From d9e251f9be86acc6236203d97fc0fa33b68b75bb Mon Sep 17 00:00:00 2001
From: Lalit Kumar <lalit3.kumar@paytm.com>
Date: Fri, 2 Nov 2018 14:42:33 +0530
Subject: [PATCH] CURL check added and minor improvements

---
 Readme.txt                                    |   2 +-
 WPeCommerce (v3.11.x)/encdec_paytm.php        | 226 -----------
 WPeCommerce (v3.11.x)/paytm.php               | 361 +++++++++++-------
 WPeCommerce (v3.11.x)/paytm/encdec_paytm.php  | 183 +++++++++
 WPeCommerce (v3.11.x)/paytm/paytm_version.txt |   1 +
 WPeCommerce (v3.11.x)/paytm_version.txt       |   1 -
 6 files changed, 415 insertions(+), 359 deletions(-)
 delete mode 100644 WPeCommerce (v3.11.x)/encdec_paytm.php
 mode change 100644 => 100755 WPeCommerce (v3.11.x)/paytm.php
 create mode 100755 WPeCommerce (v3.11.x)/paytm/encdec_paytm.php
 create mode 100755 WPeCommerce (v3.11.x)/paytm/paytm_version.txt
 delete mode 100644 WPeCommerce (v3.11.x)/paytm_version.txt

diff --git a/Readme.txt b/Readme.txt
index caac04b..93f634b 100644
--- a/Readme.txt
+++ b/Readme.txt
@@ -10,7 +10,7 @@ The aim of this document is to explain the procedure of installation and configu
 Installation and Configuration
 
