newpayment.php

Go to the documentation of this file.

<?php
/* Copyright (C) 2001-2002  Rodolphe Quiedeville  <rodolphe@quiedeville.org>
 * Copyright (C) 2006-2017  Laurent Destailleur   <eldy@users.sourceforge.net>
 * Copyright (C) 2009-2012  Regis Houssin     <regis.houssin@inodbox.com>
 * Copyright (C) 2018     Juanjo Menent     <jmenent@2byte.es>
 * Copyright (C) 2018-2021  Thibault FOUCART      <support@ptibogxiv.net>
 * Copyright (C) 2021   Waël Almoman        <info@almoman.com>
 * Copyright (C) 2021   Dorian Vabre      <dorian.vabre@gmail.com>
 * Copyright (C) 2024       Frédéric France         <frederic.france@free.fr>
 * Copyright (C) 2024-2025  MDW           <mdeweerd@users.noreply.github.com>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <https://www.gnu.org/licenses/>.
 *
 * For Paypal test: https://developer.paypal.com/
 * For Paybox test: ???
 * For Stripe test: Use credit card 4242424242424242 .More example on https://stripe.com/docs/testing
 *
 * Variants:
 * - When option STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION is on, we use the new PaymentIntent API
 * - When option STRIPE_USE_NEW_CHECKOUT is on, we use the new checkout API
 * - If no option set, we use old APIS (charge)
 */
 
if (!defined('NOLOGIN')) {
  define("NOLOGIN", 1); // This means this output page does not require to be logged.
}
if (!defined('NOCSRFCHECK')) {
  define("NOCSRFCHECK", 1); // We accept to go on this page from external web site.
}
if (!defined('NOIPCHECK')) {
  define('NOIPCHECK', '1'); // Do not check IP defined into conf $dolibarr_main_restrict_ip
}
if (!defined('NOBROWSERNOTIF')) {
  define('NOBROWSERNOTIF', '1');
}
 
if (!defined('XFRAMEOPTIONS_ALLOWALL')) {
  define('XFRAMEOPTIONS_ALLOWALL', '1');
}
 
// For MultiCompany module.
// Do not use GETPOST here, function is not defined and get of entity must be done before including main.inc.php
// Because 2 entities can have the same ref.
$entity = (!empty($_GET['entity']) ? (int) $_GET['entity'] : (!empty($_POST['entity']) ? (int) $_POST['entity'] : (!empty($_GET['e']) ? (int) $_GET['e'] : (!empty($_POST['e']) ? (int) $_POST['e'] : 1))));
if (is_numeric($entity)) {
  define("DOLENTITY", $entity);
}
 
// Load Dolibarr environment
require '../../main.inc.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/company.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/files.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/payments.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/functions2.lib.php';
require_once DOL_DOCUMENT_ROOT.'/core/lib/security2.lib.php';
require_once DOL_DOCUMENT_ROOT.'/eventorganization/class/conferenceorboothattendee.class.php';
require_once DOL_DOCUMENT_ROOT.'/product/class/product.class.php';
require_once DOL_DOCUMENT_ROOT.'/societe/class/societeaccount.class.php';
require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
require_once DOL_DOCUMENT_ROOT.'/projet/class/project.class.php';
 
// Load translation files
$langs->loadLangs(array("main", "other", "dict", "bills", "companies", "errors", "paybox", "paypal", "stripe")); // File with generic data
 
// Hook to be used by external payment modules (ie Payzen, ...)
$hookmanager = new HookManager($db);
$hookmanager->initHooks(array('newpayment'));
 
 
// Security check
// No check on module enabled. Done later according to $validpaymentmethod
 
$action = GETPOST('action', 'aZ09');
 
// Input are:
// type ('invoice','order','contractline'),
// id (object id),
// amount (required if id is empty),
// tag (a free text, required if type is empty)
// currency (iso code)
 
$suffix = GETPOST("suffix", 'aZ09');
$amount = price2num(GETPOST("amount", 'alpha'));
if (!GETPOST("currency", 'alpha')) {
  $currency = $conf->currency;
} else {
  $currency = GETPOST("currency", 'aZ09');
}
$source = GETPOST("s", 'aZ09') ? GETPOST("s", 'aZ09') : GETPOST("source", 'aZ09');
$getpostlang = GETPOST('lang', 'aZ09');
$ws = GETPOST("ws", "aZ09"); // Website reference where the newpayment page is embedded or from where the newpayment page is called
 
if (!$action) {
  if (!GETPOST("amount", 'alpha') && !$source) {
    print $langs->trans('ErrorBadParameters')." - amount or source";
    exit;
  }
  if (is_numeric($amount) && !GETPOST("tag", 'alpha') && !$source) {
    print $langs->trans('ErrorBadParameters')." - tag or source";
    exit;
  }
  if ($source && !GETPOST("ref", 'alpha')) {
    print $langs->trans('ErrorBadParameters')." - ref";
    exit;
  }
}
 
 
$thirdparty = null; // Init for static analysis
$stripecu = null; // Init for static analysis
$paymentintent = null; // Init for static analysis
 
// Load data required later for actions and view
 
if ($source == 'organizedeventregistration') {    // Test on permission not required here (anonymous action protected by mitigation of /public/... urls)
  // Finding the Attendee
  $attendee = new ConferenceOrBoothAttendee($db);
 
  $invoiceid = GETPOSTINT('ref');
  $invoice = new Facture($db);
 
  $resultinvoice = $invoice->fetch($invoiceid);
 
  if ($resultinvoice <= 0) {
    setEventMessages(null, $invoice->errors, "errors");
  } else {
    /*
    $attendeeid = 0;
 
    $invoice->fetchObjectLinked();
    $linkedAttendees = $invoice->linkedObjectsIds['conferenceorboothattendee'];
 
    if (is_array($linkedAttendees)) {
      $linkedAttendees = array_values($linkedAttendees);
      $attendeeid = $linkedAttendees[0];
    }*/
    $sql = "SELECT rowid FROM ".MAIN_DB_PREFIX."eventorganization_conferenceorboothattendee";
    $sql .= " WHERE fk_invoice = ".((int) $invoiceid);
    $attendeeid = 0;
    $resql = $db->query($sql);
    if ($resql) {
      $obj = $db->fetch_object($resql);
      if ($obj) {
        $attendeeid = $obj->rowid;
      }
    }
 
    if ($attendeeid > 0) {
      $resultattendee = $attendee->fetch($attendeeid);
 
      if ($resultattendee <= 0) {
        setEventMessages(null, $attendee->errors, "errors");
      } else {
        $attendee->fetch_projet();
 
        $amount = price2num($invoice->total_ttc);
        // Finding the associated thirdparty
        $thirdparty = new Societe($db);
        $resultthirdparty = $thirdparty->fetch($invoice->socid);
        if ($resultthirdparty <= 0) {
          setEventMessages(null, $thirdparty->errors, "errors");
        }
        $object = $thirdparty;
      }
    }
  }
} elseif ($source == 'boothlocation') {     // Test on permission not required here (anonymous action protected by mitigation of /public/... urls)
  // Getting the amount to pay, the invoice, finding the thirdparty
  $invoiceid = GETPOSTINT('ref');
  $invoice = new Facture($db);
  $resultinvoice = $invoice->fetch($invoiceid);
  if ($resultinvoice <= 0) {
    setEventMessages(null, $invoice->errors, "errors");
  } else {
    $amount = price2num($invoice->total_ttc);
    // Finding the associated thirdparty
    $thirdparty = new Societe($db);
    $resultthirdparty = $thirdparty->fetch($invoice->socid);
    if ($resultthirdparty <= 0) {
      setEventMessages(null, $thirdparty->errors, "errors");
    }
    $object = $thirdparty;
  }
}
 
 
$paymentmethod = GETPOST('paymentmethod', 'alphanohtml') ? GETPOST('paymentmethod', 'alphanohtml') : ''; // Empty in most cases. Defined when a payment mode is forced
$validpaymentmethod = array();
 
// Detect $paymentmethod
foreach ($_POST as $key => $val) {
  $reg = array();
  if (preg_match('/^dopayment_(.*)$/', $key, $reg)) {
    $paymentmethod = $reg[1];
    break;
  }
}
 
// Complete urls for post treatment
$ref = $REF = GETPOST('ref', 'alpha');
$TAG = GETPOST("tag", 'alpha');
$FULLTAG = GETPOST("fulltag", 'alpha'); // fulltag is tag with more information
$SECUREKEY = GETPOST("securekey"); // Secure key
$PAYPAL_API_OK = "";
$PAYPAL_API_KO = "";
$PAYPAL_API_SANDBOX = "";
$PAYPAL_API_USER = "";
$PAYPAL_API_PASSWORD = "";
$PAYPAL_API_SIGNATURE = "";
 
$reg = array();
if (empty($ws) && preg_match('/WS=([^=&]+)/', $FULLTAG, $reg)) {
  $ws = $reg[1];
}
 
// Define $urlwithroot
//$urlwithouturlroot=preg_replace('/'.preg_quote(DOL_URL_ROOT,'/').'$/i','',trim($dolibarr_main_url_root));
//$urlwithroot=$urlwithouturlroot.DOL_URL_ROOT;   // This is to use external domain name found into config file
$urlwithroot = DOL_MAIN_URL_ROOT; // This is to use same domain name than current. For Paypal payment, we can use internal URL like localhost.
 
$urlok = $urlwithroot.'/public/payment/paymentok.php?';
$urlko = $urlwithroot.'/public/payment/paymentko.php?';
 
if ($ws && !defined('USEDOLIBARRSERVER') && !defined('USEDOLIBARREDITOR')) {  // So defined('USEEXTERNALSERVER') should be set but is not always
  if (!empty($_SERVER["HTTP_X_FORWARDED_HOST"])) {
    // Page is called after a proxy
    $tmphosts = explode(',', $_SERVER["HTTP_X_FORWARDED_HOST"]);
    $tmphosts = array_map('trim', $tmphosts);
    $lastproxy = end($tmphosts);
 
    include_once DOL_DOCUMENT_ROOT.'/website/class/website.class.php';
    $tmpwebsite = new Website($db);
    $tmpwebsite->fetch(0, $ws);
 
    if (preg_replace('/https?:\/\//i', '', $tmpwebsite->virtualhost) == $lastproxy) {
      // If the newpayment.php page was called from a proxy with same domain than the website virtual host, we must use this one as the redirect domain url.
      $urlok = $tmpwebsite->virtualhost.'/public/payment/paymentok.php?';
      $urlko = $tmpwebsite->virtualhost.'/public/payment/paymentko.php?';
    }
  }
}
 
if ($paymentmethod && !preg_match('/'.preg_quote('PM='.$paymentmethod, '/').'/', $FULLTAG)) {
  $FULLTAG .= ($FULLTAG ? '.' : '').'PM='.$paymentmethod;
}
 
if ($ws && !preg_match('/'.preg_quote('WS='.$ws, '/').'/', $FULLTAG)) {
  $FULLTAG .= ($FULLTAG ? '.' : '').'WS='.$ws;
}
 
if (!empty($suffix)) {
  $urlok .= 'suffix='.urlencode($suffix).'&';
  $urlko .= 'suffix='.urlencode($suffix).'&';
}
if ($source) {
  $urlok .= 's='.urlencode($source).'&';
  $urlko .= 's='.urlencode($source).'&';
}
if (!empty($REF)) {
  $urlok .= 'ref='.urlencode($REF).'&';
  $urlko .= 'ref='.urlencode($REF).'&';
}
if (!empty($TAG)) {
  $urlok .= 'tag='.urlencode($TAG).'&';
  $urlko .= 'tag='.urlencode($TAG).'&';
}
if (!empty($FULLTAG)) {
  $urlok .= 'fulltag='.urlencode($FULLTAG).'&';
  $urlko .= 'fulltag='.urlencode($FULLTAG).'&';
}
if (!empty($SECUREKEY)) {
  $urlok .= 'securekey='.urlencode($SECUREKEY).'&';
  $urlko .= 'securekey='.urlencode($SECUREKEY).'&';
}
if (!empty($entity)) {
  $urlok .= 'e='.urlencode((string) ($entity)).'&';
  $urlko .= 'e='.urlencode((string) ($entity)).'&';
}
if (!empty($getpostlang)) {
  $urlok .= 'lang='.urlencode($getpostlang).'&';
  $urlko .= 'lang='.urlencode($getpostlang).'&';
}
$urlok = preg_replace('/&$/', '', $urlok); // Remove last &
$urlko = preg_replace('/&$/', '', $urlko); // Remove last &
 
 
// Make special controls
 
// From paypal.lib - reused across 'if' bodies
'
@phan-var-force string $PAYPAL_API_SANDBOX
@phan-var-force string $PAYPAL_API_OK
@phan-var-force string $PAYPAL_API_KO
';
 
if ((empty($paymentmethod) || $paymentmethod == 'paypal') && isModEnabled('paypal')) {
  global $PAYPAL_API_SANDBOX, $PAYPAL_API_OK, $PAYPAL_API_KO, $PAYPAL_API_USER, $PAYPAL_API_PASSWORD, $PAYPAL_API_SIGNATURE;
  require_once DOL_DOCUMENT_ROOT.'/paypal/lib/paypal.lib.php';
  require_once DOL_DOCUMENT_ROOT.'/paypal/lib/paypalfunctions.lib.php';
 
 
  // Check parameters
  $PAYPAL_API_OK = "";
  if ($urlok) {
    $PAYPAL_API_OK = $urlok;
  }
  $PAYPAL_API_KO = "";
  if ($urlko) {
    $PAYPAL_API_KO = $urlko;
  }
  if (empty($PAYPAL_API_USER)) {
    print 'Paypal parameter PAYPAL_API_USER is not defined. Please <a href="'.DOL_URL_ROOT.'/paypal/admin/paypal.php">complete the setup of module PayPal first</a>.';
    exit;
  }
  if (empty($PAYPAL_API_PASSWORD)) {
    print 'Paypal parameter PAYPAL_API_PASSWORD is not defined. Please <a href="'.DOL_URL_ROOT.'/paypal/admin/paypal.php">complete the setup of module PayPal first</a>.';
    exit;
  }
  if (empty($PAYPAL_API_SIGNATURE)) {
    print 'Paypal parameter PAYPAL_API_SIGNATURE is not defined. Please <a href="'.DOL_URL_ROOT.'/paypal/admin/paypal.php">complete the setup of module PayPal first</a>.';
    exit;
  }
}
//if ((empty($paymentmethod) || $paymentmethod == 'paybox') && isModEnabled('paybox')) {
// No specific test for the moment
//}
if ((empty($paymentmethod) || $paymentmethod == 'stripe') && isModEnabled('stripe')) {
  require_once DOL_DOCUMENT_ROOT.'/stripe/config.php'; // This include also /stripe/lib/stripe.lib.php, /includes/stripe/stripe-php/init.php, ...
}
 
// Initialize $validpaymentmethod
// The list can be complete by the hook 'doValidatePayment' executed inside getValidOnlinePaymentMethods()
$validpaymentmethod = getValidOnlinePaymentMethods($paymentmethod);
 
// Check security token
$tmpsource = $source;
if ($tmpsource == 'membersubscription') {
  $tmpsource = 'member';
}
$valid = true;
if (getDolGlobalString('PAYMENT_SECURITY_TOKEN')) {
  $tokenisok = false;
  if (getDolGlobalString('PAYMENT_SECURITY_TOKEN_UNIQUE')) {
    if ($tmpsource && $REF) {
      // Use the source in the hash to avoid duplicates if the references are identical
      $tokenisok = dol_verifyHash(getDolGlobalString('PAYMENT_SECURITY_TOKEN') . $tmpsource.$REF, $SECUREKEY, '2');
      // Do a second test for retro-compatibility (token may have been hashed with membersubscription in external module)
      if ($tmpsource != $source) {
        $tokenisok = dol_verifyHash(getDolGlobalString('PAYMENT_SECURITY_TOKEN') . $source.$REF, $SECUREKEY, '2');
      }
    } else {
      $tokenisok = dol_verifyHash(getDolGlobalString('PAYMENT_SECURITY_TOKEN'), $SECUREKEY, '2');
    }
  } else {
    $tokenisok = (getDolGlobalString('PAYMENT_SECURITY_TOKEN') == $SECUREKEY);
  }
 
  if (! $tokenisok) {
    if (!getDolGlobalString('PAYMENT_SECURITY_ACCEPT_ANY_TOKEN')) {
      $valid = false; // PAYMENT_SECURITY_ACCEPT_ANY_TOKEN is for backward compatibility
    } else {
      dol_syslog("Warning: PAYMENT_SECURITY_ACCEPT_ANY_TOKEN is on", LOG_WARNING);
      dol_syslog("Warning: PAYMENT_SECURITY_ACCEPT_ANY_TOKEN is on", LOG_WARNING, 0, '_payment');
    }
  }
 
  if (!$valid) {
    print '<div class="error">Bad value for key.</div>';
    //print 'SECUREKEY='.$SECUREKEY.' valid='.$valid;
    exit;
  }
}
 
if (!empty($paymentmethod) && empty($validpaymentmethod[$paymentmethod])) {
  print 'Payment module for payment method '.$paymentmethod.' is not active';
  exit;
}
if (empty($validpaymentmethod)) {
  print 'No active payment module (Paypal, Stripe, Paybox, ...)';
  exit;
}
 
