HEX
Server: Apache/2.4.25
System: Linux ion14 4.9.0-8-amd64 #1 SMP Debian 4.9.144-3.1 (2019-02-19) x86_64
User: (10087)
PHP: 7.4.30
Disabled: pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals,pcntl_unshare,system, exec, shell_exec, passthru, popen, proc_open
Upload Files
File: /home/www/web115/wordpress/wp-content/plugins/digimember/application/controller/public_api.php
<?php

define('DM_PUBLIC_API_PARAM_ACTION', 'dm_public_api');
define('DM_PUBLIC_API_PARAM_KEY', 'dm_public_api_key');

define('DM_PUBLIC_API_PARAM_ACTION_CHECK_USER_EXISTS', 'checkUserExists');
define('DM_PUBLIC_API_PARAM_ACTION_USER_REGISTRATION', 'userRegistration');
define('DM_PUBLIC_API_PARAM_ACTION_USER_LOGIN', 'userLogin');
define('DM_PUBLIC_API_PARAM_ACTION_LIST_ACCESSIBLE_PRODUCTS', 'listAccessableProducts');
define('DM_PUBLIC_API_PARAM_ACTION_LIST_ACCESSIBLE_CONTENT', 'listAccessableContent');
define('DM_PUBLIC_API_PARAM_ACTION_GET_LECTURE_MENU', 'getLectureMenu');
define('DM_PUBLIC_API_PARAM_ACTION_LIST_ORDERS', 'listOrders');
define('DM_PUBLIC_API_PARAM_ACTION_LIST_PRODUCTS', 'listProducts');
define('DM_PUBLIC_API_PARAM_ACTION_GET_ORDER', 'getOrder');
define('DM_PUBLIC_API_PARAM_ACTION_CREATE_ORDER', 'createOrder');

define('DM_PUBLIC_API_PARAM_ACTION_VALIDATE_ZAPIER', 'validateZapier');
define('DM_PUBLIC_API_PARAM_ACTION_NEW_ORDER_WEBHOOK_SUBSCRIBE', 'newOrderWebhookSubs');
define('DM_PUBLIC_API_PARAM_ACTION_NEW_ORDER_WEBHOOK_UNSUBSCRIBE', 'newOrderWebhookUnsubs');
define('DM_PUBLIC_API_PARAM_ACTION_LATEST_ORDER', 'latestOrder');
define('DM_PUBLIC_API_PARAM_ZAPIER_VERSION', 'versionZapier');
define('DM_PUBLIC_API_PARAM_ACTION_ZAPIER_CREATE_ORDER', 'createOrderZapier');
define('DM_PUBLIC_API_PARAM_ACTION_ZAPIER_CREATE_USER', 'createUserZapier');
define('DM_PUBLIC_API_PARAM_ACTION_ZAPIER_LIST_PRODUCTS', 'listProductsZapier');
define('DM_PUBLIC_API_PARAM_ACTION_ZAPIER_REFUND_ORDER', 'refundOrderZapier');
define('DM_PUBLIC_API_PARAM_ACTION_ZAPIER_CANCEL_ORDER', 'cancelOrderZapier');



define('DM_PUBLIC_API_PARAM_USER_EMAIL', 'userEmail');
define('DM_PUBLIC_API_PARAM_USER_EMAIL_OR_LOGIN_KEY', 'userEmailOrLoginKey');
define('DM_PUBLIC_API_PARAM_USER_ID_OR_LOGIN_KEY', 'userIdOrLoginKey');
define('DM_PUBLIC_API_PARAM_USER_PASSWORD', 'userPassword');
define('DM_PUBLIC_API_PARAM_USER_FIRSTNAME', 'userFirstname');
define('DM_PUBLIC_API_PARAM_USER_SURNAME', 'userSurname');
define('DM_PUBLIC_API_PARAM_PRODUCT_ID', 'productId');
define('DM_PUBLIC_API_PARAM_PRODUCT_NAME', 'productName');
define('DM_PUBLIC_API_PARAM_USER_ID', 'userId');
define('DM_PUBLIC_API_PARAM_ORDER_ID', 'orderId');
define('DM_PUBLIC_API_PARAM_ACCESS_STOPS_ON', 'accessStopsOn');
define('DM_PUBLIC_API_PARAM_WEBHOOK_ORDER_URL', 'orderURL');

/**
 * Class digimember_PublicApiController
 */
class digimember_PublicApiController extends ncore_Controller
{
    /**
     * @var null|stdClass
     */
    protected $apiKey = null;

