DoliCloud · eldy · Mar 16, 2026 · Mar 16, 2026
diff --git a/htdocs/stancerdolicloud/admin/about.php b/htdocs/stancerdolicloud/admin/about.php
@@ -47,6 +47,12 @@
 if (!$res && file_exists("../../../main.inc.php")) {
 	$res = @include "../../../main.inc.php";
 }
+if (!$res && file_exists("../../../../main.inc.php")) {
+	$res = @include "../../../../main.inc.php";
+}
+if (!$res && file_exists("../../../../../main.inc.php")) {
+	$res = @include "../../../../../main.inc.php";
+}
 if (!$res) {
 	die("Include of main fails");
 }

diff --git a/htdocs/stancerdolicloud/admin/setup.php b/htdocs/stancerdolicloud/admin/setup.php
@@ -46,6 +46,12 @@
 if (!$res && file_exists("../../../main.inc.php")) {
 	$res = @include "../../../main.inc.php";
 }
+if (!$res && file_exists("../../../../main.inc.php")) {
+	$res = @include "../../../../main.inc.php";
+}
+if (!$res && file_exists("../../../../../main.inc.php")) {
+	$res = @include "../../../../../main.inc.php";
+}
 if (!$res) {
 	die("Include of main fails");
 }

diff --git a/htdocs/stancerdolicloud/class/actions_stancerdolicloud.class.php b/htdocs/stancerdolicloud/class/actions_stancerdolicloud.class.php
@@ -350,10 +350,67 @@ public function doPayment($parameters, &$object, &$action, $hookmanager)
 		$suffix = GETPOST('suffix'); 	// ???
 		$entity = GETPOST('entity');
 		$getpostlang = GETPOST('lang');
+		$ws = GETPOST("ws", "aZ09"); // Website reference where the newpayment page is embedded or from where the newpayment page is called
 		$amount = price2num(GETPOST("amount", 'alpha'));
 
 		$object = null;
 
+		$urlback = $urlwithroot.'/public/payment/newpayment.php?';
+
+		// May be not required
+		if ($ws && !defined('USEDOLIBARRSERVER') && !defined('USEDOLIBARREDITOR')) {	// So defined('USEEXTERNALSERVER') should be set but is not always
+			if (!empty($_SERVER["HTTP_X_FORWARDED_HOST"])) {
+				// Page is called after a proxy
+				$tmphosts = explode(',', $_SERVER["HTTP_X_FORWARDED_HOST"]);
+				$tmphosts = array_map('trim', $tmphosts);
+				$lastproxy = end($tmphosts);
+
+				include_once DOL_DOCUMENT_ROOT.'/website/class/website.class.php';
+				$tmpwebsite = new Website($db);
+				$tmpwebsite->fetch(0, $ws);
+
+				if (preg_replace('/https?:\/\//i', '', $tmpwebsite->virtualhost) == $lastproxy) {
+					// If the newpayment.php page was called from a proxy with same domain than the website virtual host, we must use this one as the redirect domain url.
+					$urlback = $tmpwebsite->virtualhost.'/public/payment/newpayment.php?';
+				}
+			}
+		}
+		if ($parameters['paymentmethod'] && !preg_match('/'.preg_quote('PM='.$parameters['paymentmethod'], '/').'/', $FULLTAG)) {
+			$FULLTAG .= ($FULLTAG ? '.' : '').'PM='.$parameters['paymentmethod'];
+		}
+		if ($ws && !preg_match('/'.preg_quote('WS='.$ws, '/').'/', $FULLTAG)) {
+			$FULLTAG .= ($FULLTAG ? '.' : '').'WS='.$ws;
+		}
+		if (!empty($suffix)) {
+			$urlback .= 'suffix='.urlencode($suffix).'&';
+		}
+		if ($source) {
+			$urlback .= 's='.urlencode($source).'&';
+			$FULLTAG = stancerDolicloudCompleteFullTag($FULLTAG, $source, $ref);
+		}
+		if (!empty($REF)) {
+			$urlback .= 'ref='.urlencode($REF).'&';
+		}
+		if (!empty($TAG)) {
+			$urlback .= 'tag='.urlencode($TAG).'&';
+		}
+		if (!empty($FULLTAG)) {
+			$urlback .= 'fulltag='.urlencode($FULLTAG).'&';
+		}
+		if (!empty($SECUREKEY)) {
+			$urlback .= 'securekey='.urlencode($SECUREKEY).'&';
+		}
+		if (!empty($entity)) {
+			$urlback .= 'e='.urlencode($entity).'&';
+		}
+		if (!empty($getpostlang)) {
+			$urlback .= 'lang='.urlencode($getpostlang).'&';
+		}
+		if (!empty($ws)) {
+			$urlback .= 'WS='.urlencode($ws).'&';
+		}
+		$urlback .= 'action=returnDoPaymentStancer';
+
 		if ($action == "returnDoPaymentStancer") {
 			dol_syslog("Data after redirect from stancer payment page with session FinalPaymentAmt = ".$_SESSION["FinalPaymentAmt"]." currencycodeType = ".$_SESSION["currencyCodeType"], LOG_DEBUG);
 
@@ -400,7 +457,20 @@ public function doPayment($parameters, &$object, &$action, $hookmanager)
 			$_SESSION["currencyCodeType"] = $currency;
 
