access denied

<?php
// ***************** Order-Invoice Redirect 307 *********************
$ycom_user = rex_ycom_auth::getUser();
if ($ycom_user)
{
$addon = rex_addon::get('imTportal');
//$message = "<p>Vielen Dank für Ihren Einkauf.<br>Das Produkt wird in kürze freigeschaltet.</p>";
$message = '<p>'.$addon->i18n('imTportal_message_purchase_completed').'</p>';
if (rex_request('return_id', 'int', 0) > 0)
{
$redirect_id = rex_request('return_id', 'int', 0);
}
$imtp_key = rex_request('imtp_key', 'string', null);
if ($imtp_key)
{
$order_id = rex_request('order_id', 'string', null);
$capture_id = rex_request('capture_id', 'string', null);
$currency_code = rex_request('currency_code', 'string', null);
$amount_value = rex_request('amount_value', 'double', null);
$dataset = rex_imtp_purchase::closeOrder($imtp_key, $order_id, $capture_id);
$item_id = intval($dataset->getValue('id'));
$order_id = 'R-IMI-'.date("Ymd").'-'.$item_id;
$dataset->setValue('order_id', $order_id);
$dataset->save();
// +++ Bestellung abgeschlossen
$product = rex_imtp_purchase::findPurchaseable(intval($dataset->getValue('product_id')));
$user = rex_imtp::getUser(intval($dataset->getValue('user_id')));
if ($product && $user)
{
$templateName = "en_email_rechnung_vorrauskasse";
switch(rex_clang::getCurrentId())
{
case 3:
$templateName = "it_email_rechnung_vorrauskasse";
break;
case 1:
$templateName = "de_email_rechnung_vorrauskasse";
break;
}
rex_imtp::sendUserMail($templateName, array("productname"=>$product->getValue('name_'.rex_clang::getCurrentId()), "order_id"=>$order_id, "capture_id"=>$capture_id, "currency_code"=>$currency_code, "amount_value"=>$amount_value), $user, null);
//$mailTo = 'poczko@initmedia.com';
$mailTo = sprogcard('imTportal_admin_email');
//rex_imtp::sendUserMail($templateName, array("productname"=>$product->getValue('name_'.rex_clang::getCurrentId()), "order_id"=>$order_id, "capture_id"=>$capture_id, "currency_code"=>$currency_code, "amount_value"=>$amount_value), $user, $mailTo);
}
}
}
?>