 - Unzip the Paytm module files
-- Copy the file "paytm.php", "encdec_paytm.php", and "paytm_version.txt" to your WordPress installation in this folder: /wp-content/plugins/wp-e-commerce/wpsc-merchants/
+- Copy the file "paytm.php" and "paytm" folder to your WordPress installation in this folder: /wp-content/plugins/wp-e-commerce/wpsc-merchants/
 - Log in to your WordPress administration
 - Go to Settings -> Store
 - Choose Payments at the top of the screen, and tick off Paytm. Press "Update" to save the settings.
diff --git a/WPeCommerce (v3.11.x)/encdec_paytm.php b/WPeCommerce (v3.11.x)/encdec_paytm.php
deleted file mode 100644
index daf6d3c..0000000
--- a/WPeCommerce (v3.11.x)/encdec_paytm.php	
+++ /dev/null
@@ -1,226 +0,0 @@
-<?php
-
-function encrypt_e($input, $ky) {
-    $key   = html_entity_decode($ky);
-    $iv = "@@@@&&&&####$$$$";
-    $data = openssl_encrypt ( $input , "AES-128-CBC" , $key, 0, $iv );
-    return $data;
-}
-
-function decrypt_e($crypt, $ky) {
-    $key   = html_entity_decode($ky);
-    $iv = "@@@@&&&&####$$$$";
-    $data = openssl_decrypt ( $crypt , "AES-128-CBC" , $key, 0, $iv );
-    return $data;
-}
-
-function pkcs5_pad_e($text, $blocksize)
-{
-    $pad = $blocksize - (strlen($text) % $blocksize);
-    return $text . str_repeat(chr($pad), $pad);
-}
-
-function pkcs5_unpad_e($text)
-{
-    $pad = ord($text{strlen($text) - 1});
-    if ($pad > strlen($text))
-        return false;
-    return substr($text, 0, -1 * $pad);
-}
-
-function generateSalt_e($length)
-{
-    $random = "";
-    srand((double) microtime() * 1000000);
-    
-    $data = "AbcDE123IJKLMN67QRSTUVWXYZ";
-    $data .= "aBCdefghijklmn123opq45rs67tuv89wxyz";
-    $data .= "0FGH45OP89";
-    
-    for ($i = 0; $i < $length; $i++) {
-        $random .= substr($data, (rand() % (strlen($data))), 1);
-    }
-    
-    return $random;
-}
-
-function checkString_e($value)
-{
-    $myvalue = ltrim($value);
-    $myvalue = rtrim($myvalue);
-    if ($myvalue == 'null')
-        $myvalue = '';
-    return $myvalue;
-}
-
-function getChecksumFromArray($arrayList, $key, $sort = 1)
-{
-    if ($sort != 0) {
-        ksort($arrayList);
-    }
-    $str         = getArray2Str($arrayList);
-    $salt        = generateSalt_e(4);
-    $finalString = $str . "|" . $salt;
-    $hash        = hash("sha256", $finalString);
-    $hashString  = $hash . $salt;
-    $checksum    = encrypt_e($hashString, $key);
-    return $checksum;
-}
-
-function verifychecksum_e($arrayList, $key, $checksumvalue)
-{
-    $arrayList = removeCheckSumParam($arrayList);
-    ksort($arrayList);
-    $str        = getArray2StrForVerify($arrayList);
-    $paytm_hash = decrypt_e($checksumvalue, $key);
-    $salt       = substr($paytm_hash, -4);
-    
-    $finalString = $str . "|" . $salt;
-    
-    $website_hash = hash("sha256", $finalString);
-    $website_hash .= $salt;
-    
-    $validFlag = "FALSE";
-    if ($website_hash == $paytm_hash) {
-        $validFlag = "TRUE";
-    } else {
-        $validFlag = "FALSE";
-    }
-    return $validFlag;
-}
-
-function getArray2Str($arrayList) {
-	$findme   = 'REFUND';
-	$findmepipe = '|';
-	$paramStr = "";
-	$flag = 1;	
-	foreach ($arrayList as $key => $value) {
-		$pos = strpos($value, $findme);
-		$pospipe = strpos($value, $findmepipe);
-		if ($pos !== false || $pospipe !== false) 
-		{
-			continue;
-		}
-		
-		if ($flag) {
-			$paramStr .= checkString_e($value);
-			$flag = 0;
-		} else {
-			$paramStr .= "|" . checkString_e($value);
-		}
-	}
-	return $paramStr;
-}
-
-function getArray2StrForVerify($arrayList) {
-	$paramStr = "";
-	$flag = 1;
-	foreach ($arrayList as $key => $value) {
-		if ($flag) {
-			$paramStr .= checkString_e($value);
-			$flag = 0;
-		} else {
-			$paramStr .= "|" . checkString_e($value);
-		}
-	}
-	return $paramStr;
-}
-
-function redirect2PG($paramList, $key)
-{
-    $hashString = getchecksumFromArray($paramList);
-    $checksum   = encrypt_e($hashString, $key);
-}
-
-function removeCheckSumParam($arrayList)
-{
-    if (isset($arrayList["CHECKSUMHASH"])) {
-        unset($arrayList["CHECKSUMHASH"]);
-    }
-    return $arrayList;
-}
-
-function getTxnStatus($requestParamList)
-{
-    return callAPI(PAYTM_STATUS_QUERY_URL, $requestParamList);
-}
-
-function initiateTxnRefund($requestParamList)
-{
-    $CHECKSUM                     = getChecksumFromArray($requestParamList, PAYTM_MERCHANT_KEY, 0);
-    $requestParamList["CHECKSUM"] = $CHECKSUM;
-    return callAPI(PAYTM_REFUND_URL, $requestParamList);
-}
-
-function callAPI($apiURL, $requestParamList)
-{
-    $jsonResponse      = "";
-    $responseParamList = array();
-    $JsonData          = json_encode($requestParamList);
-    $postData          = 'JsonData=' . urlencode($JsonData);
-    $ch                = curl_init($apiURL);
-    curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");
-    curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);
-    curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
-    curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 0);
-    curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0);
-    curl_setopt($ch, CURLOPT_HTTPHEADER, array(
-        'Content-Type: application/json',
-        'Content-Length: ' . strlen($postData)
-    ));
-    $jsonResponse      = curl_exec($ch);
-    $responseParamList = json_decode($jsonResponse, true);
-    return $responseParamList;
-}
-
-function sanitizedParam($param)
-{
-    $pattern[0]     = "%,%";
-    $pattern[1]     = "%#%";
-    $pattern[2]     = "%\(%";
-    $pattern[3]     = "%\)%";
-    $pattern[4]     = "%\{%";
-    $pattern[5]     = "%\}%";
-    $pattern[6]     = "%<%";
-    $pattern[7]     = "%>%";
-    $pattern[8]     = "%`%";
-    $pattern[9]     = "%!%";
-    $pattern[10]    = "%\\$%";
-    $pattern[11]    = "%\%%";
-    $pattern[12]    = "%\^%";
-    $pattern[13]    = "%=%";
-    $pattern[14]    = "%\+%";
-    $pattern[15]    = "%\|%";
-    $pattern[16]    = "%\\\%";
-    $pattern[17]    = "%:%";
-    $pattern[18]    = "%'%";
-    $pattern[19]    = "%\"%";
-    $pattern[20]    = "%;%";
-    $pattern[21]    = "%~%";
-    $pattern[22]    = "%\[%";
-    $pattern[23]    = "%\]%";
-    $pattern[24]    = "%\*%";
-    $pattern[25]    = "%&%";
-    $sanitizedParam = preg_replace($pattern, "", $param);
-    return $sanitizedParam;
-}
-
-function callNewAPI($apiURL, $requestParamList) {
-	$jsonResponse = "";
-	$responseParamList = array();
-	$JsonData =json_encode($requestParamList);
-	$postData = 'JsonData='.urlencode($JsonData);
-	$ch = curl_init($apiURL);
-	curl_setopt($ch, CURLOPT_CUSTOMREQUEST, "POST");                                                                     
-	curl_setopt($ch, CURLOPT_POSTFIELDS, $postData);                                                                  
-	curl_setopt($ch, CURLOPT_RETURNTRANSFER, true); 
-	curl_setopt ($ch, CURLOPT_SSL_VERIFYHOST, 0);
-	curl_setopt ($ch, CURLOPT_SSL_VERIFYPEER, 0);
-	curl_setopt($ch, CURLOPT_HTTPHEADER, array(                                                                         
-	'Content-Type: application/json', 
-	'Content-Length: ' . strlen($postData))                                                                       
-	);  
-	$jsonResponse = curl_exec($ch);   
-	$responseParamList = json_decode($jsonResponse,true);
-	return $responseParamList;
-}
diff --git a/WPeCommerce (v3.11.x)/paytm.php b/WPeCommerce (v3.11.x)/paytm.php
old mode 100644
new mode 100755
index f57bd9e..90d2e82
--- a/WPeCommerce (v3.11.x)/paytm.php	
+++ b/WPeCommerce (v3.11.x)/paytm.php	
@@ -8,95 +8,68 @@
   * This is the gateway variable $nzshpcrt_gateways, it is used for displaying gateway information on the wp-admin pages and also
   * for internal operations.
   */
-include_once('encdec_paytm.php');
+include_once('paytm/encdec_paytm.php');
 $nzshpcrt_gateways[$num] = array(
-	'name' =>  __( 'Paytm Payment Solutions', 'wpsc' ),
-	'api_version' => 2.0,
-	'class_name' => 'wpsc_merchant_paytm',
+	'name' 					=>  __( 'Paytm Payment Solutions', 'wpsc' ),
+	'api_version' 			=> 2.0,
+	'class_name' 			=> 'wpsc_merchant_paytm',
 	'has_recurring_billing' => false,
-	'wp_admin_cannot_cancel' => true,
-	'display_name' => __( 'Paytm', 'wpsc' ),
-	'internalname' => 'wpsc_merchant_paytm',
-	'form' => 'form_paytm',
-	'submit_function' => 'submit_paytm',
-	'payment_type' => 'paytm'
+	'wp_admin_cannot_cancel'=> true,
+	'display_name' 			=> __( 'Paytm', 'wpsc' ),
+	'internalname' 			=> 'wpsc_merchant_paytm',
+	'form' 					=> 'form_paytm',
+	'submit_function' 		=> 'submit_paytm',
+	'payment_type' 			=> 'paytm'
 );
 