    /**
     * @var null|digimember_HttpResponseLogic
     */
    public $response = null;

    /**
     * @var stdClass
     */
    protected $user;

    public function init($settings = [])
    {
        parent::init($settings);
        /** @var digimember_HttpResponseLogic $responseLogic */
        $responseLogic = $this->api->load->model('logic/http_response');
        $this->response = $responseLogic;
        $this->response->setHttpHeader('Content-Type', 'application/json');
    }

    /**
     *
     */
    protected function handleRequest()
    {
        global $current_user;
        /** @var digimember_HttpResponseLogic $response */
        $response = $this->api->load->model('logic/http_response');
        $response->init();
        try {
            $this->user = ncore_getUserById($this->apiKey->user_id);
            $current_user = $this->user;
            wp_clear_auth_cookie();
            wp_set_current_user($this->user->ID);
            wp_set_auth_cookie($this->user->ID);
            switch ($this->request(DM_PUBLIC_API_PARAM_ACTION)) {
                case DM_PUBLIC_API_PARAM_ACTION_CHECK_USER_EXISTS:
                    if (!$this->verifyScope([DM_API_KEY_SCOPE_ADMIN])) {
                        break;
                    }
                    $email = ncore_retrieveGET(DM_PUBLIC_API_PARAM_USER_EMAIL);
                    $user = ncore_getUserIdByEmail($email);
                    if ($user) {
                        $response->setParameters((array)ncore_getUserById($user));
                        break;
                    }
                    $user = ncore_getUserIdByName($email);
                    if ($user) {
                        $response->setParameters((array)ncore_getUserById($user));
                        break;
                    }
                    $response->setError(404, _digi('User not found'));
                    break;
                case DM_PUBLIC_API_PARAM_ACTION_USER_REGISTRATION:
                    if (!$this->verifyScope([DM_API_KEY_SCOPE_ADMIN])) {
                        break;
                    }
                    $productId = ncore_retrieveGET(DM_PUBLIC_API_PARAM_PRODUCT_ID);
                    $email = ncore_retrieveGET(DM_PUBLIC_API_PARAM_USER_EMAIL);
                    $pass = ncore_retrieveGET(DM_PUBLIC_API_PARAM_USER_PASSWORD);
                    $orderId = ncore_retrieveGET(DM_PUBLIC_API_PARAM_ORDER_ID, 'by_public_api');
                    if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
                        $response->setError(422, _digi('Invalid e-mail address'));
                        break;
                    }
//                    if (!trim($productId)) {
//                        $response->setError(422, _digi('Product id missing'));
//                        break;
//                    }
                    $doesUserExist = (bool)ncore_getUserBy('login', $email);
                    if (!$doesUserExist) {
                        $doesUserExist = (bool)ncore_getUserBy('email', $email);
                    }
                    /** @var digimember_PaymentHandlerLib $paymentLib */
                    $paymentLib = $this->api->load->library('payment_handler');
                    try {
                        $pass = $doesUserExist ? false : $pass;
                        $paymentLib->signUp($email, $productId, null, false, $orderId, $pass);
                        $user = ncore_getUserBy('login', $email);
                        if (!$user) {
                            $user = ncore_getUserBy('email', $email);
                        }
                        if (!$user) {
                            $response->setError(417, _digi('User creation failed due to an unknown error'));
                            break;
                        }
                        /** @var digimember_LoginkeyData $loginKeyModel */
                        $loginKeyModel = $this->api->load->model('data/loginkey');
                        $user->data->user_loginkey = $loginKeyModel->getForUser($user->ID);
                        $response->setParameters((array)$user->data);
                        break;
                    } catch (Exception $e) {
                        $response->setError(422, $e->getMessage());
                        break;
                    }
                case DM_PUBLIC_API_PARAM_ACTION_CREATE_ORDER:
                    if (!$this->verifyScope([DM_API_KEY_SCOPE_ADMIN])) {
                        break;
                    }
                    $productId = ncore_retrieveGET(DM_PUBLIC_API_PARAM_PRODUCT_ID);
                    $orderId = ncore_retrieveGET(DM_PUBLIC_API_PARAM_ORDER_ID);
                    $emailOrLoginKey = ncore_retrieveGET(DM_PUBLIC_API_PARAM_USER_EMAIL_OR_LOGIN_KEY);

