/**
* main action
*/
public function mainAction()
{
$this->Customer = new client_customer();
$this->Company = new client_company();
$this->Customer->setCacheable(false);
$this->Company->setCacheable(false);
$this->auth = Onxshop_Bo_Authentication::getInstance();
if (is_numeric($this->GET['id'])) {
$customer_id = $this->GET['id'];
} else {
$customer_id = 0;
}
/**
* include node configuration
*/
$node_conf = common_node::initConfiguration();
$this->tpl->assign('NODE_CONF', $node_conf);
/**
* check access
*/
if (!$this->auth->hasPermission('customers', 'view')) {
return false;
}
$this->saveForm($customer_id);
$this->parseDetails($customer_id);
return true;
}
/**
* main action
*/
public function mainAction()
{
/**
* check input
*/
if ($_SESSION['client']['customer']['id'] == 0 && !Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) {
msg('controllers/client/customer_detail: You must logged in.', 'error');
onxshopGoTo("/");
} else {
if (is_numeric($this->GET['customer_id']) && constant('ONXSHOP_IN_BACKOFFICE')) {
$customer_id = $this->GET['customer_id'];
} else {
$customer_id = $_SESSION['client']['customer']['id'];
}
}
if (!is_numeric($customer_id)) {
return false;
}
/**
* initialize
*/
require_once 'models/client/client_customer.php';
$Customer = new client_customer();
$Customer->setCacheable(false);
/**
* get customer detail
*/
$customer_detail = $Customer->getDetail($customer_id);
if (is_array($customer_detail)) {
$this->tpl->assign('ITEM', $customer_detail);
} else {
msg('controllers/client/customer_detail: cannot get detail', 'error');
}
return true;
}
/**
* main action
*/
public function mainAction()
{
if ($_SESSION['client']['customer']['id'] == 0 && !Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) {
msg('client_edit: You must be logged in first.', 'error');
onxshopGoTo("/");
}
require_once 'models/client/client_customer.php';
$Customer = new client_customer();
$Customer->setCacheable(false);
$customer_id = $_SESSION['client']['customer']['id'];
if (!is_numeric($customer_id)) {
return false;
}
if ($_POST['save']) {
$_POST['client']['customer']['id'] = $customer_id;
// do not allow to set certain properties
unset($_POST['client']['customer']['status']);
unset($_POST['client']['customer']['group_id']);
unset($_POST['client']['customer']['group_ids']);
unset($_POST['client']['customer']['role_ids']);
unset($_POST['client']['customer']['account_type']);
unset($_POST['client']['customer']['other_data']);
/**
* check birthday field format
*/
if ($_POST['client']['customer']['birthday']) {
// check, expected as dd/mm/yyyy
if (!preg_match('/^\\d{1,2}\\/\\d{1,2}\\/\\d{4}$/', $_POST['client']['customer']['birthday'])) {
msg('Invalid format for birthday, use dd/mm/yyyy', 'error');
return false;
}
// Format to ISO
$_POST['client']['customer']['birthday'] = strftime('%Y-%m-%d', strtotime(str_replace('/', '-', $_POST['client']['customer']['birthday'])));
}
/**
* update
*/
if ($Customer->updateClient($_POST['client'])) {
msg(I18N_CUSTOMER_DATA_UPDATED);
} else {
msg("Can't update client data", 'error');
}
}
$client_data = $Customer->getClientData($customer_id);
$client_data['customer']['newsletter'] = $client_data['customer']['newsletter'] == 1 ? 'checked="checked" ' : '';
// format birthday only if available to avoid 01/01/1970 by default
if ($client_data['customer']['birthday'] != '') {
$client_data['customer']['birthday'] = strftime('%d/%m/%Y', strtotime($client_data['customer']['birthday']));
}
$this->tpl->assign('CLIENT', $client_data);
/**
* show password field only if previously set
*/
if ($client_data['customer']['password']) {
$this->tpl->parse('content.password');
}
return true;
}
/**
* main action
*/
public function mainAction()
{
/**
* Manage Advanced Menu
*/
if (preg_match('/backoffice/', $_SERVER['REQUEST_URI'])) {
$active_array = explode("/", $_SERVER['REQUEST_URI']);
$active = preg_replace("/\\?.*\$/", "", $active_array[3]);
} else {
$active = 'configuration';
}
$this->tpl->assign("ACTIVE_{$active}", 'active');
/**
* ACL
*/
$auth = Onxshop_Bo_Authentication::getInstance();
$isEcommerce = $auth->isEcommerce();
if ($auth->hasAnyPermission('media')) {
$this->tpl->parse('content.media');
}
if ($auth->hasAnyPermission('taxonomy')) {
$this->tpl->parse('content.taxonomy');
}
if ($auth->hasAnyPermission('seo_manager')) {
$this->tpl->parse('content.seo_manager');
}
if ($auth->hasAnyPermission('database')) {
$this->tpl->parse('content.database');
}
if ($auth->hasAnyPermission('templates')) {
$this->tpl->parse('content.templates');
}
if ($auth->hasAnyPermission('scheduler')) {
$this->tpl->parse('content.scheduler');
}
if ($auth->hasAnyPermission('currency')) {
$this->tpl->parse('content.currency');
}
if ($auth->hasAnyPermission('search_index')) {
$this->tpl->parse('content.search_index');
}
if ($auth->hasAnyPermission('api')) {
$this->tpl->parse('content.api');
}
if ($auth->hasAnyPermission('tools')) {