// Common variables
$creditor = $mysoc->name;
$paramcreditor = 'ONLINE_PAYMENT_CREDITOR';
$paramcreditorlong = 'ONLINE_PAYMENT_CREDITOR_'.$suffix;
if (getDolGlobalString($paramcreditorlong)) {
  $creditor = getDolGlobalString($paramcreditorlong); // use label long of the seller to show
} elseif (getDolGlobalString($paramcreditor)) {
  $creditor = getDolGlobalString($paramcreditor);   // use label short of the seller to show
}
 
$mesg = '';
 
 
/*
 * Actions
 */
 
// First log into the dolibarr_payment.log file
dol_syslog("--- newpayment.php action=".$action." paymentmethod=".$paymentmethod.' amount='.$amount.' newamount='.GETPOST("newamount", 'alpha'), LOG_DEBUG, 0, '_payment');
 
dol_syslog("fulltag=".GETPOST("fulltag", 'alpha')." ws=".$ws." urlok=".$urlok, LOG_DEBUG, 0, '_payment');
 
// Action dopayment is called after clicking/choosing the payment mode
if ($action == 'dopayment') { // Test on permission not required here (anonymous action protected by mitigation of /public/... urls)
  if ($paymentmethod == 'paypal') {
    $PAYPAL_API_PRICE = price2num(GETPOST("newamount", 'alpha'), 'MT');
    $PAYPAL_PAYMENT_TYPE = 'Sale';
 
    // Vars that are used as global var later in print_paypal_redirect()
    $origfulltag = GETPOST("fulltag", 'alpha');
    $shipToName = GETPOST("shipToName", 'alpha');
    $shipToStreet = GETPOST("shipToStreet", 'alpha');
    $shipToCity = GETPOST("shipToCity", 'alpha');
    $shipToState = GETPOST("shipToState", 'alpha');
    $shipToCountryCode = GETPOST("shipToCountryCode", 'alpha');
    $shipToZip = GETPOST("shipToZip", 'alpha');
    $shipToStreet2 = GETPOST("shipToStreet2", 'alpha');
    $phoneNum = GETPOST("phoneNum", 'alpha');
    $email = GETPOST("email", 'alpha');
    $desc = GETPOST("desc", 'alpha');
    $thirdparty_id = GETPOSTINT('thirdparty_id');
 
    // Special case for Paypal-Indonesia
    if ($shipToCountryCode == 'ID' && !preg_match('/\-/', $shipToState)) {
      $shipToState = 'ID-'.$shipToState;
    }
 
    if (empty($PAYPAL_API_PRICE) || !is_numeric($PAYPAL_API_PRICE)) {
      $mesg = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Amount"));
      $action = '';
      // } elseif (empty($EMAIL)) { $mesg=$langs->trans("ErrorFieldRequired",$langs->transnoentitiesnoconv("YourEMail"));
      // } elseif (! isValidEmail($EMAIL)) { $mesg=$langs->trans("ErrorBadEMail",$EMAIL);
    } elseif (!$origfulltag) {
      $mesg = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("PaymentCode"));
      $action = '';
    }
 
    if (empty($mesg)) {
      dol_syslog("newpayment.php call paypal api and do redirect", LOG_DEBUG);
      dol_syslog("newpayment.php call paypal api and do redirect", LOG_DEBUG, 0, '_payment');
 
      // Other
      $PAYPAL_API_DEVISE = "USD";
      if (!empty($currency)) {
        $PAYPAL_API_DEVISE = $currency;
      }
 
      // Show var initialized by inclusion of paypal lib at start of this file
      dol_syslog("Submit Paypal form", LOG_DEBUG);
      dol_syslog("Submit Paypal form", LOG_DEBUG, 0, '_payment');
 
      dol_syslog("PAYPAL_API_USER: $PAYPAL_API_USER", LOG_DEBUG, 0, '_payment');
      dol_syslog("PAYPAL_API_PASSWORD: ".preg_replace('/./', '*', $PAYPAL_API_PASSWORD), LOG_DEBUG, 0, '_payment'); // No password into log files
      dol_syslog("PAYPAL_API_SIGNATURE: $PAYPAL_API_SIGNATURE", LOG_DEBUG, 0, '_payment');
      dol_syslog("PAYPAL_API_SANDBOX: $PAYPAL_API_SANDBOX", LOG_DEBUG, 0, '_payment');
      dol_syslog("PAYPAL_API_OK: $PAYPAL_API_OK", LOG_DEBUG, 0, '_payment');
      dol_syslog("PAYPAL_API_KO: $PAYPAL_API_KO", LOG_DEBUG, 0, '_payment');
      dol_syslog("PAYPAL_API_PRICE: $PAYPAL_API_PRICE", LOG_DEBUG, 0, '_payment');
      dol_syslog("PAYPAL_API_DEVISE: $PAYPAL_API_DEVISE", LOG_DEBUG, 0, '_payment');
      // All those fields may be empty when making a payment for a free amount for example
      dol_syslog("shipToName: $shipToName", LOG_DEBUG, 0, '_payment');
      dol_syslog("shipToStreet: $shipToStreet", LOG_DEBUG, 0, '_payment');
      dol_syslog("shipToCity: $shipToCity", LOG_DEBUG, 0, '_payment');
      dol_syslog("shipToState: $shipToState", LOG_DEBUG, 0, '_payment');
      dol_syslog("shipToCountryCode: $shipToCountryCode", LOG_DEBUG, 0, '_payment');
      dol_syslog("shipToZip: $shipToZip", LOG_DEBUG, 0, '_payment');
      dol_syslog("shipToStreet2: $shipToStreet2", LOG_DEBUG, 0, '_payment');
      dol_syslog("phoneNum: $phoneNum", LOG_DEBUG, 0, '_payment');
      dol_syslog("email: $email", LOG_DEBUG, 0, '_payment');
      dol_syslog("desc: $desc", LOG_DEBUG, 0, '_payment');
 
      dol_syslog("SCRIPT_URI: ".(empty($_SERVER["SCRIPT_URI"]) ? '' : $_SERVER["SCRIPT_URI"]), LOG_DEBUG, 0, '_payment'); // If defined script uri must match domain of PAYPAL_API_OK and PAYPAL_API_KO
 
      // A redirect is added if API call successful
      $mesg = print_paypal_redirect((float) $PAYPAL_API_PRICE, $PAYPAL_API_DEVISE, $PAYPAL_PAYMENT_TYPE, $PAYPAL_API_OK, $PAYPAL_API_KO, $FULLTAG);
 
      // If we are here, it means the Paypal redirect was not done, so we show error message
      $action = '';
    }
  }
 
  if ($paymentmethod == 'paybox') {
    $PRICE = price2num(GETPOST("newamount"), 'MT');
    $email = getDolGlobalString('ONLINE_PAYMENT_SENDEMAIL');
    $thirdparty_id = GETPOSTINT('thirdparty_id');
 
    $origfulltag = GETPOST("fulltag", 'alpha');
 
    // Securekey into back url useless for back url and we need an url lower than 150.
    $urlok = preg_replace('/securekey=[^&]+&?/', '', $urlok);
    $urlko = preg_replace('/securekey=[^&]+&?/', '', $urlko);
 
    if (empty($PRICE) || !is_numeric($PRICE)) {
      $mesg = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Amount"));
    } elseif (empty($email)) {
      $mesg = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("ONLINE_PAYMENT_SENDEMAIL"));
    } elseif (!isValidEmail($email)) {
      $mesg = $langs->trans("ErrorBadEMail", $email);
    } elseif (!$origfulltag) {
      $mesg = $langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("PaymentCode"));
    } elseif (dol_strlen($urlok) > 150) {
      $mesg = 'Error urlok too long '.$urlok.' (Paybox requires 150, found '.strlen($urlok).')';
    } elseif (dol_strlen($urlko) > 150) {
      $mesg = 'Error urlko too long '.$urlko.' (Paybox requires 150, found '.strlen($urlok).')';
    }
 
    if (empty($mesg)) {
      dol_syslog("newpayment.php call paybox api and do redirect", LOG_DEBUG, 0, '_payment');
 
      include_once DOL_DOCUMENT_ROOT.'/paybox/lib/paybox.lib.php';
      print_paybox_redirect((float) $PRICE, $conf->currency, $email, $urlok, $urlko, $FULLTAG);
 
      session_destroy();
      exit;
    }
  }
 
  if ($paymentmethod == 'stripe') {
    if (GETPOST('newamount', 'alpha')) {
      $amount = price2num(GETPOST('newamount', 'alpha'), 'MT');
    } else {
      setEventMessages($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("Amount")), null, 'errors');
      $action = '';
    }
  }
}
 
 
// Called when choosing Stripe mode.
// When using the old Charge API architecture, this code is called after clicking the 'dopayment' with the Charge API architecture.
// When using the PaymentIntent API architecture, the Stripe customer was already created when creating PaymentIntent when showing payment page, and the payment is already ok when action=charge.
if ($action == 'charge' && isModEnabled('stripe')) {  // Test on permission not required here (anonymous action protected by mitigation of /public/... urls)
  $amountstripe = (float) $amount;
 
  // Correct the amount according to unit of currency
  // See https://support.stripe.com/questions/which-zero-decimal-currencies-does-stripe-support
  $arrayzerounitcurrency = array('BIF', 'CLP', 'DJF', 'GNF', 'JPY', 'KMF', 'KRW', 'MGA', 'PYG', 'RWF', 'VND', 'VUV', 'XAF', 'XOF', 'XPF');
  if (!in_array($currency, $arrayzerounitcurrency)) {
    $amountstripe *= 100;
  }
 
  dol_syslog("newpayment.php execute action = ".$action." STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION=".getDolGlobalInt('STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION'), LOG_DEBUG, 0, '_payment');
  dol_syslog("GET=".var_export($_GET, true), LOG_DEBUG, 0, '_payment');
  dol_syslog("POST=".var_export($_POST, true), LOG_DEBUG, 0, '_payment');
 
  $stripeToken = GETPOST("stripeToken", 'alpha');
  $email = GETPOST("email", 'alpha');
  $thirdparty_id = GETPOSTINT('thirdparty_id'); // Note that for payment following online registration for members, this is empty because thirdparty is created once payment is confirmed by paymentok.php
  $dol_type = (GETPOST('s', 'alpha') ? GETPOST('s', 'alpha') : GETPOST('source', 'alpha'));
  $dol_id = GETPOSTINT('dol_id');
  $vatnumber = GETPOST('vatnumber', 'alpha');
  $savesource = GETPOSTISSET('savesource') ? GETPOSTINT('savesource') : 1;
 
  dol_syslog("POST stripeToken = ".$stripeToken, LOG_DEBUG, 0, '_payment');
  dol_syslog("POST email = ".$email, LOG_DEBUG, 0, '_payment');
  dol_syslog("POST thirdparty_id = ".$thirdparty_id, LOG_DEBUG, 0, '_payment');
  dol_syslog("POST vatnumber = ".$vatnumber, LOG_DEBUG, 0, '_payment');
 
  $error = 0;
  $errormessage = '';
  $stripeacc = null;
 
  // When using the old Charge API architecture
  if (!getDolGlobalInt('STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION')) {
    try {
      $metadata = array(
        'dol_version' => DOL_VERSION,
        'dol_entity'  => $conf->entity,
        'dol_company' => $mysoc->name, // Useful when using multicompany
        'dol_tax_num' => $vatnumber,
        'ipaddress' => getUserRemoteIP()
      );
 
      if (!empty($thirdparty_id)) {
        $metadata["dol_thirdparty_id"] = $thirdparty_id;
      }
 
      if ($thirdparty_id > 0) {
        dol_syslog("Search existing Stripe customer profile for thirdparty_id=".$thirdparty_id, LOG_DEBUG, 0, '_payment');
 
        $service = 'StripeTest';
        $servicestatus = 0;
        if (getDolGlobalString('STRIPE_LIVE')/* && !GETPOSTINT('forcesandbox') */) {
          $service = 'StripeLive';
          $servicestatus = 1;
        }
 
        $thirdparty = new Societe($db);
        $thirdparty->fetch($thirdparty_id);
 
        // Create Stripe customer
        include_once DOL_DOCUMENT_ROOT.'/stripe/class/stripe.class.php';
        $stripe = new Stripe($db);
        $stripeacc = $stripe->getStripeAccount($service);
        $customer = $stripe->customerStripe($thirdparty, $stripeacc, $servicestatus, 1);
        if (empty($customer)) {
          $error++;
          dol_syslog('Failed to get/create stripe customer for thirdparty id = '.$thirdparty_id.' and servicestatus = '.$servicestatus.': '.$stripe->error, LOG_ERR, 0, '_payment');
          setEventMessages('Failed to get/create stripe customer for thirdparty id = '.$thirdparty_id.' and servicestatus = '.$servicestatus.': '.$stripe->error, null, 'errors');
          $action = '';
        }
 
        // Create Stripe card from Token
        if (!$error) {
          if ($savesource) {
            $card = $customer->sources->create(array("source" => $stripeToken, "metadata" => $metadata));
          } else {
            $card = $stripeToken;
          }
 
          if (empty($card)) {
            $error++;
            dol_syslog('Failed to create card record', LOG_WARNING, 0, '_payment');
            setEventMessages('Failed to create card record', null, 'errors');
            $action = '';
          } else {
            if (!empty($FULLTAG)) {
              $metadata["FULLTAG"] = $FULLTAG;
            }
            if (!empty($dol_id)) {
              $metadata["dol_id"] = $dol_id;
            }
            if (!empty($dol_type)) {
              $metadata["dol_type"] = $dol_type;
            }
 
            dol_syslog("Create charge on card ".$card->id, LOG_DEBUG, 0, '_payment');
            $charge = \Stripe\Charge::create(array(
              'amount'   => price2num($amountstripe, 'MU'),
              'currency' => $currency,
              'capture'  => true, // Charge immediately
              'description' => 'Stripe payment: '.$FULLTAG.' ref='.$ref,
              'metadata' => $metadata,
              'customer' => $customer->id,
              'source' => $card,
              'statement_descriptor_suffix' => dol_trunc($FULLTAG, 10, 'right', 'UTF-8', 1), // 22 chars that appears on bank receipt (company + description)
            ), array("idempotency_key" => "$FULLTAG", "stripe_account" => "$stripeacc"));
            // Return $charge = array('id'=>'ch_XXXX', 'status'=>'succeeded|pending|failed', 'failure_code'=>, 'failure_message'=>...)
            if (empty($charge)) {
              $error++;
              dol_syslog('Failed to charge card', LOG_WARNING, 0, '_payment');
              setEventMessages('Failed to charge card', null, 'errors');
              $action = '';
            }
          }
        }
      } else {
        $vatcleaned = $vatnumber ? $vatnumber : null;
 
        /*$taxinfo = array('type'=>'vat');
        if ($vatcleaned)
        {
          $taxinfo["tax_id"] = $vatcleaned;
        }
        // We force data to "null" if not defined as expected by Stripe
        if (empty($vatcleaned)) $taxinfo=null;
        */
 
        dol_syslog("Create anonymous customer card profile", LOG_DEBUG, 0, '_payment');
 
        $customer = \Stripe\Customer::create(array(
          'email' => $email,
          'description' => ($email ? 'Anonymous customer for '.$email : 'Anonymous customer'),
          'metadata' => $metadata,
          'source'  => $stripeToken           // source can be a token OR array('object'=>'card', 'exp_month'=>xx, 'exp_year'=>xxxx, 'number'=>xxxxxxx, 'cvc'=>xxx, 'name'=>'Cardholder's full name', zip ?)
        ));
        // Return $customer = array('id'=>'cus_XXXX', ...)
 