                    /** @var digimember_LoginkeyData $loginKeyModel */
                    $loginKeyModel = $this->api->load->model('data/loginkey');
                    $userId = $loginKeyModel->getUserIdByKey($emailOrLoginKey);
                    if ($userId && $user = ncore_getUserById($userId)) {
                        $emailOrLoginKey = ncore_retrieve($user, 'user_email', '');
                    }

                    if (filter_var($emailOrLoginKey, FILTER_VALIDATE_EMAIL) === false) {
                        $response->setError(422, _digi('Invalid email address'));
                        break;
                    }
                    if (!(bool)ncore_getUserIdByEmail($emailOrLoginKey) && !(bool)ncore_getUserIdByName($emailOrLoginKey)) {
                        $response->setError(404, _digi('User does not exist'));
                        break;
                    }
                    if (!trim($productId)) {
                        $response->setError(422, _digi('Product id missing'));
                        break;
                    }
                    if (!trim($orderId)) {
                        $response->setError(422, _digi('Order id missing'));
                        break;
                    }
                    try {
                        /** @var digimember_PaymentHandlerLib $paymentLib */
                        $paymentLib = dm_api()->load->library('payment_handler');
                        $paymentLib->signUp($emailOrLoginKey, $productId, [], false, $orderId);
                        $response->setParameters([
                            'success' => true,
                        ]);
                        break;
                    } catch (Exception $e) {
                        $response->setError(422, $e->getMessage());
                        break;
                    }
                case DM_PUBLIC_API_PARAM_ACTION_USER_LOGIN:
                    if (!$this->verifyScope([DM_API_KEY_SCOPE_ADMIN])) {
                        break;
                    }
                    $login = ncore_retrieveGET(DM_PUBLIC_API_PARAM_USER_EMAIL);
                    $pass = ncore_retrieveGET(DM_PUBLIC_API_PARAM_USER_PASSWORD);
                    $user = ncore_getUserBy('login', $login);
                    if (!$user) {
                        $response->setError(404, _digi('User not found'));
                        break;
                    }
                    if (!wp_check_password($pass, $user->data->user_pass, $user->ID)) {
                        $response->setError(401, _digi('User password incorrect'));
                        break;
                    }
                    /** @var digimember_LoginkeyData $loginKeyModel */
                    $loginKeyModel = $this->api->load->model('data/loginkey');
                    $user->data->user_loginkey = $loginKeyModel->getForUser($user->ID);
                    $response->setParameters((array)$user->data);
                    break;
                case DM_PUBLIC_API_PARAM_ACTION_LIST_ACCESSIBLE_PRODUCTS:
                    if (!$this->verifyScope([DM_API_KEY_SCOPE_ADMIN])) {
                        break;
                    }
                    $userIdent = ncore_retrieveGET(DM_PUBLIC_API_PARAM_USER_ID_OR_LOGIN_KEY, $this->user->ID);
                    /** @var digimember_LoginkeyData $loginKeyModel */
                    $loginKeyModel = $this->api->load->model('data/loginkey');
                    $userId = $loginKeyModel->getUserIdByKey($userIdent);
                    if (!$userId) {
                        $userId = $userIdent;
                    }

                    $response->setParameters(
                        digimember_listAccessableProducts(
                            $userId
                        )
                    );
                    break;
                case DM_PUBLIC_API_PARAM_ACTION_LIST_ACCESSIBLE_CONTENT:
                    if (!$this->verifyScope([DM_API_KEY_SCOPE_ADMIN])) {
                        break;
                    }
                    $userIdent = ncore_retrieveGET(DM_PUBLIC_API_PARAM_USER_ID_OR_LOGIN_KEY, $this->user->ID);
                    /** @var digimember_LoginkeyData $loginKeyModel */
                    $loginKeyModel = $this->api->load->model('data/loginkey');
                    $userId = $loginKeyModel->getUserIdByKey($userIdent);
                    if (!$userId) {
                        $userId = $userIdent;
                    }

                    $productId = ncore_retrieveGET(DM_PUBLIC_API_PARAM_PRODUCT_ID);
                    if (!trim($productId)) {
                        $response->setError(422, _digi('Product id missing'));
                        break;
                    }
                    $response->setParameters(
                        digimember_listAccessableContent(
                            $productId,
                            $userId
                        )
                    );
                    break;
                case DM_PUBLIC_API_PARAM_ACTION_GET_LECTURE_MENU:
                    if (!$this->verifyScope([DM_API_KEY_SCOPE_ADMIN])) {
                        break;
                    }
                    $productId = ncore_retrieveGET(DM_PUBLIC_API_PARAM_PRODUCT_ID);
                    if (!trim($productId)) {
                        $response->setError(422, _digi('Product id missing'));
                        break;
                    }
                    /** @var array $lectureMenu */
                    $lectureMenu = digimember_getLectureMenu(
                        $productId
                    );
                    $response->setParameters(
                        $lectureMenu
                    );
                    break;
                case DM_PUBLIC_API_PARAM_ACTION_LIST_ORDERS:
                    if (!$this->verifyScope([DM_API_KEY_SCOPE_ADMIN])) {
                        break;
                    }
                    $userId = ncore_retrieveGET(DM_PUBLIC_API_PARAM_USER_ID, $this->user->ID);
                    $response->setParameters(
                        digimember_listOrders(
                            $userId
                        )
                    );
                    break;
                case DM_PUBLIC_API_PARAM_ACTION_LIST_PRODUCTS:
                    if (!$this->verifyScope([DM_API_KEY_SCOPE_ADMIN])) {
                        break;
                    }