 		} elseif (in_array($parameters['paymentmethod'], array('stancerdolicloud')) && $parameters['validpaymentmethod']["stancerdolicloud"] == "valid") {
-			$urlback = $urlwithroot.'/public/payment/newpayment.php?';
+
+			if (empty($amount)) {
+				$amount = price2num(stancerDolicloudGetDataFromObjects($source, $ref));
+			}
+			if (empty($currency)) {
+				if (!GETPOST("currency", 'alpha')) {
+					$currency = $conf->currency;
+				} else {
+					$currency = GETPOST("currency", 'aZ09');
+				}
+			}
+			$FULLTAG = stancerDolicloudCompleteFullTag($FULLTAG, $source, $ref);
+			$_SESSION["FinalPaymentAmt"] = $amount;
+			$_SESSION["currencyCodeType"] = $currency;
 
 			if (!preg_match('/^https:/i', $urlback)) {
 				$langs->load("errors");
@@ -417,37 +487,6 @@ public function doPayment($parameters, &$object, &$action, $hookmanager)
 				$secretapikey = getDolGlobalString("STANCER_DOLICLOUD_TEST_SECRET_API_KEY");
 			}
 
-			$paymentmethod = $parameters['paymentmethod'];
-
-			if ($paymentmethod && !preg_match('/'.preg_quote('PM='.$paymentmethod, '/').'/', $FULLTAG)) {
-				$FULLTAG .= ($FULLTAG ? '.' : '').'PM='.$paymentmethod;
-			}
-			if (!empty($suffix)) {
-				$urlback .= 'suffix='.urlencode($suffix).'&';
-			}
-			if ($source) {
-				$urlback .= 's='.urlencode($source).'&';
-			}
-			if (!empty($REF)) {
-				$urlback .= 'ref='.urlencode($REF).'&';
-			}
-			if (!empty($TAG)) {
-				$urlback .= 'tag='.urlencode($TAG).'&';
-			}
-			if (!empty($FULLTAG)) {
-				$urlback .= 'fulltag='.urlencode($FULLTAG).'&';
-			}
-			if (!empty($SECUREKEY)) {
-				$urlback .= 'securekey='.urlencode($SECUREKEY).'&';
-			}
-			if (!empty($entity)) {
-				$urlback .= 'e='.urlencode($entity).'&';
-			}
-			if (!empty($getpostlang)) {
-				$urlback .= 'lang='.urlencode($getpostlang).'&';
-			}
-			$urlback .= 'action=returnDoPaymentStancer';
-
 			if (!$error) {
 				$FinalPaymentAmt = $_SESSION["FinalPaymentAmt"];
 				$currencyCodeType = $_SESSION["currencyCodeType"];

diff --git a/htdocs/stancerdolicloud/langs/en_US/stancerdolicloud.lang b/htdocs/stancerdolicloud/langs/en_US/stancerdolicloud.lang
@@ -62,7 +62,7 @@ MyWidgetDescription = My widget description
 StancerDoPayment = Pay with Stancer
 
 ErrorBadValueAmount=Please change your basket amount. It must be free or greater than €0.50 to authorize your payment
-ErrorValueFinalPaymentDiffers= Value of FinalPayment (%s) differs from value expected for membership (%s).
+ErrorValueFinalPaymentDiffers= Value of FinalPayment (%s) differs from expected value (%s).
 ErrorBadClientIdOrSecret=Bad client ID or secret
 
 StancerExplanatoryText=Joining Stancer means joining a solidarity-based system, <b>funded by voluntary contributions from users</b>, to offer high-quality, free online services to all associations<br> So, by joining, you benefit from this solidarity-based model, enabling you to collect online payments free of charge.<br>It is therefore important to communicate on this model, to inform your users of the scope of their payments.<br><br><b>To accept payments with Stancer, you will need to log in to your Stancer account.</b><br><b>You don't have an account on Stancer, <a href="https://auth.stancer.com/inscription" target="_blank">create your account in a few minutes here.</a></strong><br><i>If you encounter any problems, don't hesitate to take a look at <a href="https://centredaide.stancer.com/s/" target="_blank">our help center</a> or to <a href="https://www.stancer.com/contactez-nous" target="_blank">contact us</a> directly.</i>
diff --git a/htdocs/stancerdolicloud/lib/stancerdolicloud.lib.php b/htdocs/stancerdolicloud/lib/stancerdolicloud.lib.php
@@ -80,11 +80,11 @@ function stancerDolicloudAdminPrepareHead()
 
 /**
  * Get data form an object
- * 
+ *
  * @param	$source 		The type of the object
  * @param	$ref			The ref of the object
  * @param	$mode			The mode to use for the function amount
- * 
+ *
  * @return	int				The amount to pay if mode amount
  */
 
@@ -228,4 +228,42 @@ function stancerDolicloudGetDataFromObjects($source, $ref, $mode = 'amount')
 
 	}
 	return $amount;
+}
+
+/**
+ * Complete the FULLTAG with data from object.
+ *
+ * @param 	string 		$FULLTAG The FULLTAG to complete.
+ * @param 	string 		$source The source type.
+ * @param 	mixed 		$ref The reference ID of the source object.
+ *
+ * @return 	string 		The completed FULLTAG with appended object data.
+ */
+function stancerDolicloudCompleteFullTag($FULLTAG, $source = '', $ref = '') {
+	global $db;
+
+	require_once DOL_DOCUMENT_ROOT.'/commande/class/commande.class.php';
+	$order = new Commande($db);
+
+	if ($source && $ref) {
+		switch ($source) {
+			case 'order':
+			$result = $order->fetch('', $ref);
+			if ($result <= 0) {
+				return $FULLTAG;
+			} else {
+				$result = $order->fetch_thirdparty($order->socid);
+				$FULLTAG = $FULLTAG .'.ORD='.$order->id.'.CUS='.$order->thirdparty->id;
+				$FULLTAG = dol_string_unaccent($FULLTAG);
+			}
+			return $FULLTAG;
+			break;
+		default:
+			return $FULLTAG;
+			break;
+		}
+
+	} else {
+		return $FULLTAG;
+	}
 }