        // Create the VAT record in Stripe
        /* We don't know country of customer, so we can't create tax
        if (getDolGlobalString('STRIPE_SAVE_TAX_IDS')) {  // We setup to save Tax info on Stripe side. Warning: This may result in error when saving customer
          if (!empty($vatcleaned))
          {
            $isineec=isInEEC($object);
            if ($object->country_code && $isineec)
            {
              //$taxids = $customer->allTaxIds($customer->id);
              $customer->createTaxId($customer->id, array('type'=>'eu_vat', 'value'=>$vatcleaned));
            }
          }
        }*/
 
        if (!empty($FULLTAG)) {
          $metadata["FULLTAG"] = $FULLTAG;
        }
        if (!empty($dol_id)) {
          $metadata["dol_id"] = $dol_id;
        }
        if (!empty($dol_type)) {
          $metadata["dol_type"] = $dol_type;
        }
 
        // The customer was just created with a source, so we can make a charge
        // with no card defined, the source just used for customer creation will be used.
        dol_syslog("Create charge", LOG_DEBUG, 0, '_payment');
        $charge = \Stripe\Charge::create(array(
          'customer' => $customer->id,
          'amount'   => price2num($amountstripe, 'MU'),
          'currency' => $currency,
          'capture'  => true, // Charge immediately
          'description' => 'Stripe payment: '.$FULLTAG.' ref='.$ref,
          'metadata' => $metadata,
          'statement_descriptor' => dol_trunc($FULLTAG, 10, 'right', 'UTF-8', 1), // 22 chars that appears on bank receipt (company + description)
        ), array("idempotency_key" => (string) $FULLTAG, "stripe_account" => (string) $stripeacc));
        // Return $charge = array('id'=>'ch_XXXX', 'status'=>'succeeded|pending|failed', 'failure_code'=>, 'failure_message'=>...)
        if (empty($charge)) {
          $error++;
          dol_syslog('Failed to charge card', LOG_WARNING, 0, '_payment');
          setEventMessages('Failed to charge card', null, 'errors');
          $action = '';
        }
      }
    } catch (\Stripe\Exception\CardException $e) {
      // Since it's a decline, \Stripe\Exception\Card will be caught
      $body = $e->getJsonBody();
      $err  = $body['error'];
 
      print('Status is:'.$e->getHttpStatus()."\n");
      print('Type is:'.$err['type']."\n");
      print('Code is:'.$err['code']."\n");
      // param is '' in this case
      print('Param is:'.$err['param']."\n");
      print('Message is:'.$err['message']."\n");
 
      $error++;
      $errormessage = "ErrorCard ".$e->getMessage()." err=".var_export($err, true);
      dol_syslog($errormessage, LOG_WARNING, 0, '_payment');
      setEventMessages($e->getMessage(), null, 'errors');
      $action = '';
    } catch (\Stripe\Exception\RateLimitException $e) {
      // Too many requests made to the API too quickly
      $error++;
      $errormessage = "ErrorRateLimit ".$e->getMessage();
      dol_syslog($errormessage, LOG_WARNING, 0, '_payment');
      setEventMessages($e->getMessage(), null, 'errors');
      $action = '';
    } catch (\Stripe\Exception\InvalidRequestException $e) {
      // Invalid parameters were supplied to Stripe's API
      $error++;
      $errormessage = "ErrorInvalidRequest ".$e->getMessage();
      dol_syslog($errormessage, LOG_WARNING, 0, '_payment');
      setEventMessages($e->getMessage(), null, 'errors');
      $action = '';
    } catch (\Stripe\Exception\AuthenticationException $e) {
      // Authentication with Stripe's API failed
      // (maybe you changed API keys recently)
      $error++;
      $errormessage = "ErrorAuthentication ".$e->getMessage();
      dol_syslog($errormessage, LOG_WARNING, 0, '_payment');
      setEventMessages($e->getMessage(), null, 'errors');
      $action = '';
    } catch (\Stripe\Exception\ApiConnectionException $e) {
      // Network communication with Stripe failed
      $error++;
      $errormessage = "ErrorApiConnection ".$e->getMessage();
      dol_syslog($errormessage, LOG_WARNING, 0, '_payment');
      setEventMessages($e->getMessage(), null, 'errors');
      $action = '';
    } catch (\Stripe\Exception\ExceptionInterface $e) {
      // Display a very generic error to the user, and maybe send
      // yourself an email
      $error++;
      $errormessage = "ErrorBase ".$e->getMessage();
      dol_syslog($errormessage, LOG_WARNING, 0, '_payment');
      setEventMessages($e->getMessage(), null, 'errors');
      $action = '';
    } catch (Exception $e) {
      // Something else happened, completely unrelated to Stripe
      $error++;
      $errormessage = "ErrorException ".$e->getMessage();
      dol_syslog($errormessage, LOG_WARNING, 0, '_payment');
      setEventMessages($e->getMessage(), null, 'errors');
      $action = '';
    }
 
    if ($error) {
      $randomseckey = getRandomPassword(true, null, 20);    // TODO Generate a key including fulltag to avoid forging URL.
      $_SESSION['paymentkosessioncode'] = $randomseckey;    // key between newpayment.php to paymentko.php
 
      $urlko .= '&paymentkosessioncode='.urlencode($randomseckey);
    } else {
      $randomseckey = getRandomPassword(true, null, 20);    // TODO Generate a key including fulltag to avoid forging URL.
      $_SESSION['paymentoksessioncode'] = $randomseckey;    // key between newpayment.php to paymentok.php
 
      $urlok .= '&paymentoksessioncode='.urlencode($randomseckey);
    }
  }
 
  // When using the PaymentIntent API architecture (mode set on by default into conf.class.php)
  if (getDolGlobalInt('STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION')) {
    $service = 'StripeTest';
    $servicestatus = 0;
    if (getDolGlobalString('STRIPE_LIVE')/* && !GETPOSTINT('forcesandbox') */) {
      $service = 'StripeLive';
      $servicestatus = 1;
    }
    include_once DOL_DOCUMENT_ROOT.'/stripe/class/stripe.class.php';
    $stripe = new Stripe($db);
    $stripeacc = $stripe->getStripeAccount($service);
 
    // We go here if getDolGlobalString('STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION') is set.
    // In such a case, payment is always ok when we call the "charge" action.
    $paymentintent_id = GETPOST("paymentintent_id", "alpha");
 
    // Force to use the correct API key
    global $stripearrayofkeysbyenv;
    \Stripe\Stripe::setApiKey($stripearrayofkeysbyenv[$servicestatus]['secret_key']);
 
    try {
      if (empty($stripeacc)) {        // If the Stripe connect account not set, we use common API usage
        $paymentintent = \Stripe\PaymentIntent::retrieve($paymentintent_id);
      } else {
        $paymentintent = \Stripe\PaymentIntent::retrieve($paymentintent_id, array("stripe_account" => $stripeacc));
      }
    } catch (Exception $e) {
      $error++;
      $errormessage = "CantRetrievePaymentIntent ".$e->getMessage();
      dol_syslog($errormessage, LOG_WARNING, 0, '_payment');
      setEventMessages($e->getMessage(), null, 'errors');
      $action = '';
    }
 
    if ($paymentintent->status != 'succeeded') {
      $error++;
      $errormessage = "StatusOfRetrievedIntent is not succeeded: ".$paymentintent->status;
      dol_syslog($errormessage, LOG_WARNING, 0, '_payment');
      setEventMessages($paymentintent->status, null, 'errors');
      $action = '';
 
      $randomseckey = getRandomPassword(true, null, 20);    // TODO Generate a key including fulltag to avoid forging URL.
      $_SESSION['paymentkosessioncode'] = $randomseckey;    // key between newpayment.php to paymentko.php
 
      $urlko .= '&paymentkosessioncode='.urlencode($randomseckey);
    } else {
      // We can also record the payment mode into llx_societe_rib with stripe $paymentintent->payment_method
      // Note that with other old Stripe architecture (using Charge API), the payment mode was not recorded, so it is not mandatory to do it here.
      // dol_syslog("Create payment_method for ".$paymentintent->payment_method, LOG_DEBUG, 0, '_payment');
 
      // Get here amount and currency used for payment and force value into $amount and $currency so the real amount is saved into session instead
      // of the amount and currency retrieved from the POST.
      $amount = $paymentintent->amount;
      $currency = '';
 
      if (!empty($paymentintent->currency)) {
        $currency = strtoupper($paymentintent->currency);
 
        // Correct the amount according to unit of currency
        // See https://support.stripe.com/questions/which-zero-decimal-currencies-does-stripe-support
        $arrayzerounitcurrency = array('BIF', 'CLP', 'DJF', 'GNF', 'JPY', 'KMF', 'KRW', 'MGA', 'PYG', 'RWF', 'VND', 'VUV', 'XAF', 'XOF', 'XPF');
        if (!in_array($currency, $arrayzerounitcurrency)) {
          $amount /= 100;
        }
      }
 
      dol_syslog("StatusOfRetrievedIntent is succeeded for amount = ".$amount." currency = ".$currency, LOG_DEBUG, 0, '_payment');
 
      $randomseckey = getRandomPassword(true, null, 20);    // TODO Generate a key including fulltag to avoid forging URL.
      $_SESSION['paymentoksessioncode'] = $randomseckey;    // key between newpayment.php to paymentok.php
 
      $urlok .= '&paymentoksessioncode='.urlencode($randomseckey);
    }
  }
 
 
  $remoteip = getUserRemoteIP();
 
  $_SESSION["onlinetoken"] = $stripeToken;
  $_SESSION["FinalPaymentAmt"] = $amount;     // amount really paid (coming from Stripe). Will be used for check in paymentok.php.
  $_SESSION["currencyCodeType"] = $currency;    // currency really used for payment (coming from Stripe). Will be used for check in paymentok.php.
  $_SESSION["paymentType"] = '';
  $_SESSION['ipaddress'] = ($remoteip ? $remoteip : 'unknown'); // Payer ip
  $_SESSION['payerID'] = is_object($customer) ? $customer->id : '';
  $_SESSION['TRANSACTIONID'] = (is_object($charge) ? $charge->id : (is_object($paymentintent) ? $paymentintent->id : ''));
  $_SESSION['errormessage'] = $errormessage;
 
  dol_syslog("Action charge stripe STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION=".getDolGlobalInt('STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION')." ip=".$remoteip, LOG_DEBUG, 0, '_payment');
  dol_syslog("_SERVER[HTTP_X_FORWARDED_HOST] = ".(empty($_SERVER["HTTP_X_FORWARDED_HOST"]) ? '' : dol_escape_htmltag($_SERVER["HTTP_X_FORWARDED_HOST"])), LOG_DEBUG, 0, '_payment');
  dol_syslog("_SERVER[SERVER_NAME] = ".(empty($_SERVER["SERVER_NAME"]) ? '' : dol_escape_htmltag($_SERVER["SERVER_NAME"])), LOG_DEBUG, 0, '_payment');
  dol_syslog("_SERVER[SERVER_ADDR] = ".(empty($_SERVER["SERVER_ADDR"]) ? '' : dol_escape_htmltag($_SERVER["SERVER_ADDR"])), LOG_DEBUG, 0, '_payment');
  dol_syslog("session_id=".session_id(), LOG_DEBUG, 0, '_payment');
  dol_syslog("onlinetoken=".$_SESSION["onlinetoken"]." paymentoksessioncode=".$_SESSION["paymentoksessioncode"]." paymentkosessioncode=".$_SESSION["paymentkosessioncode"], LOG_DEBUG, 0, '_payment');
  dol_syslog("FinalPaymentAmt=".$_SESSION["FinalPaymentAmt"]." currencyCodeType=".$_SESSION["currencyCodeType"]." payerID=".$_SESSION['payerID']." TRANSACTIONID=".$_SESSION['TRANSACTIONID'], LOG_DEBUG, 0, '_payment');
  dol_syslog("FULLTAG=".$FULLTAG, LOG_DEBUG, 0, '_payment');
  dol_syslog("error=".$error." errormessage=".$errormessage, LOG_DEBUG, 0, '_payment');
  dol_syslog("Now call the redirect to paymentok or paymentko, URL = ".($error ? $urlko : $urlok), LOG_DEBUG, 0, '_payment');
 
  if ($error) {
    header("Location: ".$urlko);
    exit;
  } else {
    header("Location: ".$urlok);
    exit;
  }
}
 
// This hook is used to push to $validpaymentmethod by external payment modules (ie Payzen, ...)
$parameters = array(
  'paymentmethod' => $paymentmethod,
  'validpaymentmethod' => &$validpaymentmethod
);
$reshook = $hookmanager->executeHooks('doPayment', $parameters, $object, $action);
if ($reshook < 0) {
  setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
} elseif ($reshook > 0) {
  print $hookmanager->resPrint;
}
 
 
 
/*
 * View
 */
 
$form = new Form($db);
 
$head = '';
if (getDolGlobalString('ONLINE_PAYMENT_CSS_URL')) {
  $head = '<link rel="stylesheet" type="text/css" href="' . getDolGlobalString('ONLINE_PAYMENT_CSS_URL').'?lang='.(!empty($getpostlang) ? $getpostlang : $langs->defaultlang).'">'."\n";
}
 
$conf->dol_hide_topmenu = 1;
$conf->dol_hide_leftmenu = 1;
 
$replacemainarea = (empty($conf->dol_hide_leftmenu) ? '<div>' : '').'<div>';
llxHeader($head, $langs->trans("PaymentForm"), '', '', 0, 0, '', '', '', 'onlinepaymentbody', $replacemainarea);
 
dol_syslog("newpayment.php show page source=".$source." paymentmethod=".$paymentmethod.' amount='.$amount.' newamount='.GETPOST("newamount", 'alpha')." ref=".$ref, LOG_DEBUG, 0, '_payment');
dol_syslog("_SERVER[HTTP_X_FORWARDED_HOST] = ".(empty($_SERVER["HTTP_X_FORWARDED_HOST"]) ? '' : dol_escape_htmltag($_SERVER["HTTP_X_FORWARDED_HOST"])), LOG_DEBUG, 0, '_payment');
dol_syslog("_SERVER[SERVER_NAME] = ".(empty($_SERVER["SERVER_NAME"]) ? '' : dol_escape_htmltag($_SERVER["SERVER_NAME"])), LOG_DEBUG, 0, '_payment');
dol_syslog("_SERVER[SERVER_ADDR] = ".(empty($_SERVER["SERVER_ADDR"]) ? '' : dol_escape_htmltag($_SERVER["SERVER_ADDR"])), LOG_DEBUG, 0, '_payment');
dol_syslog("session_id=".session_id(), LOG_DEBUG, 0, '_payment');
 
// Check link validity
if ($source && in_array($ref, array('member_ref', 'contractline_ref', 'invoice_ref', 'order_ref', 'donation_ref', ''))) {
  $langs->load("errors");
  dol_print_error_email('BADREFINPAYMENTFORM', $langs->trans("ErrorBadLinkSourceSetButBadValueForRef", $source, $ref));
  // End of page
  llxFooter();
  $db->close();
  exit;
}
 
 
// Show sandbox warning
if ((empty($paymentmethod) || $paymentmethod == 'paypal') && isModEnabled('paypal') && (getDolGlobalString('PAYPAL_API_SANDBOX')/* || GETPOSTINT('forcesandbox')*/)) {    // We can force sand box with param 'forcesandbox'
  dol_htmloutput_mesg($langs->trans('YouAreCurrentlyInSandboxMode', 'Paypal'), array(), 'warning');
}
if ((empty($paymentmethod) || $paymentmethod == 'stripe') && isModEnabled('stripe') && (!getDolGlobalString('STRIPE_LIVE')/* || GETPOSTINT('forcesandbox')*/)) {
  dol_htmloutput_mesg($langs->trans('YouAreCurrentlyInSandboxMode', 'Stripe'), array(), 'warning');
}
 
 
print '<span id="dolpaymentspan"></span>'."\n";
print '<div class="center">'."\n";
print '<form id="dolpaymentform" class="center" name="paymentform" action="'.$_SERVER["PHP_SELF"].'" method="POST">'."\n";
print '<input type="hidden" name="token" value="'.newToken().'">'."\n";
print '<input type="hidden" name="action" value="dopayment">'."\n";
print '<input type="hidden" name="tag" value="'.GETPOST("tag", 'alpha').'">'."\n";
print '<input type="hidden" name="suffix" value="'.dol_escape_htmltag($suffix).'">'."\n";
print '<input type="hidden" name="securekey" value="'.dol_escape_htmltag($SECUREKEY).'">'."\n";
print '<input type="hidden" name="e" value="'.$entity.'" />';
//print '<input type="hidden" name="forcesandbox" value="'.GETPOSTINT('forcesandbox').'" />';
print '<input type="hidden" name="lang" value="'.$getpostlang.'">';
print '<input type="hidden" name="ws" value="'.$ws.'">';
print "\n";
 
 
// Show logo (search order: logo defined by PAYMENT_LOGO_suffix, then PAYMENT_LOGO, then small company logo, large company logo, theme logo, common logo)
// Define logo and logosmall
$logosmall = $mysoc->logo_small;
$logo = $mysoc->logo;
$paramlogo = 'ONLINE_PAYMENT_LOGO_'.$suffix;
if (getDolGlobalString($paramlogo)) {
  $logosmall = getDolGlobalString($paramlogo);
} elseif (getDolGlobalString('ONLINE_PAYMENT_LOGO')) {
  $logosmall = getDolGlobalString('ONLINE_PAYMENT_LOGO');
}
//print '<!-- Show logo (logosmall='.$logosmall.' logo='.$logo.') -->'."\n";
// Define urllogo
$urllogo = '';
$urllogofull = '';
if (!empty($logosmall) && is_readable($conf->mycompany->dir_output.'/logos/thumbs/'.$logosmall)) {
  $urllogo = DOL_URL_ROOT.'/viewimage.php?modulepart=mycompany&amp;entity='.$conf->entity.'&amp;file='.urlencode('logos/thumbs/'.$logosmall);
  $urllogofull = $dolibarr_main_url_root.'/viewimage.php?modulepart=mycompany&entity='.$conf->entity.'&file='.urlencode('logos/thumbs/'.$logosmall);
} elseif (!empty($logo) && is_readable($conf->mycompany->dir_output.'/logos/'.$logo)) {
  $urllogo = DOL_URL_ROOT.'/viewimage.php?modulepart=mycompany&amp;entity='.$conf->entity.'&amp;file='.urlencode('logos/'.$logo);
  $urllogofull = $dolibarr_main_url_root.'/viewimage.php?modulepart=mycompany&entity='.$conf->entity.'&file='.urlencode('logos/'.$logo);
}
 