                    $response->setParameters(
                        digimember_listProducts()
                    );
                    break;
                case DM_PUBLIC_API_PARAM_ACTION_GET_ORDER:
                    if (!$this->verifyScope([DM_API_KEY_SCOPE_ADMIN])) {
                        break;
                    }
                    $orderId = ncore_retrieveGET(DM_PUBLIC_API_PARAM_ORDER_ID);
                    if (!$orderId) {
                        $this->notFound();
                        break;
                    }
                    $order = digimember_getOrder(
                        $orderId
                    );
                    if ($order) {
                        $response->setParameters(
                            (array)$order
                        );
                    } else {
                        $this->notFound();
                        break;
                    }
                    break;

                /*
                 *  ZAPIER SECTION BEGIN
                 */

                case DM_PUBLIC_API_PARAM_ACTION_VALIDATE_ZAPIER:
                    if (!$this->verifyScope([DM_API_KEY_SCOPE_ZAPIER])) {
                        $response->setError(403, _digi("Permission needs to be Zapier"));
                        break;
                    }

                    $zapierVersion = ncore_retrieveGET(DM_PUBLIC_API_PARAM_ZAPIER_VERSION);
                    if (!$this->verifyZapierVersion($zapierVersion)) {
                        $response->setError(403, _digi("Wrong Zapier Version"));
                        break;
                    }

                    $response->setParameters([
                        'success' => true,
                    ]);
                    break;
                case DM_PUBLIC_API_PARAM_ACTION_ZAPIER_LIST_PRODUCTS:
                    if (!$this->verifyScope([DM_API_KEY_SCOPE_ZAPIER])) {
                        $response->setError(403, _digi("Permission needs to be Zapier"));
                        break;
                    }

                    $zapierVersion = ncore_retrieveGET(DM_PUBLIC_API_PARAM_ZAPIER_VERSION);
                    if (!$this->verifyZapierVersion($zapierVersion)) {
                        $response->setError(403, _digi("Wrong Zapier Version"));
                        break;
                    }
                    /** @var digimember_ProductData $productModel */
                    $productModel = $this->api->load->model('data/product');
                    $products = $productModel->getAll();
                    $productsArray[] = ['id' => 0, 'product_id' => 0, 'product_name' => 'all'];
                    $i = 1;

                    foreach ($products as $product) {
                        $productsArray[] = [
                            'id' => '' . $i . '',
                            'product_id' => $product->id,
                            'product_name' => $product->name,
                        ];
                        $i++;
                    }

                    $response->setParameters($productsArray);
                    break;
                case DM_PUBLIC_API_PARAM_ACTION_NEW_ORDER_WEBHOOK_SUBSCRIBE:
                    if (!$this->verifyScope([DM_API_KEY_SCOPE_ZAPIER])) {
                        $response->setError(403, _digi("Permission needs to be Zapier"));
                        break;
                    }

                    $zapierVersion = ncore_retrieveGET(DM_PUBLIC_API_PARAM_ZAPIER_VERSION);
                    if (!$this->verifyZapierVersion($zapierVersion)) {
                        $response->setError(403, _digi("Wrong Zapier Version"));
                        break;
                    }

                    $url = ncore_retrieveGET(DM_PUBLIC_API_PARAM_WEBHOOK_ORDER_URL);
                    if (!$url) {
                        $response->setError(422, _digi("Something went wrong, no web hook URL received"));
                        break;
                    }

                    // this is needed to store the API Key with which a Zap was activated to deactivate the autoresponder if the API Key gets disabled/reactivated in the API Key Settings
                    $user_api_key = ncore_retrieveGET(DM_PUBLIC_API_PARAM_KEY);

                    $product = ncore_retrieveGET(DM_PUBLIC_API_PARAM_PRODUCT_NAME);

