if (empty($_REQUEST['ship_to_another'])) {
$profile_fields = fn_get_profile_fields('O');
fn_fill_address($user_data, $profile_fields);
}
// Check if we need to send notification with new email to customer
$email = db_get_field('SELECT email FROM ?:users WHERE user_id = ?i', $auth['user_id']);
$send_notification = false;
if (isset($user_data['email']) && $user_data['email'] != $email) {
$send_notification = true;
}
list($user_id, $profile_id) = fn_update_user($auth['user_id'], $user_data, $auth, !empty($_REQUEST['ship_to_another']), $send_notification, false);
$cart['profile_id'] = $profile_id;
}
// Add/Update additional fields
if (!empty($user_data['fields'])) {
fn_store_profile_fields($user_data, array('U' => $auth['user_id'], 'P' => $profile_id), 'UP');
// FIXME
}
} elseif (Registry::get('settings.General.disable_anonymous_checkout') != 'Y') {
if (empty($auth['user_id']) && !empty($user_data['email'])) {
$email_exists = fn_is_user_exists(0, $user_data);
if (!empty($email_exists)) {
fn_set_notification('E', __('error'), __('error_user_exists'));
fn_save_post_data('user_data');
if (Registry::get('runtime.action') == 'guest_checkout') {
$_suffix = '.guest_checkout?edit_step=step_two';
}
return array(CONTROLLER_STATUS_REDIRECT, 'checkout.checkout' . $_suffix);
}
}
if (isset($user_data['fields'])) {
/**
* Update steps data handler
*
* @param array $cart Cart
* @param array $auth Auth
* @param array $params Params
* @return array
*/
function fn_checkout_update_steps(&$cart, &$auth, $params)
{
$redirect_params = array();
$user_data = !empty($params['user_data']) ? $params['user_data'] : array();
unset($user_data['user_type']);
if (!empty($auth['user_id'])) {
if (isset($user_data['profile_id'])) {
if (empty($user_data['profile_id'])) {
$user_data['profile_type'] = 'S';
}
$profile_id = $user_data['profile_id'];
} elseif (!empty($cart['profile_id'])) {
$profile_id = $cart['profile_id'];
} else {
$profile_id = db_get_field("SELECT profile_id FROM ?:user_profiles WHERE user_id = ?i AND profile_type = 'P'", $auth['user_id']);
}
$user_data['user_id'] = $auth['user_id'];
$current_user_data = fn_get_user_info($auth['user_id'], true, $profile_id);
if ($profile_id != NULL) {
$cart['profile_id'] = $profile_id;
}
$errors = false;
// Update contact information
if (($params['update_step'] == 'step_one' || $params['update_step'] == 'step_two') && !empty($user_data['email'])) {
// Check email
$email_exists = fn_is_user_exists($auth['user_id'], $user_data);
if (!empty($email_exists)) {
fn_set_notification('E', __('error'), __('error_user_exists'));
$redirect_params['edit_step'] = $params['update_step'];
$errors = true;
$params['next_step'] = $params['update_step'];
}
}
// Update billing/shipping information
if ($params['update_step'] == 'step_two' || $params['update_step'] == 'step_one' && !$errors) {
if (!empty($user_data)) {
$user_data = fn_array_merge($current_user_data, $user_data);
$user_data['user_type'] = !empty($current_user_data['user_type']) ? $current_user_data['user_type'] : AREA;
$user_data = fn_fill_contact_info_from_address($user_data);
}
$user_data = fn_array_merge($current_user_data, $user_data);
if (empty($params['ship_to_another'])) {
$profile_fields = fn_get_profile_fields('O');
fn_fill_address($user_data, $profile_fields);
}
// Check if we need to send notification with new email to customer
$email = db_get_field('SELECT email FROM ?:users WHERE user_id = ?i', $auth['user_id']);
$send_notification = false;
if (isset($user_data['email']) && $user_data['email'] != $email) {
$send_notification = true;
}
list($user_id, $profile_id) = fn_update_user($auth['user_id'], $user_data, $auth, !empty($params['ship_to_another']), $send_notification, false);
$cart['profile_id'] = $profile_id;
}
// Add/Update additional fields
if (!empty($user_data['fields'])) {
fn_store_profile_fields($user_data, array('U' => $auth['user_id'], 'P' => $profile_id), 'UP');
