From 330227482dbb2b23dfd90430bb82f3c19058a4d6 Mon Sep 17 00:00:00 2001
From: Mohamed DAOUD <daoud.mouhamed@gmail.com>
Date: Sun, 28 Apr 2024 17:47:49 +0200
Subject: [PATCH] New: modify payment page display and returns when it is
 embedded into a website (#29442)

* remove header and footer

* Updates to integrate the payment system into website

* Update stripe.lang

* Update onlinepaymentlinks.tpl.php

---------

Co-authored-by: Laurent Destailleur <eldy@destailleur.fr>
---
 htdocs/core/tpl/onlinepaymentlinks.tpl.php |  4 +++
 htdocs/langs/en_US/stripe.lang             |  1 +
 htdocs/public/payment/newpayment.php       | 22 ++++++++++--
 htdocs/public/payment/paymentko.php        | 31 +++++++++++++---
 htdocs/public/payment/paymentok.php        | 41 ++++++++++++++++++----
 5 files changed, 84 insertions(+), 15 deletions(-)

diff --git a/htdocs/core/tpl/onlinepaymentlinks.tpl.php b/htdocs/core/tpl/onlinepaymentlinks.tpl.php
index f599ccd736b..59ef1023b2b 100644
--- a/htdocs/core/tpl/onlinepaymentlinks.tpl.php
+++ b/htdocs/core/tpl/onlinepaymentlinks.tpl.php
@@ -149,4 +149,8 @@ print dolJSToSetRandomPassword($constname);
 
 print info_admin($langs->trans("YouCanAddTagOnUrl"));
 
+if (isModEnabled('website')) {
+	print info_admin($langs->trans("YouCanEmbedOnWebsite"));
+}
+
 print '<!-- END PHP TEMPLATE ONLINEPAYMENTLINKS -->';
diff --git a/htdocs/langs/en_US/stripe.lang b/htdocs/langs/en_US/stripe.lang
index ac750a737fe..fa21b82986f 100644
--- a/htdocs/langs/en_US/stripe.lang
+++ b/htdocs/langs/en_US/stripe.lang
@@ -23,6 +23,7 @@ ToOfferALinkForOnlinePaymentOnFreeAmount=URL to offer a %s online payment page o
 ToOfferALinkForOnlinePaymentOnMemberSubscription=URL to offer a %s online payment page for a member subscription
 ToOfferALinkForOnlinePaymentOnDonation=URL to offer a %s online payment page for payment of a donation
 YouCanAddTagOnUrl=You can also add url parameter <b>&tag=<i>value</i></b> to any of those URL (mandatory only for payment not linked to an object) to add your own payment comment tag.<br>For the URL of payments with no existing object, you may also add the parameter <strong>&noidempotency=1</strong> so the same link with same tag can be used several times (some payment mode may limit the payment to 1 for each different link without this parameter)
+YouCanEmbedOnWebsite=If you want to integrate the payment page into a Dolibarr website, you can include the following parameters: <b>&isembed=1</b> and <b>&ws=website_ref</b>.<br>Additionally, two pages named <b>paymentok</b> and <b>paymentko</b> must be created in the website to receive the redirect after a successful of failed online payment. <br>Also, to embed the payment page without displaying the header and footer within the iframe, you can include the parameter <b>&noheaderfooter=1</b>
 SetupStripeToHavePaymentCreatedAutomatically=Setup your Stripe with url <b>%s</b> to have payment created automatically when validated by Stripe.
 AccountParameter=Account parameters
 UsageParameter=Usage parameters
diff --git a/htdocs/public/payment/newpayment.php b/htdocs/public/payment/newpayment.php
index 6723ca7c97f..5a79f6e3f22 100644
--- a/htdocs/public/payment/newpayment.php
+++ b/htdocs/public/payment/newpayment.php
@@ -96,6 +96,9 @@ if (!GETPOST("currency", 'alpha')) {
 }
 $source = GETPOST("s", 'aZ09') ? GETPOST("s", 'aZ09') : GETPOST("source", 'aZ09');
 $getpostlang = GETPOST('lang', 'aZ09');
+$noheaderfooter = GETPOSTINT("noheaderfooter");
+$isembed = GETPOSTINT("isembed");
+$ws = GETPOSTINT("ws");
 
 if (!$action) {
 	if (!GETPOST("amount", 'alpha') && !$source) {
@@ -214,6 +217,14 @@ if ($paymentmethod && !preg_match('/'.preg_quote('PM='.$paymentmethod, '/').'/',
 	$FULLTAG .= ($FULLTAG ? '.' : '').'PM='.$paymentmethod;
 }
 