+
+function getDefaultCallbackUrl(){
+	global $wpdb, $wpsc_gateways;
+	return add_query_arg('gateway', 'wpsc_merchant_paytm', add_query_arg('wpsc_action', 'gateway_notification', site_url('/')));
+}
+
 class wpsc_merchant_paytm extends wpsc_merchant
 {
 	function submit()
 	{		
 		$parameters = array();
-		$transact_url = get_option('transact_url');
-		if(get_option('permalink_structure') != '')
-			$separator ="?";
-		else
-			$separator ="&";
-		//echo "<pre>"; print_r($this->cart_data); die;
+		$paytm_transact_url = get_option('paytm_transact_url');
+
+		// $this->purchase_id = "TEST_".strtotime("now")."_ORDERID-".$this->purchase_id; // just for testing
+
 		$post_variables = array(
-			"MID" => get_option('paytm_merchantid'),
-			"ORDER_ID" => $this->purchase_id,
-			"CUST_ID" => $this->cart_data['email_address'],
-			"TXN_AMOUNT" => $this->cart_data["total_price"],
-			"CHANNEL_ID" => get_option('paytm_channelid'),
-			"INDUSTRY_TYPE_ID" => get_option('paytm_industrytype'),
-			"WEBSITE" => get_option('paytm_website'),	
-			"MERC_UNQ_REF" => $this->cart_data["session_id"],
-		);
-		if(get_option('paytm_callback')=='1')
-		{
-			$post_variables['CALLBACK_URL'] = add_query_arg('gateway', 'wpsc_merchant_paytm', $this->cart_data['notification_url']);
-		}
-		
-		$secret_key = get_option('paytm_merchantkey');
-		$checksum = getChecksumFromArray($post_variables, $secret_key);
-		$amt = $this->cart_data["total_price"];
-		$call = add_query_arg('gateway', 'wpsc_merchant_paytm', $this->cart_data['notification_url']);
-		$paytm_args_array = array();
-		$paytm_args_array[] = "<input type='hidden' name='MID' value='".  get_option('paytm_merchantid') ."'/>";
-		$paytm_args_array[] = "<input type='hidden' name='ORDER_ID' value='". $this->purchase_id ."'/>";
-		$paytm_args_array[] = "<input type='hidden' name='WEBSITE' value='". get_option('paytm_website') ."'/>";
-		$paytm_args_array[] = "<input type='hidden' name='INDUSTRY_TYPE_ID' value='". get_option('paytm_industrytype') ."'/>";
-		$paytm_args_array[] = "<input type='hidden' name='CHANNEL_ID' value='". get_option('paytm_channelid') ."'/>";
-		$paytm_args_array[] = "<input type='hidden' name='TXN_AMOUNT' value='". $amt ."'/>";
-		$paytm_args_array[] = "<input type='hidden' name='CUST_ID' value='". $this->cart_data['email_address'] ."'/>";
-		$paytm_args_array[] = "<input type='hidden' name='MERC_UNQ_REF' value='". $this->cart_data['session_id'] ."'/>";
-		
-		if(get_option('paytm_callback')=='1')
-		{
-			$paytm_args_array[] = "<input type='hidden' name='CALLBACK_URL' value='". $call ."'/>";
+							"MID" 				=> get_option('paytm_merchantid'),
+							"ORDER_ID" 			=> $this->purchase_id,
+							"CUST_ID" 			=> $this->cart_data['email_address'],
+							"TXN_AMOUNT" 		=> $this->cart_data["total_price"],
+							"CHANNEL_ID" 		=> get_option('paytm_channelid'),
+							"INDUSTRY_TYPE_ID" 	=> get_option('paytm_industrytype'),
+							"WEBSITE" 			=> get_option('paytm_website'),	
+							"MERC_UNQ_REF" 		=> $this->cart_data["session_id"],
+							"CALLBACK_URL" 		=> get_option('paytm_callback_url'),
+						);
+
+		$secret_key 	= get_option('paytm_merchantkey');
+		$checksum 		= PaytmPayment::getChecksumFromArray($post_variables, $secret_key);
+					
+		$paytm_args_html = '';
+
+		foreach ($post_variables as $post_key =>  $post_value) {
+			$paytm_args_html .= "<input type='hidden' name='".$post_key."' value='". $post_value ."'/>";
 		}
 		