$this->tpl->parse('content.tools');
}
if ($auth->hasAnyPermission('logs')) {
$this->tpl->parse('content.logs');
}
if ($auth->hasAnyPermission('configuration')) {
$this->tpl->parse('content.configuration');
}
return true;
}
/**
* main action
*/
public function mainAction()
{
if (is_numeric($this->GET['order_id']) && count($_POST) > 0) {
require_once 'conf/payment/worldpay.php';
$this->transactionPrepare();
// we need this to allow get order detail with WorldPay
// we should check Worlpay IP address here
Onxshop_Bo_Authentication::getInstance()->emulateSuperuserTemporarily();
$transaction_id = $this->paymentProcess($this->GET['order_id'], $_POST);
Onxshop_Bo_Authentication::getInstance()->disableSuperuserEmulation();
}
return true;
}
/**
* main action
*/
public function mainAction()
{
if (!is_numeric($this->GET['order_id'])) {
return false;
}
require_once 'models/ecommerce/ecommerce_order.php';
$Order = new ecommerce_order();
$order_detail = $Order->getOrder($this->GET['order_id']);
//check owner
if ($order_data['basket']['customer_id'] !== $_SESSION['client']['customer']['id'] && !Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) {
msg('gift_card:unauthorized access to view order detail');
return false;
} else {
$this->tpl->assign('ORDER', $order_detail);
}
return true;
}
/**
* main action
*/
public function mainAction()
{
/**
* client
*/
$Customer = new client_customer();
$Customer->setCacheable(false);
if ($_SESSION['client']['customer']['id'] > 0 && !$this->GET['client']['email']) {
//msg('you are in');
//onxshopGoTo($this->GET['to']);
} else {
/* client submitted username/password */
if (isset($_POST['login'])) {
$customer_detail = $Customer->login($_POST['client']['customer']['email'], md5($_POST['client']['customer']['password']));
if ($customer_detail) {
$_SESSION['client']['customer'] = $customer_detail;
if (isset($_POST['autologin'])) {
// auto login (TODO allow to enable/disable this behaviour globally)
$Customer->generateAndSaveOnxshopToken($customer_detail['id']);
}
} else {
$this->loginFailed();
}
}
/* log in as client from backoffice */
if (Onxshop_Bo_Authentication::getInstance()->isAuthenticated() && $this->GET['client']['email']) {
$customer_detail = $Customer->getClientByEmail($this->GET['client']['email']);
if ($customer_detail) {
$_SESSION['client']['customer'] = $customer_detail;
} else {
msg('Login from backoffice failed.', 'error');
}
}
}
/**
* check status
*/
if ($_SESSION['client']['customer']['id'] > 0 && is_numeric($_SESSION['client']['customer']['id'])) {
$this->actionAfterLogin();
}
//output
$this->tpl->assign('CLIENT', $_POST['client']);
$this->tpl->parse('content.login_box');
return true;
}
/**
* main action
*/
public function mainAction()
{
if ($_SESSION['client']['customer']['id'] > 0) {
$customer_id = $_SESSION['client']['customer']['id'];
} else {
if (Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) {
$customer_id = $this->GET['customer_id'];
} else {
msg('orders: You must be logged in first.', 'error');
onxshopGoTo("/");
}
}
/**
* include node configuration
*/
require_once 'models/common/common_node.php';
$node_conf = common_node::initConfiguration();
$this->tpl->assign('NODE_CONF', $node_conf);
/**
* Get the list
*/
require_once 'models/ecommerce/ecommerce_order.php';
$Order = new ecommerce_order();
$Order->setCacheable(false);
$records = $Order->getOrderList($customer_id);
/**
* parse output
*/
if (count($records) > 0) {
foreach ($records as $item) {
$item['order_created'] = strftime('%d/%m/%Y %H:%M', strtotime($item['order_created']));
$item['status_title'] = $Order->getStatusTitle($item['order_status']);
$this->tpl->assign('ITEM', $item);
if ($Order->checkOrderStatusValidForPayment($item['order_status'])) {
$this->tpl->parse('content.orders.item.make_payment');
}
$this->tpl->parse('content.orders.item');
}
$this->tpl->parse('content.orders');
} else {
$this->tpl->parse('content.noorders');
}
return true;
}
/**
* main action
*/
public function mainAction()
{
/**
* Input data
*/
if (is_numeric($this->GET['id'])) {
$order_id = $this->GET['id'];
} else {
return false;
}
/**
* Create objects
*/
require_once 'models/ecommerce/ecommerce_order.php';
$Order = new ecommerce_order();
require_once 'models/ecommerce/ecommerce_delivery.php';
$Delivery = new ecommerce_delivery();
/**
* Get details for order to be able make a security check
*/
if (is_numeric($order_id)) {
$order_data = $Order->getOrder($order_id);
}
//security check of owner
if ($order_data['basket']['customer_id'] !== $_SESSION['client']['customer']['id'] && !Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) {
msg('unauthorized access to view transaction detail', 'error');
} else {
$delivery_list = $Delivery->getDeliveryListByOrderId($order_id);
//print_r($transaction_list);
if (is_array($delivery_list)) {
foreach ($delivery_list as $item) {
$item['other_data'] = unserialize($item['other_data']);