// Output html code for logo
if ($ws) {
  // Look for a personalized header file (htmlheaderpayment.html) if the payment system is called from a website
  $filehtmlheader = dol_sanitizePathName(DOL_DATA_ROOT . ($conf->entity > 1 ? '/' . $conf->entity : '') . '/website/' . $ws . '/htmlheaderpayment.html');
  if (dol_is_file($filehtmlheader)) {
    print file_get_contents(dol_osencode($filehtmlheader));
  }
}
 
if ($urllogo && !$ws) {
  print '<div class="backgreypublicpayment">';
  print '<div class="logopublicpayment">';
  print '<img id="dolpaymentlogo" src="'.$urllogo.'"';
  print '>';
  print '</div>';
  if (!getDolGlobalString('MAIN_HIDE_POWERED_BY')) {
    print '<div class="poweredbypublicpayment opacitymedium right"><a class="poweredbyhref" href="https://www.dolibarr.org?utm_medium=website&utm_source=poweredby" target="dolibarr" rel="noopener">'.$langs->trans("PoweredBy").'<br><img class="poweredbyimg" src="'.DOL_URL_ROOT.'/theme/dolibarr_logo.svg" width="80px"></a></div>';
  }
  print '</div>';
} elseif ($creditor && !$ws) {
  print '<div class="backgreypublicpayment">';
  print '<div class="logopublicpayment">';
  print $creditor;
  print '</div>';
  print '</div>';
}
if (getDolGlobalString('MAIN_IMAGE_PUBLIC_PAYMENT')) {
  print '<div class="backimagepublicpayment">';
  print '<img id="idMAIN_IMAGE_PUBLIC_PAYMENT" src="'.getDolGlobalString('MAIN_IMAGE_PUBLIC_PAYMENT').'">';
  print '</div>';
}
 
 
 
 
print '<!-- Form to send a payment -->'."\n";
print '<!-- creditor = '.dol_escape_htmltag((string) $creditor).' -->'."\n";
// Additional information for each payment system
if (isModEnabled('paypal')) {
  print '<!-- PAYPAL_API_SANDBOX = '.getDolGlobalString('PAYPAL_API_SANDBOX').' -->'."\n";
  print '<!-- PAYPAL_API_INTEGRAL_OR_PAYPALONLY = '.getDolGlobalString('PAYPAL_API_INTEGRAL_OR_PAYPALONLY').' -->'."\n";
}
if (isModEnabled('paybox')) {
  print '<!-- PAYBOX_CGI_URL = '.getDolGlobalString('PAYBOX_CGI_URL_V2').' -->'."\n";
}
if (isModEnabled('stripe')) {
  print '<!-- STRIPE_LIVE = '.getDolGlobalString('STRIPE_LIVE').' -->'."\n";
  print '<!-- STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION = '.getDolGlobalString('STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION').' -->'."\n";
}
print '<!-- urlok = '.$urlok.' -->'."\n";
print '<!-- urlko = '.$urlko.' -->'."\n";
print "\n";
 
// Section with payment informationsummary
print '<table id="dolpublictable" summary="Payment form" class="center">'."\n";
 
// Output introduction text
$text = '';
if (getDolGlobalString('PAYMENT_NEWFORM_TEXT')) {
  $langs->load("members");
  $reg = array();
  if (preg_match('/^\‍((.*)\‍)$/', getDolGlobalString('PAYMENT_NEWFORM_TEXT'), $reg)) {
    $text .= $langs->trans($reg[1])."<br>\n";
  } else {
    $text .= getDolGlobalString('PAYMENT_NEWFORM_TEXT') . "<br>\n";
  }
  $text = '<tr><td align="center"><br>'.$text.'<br></td></tr>'."\n";
}
if (empty($text)) {
  $text .= '<tr><td class="textpublicpayment"><br><strong>'.$langs->trans("WelcomeOnPaymentPage").'</strong></td></tr>'."\n";
  $text .= '<tr><td class="textpublicpayment"><span class="opacitymedium">'.$langs->trans("ThisScreenAllowsYouToPay", (string) $creditor).'</span><br><br></td></tr>'."\n";
}
print $text;
 
// Output payment summary form
print '<tr><td align="center">';  // class=center does not have the payment button centered so we keep align here.
print '<table class="centpercent left" id="tablepublicpayment">';
print '<tr class="hideonsmartphone"><td colspan="2" align="left" class="opacitymedium">'.$langs->trans("ThisIsInformationOnPayment").' :</td></tr>'."\n";
 
$found = false;
$error = 0;
 
$object = null;
$tag = null;
$fulltag = null;
 
 
// Free payment
if (!$source) {
  $found = true;
  $tag = GETPOST("tag", 'alpha');
  if (GETPOST('fulltag', 'alpha')) {
    $fulltag = GETPOST('fulltag', 'alpha');
  } else {
    $fulltag = "TAG=".$tag;
  }
 
  // Creditor
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Creditor");
  print '</td><td class="CTableRow2">';
  print img_picto('', 'company', 'class="pictofixedwidth"');
  print '<b>'.$creditor.'</b>';
  print '<input type="hidden" name="creditor" value="'.$creditor.'">';
  print '</td></tr>'."\n";
 
  // Amount
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Amount");
  if (empty($amount)) {
    print ' ('.$langs->trans("ToComplete").')';
  }
  print '</td><td class="CTableRow2">';
  if (empty($amount) || !is_numeric($amount)) {
    print '<input type="hidden" name="amount" value="'.price2num(GETPOST("amount", 'alpha'), 'MT').'">';
    print '<input class="flat maxwidth75" type="text" name="newamount" value="'.price2num(GETPOST("newamount", "alpha"), 'MT').'">';
    // Currency
    print ' <b>'.$langs->trans("Currency".$currency).'</b>';
  } else {
    print '<b class="amount">'.price($amount, 1, $langs, 1, -1, -1, $currency).'</b>';  // Price with currency
    print '<input type="hidden" name="amount" value="'.$amount.'">';
    print '<input type="hidden" name="newamount" value="'.$amount.'">';
  }
  print '<input type="hidden" name="currency" value="'.$currency.'">';
  print '</td></tr>'."\n";
 
  // Tag
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("PaymentCode");
  print '</td><td class="CTableRow2"><b style="word-break: break-all;">'.$fulltag.'</b>';
  print '<input type="hidden" name="tag" value="'.$tag.'">';
  print '<input type="hidden" name="fulltag" value="'.$fulltag.'">';
  print '</td></tr>'."\n";
 
  // We do not add fields shipToName, shipToStreet, shipToCity, shipToState, shipToCountryCode, shipToZip, shipToStreet2, phoneNum
  // as they don't exists (buyer is unknown, tag is free).
}
 
 
// Payment on a Sale Order
if ($source == 'order') {
  $found = true;
  $langs->load("orders");
 
  require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';
 
  $order = new Commande($db);
  $result = $order->fetch(0, $ref);
  if ($result <= 0) {
    $mesg = $order->error;
    $error++;
  } else {
    $result = $order->fetch_thirdparty($order->socid);
  }
  $object = $order;
 
  if ($action != 'dopayment') { // Do not change amount if we just click on first dopayment
    $amount = $order->total_ttc;
    if (GETPOST("amount", 'alpha')) {
      $amount = GETPOST("amount", 'alpha');
    }
    $amount = price2num($amount);
  }
 
  $tag = '';
  if (GETPOST('fulltag', 'alpha')) {
    $fulltag = GETPOST('fulltag', 'alpha');
  } else {
    $fulltag = 'ORD='.$order->id.'.CUS='.$order->thirdparty->id;
    if (!empty($TAG)) {
      $tag = $TAG;
      $fulltag .= '.TAG='.$TAG;
    }
  }
  $fulltag = dol_string_unaccent($fulltag);
 
  // Creditor
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Creditor");
  print '</td><td class="CTableRow2"';
  print ' title="'.dolPrintHTMLForAttribute($langs->transnoentitiesnoconv("Country").'='.$mysoc->country_code.' - '.$langs->transnoentitiesnoconv("VATIntra").'='.$mysoc->tva_intra).'"';
  print '>';
  print img_picto('', 'company', 'class="pictofixedwidth"');
  print '<b>'.$creditor.'</b>';
  print '<input type="hidden" name="creditor" value="'.$creditor.'">';
  print '</td></tr>'."\n";
 
  // Debitor
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("ThirdParty");
  print '</td><td class="CTableRow2"';
  print ' title="'.dolPrintHTMLForAttribute($langs->transnoentitiesnoconv("Country").'='.$order->thirdparty->country_code.' - '.$langs->transnoentitiesnoconv("VATIntra").'='.$order->thirdparty->tva_intra).'"';
  print '>';
  print img_picto('', 'company', 'class="pictofixedwidth"');
  print '<b>'.$order->thirdparty->name.'</b>';
  print '</td></tr>'."\n";
 
  // Object
  $text = '<b>'.$langs->trans("PaymentOrderRef", $order->ref).'</b>';
  if (GETPOST('desc', 'alpha')) {
    $text = '<b>'.$langs->trans(GETPOST('desc', 'alpha')).'</b>';
  }
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Designation");
  print '</td><td class="CTableRow2">'.$text;
  print '<input type="hidden" name="s" value="'.dol_escape_htmltag($source).'">';
  print '<input type="hidden" name="ref" value="'.dol_escape_htmltag($order->ref).'">';
  print '<input type="hidden" name="dol_id" value="'.dol_escape_htmltag((string) $order->id).'">';
  $directdownloadlink = $order->getLastMainDocLink('commande');
  if ($directdownloadlink) {
    print '<br><a href="'.$directdownloadlink.'" rel="nofollow noopener">';
    print img_mime($order->last_main_doc, '');
    print $langs->trans("DownloadDocument").'</a>';
  }
  print '</td></tr>'."\n";
 
  // Amount
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Amount");
  if (empty($amount)) {
    print ' ('.$langs->trans("ToComplete").')';
  }
  print '</td><td class="CTableRow2">';
  if (empty($amount) || !is_numeric($amount)) {
    print '<input type="hidden" name="amount" value="'.price2num(GETPOST("amount", 'alpha'), 'MT').'">';
    print '<input class="flat maxwidth75" type="text" name="newamount" value="'.price2num(GETPOST("newamount", "alpha"), 'MT').'">';
    // Currency
    print ' <b>'.$langs->trans("Currency".$currency).'</b>';
  } else {
    print '<b class="amount">'.price($amount, 1, $langs, 1, -1, -1, $currency).'</b>';  // Price with currency
    print '<input type="hidden" name="amount" value="'.$amount.'">';
    print '<input type="hidden" name="newamount" value="'.$amount.'">';
  }
  print '<input type="hidden" name="currency" value="'.$currency.'">';
  print '</td></tr>'."\n";
 
  // Tag
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("PaymentCode");
  print '</td><td class="CTableRow2"><b style="word-break: break-all;">'.$fulltag.'</b>';
  print '<input type="hidden" name="tag" value="'.dol_escape_htmltag($tag).'">';
  print '<input type="hidden" name="fulltag" value="'.dol_escape_htmltag($fulltag).'">';
  print '</td></tr>'."\n";
 
  // Shipping address
  $shipToName = $order->thirdparty->name;
  $shipToStreet = $order->thirdparty->address;
  $shipToCity = $order->thirdparty->town;
  $shipToState = $order->thirdparty->state_code;
  $shipToCountryCode = $order->thirdparty->country_code;
  $shipToZip = $order->thirdparty->zip;
  $shipToStreet2 = '';
  $phoneNum = $order->thirdparty->phone;
  if ($shipToName && $shipToStreet && $shipToCity && $shipToCountryCode && $shipToZip) {
    print '<input type="hidden" name="shipToName" value="'.dol_escape_htmltag($shipToName).'">'."\n";
    print '<input type="hidden" name="shipToStreet" value="'.dol_escape_htmltag($shipToStreet).'">'."\n";
    print '<input type="hidden" name="shipToCity" value="'.dol_escape_htmltag($shipToCity).'">'."\n";
    print '<input type="hidden" name="shipToState" value="'.dol_escape_htmltag($shipToState).'">'."\n";
    print '<input type="hidden" name="shipToCountryCode" value="'.dol_escape_htmltag($shipToCountryCode).'">'."\n";
    print '<input type="hidden" name="shipToZip" value="'.dol_escape_htmltag($shipToZip).'">'."\n";
    print '<input type="hidden" name="shipToStreet2" value="'.dol_escape_htmltag($shipToStreet2).'">'."\n";
    print '<input type="hidden" name="phoneNum" value="'.dol_escape_htmltag($phoneNum).'">'."\n";
  } else {
    print '<!-- Shipping address not complete, so we don t use it -->'."\n";
  }
  if (is_object($order->thirdparty)) {
    print '<input type="hidden" name="thirdparty_id" value="'.$order->thirdparty->id.'">'."\n";
  }
  print '<input type="hidden" name="email" value="'.$order->thirdparty->email.'">'."\n";
  print '<input type="hidden" name="vatnumber" value="'.dol_escape_htmltag($order->thirdparty->tva_intra).'">'."\n";
  $labeldesc = $langs->trans("Order").' '.$order->ref;
  if (GETPOST('desc', 'alpha')) {
    $labeldesc = GETPOST('desc', 'alpha');
  }
  print '<input type="hidden" name="desc" value="'.dol_escape_htmltag($labeldesc).'">'."\n";
}
 
 
// Payment on a Customer Invoice
if ($source == 'invoice') {
  $found = true;
  $langs->load("bills");
  $form->load_cache_types_paiements();
 
  require_once DOL_DOCUMENT_ROOT.'/compta/facture/class/facture.class.php';
 
  $invoice = new Facture($db);
  $result = $invoice->fetch(0, $ref);
  if ($result <= 0) {
    $mesg = $invoice->error;
    $error++;
  } else {
    $result = $invoice->fetch_thirdparty($invoice->socid);
  }
  $object = $invoice;
 
  if ($action != 'dopayment') { // Do not change amount if we just click on first dopayment
    $amount = price2num($invoice->total_ttc - ($invoice->getSommePaiement() + $invoice->getSumCreditNotesUsed() + $invoice->getSumDepositsUsed()));
    if (GETPOST("amount", 'alpha')) {
      $amount = GETPOST("amount", 'alpha');
    }
    $amount = price2num($amount);
  }
 
  if (GETPOST('fulltag', 'alpha')) {
    $fulltag = GETPOST('fulltag', 'alpha');
  } else {
    $fulltag = 'INV='.$invoice->id.'.CUS='.$invoice->thirdparty->id;
    if (!empty($TAG)) {
      $tag = $TAG;
      $fulltag .= '.TAG='.$TAG;
    }
  }
  $fulltag = dol_string_unaccent($fulltag);
 
  // Creditor (seller)
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Creditor");
  print '</td><td class="CTableRow2"';
  print ' title="'.dolPrintHTMLForAttribute($langs->transnoentitiesnoconv("Country").'='.$mysoc->country_code.' - '.$langs->transnoentitiesnoconv("VATIntra").'='.$mysoc->tva_intra).'"';
  print '>';
  print img_picto('', 'company', 'class="pictofixedwidth"');
  print '<b>'.$creditor.'</b>';
  print '<input type="hidden" name="creditor" value="'.dol_escape_htmltag((string) $creditor).'">';
  print '</td></tr>'."\n";
 
  // Debitor (buyer)
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("ThirdParty");
  print '</td><td class="CTableRow2"';
  print ' title="'.dolPrintHTMLForAttribute($langs->transnoentitiesnoconv("Country").'='.$invoice->thirdparty->country_code.' - '.$langs->transnoentitiesnoconv("VATIntra").'='.$invoice->thirdparty->tva_intra).'"';
  print '>';
  print img_picto('', 'company', 'class="pictofixedwidth"');
  print '<b>'.$invoice->thirdparty->name.'</b>';
  print '</td></tr>'."\n";
 
  // Object
  $text = '<b>'.$langs->trans("PaymentInvoiceRef", $invoice->ref).'</b>';
  if (GETPOST('desc', 'alpha')) {
    $text = '<b>'.$langs->trans(GETPOST('desc', 'alpha')).'</b>';
  }
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Designation");
  print '</td><td class="CTableRow2">'.$text;
  print '<input type="hidden" name="s" value="'.dol_escape_htmltag($source).'">';
  print '<input type="hidden" name="ref" value="'.dol_escape_htmltag($invoice->ref).'">';
  print '<input type="hidden" name="dol_id" value="'.dol_escape_htmltag((string) $invoice->id).'">';
  $directdownloadlink = $invoice->getLastMainDocLink('facture');
  if ($directdownloadlink) {
    print '<br><a href="'.$directdownloadlink.'">';
    print img_mime($invoice->last_main_doc, '');
    print $langs->trans("DownloadDocument").'</a>';
  }
  print '</td></tr>'."\n";
 
  // Amount
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("PaymentAmount");
  if (empty($amount) && empty($object->paye)) {
    print ' ('.$langs->trans("ToComplete").')';
  }
  print '</td><td class="CTableRow2">';
  if ($object->type == $object::TYPE_CREDIT_NOTE) {
    print '<b>'.$langs->trans("CreditNote").'</b>';
  } elseif (empty($object->paye)) {
    if (empty($amount) || !is_numeric($amount)) {
      print '<input type="hidden" name="amount" value="'.price2num(GETPOST("amount", 'alpha'), 'MT').'">';
      print '<input class="flat maxwidth75" type="text" name="newamount" value="'.price2num(GETPOST("newamount", "alpha"), 'MT').'">';
      print ' <b>'.$langs->trans("Currency".$currency).'</b>';
    } else {
      print '<b class="amount">'.price($amount, 1, $langs, 1, -1, -1, $currency).'</b>';  // Price with currency
      print '<input type="hidden" name="amount" value="'.$amount.'">';
      print '<input type="hidden" name="newamount" value="'.$amount.'">';
    }
  } else {
    print '<b class="amount">'.price($object->total_ttc, 1, $langs, 1, -1, -1, $currency).'</b>'; // Price with currency
  }
  print '<input type="hidden" name="currency" value="'.$currency.'">';
  print '</td></tr>'."\n";
 