+		$paytm_args_html .= "<input type='hidden' name='CHECKSUMHASH' value='". $checksum ."'/>";
 
-		
-		$paytm_args_array[] = "<input type='hidden' name='txnDate' value='". date('Y-m-d H:i:s') ."'/>";
-		$paytm_args_array[] = "<input type='hidden' name='CHECKSUMHASH' value='". $checksum ."'/>";
-		/*	19751/17Jan2018	*/
-			/*if(get_option('paytm_mode')=='0') {
-				$gateway_url = 'https://pguat.paytm.com/oltp-web/processTransaction';
-			} else {
-				$gateway_url = 'https://secure.paytm.in/oltp-web/processTransaction';
-			}*/
 
-			/*if(get_option('paytm_mode')=='0') {
-				$gateway_url = 'https://securegw-stage.paytm.in/theia/processTransaction';
-			} else {
-				$gateway_url = 'https://securegw.paytm.in/theia/processTransaction';
-			}*/
-			$gateway_url = get_option('transact_url');
-		/*	19751/17Jan2018 end	*/
-		//status_header(302);
-		//wp_redirect("https://pguat.paytm.com/oltp-web/processTransaction" . implode("", array_values($paytm_args_array)));
-		//exit;
-
-		echo '<form action="'.$gateway_url.'" method="post" id="paytm_payment_form" name="f1">
-						' . implode('', $paytm_args_array) . '
-						<input type="submit" class="button-alt" id="submit_paytm_payment_form" value="'.__('Pay via paytm').'" /> <a class="button cancel" href="'.get_option('shopping_cart_url').'">'.__('Cancel order &amp; restore cart').'</a>
+		echo '<center><h1>Please do not refresh this page...</h1></center><form action="'.$paytm_transact_url.'" method="post" id="paytm_payment_form" name="f1" style="display:none;">
+						' . $paytm_args_html . '
+						<input type="submit" class="button-alt" id="submit_paytm_payment_form" value="'.__('Pay via paytm').'" /> <a class="button cancel" href="'.get_option('shopping_cart_url').'">'.__('Cancel order & restore cart').'</a>
 						
 							<script type="text/javascript">
 								document.f1.submit();
 							</script>
 						</form>';
+						exit;
 	}
 	
 	function parse_gateway_notification() {
@@ -104,108 +77,122 @@ function parse_gateway_notification() {
 		
 		//echo "<pre>"; print_r($this->cart_data);print_r($_GET);print_r($this); print_r($_POST); die;
 		//$transact_url = get_option('transact_url');
-		$this->purchase_id = $_POST['ORDERID'];		
-		$paytmChecksum = "";
-		$paramList = array();
-		$isValidChecksum = "FALSE";
-		$transact_url = get_option('transact_url');
+		$this->purchase_id 	= sanitize_text_field($_POST['ORDERID']);
+
+		// $this->purchase_id = substr($this->purchase_id, strpos($this->purchase_id, "-") + 1); // just for testing	
+
+		$paytmChecksum 		= "";
+		$paramList 			= array();
+		$isValidChecksum 	= "FALSE";
+		$transact_url 		= get_option('paytm_transact_url');
 		//$accepturl = $transact_url.$separator."sessionid=".$_POST["MERC_UNQ_REF"]."&gateway=paytm";
 
-		$paramList = $_POST;	
-		$paytmChecksum = isset($_POST["CHECKSUMHASH"]) ? $_POST["CHECKSUMHASH"] : ""; 
+		$paramList 			= array_map('sanitize_text_field', $_POST);
+		$paytmChecksum 		= isset($_POST["CHECKSUMHASH"]) ? sanitize_text_field($_POST["CHECKSUMHASH"]) : ""; 
 		
-		$secret_key = get_option('paytm_merchantkey');
+		$secret_key 		= get_option('paytm_merchantkey');
 		
-		$isValidChecksum = verifychecksum_e($paramList, $secret_key, $paytmChecksum); 
+		$isValidChecksum 	= PaytmPayment::verifychecksum_e($paramList, $secret_key, $paytmChecksum); 
 
 		if($isValidChecksum == "TRUE") 
 		{			
-			if ($_POST["STATUS"] == "TXN_SUCCESS" && $_POST["RESPCODE"] == "01") 
+			if (sanitize_text_field($_POST["STATUS"]) == "TXN_SUCCESS" && sanitize_text_field($_POST["RESPCODE"]) == "01") 
 			{
 				// Create an array having all required parameters for status query.
 				$requestParamList = array("MID" => get_option('paytm_merchantid') , "ORDERID" => $this->purchase_id);
+
+				// $requestParamList["ORDERID"] = $_POST["ORDERID"]; // just for testing
 				