// FIXME
}
} elseif (Registry::get('settings.Checkout.disable_anonymous_checkout') != 'Y') {
if (empty($auth['user_id']) && !empty($user_data['email'])) {
$email_exists = fn_is_user_exists(0, $user_data);
if (!empty($email_exists)) {
fn_set_notification('E', __('error'), __('error_user_exists'));
fn_save_post_data('user_data');
if (!empty($params['guest_checkout'])) {
$redirect_params['edit_step'] = $params['step_two'];
$redirect_params['guest_checkout'] = 1;
}
return $redirect_params;
}
}
if (isset($user_data['fields'])) {
$fields = fn_array_merge(isset($cart['user_data']['fields']) ? $cart['user_data']['fields'] : array(), $user_data['fields']);
}
if ($params['update_step'] == 'step_two' && !empty($user_data)) {
$user_data = fn_fill_contact_info_from_address($user_data);
}
$cart['user_data'] = fn_array_merge($cart['user_data'], $user_data);
// Fill shipping info with billing if needed
if (empty($params['ship_to_another']) && $params['update_step'] == 'step_two') {
$profile_fields = fn_get_profile_fields('O');
fn_fill_address($cart['user_data'], $profile_fields);
}
if (!empty($cart['user_data']['b_vat_id']) && !empty($cart['user_data']['b_country'])) {
if (fn_check_vat_id($user_data['b_vat_id'], $cart['user_data']['b_country'])) {
fn_set_notification('N', __('notice'), __('vat_id_number_is_valid'));
} else {
fn_set_notification('E', __('error'), __('vat_id_number_is_not_valid'));
$cart['user_data']['b_vat_id'] = '';
return $redirect_params;
}
} elseif (isset($user_data['b_vat_id'])) {
$user_data['b_vat_id'] = '';
}
}
if (!empty($params['next_step'])) {
$redirect_params['edit_step'] = $params['next_step'];
}
if (!empty($params['shipping_ids'])) {
fn_checkout_update_shipping($cart, $params['shipping_ids']);
}
if (!empty($params['payment_id'])) {
$cart['payment_id'] = (int) $params['payment_id'];
if (!empty($params['payment_info'])) {
$cart['extra_payment_info'] = $params['payment_info'];
if (!empty($cart['extra_payment_info']['card_number'])) {
$cart['extra_payment_info']['secure_card_number'] = preg_replace('/^(.+?)([0-9]{4})$/i', '***-$2', $cart['extra_payment_info']['card_number']);
}
} else {
unset($cart['extra_payment_info']);
}
fn_update_payment_surcharge($cart, $auth);
fn_save_cart_content($cart, $auth['user_id']);
}
if (!empty($params['customer_notes'])) {
$cart['notes'] = $params['customer_notes'];
}
// Recalculate the cart
$cart['recalculate'] = true;
if (!empty($params['next_step']) && ($params['next_step'] == 'step_three' || $params['next_step'] == 'step_four')) {
$cart['calculate_shipping'] = true;
}
$shipping_calculation_type = Registry::get('settings.General.estimate_shipping_cost') == 'Y' || !empty($completed_steps['step_two']) ? 'A' : 'S';
list($cart_products, $product_groups) = fn_calculate_cart_content($cart, $auth, $shipping_calculation_type, true, 'F');
$shipping_hash = fn_get_shipping_hash($cart['product_groups']);
if (!empty($_SESSION['shipping_hash']) && $_SESSION['shipping_hash'] != $shipping_hash && $params['next_step'] == 'step_four' && $cart['shipping_required']) {
if (!empty($cart['chosen_shipping'])) {
fn_set_notification('W', __('important'), __('text_shipping_rates_changed'));
}
$cart['chosen_shipping'] = array();
$redirect_params['edit_step'] = 'step_three';
return $redirect_params;
}
return $redirect_params;
}
/**
* Updates profile data of registered user
*
* @param int $user_id User identifier
* @param array $user_data Profile information
* @param string $action Current action (Example: 'add')
* @return int profile ID
*/
function fn_update_user_profile($user_id, $user_data, $action = '')
{
/**
* Modify profile data of registered user
*
* @param int $user_id User identifier
* @param array $user_data Profile information
* @param string $action Current action (Example: 'add')
*/
fn_set_hook('update_user_profile_pre', $user_id, $user_data, $action);
