Enter payid (or order number): ";
}
my $payid = $FORM{'payid'}+0;
## for people without moneyview priv, they have to have userid arg
my $extrawhere = "";
if (! $viewall) {
my $userid = $FORM{'userid'}+0;
$extrawhere = "AND p.userid=$userid";
}
if ($FORM{'userid'} eq "0") { # not == 0
$sth = $dbh->prepare("SELECT * FROM payments WHERE payid=$payid AND userid=0");
} else {
$sth = $dbh->prepare("SELECT p.*, u.user FROM payments p LEFT JOIN useridmap u ON u.userid=p.userid WHERE p.payid=$payid $extrawhere");
}
$sth->execute;
my $pm = $sth->fetchrow_hashref;
return "Invalid payment ID, or missing arguments" unless $pm;
# see if a code is associated with this payment:
my $cd = $dbh->selectrow_hashref("SELECT ac.* FROM acctpay ap, acctcode ac ".
"WHERE ap.payid=$payid AND ap.acid=ac.acid");
if ($cd) {
my $code = LJ::acct_code_encode($cd->{'acid'}, $cd->{'auth'});
$ret .= "From code: $code";
if ($cd->{'userid'}) {
$ret .= " (created by " . LJ::ljuser(LJ::get_username($dbh, $cd->{'userid'})) . ")";
}
if ($cd->{'rcptid'}) {
$ret .= " (used by " . LJ::ljuser(LJ::get_username($dbh, $cd->{'rcptid'})) . ")";
} else {
$ret .= " (code is unused)";
}
}
# see if a rename is associated with this payment
if ($pm->{'forwhat'} eq "rename") {
my $rn = $dbh->selectrow_hashref("SELECT renid, token, fromuser, touser, rendate ".
"FROM renames WHERE payid=?", undef, $payid);
if ($rn) {
my $code = sprintf("%06x%s", $rn->{'renid'}, $rn->{'token'});
$ret .= "
Rename Code: $code (from: $rn->{'fromuser'}, to: $rn->{'touser'}, rendate: $rn->{'rendate'})
";
}
}
$ret .= "
Payment \#$pm->{'payid'}
";
$ret .= "Amount: \$$pm->{'amount'} Method: $pm->{'method'} For: $pm->{'forwhat'} ";
if ($pm->{'giftafter'}) {
$ret .= " (to be delivered: " . scalar(gmtime($pm->{'giftafter'})) . " (GMT)";
}
$ret .= " Date sent: $pm->{'datesent'} Recv: $pm->{'daterecv'}";
$ret .= " Used: $pm->{'used'} Mailed: $pm->{'mailed'}";
$ret .= " Buyer: ";
if ($pm->{'user'}) {
$ret .= LJ::ljuser($pm->{'user'});
}
if ($pm->{'notes'}) {
my $not = LJ::eall($pm->{'notes'});
$not =~ s/\n/ \n/g;
$ret .= " Notes: $not";
}
# clear fraud flag
if (LJ::did_post() && $FORM{fraudclear}) {
LJ::Pay::payvar_set($payid, "fraud_status", "clear");
$dbh->do("DELETE FROM fraudsuspects WHERE payid=?", undef, $payid);
}
# vars
$ret .= "
";
$sth = $dbh->prepare("SELECT pkey, pval FROM payvars WHERE payid=?");
$sth->execute($payid);
my ($refund, $fraud_status);
while (my ($k, $v) = $sth->fetchrow_array) {
if ($k eq "an-refund") {
my @parts = split(/,/, $v);
$refund = $v; $v = "(hidden) expir=$parts[1]";
}
$fraud_status = $v if $k eq 'fraud_status';
$ret .= "$k = $v \n";
}
if ($fraud_status eq 'suspect') {
my $sql = q{
SELECT dateadd, reason
FROM fraudsuspects
WHERE payid=?
};
my ($added, $reason) = $dbh->selectrow_array($sql, undef, $payid);
$added = $added ? gmtime($added) . ' GMT' : 'unknown';
$reason ||= '?';
$reason =~ s#\n# #mg;
$ret .= <
This payment has been flagged as possible fraud.
Date added: $added Reason(s):
$reason
EOF
}
$sth = $dbh->prepare("SELECT ikey, ival FROM paymentsearch WHERE payid=?");
$sth->execute($payid);
while (my ($k, $v) = $sth->fetchrow_array) {
$ret .= "$k = $v \n";
}
$ret .= "
";
my $cartobj;
if ($pm->{'forwhat'} eq "cart") {
my $cart = "$pm->{'payid'}-$pm->{'anum'}";
$ret .= "