-				$StatusCheckSum = getChecksumFromArray($requestParamList, get_option('paytm_merchantkey'));
+				$StatusCheckSum = PaytmPayment::getChecksumFromArray($requestParamList, get_option('paytm_merchantkey'));
 							
 				$requestParamList['CHECKSUMHASH'] = $StatusCheckSum;
 				
-				// Call the PG's getTxnStatus() function for verifying the transaction status.
-				/*	19751/17Jan2018	*/
-					/*if(get_option('paytm_mode')=='0') {
-						$check_status_url = 'https://pguat.paytm.com/oltp/HANDLER_INTERNAL/getTxnStatus';
-					} else {
-						$check_status_url = 'https://secure.paytm.in/oltp/HANDLER_INTERNAL/getTxnStatus';
-					}*/
-
-					/*if(get_option('paytm_mode')=='0') {
-						$check_status_url = 'https://securegw-stage.paytm.in/merchant-status/getTxnStatus';
-					} else {
-						$check_status_url = 'https://securegw.paytm.in/merchant-status/getTxnStatus';
-					}*/
-					$check_status_url = get_option('transaction_status_url');
-				/*	19751/17Jan2018 end	*/
-				$responseParamList = callNewAPI($check_status_url, $requestParamList);				
-				if($responseParamList['STATUS']=='TXN_SUCCESS' && $responseParamList['TXNAMOUNT']==$_POST["TXNAMOUNT"])
+				$check_status_url = get_option('paytm_transact_status_url');
+				$responseParamList = PaytmPayment::callNewAPI($check_status_url, $requestParamList);				
+				if($responseParamList['STATUS']=='TXN_SUCCESS' && $responseParamList['TXNAMOUNT']==sanitize_text_field($_POST["TXNAMOUNT"]))
 				{
 					//$this->set_purchase_processed_by_purchid(3);
-					$this->set_transaction_details($_POST['TXNID'], 3);
+					$this->set_transaction_details(sanitize_text_field($_POST['TXNID']), 3);
 			
 					//echo "OK - " . $_POST["TXNID"];
-					$this->go_to_transaction_results($_POST["MERC_UNQ_REF"]);
+					$this->go_to_transaction_results(sanitize_text_field($_POST["MERC_UNQ_REF"]));
 					//exit();
 				}
 				else{
-					echo "<b>It seems some issue in server to server communication. Kindly connect with administrator.</b>";	
 					$this->set_purchase_processed_by_purchid(6);
-					exit();
+
+					$message = 'It seems some issue in server to server communication. Kindly connect with administrator.';
+					redirect_checkout_page($message);
 				}
 			}
 			else 
 			{				
-				echo '<p style="font-size: 14px;color:#b94a48;background: #f2dede;border-radius: 3px;padding:8px">Oops! Your transaction get failed due to ' . $_POST["RESPMSG"]. '</p>';
 				$this->set_purchase_processed_by_purchid(6);
-				wp_redirect($transact_url);
+
+				$message = 'Oops! Your transaction get failed due to ' . sanitize_text_field($_POST["RESPMSG"]);
+				redirect_checkout_page($message);
 			}
 		}
 		else 
 		{
-			echo "<b>Security Error. Illegal access detected. Checksum mismatched.</b>";	
 			$this->set_purchase_processed_by_purchid(6);
-			exit();
+
+			$message = 'Security Error. Illegal access detected. Checksum mismatched.';
+			redirect_checkout_page($message);
 		}		
 	}
 	
 	
 }
 
+function redirect_checkout_page($message = ''){
+	if(empty($message)) return ;
+	$shopping_cart_url = get_option('shopping_cart_url');
+	$shopping_cart_url.= (strpos($shopping_cart_url,'?')!==false) ? '&' : '?';
+	$shopping_cart_url.='paytm_error='.urlencode($message);
+
+	wp_redirect($shopping_cart_url);
+	exit;
+}
+
+function paytm_error_msg($content){
+	if(!empty($_GET['paytm_error'])){
+		$content = '<style>.alert{ padding: 15px;margin-bottom: 20px;border: 1px solid transparent;    border-radius: 4px;} .alert-danger{    color: #a94442;background-color: #f2dede;border-color: #ebccd1;}</style><div class="paytm_error"><p class="alert alert-danger">'. $_GET['paytm_error'] .'</p></div>'.$content;
+	}
+    return $content;
+}
+
+add_filter( 'the_content', 'paytm_error_msg' );
+
 
 function submit_paytm() {
+
 	if(isset($_POST['paytm_merchantkey']))
-		update_option('paytm_merchantkey', $_POST['paytm_merchantkey']);
+		update_option('paytm_merchantkey', sanitize_text_field($_POST['paytm_merchantkey']));
 		
 	if(isset($_POST['paytm_merchantid']))
-		update_option('paytm_merchantid', $_POST['paytm_merchantid']);
+		update_option('paytm_merchantid', sanitize_text_field($_POST['paytm_merchantid']));
 		
 	if(isset($_POST['paytm_industrytype']))
-		update_option('paytm_industrytype', $_POST['paytm_industrytype']);
+		update_option('paytm_industrytype', sanitize_text_field($_POST['paytm_industrytype']));
 		
 	if(isset($_POST['paytm_channelid']))
-		update_option('paytm_channelid', $_POST['paytm_channelid']);
+		update_option('paytm_channelid', sanitize_text_field($_POST['paytm_channelid']));
 		
 	if(isset($_POST['paytm_website']))
-		update_option('paytm_website', $_POST['paytm_website']);
-		
-	/*if(isset($_POST['paytm_mode']))
-		update_option('paytm_mode', $_POST['paytm_mode']);*/
+		update_option('paytm_website', sanitize_text_field($_POST['paytm_website']));
 