  // Tag
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("PaymentCode");
  print '</td><td class="CTableRow2"><b style="word-break: break-all;">'.$fulltag.'</b>';
  print '<input type="hidden" name="tag" value="'.(empty($tag) ? '' : $tag).'">';
  print '<input type="hidden" name="fulltag" value="'.$fulltag.'">';
  print '</td></tr>'."\n";
 
  // Add a warning if we try to pay an invoice set to be paid in credit transfer
  if ($invoice->status == $invoice::STATUS_VALIDATED && $invoice->mode_reglement_id > 0 && $form->cache_types_paiements[$invoice->mode_reglement_id]["code"] == "VIR") {
    print '<tr class="CTableRow2 center"><td class="CTableRow2" colspan="2">';
    print '<div class="warning maxwidth1000">';
    print $langs->trans("PayOfBankTransferInvoice");
    print '</div>';
    print '</td></tr>'."\n";
  }
 
  // Shipping address
  $shipToName = $invoice->thirdparty->name;
  $shipToStreet = $invoice->thirdparty->address;
  $shipToCity = $invoice->thirdparty->town;
  $shipToState = $invoice->thirdparty->state_code;
  $shipToCountryCode = $invoice->thirdparty->country_code;
  $shipToZip = $invoice->thirdparty->zip;
  $shipToStreet2 = '';
  $phoneNum = $invoice->thirdparty->phone;
  if ($shipToName && $shipToStreet && $shipToCity && $shipToCountryCode && $shipToZip) {
    print '<input type="hidden" name="shipToName" value="'.$shipToName.'">'."\n";
    print '<input type="hidden" name="shipToStreet" value="'.$shipToStreet.'">'."\n";
    print '<input type="hidden" name="shipToCity" value="'.$shipToCity.'">'."\n";
    print '<input type="hidden" name="shipToState" value="'.$shipToState.'">'."\n";
    print '<input type="hidden" name="shipToCountryCode" value="'.$shipToCountryCode.'">'."\n";
    print '<input type="hidden" name="shipToZip" value="'.$shipToZip.'">'."\n";
    print '<input type="hidden" name="shipToStreet2" value="'.$shipToStreet2.'">'."\n";
    print '<input type="hidden" name="phoneNum" value="'.$phoneNum.'">'."\n";
  } else {
    print '<!-- Shipping address not complete, so we don t use it -->'."\n";
  }
  if (is_object($invoice->thirdparty)) {
    print '<input type="hidden" name="thirdparty_id" value="'.$invoice->thirdparty->id.'">'."\n";
  }
  print '<input type="hidden" name="email" value="'.$invoice->thirdparty->email.'">'."\n";
  print '<input type="hidden" name="vatnumber" value="'.$invoice->thirdparty->tva_intra.'">'."\n";
  $labeldesc = $langs->trans("Invoice").' '.$invoice->ref;
  if (GETPOST('desc', 'alpha')) {
    $labeldesc = GETPOST('desc', 'alpha');
  }
  print '<input type="hidden" name="desc" value="'.dol_escape_htmltag($labeldesc).'">'."\n";
}
 
// Payment on a Contract line
if ($source == 'contractline') {
  $found = true;
  $langs->load("contracts");
 
  require_once DOL_DOCUMENT_ROOT.'/contrat/class/contrat.class.php';
 
  $contract = new Contrat($db);
  $contractline = new ContratLigne($db);
 
  $result = $contractline->fetch(0, $ref);
  if ($result <= 0) {
    $mesg = $contractline->error;
    $error++;
  } else {
    if ($contractline->fk_contrat > 0) {
      $result = $contract->fetch($contractline->fk_contrat);
      if ($result > 0) {
        $result = $contract->fetch_thirdparty($contract->socid);
      } else {
        $mesg = $contract->error;
        $error++;
      }
    } else {
      $mesg = 'ErrorRecordNotFound';
      $error++;
    }
  }
  $object = $contractline;
 
  if ($action != 'dopayment') { // Do not change amount if we just click on first dopayment
    $amount = $contractline->total_ttc;
 
    if ($contractline->fk_product && getDolGlobalString('PAYMENT_USE_NEW_PRICE_FOR_CONTRACTLINES')) {
      $product = new Product($db);
      $result = $product->fetch($contractline->fk_product);
 
      // We define price for product (TODO Put this in a method in product class)
      if (getDolGlobalString('PRODUIT_MULTIPRICES')) {
        $pu_ht = $product->multiprices[$contract->thirdparty->price_level];
        $pu_ttc = $product->multiprices_ttc[$contract->thirdparty->price_level];
        $price_base_type = $product->multiprices_base_type[$contract->thirdparty->price_level];
      } else {
        $pu_ht = $product->price;
        $pu_ttc = $product->price_ttc;
        $price_base_type = $product->price_base_type;
      }
 
      $amount = $pu_ttc;
      if (empty($amount)) {
        dol_print_error(null, 'ErrorNoPriceDefinedForThisProduct');
        exit;
      }
    }
 
    if (GETPOST("amount", 'alpha')) {
      $amount = GETPOST("amount", 'alpha');
    }
    $amount = price2num($amount);
  }
 
  if (GETPOST('fulltag', 'alpha')) {
    $fulltag = GETPOST('fulltag', 'alpha');
  } else {
    $fulltag = 'COL='.$contractline->id.'.CON='.$contract->id.'.CUS='.$contract->thirdparty->id.'.DAT='.dol_print_date(dol_now(), '%Y%m%d%H%M%S');
    if (!empty($TAG)) {
      $tag = $TAG;
      $fulltag .= '.TAG='.$TAG;
    }
  }
  $fulltag = dol_string_unaccent($fulltag);
 
  $qty = 1;
  if (GETPOST('qty')) {
    $qty = price2num(GETPOST('qty', 'alpha'), 'MS');
  }
 
  // Creditor
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Creditor");
  print '</td><td class="CTableRow2"><b>'.$creditor.'</b>';
  print '<input type="hidden" name="creditor" value="'.$creditor.'">';
  print '</td></tr>'."\n";
 
  // Debitor
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("ThirdParty");
  print '</td><td class="CTableRow2"><b>'.$contract->thirdparty->name.'</b>';
  print '</td></tr>'."\n";
 
  // Object
  $text = '<b>'.$langs->trans("PaymentRenewContractId", $contract->ref, $contractline->ref).'</b>';
  if ($contractline->fk_product > 0) {
    $contractline->fetch_product();
    $text .= '<br>'.$contractline->product->ref.($contractline->product->label ? ' - '.$contractline->product->label : '');
  }
  if ($contractline->description) {
    $text .= '<br>'.dol_htmlentitiesbr($contractline->description);
  }
  if ($contractline->date_end) {
    $text .= '<br>'.$langs->trans("ExpiredSince").': '.dol_print_date($contractline->date_end);
  }
  if (GETPOST('desc', 'alpha')) {
    $text = '<b>'.$langs->trans(GETPOST('desc', 'alpha')).'</b>';
  }
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Designation");
  print '</td><td class="CTableRow2">'.$text;
  print '<input type="hidden" name="source" value="'.dol_escape_htmltag($source).'">';
  print '<input type="hidden" name="ref" value="'.dol_escape_htmltag($contractline->ref).'">';
  print '<input type="hidden" name="dol_id" value="'.dol_escape_htmltag((string) $contractline->id).'">';
  $directdownloadlink = $contract->getLastMainDocLink('contract');
  if ($directdownloadlink) {
    print '<br><a href="'.$directdownloadlink.'">';
    print img_mime($contract->last_main_doc, '');
    print $langs->trans("DownloadDocument").'</a>';
  }
  print '</td></tr>'."\n";
 
  // Quantity
  $label = $langs->trans("Quantity");
  $qty = 1;
  $duration = '';
  if ($contractline->fk_product) {
    if ($contractline->product->isService() && $contractline->product->duration_value > 0) {
      $label = $langs->trans("Duration");
 
      // TODO Put this in a global method
      if ($contractline->product->duration_value > 1) {
        $dur = array("h" => $langs->trans("Hours"), "d" => $langs->trans("DurationDays"), "w" => $langs->trans("DurationWeeks"), "m" => $langs->trans("DurationMonths"), "y" => $langs->trans("DurationYears"));
      } else {
        $dur = array("h" => $langs->trans("Hour"), "d" => $langs->trans("DurationDay"), "w" => $langs->trans("DurationWeek"), "m" => $langs->trans("DurationMonth"), "y" => $langs->trans("DurationYear"));
      }
      $duration = $contractline->product->duration_value.' '.$dur[$contractline->product->duration_unit];
    }
  }
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$label.'</td>';
  print '<td class="CTableRow2"><b>'.($duration ? $duration : $qty).'</b>';
  print '<input type="hidden" name="newqty" value="'.dol_escape_htmltag((string) $qty).'">';
  print '</b></td></tr>'."\n";
 
  // Amount
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Amount");
  if (empty($amount)) {
    print ' ('.$langs->trans("ToComplete").')';
  }
  print '</td><td class="CTableRow2">';
  if (empty($amount) || !is_numeric($amount)) {
    print '<input type="hidden" name="amount" value="'.price2num(GETPOST("amount", 'alpha'), 'MT').'">';
    print '<input class="flat maxwidth75" type="text" name="newamount" value="'.price2num(GETPOST("newamount", "alpha"), 'MT').'">';
    // Currency
    print ' <b>'.$langs->trans("Currency".$currency).'</b>';
  } else {
    print '<b class="amount">'.price($amount, 1, $langs, 1, -1, -1, $currency).'</b>';  // Price with currency
    print '<input type="hidden" name="amount" value="'.$amount.'">';
    print '<input type="hidden" name="newamount" value="'.$amount.'">';
  }
  print '<input type="hidden" name="currency" value="'.$currency.'">';
  print '</td></tr>'."\n";
 
  // Tag
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("PaymentCode");
  print '</td><td class="CTableRow2"><b style="word-break: break-all;">'.$fulltag.'</b>';
  print '<input type="hidden" name="tag" value="'.$tag.'">';
  print '<input type="hidden" name="fulltag" value="'.$fulltag.'">';
  print '</td></tr>'."\n";
 
  // Shipping address
  $shipToName = $contract->thirdparty->name;
  $shipToStreet = $contract->thirdparty->address;
  $shipToCity = $contract->thirdparty->town;
  $shipToState = $contract->thirdparty->state_code;
  $shipToCountryCode = $contract->thirdparty->country_code;
  $shipToZip = $contract->thirdparty->zip;
  $shipToStreet2 = '';
  $phoneNum = $contract->thirdparty->phone;
  if ($shipToName && $shipToStreet && $shipToCity && $shipToCountryCode && $shipToZip) {
    print '<input type="hidden" name="shipToName" value="'.$shipToName.'">'."\n";
    print '<input type="hidden" name="shipToStreet" value="'.$shipToStreet.'">'."\n";
    print '<input type="hidden" name="shipToCity" value="'.$shipToCity.'">'."\n";
    print '<input type="hidden" name="shipToState" value="'.$shipToState.'">'."\n";
    print '<input type="hidden" name="shipToCountryCode" value="'.$shipToCountryCode.'">'."\n";
    print '<input type="hidden" name="shipToZip" value="'.$shipToZip.'">'."\n";
    print '<input type="hidden" name="shipToStreet2" value="'.$shipToStreet2.'">'."\n";
    print '<input type="hidden" name="phoneNum" value="'.$phoneNum.'">'."\n";
  } else {
    print '<!-- Shipping address not complete, so we don t use it -->'."\n";
  }
  if (is_object($contract->thirdparty)) {
    print '<input type="hidden" name="thirdparty_id" value="'.$contract->thirdparty->id.'">'."\n";
  }
  print '<input type="hidden" name="email" value="'.$contract->thirdparty->email.'">'."\n";
  print '<input type="hidden" name="vatnumber" value="'.$contract->thirdparty->tva_intra.'">'."\n";
  $labeldesc = $langs->trans("Contract").' '.$contract->ref;
  if (GETPOST('desc', 'alpha')) {
    $labeldesc = GETPOST('desc', 'alpha');
  }
  print '<input type="hidden" name="desc" value="'.dol_escape_htmltag($labeldesc).'">'."\n";
}
 
// Payment on a Member subscription
if ($source == 'member' || $source == 'membersubscription') {
  $newsource = 'member';
 
  $tag = "";
  $found = true;
  $langs->load("members");
 
  require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent.class.php';
  require_once DOL_DOCUMENT_ROOT.'/adherents/class/adherent_type.class.php';
  require_once DOL_DOCUMENT_ROOT.'/adherents/class/subscription.class.php';
 
  $member = new Adherent($db);
  $adht = new AdherentType($db);
 
  $result = $member->fetch(0, $ref, 0, '', true, true); // This fetch also ->last_subscription_amount
  if ($result <= 0) {
    $mesg = $member->error;
    $error++;
  } else {
    $member->fetch_thirdparty();
 
    $adht->fetch($member->typeid);
  }
  $object = $member;
 
  if ($action != 'dopayment') { // Do not change amount if we just click on first dopayment
    $amount = $member->last_subscription_amount;
    if (GETPOST("amount", 'alpha')) {
      $amount = price2num(GETPOST("amount", 'alpha'), 'MT', 2);
    }
    // If amount still not defined, we take amount of the type of member
    if (empty($amount)) {
      $amount = $adht->amount;
    }
 
    $amount = max(0, price2num($amount, 'MT'));
  }
 
  if (GETPOST('fulltag', 'alpha')) {
    $fulltag = GETPOST('fulltag', 'alpha');
  } else {
    $fulltag = 'MEM='.$member->id.'.DAT='.dol_print_date(dol_now(), '%Y%m%d%H%M%S');
    if (!empty($TAG)) {
      $tag = $TAG;
      $fulltag .= '.TAG='.$TAG;
    }
  }
  $fulltag = dol_string_unaccent($fulltag);
 
  // Creditor
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Creditor");
  print '</td><td class="CTableRow2"><b>'.$creditor.'</b>';
  print '<input type="hidden" name="creditor" value="'.$creditor.'">';
  print '</td></tr>'."\n";
 
  // Debitor
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Member");
  print '</td><td class="CTableRow2">';
  print '<b>';
  if ($member->morphy == 'mor' && !empty($member->company)) {
    print img_picto('', 'company', 'class="pictofixedwidth"');
    print $member->company;
  } else {
    print img_picto('', 'member', 'class="pictofixedwidth"');
    print $member->getFullName($langs);
  }
  print '</b>';
  print '</td></tr>'."\n";
 
  // Object
  $text = '<b>'.$langs->trans("PaymentSubscription").'</b>';
  if (GETPOST('desc', 'alpha')) {
    $text = '<b>'.$langs->trans(GETPOST('desc', 'alpha')).'</b>';
  }
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Designation");
  print '</td><td class="CTableRow2">'.$text;
  print '<input type="hidden" name="source" value="'.dol_escape_htmltag($newsource).'">';
  print '<input type="hidden" name="ref" value="'.dol_escape_htmltag($member->ref).'">';
  print '</td></tr>'."\n";
 
  if ($object->datefin > 0) {
    print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("DateEndSubscription");
    print '</td><td class="CTableRow2">'.dol_print_date($member->datefin, 'day');
    print '</td></tr>'."\n";
  }
 
  if ($member->last_subscription_date || $member->last_subscription_amount) {
    // Last subscription date
 
    print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("LastSubscriptionDate");
    print '</td><td class="CTableRow2">'.dol_print_date($member->last_subscription_date, 'day');
    print '</td></tr>'."\n";
 
    // Last subscription amount
 
    print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("LastSubscriptionAmount");
    print '</td><td class="CTableRow2">'.price($member->last_subscription_amount);
    print '</td></tr>'."\n";
 
    if (empty($amount) && !GETPOST('newamount', 'alpha')) {
      $_GET['newamount'] = $member->last_subscription_amount;
      $_GET['amount'] = $member->last_subscription_amount;
    }
    if (!empty($member->last_subscription_amount) && !GETPOSTISSET('newamount') && is_numeric($amount)) {
      $amount = max($member->last_subscription_amount, $amount);
    }
  }
 
  $amountbytype = $adht->amountByType(1);
 
  $typeid = $adht->id;
  $caneditamount = $adht->caneditamount;
 
  if ($member->type) {
    $oldtypeid = $member->typeid;
    $newtypeid = (int) (GETPOSTISSET("typeid") ? GETPOSTINT("typeid") : $member->typeid);
    if (getDolGlobalString('MEMBER_ALLOW_CHANGE_OF_TYPE')) {
      $typeid = $newtypeid;
      $adht->fetch($typeid);  // Reload with the new type id
    }
 
    $caneditamount = $adht->caneditamount;
 
    if (getDolGlobalString('MEMBER_ALLOW_CHANGE_OF_TYPE')) {
      // Last member type
      print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("LastMemberType");
      print '</td><td class="CTableRow2">'.dol_escape_htmltag($member->type);
      print "</td></tr>\n";
 
      // Set the new member type
      $member->typeid = $newtypeid;
      $member->type = (string) dol_getIdFromCode($db, $newtypeid, 'adherent_type', 'rowid', 'libelle');
 