// Add new profile or update existing
if (isset($user_data['profile_id']) && empty($user_data['profile_id']) || $action == 'add') {
if ($action == 'add') {
unset($user_data['profile_id']);
$user_data['profile_type'] = 'P';
$user_data['profile_name'] = empty($user_data['profile_name']) ? __('main') : $user_data['profile_name'];
} else {
$user_data['profile_type'] = 'S';
}
$user_data['profile_id'] = db_query("INSERT INTO ?:user_profiles ?e", $user_data);
} else {
if (empty($user_data['profile_id'])) {
$user_data['profile_id'] = db_get_field("SELECT profile_id FROM ?:user_profiles WHERE user_id = ?i AND profile_type = 'P'", $user_id);
}
$is_exists = db_get_field('SELECT COUNT(*) FROM ?:user_profiles WHERE user_id = ?i AND profile_id = ?i', $user_id, $user_data['profile_id']);
if ($is_exists) {
db_query("UPDATE ?:user_profiles SET ?u WHERE profile_id = ?i", $user_data, $user_data['profile_id']);
} else {
return false;
}
}
// Add/Update additional fields
fn_store_profile_fields($user_data, array('U' => $user_id, 'P' => $user_data['profile_id']), 'UP');
/**
* Perform actions after user profile update
*
* @param int $user_id User identifier
* @param array $user_data Profile information
* @param string $action Current action (Example: 'add')
*/
fn_set_hook('update_user_profile_post', $user_id, $user_data, $action);
return $user_data['profile_id'];
}
function fn_update_order(&$cart, $order_id = 0)
{
fn_set_hook('pre_update_order', $cart, $order_id);
$cart['user_data'] = isset($cart['user_data']) ? $cart['user_data'] : array();
$order = fn_array_merge($cart, $cart['user_data']);
unset($order['user_data']);
// filter hidden fields, which were hidden to checkout
fn_filter_hidden_profile_fields($order, 'O');
// If the contact information fields were disabled, fill the information from the billing/shipping
Registry::get('settings.General.address_position') == 'billing_first' ? $address_zone = 'b' : ($address_zone = 's');
if (!empty($order['firstname']) || !empty($order[$address_zone . '_firstname'])) {
$order['firstname'] = empty($order['firstname']) && !empty($order[$address_zone . '_firstname']) ? $order[$address_zone . '_firstname'] : $order['firstname'];
}
if (!empty($order['lastname']) || !empty($order[$address_zone . '_lastname'])) {
$order['lastname'] = empty($order['lastname']) && !empty($order[$address_zone . '_lastname']) ? $order[$address_zone . '_lastname'] : $order['lastname'];
}
if (!empty($order['phone']) || !empty($order[$address_zone . '_phone'])) {
$order['phone'] = empty($order['phone']) && !empty($order[$address_zone . '_phone']) ? $order[$address_zone . '_phone'] : $order['phone'];
}
if (empty($order['profile_id'])) {
$order['profile_id'] = 0;
}
if (!empty($cart['shipping'])) {
$order['shipping_ids'] = fn_create_set(array_keys($cart['shipping']));
}
if (!empty($cart['payment_surcharge'])) {
$cart['total'] += $cart['payment_surcharge'];
$order['total'] = $cart['total'];
if (fn_allowed_for('MULTIVENDOR')) {
$cart['companies'] = fn_get_products_companies($cart['products']);
$take_payment_surcharge_from_vendor = fn_take_payment_surcharge_from_vendor($cart['products']);
if (Registry::get('settings.Vendors.include_payment_surcharge') == 'Y' && $take_payment_surcharge_from_vendor) {
$cart['companies_count'] = count($cart['companies']);
$cart['total'] -= $cart['payment_surcharge'];
$order['total'] = $cart['total'];
}
}
}
if (empty($order_id)) {
$ip = fn_get_ip();
$order['ip_address'] = $ip['host'];
$order['timestamp'] = TIME;
$order['lang_code'] = CART_LANGUAGE;
$order['company_id'] = 0;
$order['status'] = STATUS_INCOMPLETED_ORDER;
// incomplete by default to increase inventory
$order_status = $order['status'];
if (count($order['product_groups']) > 1 && !$order['parent_order_id']) {
$order['is_parent_order'] = 'Y';
$order['status'] = STATUS_PARENT_ORDER;