-	if(isset($_POST['transact_url']))
-		update_option('transact_url', $_POST['transact_url']);
+	if(isset($_POST['paytm_transact_url']))
+		update_option('paytm_transact_url', esc_url_raw($_POST['paytm_transact_url']));
 
-	if(isset($_POST['transact_status_url']))
-		update_option('transact_status_url', $_POST['transact_status_url']);
+	if(isset($_POST['paytm_transact_status_url']))
+		update_option('paytm_transact_status_url', esc_url_raw($_POST['paytm_transact_status_url']));
 	
 	if(isset($_POST['paytm_callback']))
-		update_option('paytm_callback', $_POST['paytm_callback']);
+		update_option('paytm_callback', sanitize_text_field($_POST['paytm_callback']));
+		
+	if(isset($_POST['paytm_callback_url']))
+		update_option('paytm_callback_url', esc_url_raw($_POST['paytm_callback_url']));
 		
 	return true;
 }
@@ -258,7 +245,7 @@ function form_paytm() {
 		  <td>" . __('Transaction URL', 'wpsc' ) . "
 		  </td>
 		  <td>
-		  <input type='text' size='' value='".get_option('transaction_url')."' name='transaction_url' />
+		  <input type='text' size='' value='".get_option('paytm_transact_url')."' name='paytm_transact_url' />
 		  </td>
 		</tr>
 
@@ -266,7 +253,7 @@ function form_paytm() {
 		  <td>" . __('Transaction Status URL', 'wpsc' ) . "
 		  </td>
 		  <td>
-		  <input type='text' size='' value='".get_option('transaction_status_url')."' name='transaction_status_url' />
+		  <input type='text' size='' value='".get_option('paytm_transact_status_url')."' name='paytm_transact_status_url' />
 		  </td>
 		</tr>
 		
@@ -274,24 +261,136 @@ function form_paytm() {
 		  <td>" . __('Enable Callback URL', 'wpsc' ) . "
 		  </td>
 		  <td>
-  				<input type='radio' name='paytm_callback' value='1' ". (intval(get_option('paytm_callback')) == 1 ? "checked='checked'" : "") ." /> " . __('Yes', 'wpsc' ) . "
-				<input type='radio' name='paytm_callback' value='0' ". (intval(get_option('paytm_callback')) == 0 ? "checked='checked'" : "") ." /> " . __('No', 'wpsc' ) . "
+
+		  	<select name='paytm_callback'>
+		  	<option value='0' ". (intval(get_option('paytm_callback')) == 0 ? "selected='selected'" : "") .">" . __('Disable', 'wpsc' ) . "</option>
+		  	<option value='1' ". (intval(get_option('paytm_callback')) == 1 ? "selected='selected'" : "") .">" . __('Enable', 'wpsc' ) . "</option>
+
+		  	</select>
 		  </td>
 		</tr>
-		
-		
-		";
 
-		/*<tr>
-		  <td>" . __('Enable Live Mode', 'wpsc' ) . "
+		<tr class='callback_url_tr'>
+		  <td>" . __('Callback URL', 'wpsc' ) . "
 		  </td>
 		  <td>
-  				<input type='radio' name='paytm_mode' value='1' ". (intval(get_option('paytm_mode')) == 1 ? "checked='checked'" : "") ." /> " . __('Yes', 'wpsc' ) . "
-				<input type='radio' name='paytm_mode' value='0' ". (intval(get_option('paytm_mode')) == 0 ? "checked='checked'" : "") ." /> " . __('No', 'wpsc' ) . "
+		  <input type='text' size='' value='".get_option('paytm_callback_url')."' name='paytm_callback_url' />
 		  </td>
-		</tr>*/
+		</tr>
+		";
+
+		$last_updated = "";
+		$path = plugin_dir_path( __FILE__ ) . "/paytm/paytm_version.txt";
+		if(file_exists($path)){
+			$handle = fopen($path, "r");
+			if($handle !== false){
+				$date = fread($handle, 10); // i.e. DD-MM-YYYY or 25-04-2018
+				$last_updated = '<p>Last Updated: '. date("d F Y", strtotime($date)) .'</p>';
+			}
+		}
+
+		$output .= '<tr><td align="center" colspan="2">'.$last_updated.'<p>WP eCommerce Version: ' . WPSC_VERSION . ' . ' . WPSC_MINOR_VERSION.'</td></tr>';
 