if ($item['customer_note'] == "") {
$item['customer_note'] = 'n/a';
}
$this->tpl->assign('ITEM', $item);
$this->tpl->parse('content.item');
}
}
}
return true;
}
/**
* main action
*/
public function mainAction()
{
/**
* Input data
*/
if (is_numeric($this->GET['id'])) {
$order_id = $this->GET['id'];
} else {
return false;
}
require_once 'models/ecommerce/ecommerce_order.php';
$Order = new ecommerce_order();
$Order->setCacheable(false);
require_once 'models/ecommerce/ecommerce_invoice.php';
$Invoice = new ecommerce_invoice();
$Invoice->setCacheable(false);
if (is_numeric($order_id)) {
$order_data = $Order->getOrder($order_id);
}
//security check of owner
if ($order_data['basket']['customer_id'] !== $_SESSION['client']['customer']['id'] && !Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) {
msg('unauthorized access to view invoice detail', 'error');
} else {
if ($order_data['status'] != 0) {
$invoice_detail = $Invoice->getInvoiceForOrder($order_data['id']);
if ($invoice_detail) {
//$invoice_detail['created'] = strftime('%d/%m/%Y', strtotime($invoice_detail['created']));
$this->tpl->assign("INVOICE", $invoice_detail);
$this->tpl->parse('content.invoice');
}
$this->tpl->parse('content.print_invoice');
} else {
if ($Order->conf['proforma_invoice'] == true || ONXSHOP_IN_BACKOFFICE) {
$invoice_detail = array();
$invoice_detail['order_id'] = $order_id;
$this->tpl->assign("INVOICE", $invoice_detail);
$this->tpl->parse('content.print_invoice_proforma');
}
}
}
return true;
}
/**
* main action
*/
public function mainAction()
{
/**
* Input data
*/
if (is_numeric($this->GET['id'])) {
$order_id = $this->GET['id'];
} else {
return false;
}
/**
* Initialize objects
*/
require_once 'models/ecommerce/ecommerce_order.php';
$Order = new ecommerce_order();
$Order->setCacheable(false);
require_once 'models/ecommerce/ecommerce_transaction.php';
$Transaction = new ecommerce_transaction();
/**
* Get details for order to be able make a security check
*/
if (is_numeric($order_id)) {
$order_data = $Order->getOrder($order_id);
}
//security check of owner
if ($order_data['basket']['customer_id'] !== $_SESSION['client']['customer']['id'] && !Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) {
msg('unauthorized access to view transaction detail', 'error');
} else {
$transaction_list = $Transaction->getListForOrderId($order_id);
//print_r($transaction_list);
if (is_array($transaction_list)) {
foreach ($transaction_list as $transaction_detail) {
$this->tpl->assign('TRANSACTION', $transaction_detail);
$this->tpl->parse('content.transaction');
}
} else {
msg("Order id {$order_id} has no transactions");
}
}
return true;
}
/**
* main action
*/
public function mainAction()
{
$this->Customer = new client_customer();
$this->auth = Onxshop_Bo_Authentication::getInstance();
$customer_id = $this->auth->getUserId();
if (!is_numeric($customer_id)) {
return false;
}
if ($_POST['save']) {
$_POST['client']['customer']['id'] = $customer_id;
// do not allow to set certain properties
unset($_POST['client']['customer']['status']);
unset($_POST['client']['customer']['group_id']);
unset($_POST['client']['customer']['group_ids']);
unset($_POST['client']['customer']['role_ids']);
unset($_POST['client']['customer']['account_type']);
unset($_POST['client']['customer']['other_data']);
/**
* update profile
*/
if ($this->Customer->updateClient($_POST['client'])) {
// update password
$this->updatePassword($customer_id);
msg("Backoffice profile successfully updated");
} else {
msg("Can't update backoffice profile", 'error');
}
}
$client_data = $this->Customer->getClientData($customer_id);
$this->tpl->assign('CLIENT', $client_data);
/**
* only users stored in client_customer table can update their profile
*/
if ($customer_id === 0) {
$this->tpl->parse('content.other_auth');
} else {
$this->tpl->parse('content.form');
}
return true;
}
/**
* main payment action
*/
public function mainPaymentAction()
{
setlocale(LC_MONETARY, $GLOBALS['onxshop_conf']['global']['locale']);
/**
* check input values
*/
if (is_numeric($this->GET['order_id'])) {
$order_id = $this->GET['order_id'];
} else {
msg('Payment: Missing order_id', 'error', 1);
onxshopGoTo("/page/" . $node_conf['id_map-404']);
return false;
}
/**
* include node configuration
*/
require_once 'models/common/common_node.php';
$node_conf = common_node::initConfiguration();
$this->tpl->assign('NODE_CONF', $node_conf);
/**
* get order detail
*/
$order_data = $this->Transaction->getOrderDetail($order_id);
// need to assign ORDER detail into template before processing Google Analytics
$this->tpl->assign("ORDER", $order_data);
/**
* google analytics
*/
//TODO: NOTE: Do not include the square brackets when setting the values for the form. In addition, do not use commas to separate the thousands place in your total, tax, and shipping fields - any digits after the comma will be dropped.
