sphere/initial_response.php

   1 <?php
   2
   3 /**
   4  * initial_response.php
   5  *
   6  * Special script to allow callback from Sphere to avoid cross origin breakage.
   7  * Csrf security is maintained.
   8  * Call to top.restoreSession() happens to ensure directed to correct session.
   9  *
  10  * @package   OpenEMR
  11  * @link      http://www.open-emr.org
  12  * @author    Brady Miller <brady.g.miller@gmail.com>
  13  * @copyright Copyright (c) 2021 Brady Miller <brady.g.miller@gmail.com>
  14  * @license   https://github.com/openemr/openemr/blob/master/LICENSE GNU General Public License 3
  15  */
  16
  17 if (!empty($_GET['revert'])) {
  18     // processing a void or credit (will go to process_revert_response.php)
  19     $cancel = '';
  20     $front = $_GET['front'];
  21     $csrf = $_GET['csrf_token'];
  22     $transaction = $_GET;
  23     $transaction['querystring'] = $_SERVER['QUERY_STRING'];
  24     $revert = 1;
  25 } elseif (!empty($_GET['cancel']) && ($_GET['cancel'] == 'cancel')) {
  26     // user cancelled the payment (will go to process_response.php)
  27     $cancel = 'cancel';
  28     $front = $_GET['front'];
  29     $patientIdCc = $_GET['patient_id_cc'];
  30     $csrf = $_GET['csrf_token'];
  31     $transaction['ticket'] = $_GET['ticket'];
  32     $revert = 0;
  33 } elseif (!empty($_GET['transaction'])) {
  34     // user submitted the payment (will go to process_response.php)
  35     $cancel = '';
  36     $transaction = $_GET['transaction'];
  37     $customFields = json_decode($transaction['transactioncustomfield'], true);
  38     $front = $customFields[1];
  39     $patientIdCc = $customFields[2];
  40     $csrf = $customFields[3];
  41     unset($transaction['transactioncustomfield']);
  42     $revert = 0;
  43 } else {
  44     exit;
  45 }
  46 ?>
  47
  48 <html>
  49     <head>
  50     </head>
  51     <body>
  52         <?php if ($revert === 1) { ?>
  53             <form id="myForm" method="post" onsubmit="return top.restoreSession()" action="process_revert_response.php?front=<?php echo htmlspecialchars(urlencode($front), ENT_QUOTES); ?>&csrf_token=<?php echo htmlspecialchars(urlencode($csrf), ENT_QUOTES); ?>">
  54         <?php } else { ?>
  55             <form id="myForm" method="post" onsubmit="return top.restoreSession()" action="process_response.php?front=<?php echo htmlspecialchars(urlencode($front), ENT_QUOTES); ?>&cancel=<?php echo htmlspecialchars(urlencode($cancel), ENT_QUOTES); ?>&patient_id_cc=<?php echo htmlspecialchars(urlencode($patientIdCc), ENT_QUOTES); ?>&csrf_token=<?php echo htmlspecialchars(urlencode($csrf), ENT_QUOTES); ?>">
  56         <?php } ?>
  57         <?php
  58         foreach ($transaction as $a => $b) {
  59             echo '<input type="hidden" name="' . htmlspecialchars($a, ENT_QUOTES) . '" value="' . htmlspecialchars($b, ENT_QUOTES) . '">';
  60         }
  61         ?>
  62         </form>
  63         <script>
  64             document.getElementById('myForm').submit();
  65         </script>
  66     </body>
  67 </html>