+		$output .= '<script>
+					var default_callback_url = "'. getDefaultCallbackUrl() .'";
+					function toggleCallbackUrl(){
+						if(jQuery("select[name=\"paytm_callback\"]").val() == "1"){
+							jQuery("input[name=\"paytm_callback_url\"]").prop("readonly", false).parents("tr").removeClass("hidden");
+						} else {
+							jQuery("input[name=\"paytm_callback_url\"]").val(default_callback_url).prop("readonly", true).parents("tr.callback_url_tr").addClass("hidden");
+						}
+					}
+
+					jQuery(document).on("change", "select[name=\"paytm_callback\"]", function(){
+						toggleCallbackUrl();
+					});
+					toggleCallbackUrl();
+
+					// add border around promo code configurations to keep them separate
+					jQuery("select[name=\"paytm_promo_code_status\"]").parents("tr").css("border-top", "1px solid black");
+					
+				</script>';
+
+		
 
   	return $output;
 }
+
+/*
+* Code to test Curl
+*/
+if(isset($_GET['paytm_action']) && $_GET['paytm_action'] == "curltest"){
+	add_action('the_content', 'curltest');
+}
+function curltest($content){
+
+		// phpinfo();exit;
+		$debug = array();
+
+		if(!function_exists("curl_init")){
+			$debug[0]["info"][] = "cURL extension is either not available or disabled. Check phpinfo for more info.";
+
+		// if curl is enable then see if outgoing URLs are blocked or not
+		} else {
+
+			// if any specific URL passed to test for
+			if(isset($_GET["url"]) && $_GET["url"] != ""){
+				$testing_urls = array(esc_url_raw($_GET["url"]));
+			
+			} else {
+
+				// this site homepage URL
+				$server = get_site_url();
+
+				$testing_urls = array(
+										$server,
+										"https://www.gstatic.com/generate_204",
+										get_option('paytm_transact_url')
+									);
+			}
+
+			// loop over all URLs, maintain debug log for each response received
+			foreach($testing_urls as $key=>$url){
+				
+				$url = esc_url_raw($url);
+
+				$debug[$key]["info"][] = "Connecting to <b>" . $url . "</b> using cURL";
+				
+				$response = wp_remote_get($url);
+
+				if ( is_array( $response ) ) {
+
+					$http_code = wp_remote_retrieve_response_code($response);
+					$debug[$key]["info"][] = "cURL executed succcessfully.";
+					$debug[$key]["info"][] = "HTTP Response Code: <b>". $http_code . "</b>";
+
+					// $debug[$key]["content"] = $res;
+
+				} else {
+					$debug[$key]["info"][] = "Connection Failed !!";
+					$debug[$key]["info"][] = "Error: <b>" . $response->get_error_message() . "</b>";
+
+					// $debug[$key]["content"] = $res;
+					break;
+				}
+			}
+		}
+
+		$content = "<center><h1>cURL Test for Paytm - WPeCommerce</h1></center><hr/>";
+		foreach($debug as $k=>$v){
+			$content .= "<ul>";
+			foreach($v["info"] as $info){
+				$content .= "<li>".$info."</li>";
+			}
+			$content .= "</ul>";
+
+			// echo "<div style='display:none;'>" . $v["content"] . "</div>";
+			$content .= "<hr/>";
+		}
+
+		return $content;
+	}
+/*
+* Code to test Curl
+*/
 ?>
diff --git a/WPeCommerce (v3.11.x)/paytm/encdec_paytm.php b/WPeCommerce (v3.11.x)/paytm/encdec_paytm.php
new file mode 100755
index 0000000..78cb368
--- /dev/null
+++ b/WPeCommerce (v3.11.x)/paytm/encdec_paytm.php	
@@ -0,0 +1,183 @@
+<?php
+if (!class_exists('PaytmPayment')) {
+    class PaytmPayment {
+
+        static function encrypt_e($input, $ky) {
+            $key   = html_entity_decode($ky);
+            $iv = "@@@@&&&&####$$$$";
+            $data = openssl_encrypt ( $input , "AES-128-CBC" , $key, 0, $iv );
+            return $data;
+        }
+
+        static function decrypt_e($crypt, $ky) {
+            $key   = html_entity_decode($ky);
+            $iv = "@@@@&&&&####$$$$";
+            $data = openssl_decrypt ( $crypt , "AES-128-CBC" , $key, 0, $iv );
+            return $data;
+        }
+
+        static function pkcs5_pad_e($text, $blocksize) {
+            $pad = $blocksize - (strlen($text) % $blocksize);
+            return $text . str_repeat(chr($pad), $pad);
+        }
+
+        static function pkcs5_unpad_e($text) {
+            $pad = ord($text{strlen($text) - 1});
+            if ($pad > strlen($text))
+                return false;
+            return substr($text, 0, -1 * $pad);
+        }
+
+        static function generateSalt_e($length) {
+            $random = "";
+            srand((double) microtime() * 1000000);
+            
+            $data = "AbcDE123IJKLMN67QRSTUVWXYZ";
+            $data .= "aBCdefghijklmn123opq45rs67tuv89wxyz";
+            $data .= "0FGH45OP89";
+            
+            for ($i = 0; $i < $length; $i++) {
+                $random .= substr($data, (rand() % (strlen($data))), 1);
+            }
+            
+            return $random;
+        }
+
+
+        static function checkString_e($value) {
+            $myvalue = ltrim($value);
+            $myvalue = rtrim($myvalue);
+            if ($myvalue == 'null')
+                $myvalue = '';
+            return $myvalue;
+        }
+
+        static function getChecksumFromArray($arrayList, $key, $sort = 1) {
+            if ($sort != 0) {
+                ksort($arrayList);
+            }