                    /** @var digimember_ProductData $product_model */
                    $product_model = $this->api->load->model('data/product');
                    $product_options = $product_model->options($product_type = 'membership', $public_only = true);

                    if ($product == 'all') {
                        $productId = 'all';
                    }

                    foreach ($product_options as $id => $name) {
                        // to ensure that for option "All" selected, all product IDs are correctly formatted stored into the DB
                        if ($product == 'all') {
                            $productId = $productId . ',' . $id;
                        } else if ($product == $name) {
                            $productId = $id;
                        }
                    }

                    /** @var ncore_AutoresponderData $model */
                    $model = $this->api->load->model('data/autoresponder');
                    $autoresponder_data = ['zapier_notify_url' => $url, 'zapier_api_key' => $user_api_key];

                    $data = [
                        "engine" => "zapier",
                        "is_active" => "Y",
                        "product_ids_comma_seperated" => $productId,
                        "data_serialized" => serialize($autoresponder_data),
                    ];

                    $model->create($data);

                    $response->setParameters([
                        'success' => true,
                    ]);
                    break;
                case DM_PUBLIC_API_PARAM_ACTION_NEW_ORDER_WEBHOOK_UNSUBSCRIBE:
                    if (!$this->verifyScope([DM_API_KEY_SCOPE_ZAPIER])) {
                        $response->setError(403, _digi("Permission needs to be Zapier"));
                        break;
                    }

                    $zapierVersion = ncore_retrieveGET(DM_PUBLIC_API_PARAM_ZAPIER_VERSION);
                    if (!$this->verifyZapierVersion($zapierVersion)) {
                        $response->setError(403, _digi("Wrong Zapier Version"));
                        break;
                    }

                    $url = ncore_retrieveGET(DM_PUBLIC_API_PARAM_WEBHOOK_ORDER_URL);
                    if (!$url) {
                        $response->setError(422, _digi("Something went wrong, no web hook URL received"));
                        break;
                    }

                    // this is needed to store the API Key with which a Zap was activated to deactivate the autoresponder if the API Key gets disabled/reactivated in the API Key Settings
                    $user_api_key = ncore_retrieveGET(DM_PUBLIC_API_PARAM_KEY);

                    $product = ncore_retrieveGET(DM_PUBLIC_API_PARAM_PRODUCT_NAME);

                    /** @var digimember_ProductData $product_model */
                    $product_model = $this->api->load->model('data/product');
                    $product_options = $product_model->options($product_type = 'membership', $public_only = true);

                    if ($product == 'all') {
                        $productId = 'all';
                    } else {
                        foreach ($product_options as $id => $name) {
                            if ($product == $name) {
                                $productId = $id;
                            }
                        }
                    }
                    /** @var ncore_AutoresponderData $model */
                    $model = $this->api->load->model('data/autoresponder');

                    $results = $model->getAll(['engine' => 'zapier', 'product_ids_comma_seperated' => $productId]);

                    if (!$results) {
                        $response->setError(422, _digi("Something went wrong, no web hook configured for this product combination"));
                    } else {
                        foreach ($results as $result) {
                            $data = unserialize($result->{"data_serialized"});
                            // checks if the found data contains settings for the currently activated api key
                            if ($data['zapier_api_key'] == $user_api_key) {
                                // the autoresponder gets deleted
                                $model->delete($result->{'id'});
                            }
                        }
                    }

                    $response->setParameters([
                        'success' => true,
                    ]);

                    break;
                case DM_PUBLIC_API_PARAM_ACTION_LATEST_ORDER:
                    if (!$this->verifyScope([DM_API_KEY_SCOPE_ZAPIER])) {
                        $response->setError(403, _digi("Permission needs to be Zapier"));
                        break;
                    }

                    $zapierVersion = ncore_retrieveGET(DM_PUBLIC_API_PARAM_ZAPIER_VERSION);
                    if (!$this->verifyZapierVersion($zapierVersion)) {
                        $response->setError(403, _digi("Wrong Zapier Version"));
                        break;
                    }

                    /** @var digimember_UserProductData $orders */
                    $orders = $this->api->load->model('data/user_product');
                    /** @var digimember_ProductData $products */
                    $products = $this->api->load->model('data/product');

                    $latestOrder = $orders->getWhere(['is_active' => 'Y'], 'id DESC');

                    $productId = $latestOrder->product_id;
                    $productName = $products->get($productId)->name;
                    $orderId = $latestOrder->order_id;