} elseif (!empty($order['product_groups'][0]['company_id'])) {
$order['is_parent_order'] = 'N';
$order['company_id'] = $order['product_groups'][0]['company_id'];
}
if (fn_allowed_for('ULTIMATE')) {
if (Registry::get('runtime.company_id') == 0) {
fn_set_notification('E', __('error'), __('text_select_vendor'));
return false;
} else {
$order['company_id'] = Registry::get('runtime.company_id');
}
}
if (defined('CART_LOCALIZATION')) {
$order['localization_id'] = CART_LOCALIZATION;
}
if (!empty($cart['rewrite_order_id'])) {
$order['order_id'] = array_shift($cart['rewrite_order_id']);
}
$order['promotions'] = serialize(!empty($cart['promotions']) ? $cart['promotions'] : array());
if (!empty($cart['promotions'])) {
$order['promotion_ids'] = fn_create_set(array_keys($cart['promotions']));
}
// foreach($order['product_groups'][0] as $k=>$y){
// var_dump($k);echo" ------ ";var_dump($y);echo"<br/><br/>==========================<br/><br/>";
// }
//die();
fn_set_hook('create_order', $order);
$order_id = db_query("INSERT INTO ?:orders ?e", $order);
} else {
unset($order['order_id']);
// We're editing existing order
if (isset($cart['promotions'])) {
$order['promotions'] = serialize($cart['promotions']);
$order['promotion_ids'] = fn_create_set(array_keys($cart['promotions']));
}
$old_order = db_get_row("SELECT company_id, payment_id, status FROM ?:orders WHERE order_id = ?i", $order_id);
$order['status'] = $old_order['status'];
$order['company_id'] = $old_order['company_id'];
$order_status = $order['status'];
if (!empty($cart['payment_id']) && $cart['payment_id'] == $old_order['payment_id']) {
$payment_info = db_get_field("SELECT data FROM ?:order_data WHERE order_id = ?i AND type = 'P'", $order_id);
if (!empty($payment_info)) {
$payment_info = unserialize(fn_decrypt_text($payment_info));
$cart['payment_info'] = array_merge($payment_info, !empty($cart['payment_info']) ? $cart['payment_info'] : array());
}
}
// incomplete the order to increase inventory amount.
fn_change_order_status($order_id, STATUS_INCOMPLETED_ORDER, $old_order['status'], fn_get_notification_rules(array(), false));
$order['status'] = STATUS_INCOMPLETED_ORDER;
fn_set_hook('edit_place_order', $order_id);
$profile_fields = db_get_hash_array("SELECT field_id, value FROM ?:profile_fields_data WHERE object_id = ?i AND object_type = 'O'", 'field_id', $order_id);
foreach ($profile_fields as $k => $v) {
if (!isset($cart['user_data']['fields'][$k])) {
$cart['user_data']['fields'][$k] = $v['value'];
}
}
fn_set_hook('update_order', $order, $order_id);
db_query("UPDATE ?:orders SET ?u WHERE order_id = ?i", $order, $order_id);
if (!empty($order['products'])) {
db_query("DELETE FROM ?:order_details WHERE order_id = ?i", $order_id);
}
}
fn_store_profile_fields($cart['user_data'], $order_id, 'O');
fn_create_order_details($order_id, $cart);
fn_update_order_data($order_id, $cart);
// Log order creation/update
$log_action = !empty($order['order_id']) ? 'update' : 'create';
fn_log_event('orders', $log_action, array('order_id' => $order_id));
//
// Place the order_id to new_orders table for all admin profiles
//
if (empty($order['parent_order_id'])) {
$condition = "";
if (fn_allowed_for('ULTIMATE')) {
$condition = " AND user_type = 'A'";
}
if (fn_allowed_for('MULTIVENDOR')) {
$condition = db_quote(" AND (user_type = 'A' OR (user_type = 'V' AND ?:users.company_id = ?i))", $order['company_id']);
}
$admins = db_get_fields("SELECT user_id FROM ?:users WHERE 1 {$condition}");
foreach ($admins as $k => $v) {
db_query("REPLACE INTO ?:new_orders (order_id, user_id) VALUES (?i, ?i)", $order_id, $v);
}
}
return array($order_id, $order_status);
}
/**
* Order placing function
*
* @param array $cart
* @param array $auth
* @param string $action
* @return int order_id or bool FALSE
*/
function fn_place_order(&$cart, &$auth, $action = '', $parent_order_id = 0)
{
$allow = true;
fn_set_hook('pre_place_order', $cart, $allow);
if ($allow == true && !fn_cart_is_empty($cart)) {
$ip = fn_get_ip();
$__order_status = STATUS_INCOMPLETED_ORDER;
$order = fn_check_table_fields($cart, 'orders');
$order = fn_array_merge($order, fn_check_table_fields($cart['user_data'], 'orders'));
// filter hidden fields, which were hidden to checkout
fn_filter_hidden_profile_fields($order, 'O');
// If the contact information fields were disabled, fill the information from the billing/shipping
Registry::get('settings.General.address_position') == 'billing_first' ? $address_zone = 'b' : ($address_zone = 's');
if (!empty($order['firstname']) || !empty($order[$address_zone . '_firstname'])) {
$order['firstname'] = empty($order['firstname']) && !empty($order[$address_zone . '_firstname']) ? $order[$address_zone . '_firstname'] : $order['firstname'];
}
if (!empty($order['lastname']) || !empty($order[$address_zone . '_lastname'])) {
$order['lastname'] = empty($order['lastname']) && !empty($order[$address_zone . '_lastname']) ? $order[$address_zone . '_lastname'] : $order['lastname'];
}
if (!empty($order['phone']) || !empty($order[$address_zone . '_phone'])) {
$order['phone'] = empty($order['phone']) && !empty($order[$address_zone . '_phone']) ? $order[$address_zone . '_phone'] : $order['phone'];
}
$order['user_id'] = $auth['user_id'];
$order['timestamp'] = TIME;
$order['lang_code'] = CART_LANGUAGE;
$order['tax_exempt'] = $auth['tax_exempt'];
$order['status'] = STATUS_INCOMPLETED_ORDER;
// incomplete by default to increase inventory
$order['ip_address'] = $ip['host'];
$cart['companies'] = fn_get_products_companies($cart['products']);
$order['is_parent_order'] = 'N';
if (PRODUCT_TYPE == 'MULTIVENDOR') {
$order['parent_order_id'] = $parent_order_id;
if (count($cart['companies']) > 1) {
$order['is_parent_order'] = 'Y';
$__order_status = $order['status'] = STATUS_PARENT_ORDER;
} else {
$order['company_id'] = key($cart['companies']);
}
}
$order['promotions'] = serialize(!empty($cart['promotions']) ? $cart['promotions'] : array());
if (!empty($cart['promotions'])) {
$order['promotion_ids'] = implode(', ', array_keys($cart['promotions']));
}
$order['shipping_ids'] = !empty($cart['shipping']) ? fn_create_set(array_keys($cart['shipping'])) : '';
if (!empty($cart['payment_surcharge'])) {
$cart['total'] += $cart['payment_surcharge'];
$order['total'] = $cart['total'];
}
if (!empty($cart['payment_info'])) {
$ccards = fn_get_static_data_section('C', true);
if (!empty($cart['payment_info']['card']) && !empty($ccards[$cart['payment_info']['card']])) {
// Check if cvv2 number required and unset it if not
if ($ccards[$cart['payment_info']['card']]['param_2'] != 'Y') {
unset($cart['payment_info']['cvv2']);
}
// Check if start date exists and required and convert it to string
if ($ccards[$cart['payment_info']['card']]['param_3'] != 'Y') {
unset($cart['payment_info']['start_year'], $cart['payment_info']['start_month']);
}
// Check if issue number required
if ($ccards[$cart['payment_info']['card']]['param_4'] != 'Y') {
unset($cart['payment_info']['issue_number']);
}
}
}
// We're editing existing order
if (!empty($order['order_id']) && $order['is_parent_order'] != 'Y') {
$_tmp = db_get_row("SELECT status, ip_address, details, timestamp, lang_code FROM ?:orders WHERE order_id = ?i", $order['order_id']);
$order['ip_address'] = $_tmp['ip_address'];
// Leave original customers IP address
$order['details'] = $_tmp['details'];
// Leave order details
$order['timestamp'] = $_tmp['timestamp'];
// Leave the original date
$order['lang_code'] = $_tmp['lang_code'];
// Leave the original language
if ($action == 'save') {
$__order_status = $_tmp['status'];
// Get the original order status
}
fn_change_order_status($order['order_id'], STATUS_INCOMPLETED_ORDER, $_tmp['status'], fn_get_notification_rules(array(), false));
// incomplete the order to increase inventory amount.
db_query("DELETE FROM ?:orders WHERE order_id = ?i", $order['order_id']);
db_query("DELETE FROM ?:order_details WHERE order_id = ?i", $order['order_id']);
db_query("DELETE FROM ?:profile_fields_data WHERE object_id = ?i AND object_type = 'O'", $order['order_id']);
db_query("DELETE FROM ?:order_data WHERE order_id = ?i AND type IN ('T', 'C', 'P')", $order['order_id']);
fn_set_hook('edit_place_order', $order['order_id']);
}
if (!empty($cart['rewrite_order_id'])) {
$order['order_id'] = array_shift($cart['rewrite_order_id']);
}
$order['referer'] = $_SESSION['referer'];
$order_id = db_query("INSERT INTO ?:orders ?e", $order);
// Log order creation
fn_log_event('orders', 'create', array('order_id' => $order_id));
fn_store_profile_fields($cart['user_data'], $order_id, 'O');
$order['order_id'] = $order_id;
// If customer is not logged in, store order ids in the session
if (empty($auth['user_id'])) {
$auth['order_ids'][] = $order_id;
}
// Add order details data
if (!empty($order_id)) {
if (!empty($cart['products'])) {
foreach ((array) $cart['products'] as $k => $v) {
$product_code = '';
$extra = empty($v['extra']) ? array() : $v['extra'];
$v['discount'] = empty($v['discount']) ? 0 : $v['discount'];
$extra['product'] = empty($v['product']) ? fn_get_product_name($v['product_id']) : $v['product'];
$extra['company_id'] = $v['company_id'];
if (isset($v['is_edp'])) {
$extra['is_edp'] = $v['is_edp'];
}
if (isset($v['edp_shipping'])) {
$extra['edp_shipping'] = $v['edp_shipping'];
}
if (!empty($v['discount'])) {
$extra['discount'] = $v['discount'];
}
if (isset($v['base_price'])) {
$extra['base_price'] = floatval($v['base_price']);
}
if (!empty($v['promotions'])) {
$extra['promotions'] = $v['promotions'];
}
if (!empty($v['stored_price']) && $v['stored_price'] == 'Y') {
$extra['stored_price'] = 'Y';
}
if (!empty($v['product_options'])) {
$_options = fn_get_product_options($v['product_id']);
if (!empty($_options)) {
foreach ($_options as $option_id => $option) {
if (!isset($v['product_options'][$option_id])) {
$v['product_options'][$option_id] = '';
}
}
}
$extra['product_options'] = $v['product_options'];
$cart_id = fn_generate_cart_id($v['product_id'], array('product_options' => $v['product_options']), true);
$tracking = db_get_field("SELECT tracking FROM ?:products WHERE product_id = ?i", $v['product_id']);
if ($tracking == 'O') {
$product_code = db_get_field("SELECT product_code FROM ?:product_options_inventory WHERE combination_hash = ?i", $cart_id);
}
$extra['product_options_value'] = fn_get_selected_product_options_info($v['product_options']);
} else {
$v['product_options'] = array();
}
if (empty($product_code)) {
$product_code = db_get_field("SELECT product_code FROM ?:products WHERE product_id = ?i", $v['product_id']);
}
// Check the cart custom files
if (isset($extra['custom_files'])) {
$dir_path = DIR_CUSTOM_FILES . 'order_data/' . $order_id;
$sess_dir_path = DIR_CUSTOM_FILES . 'sess_data';
if (!is_dir($dir_path)) {
fn_mkdir($dir_path);
}
foreach ($extra['custom_files'] as $option_id => $files) {
if (is_array($files)) {
foreach ($files as $file_id => $file) {
$file['path'] = $sess_dir_path . '/' . basename($file['path']);
fn_copy($file['path'], $dir_path . '/' . $file['file']);
fn_rm($file['path']);
fn_rm($file['path'] . '_thumb');
$extra['custom_files'][$option_id][$file_id]['path'] = $dir_path . '/' . $file['file'];
}
}
}
}
$order_details = array('item_id' => $k, 'order_id' => $order_id, 'product_id' => $v['product_id'], 'product_code' => $product_code, 'price' => !empty($v['stored_price']) && $v['stored_price'] == 'Y' ? $v['price'] - $v['discount'] : $v['price'], 'amount' => $v['amount'], 'extra' => serialize($extra));
db_query("INSERT INTO ?:order_details ?e", $order_details);
// Increase product popularity
$_data = array('product_id' => $v['product_id'], 'bought' => 1, 'total' => POPULARITY_BUY);
db_query("INSERT INTO ?:product_popularity ?e ON DUPLICATE KEY UPDATE bought = bought + 1, total = total + ?i", $_data, POPULARITY_BUY);
}
}
// Save shipping information
if (!empty($cart['shipping'])) {
if ($_SESSION['selfService']) {
foreach ($cart['shipping'] as $sh_id => $_d) {
$cart['shipping'][$sh_id]['selfService'] = $_SESSION['selfService'];
}
}
// Get carriers and tracking number
$data = db_get_field("SELECT data FROM ?:order_data WHERE order_id = ?i AND type = 'L'", $order_id);
if (!empty($data)) {
$data = unserialize($data);
foreach ($cart['shipping'] as $sh_id => $_d) {
if (!empty($data[$sh_id]['carrier'])) {
$cart['shipping'][$sh_id]['carrier'] = $data[$sh_id]['carrier'];
}
if (!empty($data[$sh_id]['tracking_number'])) {
$cart['shipping'][$sh_id]['tracking_number'] = $data[$sh_id]['tracking_number'];
}
}
}
$_data = array('order_id' => $order_id, 'type' => 'L', 'data' => serialize($cart['shipping']));
db_query("REPLACE INTO ?:order_data ?e", $_data);
}
// Save taxes
if (!empty($cart['taxes'])) {
$_data = array('order_id' => $order_id, 'type' => 'T', 'data' => serialize($cart['taxes']));
db_query("REPLACE INTO ?:order_data ?e", $_data);
}
// Save payment information
if (!empty($cart['payment_info'])) {
$_data = array('order_id' => $order_id, 'type' => 'P', 'data' => fn_encrypt_text(serialize($cart['payment_info'])));
db_query("REPLACE INTO ?:order_data ?e", $_data);
}
// Save coupons information
if (!empty($cart['coupons'])) {
$_data = array('order_id' => $order_id, 'type' => 'C', 'data' => serialize($cart['coupons']));
db_query("REPLACE INTO ?:order_data ?e", $_data);
}
// Save secondary currency (for order notifications from payments with feedback requests)
$_data = array('order_id' => $order_id, 'type' => 'R', 'data' => serialize(CART_SECONDARY_CURRENCY));
db_query("REPLACE INTO ?:order_data ?e", $_data);
//
// Place the order_id to new_orders table for all admin profiles
//
$admins = db_get_fields("SELECT user_id FROM ?:users WHERE user_type = 'A'");
foreach ($admins as $k => $v) {
db_query("REPLACE INTO ?:new_orders (order_id, user_id) VALUES (?i, ?i)", $order_id, $v);
}
fn_set_hook('place_order', $order_id, $action, $__order_status, $cart);
// If order total is zero, just save the order without any processing procedures
if (floatval($cart['total']) == 0) {
$action = 'save';
$__order_status = 'P';
}
list($is_processor_script, ) = fn_check_processor_script($cart['payment_id'], $action, true);
if (!$is_processor_script && $__order_status == STATUS_INCOMPLETED_ORDER) {
$__order_status = 'O';
}
// Set new order status
fn_change_order_status($order_id, $__order_status, '', $is_processor_script || $__order_status == STATUS_PARENT_ORDER ? fn_get_notification_rules(array(), true) : fn_get_notification_rules(array()), true);
$cart['processed_order_id'] = array();
$cart['processed_order_id'][] = $order_id;
if (!$parent_order_id && count($cart['companies']) > 1 && PRODUCT_TYPE == 'MULTIVENDOR') {
fn_companies_place_suborders($order_id, $cart, $auth, $action);
$child_orders = db_get_fields("SELECT order_id FROM ?:orders WHERE parent_order_id = ?i", $order_id);
array_unshift($child_orders, $order_id);
$cart['processed_order_id'] = $child_orders;
}
return array($order_id, $action != 'save');
}
}
return array(false, false);
}
/**
* Add/update user
*
* @param int $user_id - user ID to update (empty for new user)
* @param array $user_data - user data
* @param array $auth - authentication information
* @param bool $ship_to_another - flag indicates that shipping and billing fields are different
* @param bool $notify_customer - flag indicates that customer should be notified
* @param bool $send_password - TRUE if the password should be included into the e-mail
* @return array with user ID and profile ID if success, false otherwise
*/
function fn_update_user($user_id, $user_data, &$auth, $ship_to_another, $notify_customer, $send_password = false)
{
if (!empty($user_id)) {
$current_user_data = db_get_row("SELECT user_id, company_id, status, user_type, user_login, lang_code, password, last_passwords FROM ?:users WHERE user_id = ?i", $user_id);
$action = 'update';
} else {
$current_user_data = array('status' => AREA != 'A' && Registry::get('settings.General.approve_user_profiles') == 'Y' ? 'D' : (!empty($user_data['status']) ? $user_data['status'] : 'A'), 'user_type' => 'C');
$action = 'add';
$user_data['lang_code'] = !empty($user_data['lang_code']) ? $user_data['lang_code'] : CART_LANGUAGE;
$user_data['timestamp'] = TIME;
}
$original_password = '';