+if ($isembed) {
+	$FULLTAG .= ($FULLTAG ? '.' : '').'EMB='.$isembed;
+}
+
+if ($ws) {
+	$FULLTAG .= ($FULLTAG ? '.' : '').'WS='.$ws;
+}
+
 if (!empty($suffix)) {
 	$urlok .= 'suffix='.urlencode($suffix).'&';
 	$urlko .= 'suffix='.urlencode($suffix).'&';
@@ -883,6 +894,9 @@ print '<input type="hidden" name="securekey" value="'.dol_escape_htmltag($SECURE
 print '<input type="hidden" name="e" value="'.$entity.'" />';
 print '<input type="hidden" name="forcesandbox" value="'.GETPOSTINT('forcesandbox').'" />';
 print '<input type="hidden" name="lang" value="'.$getpostlang.'">';
+print '<input type="hidden" name="ws" value="'.$ws.'">';
+print '<input type="hidden" name="isembed" value="'.$isembed.'">';
+print '<input type="hidden" name="noheaderfooter" value="'.$noheaderfooter.'">';
 print "\n";
 
 
@@ -909,7 +923,7 @@ if (!empty($logosmall) && is_readable($conf->mycompany->dir_output.'/logos/thumb
 }
 
 // Output html code for logo
-if ($urllogo) {
+if ($urllogo && !$noheaderfooter) {
 	print '<div class="backgreypublicpayment">';
 	print '<div class="logopublicpayment">';
 	print '<img id="dolpaymentlogo" src="'.$urllogo.'"';
@@ -919,7 +933,7 @@ if ($urllogo) {
 		print '<div class="poweredbypublicpayment opacitymedium right"><a class="poweredbyhref" href="https://www.dolibarr.org?utm_medium=website&utm_source=poweredby" target="dolibarr" rel="noopener">'.$langs->trans("PoweredBy").'<br><img class="poweredbyimg" src="'.DOL_URL_ROOT.'/theme/dolibarr_logo.svg" width="80px"></a></div>';
 	}
 	print '</div>';
-} elseif ($creditor) {
+} elseif ($creditor && !$noheaderfooter) {
 	print '<div class="backgreypublicpayment">';
 	print '<div class="logopublicpayment">';
 	print $creditor;
@@ -2709,7 +2723,9 @@ if (preg_match('/^dopayment/', $action)) {			// If we chose/clicked on the payme
 	}
 }
 
-htmlPrintOnlineFooter($mysoc, $langs, 1, $suffix, $object);
+if (!$noheaderfooter) {
+	htmlPrintOnlineFooter($mysoc, $langs, 1, $suffix, $object);
+}
 
 llxFooter('', 'public');
 
diff --git a/htdocs/public/payment/paymentko.php b/htdocs/public/payment/paymentko.php
index 46dbedbc533..95a6b66b1a9 100644
--- a/htdocs/public/payment/paymentko.php
+++ b/htdocs/public/payment/paymentko.php
@@ -96,6 +96,18 @@ if (empty($paymentmethod)) {
 	dol_syslog("paymentmethod=".$paymentmethod);
 }
 
+// Detect $isembed
+$isembed = preg_match('/EMB=([^\.]+)/', $FULLTAG, $reg_emb) ? $reg_emb[1] : 0;
+if ($isembed) {
+	dol_syslog("paymentko.php page is called into an iframe.", LOG_DEBUG, 0, '_payment');
+}
+
+// Detect $ws
+$ws = preg_match('/WS=([^\.]+)/', $FULLTAG, $reg_ws) ? $reg_ws[1] : 0;
+if ($ws) {
+	dol_syslog("Paymentko.php page is invoked from a website with ref ".$ws.". It performs actions and then redirects back to this website. A page with ref paymentko must be created for this website.", LOG_DEBUG, 0, '_payment');
+}
+
 
 $validpaymentmethod = array();
 if (isModEnabled('paypal')) {
@@ -130,8 +142,10 @@ $object = new stdClass(); // For triggers
  * View
  */
 
-// TODO check if we have redirtodomain to do.
-$doactionsthenrediret = 0;
+// Check if we have redirtodomain to do.
+if ($ws) {
+	$doactionsthenrediret = 1;
+}
 
 
 dol_syslog("Callback url when an online payment is refused or canceled. query_string=".(empty($_SERVER["QUERY_STRING"]) ? '' : $_SERVER["QUERY_STRING"])." script_uri=".(empty($_SERVER["SCRIPT_URI"]) ? '' : $_SERVER["SCRIPT_URI"]), LOG_DEBUG, 0, '_payment');
@@ -304,7 +318,14 @@ $db->close();
 
 
 // If option to do a redirect somewhere else is defined.
-if (empty($doactionsthenrediret)) {
-	// Do the redirect to an error page
-	// TODO
+if (!empty($doactionsthenrediret)) {
+	// Redirect to an error page
+	// Paymentko page must be created for the specific website
+	$ext_urlko = DOL_URL_ROOT.'/public/website/index.php?website='.$ws.'&pageref=paymentko&fulltag='.$FULLTAG;
+	if (!empty($isembed)) {
+		print "<script>window.top.location.href = \"". $ext_urlko ."\";</script>";
+	} else {
+		header("Location: ".$ext_urlko);
+		exit;
+	}
 }
diff --git a/htdocs/public/payment/paymentok.php b/htdocs/public/payment/paymentok.php
index 29f6fcbc76b..33c582a122b 100644
--- a/htdocs/public/payment/paymentok.php
+++ b/htdocs/public/payment/paymentok.php
@@ -128,6 +128,17 @@ if (empty($paymentmethod)) {
 
 dol_syslog("***** paymentok.php is called paymentmethod=".$paymentmethod." FULLTAG=".$FULLTAG." REQUEST_URI=".$_SERVER["REQUEST_URI"], LOG_DEBUG, 0, '_payment');
 
+// Detect $isembed
+$isembed = preg_match('/EMB=([^\.]+)/', $FULLTAG, $reg_emb) ? $reg_emb[1] : 0;
+if ($isembed) {
+	dol_syslog("paymentok.php page is called into an iframe.", LOG_DEBUG, 0, '_payment');
+}
+
+// Detect $ws
+$ws = preg_match('/WS=([^\.]+)/', $FULLTAG, $reg_ws) ? $reg_ws[1] : 0;
+if ($ws) {
+	dol_syslog("Paymentok.php page is invoked from a website with ref ".$ws.". It performs actions and then redirects back to this website. A page with ref paymentok must be created for this website.", LOG_DEBUG, 0, '_payment');
+}
 
 $validpaymentmethod = array();
 if (isModEnabled('paypal')) {
@@ -162,8 +173,10 @@ $error = 0;
  * Actions and view
  */
 
-// TODO check if we have redirtodomain to do.
-$doactionsthenrediret = 0;
+// Check if we have redirtodomain to do.
+if ($ws) {
+	$doactionsthenrediret = 1;
+}
 
 
 $now = dol_now();
@@ -2063,12 +2076,26 @@ $db->close();
 
 
 // If option to do a redirect somewhere else.
-if (empty($doactionsthenrediret)) {
+if (!empty($doactionsthenrediret)) {
 	if ($ispaymentok) {
-		// Do the redirect to a success page
-		// TODO
+		// Redirect to a success page
+		// Paymentok page must be created for the specific website
+		$ext_urlok = DOL_URL_ROOT.'/public/website/index.php?website='.$ws.'&pageref=paymentok&fulltag='.$FULLTAG;
+		if (!empty($isembed)) {
+			print "<script>window.top.location.href = \"". $ext_urlok ."\";</script>";
+		} else {
+			header("Location: ".$ext_urlok);
+			exit;
+		}
 	} else {
-		// Do the redirect to an error page
-		// TODO
+		// Redirect to an error page
+		// Paymentko page must be created for the specific website
+		$ext_urlko = DOL_URL_ROOT.'/public/website/index.php?website='.$ws.'&pageref=paymentko&fulltag='.$FULLTAG;
+		if (!empty($isembed)) {
+			print "<script>window.top.location.href = \"". $ext_urlko ."\";</script>";
+		} else {
+			header("Location: ".$ext_urlko);
+			exit;
+		}
 	}
 }