                    $user_obj = get_userdata($latestOrder->user_id);
                    $email = $user_obj->user_email;
                    $firstname = $user_obj->user_firstname;
                    $lastname = $user_obj->user_lastname;

                    // übernommen aus autoresponder_handler line 698 ff

                    /** @var digimember_UserData $model */
                    $model = $this->api->load->model('data/user');
                    $stored_password = $model->getPassword($latestOrder->user_id);
                    $password = '';
                    if ($stored_password) {
                        $password = $stored_password;
                    } else {
                        $password = $model->setPassword($latestOrder->user_id, $password, false);
                    }

                    $orderDate = $latestOrder->order_date;

                    $correctly_formatted_order = [
                        'product_id' => $productId,
                        'order_id' => $orderId,
                        'product_name' => $productName,
                        'email' => $email,
                        'firstname' => $firstname,
                        'lastname' => $lastname,
                        'order_date' => $orderDate,
                        'password' => $password,
                    ];

                    $response->setParameters([
                        $correctly_formatted_order,
                    ]);
                    break;
                case DM_PUBLIC_API_PARAM_ACTION_ZAPIER_CREATE_ORDER:
                    if (!$this->verifyScope([DM_API_KEY_SCOPE_ZAPIER])) {
                        $response->setError(403, _digi("Permission needs to be Zapier"));
                        break;
                    }

                    $zapierVersion = ncore_retrieveGET(DM_PUBLIC_API_PARAM_ZAPIER_VERSION);
                    if (!$this->verifyZapierVersion($zapierVersion)) {
                        $response->setError(403, _digi("Wrong Zapier Version"));
                        break;
                    }

                    $productName = ncore_retrieveGET(DM_PUBLIC_API_PARAM_PRODUCT_NAME);
                    $email = ncore_retrieveGET(DM_PUBLIC_API_PARAM_USER_EMAIL);
                    $orderId = ncore_retrieveGET(DM_PUBLIC_API_PARAM_ORDER_ID, 'by_zapier');
                    $firstname = ncore_retrieveGET(DM_PUBLIC_API_PARAM_USER_FIRSTNAME);
                    $lastname = ncore_retrieveGET(DM_PUBLIC_API_PARAM_USER_SURNAME);

                    /** @var digimember_ProductData $product_model */
                    $product_model = $this->api->load->model('data/product');
                    $product_options = $product_model->options($product_type = 'membership', $public_only = true);

                    if ($productName == 'all') {
                        $productId = 'all';
                    } else {
                        foreach ($product_options as $id => $name) {
                            if ($productName == $name) {
                                $productId = $id;
                            }
                        }
                    }

                    if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
                        $response->setError(422, _digi('Invalid e-mail address'));
                        break;
                    }

                    /** @var digimember_PaymentHandlerLib $paymentLib */
                    $paymentLib = $this->api->load->library('payment_handler');
                    try {
                        $paymentLib->signUp($email, $productId, null, false, $orderId);
                        $user = ncore_getUserBy('login', $email);
                        if (!$user) {
                            $user = ncore_getUserBy('email', $email);
                        }
                        if (!$user) {
                            $response->setError(417, _digi('User creation failed due to an unknown error'));
                            break;
                        }

                        $user_id = ncore_getUserIdByEmail($email);
                        update_user_meta($user_id, 'first_name', $firstname);
                        update_user_meta($user_id, 'last_name', $lastname);

                        /** @var digimember_LoginkeyData $loginKeyModel */
                        $loginKeyModel = $this->api->load->model('data/loginkey');
                        $user->data->user_loginkey = $loginKeyModel->getForUser($user->ID);

                        $response->setParameters((array)$user->data);

                        break;
                    } catch (Exception $e) {
                        $response->setError(422, $e->getMessage());
                        break;
                    }

                case DM_PUBLIC_API_PARAM_ACTION_ZAPIER_REFUND_ORDER:
                    if (!$this->verifyScope([DM_API_KEY_SCOPE_ZAPIER])) {
                        $response->setError(403, _digi("Permission needs to be Zapier"));
                        break;
                    }

                    $zapierVersion = ncore_retrieveGET(DM_PUBLIC_API_PARAM_ZAPIER_VERSION);
                    if (!$this->verifyZapierVersion($zapierVersion)) {
                        $response->setError(403, _digi("Wrong Zapier Version"));
                        break;
                    }
                    $email = ncore_retrieveGET(DM_PUBLIC_API_PARAM_USER_EMAIL);
                    $orderId = ncore_retrieveGET(DM_PUBLIC_API_PARAM_ORDER_ID, 'by_zapier');

                    if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
                        $response->setError(422, _digi('Invalid e-mail address'));
                        break;
                    }
                    $user_id = ncore_getUserIdByEmail($email);
//                    if (!$user_id) {
//                        $response->setError(422, _digi('User not found'));
//                        break;
//                    }

