function action_order()
{
session_start();
$model = $_SESSION['basket'];
$login = $_SESSION["login"];
if (!is_null($_SESSION["login"])) {
$account = AccountService::GetByName($login, true);
$order = OrderHelper::PopulateOrderFromBasketViewModel($model, $account->account_id);
$order = OrderService::Create($order);
$products = $model->products;
for ($i = 0; $i < count($products); $i++) {
for ($j = 0; $j < $model->counts[$i]; $j++) {
$orderlist = new OrderList();
$orderlist->order_id = $order->order_id;
$orderlist->product_id = $products[$i]->Id;
OrderListService::Create($orderlist);
}
}
$_SESSION['basket'] = null;
EmailService::SendNewOrderMessage($account, $order->order_id, $model->SumPrice());
$data = $order->order_id;
$this->view->generate('Order_view.php', 'template_view.php', $data);
} else {
header('Location: /Account/login');
}
}
public static function Verification($permission_name, $crud = __CanRead__)
{
session_start();
$account_name = $_SESSION['login'];
if (!is_null($account_name)) {
$account = AccountService::GetByName($account_name, true);
if (!is_null($account)) {
$roles = UserRoleService::GetByUserId($account->account_id);
$permission = PermissionService::GetByName($permission_name);
$res = false;
for ($i = 0; $i < count($roles); $i++) {
$rps = RolePermissionService::GetByRoleIdPermissionId($roles[$i]->role_id, $permission->permission_id);
foreach ($rps as $value) {
$rr = PermissionHelper::setPermissionFlag(__CanCreate__, $value->cancreate) | PermissionHelper::setPermissionFlag(__CanRead__, $value->canread) | PermissionHelper::setPermissionFlag(__CanUpdate__, $value->canupdate) | PermissionHelper::setPermissionFlag(__CanRemove__, $value->canremove);
if (($rr & $crud) == $crud) {
$res = true;
}
}
}
}
} else {
header('Location: /account/permission');
}
if (!$res) {
header('Location: /account/permission');
}
}
public static function Get($accountName, $password)
{
$account = AccountService::GetByName($accountName, true);
if ($account->passwordkey == hash_pbkdf2("sha256", $password, $account->passwordsalt, 1000, 20)) {
return $account;
} else {
return null;
}
}
function action_newReview()
{
session_start();
$login = $_SESSION["login"];
if (!is_null($login)) {
$tovarId = $_POST['tovarId'];
$review = new Review();
$review->product_id = $tovarId;
$review->account_id = AccountService::GetByName($login, true)->account_id;
$review->value = $_POST['reviewText'];
ReviewService::Create($review);
header("Location: /Review/thanks");
} else {
header("Location: /Account/Login");
}
}