+            $str         = self::getArray2Str($arrayList);
+            $salt        = self::generateSalt_e(4);
+            $finalString = $str . "|" . $salt;
+            $hash        = hash("sha256", $finalString);
+            $hashString  = $hash . $salt;
+            $checksum    = self::encrypt_e($hashString, $key);
+            return $checksum;
+        }
+
+        static function verifychecksum_e($arrayList, $key, $checksumvalue) {
+            $arrayList = self::removeCheckSumParam($arrayList);
+            ksort($arrayList);
+            $str        = self::getArray2StrForVerify($arrayList);
+            $paytm_hash = self::decrypt_e($checksumvalue, $key);
+            $salt       = substr($paytm_hash, -4);
+            
+            $finalString = $str . "|" . $salt;
+            
+            $website_hash = hash("sha256", $finalString);
+            $website_hash .= $salt;
+            
+            $validFlag = "FALSE";
+            if ($website_hash == $paytm_hash) {
+                $validFlag = "TRUE";
+            } else {
+                $validFlag = "FALSE";
+            }
+            return $validFlag;
+        }
+
+        static function getArray2Str($arrayList) {
+            $findme   = 'REFUND';
+            $findmepipe = '|';
+            $paramStr = "";
+            $flag = 1;  
+            foreach ($arrayList as $key => $value) {
+                $pos = strpos($value, $findme);
+                $pospipe = strpos($value, $findmepipe);
+                if ($pos !== false || $pospipe !== false) 
+                {
+                    continue;
+                }
+                
+                if ($flag) {
+                    $paramStr .= self::checkString_e($value);
+                    $flag = 0;
+                } else {
+                    $paramStr .= "|" . self::checkString_e($value);
+                }
+            }
+            return $paramStr;
+        }
+
+        static function getArray2StrForVerify($arrayList) {
+            $paramStr = "";
+            $flag = 1;
+            foreach ($arrayList as $key => $value) {
+                if ($flag) {
+                    $paramStr .= self::checkString_e($value);
+                    $flag = 0;
+                } else {
+                    $paramStr .= "|" . self::checkString_e($value);
+                }
+            }
+            return $paramStr;
+        }
+
+        static function redirect2PG($paramList, $key) {
+            $hashString = self::getchecksumFromArray($paramList);
+            $checksum   = self::encrypt_e($hashString, $key);
+        }
+
+
+        static function removeCheckSumParam($arrayList) {
+            if (isset($arrayList["CHECKSUMHASH"])) {
+                unset($arrayList["CHECKSUMHASH"]);
+            }
+            return $arrayList;
+        }
+
+        static function sanitizedParam($param) {
+            $pattern[0]     = "%,%";
+            $pattern[1]     = "%#%";
+            $pattern[2]     = "%\(%";
+            $pattern[3]     = "%\)%";
+            $pattern[4]     = "%\{%";
+            $pattern[5]     = "%\}%";
+            $pattern[6]     = "%<%";
+            $pattern[7]     = "%>%";
+            $pattern[8]     = "%`%";
+            $pattern[9]     = "%!%";
+            $pattern[10]    = "%\\$%";
+            $pattern[11]    = "%\%%";
+            $pattern[12]    = "%\^%";
+            $pattern[13]    = "%=%";
+            $pattern[14]    = "%\+%";
+            $pattern[15]    = "%\|%";
+            $pattern[16]    = "%\\\%";
+            $pattern[17]    = "%:%";
+            $pattern[18]    = "%'%";
+            $pattern[19]    = "%\"%";
+            $pattern[20]    = "%;%";
+            $pattern[21]    = "%~%";
+            $pattern[22]    = "%\[%";
+            $pattern[23]    = "%\]%";
+            $pattern[24]    = "%\*%";
+            $pattern[25]    = "%&%";
+            $sanitizedParam = preg_replace($pattern, "", $param);
+            return $sanitizedParam;
+        }
+
+        static function callNewAPI($apiURL, $requestParamList) {
+
+            $jsonResponse = wp_remote_post($apiURL, array(
+                'headers'     => array('Content-Type' => 'application/json; charset=utf-8'),
+                'body'        => json_encode($requestParamList),
+            ));
+
+            //$response_code = wp_remote_retrieve_response_code( $jsonResponse );
+            $response_body = wp_remote_retrieve_body( $jsonResponse );
+            $responseParamList = json_decode($response_body, true);
+            return $responseParamList;
+        }
+    }
+}
\ No newline at end of file
diff --git a/WPeCommerce (v3.11.x)/paytm/paytm_version.txt b/WPeCommerce (v3.11.x)/paytm/paytm_version.txt
new file mode 100755
index 0000000..95a41e6
--- /dev/null
+++ b/WPeCommerce (v3.11.x)/paytm/paytm_version.txt	
@@ -0,0 +1 @@
+02-11-2018
diff --git a/WPeCommerce (v3.11.x)/paytm_version.txt b/WPeCommerce (v3.11.x)/paytm_version.txt
deleted file mode 100644
index d906ba5..0000000
--- a/WPeCommerce (v3.11.x)/paytm_version.txt	
+++ /dev/null
@@ -1 +0,0 @@
-06 April 2018, version-3.11.X
\ No newline at end of file