make sure we add email2.
$c = '';
while(isset($fields[$x[0].$c]))
$c = ((int)$c)+1;
if($c)
$x[0] = $x[0].$c;
// still make sure not to overwrite
if(empty($fields[$x[0]]))
$fields[$x[0]] = fraudrecord_hash(prepare_value($x[1]));
}
}
//open connection
$ch = curl_init();
//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL,"https://www.fraudrecord.com/api/");
curl_setopt($ch,CURLOPT_POST,count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS,$fields);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,0);
//execute post
$result = curl_exec($ch);
//close connection
curl_close($ch);
preg_match("~\<report\>([0-9.\-a-f]+)\</report\>~",$result,$matches);
$result_exp = explode("-",$matches[1]);
$query_value = $matches[1];
if(isset($result_exp[3]) && strlen($result_exp[3]) == 16)
{
// is the client in the mod_fraudrecord already?
$result = mysql_query("
SELECT MIN(ID_FRC) as minid
FROM mod_fraudrecord
WHERE ID_CLIENT = $clientid");
$minid = mysql_fetch_assoc($result);
mysql_free_result($result);
$minid = $minid['minid'];
if(!empty($minid))
{
$update = array(
"query_value"=>$query_value,
"query_time" => time(),
);
$where = array("ID_FRC"=>$minid);
update_query("mod_fraudrecord",$update,$where);
}
else
{
$insert = array(
'ID_CLIENT' => $clientid,
"query_value"=>$query_value,
"query_time" => time(),
);
insert_query("mod_fraudrecord",$insert);
}
$status = "successquery";
$display = 'displayquery';
$action = 'query';
}
else
{
$frc_error[] = $LANG['queryerror'];
$f = @fopen(dirname(__FILE__)."/fraudrecord.log","a");
@fwrite($f,"Date:".date("d.m.Y H:i:s")."\n".$result."\n\n------\n\n");
@fclose($f);
}
}
}
if($action == 'details')
{
$display = 'details';
// get client details
$result = mysql_query("
SELECT frc.*, cl.firstname, cl.lastname, cl.email
FROM mod_fraudrecord as frc
LEFT JOIN tblclients as cl ON cl.id = frc.ID_CLIENT
WHERE ID_CLIENT = $clientid
");
$reports = array();
while($row = mysql_fetch_assoc($result))
{
if($row['report_value'] > 0)
$reports[] = $row;
}
}
if($action == 'delete')
{
$reportid = (int) $_REQUEST['reportid'];
// get report code from id
$result = mysql_query("
SELECT report_code
FROM mod_fraudrecord
WHERE ID_FRC = '$reportid'
");
$reportcode = mysql_fetch_assoc($result);
$reportcode = $reportcode['report_code'];
// define fields
$fields = array(
'_api' => $apicode,
'_action' => 'delete',
'_code' => $reportcode,
);
//open connection
$ch = curl_init();
//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL,"https://www.fraudrecord.com/api/");
curl_setopt($ch,CURLOPT_POST,count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS,$fields);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,0);
//execute post
$result = curl_exec($ch);
//close connection
curl_close($ch);
// delete from own DB
$result = mysql_query("
UPDATE mod_fraudrecord
SET report_value = 0, report_type = '', report_data = '', report_time = 0, report_adminid = 0, report_code = 0
WHERE ID_FRC = '$reportid'
");
$status = "successdelete";
$display = 'list';
$action = 'list';
}
if(empty($action) && isset($_POST['checkbutton']))
{
@set_time_limit(0);
$checked = array();
foreach($_POST as $k => $v)
{
if(strpos($k,"check_") === 0 && ctype_digit(substr($k,6)))
{
$checked[] = (int) substr($k,6);
}
}
if(!empty($checked))
{
foreach($checked as $clientid)
{
$client = frc_get_client_details($clientid);
// define fields
$fields = array(
'_api' => $apicode,
'_action' => 'query',
);
// add hashed fields
foreach($client as $k => $v)
$fields[$k] = fraudrecord_hash(prepare_value($v));
//open connection
$ch = curl_init();
//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL,"https://www.fraudrecord.com/api/");
curl_setopt($ch,CURLOPT_POST,count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS,$fields);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,0);
//execute post
$result = curl_exec($ch);
//close connection
curl_close($ch);
preg_match("~\<report\>([0-9.\-a-f]+)\</report\>~",$result,$matches);
$result_exp = explode("-",$matches[1]);
$query_value = $matches[1];
if(isset($result_exp[3]) && strlen($result_exp[3]) == 16)
{
// is the client in the mod_fraudrecord already?
$result = mysql_query("
SELECT MIN(ID_FRC) as minid
FROM mod_fraudrecord
WHERE ID_CLIENT = $clientid");
$minid = mysql_fetch_assoc($result);
mysql_free_result($result);
$minid = $minid['minid'];
if(!empty($minid))
{
$update = array(
"query_value"=>$query_value,
"query_time" => time(),
);
$where = array("ID_FRC"=>$minid);
update_query("mod_fraudrecord",$update,$where);
}
else
{
$insert = array(
'ID_CLIENT' => $clientid,
"query_value"=>$query_value,
"query_time" => time(),
);
insert_query("mod_fraudrecord",$insert);
}
}
}
$status = "successquery";
}
}
if(empty($action) || $action == "list")
{
$action = 'list';
$display = 'list';
if(isset($_POST['search_frc_button']) && !empty($_POST['search_frc_text']))
{
$search = $_POST['search_frc_text'];
}
// get perpage from general config
$result = mysql_query("
SELECT value
FROM tblconfiguration
WHERE setting = 'NumRecordstoDisplay'");
$perpage = mysql_fetch_assoc($result);
mysql_free_result($result);
$perpage = $perpage['value'];
if(!ctype_digit($perpage) || empty($perpage))
$perpage = 50;
// navigation pages for list
$page = (int) $_REQUEST['page'];
if(empty($page) || $page < 1)
$page = 1;
// get client count
$result = mysql_query("
SELECT COUNT(id) as client_count
FROM tblclients".(
isset($search) ? "
WHERE
firstname LIKE '%".mysql_real_escape_string($search)."%'
OR lastname LIKE '%".mysql_real_escape_string($search)."%'
OR email LIKE '%".mysql_real_escape_string($search)."%'
" : ""
));
$clientcount = mysql_fetch_assoc($result);
mysql_free_result($result);
$clientcount = $clientcount['client_count'];
// get client list
$result = mysql_query("
SELECT id, firstname, lastname, email, address1, address2, phonenumber, cardnum, ip, datecreated
FROM tblclients
".(
isset($search) ? "
WHERE
firstname LIKE '%".mysql_real_escape_string($search)."%'
OR lastname LIKE '%".mysql_real_escape_string($search)."%'
OR email LIKE '%".mysql_real_escape_string($search)."%'
" : ""
)."