                    /** @var digimember_PaymentHandlerLib $paymentLib */
                    $paymentLib = $this->api->load->library('payment_handler');
                    $data = array(
                        'orderId' => $orderId,
                        'userEmail' => $email,
                        'action' => DM_PUBLIC_API_PARAM_ACTION_ZAPIER_REFUND_ORDER,
                    );
                    try {
                        $paymentLib->onRefundZapier(0, $orderId, $user_id);
                        $data['status'] = 'success';
                        $response->setParameters((array)$data);
                        break;
                    } catch (Exception $e) {
                        $data['status'] = $e->getMessage();
                        $response->setParameters((array)$data);
                        $this->api->logError(
                            'zapier',
                            "[".DM_PUBLIC_API_PARAM_ACTION_ZAPIER_REFUND_ORDER."] "._digi('Zapier action failed. Order ID: %s email: %s error message: %s'),
                            $orderId,
                            $email,
                            $e->getMessage()
                        );
                        //$response->setError(422, $e->getMessage());
                        break;
                    }

                case DM_PUBLIC_API_PARAM_ACTION_ZAPIER_CANCEL_ORDER:
                    if (!$this->verifyScope([DM_API_KEY_SCOPE_ZAPIER])) {
                        $response->setError(403, _digi("Permission needs to be Zapier"));
                        break;
                    }

                    $zapierVersion = ncore_retrieveGET(DM_PUBLIC_API_PARAM_ZAPIER_VERSION);
                    if (!$this->verifyZapierVersion($zapierVersion)) {
                        $response->setError(403, _digi("Wrong Zapier Version"));
                        break;
                    }
                    $email = ncore_retrieveGET(DM_PUBLIC_API_PARAM_USER_EMAIL);
                    $orderId = ncore_retrieveGET(DM_PUBLIC_API_PARAM_ORDER_ID, 'by_zapier');
                    $accessStopsOn = ncore_retrieveGET(DM_PUBLIC_API_PARAM_ACCESS_STOPS_ON, false);

                    if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
                        $response->setError(422, _digi('Invalid e-mail address'));
                        break;
                    }
                    $user_id = ncore_getUserIdByEmail($email);
//                    if (!$user_id) {
//                        $response->setError(422, _digi('User not found'));
//                        break;
//                    }

                    /** @var digimember_PaymentHandlerLib $paymentLib */
                    $paymentLib = $this->api->load->library('payment_handler');
                    $data = array(
                        'orderId' => $orderId,
                        'userEmail' => $email,
                        'accessStopsOn' => $accessStopsOn ? true : false,
                        'accessStopsOnDate' => $accessStopsOn ? $accessStopsOn : null,
                        'action' => DM_PUBLIC_API_PARAM_ACTION_ZAPIER_CANCEL_ORDER,
                    );
                    try {
                        $paymentLib->onCancelZapier(0, $orderId, $user_id, $accessStopsOn);
                        $data['status'] = 'success';
                        $response->setParameters((array)$data);
                        break;
                    } catch (Exception $e) {
                        $data['status'] = $e->getMessage();
                        $response->setParameters((array)$data);
                        $this->api->logError(
                            'zapier',
                            "[".DM_PUBLIC_API_PARAM_ACTION_ZAPIER_CANCEL_ORDER."] "._digi('Zapier action failed. Order ID: %s email: %s error message: %s'),
                            $orderId,
                            $email,
                            $e->getMessage()
                        );
                        //$response->setError(422, $e->getMessage());
                        break;
                    }

                // currently this UC is not used anymore in the Zapier version, I left the code if we decide to reintegrate it in the future
                case DM_PUBLIC_API_PARAM_ACTION_ZAPIER_CREATE_USER:
                    if (!$this->verifyScope([DM_API_KEY_SCOPE_ZAPIER])) {
                        $response->setError(403, _digi("Permission needs to be Zapier"));
                        break;
                    }

