/** * main action */ public function mainAction() { $this->Customer = new client_customer(); $this->Company = new client_company(); $this->Customer->setCacheable(false); $this->Company->setCacheable(false); $this->auth = Onxshop_Bo_Authentication::getInstance(); if (is_numeric($this->GET['id'])) { $customer_id = $this->GET['id']; } else { $customer_id = 0; } /** * include node configuration */ $node_conf = common_node::initConfiguration(); $this->tpl->assign('NODE_CONF', $node_conf); /** * check access */ if (!$this->auth->hasPermission('customers', 'view')) { return false; } $this->saveForm($customer_id); $this->parseDetails($customer_id); return true; }
/** * main action */ public function mainAction() { /** * check input */ if ($_SESSION['client']['customer']['id'] == 0 && !Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) { msg('controllers/client/customer_detail: You must logged in.', 'error'); onxshopGoTo("/"); } else { if (is_numeric($this->GET['customer_id']) && constant('ONXSHOP_IN_BACKOFFICE')) { $customer_id = $this->GET['customer_id']; } else { $customer_id = $_SESSION['client']['customer']['id']; } } if (!is_numeric($customer_id)) { return false; } /** * initialize */ require_once 'models/client/client_customer.php'; $Customer = new client_customer(); $Customer->setCacheable(false); /** * get customer detail */ $customer_detail = $Customer->getDetail($customer_id); if (is_array($customer_detail)) { $this->tpl->assign('ITEM', $customer_detail); } else { msg('controllers/client/customer_detail: cannot get detail', 'error'); } return true; }
/** * main action */ public function mainAction() { if ($_SESSION['client']['customer']['id'] == 0 && !Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) { msg('client_edit: You must be logged in first.', 'error'); onxshopGoTo("/"); } require_once 'models/client/client_customer.php'; $Customer = new client_customer(); $Customer->setCacheable(false); $customer_id = $_SESSION['client']['customer']['id']; if (!is_numeric($customer_id)) { return false; } if ($_POST['save']) { $_POST['client']['customer']['id'] = $customer_id; // do not allow to set certain properties unset($_POST['client']['customer']['status']); unset($_POST['client']['customer']['group_id']); unset($_POST['client']['customer']['group_ids']); unset($_POST['client']['customer']['role_ids']); unset($_POST['client']['customer']['account_type']); unset($_POST['client']['customer']['other_data']); /** * check birthday field format */ if ($_POST['client']['customer']['birthday']) { // check, expected as dd/mm/yyyy if (!preg_match('/^\\d{1,2}\\/\\d{1,2}\\/\\d{4}$/', $_POST['client']['customer']['birthday'])) { msg('Invalid format for birthday, use dd/mm/yyyy', 'error'); return false; } // Format to ISO $_POST['client']['customer']['birthday'] = strftime('%Y-%m-%d', strtotime(str_replace('/', '-', $_POST['client']['customer']['birthday']))); } /** * update */ if ($Customer->updateClient($_POST['client'])) { msg(I18N_CUSTOMER_DATA_UPDATED); } else { msg("Can't update client data", 'error'); } } $client_data = $Customer->getClientData($customer_id); $client_data['customer']['newsletter'] = $client_data['customer']['newsletter'] == 1 ? 'checked="checked" ' : ''; // format birthday only if available to avoid 01/01/1970 by default if ($client_data['customer']['birthday'] != '') { $client_data['customer']['birthday'] = strftime('%d/%m/%Y', strtotime($client_data['customer']['birthday'])); } $this->tpl->assign('CLIENT', $client_data); /** * show password field only if previously set */ if ($client_data['customer']['password']) { $this->tpl->parse('content.password'); } return true; }
/** * main action */ public function mainAction() { /** * Manage Advanced Menu */ if (preg_match('/backoffice/', $_SERVER['REQUEST_URI'])) { $active_array = explode("/", $_SERVER['REQUEST_URI']); $active = preg_replace("/\\?.*\$/", "", $active_array[3]); } else { $active = 'configuration'; } $this->tpl->assign("ACTIVE_{$active}", 'active'); /** * ACL */ $auth = Onxshop_Bo_Authentication::getInstance(); $isEcommerce = $auth->isEcommerce(); if ($auth->hasAnyPermission('media')) { $this->tpl->parse('content.media'); } if ($auth->hasAnyPermission('taxonomy')) { $this->tpl->parse('content.taxonomy'); } if ($auth->hasAnyPermission('seo_manager')) { $this->tpl->parse('content.seo_manager'); } if ($auth->hasAnyPermission('database')) { $this->tpl->parse('content.database'); } if ($auth->hasAnyPermission('templates')) { $this->tpl->parse('content.templates'); } if ($auth->hasAnyPermission('scheduler')) { $this->tpl->parse('content.scheduler'); } if ($auth->hasAnyPermission('currency')) { $this->tpl->parse('content.currency'); } if ($auth->hasAnyPermission('search_index')) { $this->tpl->parse('content.search_index'); } if ($auth->hasAnyPermission('api')) { $this->tpl->parse('content.api'); } if ($auth->hasAnyPermission('tools')) { $this->tpl->parse('content.tools'); } if ($auth->hasAnyPermission('logs')) { $this->tpl->parse('content.logs'); } if ($auth->hasAnyPermission('configuration')) { $this->tpl->parse('content.configuration'); } return true; }
/** * main action */ public function mainAction() { if (is_numeric($this->GET['order_id']) && count($_POST) > 0) { require_once 'conf/payment/worldpay.php'; $this->transactionPrepare(); // we need this to allow get order detail with WorldPay // we should check Worlpay IP address here Onxshop_Bo_Authentication::getInstance()->emulateSuperuserTemporarily(); $transaction_id = $this->paymentProcess($this->GET['order_id'], $_POST); Onxshop_Bo_Authentication::getInstance()->disableSuperuserEmulation(); } return true; }
/** * main action */ public function mainAction() { if (!is_numeric($this->GET['order_id'])) { return false; } require_once 'models/ecommerce/ecommerce_order.php'; $Order = new ecommerce_order(); $order_detail = $Order->getOrder($this->GET['order_id']); //check owner if ($order_data['basket']['customer_id'] !== $_SESSION['client']['customer']['id'] && !Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) { msg('gift_card:unauthorized access to view order detail'); return false; } else { $this->tpl->assign('ORDER', $order_detail); } return true; }
/** * main action */ public function mainAction() { /** * client */ $Customer = new client_customer(); $Customer->setCacheable(false); if ($_SESSION['client']['customer']['id'] > 0 && !$this->GET['client']['email']) { //msg('you are in'); //onxshopGoTo($this->GET['to']); } else { /* client submitted username/password */ if (isset($_POST['login'])) { $customer_detail = $Customer->login($_POST['client']['customer']['email'], md5($_POST['client']['customer']['password'])); if ($customer_detail) { $_SESSION['client']['customer'] = $customer_detail; if (isset($_POST['autologin'])) { // auto login (TODO allow to enable/disable this behaviour globally) $Customer->generateAndSaveOnxshopToken($customer_detail['id']); } } else { $this->loginFailed(); } } /* log in as client from backoffice */ if (Onxshop_Bo_Authentication::getInstance()->isAuthenticated() && $this->GET['client']['email']) { $customer_detail = $Customer->getClientByEmail($this->GET['client']['email']); if ($customer_detail) { $_SESSION['client']['customer'] = $customer_detail; } else { msg('Login from backoffice failed.', 'error'); } } } /** * check status */ if ($_SESSION['client']['customer']['id'] > 0 && is_numeric($_SESSION['client']['customer']['id'])) { $this->actionAfterLogin(); } //output $this->tpl->assign('CLIENT', $_POST['client']); $this->tpl->parse('content.login_box'); return true; }
/** * main action */ public function mainAction() { if ($_SESSION['client']['customer']['id'] > 0) { $customer_id = $_SESSION['client']['customer']['id']; } else { if (Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) { $customer_id = $this->GET['customer_id']; } else { msg('orders: You must be logged in first.', 'error'); onxshopGoTo("/"); } } /** * include node configuration */ require_once 'models/common/common_node.php'; $node_conf = common_node::initConfiguration(); $this->tpl->assign('NODE_CONF', $node_conf); /** * Get the list */ require_once 'models/ecommerce/ecommerce_order.php'; $Order = new ecommerce_order(); $Order->setCacheable(false); $records = $Order->getOrderList($customer_id); /** * parse output */ if (count($records) > 0) { foreach ($records as $item) { $item['order_created'] = strftime('%d/%m/%Y %H:%M', strtotime($item['order_created'])); $item['status_title'] = $Order->getStatusTitle($item['order_status']); $this->tpl->assign('ITEM', $item); if ($Order->checkOrderStatusValidForPayment($item['order_status'])) { $this->tpl->parse('content.orders.item.make_payment'); } $this->tpl->parse('content.orders.item'); } $this->tpl->parse('content.orders'); } else { $this->tpl->parse('content.noorders'); } return true; }
/** * main action */ public function mainAction() { /** * Input data */ if (is_numeric($this->GET['id'])) { $order_id = $this->GET['id']; } else { return false; } /** * Create objects */ require_once 'models/ecommerce/ecommerce_order.php'; $Order = new ecommerce_order(); require_once 'models/ecommerce/ecommerce_delivery.php'; $Delivery = new ecommerce_delivery(); /** * Get details for order to be able make a security check */ if (is_numeric($order_id)) { $order_data = $Order->getOrder($order_id); } //security check of owner if ($order_data['basket']['customer_id'] !== $_SESSION['client']['customer']['id'] && !Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) { msg('unauthorized access to view transaction detail', 'error'); } else { $delivery_list = $Delivery->getDeliveryListByOrderId($order_id); //print_r($transaction_list); if (is_array($delivery_list)) { foreach ($delivery_list as $item) { $item['other_data'] = unserialize($item['other_data']); if ($item['customer_note'] == "") { $item['customer_note'] = 'n/a'; } $this->tpl->assign('ITEM', $item); $this->tpl->parse('content.item'); } } } return true; }
/** * main action */ public function mainAction() { /** * Input data */ if (is_numeric($this->GET['id'])) { $order_id = $this->GET['id']; } else { return false; } require_once 'models/ecommerce/ecommerce_order.php'; $Order = new ecommerce_order(); $Order->setCacheable(false); require_once 'models/ecommerce/ecommerce_invoice.php'; $Invoice = new ecommerce_invoice(); $Invoice->setCacheable(false); if (is_numeric($order_id)) { $order_data = $Order->getOrder($order_id); } //security check of owner if ($order_data['basket']['customer_id'] !== $_SESSION['client']['customer']['id'] && !Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) { msg('unauthorized access to view invoice detail', 'error'); } else { if ($order_data['status'] != 0) { $invoice_detail = $Invoice->getInvoiceForOrder($order_data['id']); if ($invoice_detail) { //$invoice_detail['created'] = strftime('%d/%m/%Y', strtotime($invoice_detail['created'])); $this->tpl->assign("INVOICE", $invoice_detail); $this->tpl->parse('content.invoice'); } $this->tpl->parse('content.print_invoice'); } else { if ($Order->conf['proforma_invoice'] == true || ONXSHOP_IN_BACKOFFICE) { $invoice_detail = array(); $invoice_detail['order_id'] = $order_id; $this->tpl->assign("INVOICE", $invoice_detail); $this->tpl->parse('content.print_invoice_proforma'); } } } return true; }
/** * main action */ public function mainAction() { /** * Input data */ if (is_numeric($this->GET['id'])) { $order_id = $this->GET['id']; } else { return false; } /** * Initialize objects */ require_once 'models/ecommerce/ecommerce_order.php'; $Order = new ecommerce_order(); $Order->setCacheable(false); require_once 'models/ecommerce/ecommerce_transaction.php'; $Transaction = new ecommerce_transaction(); /** * Get details for order to be able make a security check */ if (is_numeric($order_id)) { $order_data = $Order->getOrder($order_id); } //security check of owner if ($order_data['basket']['customer_id'] !== $_SESSION['client']['customer']['id'] && !Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) { msg('unauthorized access to view transaction detail', 'error'); } else { $transaction_list = $Transaction->getListForOrderId($order_id); //print_r($transaction_list); if (is_array($transaction_list)) { foreach ($transaction_list as $transaction_detail) { $this->tpl->assign('TRANSACTION', $transaction_detail); $this->tpl->parse('content.transaction'); } } else { msg("Order id {$order_id} has no transactions"); } } return true; }
/** * main action */ public function mainAction() { $this->Customer = new client_customer(); $this->auth = Onxshop_Bo_Authentication::getInstance(); $customer_id = $this->auth->getUserId(); if (!is_numeric($customer_id)) { return false; } if ($_POST['save']) { $_POST['client']['customer']['id'] = $customer_id; // do not allow to set certain properties unset($_POST['client']['customer']['status']); unset($_POST['client']['customer']['group_id']); unset($_POST['client']['customer']['group_ids']); unset($_POST['client']['customer']['role_ids']); unset($_POST['client']['customer']['account_type']); unset($_POST['client']['customer']['other_data']); /** * update profile */ if ($this->Customer->updateClient($_POST['client'])) { // update password $this->updatePassword($customer_id); msg("Backoffice profile successfully updated"); } else { msg("Can't update backoffice profile", 'error'); } } $client_data = $this->Customer->getClientData($customer_id); $this->tpl->assign('CLIENT', $client_data); /** * only users stored in client_customer table can update their profile */ if ($customer_id === 0) { $this->tpl->parse('content.other_auth'); } else { $this->tpl->parse('content.form'); } return true; }
/** * main payment action */ public function mainPaymentAction() { setlocale(LC_MONETARY, $GLOBALS['onxshop_conf']['global']['locale']); /** * check input values */ if (is_numeric($this->GET['order_id'])) { $order_id = $this->GET['order_id']; } else { msg('Payment: Missing order_id', 'error', 1); onxshopGoTo("/page/" . $node_conf['id_map-404']); return false; } /** * include node configuration */ require_once 'models/common/common_node.php'; $node_conf = common_node::initConfiguration(); $this->tpl->assign('NODE_CONF', $node_conf); /** * get order detail */ $order_data = $this->Transaction->getOrderDetail($order_id); // need to assign ORDER detail into template before processing Google Analytics $this->tpl->assign("ORDER", $order_data); /** * google analytics */ //TODO: NOTE: Do not include the square brackets when setting the values for the form. In addition, do not use commas to separate the thousands place in your total, tax, and shipping fields - any digits after the comma will be dropped. if ($GLOBALS['onxshop_conf']['global']['google_analytics'] != '') { foreach ($order_data['basket']['items'] as $item) { $this->tpl->assign("ITEM", $item); $this->tpl->parse('content.google_analytics.item'); } $this->tpl->parse('content.google_analytics'); } /** * Google Adwords, must be numeric */ if (is_numeric($GLOBALS['onxshop_conf']['global']['google_adwords'])) { $this->tpl->parse('content.google_adwords'); } /** * find what payment method we use */ $payment_type = $this->Transaction->getPaymentTypeForOrder($order_id); /** * check whether payment is supported */ $controller = "component/ecommerce/payment/{$payment_type}"; if (getTemplateDir($controller . ".html") == '') { msg("Unsupported payment type {$payment_type}", 'error'); return false; } /** * Check order permission */ $is_owner = $order_data['basket']['customer_id'] == $_SESSION['client']['customer']['id']; $is_bo_user = Onxshop_Bo_Authentication::getInstance()->isAuthenticated(); $is_guest_user = $order_data['client']['customer']['status'] == 5; $is_same_session = $order_data['php_session_id'] == session_id() || $order_data['php_session_id'] == $this->GET['php_session_id']; $has_code = !empty($this->GET['code']) && verifyHash($order_data['id'], $this->GET['code']); if ($is_bo_user || $is_owner || $is_guest_user && $is_same_session || $has_code) { /** * process payment method only if status = 0 unpaid or 5 failed payment */ if ($this->checkOrderStatusValidForPayment($order_data['status'])) { $total_payment_amount = $order_data['basket']['total']; if (round($total_payment_amount, 2) == 0) { //nil payment - payment is not needed if ($this->processNilPayment($order_data)) { $this->tpl->parse('content.nil_payment'); } else { msg("Cannot process nil payment for order ID {$order_id}", 'error'); } } else { //process payment method as subcontent $_Onxshop_Request = new Onxshop_Request("component/ecommerce/payment/{$payment_type}~order_id={$order_id}~"); $this->tpl->assign("RESULT", $_Onxshop_Request->getContent()); } } else { msg("Order ID {$order_data['id']} cannot be paid, because order status is: {$order_data['status_title']}", 'error'); return false; } } else { /** * forward to login */ if ($_SESSION['client']['customer']['id'] == 0) { msg('You must login first.'); onxshopGoTo("/page/" . $node_conf['id_map-login']); } msg('Unauthorised access to order detail'); onxshopGoTo("/page/" . $node_conf['id_map-404']); return false; } setlocale(LC_MONETARY, LOCALE); return true; }
/** * recursivelly duplicate node and its contens */ protected function duplicateNode($original_node_id, $new_parent_id = false) { // read original node $original_node_data = $this->Node->detail($original_node_id); // copy and modify $new_node_data = $original_node_data; $new_node_data['title'] = "{$new_node_data['title']} (copy)"; $new_node_data['created'] = $new_node_data['modified'] = date('c'); $new_node_data['customer_id'] = (int) Onxshop_Bo_Authentication::getInstance()->getUserId(); if ($new_node_data['uri_title'] != '') { $new_node_data['uri_title'] = "{$new_node_data['uri_title']}-copy"; } if ($new_parent_id > 0) { $new_node_data['parent'] = $new_parent_id; } else { //top level element can be forced to be unpublished via common_node.conf option if ($this->Node->conf['unpublish_on_duplicate']) { $new_node_data['publish'] = 0; } } unset($new_node_data['id']); // insert as new $new_node_id = $this->Node->nodeInsert($new_node_data); if (!is_numeric($new_node_id)) { msg("node_duplicate: Cannot create copy of node ID {$original_node_id}", 'error'); return false; } // read related images $original_images = $this->Image->listing("node_id = {$original_node_id}"); // duplicate images if (is_array($original_images)) { foreach ($original_images as $image) { $new_image = $image; $new_image['node_id'] = $new_node_id; $new_image['modified'] = date('c'); $new_image['customer_id'] = (int) Onxshop_Bo_Authentication::getInstance()->getUserId(); unset($new_image['id']); $image_id = $this->Image->insert($new_image); } } // read taxonomy relatoins $original_categories = $this->Taxonomy->listing("node_id = {$original_node_id}"); // duplicate taxonomy relations if (is_array($original_categories)) { foreach ($original_categories as $category) { $new_category = $category; $new_category['node_id'] = $new_node_id; unset($new_category['id']); $category_id = $this->Taxonomy->insert($new_category); } } // read and duplicate nested nodes, but skip page nodes $nested_nodes = $this->Node->listing("parent = {$original_node_id}"); if (is_array($nested_nodes)) { foreach ($nested_nodes as $nested_node) { if ($nested_node['node_group'] != 'page') { $this->duplicateNode($nested_node['id'], $new_node_id); } } } return $new_node_id; }
/** * insertRevision */ public function insertRevision($data) { if (!is_numeric($data['node_id'])) { return false; } if (strlen($data['object']) == 0) { return false; } if (!is_array($data['content'])) { return false; } /** * serialize */ $data['content'] = serialize($data['content']); /** * customer_id */ $bo_user_id = Onxshop_Bo_Authentication::getInstance()->getUserId(); if (is_numeric($bo_user_id)) { $data['customer_id'] = $bo_user_id; } else { $data['customer_id'] = (int) $_SESSION['client']['customer']['id']; } return $this->insert($data); }
/** * main action */ public function mainAction() { /** * check input */ if ($_SESSION['client']['customer']['id'] == 0 && !Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) { msg('controllers/client/customer_detail: You must logged in.', 'error'); onxshopGoTo("/"); } else { if (is_numeric($this->GET['customer_id']) && constant('ONXSHOP_IN_BACKOFFICE')) { $customer_id = $this->GET['customer_id']; } else { $customer_id = $_SESSION['client']['customer']['id']; } } if (!is_numeric($customer_id)) { return false; } /** * initialize */ require_once 'models/client/client_customer.php'; $this->Customer = new client_customer(); $this->Customer->setCacheable(false); /** * save */ if (is_array($_POST['client']['customer'])) { /** * input data */ $data_to_save = $_POST['client']['customer']; $data_to_save['id'] = $customer_id; /** * check birthday field format */ if ($data_to_save['birthday']) { // check, expected as dd/mm/yyyy if (!preg_match('/^\\d{1,2}\\/\\d{1,2}\\/\\d{4}$/', $data_to_save['birthday'])) { msg('Invalid format for birthday, use dd/mm/yyyy', 'error'); return false; } // Format to ISO $data_to_save['birthday'] = strftime('%Y-%m-%d', strtotime(str_replace('/', '-', $data_to_save['birthday']))); } /** * save */ $this->saveDetail($data_to_save); } /** * get customer detail */ $customer_detail = $this->Customer->getDetail($customer_id); if (is_array($customer_detail)) { $this->tpl->assign('ITEM', $customer_detail); } else { msg('controllers/client/customer_edit: cannot get detail', 'error'); } return true; }
/** * main action */ public function mainAction() { /** * first make sure we are on correct domain and using HTTPS if available */ self::checkForSecurityRedirects(); /** * input data */ $translate = trim($this->GET['translate']); if ($translate != "/") { $translate = rtrim($translate, '/'); } if ($this->GET['controller_request']) { $controller_request = trim($this->GET['controller_request']); } /** * file stored rules */ if ($custom_translate = $this->proccessFileRules($translate)) { $controller_request = $custom_translate; $translate = false; //force login when request is from bo/ folder //similar check is done in Onxshop_Bootstrap if (preg_match('/bo\\//', $controller_request)) { if (!$_SERVER['HTTPS'] && ONXSHOP_EDITOR_USE_SSL) { header("Location: https://{$_SERVER['SERVER_NAME']}{$_SERVER['REQUEST_URI']}"); exit; } $auth = Onxshop_Bo_Authentication::getInstance()->login(); if (!$auth) { $controller_request = 'sys/401'; } $_SESSION['use_page_cache'] = false; } } /** * initialize database stored */ require_once 'models/common/common_uri_mapping.php'; $this->Mapper = new common_uri_mapping(); /** * translate request to $action_to_process */ if ($translate) { if (is_numeric($node_id = trim($translate, '/'))) { // URL like /1234 /** * short URL redirects * TODO: allow to pass GET parameters */ $this->redirectToSeoURLAndExit($node_id); } else { if (preg_match('/^\\/\\b(page|node)\\b\\/([0-9]*)$/', $translate, $match)) { // URL like /page/1234 or /node/1234 $mapped_node_id = $match[2]; $action_to_process = $this->getActionToProcessForExistingPage($mapped_node_id); } else { if ($mapped_node_id = $this->Mapper->translate($translate)) { // URL like /abc-cbs $action_to_process = $this->getActionToProcessForExistingPage($mapped_node_id); } else { if ($redirect_uri = $this->Mapper->getRedirectURI($translate)) { // URL like /abc-cbs /** * explicit redirects */ $this->redirectToSeoURLAndExit($redirect_uri['node_id']); } else { if ($translate == '/home') { $action_to_process = $this->getActionToProcessForExistingPage($this->Mapper->conf['homepage_id']); } else { /** * page not found */ $action_to_process = $this->Mapper->getRequest($this->Mapper->conf['404_id']); $this->http_status = '404'; } } } } } } else { if ($controller_request) { // used for /request/ and /api/ handling to allow translating URLs $action_to_process = $controller_request; } } /** * process */ if ($action_to_process) { $page_data = $this->processMappedAction($action_to_process); /** * URI mapping iself will become output of mapped page */ $this->content = $page_data['content']; } else { msg("Cannot find action to process", 'error'); } return true; }
/** * main action */ public function mainAction() { require_once 'models/ecommerce/ecommerce_order.php'; $Order = new ecommerce_order(); $Order->setCacheable(false); if (is_numeric($this->GET['order_id'])) { $order_id = $this->GET['order_id']; } else { msg('Order Detail: Missing order_id', 'error'); return false; } /** * security code to allow unlogged users to pay for the order and view their invoice */ $this->tpl->assign('ORDER_CODE', makeHash($this->GET['order_id'])); /** * include node configuration */ require_once 'models/common/common_node.php'; $node_conf = common_node::initConfiguration(); $this->tpl->assign('NODE_CONF', $node_conf); /** * get detail */ $order_data = $Order->getOrder($order_id); //security check of the owner $is_owner = $order_data['basket']['customer_id'] == $_SESSION['client']['customer']['id']; $is_bo_user = Onxshop_Bo_Authentication::getInstance()->isAuthenticated(); $is_guest_user = $order_data['client']['customer']['status'] == 5; $is_same_session = $order_data['php_session_id'] == session_id() || $order_data['php_session_id'] == $this->GET['php_session_id']; $has_code = !empty($this->GET['code']) && verifyHash($order_data['id'], $this->GET['code']); if ($is_bo_user || $is_owner || $is_guest_user && $is_same_session || $has_code) { /** * display Make Payment if appropriate */ if ($Order->checkOrderStatusValidForPayment($order_data['status'])) { $this->tpl->parse('content.make_payment'); } /** * get address detail */ $_Onxshop_Request = new Onxshop_Request("component/client/address~invoices_address_id={$order_data['invoices_address_id']}:hide_button=1~"); $this->tpl->assign("ADDRESS_INVOICES", $_Onxshop_Request->getContent()); $_Onxshop_Request = new Onxshop_Request("component/client/address~delivery_address_id={$order_data['delivery_address_id']}:hide_button=1~"); $this->tpl->assign("ADDRESS_DELIVERY", $_Onxshop_Request->getContent()); /** * basket detail * if the order is payed, display HTML basket from the invoice, otherwise generate on the fly */ require_once 'models/ecommerce/ecommerce_invoice.php'; $Invoice = new ecommerce_invoice(); $Invoice->setCacheable(false); $invoice_data = $Invoice->getInvoiceForOrder($order_data['id']); if ($invoice_data) { $this->tpl->assign("BASKET_DETAIL", $invoice_data['basket_detail']); $this->tpl->parse("content.print_invoice"); } else { $_Onxshop_Request = new Onxshop_Request("component/ecommerce/basket_detail~id={$order_data['basket_id']}:order_id={$order_id}:delivery_address_id={$order_data['delivery_address_id']}:delivery_options[carrier_id]={$order_data['other_data']['delivery_options']['carrier_id']}~"); $this->tpl->assign("BASKET_DETAIL", $_Onxshop_Request->getContent()); } //other data /* don't show $order_data['other_data'] = unserialize($order_data['other_data']); if (is_array($order_data['other_data'])) { foreach ($order_data['other_data'] as $key=>$value) { //format $key = preg_replace("/required_/","",$key); $key = preg_replace("/_/"," ",$key); $key = ucfirst($key); $note['key'] = $key; $note['value'] = nl2br($value); if ($note['value'] != '') { $this->tpl->assign('OTHER_DATA', $note); $this->tpl->parse('content.other_data.item'); $show_other_data = 1; } } if ($show_other_data == 1) $this->tpl->parse('content.other_data'); } */ $order_data['created'] = strftime('%d/%m/%Y', strtotime($order_data['basket']['created'])); $this->tpl->assign('ORDER', $order_data); } else { msg('unauthorised access to view order detail', 'error'); } return true; }
/** * main action */ public function mainAction() { /** * Manage Sections Menu */ $active_page = 'pages'; $active_subpage = ''; if (preg_match('/backoffice/', $_SERVER['REQUEST_URI'])) { $active_array = explode("/", $_SERVER['REQUEST_URI']); $active_page = preg_replace("/\\?.*\$/", "", $active_array[2]); if (count($active_array) > 2) { $active_subpage = preg_replace("/\\?.*\$/", "", $active_array[3]); } } $this->tpl->assign("ACTIVE_{$active_page}", 'active'); $this->tpl->assign("ACTIVE_{$active_page}_{$active_subpage}", 'active'); /** * ACL */ $auth = Onxshop_Bo_Authentication::getInstance(); $isEcommerce = $auth->isEcommerce(); if ($auth->hasAnyPermission('front_office')) { $this->tpl->parse('content.fe_edit'); } if ($auth->hasAnyPermission('nodes')) { $this->tpl->parse('content.pages'); } if ($auth->hasAnyPermission('nodes')) { $this->tpl->parse('content.news'); } if ($auth->hasAnyPermission('products') && $isEcommerce) { $this->tpl->parse('content.products'); } if ($auth->hasAnyPermission('recipes') && $isEcommerce) { $this->tpl->parse('content.recipes'); } if ($auth->hasAnyPermission('stores') && $isEcommerce) { $this->tpl->parse('content.stores'); } if ($auth->hasAnyPermission('orders') && $isEcommerce) { $this->tpl->parse('content.orders'); } if ($auth->hasAnyPermission('stock') && $isEcommerce) { $this->tpl->parse('content.stock'); } if ($auth->hasAnyPermission('customers')) { $this->tpl->parse('content.customers'); } if ($auth->hasAnyPermission('reports') && $isEcommerce) { $this->tpl->parse('content.stats'); } if ($auth->hasAnyPermission('discounts') && $isEcommerce) { $this->tpl->parse('content.marketing'); } if ($auth->hasAnyPermission('comments')) { $this->tpl->parse('content.comments'); } if ($auth->hasAnyPermission('surveys')) { $this->tpl->parse('content.surveys'); } if ($auth->hasAnyPermission('_all_')) { $this->tpl->parse('content.advanced'); } return true; }
/** * checkEditPermission */ public function checkEditPermission($item) { if (Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) { return true; } return false; }
/** * Disable superuser emulation */ public function disableSuperuserEmulation() { self::$superuserEmulation = false; }
/** * check group_acl */ public function checkDisplayPermissionGroupAcl($node_data, $force_admin_visibility = true) { // return true in case display permission are not set if (!is_array($node_data['display_permission_group_acl'])) { return true; } if (Onxshop_Bo_Authentication::getInstance()->isAuthenticated() && $force_admin_visibility) { return true; } // first set rule for Everyone switch ($node_data['display_permission_group_acl'][0]) { case '0': $visibility = false; break; case '1': $visibility = true; break; case '-1': default: $visibility = true; break; } // than set rule as per active user groups if (!is_array($_SESSION['client']['customer']['group_ids'])) { return $visibility; } if (count($_SESSION['client']['customer']['group_ids']) == 0) { return $visibility; } $visible = 0; $invisible = 0; foreach ($_SESSION['client']['customer']['group_ids'] as $group_id) { switch ($node_data['display_permission_group_acl'][$group_id]) { case '0': $invisible++; break; case '1': $visible++; break; } } // visibility has priority if ($visible > 0) { return true; } // if no visibility explicitly defined and invisibility explicitly defined then hide if ($visible == 0 && $invisible > 0) { return false; } // otherwise use rule for everyone return $visibility; }
/** * Get active customer Id */ protected function getActiveCustomerId() { if ($_SESSION['client']['customer']['id'] > 0) { $customer_id = $_SESSION['client']['customer']['id']; } else { if (Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) { $customer_id = $this->GET['customer_id']; } else { $customer_id = false; } } return $customer_id; }
$file = "public_html/share/images/missing_image.png"; } $file = ONXSHOP_PROJECT_DIR . $file; $realpath = realpath($file); /** * Read file */ if (!is_readable($file)) { //file does not exists //$file = ONXSHOP_PROJECT_DIR . "public_html/share/images/missing_image.png"; header("HTTP/1.0 404 Not Found"); echo "missing"; // log it } else { //admin user can download any content from var/ directory if (Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) { $check = addcslashes(ONXSHOP_PROJECT_DIR, '/') . 'var\\/'; } else { //guest user can download only content of var/files //$check = addcslashes(ONXSHOP_PROJECT_DIR, '/') . 'var\/images\/'; $check = addcslashes(ONXSHOP_PROJECT_DIR, '/') . 'var\\/files\\/'; } if (!preg_match("/{$check}/", $realpath)) { header("HTTP/1.0 403 Forbidden"); echo "forbidden"; exit; } /** * Detect file type and send to the clien */ $mimetype = local_exec("file -bi " . escapeshellarg($file));
/** * main action */ public function mainAction() { /** * check GET.id */ if (is_numeric($this->GET['id'])) { $order_id = $this->GET['id']; } else { msg("component/ecommerce/invoice: GET.id is not numeric", 'error'); return false; } /** * initialize */ require_once 'models/ecommerce/ecommerce_invoice.php'; require_once 'models/ecommerce/ecommerce_order.php'; $Invoice = new ecommerce_invoice(); $Order = new ecommerce_order(); $Invoice->setCacheable(false); $Order->setCacheable(false); $this->tpl->assign('CONF', $Invoice->conf); /** * get order data */ $order_data = $Order->getOrder($order_id); /** * check owner */ //security check of the owner $is_owner = $order_data['basket']['customer_id'] == $_SESSION['client']['customer']['id']; $is_bo_user = Onxshop_Bo_Authentication::getInstance()->isAuthenticated(); $is_guest_user = $order_data['client']['customer']['status'] == 5; $is_same_session = $order_data['php_session_id'] == session_id() || $order_data['php_session_id'] == $this->GET['php_session_id']; $has_code = !empty($this->GET['code']) && verifyHash($order_data['id'], $this->GET['code']); if ($is_bo_user || $is_owner || $is_guest_user && $is_same_session || $has_code) { /** * check dift option */ if ($order_data['other_data']['delivery_options']['other_data']['gift'] == 1 || $order_data['other_data']['gift'] == 1) { $this->tpl->parse('content.gift'); } /** * display appropriate carrier logo */ $carrier_id = $order_data['other_data']['delivery_options']['carrier_id']; $this->tpl->parse("content.type.carrier_id_{$carrier_id}"); $this->tpl->parse('content.type'); /** * get invoice details */ $invoice_data = $Invoice->getInvoiceForOrder($this->GET['id']); /** * other data */ /* $order_data['other_data'] = unserialize($order_data['other_data']); if (is_array($order_data['other_data'])) { foreach ($order_data['other_data'] as $key=>$value) { //format $key = preg_replace("/required_/","",$key); $key = preg_replace("/_/"," ",$key); $key = ucfirst($key); $note['key'] = $key; $note['value'] = nl2br($value); if ($note['value'] != '') { $this->tpl->assign('OTHER_DATA', $note); $this->tpl->parse('content.other_data.item'); $show_other_data = 1; } } if ($show_other_data == 1) $this->tpl->parse('content.other_data'); } */ //$invoice_data['created'] = strftime('%d/%m/%Y', strtotime($invoice_data['created'])); if (empty($invoice_data['basket_detail_enhanced'])) { $invoice_data['basket_detail_enhanced'] = $invoice_data['basket_detail']; } $this->tpl->assign('INVOICE', $invoice_data); $this->tpl->assign('ORDER', $order_data); if ($Invoice->conf['company_logo'] != '') { $this->tpl->parse('content.logoimage'); } else { $this->tpl->parse('content.logotypo'); } } else { msg('unauthorized access to view order detail'); } return true; }
/** * insert file * * @param array $file * information of file for insert * * @return integer * ID of inserted file or false */ function insertFile($file = array()) { $src = ONXSHOP_PROJECT_DIR . $file['src']; if (is_readable($src)) { if (!is_numeric($file['priority'])) { $file['priority'] = 0; } $file['modified'] = date('c'); if (!is_numeric($file['author'])) { $file['author'] = 0; } // deprecated as of Onxshop 1.7 if (!is_numeric($file['customer_id'])) { $bo_user_id = Onxshop_Bo_Authentication::getInstance()->getUserId(); if (is_numeric($bo_user_id)) { $file['customer_id'] = $bo_user_id; } else { $file['customer_id'] = (int) $_SESSION['client']['customer']['id']; } } if ($id = $this->insert($file)) { msg('File Inserted', 'ok', 2); return $id; } else { msg("Can't insert file {$src}", 'error'); return false; } } else { msg("{$src} does not exists!", 'error'); return false; } }
/** * get request */ function getRequest($node_id) { require_once 'models/common/common_node.php'; $Node = new common_node(); if ($Node->detail($node_id)) { $append = ".node~id={$node_id}~"; if ($node_id == $this->conf['404_id']) { $append = "{$append}.sys/404"; } } else { $append = ".node~id=" . $this->conf['404_id'] . "~.sys/404"; } if (Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) { //hack to pass _SESSION.fe_edit_mode even before it's called again from fe_edit //consider moving this to $Bootstrap->initPreAction //probably this whole block, _GET shouldn't be here! $_Onxshop_Request = new Onxshop_Request('bo/component/fe_edit_mode'); $request = ONXSHOP_DEFAULT_TYPE . "~id={$node_id}~.bo/fe_edit~id={$node_id}~." . ONXSHOP_MAIN_TEMPLATE . "~id={$node_id}~{$append}"; } else { $request = ONXSHOP_DEFAULT_LAYOUT . "~id={$node_id}~" . "{$append}"; } return $request; }
/** * isPageCacheAllowed */ public function isPageCacheAllowed() { /** * default value */ $use_page_cache = true; /** * cache can be disabled on request */ if (isset($_GET['nocache'])) { $this->disable_page_cache = $_GET['nocache']; } // check if explicitly disabled if ($this->disable_page_cache || ONXSHOP_PAGE_CACHE_TTL == 0) { $use_page_cache = false; } else { /** * previously set (i.e. disabled) in session */ if (isset($_SESSION['use_page_cache'])) { $use_page_cache = $_SESSION['use_page_cache']; } /** * disable page cache for whole session after a user interaction and for backoffice users */ if (count($_POST) > 0 || Onxshop_Bo_Authentication::getInstance()->isAuthenticated() || $_SESSION['client']['customer']['id'] > 0) { $use_page_cache = false; } /** * TODO: allow to configure what _GET variables will disable page cache * disable page cache also when sorting and mode is submitted * component/ecommerce/product_list_sorting * or when preview_token is used, i.e. news article preview */ if (is_array($_GET['sort']) || $_GET['product_list_mode'] || $_GET['preview_token']) { $use_page_cache = false; } } return $use_page_cache; }
/** * canViewPage * check if page is published, but keep it available in edit mode * and allow to see when provided GET.preview_token */ public function canViewPage($node_data) { if ($this->checkForValidPreviewToken($node_data)) { msg("This page is waiting for approval"); return true; } else { if (Onxshop_Bo_Authentication::getInstance()->isAuthenticated()) { return true; } else { return $node_data['publish']; } } }