ORDER BY id DESC
LIMIT ".(($page-1)*$perpage).",".($perpage)."
");
$list = array();
while($row = mysql_fetch_assoc($result))
{
$list[$row['id']] = $row;
}
// get their fraud records
$result = mysql_query("
SELECT ID_CLIENT, report_value, report_time, query_value, query_time
FROM mod_fraudrecord
WHERE ID_CLIENT IN ('".implode("','", array_keys($list))."')
");
while($row = mysql_fetch_assoc($result))
{
if(empty($list[$row['ID_CLIENT']]['report_value']))
$list[$row['ID_CLIENT']]['report_value'] = 0;
$list[$row['ID_CLIENT']]['report_value'] += $row["report_value"];
$list[$row['ID_CLIENT']]['report_time'] += $row["report_time"];
if(!empty($row['query_value']))
{
$list[$row['ID_CLIENT']]['query_value'] = $row['query_value'];
$list[$row['ID_CLIENT']]['query_time'] = $row['query_time'];
}
}
}
$alert = frc_updatealert();
include(dirname(__FILE__)."/fraudrecord_template.php");
}
function frc_updatealert()
{
$result = mysql_query("SELECT report_data
FROM mod_fraudrecord WHERE ID_FRC = 1");
$row = mysql_fetch_assoc($result);
mysql_free_result($result);
if(empty($row))
mysql_query("INSERT INTO mod_fraudrecord (ID_FRC, ID_CLIENT) VALUES (1,0)");
$row = @unserialize(@base64_decode($row['report_data']));
if((isset($row['time']) && $row['time'] < time() - 86400/2) || !isset($row['time']))
{
// update
// define fields
$fields = array(
'_api' => $apicode,
);
//open connection
$ch = curl_init();
//set the url, number of POST vars, POST data
curl_setopt($ch,CURLOPT_URL,"https://www.fraudrecord.com/alerts.php");
curl_setopt($ch,CURLOPT_POST,count($fields));
curl_setopt($ch,CURLOPT_POSTFIELDS,$fields);
curl_setopt($ch,CURLOPT_RETURNTRANSFER,1);
curl_setopt($ch,CURLOPT_SSL_VERIFYPEER,0);
//execute post
$result = curl_exec($ch);
//close connection
curl_close($ch);
preg_match("~\<alert\>(.+)\</alert\>~",$result,$matches);
$matches = @unserialize(@base64_decode($matches[1]));
if(isset($matches['content']))
{
$alert = $matches;
$alert['time'] = time();
mysql_query("UPDATE mod_fraudrecord
SET report_data = '".mysql_real_escape_string(base64_encode(serialize($alert)))."'
WHERE ID_FRC = 1");
}
}
elseif(isset($row['time']))
{
$alert = array(
'type' => $row['type'],
'title' => $row['title'],
'content' => $row['content'],
'link' => $row['link'],
'linktext' => $row['linktext'],
);
}
if(!empty($alert))
return $alert;
else
return false;
}
function frc_get_client_details($clientid)
{
global $cc_encryption_hash;
$hash = md5($cc_encryption_hash.$clientid);
$clientid = (int) $clientid;
$result = mysql_query("SELECT firstname,lastname,email,phonenumber,address1,address2,city,state,ip,
cardnum, AES_DECRYPT(cardnum, '$hash') AS ccnumber
FROM tblclients WHERE id = $clientid");
$row = mysql_fetch_assoc($result);
mysql_free_result($result);
if(!empty($row))
{
// get regular data
$client = array(
'name' => $row['firstname']. ' '. $row['lastname'],
'email' => $row['email'],
'phonenumber' => $row['phonenumber'],
'address' => $row['address1'].' '.$row['address2'].' '.$row['city'].' '.$row['state'],
'ip' => $row['ip'],
);
// if there is a cc number
if(!empty($row['cardnum']))
$client['ccnumber'] = $row['ccnumber'];
// delete empty fields, e.g phone number
foreach($client as $k => $v)
{
if(empty($v))
unset($client[$k]);
}
return $client;
}
else
return false;
}
function prepare_value($val)
{
$value = strtolower(str_replace(" ","",trim($val)));
// gmail.com
if(strpos($value,"@gmail.com") !== false)
{
$email = substr($value,0,strrpos($value,"@gmail.com"));
if(strpos($value,"+") !== false)
$email = substr($value,0,strpos($value,"+"));
$value = str_replace(".","",$email)."@gmail.com";
}
return $value;
}
function fraudrecord_hash($value) {
for($i = 0; $i < 32000; $i++)
$value = sha1("fraudrecord-".$value);
return $value;
}
?>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment