/** * Start the checkout process -- user can create account or log into existing account */ function shop_user_start() { // Redirects at the start of the user functions are just a way to make sure someone isn't where they don't need to be if (xarUserIsLoggedIn()) { xarResponse::redirect(xarModURL('shop', 'user', 'viewcart')); return true; } $shop = xarSession::getVar('shop'); if (empty($shop)) { xarResponse::redirect(xarModURL('shop', 'user', 'main')); return true; } sys::import('modules.dynamicdata.class.objects.master'); sys::import('modules.dynamicdata.class.properties.master'); $rolesobject = DataObjectMaster::getObject(array('name' => 'roles_users')); $properties = $rolesobject->properties; $data['properties'] = $properties; $isvalid = $rolesobject->properties['email']->checkInput(); $isvalid2 = $rolesobject->properties['password']->checkInput(); if ($isvalid && $isvalid2) { if (!xarSecConfirmAuthKey()) { // right time to do this?? return xarTplModule('privileges', 'user', 'errors', array('layout' => 'bad_author')); } // Create the role and the customer object and then log in $email = $rolesobject->properties['email']->getValue(); $password = $rolesobject->properties['password']->getValue(); $values['name'] = $email; $values['email'] = $email; $values['uname'] = $email; $values['password'] = $password; $values['state'] = 3; $rolesobject->setFieldValues($values, 1); $uid = $rolesobject->createItem(); $custobject = DataObjectMaster::getObject(array('name' => 'shop_customers')); $custobject->createItem(array('id' => $uid)); $name = 'dd_' . $properties['password']->id; $vals = $properties['password']->fetchValue($name); $pass = $vals[1][0]; $res = xarMod::APIFunc('authsystem', 'user', 'login', array('uname' => $email, 'pass' => $pass)); xarResponse::redirect(xarModURL('shop', 'user', 'shippingaddress')); return true; } else { // We don't yet have a valid email or password for registration... return xarTplModule('shop', 'user', 'start', $data); } }
/** * Get customer info */ function shop_userapi_customerinfo($args) { $values = array(); if (xarUserIsLoggedIn()) { $id = xarUserGetVar('id'); } extract($args); if (isset($id)) { sys::import('modules.dynamicdata.class.objects.master'); $custobject = DataObjectMaster::getObject(array('name' => 'shop_customers')); $some_id = $custobject->getItem(array('itemid' => $id)); if (!$some_id) { //This user must have a role but no customer account. This probably happened because a web admin uninstalled the shop module, deleting all the customer accounts but not deleting the associated roles. Let's re-create the customer record with just the id so we don't get snagged later $id = $custobject->createItem(array('id' => $id)); $custobject->getItem(array('itemid' => $id)); } $values = $custobject->getFieldValues(); return $values; } else { return; } }
/** * Complete the order. If all goes well, we'll submit the transaction to the payment gateway, save our own transaction record, and update customer info */ function shop_user_complete() { // Redirects at the start of the user functions are just a way to make sure someone isn't where they don't need to be if (!xarUserIsLoggedIn()) { xarResponse::redirect(xarModURL('shop', 'user', 'viewcart')); return true; } $order = xarSession::getVar('order'); if (empty($order)) { //Probably a page reload... no reason to be here anymore xarResponse::redirect(xarModURL('shop', 'user', 'main')); return true; } $data['order'] = $order['products']; $data['ordertid'] = $order['tid']; $data['orderdate'] = $order['date']; $data['total'] = xarSession::getVar('total'); xarSession::delVar('order'); // For privacy, order will not be redisplayed if the page is visited later xarSession::delVar('total'); return $data; }
/** * Select existing payment method or create new one to use for this transaction */ function shop_user_paymentmethod() { // Redirects at the start of the user functions are just a way to make sure someone isn't where they don't need to be $shippingaddress = xarSession::getVar('shippingaddress'); if (empty($shippingaddress)) { xarResponse::redirect(xarModURL('shop', 'user', 'shippingaddress')); return true; } $shop = xarSession::getVar('shop'); if (!xarUserIsLoggedIn() || empty($shop)) { xarResponse::redirect(xarModURL('shop', 'user', 'main')); return true; } if (!xarVarFetch('proceedsaved', 'str', $proceedsaved, NULL, XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('proceednew', 'str', $proceednew, NULL, XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('paymentmethod', 'str', $paymentmethod, NULL, XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('remove', 'str', $remove, NULL, XARVAR_NOT_REQUIRED)) { return; } $cust = xarMod::APIFunc('shop', 'user', 'customerinfo'); $data['cust'] = $cust; sys::import('modules.dynamicdata.class.objects.master'); sys::import('modules.dynamicdata.class.properties.master'); $shippingobject = DataObjectMaster::getObject(array('name' => 'shop_shippingaddresses')); $shippingobject->getItem(array('itemid' => xarSession::getVar('shippingaddress'))); $shippingvals = $shippingobject->getFieldValues(); $data['shippingvals'] = $shippingvals; // Get the saved payment methods, if any exist $mylist = DataObjectMaster::getObjectList(array('name' => 'shop_paymentmethods')); $filters = array('status' => DataPropertyMaster::DD_DISPLAYSTATE_ACTIVE, 'where' => 'customer eq ' . xarUserGetVar('id')); $paymentmethods = $mylist->getItems($filters); $data['paymentmethods'] = $paymentmethods; $data['paymentobject'] = DataObjectMaster::getObject(array('name' => 'shop_paymentmethods')); $data['paymentobject']->properties['name']->display_show_salutation = false; $data['paymentobject']->properties['name']->display_show_middlename = false; $data['paymentobject']->properties['address']->display_rows = 1; $data['paymentobject']->properties['address']->display_show_country = false; $data['properties'] = $data['paymentobject']->getProperties(); if ($remove) { if ($remove == xarSession::getVar('paymentmethod')) { xarSession::delVar('paymentmethod'); } $data['paymentobject']->getItem(array('itemid' => $remove)); $data['paymentobject']->deleteItem(); xarResponse::redirect(xarModURL('shop', 'user', 'paymentmethod')); return true; } $selectedpaymentmethod = xarSession::getVar('paymentmethod'); if (!empty($selectedpaymentmethod)) { $data['paymentmethod'] = $selectedpaymentmethod; } // If we're using a saved payment method... if ($proceedsaved) { xarSession::setVar('paymentmethod', $paymentmethod); xarResponse::redirect(xarModURL('shop', 'user', 'order')); return true; } elseif ($proceednew) { // We're not using a saved payment method... $isvalid = $data['paymentobject']->checkInput(); if (isset($exp_date)) { $exp_month = substr($exp_date, 0, 2); $exp_year = substr($exp_date, 2, 4); $reverse_date = $exp_year . $exp_month; $minimum_date = date('ym', time()); if ($minimum_date > $reverse_date) { $errors['exp_date'] = true; } } if (isset($errors)) { xarSession::setVar('errors', $errors); } if (!$isvalid) { return xarTplModule('shop', 'user', 'paymentmethod', $data); } else { xarSession::setVar('paymentmethod', $data['paymentobject']->createItem()); xarResponse::redirect(xarModURL('shop', 'user', 'order')); return true; } } return $data; }
function publications_user_view($args) { // Get parameters if (!xarVarFetch('ptid', 'id', $ptid, xarModVars::get('publications', 'defaultpubtype'), XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('startnum', 'int:0', $startnum, NULL, XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('cids', 'array', $cids, NULL, XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('andcids', 'str', $andcids, NULL, XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('catid', 'str', $catid, NULL, XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('itemtype', 'id', $itemtype, NULL, XARVAR_NOT_REQUIRED)) { return; } // TODO: put the query string through a proper parser, so searches on multiple words can be done. if (!xarVarFetch('q', 'pre:trim:passthru:str:1:200', $q, NULL, XARVAR_NOT_REQUIRED)) { return; } // can't use list enum here, because we don't know which sorts might be used // True - but we can provide some form of validation and normalisation. // The original 'regexp:/^[\w,]*$/' lets through *any* non-space character. // This validation will accept a list of comma-separated words, and will lower-case, trim // and strip out non-alphanumeric characters from each word. if (!xarVarFetch('sort', 'strlist:,:pre:trim:lower:alnum', $sort, NULL, XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('numcols', 'int:0', $numcols, NULL, XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('owner', 'id', $owner, NULL, XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('pubdate', 'str:1', $pubdate, NULL, XARVAR_NOT_REQUIRED)) { return; } // This may not be set via user input, only e.g. via template tags, API calls, blocks etc. // if(!xarVarFetch('startdate','int:0', $startdate, NULL, XARVAR_NOT_REQUIRED)) {return;} // if(!xarVarFetch('enddate', 'int:0', $enddate, NULL, XARVAR_NOT_REQUIRED)) {return;} // if(!xarVarFetch('where', 'str', $where, NULL, XARVAR_NOT_REQUIRED)) {return;} // Added to impliment an Alpha Pager if (!xarVarFetch('letter', 'pre:lower:passthru:str:1:20', $letter, NULL, XARVAR_NOT_REQUIRED)) { return; } // Override if needed from argument array (e.g. ptid, numitems etc.) extract($args); $pubtypes = xarModAPIFunc('publications', 'user', 'get_pubtypes'); // We need a valid pubtype number here if (!is_numeric($ptid) || !isset($pubtypes[$ptid])) { return xarResponse::NotFound(); } // Constants used throughout. // // publications module ID $c_modid = xarMod::getID('publications'); // state: front page or approved $c_posted = array(PUBLICATIONS_STATE_FRONTPAGE, PUBLICATIONS_STATE_APPROVED); // Default parameters if (!isset($startnum)) { $startnum = 1; } // Check if we want the default 'front page' if (!isset($catid) && !isset($cids) && empty($ptid) && !isset($owner)) { $ishome = true; // default publication type $ptid = xarModVars::get('publications', 'defaultpubtype'); // frontpage state $state = array(PUBLICATIONS_STATE_FRONTPAGE); } else { $ishome = false; // frontpage or approved state $state = $c_posted; } // Get the publication type for this display $data['pubtypeobject'] = DataObjectMaster::getObject(array('name' => 'publications_types')); $data['pubtypeobject']->getItem(array('itemid' => $ptid)); // Get the settings of this publication type $data['settings'] = xarMod::apiFunc('publications', 'user', 'getsettings', array('ptid' => $ptid)); // Get the template for this publication type if ($ishome) { $data['template'] = 'frontpage'; } else { $data['template'] = $data['pubtypeobject']->properties['template']->getValue(); } $isdefault = 0; // check default view for this type of publications if (empty($catid) && empty($cids) && empty($owner) && empty($sort)) { if (substr($data['settings']['defaultview'], 0, 1) == 'c') { $catid = substr($data['settings']['defaultview'], 1); } } // Do not transform titles if we are not transforming output at all. if (empty($data['settings']['do_transform'])) { $data['settings']['dotitletransform'] = 0; } // Page template for frontpage or depending on publication type (optional) // Note : this cannot be overridden in templates if (!empty($data['settings']['page_template'])) { xarTplSetPageTemplateName($data['settings']['page_template']); } if (empty($data['settings']['defaultsort'])) { $defaultsort = 'date'; } else { $defaultsort = $data['settings']['defaultsort']; } if (empty($sort)) { $sort = $defaultsort; } // TODO: show this *after* category list when we start from categories :) // Navigation links $data['publabel'] = xarML('Publication'); $data['publinks'] = xarModAPIFunc('publications', 'user', 'getpublinks', array('ptid' => $ishome ? '' : $ptid, 'state' => $c_posted, 'count' => $data['settings']['show_pubcount'])); $data['pager'] = ''; // Add Sort to data passed to template so that we can automatically turn on alpha pager, if needed $data['sort'] = $sort; // Add current display letter, so that we can highlight the current filter in the alpha pager $data['letter'] = $letter; // Get the users requested number of stories per page. // If user doesn't care, use the site default if (xarUserIsLoggedIn()) { // TODO: figure how to let users specify their settings // COMMENT: if the settings were split into separate module variables, // then they could all be individually over-ridden by each user. //$numitems = xarModUserGetVar('items_per_page'); } if (empty($numitems)) { if (!empty($settings['items_per_page'])) { $numitems = $settings['items_per_page']; } else { $numitems = 20; } } // turn $catid into $cids array and set $andcids flag if (!empty($catid)) { if (strpos($catid, ' ')) { $cids = explode(' ', $catid); $andcids = true; } elseif (strpos($catid, '+')) { $cids = explode('+', $catid); $andcids = true; } elseif (strpos($catid, '-')) { $cids = explode('-', $catid); $andcids = false; } else { $cids = array($catid); if (strstr($catid, '_')) { $andcids = false; // don't combine with current category } else { $andcids = true; } } } else { if (empty($cids)) { $cids = array(); } if (!isset($andcids)) { $andcids = true; } } // rebuild $catid in standard format again $catid = null; if (count($cids) > 0) { $seencid = array(); foreach ($cids as $cid) { // make sure cids are numeric if (!empty($cid) && preg_match('/^_?[0-9]+$/', $cid)) { $seencid[$cid] = 1; } } $cids = array_keys($seencid); sort($cids, SORT_NUMERIC); if ($andcids) { $catid = join('+', $cids); } else { $catid = join('-', $cids); } } // every field you always wanted to know about but were afraid to ask for :) $extra = array(); // $extra[] = 'author'; // Note: we always include cids for security checks now (= performance impact if show_categories was 0) $extra[] = 'cids'; if ($data['settings']['show_hitcount']) { $extra[] = 'counter'; } if ($data['settings']['show_ratings']) { $extra[] = 'rating'; } $now = time(); if (empty($startdate) || !is_numeric($startdate) || $startdate > $now) { $startdate = null; } if (empty($enddate) || !is_numeric($enddate) || $enddate > $now) { $enddate = $now; } if (empty($pubdate) || !preg_match('/^\\d{4}(-\\d+(-\\d+|)|)$/', $pubdate)) { $pubdate = null; } if (empty($where)) { $where = null; } // Modify the where clause if an Alpha filter has been specified. if (!empty($letter)) { // We will allow up to three initial letters, anything more than that is assumed to be 'Other'. // Need to also be very wary of SQL injection, since we are not using bind variables here. // TODO: take into account international characters. if (preg_match('/^[a-z]{1,3}$/i', $letter)) { $extrawhere = "title LIKE '{$letter}%'"; } else { // Loop through the alphabet for the 'not in' part. $letterwhere = array(); for ($i = ord('a'); $i <= ord('z'); $i++) { $letterwhere[] = "title NOT LIKE '" . chr($i) . "%'"; } $extrawhere = implode(' and ', $letterwhere); } if ($where == null) { $where = $extrawhere; } else { $where .= $extrawhere; } } // Get publications $publications = xarModAPIFunc('publications', 'user', 'getall', array('startnum' => $startnum, 'cids' => $cids, 'andcids' => $andcids, 'ptid' => isset($ptid) ? $ptid : null, 'owner' => $owner, 'state' => $state, 'sort' => $sort, 'extra' => $extra, 'where' => $where, 'search' => $q, 'numitems' => $numitems, 'pubdate' => $pubdate, 'startdate' => $startdate, 'enddate' => $enddate)); if (!is_array($publications)) { throw new Exception('Failed to retrieve publications'); } // TODO : support different 'index' templates for different types of publications // (e.g. News, Sections, ...), depending on what "view" the user // selected (per category, per publication type, a combination, ...) ? if (!empty($owner)) { $data['author'] = xarUserGetVar('name', $owner); if (empty($data['author'])) { xarErrorHandled(); $data['author'] = xarML('Unknown'); } } if (!empty($pubdate)) { $data['pubdate'] = $pubdate; } // Save some variables to (temporary) cache for use in blocks etc. xarVarSetCached('Blocks.publications', 'ptid', $ptid); xarVarSetCached('Blocks.publications', 'cids', $cids); xarVarSetCached('Blocks.publications', 'owner', $owner); if (isset($data['author'])) { xarVarSetCached('Blocks.publications', 'author', $data['author']); } if (isset($data['pubdate'])) { xarVarSetCached('Blocks.publications', 'pubdate', $data['pubdate']); } // TODO: add this to publications configuration ? if ($ishome) { $data['ptid'] = null; if (xarSecurityCheck('SubmitPublications', 0)) { $data['submitlink'] = xarModURL('publications', 'admin', 'new'); } } else { $data['ptid'] = $ptid; if (!empty($ptid)) { $curptid = $ptid; } else { $curptid = 'All'; } if (count($cids) > 0) { foreach ($cids as $cid) { if (xarSecurityCheck('SubmitPublications', 0, 'Publication', "{$curptid}:{$cid}:All:All")) { $data['submitlink'] = xarModURL('publications', 'admin', 'new', array('ptid' => $ptid, 'catid' => $catid)); break; } } } elseif (xarSecurityCheck('SubmitPublications', 0, 'Publication', "{$curptid}:All:All:All")) { $data['submitlink'] = xarModURL('publications', 'admin', 'new', array('ptid' => $ptid)); } } $data['cids'] = $cids; $data['catid'] = $catid; xarVarSetCached('Blocks.categories', 'module', 'publications'); xarVarSetCached('Blocks.categories', 'itemtype', $ptid); xarVarSetCached('Blocks.categories', 'cids', $cids); if (!empty($ptid) && !empty($pubtypes[$ptid]['description'])) { xarVarSetCached('Blocks.categories', 'title', $pubtypes[$ptid]['description']); // Note : this gets overriden by the categories navigation if necessary xarTplSetPageTitle(xarVarPrepForDisplay($pubtypes[$ptid]['description'])); } // optional category count if ($data['settings']['show_catcount']) { if (!empty($ptid)) { $pubcatcount = xarModAPIFunc('publications', 'user', 'getpubcatcount', array('state' => $c_posted, 'ptid' => $ptid)); if (isset($pubcatcount[$ptid])) { xarVarSetCached('Blocks.categories', 'catcount', $pubcatcount[$ptid]); } unset($pubcatcount); } else { $pubcatcount = xarModAPIFunc('publications', 'user', 'getpubcatcount', array('state' => $c_posted, 'reverse' => 1)); if (isset($pubcatcount) && count($pubcatcount) > 0) { $catcount = array(); foreach ($pubcatcount as $cat => $count) { $catcount[$cat] = $count['total']; } xarVarSetCached('Blocks.categories', 'catcount', $catcount); } unset($pubcatcount); } } else { // xarVarSetCached('Blocks.categories','catcount',array()); } // retrieve the number of comments for each article if (xarModIsAvailable('coments')) { if ($data['settings']['show_comments']) { $idlist = array(); foreach ($publications as $article) { $idlist[] = $article['id']; } $numcomments = xarModAPIFunc('comments', 'user', 'get_countlist', array('modid' => $c_modid, 'objectids' => $idlist)); } } // retrieve the keywords for each article if (xarModIsAvailable('coments')) { if ($data['settings']['show_keywords']) { $idlist = array(); foreach ($publications as $article) { $idlist[] = $article['id']; } $keywords = xarModAPIFunc('keywords', 'user', 'getmultiplewords', array('modid' => $c_modid, 'objectids' => $idlist, 'itemtype' => $ptid)); } } /* ------------------------------------------------------------ // retrieve the categories for each article $catinfo = array(); if ($show_categories) { $cidlist = array(); foreach ($publications as $article) { if (!empty($article['cids']) && count($article['cids']) > 0) { foreach ($article['cids'] as $cid) { $cidlist[$cid] = 1; } } } if (count($cidlist) > 0) { $catinfo = xarModAPIFunc('categories','user','getcatinfo', array('cids' => array_keys($cidlist))); // get root categories for this publication type // get base categories for all if needed $catroots = xarModAPIFunc('publications', 'user', 'getrootcats', array('ptid' => $ptid, 'all' => true) ); } foreach ($catinfo as $cid => $info) { $catinfo[$cid]['name'] = xarVarPrepForDisplay($info['name']); $catinfo[$cid]['link'] = xarModURL('publications', 'user', 'view', array('ptid' => $ptid, 'catid' => (($catid && $andcids) ? $catid . '+' . $cid : $cid) ) ); // only needed when sorting by root category id $catinfo[$cid]['root'] = 0; // means not found under a root category // only needed when sorting by root category order $catinfo[$cid]['order'] = 0; // means not found under a root category $rootidx = 1; foreach ($catroots as $rootcat) { // see if we're a child category of this rootcat (cfr. Celko model) if ($info['left'] >= $rootcat['catleft'] && $info['left'] < $rootcat['catright']) { // only needed when sorting by root category id $catinfo[$cid]['root'] = $rootcat['catid']; // only needed when sorting by root category order $catinfo[$cid]['order'] = $rootidx; break; } $rootidx++; } } // needed for sort function below $GLOBALS['artviewcatinfo'] = $catinfo; } $number = 0; foreach ($publications as $article) { // TODO: don't include ptid and catid if we don't use short URLs // link to article $article['link'] = xarModURL('publications', 'user', 'display', // don't include pubtype id if we're navigating by category array( 'ptid' => empty($ptid) ? null : $article['pubtype_id'], 'catid' => $catid, 'id' => $article['id'] ) ); // N words/bytes more in article if (!empty($article['body'])) { // note : this is only an approximate number $wordcount = count(preg_split("/\s+/", strip_tags($article['body']), -1, PREG_SPLIT_NO_EMPTY)); $article['words'] = $wordcount; // byte-count is less CPU-intensive -> make configurable ? $article['bytes'] = strlen($article['body']); } else { $article['words'] = 0; $article['bytes'] = 0; } // current publication type $curptid = $article['pubtype_id']; // TODO: make configurable? $article['redirect'] = xarModURL('publications', 'user', 'redirect', array('ptid' => $curptid, 'id' => $article['id']) ); // multi-column display (default from left to right, then from top to bottom) $article['number'] = $number; if (!empty($settings['number_of_columns'])) { $col = $number % $settings['number_of_columns']; } else { $col = 0; } // RSS Processing $current_theme = xarVarGetCached('Themes.name', 'CurrentTheme'); if (($current_theme == 'rss') or ($current_theme == 'atom')){ $article['rsstitle'] = htmlspecialchars($article['title']); //$article['rssdate'] = strtotime($article['date']); $article['rsssummary'] = preg_replace('<br />', "\n", $article['summary']); $article['rsssummary'] = xarVarPrepForDisplay(strip_tags($article['rsssummary'])); $article['rsscomment'] = xarModURL('comments', 'user', 'display', array('modid' => $c_modid, 'objectid' => $article['id'])); // $article['rsscname'] = htmlspecialchars($item['cname']); // <category>#$rsscname#</category> } // TODO: clean up depending on field format if ($do_transform) { $article['itemtype'] = $article['pubtype_id']; // TODO: what about transforming DD fields? if ($title_transform) { $article['transform'] = array('title', 'summary', 'body', 'notes'); } else { $article['transform'] = array('summary', 'body', 'notes'); } $article = xarModCallHooks('item', 'transform', $article['id'], $article, 'publications'); } $data['titles'][$article['id']] = $article['title']; // fill in the summary template for this article $summary_template = $pubtypes[$article['pubtype_id']]['name']; $number++;echo $number; } ------------------------------------------------------------ */ unset($publications); // TODO: verify for other URLs as well if ($ishome) { if (!empty($numcols) && $numcols > 1) { // if we're currently showing more than 1 column $data['showcols'] = 1; } else { $defaultcols = $data['settings']['number_of_columns']; if ($defaultcols > 1) { // if the default number of columns is more than 1 $data['showcols'] = $defaultcols; } } } // Specific layout within a template (optional) if (isset($layout)) { $data['layout'] = $layout; } // Get the publications we want to view $data['object'] = DataObjectMaster::getObject(array('name' => $data['pubtypeobject']->properties['name']->value)); $data['objectname'] = $data['pubtypeobject']->properties['name']->value; $data['ptid'] = $ptid; // $object = DataObjectMaster::getObjectList(array('name' => $data['pubtypeobject']->properties['name']->value)); // $data['items'] = $object->getItems(); $data['object'] = DataObjectMaster::getObjectList(array('name' => $data['pubtypeobject']->properties['name']->value)); // Get the items here // $items = $data['object']->getItems(); /* We're doing this in the template now // Only show top level documents, not translations sys::import('xaraya.structures.query'); $q = new Query(); $q->eq('parent_id',0); $q->eq('pubtype_id',$ptid); $q->eq('state',3); // Suppress deleted items // Remove this once listing property works with dataobject access $q->ne('state',0); $data['conditions'] = $q; */ // Set the page template if needed if (!empty($data['settings']['page_template'])) { $pagename = $data['settings']['page_template']; $position = strpos($pagename, '.'); if ($position === false) { $pagetemplate = $pagename; } else { $pagetemplate = substr($pagename, 0, $position); } xarTpl::setPageTemplateName($pagetemplate); } // Throw all the relevant settings we are using into the cache // $data['settings']['pubtypeobject'] = $data['pubtypeobject']->properties['configuration']->getValue(); // xarCore::setCached('publications', 'context' . $ptid, $data['settings']); return xarTplModule('publications', 'user', 'view', $data, $data['template']); }
/** * New account info (ship address) */ function shop_user_shippingaddress() { // Redirects at the start of the user functions are just a way to make sure someone isn't where they don't need to be $shop = xarSession::getVar('shop'); if (!xarUserIsLoggedIn() || empty($shop)) { xarResponse::redirect(xarModURL('shop', 'user', 'main')); return true; } if (!xarVarFetch('proceed', 'str', $proceed, NULL, XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('shipto', 'str', $shipto, NULL, XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('remove', 'str', $remove, NULL, XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('next', 'str', $data['next'], NULL, XARVAR_NOT_REQUIRED)) { return; } sys::import('modules.dynamicdata.class.objects.master'); $data['shippingobject'] = DataObjectMaster::getObject(array('name' => 'shop_shippingaddresses')); $data['shippingobject']->properties['name']->display_show_salutation = false; $data['shippingobject']->properties['name']->display_show_middlename = false; $data['shippingobject']->properties['address']->display_rows = 1; $data['shippingobject']->properties['address']->display_show_country = false; $data['properties'] = $data['shippingobject']->properties; if ($shipto) { xarSession::setVar('shippingaddress', $shipto); if (isset($data['next']) && !empty($data['next'])) { $func = $data['next']; } else { $func = 'paymentmethod'; } xarResponse::redirect(xarModURL('shop', 'user', $func)); return true; } if ($remove) { if ($remove == xarSession::getVar('shippingaddress')) { xarSession::delVar('shippingaddress'); } $data['shippingobject']->getItem(array('itemid' => $remove)); $data['shippingobject']->deleteItem(); xarResponse::redirect(xarModURL('shop', 'user', 'shippingaddress')); return true; } if ($proceed) { $isvalid = $data['shippingobject']->checkInput(); if (!$isvalid) { return xarTplModule('shop', 'user', 'shippingaddress', $data); } // Save the customer data $custobject = DataObjectMaster::getObject(array('name' => 'shop_customers')); $custobject->getItem(array('itemid' => xarUserGetVar('id'))); $name = $data['shippingobject']->properties['name']->value; $custobject->properties['name']->setValue($name); $custobject->updateItem(); // Save the shipping address $itemid = $data['shippingobject']->createItem(); xarSession::setVar('shippingaddress', $itemid); // update the name field in roles to use first and last name instead of email $rolesobject = xarCurrentRole(); $rolesobject->properties['name']->value = $name; $rolesobject->updateItem(); xarResponse::redirect(xarModURL('shop', 'user', 'paymentmethod')); return true; xarSession::setVar('errors', $errors); } return $data; }
/** * Review and submit order */ function shop_user_order() { // Redirects at the start of the user functions are just a way to make sure someone isn't where they don't need to be $shippingaddress = xarSession::getVar('shippingaddress'); if (empty($shippingaddress)) { xarResponse::redirect(xarModURL('shop', 'user', 'shippingaddress')); return true; } $paymentmethod = xarSession::getVar('paymentmethod'); if (empty($paymentmethod)) { xarResponse::redirect(xarModURL('shop', 'user', 'paymentmethod')); return true; } $shop = xarSession::getVar('shop'); if (!xarUserIsLoggedIn() || empty($shop)) { xarResponse::redirect(xarModURL('shop', 'user', 'main')); return; } if (!xarVarFetch('placeorder', 'str', $placeorder, NULL, XARVAR_NOT_REQUIRED)) { return; } sys::import('modules.dynamicdata.class.objects.master'); $shippingobject = DataObjectMaster::getObject(array('name' => 'shop_shippingaddresses')); $shippingobject->getItem(array('itemid' => xarSession::getVar('shippingaddress'))); $shippingvals = $shippingobject->getFieldValues(); $data['shippingvals'] = $shippingvals; $data['products'] = xarSession::getVar('products'); $data['total'] = xarSession::getVar('total'); $time = time(); xarSession::setVar('time', $time); $paymentobject = DataObjectMaster::getObject(array('name' => 'shop_paymentmethods')); $paymentmethod = xarSession::getVar('paymentmethod'); $paymentobject->getItem(array('itemid' => $paymentmethod)); $values = $paymentobject->getFieldValues(); $data['payvalues'] = $values; if ($placeorder) { /*if (isset($exp_date)) { $exp_month = substr($exp_date,0,2); $exp_year = substr($exp_date,2,4); $reverse_date = $exp_year . $exp_month; $minimum_date = date('ym',time()); if ($minimum_date > $reverse_date) { $errors = xarSession::getVar('errors'); $errors['exp_date'] = true; xarSession::setVar('errors',$errors); } }*/ // A few more things $values['date'] = $time; $values['products'] = serialize($data['products']); $values['total'] = xarSession::getVar('total'); /*****************************/ /***** PAYMENT PROCESSING ****/ /*****************************/ $response = xarMod::APIFunc('shop', 'admin', 'handlepgresponse', array('transfields' => $values)); if (isset($response['trans_id']) && !empty($response['trans_id'])) { // We have a successful transaction... $data['response'] = $response; $values['pg_transaction_id'] = $response['trans_id']; $transobject = DataObjectMaster::getObject(array('name' => 'shop_transactions')); $tid = $transobject->createItem($values); $order = xarSession::getVar('order'); $order['products'] = xarSession::getVar('products'); $order['tid'] = $tid; $order['date'] = date('F j, Y g:i a', xarSession::getVar('time')); xarSession::setVar('order', $order); xarSession::delVar('pg_response'); // This is set in shop_adminapi_handlepgresponse() //Need to clear all this now that the purchase went through. Doing so ensures we don't re-submit the order xarSession::delVar('errors'); xarSession::delVar('shop'); xarSession::delVar('products'); xarResponse::redirect(xarModURL('shop', 'user', 'complete')); return true; } else { // There must be a problem... $pg_key = xarModVars::get('shop', 'pg_key'); // Assuming we're using the key field for all payment gateways for keys, passwords and the like... if (empty($pg_key)) { $errors = xarSession::getVar('pg_response'); $pg_response['msg'] .= "<p style='color:red'><strong>Looks like you haven't entered a payment gateway key. <a href='" . xarModURL('shop', 'admin', 'overview') . "'>Read me</a>.</strong></p>"; xarSession::setVar('pg_response', $pg_response); } xarResponse::redirect(xarModURL('shop', 'user', 'order')); return true; } } return $data; }