      // list member type
      if (!$action) {
        // Set amount for the subscription.
        // If we change the type, we use the amount of the new type and not the amount of last subscription.
        $amount = (!empty($amountbytype[$member->typeid])) ? $amountbytype[$member->typeid] : $member->last_subscription_amount;
 
        print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("NewSubscription");
        print '</td><td class="CTableRow2">';
        print $form->selectarray("typeid", $adht->liste_array(1), $member->typeid, 0, 0, 0, 'onchange="window.location.replace(\''.$urlwithroot.'/public/payment/newpayment.php?source='.urlencode($source).'&ref='.urlencode($ref).'&amount='.urlencode($amount).'&typeid=\' + this.value + \'&securekey='.urlencode($SECUREKEY).'\');"', 0, 0, 0, '', '', 1);
        print "</td></tr>\n";
      } elseif ($action == 'dopayment') {
        print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("NewMemberType");
        print '</td><td class="CTableRow2">'.dol_escape_htmltag($member->type);
        print '<input type="hidden" name="membertypeid" value="'.$member->typeid.'">';
        print "</td></tr>\n";
      }
    } else {
      print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("MemberType");
      print '</td><td class="CTableRow2">'.dol_escape_htmltag($member->type);
      print "</td></tr>\n";
    }
  }
 
  // Set amount for the subscription from the the type and options:
  // - First check the amount of the member type if not previous payment.
  $amount = ($member->last_subscription_amount ? $member->last_subscription_amount : (empty($amountbytype[$typeid]) ? 0 : $amountbytype[$typeid]));
  // - If not found, take the default amount
  if (empty($amount) && getDolGlobalString('MEMBER_NEWFORM_AMOUNT')) {
    $amount = getDolGlobalString('MEMBER_NEWFORM_AMOUNT');
  }
  // - If an amount was posted from the form (for example from page with types of membership)
  if ($caneditamount && GETPOSTISSET('amount') && GETPOSTFLOAT('amount', 'MT') > 0) {
    $amount = GETPOSTFLOAT('amount', 'MT');
  }
  // - If a new amount was posted from the form
  if ($caneditamount && GETPOSTISSET('newamount') && GETPOSTFLOAT('newamount', 'MT') > 0) {
    $amount = GETPOSTFLOAT('newamount', 'MT');
  }
  // - If a min is set or an amount from the posted form, we take them into account
  $amount = max(0, (float) $amount, (float) getDolGlobalInt("MEMBER_MIN_AMOUNT"));
 
  // Amount
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Amount");
  // This place no longer allows amount edition
  if (getDolGlobalString('MEMBER_EXT_URL_SUBSCRIPTION_INFO')) {
    print ' - <a href="' . getDolGlobalString('MEMBER_EXT_URL_SUBSCRIPTION_INFO').'" rel="external" target="_blank" rel="noopener noreferrer">'.$langs->trans("SeeHere").'</a>';
  }
  print '</td><td class="CTableRow2">';
 
  $caneditamount = $adht->caneditamount;
  $minimumamount = !getDolGlobalString('MEMBER_MIN_AMOUNT') ? $adht->amount : max(getDolGlobalString('MEMBER_MIN_AMOUNT'), $adht->amount, $amount);
 
  if ($caneditamount && $action != 'dopayment') {
    if (GETPOSTISSET('newamount')) {
      print '<input type="text" class="width75" name="newamount" value="'.price(price2num(GETPOST('newamount'), '', 2), 1, $langs, 1, -1, -1).'">';
    } else {
      print '<input type="text" class="width75" name="newamount" value="'.price($amount, 1, $langs, 1, -1, -1).'">';
    }
  } else {
    print '<b class="amount">'.price($amount, 1, $langs, 1, -1, -1, $currency).'</b>';  // Price with currency
    if ($minimumamount > $amount) {
      print ' &nbsp; <span class="opacitymedium small">'. $langs->trans("AmountIsLowerToMinimumNotice", price($minimumamount, 1, $langs, 1, -1, -1, $currency)).'</span>';
    }
    print '<input type="hidden" name="newamount" value="'.$amount.'">';
  }
  print '<input type="hidden" name="amount" value="'.$amount.'">';
  print '<input type="hidden" name="currency" value="'.$currency.'">';
  print '</td></tr>'."\n";
 
  // Tag
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("PaymentCode");
  print '</td><td class="CTableRow2"><b style="word-break: break-all;">'.$fulltag.'</b>';
  print '<input type="hidden" name="tag" value="'.$tag.'">';
  print '<input type="hidden" name="fulltag" value="'.$fulltag.'">';
  print '</td></tr>'."\n";
 
  // Shipping address
  $shipToName = $member->getFullName($langs);
  $shipToStreet = $member->address;
  $shipToCity = $member->town;
  $shipToState = $member->state_code;
  $shipToCountryCode = $member->country_code;
  $shipToZip = $member->zip;
  $shipToStreet2 = '';
  $phoneNum = $member->phone;
  if ($shipToName && $shipToStreet && $shipToCity && $shipToCountryCode && $shipToZip) {
    print '<!-- Shipping address information -->';
    print '<input type="hidden" name="shipToName" value="'.$shipToName.'">'."\n";
    print '<input type="hidden" name="shipToStreet" value="'.$shipToStreet.'">'."\n";
    print '<input type="hidden" name="shipToCity" value="'.$shipToCity.'">'."\n";
    print '<input type="hidden" name="shipToState" value="'.$shipToState.'">'."\n";
    print '<input type="hidden" name="shipToCountryCode" value="'.$shipToCountryCode.'">'."\n";
    print '<input type="hidden" name="shipToZip" value="'.$shipToZip.'">'."\n";
    print '<input type="hidden" name="shipToStreet2" value="'.$shipToStreet2.'">'."\n";
    print '<input type="hidden" name="phoneNum" value="'.$phoneNum.'">'."\n";
  } else {
    print '<!-- Shipping address not complete, so we don t use it -->'."\n";
  }
  if (is_object($member->thirdparty)) {
    print '<input type="hidden" name="thirdparty_id" value="'.$member->thirdparty->id.'">'."\n";
  }
  print '<input type="hidden" name="email" value="'.$member->email.'">'."\n";
  $labeldesc = $langs->trans("PaymentSubscription");
  if (GETPOST('desc', 'alpha')) {
    $labeldesc = GETPOST('desc', 'alpha');
  }
  print '<input type="hidden" name="desc" value="'.dol_escape_htmltag($labeldesc).'">'."\n";
}
 
// Payment on donation
if ($source == 'donation') {
  $found = true;
  $langs->load("don");
 
  require_once DOL_DOCUMENT_ROOT.'/don/class/don.class.php';
 
  $don = new Don($db);
  // @phan-suppress-next-line PhanPluginSuspiciousParamPosition
  $result = $don->fetch((int) $ref);
  if ($result <= 0) {
    $mesg = $don->error;
    $error++;
  } else {
    $don->fetch_thirdparty();
  }
  $object = $don;
 
  if ($action != 'dopayment') { // Do not change amount if we just click on first dopayment
    if (GETPOST("amount", 'alpha')) {
      $amount = GETPOST("amount", 'alpha');
    } else {
      $amount = $don->getRemainToPay();
    }
    $amount = price2num($amount);
  }
 
  if (GETPOST('fulltag', 'alpha')) {
    $fulltag = GETPOST('fulltag', 'alpha');
  } else {
    $fulltag = 'DON='.$don->ref.'.DAT='.dol_print_date(dol_now(), '%Y%m%d%H%M%S');
    if (!empty($TAG)) {
      $tag = $TAG;
      $fulltag .= '.TAG='.$TAG;
    }
  }
  $fulltag = dol_string_unaccent($fulltag);
 
  // Creditor
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Creditor");
  print '</td><td class="CTableRow2"><b>'.$creditor.'</b>';
  print '<input type="hidden" name="creditor" value="'.$creditor.'">';
  print '</td></tr>'."\n";
 
  // Debitor
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("ThirdParty");
  print '</td><td class="CTableRow2"><b>';
  if ($don->morphy == 'mor' && !empty($don->societe)) {
    print $don->societe;
  } else {
    print $don->getFullName($langs);
  }
  print '</b>';
  print '</td></tr>'."\n";
 
  // Object
  $text = '<b>'.$langs->trans("PaymentDonation").'</b>';
  if (GETPOST('desc', 'alpha')) {
    $text = '<b>'.$langs->trans(GETPOST('desc', 'alpha')).'</b>';
  }
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Designation");
  print '</td><td class="CTableRow2">'.$text;
  print '<input type="hidden" name="source" value="'.dol_escape_htmltag($source).'">';
  print '<input type="hidden" name="ref" value="'.dol_escape_htmltag($don->ref).'">';
  print '</td></tr>'."\n";
 
  // Amount
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Amount");
  if (empty($amount)) {
    if (!getDolGlobalString('DONATION_NEWFORM_AMOUNT')) {
      print ' ('.$langs->trans("ToComplete");
    }
    if (getDolGlobalString('DONATION_EXT_URL_SUBSCRIPTION_INFO')) {
      print ' - <a href="' . getDolGlobalString('DONATION_EXT_URL_SUBSCRIPTION_INFO').'" rel="external" target="_blank" rel="noopener noreferrer">'.$langs->trans("SeeHere").'</a>';
    }
    if (!getDolGlobalString('DONATION_NEWFORM_AMOUNT')) {
      print ')';
    }
  }
  print '</td><td class="CTableRow2">';
  $valtoshow = '';
  if (empty($amount) || !is_numeric($amount)) {
    $valtoshow = price2num(GETPOST("newamount", 'alpha'), 'MT');
    // force default subscription amount to value defined into constant...
    if (empty($valtoshow)) {
      if (getDolGlobalString('DONATION_NEWFORM_EDITAMOUNT')) {
        if (getDolGlobalString('DONATION_NEWFORM_AMOUNT')) {
          $valtoshow = getDolGlobalString('DONATION_NEWFORM_AMOUNT');
        }
      } else {
        if (getDolGlobalString('DONATION_NEWFORM_AMOUNT')) {
          $amount = getDolGlobalString('DONATION_NEWFORM_AMOUNT');
        }
      }
    }
  }
  if (empty($amount) || !is_numeric($amount)) {
    //$valtoshow=price2num(GETPOST("newamount",'alpha'),'MT');
    if (getDolGlobalString('DONATION_MIN_AMOUNT') && $valtoshow) {
      $valtoshow = max(getDolGlobalString('DONATION_MIN_AMOUNT'), $valtoshow);
    }
    print '<input type="hidden" name="amount" value="'.price2num(GETPOST("amount", 'alpha'), 'MT').'">';
    print '<input class="flat maxwidth75" type="text" name="newamount" value="'.$valtoshow.'">';
    // Currency
    print ' <b>'.$langs->trans("Currency".$currency).'</b>';
  } else {
    $valtoshow = $amount;
    if (getDolGlobalString('DONATION_MIN_AMOUNT') && $valtoshow) {
      $valtoshow = max(getDolGlobalString('DONATION_MIN_AMOUNT'), $valtoshow);
      $amount = $valtoshow;
    }
    print '<b class="amount">'.price($valtoshow, 1, $langs, 1, -1, -1, $currency).'</b>'; // Price with currency
    print '<input type="hidden" name="amount" value="'.$valtoshow.'">';
    print '<input type="hidden" name="newamount" value="'.$valtoshow.'">';
  }
  print '<input type="hidden" name="currency" value="'.$currency.'">';
  print '</td></tr>'."\n";
 
  // Tag
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("PaymentCode");
  print '</td><td class="CTableRow2"><b style="word-break: break-all;">'.$fulltag.'</b>';
  print '<input type="hidden" name="tag" value="'.$tag.'">';
  print '<input type="hidden" name="fulltag" value="'.$fulltag.'">';
  print '</td></tr>'."\n";
 
  // Shipping address
  $shipToName = $don->getFullName($langs);
  $shipToStreet = $don->address;
  $shipToCity = $don->town;
  $shipToState = $don->state_code;
  $shipToCountryCode = $don->country_code;
  $shipToZip = $don->zip;
  $shipToStreet2 = '';
  $phoneNum = $don->phone;
  if ($shipToName && $shipToStreet && $shipToCity && $shipToCountryCode && $shipToZip) {
    print '<!-- Shipping address information -->';
    print '<input type="hidden" name="shipToName" value="'.$shipToName.'">'."\n";
    print '<input type="hidden" name="shipToStreet" value="'.$shipToStreet.'">'."\n";
    print '<input type="hidden" name="shipToCity" value="'.$shipToCity.'">'."\n";
    print '<input type="hidden" name="shipToState" value="'.$shipToState.'">'."\n";
    print '<input type="hidden" name="shipToCountryCode" value="'.$shipToCountryCode.'">'."\n";
    print '<input type="hidden" name="shipToZip" value="'.$shipToZip.'">'."\n";
    print '<input type="hidden" name="shipToStreet2" value="'.$shipToStreet2.'">'."\n";
    print '<input type="hidden" name="phoneNum" value="'.$phoneNum.'">'."\n";
  } else {
    print '<!-- Shipping address not complete, so we don t use it -->'."\n";
  }
  if (is_object($don->thirdparty)) {
    print '<input type="hidden" name="thirdparty_id" value="'.$don->thirdparty->id.'">'."\n";
  }
  print '<input type="hidden" name="email" value="'.$don->email.'">'."\n";
  $labeldesc = $langs->trans("PaymentSubscription");
  if (GETPOST('desc', 'alpha')) {
    $labeldesc = GETPOST('desc', 'alpha');
  }
  print '<input type="hidden" name="desc" value="'.dol_escape_htmltag($labeldesc).'">'."\n";
}
 
if ($source == 'organizedeventregistration' && is_object($thirdparty)) {
  $found = true;
  $langs->loadLangs(array("members", "eventorganization"));
 
  if (GETPOST('fulltag', 'alpha')) {
    $fulltag = GETPOST('fulltag', 'alpha');
  } else {
    $fulltag = 'ATT='.$attendee->id.'.DAT='.dol_print_date(dol_now(), '%Y%m%d%H%M%S');
    if (!empty($TAG)) {
      $tag = $TAG;
      $fulltag .= '.TAG='.$TAG;
    }
  }
  $fulltag = dol_string_unaccent($fulltag);
 
  // Creditor
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Creditor");
  print '</td><td class="CTableRow2"><b>'.$creditor.'</b>';
  print '<input type="hidden" name="creditor" value="'.$creditor.'">';
  print '</td></tr>'."\n";
 
  // Debitor
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Attendee");
  print '</td><td class="CTableRow2"><b>';
  print $attendee->email;
  print($thirdparty->name ? ' ('.$thirdparty->name.')' : '');
  print '</b>';
  print '</td></tr>'."\n";
 
  if (! is_object($attendee->project)) {
    $text = 'ErrorProjectNotFound';
  } else {
    $text = $langs->trans("PaymentEvent").' - '.$attendee->project->title;
  }
 
  // Object
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Designation");
  print '</td><td class="CTableRow2"><b>'.$text.'</b>';
  print '<input type="hidden" name="source" value="'.dol_escape_htmltag($source).'">';
  print '<input type="hidden" name="ref" value="'.dol_escape_htmltag((string) $invoice->id).'">';
  print '</td></tr>'."\n";
 
  // Amount
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Amount");
  print '</td><td class="CTableRow2">';
  $valtoshow = $amount;
  print '<b class="amount">'.price($valtoshow, 1, $langs, 1, -1, -1, $currency).'</b>'; // Price with currency
  print '<input type="hidden" name="amount" value="'.$valtoshow.'">';
  print '<input type="hidden" name="newamount" value="'.$valtoshow.'">';
  print '<input type="hidden" name="currency" value="'.$currency.'">';
  print '</td></tr>'."\n";
 
  // Tag
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("PaymentCode");
  print '</td><td class="CTableRow2"><b style="word-break: break-all;">'.$fulltag.'</b>';
  print '<input type="hidden" name="tag" value="'.$tag.'">';
  print '<input type="hidden" name="fulltag" value="'.$fulltag.'">';
  print '</td></tr>'."\n";
 
  // Shipping address
  $shipToName = $thirdparty->getFullName($langs);
  $shipToStreet = $thirdparty->address;
  $shipToCity = $thirdparty->town;
  $shipToState = $thirdparty->state_code;
  $shipToCountryCode = $thirdparty->country_code;
  $shipToZip = $thirdparty->zip;
  $shipToStreet2 = '';
  $phoneNum = $thirdparty->phone;
  if ($shipToName && $shipToStreet && $shipToCity && $shipToCountryCode && $shipToZip) {
    print '<!-- Shipping address information -->';
    print '<input type="hidden" name="shipToName" value="'.$shipToName.'">'."\n";
    print '<input type="hidden" name="shipToStreet" value="'.$shipToStreet.'">'."\n";
    print '<input type="hidden" name="shipToCity" value="'.$shipToCity.'">'."\n";
    print '<input type="hidden" name="shipToState" value="'.$shipToState.'">'."\n";
    print '<input type="hidden" name="shipToCountryCode" value="'.$shipToCountryCode.'">'."\n";
    print '<input type="hidden" name="shipToZip" value="'.$shipToZip.'">'."\n";
    print '<input type="hidden" name="shipToStreet2" value="'.$shipToStreet2.'">'."\n";
    print '<input type="hidden" name="phoneNum" value="'.$phoneNum.'">'."\n";
  } else {
    print '<!-- Shipping address not complete, so we don t use it -->'."\n";
  }
  print '<input type="hidden" name="thirdparty_id" value="'.$thirdparty->id.'">'."\n";
  print '<input type="hidden" name="email" value="'.$thirdparty->email.'">'."\n";
  $labeldesc = $langs->trans("PaymentSubscription");
  if (GETPOST('desc', 'alpha')) {
    $labeldesc = GETPOST('desc', 'alpha');
  }
  print '<input type="hidden" name="desc" value="'.dol_escape_htmltag($labeldesc).'">'."\n";
}
 
if ($source == 'boothlocation') {
  $found = true;
  $langs->load("members");
 
  if (GETPOST('fulltag', 'alpha')) {
    $fulltag = GETPOST('fulltag', 'alpha');
  } else {
    $fulltag = 'BOO='.GETPOST("booth").'.DAT='.dol_print_date(dol_now(), '%Y%m%d%H%M%S');
    if (!empty($TAG)) {
      $tag = $TAG;
      $fulltag .= '.TAG='.$TAG;
    }
  }
  $fulltag = dol_string_unaccent($fulltag);
 