if ($GLOBALS['onxshop_conf']['global']['google_analytics'] != '') {
foreach ($order_data['basket']['items'] as $item) {
$this->tpl->assign("ITEM", $item);
$this->tpl->parse('content.google_analytics.item');
}
$this->tpl->parse('content.google_analytics');
}
/**
* Google Adwords, must be numeric
*/
if (is_numeric($GLOBALS['onxshop_conf']['global']['google_adwords'])) {
$this->tpl->parse('content.google_adwords');
}
/**
* find what payment method we use
*/
$payment_type = $this->Transaction->getPaymentTypeForOrder($order_id);
/**
* check whether payment is supported
*/
$controller = "component/ecommerce/payment/{$payment_type}";
if (getTemplateDir($controller . ".html") == '') {
msg("Unsupported payment type {$payment_type}", 'error');
return false;
}
/**
* Check order permission
*/
$is_owner = $order_data['basket']['customer_id'] == $_SESSION['client']['customer']['id'];
$is_bo_user = Onxshop_Bo_Authentication::getInstance()->isAuthenticated();
$is_guest_user = $order_data['client']['customer']['status'] == 5;
$is_same_session = $order_data['php_session_id'] == session_id() || $order_data['php_session_id'] == $this->GET['php_session_id'];
$has_code = !empty($this->GET['code']) && verifyHash($order_data['id'], $this->GET['code']);
if ($is_bo_user || $is_owner || $is_guest_user && $is_same_session || $has_code) {
/**
* process payment method only if status = 0 unpaid or 5 failed payment
*/
if ($this->checkOrderStatusValidForPayment($order_data['status'])) {
$total_payment_amount = $order_data['basket']['total'];
if (round($total_payment_amount, 2) == 0) {
//nil payment - payment is not needed
if ($this->processNilPayment($order_data)) {
$this->tpl->parse('content.nil_payment');
} else {
msg("Cannot process nil payment for order ID {$order_id}", 'error');
}
} else {
//process payment method as subcontent
$_Onxshop_Request = new Onxshop_Request("component/ecommerce/payment/{$payment_type}~order_id={$order_id}~");
$this->tpl->assign("RESULT", $_Onxshop_Request->getContent());
}
} else {
msg("Order ID {$order_data['id']} cannot be paid, because order status is: {$order_data['status_title']}", 'error');
return false;
}
} else {
/**
* forward to login
*/
if ($_SESSION['client']['customer']['id'] == 0) {
msg('You must login first.');
onxshopGoTo("/page/" . $node_conf['id_map-login']);
}
msg('Unauthorised access to order detail');
onxshopGoTo("/page/" . $node_conf['id_map-404']);
return false;
}
setlocale(LC_MONETARY, LOCALE);
return true;
}
/**
* recursivelly duplicate node and its contens
*/
protected function duplicateNode($original_node_id, $new_parent_id = false)
{
// read original node
$original_node_data = $this->Node->detail($original_node_id);
// copy and modify
$new_node_data = $original_node_data;
$new_node_data['title'] = "{$new_node_data['title']} (copy)";
$new_node_data['created'] = $new_node_data['modified'] = date('c');
$new_node_data['customer_id'] = (int) Onxshop_Bo_Authentication::getInstance()->getUserId();
if ($new_node_data['uri_title'] != '') {
$new_node_data['uri_title'] = "{$new_node_data['uri_title']}-copy";
}
if ($new_parent_id > 0) {
$new_node_data['parent'] = $new_parent_id;
} else {
//top level element can be forced to be unpublished via common_node.conf option
if ($this->Node->conf['unpublish_on_duplicate']) {
$new_node_data['publish'] = 0;
}
}
unset($new_node_data['id']);
// insert as new
$new_node_id = $this->Node->nodeInsert($new_node_data);
if (!is_numeric($new_node_id)) {
msg("node_duplicate: Cannot create copy of node ID {$original_node_id}", 'error');
return false;
}
// read related images
$original_images = $this->Image->listing("node_id = {$original_node_id}");
// duplicate images
if (is_array($original_images)) {
foreach ($original_images as $image) {
$new_image = $image;
$new_image['node_id'] = $new_node_id;
$new_image['modified'] = date('c');
$new_image['customer_id'] = (int) Onxshop_Bo_Authentication::getInstance()->getUserId();
unset($new_image['id']);
$image_id = $this->Image->insert($new_image);
}
}
// read taxonomy relatoins
$original_categories = $this->Taxonomy->listing("node_id = {$original_node_id}");
// duplicate taxonomy relations
if (is_array($original_categories)) {
foreach ($original_categories as $category) {
$new_category = $category;
$new_category['node_id'] = $new_node_id;
unset($new_category['id']);
$category_id = $this->Taxonomy->insert($new_category);
}
}
// read and duplicate nested nodes, but skip page nodes
$nested_nodes = $this->Node->listing("parent = {$original_node_id}");
if (is_array($nested_nodes)) {
foreach ($nested_nodes as $nested_node) {
if ($nested_node['node_group'] != 'page') {
$this->duplicateNode($nested_node['id'], $new_node_id);
}
}
}
return $new_node_id;
}
/**
* insertRevision
*/
public function insertRevision($data)
{
if (!is_numeric($data['node_id'])) {
return false;
}
if (strlen($data['object']) == 0) {
return false;
}
if (!is_array($data['content'])) {
return false;
}
/**
* serialize
*/
$data['content'] = serialize($data['content']);
/**
* customer_id
*/
$bo_user_id = Onxshop_Bo_Authentication::getInstance()->getUserId();
if (is_numeric($bo_user_id)) {
$data['customer_id'] = $bo_user_id;
} else {
$data['customer_id'] = (int) $_SESSION['client']['customer']['id'];
}
return $this->insert($data);
}
/**
* main action
*/
public function mainAction()
{
/**
* check input
*/
if ($_SESSION['client']['customer']['id'] == 0 && !Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) {
msg('controllers/client/customer_detail: You must logged in.', 'error');
onxshopGoTo("/");
} else {
if (is_numeric($this->GET['customer_id']) && constant('ONXSHOP_IN_BACKOFFICE')) {
$customer_id = $this->GET['customer_id'];
} else {
$customer_id = $_SESSION['client']['customer']['id'];
}
}
if (!is_numeric($customer_id)) {
return false;
}
/**
* initialize
*/
require_once 'models/client/client_customer.php';
$this->Customer = new client_customer();
$this->Customer->setCacheable(false);
/**
* save
*/
if (is_array($_POST['client']['customer'])) {
/**
* input data
*/
$data_to_save = $_POST['client']['customer'];
$data_to_save['id'] = $customer_id;
/**
* check birthday field format
*/
if ($data_to_save['birthday']) {
// check, expected as dd/mm/yyyy
if (!preg_match('/^\\d{1,2}\\/\\d{1,2}\\/\\d{4}$/', $data_to_save['birthday'])) {
msg('Invalid format for birthday, use dd/mm/yyyy', 'error');
return false;
}
// Format to ISO
$data_to_save['birthday'] = strftime('%Y-%m-%d', strtotime(str_replace('/', '-', $data_to_save['birthday'])));
}
/**
* save
*/
$this->saveDetail($data_to_save);
}
/**
* get customer detail
*/
$customer_detail = $this->Customer->getDetail($customer_id);
if (is_array($customer_detail)) {
$this->tpl->assign('ITEM', $customer_detail);
} else {
msg('controllers/client/customer_edit: cannot get detail', 'error');
}
return true;
}
/**
* main action
*/
public function mainAction()
{
/**
* first make sure we are on correct domain and using HTTPS if available
*/
self::checkForSecurityRedirects();
/**
* input data
*/
$translate = trim($this->GET['translate']);
if ($translate != "/") {
$translate = rtrim($translate, '/');
}
if ($this->GET['controller_request']) {
$controller_request = trim($this->GET['controller_request']);
}
/**
* file stored rules
*/
if ($custom_translate = $this->proccessFileRules($translate)) {
$controller_request = $custom_translate;
$translate = false;
//force login when request is from bo/ folder
//similar check is done in Onxshop_Bootstrap
if (preg_match('/bo\\//', $controller_request)) {
if (!$_SERVER['HTTPS'] && ONXSHOP_EDITOR_USE_SSL) {
header("Location: https://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}");
exit;
}
$auth = Onxshop_Bo_Authentication::getInstance()->login();
if (!$auth) {
$controller_request = 'sys/401';
}
$_SESSION['use_page_cache'] = false;
}
}
/**
* initialize database stored
*/
require_once 'models/common/common_uri_mapping.php';
$this->Mapper = new common_uri_mapping();
/**
* translate request to $action_to_process
*/
if ($translate) {
if (is_numeric($node_id = trim($translate, '/'))) {
// URL like /1234
/**
* short URL redirects
* TODO: allow to pass GET parameters
*/
$this->redirectToSeoURLAndExit($node_id);
} else {
if (preg_match('/^\\/\\b(page|node)\\b\\/([0-9]*)$/', $translate, $match)) {
// URL like /page/1234 or /node/1234
$mapped_node_id = $match[2];
$action_to_process = $this->getActionToProcessForExistingPage($mapped_node_id);
} else {
if ($mapped_node_id = $this->Mapper->translate($translate)) {
// URL like /abc-cbs
$action_to_process = $this->getActionToProcessForExistingPage($mapped_node_id);
} else {
if ($redirect_uri = $this->Mapper->getRedirectURI($translate)) {
// URL like /abc-cbs
/**
* explicit redirects
*/
$this->redirectToSeoURLAndExit($redirect_uri['node_id']);
} else {
if ($translate == '/home') {
$action_to_process = $this->getActionToProcessForExistingPage($this->Mapper->conf['homepage_id']);
} else {
/**
* page not found
*/
$action_to_process = $this->Mapper->getRequest($this->Mapper->conf['404_id']);
$this->http_status = '404';
}
}
}
}
}
} else {
if ($controller_request) {
// used for /request/ and /api/ handling to allow translating URLs
$action_to_process = $controller_request;
}
}
/**
* process
*/
if ($action_to_process) {
$page_data = $this->processMappedAction($action_to_process);
/**
* URI mapping iself will become output of mapped page
*/
$this->content = $page_data['content'];
} else {
msg("Cannot find action to process", 'error');
}
return true;
}
/**
* main action
*/
public function mainAction()
{
require_once 'models/ecommerce/ecommerce_order.php';
$Order = new ecommerce_order();
$Order->setCacheable(false);
if (is_numeric($this->GET['order_id'])) {
$order_id = $this->GET['order_id'];
} else {
msg('Order Detail: Missing order_id', 'error');
return false;
}
/**
* security code to allow unlogged users to pay for the order and view their invoice
*/
$this->tpl->assign('ORDER_CODE', makeHash($this->GET['order_id']));
/**
* include node configuration
*/
require_once 'models/common/common_node.php';
$node_conf = common_node::initConfiguration();
$this->tpl->assign('NODE_CONF', $node_conf);
/**
* get detail
*/
$order_data = $Order->getOrder($order_id);
//security check of the owner
$is_owner = $order_data['basket']['customer_id'] == $_SESSION['client']['customer']['id'];
$is_bo_user = Onxshop_Bo_Authentication::getInstance()->isAuthenticated();
$is_guest_user = $order_data['client']['customer']['status'] == 5;
$is_same_session = $order_data['php_session_id'] == session_id() || $order_data['php_session_id'] == $this->GET['php_session_id'];
$has_code = !empty($this->GET['code']) && verifyHash($order_data['id'], $this->GET['code']);
if ($is_bo_user || $is_owner || $is_guest_user && $is_same_session || $has_code) {
/**
* display Make Payment if appropriate
*/
if ($Order->checkOrderStatusValidForPayment($order_data['status'])) {
$this->tpl->parse('content.make_payment');
}
/**
* get address detail
*/
$_Onxshop_Request = new Onxshop_Request("component/client/address~invoices_address_id={$order_data['invoices_address_id']}:hide_button=1~");
$this->tpl->assign("ADDRESS_INVOICES", $_Onxshop_Request->getContent());
$_Onxshop_Request = new Onxshop_Request("component/client/address~delivery_address_id={$order_data['delivery_address_id']}:hide_button=1~");
$this->tpl->assign("ADDRESS_DELIVERY", $_Onxshop_Request->getContent());
/**
* basket detail
* if the order is payed, display HTML basket from the invoice, otherwise generate on the fly
*/
require_once 'models/ecommerce/ecommerce_invoice.php';
$Invoice = new ecommerce_invoice();
$Invoice->setCacheable(false);
$invoice_data = $Invoice->getInvoiceForOrder($order_data['id']);
if ($invoice_data) {
$this->tpl->assign("BASKET_DETAIL", $invoice_data['basket_detail']);
$this->tpl->parse("content.print_invoice");
} else {
$_Onxshop_Request = new Onxshop_Request("component/ecommerce/basket_detail~id={$order_data['basket_id']}:order_id={$order_id}:delivery_address_id={$order_data['delivery_address_id']}:delivery_options[carrier_id]={$order_data['other_data']['delivery_options']['carrier_id']}~");
$this->tpl->assign("BASKET_DETAIL", $_Onxshop_Request->getContent());
}
//other data
/* don't show
$order_data['other_data'] = unserialize($order_data['other_data']);
if (is_array($order_data['other_data'])) {
foreach ($order_data['other_data'] as $key=>$value) {
//format
$key = preg_replace("/required_/","",$key);
$key = preg_replace("/_/"," ",$key);
$key = ucfirst($key);
$note['key'] = $key;
$note['value'] = nl2br($value);
if ($note['value'] != '') {
$this->tpl->assign('OTHER_DATA', $note);
$this->tpl->parse('content.other_data.item');
$show_other_data = 1;
}
}
if ($show_other_data == 1) $this->tpl->parse('content.other_data');
}
*/
$order_data['created'] = strftime('%d/%m/%Y', strtotime($order_data['basket']['created']));
$this->tpl->assign('ORDER', $order_data);
} else {
msg('unauthorised access to view order detail', 'error');
}
return true;
}
/**
* main action
*/
public function mainAction()
{
/**
* Manage Sections Menu
*/
$active_page = 'pages';
$active_subpage = '';
if (preg_match('/backoffice/', $_SERVER['REQUEST_URI'])) {
$active_array = explode("/", $_SERVER['REQUEST_URI']);
$active_page = preg_replace("/\\?.*\$/", "", $active_array[2]);
if (count($active_array) > 2) {
$active_subpage = preg_replace("/\\?.*\$/", "", $active_array[3]);
}
}
$this->tpl->assign("ACTIVE_{$active_page}", 'active');
$this->tpl->assign("ACTIVE_{$active_page}_{$active_subpage}", 'active');
/**
* ACL
*/
$auth = Onxshop_Bo_Authentication::getInstance();
$isEcommerce = $auth->isEcommerce();
if ($auth->hasAnyPermission('front_office')) {
$this->tpl->parse('content.fe_edit');
}
if ($auth->hasAnyPermission('nodes')) {
$this->tpl->parse('content.pages');
}
if ($auth->hasAnyPermission('nodes')) {
$this->tpl->parse('content.news');
}
if ($auth->hasAnyPermission('products') && $isEcommerce) {
$this->tpl->parse('content.products');
}
if ($auth->hasAnyPermission('recipes') && $isEcommerce) {
$this->tpl->parse('content.recipes');
}
if ($auth->hasAnyPermission('stores') && $isEcommerce) {
$this->tpl->parse('content.stores');
}
if ($auth->hasAnyPermission('orders') && $isEcommerce) {
$this->tpl->parse('content.orders');
}
if ($auth->hasAnyPermission('stock') && $isEcommerce) {
$this->tpl->parse('content.stock');
}
if ($auth->hasAnyPermission('customers')) {
$this->tpl->parse('content.customers');
}
if ($auth->hasAnyPermission('reports') && $isEcommerce) {
$this->tpl->parse('content.stats');
}
if ($auth->hasAnyPermission('discounts') && $isEcommerce) {
$this->tpl->parse('content.marketing');
}
if ($auth->hasAnyPermission('comments')) {
$this->tpl->parse('content.comments');
}
if ($auth->hasAnyPermission('surveys')) {
$this->tpl->parse('content.surveys');
}
if ($auth->hasAnyPermission('_all_')) {
$this->tpl->parse('content.advanced');
}
return true;
}
/**
* checkEditPermission
*/
public function checkEditPermission($item)
{
if (Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) {
return true;
}
return false;
}
/**
* Disable superuser emulation
*/
public function disableSuperuserEmulation()
{
self::$superuserEmulation = false;
}
/**
* check group_acl
*/
public function checkDisplayPermissionGroupAcl($node_data, $force_admin_visibility = true)
{
// return true in case display permission are not set
if (!is_array($node_data['display_permission_group_acl'])) {
return true;
}
if (Onxshop_Bo_Authentication::getInstance()->isAuthenticated() && $force_admin_visibility) {
return true;
}
// first set rule for Everyone
switch ($node_data['display_permission_group_acl'][0]) {
case '0':
$visibility = false;
break;
case '1':
$visibility = true;
break;
case '-1':
default:
$visibility = true;
break;
}
// than set rule as per active user groups
if (!is_array($_SESSION['client']['customer']['group_ids'])) {
return $visibility;
}
if (count($_SESSION['client']['customer']['group_ids']) == 0) {
return $visibility;
}
$visible = 0;
$invisible = 0;
foreach ($_SESSION['client']['customer']['group_ids'] as $group_id) {
switch ($node_data['display_permission_group_acl'][$group_id]) {
case '0':
$invisible++;
break;
case '1':
$visible++;
break;
}
}
// visibility has priority
if ($visible > 0) {
return true;
}
// if no visibility explicitly defined and invisibility explicitly defined then hide
if ($visible == 0 && $invisible > 0) {
return false;
}
// otherwise use rule for everyone
return $visibility;
}
/**
* Get active customer Id
*/
protected function getActiveCustomerId()
{
if ($_SESSION['client']['customer']['id'] > 0) {
$customer_id = $_SESSION['client']['customer']['id'];
} else {
if (Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) {
$customer_id = $this->GET['customer_id'];
} else {
$customer_id = false;
}
}
return $customer_id;
}
$file = "public_html/share/images/missing_image.png";
}
$file = ONXSHOP_PROJECT_DIR . $file;
$realpath = realpath($file);
/**
* Read file
*/
if (!is_readable($file)) {
//file does not exists
//$file = ONXSHOP_PROJECT_DIR . "public_html/share/images/missing_image.png";
header("HTTP/1.0 404 Not Found");
echo "missing";
// log it
} else {
//admin user can download any content from var/ directory
if (Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) {
$check = addcslashes(ONXSHOP_PROJECT_DIR, '/') . 'var\\/';
} else {
//guest user can download only content of var/files
//$check = addcslashes(ONXSHOP_PROJECT_DIR, '/') . 'var\/images\/';
$check = addcslashes(ONXSHOP_PROJECT_DIR, '/') . 'var\\/files\\/';
}
if (!preg_match("/{$check}/", $realpath)) {
header("HTTP/1.0 403 Forbidden");
echo "forbidden";
exit;
}
/**
* Detect file type and send to the clien
*/
$mimetype = local_exec("file -bi " . escapeshellarg($file));
/**
* main action
*/
public function mainAction()
{
/**
* check GET.id
*/
if (is_numeric($this->GET['id'])) {
$order_id = $this->GET['id'];
} else {
msg("component/ecommerce/invoice: GET.id is not numeric", 'error');
return false;
}
/**
* initialize
*/
require_once 'models/ecommerce/ecommerce_invoice.php';
require_once 'models/ecommerce/ecommerce_order.php';
$Invoice = new ecommerce_invoice();
$Order = new ecommerce_order();
$Invoice->setCacheable(false);
$Order->setCacheable(false);
$this->tpl->assign('CONF', $Invoice->conf);
/**
* get order data
*/
$order_data = $Order->getOrder($order_id);
/**
* check owner
*/
//security check of the owner
$is_owner = $order_data['basket']['customer_id'] == $_SESSION['client']['customer']['id'];
$is_bo_user = Onxshop_Bo_Authentication::getInstance()->isAuthenticated();
$is_guest_user = $order_data['client']['customer']['status'] == 5;
$is_same_session = $order_data['php_session_id'] == session_id() || $order_data['php_session_id'] == $this->GET['php_session_id'];
$has_code = !empty($this->GET['code']) && verifyHash($order_data['id'], $this->GET['code']);
if ($is_bo_user || $is_owner || $is_guest_user && $is_same_session || $has_code) {
/**
* check dift option
*/
if ($order_data['other_data']['delivery_options']['other_data']['gift'] == 1 || $order_data['other_data']['gift'] == 1) {
$this->tpl->parse('content.gift');
}
/**
* display appropriate carrier logo
*/
$carrier_id = $order_data['other_data']['delivery_options']['carrier_id'];
$this->tpl->parse("content.type.carrier_id_{$carrier_id}");
$this->tpl->parse('content.type');
/**
* get invoice details
*/
$invoice_data = $Invoice->getInvoiceForOrder($this->GET['id']);
/**
* other data
*/
/*
$order_data['other_data'] = unserialize($order_data['other_data']);
if (is_array($order_data['other_data'])) {
foreach ($order_data['other_data'] as $key=>$value) {
//format
$key = preg_replace("/required_/","",$key);
$key = preg_replace("/_/"," ",$key);
$key = ucfirst($key);
$note['key'] = $key;
$note['value'] = nl2br($value);
if ($note['value'] != '') {
$this->tpl->assign('OTHER_DATA', $note);
$this->tpl->parse('content.other_data.item');
$show_other_data = 1;
}
}
if ($show_other_data == 1) $this->tpl->parse('content.other_data');
}
*/
//$invoice_data['created'] = strftime('%d/%m/%Y', strtotime($invoice_data['created']));
if (empty($invoice_data['basket_detail_enhanced'])) {
$invoice_data['basket_detail_enhanced'] = $invoice_data['basket_detail'];
}
$this->tpl->assign('INVOICE', $invoice_data);
$this->tpl->assign('ORDER', $order_data);
if ($Invoice->conf['company_logo'] != '') {
$this->tpl->parse('content.logoimage');
} else {
$this->tpl->parse('content.logotypo');
}
} else {
msg('unauthorized access to view order detail');
}
return true;
}
/**
* insert file
*
* @param array $file
* information of file for insert
*
* @return integer
* ID of inserted file or false
*/
function insertFile($file = array())
{
$src = ONXSHOP_PROJECT_DIR . $file['src'];
if (is_readable($src)) {
if (!is_numeric($file['priority'])) {
$file['priority'] = 0;
}
$file['modified'] = date('c');
if (!is_numeric($file['author'])) {
$file['author'] = 0;
}
// deprecated as of Onxshop 1.7
if (!is_numeric($file['customer_id'])) {
$bo_user_id = Onxshop_Bo_Authentication::getInstance()->getUserId();
if (is_numeric($bo_user_id)) {
$file['customer_id'] = $bo_user_id;
} else {
$file['customer_id'] = (int) $_SESSION['client']['customer']['id'];
}
}
if ($id = $this->insert($file)) {
msg('File Inserted', 'ok', 2);
return $id;
} else {
msg("Can't insert file {$src}", 'error');
return false;
}
} else {
msg("{$src} does not exists!", 'error');
return false;
}
}
/**
* get request
*/
function getRequest($node_id)
{
require_once 'models/common/common_node.php';
$Node = new common_node();
if ($Node->detail($node_id)) {
$append = ".node~id={$node_id}~";
if ($node_id == $this->conf['404_id']) {
$append = "{$append}.sys/404";
}
} else {
$append = ".node~id=" . $this->conf['404_id'] . "~.sys/404";
}
if (Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) {
//hack to pass _SESSION.fe_edit_mode even before it's called again from fe_edit
//consider moving this to $Bootstrap->initPreAction
//probably this whole block, _GET shouldn't be here!
$_Onxshop_Request = new Onxshop_Request('bo/component/fe_edit_mode');
$request = ONXSHOP_DEFAULT_TYPE . "~id={$node_id}~.bo/fe_edit~id={$node_id}~." . ONXSHOP_MAIN_TEMPLATE . "~id={$node_id}~{$append}";
} else {
$request = ONXSHOP_DEFAULT_LAYOUT . "~id={$node_id}~" . "{$append}";
}
return $request;
}
/**
* isPageCacheAllowed
*/
public function isPageCacheAllowed()
{
/**
* default value
*/
$use_page_cache = true;
/**
* cache can be disabled on request
*/
if (isset($_GET['nocache'])) {
$this->disable_page_cache = $_GET['nocache'];
}
// check if explicitly disabled
if ($this->disable_page_cache || ONXSHOP_PAGE_CACHE_TTL == 0) {
$use_page_cache = false;
} else {
/**
* previously set (i.e. disabled) in session
*/
if (isset($_SESSION['use_page_cache'])) {
$use_page_cache = $_SESSION['use_page_cache'];
}
/**
* disable page cache for whole session after a user interaction and for backoffice users
*/
if (count($_POST) > 0 || Onxshop_Bo_Authentication::getInstance()->isAuthenticated() || $_SESSION['client']['customer']['id'] > 0) {
$use_page_cache = false;
}
/**
* TODO: allow to configure what _GET variables will disable page cache
* disable page cache also when sorting and mode is submitted
* component/ecommerce/product_list_sorting
* or when preview_token is used, i.e. news article preview
*/
if (is_array($_GET['sort']) || $_GET['product_list_mode'] || $_GET['preview_token']) {
$use_page_cache = false;
}
}
return $use_page_cache;
}
/**
* canViewPage
* check if page is published, but keep it available in edit mode
* and allow to see when provided GET.preview_token
*/
public function canViewPage($node_data)
{
if ($this->checkForValidPreviewToken($node_data)) {
msg("This page is waiting for approval");
return true;
} else {
if (Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) {
return true;
} else {
return $node_data['publish'];
}
}
}