                    $zapierVersion = ncore_retrieveGET(DM_PUBLIC_API_PARAM_ZAPIER_VERSION);
                    if (!$this->verifyZapierVersion($zapierVersion)) {
                        $response->setError(403, _digi("Wrong Zapier Version"));
                        break;
                    }
                    $email = ncore_retrieveGET(DM_PUBLIC_API_PARAM_USER_EMAIL);
                    $firstname = ncore_retrieveGET(DM_PUBLIC_API_PARAM_USER_FIRSTNAME);
                    $lastname = ncore_retrieveGET(DM_PUBLIC_API_PARAM_USER_SURNAME);

                    if (filter_var($email, FILTER_VALIDATE_EMAIL) === false) {
                        $response->setError(422, _digi('Invalid e-mail address'));
                        break;
                    }

                    $doesUserExist = (bool)ncore_getUserBy('login', $email);
                    if (!$doesUserExist) {
                        $doesUserExist = (bool)ncore_getUserBy('email', $email);
                    }
                    if (!$doesUserExist) {
                        $this->api->load->helper('string');
                        $password = ncore_randomString('password', NCORE_PASSWORD_LENGTH);
                    }
                    try {
                        wp_create_user($email, $password, $email);
                        $user = ncore_getUserBy('login', $email);
                        $user_id = ncore_getUserIdByEmail($email);
                        update_user_meta($user_id, 'first_name', $firstname);
                        update_user_meta($user_id, 'last_name', $lastname);

                        if (!$user)
                            $response->setError(417, _digi('User creation failed due to an unknown error'));

                        /** @var digimember_LoginkeyData $loginKeyModel */
                        $loginKeyModel = $this->api->load->model('data/loginkey');
                        $user->data->user_loginkey = $loginKeyModel->getForUser($user->ID);
                        $response->setParameters((array)$user->data);
                        break;
                    } catch (Exception $e) {
                        $response->setError(422, $e->getMessage());
                        break;
                    }

                /*
                *  ZAPIER SECTION END
                */

                default:
                    $this->notFound();
            }
        } catch (Exception $e) {
            $response->setError(401, 'access_denied', $e->getMessage());
        }
        $response->send();
    }

    /**
     * @return bool
     */
    protected function writeAccessGranted()
    {
        $key = $this->request(DM_PUBLIC_API_PARAM_KEY);
        if (!$key || strlen($key) != 32) {
            $this->response->setError(400, _digi('Invalid API key'), _digi('API key missing or has invalid format'));
            return false;
        }

        /** @var digimember_ApiKeyData $apiKeyData */
        $apiKeyData = $this->api->load->model('data/api_key');
        $keyModel = $apiKeyData->getWhere([
            'key' => $key,
            'deleted' => null,
        ]);
        if (!$keyModel) {
            $this->response->setError(401, _digi('Invalid API key'), 'API key not registered or was deleted.');
            return false;
        }
        if ($keyModel->is_active == 'N') {
            $this->response->setError(412, _digi('Invalid API key'), 'API key currently deactivated.');
            return false;
        }
        if ($keyModel->status == 'deleted') {
            $this->response->setError(412, _digi('Invalid API key'), 'API key was deleted, you need to restore it first.');
            return false;
        }

        $this->apiKey = $keyModel;

        return true;
    }

    /**
     * @param string|string[] $scope
     * @param bool            $or
     *
     * @return bool
     */
    private function verifyScope($scope, $or = true)
    {
        if (!$this->apiKey) {
            $this->response->setError(400, _digi('Invalid API key'), _digi('API key missing or has invalid format'));
        }
        if (!is_array($scope)) {
            $scope = [$scope];
        }
        foreach ($scope as $val) {
            if ($or && strpos($this->apiKey->scope, $val) !== false) {
                return true;
            }
            if (!$or && strpos($this->apiKey->scope, $val) === false) {
                $this->response->setError(401, _digi('Permission denied'), _digi('You cannot access this resource'));
                return false;
            }
        }
        if ($or) {
            $this->response->setError(401, _digi('Permission denied'), _digi('You cannot access this resource'));
            return false;
        }
        return true;
    }

    /**
     * @param $key
     *
     * @return null|string
     */
    private function request($key)
    {
        static $cache = [];
        $result =& $cache[$key];
        if ($result) {
            return $result;
        }
        $result = ncore_retrievePOST($key, ncore_retrieveGET($key));

        return $result;
    }

    private function notFound()
    {
        $this->response->setError(404, _digi('Resource not found'), _digi('Requested API resource was not found'));
    }

    /**
     * private helper function, checks if the Zapier call is made from the latest DigiMember Version in Zapier
     * @param $zapierVersion
     * @return bool true if it is the latest version, false otherwise
     */
    private function verifyZapierVersion($zapierVersion)
    {
        if ($zapierVersion != '1.0.1') {
            return false;
        }
        return true;
    }
}