  // Creditor
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Creditor");
  print '</td><td class="CTableRow2"><b>'.$creditor.'</b>';
  print '<input type="hidden" name="creditor" value="'.$creditor.'">';
  print '</td></tr>'."\n";
 
  // Debitor
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Attendee");
  print '</td><td class="CTableRow2"><b>';
  print $thirdparty->name;
  print '</b>';
  print '</td></tr>'."\n";
 
  // Object
  $text = '<b>'.$langs->trans("PaymentBoothLocation").'</b>';
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Designation");
  print '</td><td class="CTableRow2">'.$text;
  print '<input type="hidden" name="source" value="'.dol_escape_htmltag($source).'">';
  print '<input type="hidden" name="ref" value="'.dol_escape_htmltag((string) $invoice->id).'">';
  print '</td></tr>'."\n";
 
  // Amount
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("Amount");
  print '</td><td class="CTableRow2">';
  $valtoshow = $amount;
  print '<b class="amount">'.price($valtoshow, 1, $langs, 1, -1, -1, $currency).'</b>'; // Price with currency
  print '<input type="hidden" name="amount" value="'.$valtoshow.'">';
  print '<input type="hidden" name="newamount" value="'.$valtoshow.'">';
  print '<input type="hidden" name="currency" value="'.$currency.'">';
  print '</td></tr>'."\n";
 
  // Tag
  print '<tr class="CTableRow2"><td class="CTableRow2">'.$langs->trans("PaymentCode");
  print '</td><td class="CTableRow2"><b style="word-break: break-all;">'.$fulltag.'</b>';
  print '<input type="hidden" name="tag" value="'.$tag.'">';
  print '<input type="hidden" name="fulltag" value="'.$fulltag.'">';
  print '</td></tr>'."\n";
 
  // Shipping address
  $shipToName = $thirdparty->getFullName($langs);
  $shipToStreet = $thirdparty->address;
  $shipToCity = $thirdparty->town;
  $shipToState = $thirdparty->state_code;
  $shipToCountryCode = $thirdparty->country_code;
  $shipToZip = $thirdparty->zip;
  $shipToStreet2 = '';
  $phoneNum = $thirdparty->phone;
  if ($shipToName && $shipToStreet && $shipToCity && $shipToCountryCode && $shipToZip) {
    print '<!-- Shipping address information -->';
    print '<input type="hidden" name="shipToName" value="'.$shipToName.'">'."\n";
    print '<input type="hidden" name="shipToStreet" value="'.$shipToStreet.'">'."\n";
    print '<input type="hidden" name="shipToCity" value="'.$shipToCity.'">'."\n";
    print '<input type="hidden" name="shipToState" value="'.$shipToState.'">'."\n";
    print '<input type="hidden" name="shipToCountryCode" value="'.$shipToCountryCode.'">'."\n";
    print '<input type="hidden" name="shipToZip" value="'.$shipToZip.'">'."\n";
    print '<input type="hidden" name="shipToStreet2" value="'.$shipToStreet2.'">'."\n";
    print '<input type="hidden" name="phoneNum" value="'.$phoneNum.'">'."\n";
  } else {
    print '<!-- Shipping address not complete, so we don t use it -->'."\n";
  }
  print '<input type="hidden" name="thirdparty_id" value="'.$thirdparty->id.'">'."\n";
  print '<input type="hidden" name="email" value="'.$thirdparty->email.'">'."\n";
  $labeldesc = $langs->trans("PaymentSubscription");
  if (GETPOST('desc', 'alpha')) {
    $labeldesc = GETPOST('desc', 'alpha');
  }
  print '<input type="hidden" name="desc" value="'.dol_escape_htmltag($labeldesc).'">'."\n";
}
 
if (!$found && !$mesg) {
  $mesg = $langs->trans("ErrorBadParameters");
}
 
if ($mesg) {
  print '<tr><td align="center" colspan="2"><br><div class="warning">'.dol_escape_htmltag($mesg, 1, 1, 'br').'</div></td></tr>'."\n";
}
 
print '</table>'."\n";
print "\n";
 
 
// Show all payment mode buttons (Stripe, Paypal, ...)
if ($action != 'dopayment') {
  if ($found && !$error) {  // We are in a management option and no error
    // Check status of the object (Invoice) to verify if it is paid by external payment modules (ie Payzen, ...)
    $parameters = [
      'source' => $source,
      'object' => $object
    ];
    // @phan-suppress-next-line PhanTypeMismatchArgumentNullable
    $reshook = $hookmanager->executeHooks('doCheckStatus', $parameters, $object, $action);
    if ($reshook < 0) {
      setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
    } elseif ($reshook > 0) {
      print $hookmanager->resPrint;
    }
 
    if ($source == 'order' && $object->billed) {
      print '<br><br><div class="amountpaymentcomplete size12x wrapimp">'.$langs->trans("OrderBilled").'</div>';
    } elseif ($source == 'invoice' && $object->paye) {
      print '<br><br><div class="amountpaymentcomplete size12x wrapimp">'.$langs->trans("InvoicePaid").'</div>';
    } elseif ($source == 'donation' && $object->paid) {
      print '<br><br><div class="amountpaymentcomplete size12x wrapimp">'.$langs->trans("DonationPaid").'</div>';
    } else {
      // Membership can be paid and we still allow to make renewal
      if (($source == 'member' || $source == 'membersubscription') && $object->datefin > dol_now()) {
        $langs->load("members");
        print '<br><div class="amountpaymentcomplete size12x wrapimp">';
        $s = $langs->trans("MembershipPaid", '{s1}');
        print str_replace('{s1}', '<span class="nobold">'.dol_print_date($object->datefin, 'day').'</span>', $s);
        print '</div>';
        print '<div class="opacitymedium margintoponly">'.$langs->trans("PaymentWillBeRecordedForNextPeriod").'</div>';
        print '<br>';
      }
 
      // Buttons for all payments registration methods
 
      // This hook is used to add Button to newpayment.php for external payment modules (ie Payzen, ...)
      $parameters = [
        'paymentmethod' => $paymentmethod
      ];
      $reshook = $hookmanager->executeHooks('doAddButton', $parameters, $object, $action);
      if ($reshook < 0) {
        setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
      } elseif ($reshook >= 0) {
        print $hookmanager->resPrint;
      }
 
      if ((empty($paymentmethod) || $paymentmethod == 'paybox') && isModEnabled('paybox')) {
        print '<div class="button buttonpayment" id="div_dopayment_paybox"><span class="fa fa-credit-card"></span> <input class="" type="submit" id="dopayment_paybox" name="dopayment_paybox" value="'.$langs->trans("PayBoxDoPayment").'">';
        print '<br>';
        print '<span class="buttonpaymentsmall">'.$langs->trans("CreditOrDebitCard").'</span>';
        print '</div>';
        print '<script>
            $( document ).ready(function() {
              $("#div_dopayment_paybox").click(function(){
                $("#dopayment_paybox").click();
              });
              $("#dopayment_paybox").click(function(e){
                $("#div_dopayment_paybox").css( \'cursor\', \'wait\' );
                e.stopPropagation();
              });
            });
            </script>
        ';
      }
 
      if ((empty($paymentmethod) || $paymentmethod == 'stripe') && isModEnabled('stripe')) {
        $showbutton = 1;
        if (getDolGlobalString(strtoupper($source).'_FORCE_DISABLE_STRIPE')) {  // Example: MEMBER_FORCE_DISABLE_STRIPE
          $showbutton = 0;
        }
 
        if ($showbutton) {
          // By default noidempotency is set to 1, to avoid the error "Keys for idempotant requests...". It means we can pay several times the same tag/ref.
          // If STRIPE_USE_IDEMPOTENCY_BY_DEFAULT is set or param noidempotency=0 is added, then with add an idempotent key, so we must use a different tag/ref for each payment (if not we will get an error).
          $noidempotency_key = (GETPOSTISSET('noidempotency') ? GETPOSTINT('noidempotency') : (getDolGlobalInt('STRIPE_USE_IDEMPOTENCY_BY_DEFAULT') ? 0 : 1));
 
          print '<div class="button buttonpayment" id="div_dopayment_stripe"><span class="fa fa-credit-card"></span> <input class="" type="submit" id="dopayment_stripe" name="dopayment_stripe" value="'.$langs->trans("StripeDoPayment").'">';
          print '<input type="hidden" name="noidempotency" value="'.$noidempotency_key.'">';
          print '<br>';
          print '<span class="buttonpaymentsmall">'.$langs->trans("CreditOrDebitCard").'</span>';
          print '</div>';
          print '<script>
              $( document ).ready(function() {
                $("#div_dopayment_stripe").click(function(){
                  $("#dopayment_stripe").click();
                });
                $("#dopayment_stripe").click(function(e){
                  $("#div_dopayment_stripe").css( \'cursor\', \'wait\' );
                  e.stopPropagation();
                  return true;
                });
              });
              </script>
          ';
        }
      }
 
      if ((empty($paymentmethod) || $paymentmethod == 'paypal') && isModEnabled('paypal')) {
        if (!getDolGlobalString('PAYPAL_API_INTEGRAL_OR_PAYPALONLY')) {
          $conf->global->PAYPAL_API_INTEGRAL_OR_PAYPALONLY = 'integral';
        }
 
        $showbutton = 1;
        if (getDolGlobalString(strtoupper($source).'_FORCE_DISABLE_PAYPAL')) {  // Example: MEMBER_FORCE_DISABLE_PAYPAL
          $showbutton = 0;
        }
 
        if ($showbutton) {
          print '<div class="button buttonpayment" id="div_dopayment_paypal">';
          if (getDolGlobalString('PAYPAL_API_INTEGRAL_OR_PAYPALONLY') != 'integral') {
            print '<div style="line-height: 1em">&nbsp;</div>';
          }
          print '<span class="fab fa-paypal"></span> <input class="" type="submit" id="dopayment_paypal" name="dopayment_paypal" value="'.$langs->trans("PaypalDoPayment").'">';
          if (getDolGlobalString('PAYPAL_API_INTEGRAL_OR_PAYPALONLY') == 'integral') {
            print '<br>';
            print '<span class="buttonpaymentsmall">'.$langs->trans("CreditOrDebitCard").'</span><span class="buttonpaymentsmall"> - </span>';
            print '<span class="buttonpaymentsmall">'.$langs->trans("PayPalBalance").'</span>';
          }
          //if (getDolGlobalString('PAYPAL_API_INTEGRAL_OR_PAYPALONLY') == 'paypalonly') {
          //print '<br>';
          //print '<span class="buttonpaymentsmall">'.$langs->trans("PayPalBalance").'"></span>';
          //}
          print '</div>';
          print '<script>
              $( document ).ready(function() {
                $("#div_dopayment_paypal").click(function(){
                  $("#dopayment_paypal").click();
                });
                $("#dopayment_paypal").click(function(e){
                  $("#div_dopayment_paypal").css( \'cursor\', \'wait\' );
                  e.stopPropagation();
                  return true;
                });
              });
              </script>
          ';
        }
      }
    }
  } else {
    dol_print_error_email('ERRORNEWPAYMENT');
  }
} else {
  // Print
}
 
print '</td></tr>'."\n";
 
print '</table>'."\n";
 
print '</form>'."\n";
print '</div>'."\n";
 
print '<br>';
 
 
 
// Add more content on page for some services
if (preg_match('/^dopayment/', $action)) {      // If we chose/clicked on the payment mode
  // Save some data for the paymentok
  $remoteip = getUserRemoteIP();
  $_SESSION["currencyCodeType"] = $currency;
  $_SESSION["FinalPaymentAmt"] = $amount;
  $_SESSION['ipaddress'] = ($remoteip ? $remoteip : 'unknown'); // Payer ip
  $_SESSION["paymentType"] = '';
 
  $stripecu = null;
 
  // For Stripe
  if (GETPOST('dopayment_stripe', 'alpha')) {
    // Personalized checkout
    print '<style>
    .StripeElement {
      background-color: white;
      padding: 8px 12px;
      border-radius: 4px;
      border: 1px solid transparent;
      box-shadow: 0 1px 3px 0 #e6ebf1;
      -webkit-transition: box-shadow 150ms ease;
      transition: box-shadow 150ms ease;
    }
 
    .StripeElement--focus {
      box-shadow: 0 1px 3px 0 #cfd7df;
    }
 
    .StripeElement--invalid {
      border-color: #fa755a;
    }
 
    .StripeElement--webkit-autofill {
      background-color: #fefde5 !important;
    }
    </style>';
 
    //print '<br>';
 
    print '<!-- Show Stripe form payment-form STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION = ' . getDolGlobalString('STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION').' STRIPE_USE_NEW_CHECKOUT = ' . getDolGlobalString('STRIPE_USE_NEW_CHECKOUT').' -->'."\n";
    print '<form action="'.$_SERVER['REQUEST_URI'].'" method="POST" id="payment-form">'."\n";
 
    print '<input type="hidden" name="token" value="'.newToken().'">'."\n";
    print '<input type="hidden" name="dopayment_stripe" value="1">'."\n";
    print '<input type="hidden" name="action" value="charge">'."\n";
    print '<input type="hidden" name="tag" value="'.$TAG.'">'."\n";
    print '<input type="hidden" name="s" value="'.$source.'">'."\n";
    print '<input type="hidden" name="ref" value="'.$REF.'">'."\n";
    print '<input type="hidden" name="fulltag" value="'.$FULLTAG.'">'."\n";
    print '<input type="hidden" name="suffix" value="'.$suffix.'">'."\n";
    print '<input type="hidden" name="securekey" value="'.$SECUREKEY.'">'."\n";
    print '<input type="hidden" name="e" value="'.$entity.'" />'."\n";
    print '<input type="hidden" name="amount" value="'.$amount.'">'."\n";
    print '<input type="hidden" name="currency" value="'.$currency.'">'."\n";
    //print '<input type="hidden" name="forcesandbox" value="'.GETPOSTINT('forcesandbox').'" />';
    print '<input type="hidden" name="email" value="'.GETPOST('email', 'alpha').'" />';
    print '<input type="hidden" name="thirdparty_id" value="'.GETPOSTINT('thirdparty_id').'" />';
    print '<input type="hidden" name="lang" value="'.$getpostlang.'">';
 
    // Make some check on amount: We accept an amount that is different to allow to pay an existing invoice partially or
    // to allow to pay a membership with open amount, but for a payment of an order, we have no reason to accept partial payment.
    $checkamount = 1;
    $tmptag = dolExplodeIntoArray($fulltag, '.', '=');
    if (array_key_exists('ORD', $tmptag) && (int) $tmptag['ORD'] > 0) {
      include_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';
      $object = new Commande($db);
      $result = $object->fetch((int) $tmptag['ORD']);
      if ($result > 0) {
        if ($object->total_ttc != $amount) {
          $checkamount = 0;
        }
      } else {
        $checkamount = 0;
      }
    }
    if (!$checkamount) {
      dol_syslog("Hack attempt detected", LOG_WARNING);
      setEventMessages('Bad value for amount. Reported as a hack attempt.', null, 'errors');
    }
 
    if ($checkamount && (getDolGlobalString('STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION') || getDolGlobalString('STRIPE_USE_NEW_CHECKOUT'))) { // Use a SCA ready method
      require_once DOL_DOCUMENT_ROOT.'/stripe/class/stripe.class.php';
 
      $service = 'StripeLive';
      $servicestatus = 1;
      if (!getDolGlobalString('STRIPE_LIVE')/* || GETPOST('forcesandbox', 'alpha') */) {
        $service = 'StripeTest';
        $servicestatus = 0;
      }
 
      $stripe = new Stripe($db);
      $stripeacc = $stripe->getStripeAccount($service);
      if (is_object($object) && is_object($object->thirdparty)) {
        $stripecu = $stripe->customerStripe($object->thirdparty, $stripeacc, $servicestatus, 1);
      }
 
      if (getDolGlobalString('STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION')) {
        // By default noidempotency is set to 1, to avoid the error "Keys for idempotant requests...". It means we can pay several times the same tag/ref.
        // If STRIPE_USE_IDEMPOTENCY_BY_DEFAULT is set or param noidempotency=0 is added, then with add an idempotent key, so we must use a different tag/ref for each payment (if not we will get an error).
        $noidempotency_key = (GETPOSTISSET('noidempotency') ? GETPOSTINT('noidempotency') : (getDolGlobalInt('STRIPE_USE_IDEMPOTENCY_BY_DEFAULT') ? 0 : 1));
 
        $paymentintent = $stripe->getPaymentIntent($amount, $currency, ($tag ? $tag : $fulltag), 'Stripe payment: '.$fulltag.(is_object($object) ? ' ref='.$object->ref : ''), $object, $stripecu, $stripeacc, $servicestatus, 0, 'automatic', false, null, 0, $noidempotency_key);
        // The paymentintnent has status 'requires_payment_method' (even if paymentintent was already paid)
        //var_dump($paymentintent);
        if ($stripe->error) {
          setEventMessages($stripe->error, null, 'errors');
        }
      }
    }
 
    // Note:
    // $conf->global->STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION = 1 = use intent object (default value, suggest card payment mode only)
    // $conf->global->STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION = 2 = use payment object (suggest both card payment mode but also sepa, ...)
 
    print '
    <table id="dolpaymenttable" summary="Payment form" class="center centpercent">
    <tbody><tr><td class="textpublicpayment">';
 
    if (getDolGlobalString('STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION')) {
      print '<div id="payment-request-button"><!-- A Stripe Element will be inserted here. --></div>';
    }
 
    print '<div class="form-row '.(getDolGlobalInt('STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION') == 2 ? 'center' : 'left').'">';
    if (getDolGlobalInt('STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION') == 1) {
      print '<label for="card-element">'.$langs->trans("CreditOrDebitCard").'</label>';
      print '<br><input id="cardholder-name" class="marginbottomonly" name="cardholder-name" value="" type="text" placeholder="'.$langs->trans("CardOwner").'" autocomplete="off" autofocus required>';
    }
 
    if (getDolGlobalInt('STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION') == 1) {
      print '<div id="card-element">
      <!-- a Stripe Element will be inserted here. -->
      </div>';
    }
    if (getDolGlobalInt('STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION') == 2) {
      print '<div id="payment-element">
      <!-- a Stripe Element will be inserted here. -->
      </div>';
    }
 
    print '<!-- Used to display form errors -->
    <div id="card-errors" role="alert"></div>
    </div>';
 
    print '<br>';
    print '<button class="button buttonpayment" style="text-align: center; padding-left: 0; padding-right: 0;" id="buttontopay" data-secret="'.(is_object($paymentintent) ? $paymentintent->client_secret : '').'">'.$langs->trans("ValidatePayment").'</button>';
    print '<img id="hourglasstopay" class="hidden" src="'.DOL_URL_ROOT.'/theme/'.$conf->theme.'/img/working.gif">';
 
    print '</td></tr></tbody>';
    print '</table>';
    //}
 
    if (getDolGlobalString('STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION')) {
      if (empty($paymentintent)) {
        print '<center>'.$langs->trans("Error").' - Failed to get PaymentIntent</center>';
      } else {
        print '<input type="hidden" name="paymentintent_id" value="'.$paymentintent->id.'">';
        //$_SESSION["paymentintent_id"] = $paymentintent->id;
      }
    }
 
    print '</form>'."\n";
 
 
    // JS Code for Stripe
    if (empty($stripearrayofkeys['publishable_key'])) {
      $langs->load("errors");
      print info_admin($langs->trans("ErrorModuleSetupNotComplete", $langs->transnoentitiesnoconv("Stripe")), 0, 0, 'error');
    } else {
      print '<!-- JS Code for Stripe components -->';
      print '<script src="https://js.stripe.com/v3/"></script>'."\n";
      print '<!-- urllogofull = '.$urllogofull.' -->'."\n";
 
      // Code to ask the credit card. This use the default "API version". No way to force API version when using JS code.
      print '<script type="text/javascript">'."\n";
 
      if (getDolGlobalString('STRIPE_USE_NEW_CHECKOUT')) {
        $amountstripe = $amount;
 
        // Correct the amount according to unit of currency
        // See https://support.stripe.com/questions/which-zero-decimal-currencies-does-stripe-support
        $arrayzerounitcurrency = array('BIF', 'CLP', 'DJF', 'GNF', 'JPY', 'KMF', 'KRW', 'MGA', 'PYG', 'RWF', 'VND', 'VUV', 'XAF', 'XOF', 'XPF');
        if (!in_array($currency, $arrayzerounitcurrency)) {
          $amountstripe *= 100;
        }
 
        $ipaddress = getUserRemoteIP();
        $metadata = array('dol_version' => DOL_VERSION, 'dol_entity' => $conf->entity, 'ipaddress' => $ipaddress);
        if (is_object($object)) {
          $metadata['dol_type'] = $object->element;
          $metadata['dol_id'] = $object->id;
 
          $ref = $object->ref;
        }
 
        try {
          $arrayforpaymentintent = array(
            'description' => 'Stripe payment: '.$FULLTAG.($ref ? ' ref='.$ref : ''),
            "metadata" => $metadata
          );
          if ($TAG) {
            $arrayforpaymentintent["statement_descriptor"] = dol_trunc($TAG, 10, 'right', 'UTF-8', 1); // 22 chars that appears on bank receipt (company + description)
          }
 
          $arrayforcheckout = array(
            'payment_method_types' => array('card'),
            'line_items' => array(array(
              'price_data' => array(
                'currency' => $currency,
                'unit_amount' => $amountstripe,
                'product_data' => array(
                  'name' => $langs->transnoentitiesnoconv("Payment").' '.$TAG, // Label of product line
                  'description' => 'Stripe payment: '.$FULLTAG.($ref ? ' ref='.$ref : ''),
                  //'images' => array($urllogofull),
                ),
              ),
              'quantity' => 1,
            )),
            'mode' => 'payment',
            'client_reference_id' => $FULLTAG,
            'success_url' => $urlok,
            'cancel_url' => $urlko,
            'payment_intent_data' => $arrayforpaymentintent
          );
          if ($stripecu) {
            $arrayforcheckout['customer'] = $stripecu;
          } elseif (GETPOST('email', 'alpha') && isValidEmail(GETPOST('email', 'alpha'))) {
            $arrayforcheckout['customer_email'] = GETPOST('email', 'alpha');
          }
          $sessionstripe = \Stripe\Checkout\Session::create($arrayforcheckout);
 
          $remoteip = getUserRemoteIP();
 
          // Save some data for the paymentok
          $_SESSION["currencyCodeType"] = $currency;
          $_SESSION["paymentType"] = '';
          $_SESSION["FinalPaymentAmt"] = $amount;
          $_SESSION['ipaddress'] = ($remoteip ? $remoteip : 'unknown'); // Payer ip
          $_SESSION['payerID'] = is_object($stripecu) ? $stripecu->id : '';
          $_SESSION['TRANSACTIONID'] = $sessionstripe->id;
        } catch (Exception $e) {
          print $e->getMessage();
        } ?>
         // Code for payment with option STRIPE_USE_NEW_CHECKOUT set
 
      // Create a Stripe client.
        <?php
        if (empty($stripeacc)) {
          ?>
      var stripe = Stripe('<?php echo $stripearrayofkeys['publishable_key']; // Defined into config.php?>');
          <?php
        } else {
          ?>
      var stripe = Stripe('<?php echo $stripearrayofkeys['publishable_key']; // Defined into config.php?>', { stripeAccount: '<?php echo $stripeacc; ?>' });
          <?php
        } ?>
 
      // Create an instance of Elements
      var elements = stripe.elements();
 
      // Custom styling can be passed to options when creating an Element.
      // (Note that this demo uses a wider set of styles than the guide below.)
      var style = {
        base: {
        color: '#32325d',
        lineHeight: '24px',
        fontFamily: '"Helvetica Neue", Helvetica, sans-serif',
        fontSmoothing: 'antialiased',
        fontSize: '16px',
        '::placeholder': {
          color: '#aab7c4'
        }
        },
        invalid: {
        color: '#fa755a',
        iconColor: '#fa755a'
        }
      }
 
      var cardElement = elements.create('card', {style: style});
 
      // Comment this to avoid the redirect
      stripe.redirectToCheckout({
        // Make the id field from the Checkout Session creation API response
        // available to this file, so you can provide it as parameter here
        // instead of the {{CHECKOUT_SESSION_ID}} placeholder.
        sessionId: '<?php print $sessionstripe->id; ?>'
      }).then(function (result) {
        // If `redirectToCheckout` fails due to a browser or network
        // error, display the localized error message to your customer
        // using `result.error.message`.
      });
 
 
        <?php
      } elseif (getDolGlobalString('STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION')) {
        ?>
      // Code for payment with option STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION set to 1 or 2
 
      // Create a Stripe client.
        <?php
        if (empty($stripeacc)) {
          ?>
      var stripe = Stripe('<?php echo $stripearrayofkeys['publishable_key']; // Defined into config.php?>');
          <?php
        } else {
          ?>
      var stripe = Stripe('<?php echo $stripearrayofkeys['publishable_key']; // Defined into config.php?>', { stripeAccount: '<?php echo $stripeacc; ?>' });
          <?php
        } ?>
 
        <?php
        if (getDolGlobalInt('STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION') == 2) {
          ?>
      var cardButton = document.getElementById('buttontopay');
      var clientSecret = cardButton.dataset.secret;
      var options = { clientSecret: clientSecret };
 
      // Create an instance of Elements
      var elements = stripe.elements(options);
          <?php
        } else {
          ?>
      // Create an instance of Elements
      var elements = stripe.elements();
          <?php
        } ?>
 
      // Custom styling can be passed to options when creating an Element.
      // (Note that this demo uses a wider set of styles than the guide below.)
      var style = {
        base: {
        color: '#32325d',
        lineHeight: '24px',
        fontFamily: '"Helvetica Neue", Helvetica, sans-serif',
        fontSmoothing: 'antialiased',
        fontSize: '16px',
        '::placeholder': {
          color: '#aab7c4'
        }
        },
        invalid: {
        color: '#fa755a',
        iconColor: '#fa755a'
        }
      }
 
        <?php
        if (getDolGlobalInt('STRIPE_USE_INTENT_WITH_AUTOMATIC_CONFIRMATION') == 2) {
          ?>
      var paymentElement = elements.create("payment");
 
      // Add an instance of the card Element into the `card-element` <div>
      paymentElement.mount("#payment-element");
 
      // Handle form submission
      var cardButton = document.getElementById('buttontopay');
 
      cardButton.addEventListener('click', function(event) {
        console.log("We click on buttontopay");
        event.preventDefault();
 
          /* Disable button to pay and show hourglass cursor */
          jQuery('#hourglasstopay').show();
          jQuery('#buttontopay').hide();
 
          stripe.confirmPayment({
            elements,confirmParams: {
            return_url: '<?php echo $urlok; ?>',
            payment_method_data: {
              billing_details: {
                name: 'test'
                <?php if (GETPOST('email', 'alpha') || (is_object($object) && is_object($object->thirdparty) && !empty($object->thirdparty->email))) {
                  ?>, email: '<?php echo dol_escape_js(GETPOST('email', 'alpha') ? GETPOST('email', 'alpha') : $object->thirdparty->email); ?>'<?php
                } ?>
                <?php if (is_object($object) && is_object($object->thirdparty) && !empty($object->thirdparty->phone)) {
                  ?>, phone: '<?php echo dol_escape_js($object->thirdparty->phone); ?>'<?php
                } ?>
                <?php if (is_object($object) && is_object($object->thirdparty)) {
                  ?>, address: {
                  city: '<?php echo dol_escape_js($object->thirdparty->town); ?>',
                  <?php if ($object->thirdparty->country_code) {
                    ?>country: '<?php echo dol_escape_js($object->thirdparty->country_code); ?>',<?php
                  } ?>
                  line1: '<?php echo dol_escape_js(preg_replace('/\s\s+/', ' ', $object->thirdparty->address)); ?>',
                  postal_code: '<?php echo dol_escape_js($object->thirdparty->zip); ?>'
                  }
                  <?php
                } ?>
              }
              },
              save_payment_method:<?php if ($stripecu) {
                print 'true';
                        } else {
                          print 'false';
                        } ?>  /* true when a customer was provided when creating payment intent. true ask to save the card */
            },
          }
          ).then(function(result) {
            console.log(result);
            if (result.error) {
              console.log("Error on result of handleCardPayment");
              jQuery('#buttontopay').show();
              jQuery('#hourglasstopay').hide();
              // Inform the user if there was an error
              var errorElement = document.getElementById('card-errors');
              console.log(result);
              errorElement.textContent = result.error.message;
            } else {
              // The payment has succeeded. Display a success message.
              console.log("No error on result of handleCardPayment, so we submit the form");
              // Submit the form
              jQuery('#buttontopay').hide();
              jQuery('#hourglasstopay').show();
              // Send form (action=charge that will do nothing)
              jQuery('#payment-form').submit();
            }
          });
 
      });
          <?php
        } else {
          ?>
      var cardElement = elements.create('card', {style: style});
 
      // Add an instance of the card Element into the `card-element` <div>
      cardElement.mount('#card-element');
 
      // Handle real-time validation errors from the card Element.
      cardElement.addEventListener('change', function(event) {
        var displayError = document.getElementById('card-errors');
          if (event.error) {
            console.log("Show event error (like 'Incorrect card number', ...)");
          displayError.textContent = event.error.message;
          } else {
            console.log("Reset error message");
          displayError.textContent = '';
          }
      });
 
      // Handle form submission
      var cardholderName = document.getElementById('cardholder-name');
      var cardButton = document.getElementById('buttontopay');
      var clientSecret = cardButton.dataset.secret;
 
      cardButton.addEventListener('click', function(event) {
        console.log("We click on buttontopay");
        event.preventDefault();
 
        if (cardholderName.value == '')
        {
          console.log("Field Card holder is empty");
          var displayError = document.getElementById('card-errors');
          displayError.textContent = '<?php print dol_escape_js($langs->trans("ErrorFieldRequired", $langs->transnoentitiesnoconv("CardOwner"))); ?>';
        }
        else
        {
          /* Disable button to pay and show hourglass cursor */
          jQuery('#hourglasstopay').show();
          jQuery('#buttontopay').hide();
 
          stripe.handleCardPayment(
          clientSecret, cardElement, {
            payment_method_data: {
              billing_details: {
                name: cardholderName.value
                <?php if (GETPOST('email', 'alpha') || (is_object($object) && is_object($object->thirdparty) && !empty($object->thirdparty->email))) {
                  ?>, email: '<?php echo dol_escape_js(GETPOST('email', 'alpha') ? GETPOST('email', 'alpha') : $object->thirdparty->email); ?>'<?php
                } ?>
                <?php if (is_object($object) && is_object($object->thirdparty) && !empty($object->thirdparty->phone)) {
                  ?>, phone: '<?php echo dol_escape_js($object->thirdparty->phone); ?>'<?php
                } ?>
                <?php if (is_object($object) && is_object($object->thirdparty)) {
                  ?>, address: {
                  city: '<?php echo dol_escape_js($object->thirdparty->town); ?>',
                  <?php if ($object->thirdparty->country_code) {
                    ?>country: '<?php echo dol_escape_js($object->thirdparty->country_code); ?>',<?php
                  } ?>
                  line1: '<?php echo dol_escape_js(preg_replace('/\s\s+/', ' ', $object->thirdparty->address)); ?>',
                  postal_code: '<?php echo dol_escape_js($object->thirdparty->zip); ?>'
                  }
                  <?php
                } ?>
              }
              },
              save_payment_method:<?php if ($stripecu) {
                print 'true';
                        } else {
                          print 'false';
                        } ?>  /* true when a customer was provided when creating payment intent. true ask to save the card */
          }
          ).then(function(result) {
            console.log(result);
            if (result.error) {
              console.log("Error on result of handleCardPayment");
              jQuery('#buttontopay').show();
              jQuery('#hourglasstopay').hide();
              // Inform the user if there was an error
              var errorElement = document.getElementById('card-errors');
              errorElement.textContent = result.error.message;
            } else {
              // The payment has succeeded. Display a success message.
              console.log("No error on result of handleCardPayment, so we submit the form");
              // Submit the form
              jQuery('#buttontopay').hide();
              jQuery('#hourglasstopay').show();
              // Send form (action=charge that will do nothing)
              jQuery('#payment-form').submit();
            }
          });
        }
      });
          <?php
        } ?>
 
        <?php
      }
 
      print '</script>';
    }
  }
 
  // For any other payment services
  // This hook can be used to show the embedded form to make payments with external payment modules (ie Payzen, ...)
  $parameters = [
    'paymentmethod' => $paymentmethod,
    'amount' => $amount,
    'currency' => $currency,
    'tag' => GETPOST("tag", 'alpha'),
    'dopayment' => GETPOST('dopayment', 'alpha')
  ];
  // @phan-suppress-next-line PhanTypeMismatchArgumentNullable
  $reshook = $hookmanager->executeHooks('doPayment', $parameters, $object, $action);
  if ($reshook < 0) {
    setEventMessages($hookmanager->error, $hookmanager->errors, 'errors');
  } elseif ($reshook > 0) {
    print $hookmanager->resPrint;
  }
}
 
if (!$ws) {
  htmlPrintOnlineFooter($mysoc, $langs, 1, $suffix, $object);
}
 
llxFooter('', 'public');
 
$db->close();