$current_user_data['password'] = !empty($current_user_data['password']) ? $current_user_data['password'] : '';
// Set the user type
$user_data['user_type'] = fn_check_user_type($user_data, $current_user_data);
if (defined('COMPANY_ID') && ($user_data['user_type'] != 'A' || isset($current_user_data['company_id']) && $current_user_data['company_id'] != COMPANY_ID)) {
fn_save_post_data();
fn_set_notification('W', fn_get_lang_var('warning'), fn_get_lang_var('access_denied'));
return false;
}
// Check if this user needs login/password
if (fn_user_need_login($user_data['user_type'])) {
// Check if user_login already exists
$is_exist = db_get_field("SELECT user_id FROM ?:users WHERE (email = ?s ?p) AND user_id != ?i", $user_data['email'], empty($user_data['user_login']) ? '' : db_quote(" OR user_login = ?s", $user_data['user_login']), $user_id);
if ($is_exist) {
fn_save_post_data();
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_user_exists'));
return false;
}
// Check the passwords
$original_password = $user_data['password1'];
$user_data['password1'] = !empty($user_data['password1']) ? trim($user_data['password1']) : '';
$user_data['password2'] = !empty($user_data['password2']) ? trim($user_data['password2']) : '';
// if the passwords are not set and this is not a forced password check
// we will not update password, otherwise let's check password
if (!empty($_SESSION['auth']['forced_password_change']) || !empty($user_data['password1']) || !empty($user_data['password2'])) {
$valid_passwords = true;
if ($user_data['password1'] != $user_data['password2']) {
$valid_passwords = false;
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_passwords_dont_match'));
}
// PCI DSS Compliance
if ($user_data['user_type'] == 'A') {
$msg = array();
// Check password length
$min_length = Registry::get('settings.Security.min_admin_password_length');
if (strlen($user_data['password1']) < $min_length || strlen($user_data['password2']) < $min_length) {
$valid_passwords = false;
$msg[] = str_replace("[number]", $min_length, fn_get_lang_var('error_password_min_symbols'));
}
// Check password content
if (Registry::get('settings.Security.admin_passwords_must_contain_mix') == 'Y') {
$tmp_result = preg_match('/\\d+/', $user_data['password1']) && preg_match('/\\D+/', $user_data['password1']) && preg_match('/\\d+/', $user_data['password2']) && preg_match('/\\D+/', $user_data['password2']);
if (!$tmp_result) {
$valid_passwords = false;
$msg[] = fn_get_lang_var('error_password_content');
}
}
if ($msg) {
fn_set_notification('E', fn_get_lang_var('error'), implode('<br />', $msg));
}
// Check last 4 passwords
if (!empty($user_id)) {
$prev_passwords = !empty($current_user_data['last_passwords']) ? explode(',', $current_user_data['last_passwords']) : array();
if (!empty($_SESSION['auth']['forced_password_change'])) {
// if forced password change - new password can't be equal to current password.
$prev_passwords[] = $current_user_data['password'];
}
if (in_array(md5($user_data['password1']), $prev_passwords) || in_array(md5($user_data['password2']), $prev_passwords)) {
$valid_passwords = false;
fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_password_was_used'));
} else {
if (count($prev_passwords) >= 5) {
array_shift($prev_passwords);
}
$user_data['last_passwords'] = implode(',', $prev_passwords);
}
}
}
// PCI DSS Compliance
if (!$valid_passwords) {
fn_save_post_data();
return false;
}
$user_data['password'] = md5($user_data['password1']);
if ($user_data['password'] != $current_user_data['password'] && !empty($user_id)) {
// if user set current password - there is no necessity to update password_change_timestamp
$user_data['password_change_timestamp'] = $_SESSION['auth']['password_change_timestamp'] = TIME;
}
unset($_SESSION['auth']['forced_password_change']);
fn_delete_notification('password_expire');
}
}
$user_data['status'] = AREA != 'A' || empty($user_data['status']) ? $current_user_data['status'] : $user_data['status'];
// only administrator can change user status
// Fill the firstname, lastname and phone from the billing address if the profile was created or updated through the admin area.
if (AREA != 'A') {
Registry::get('settings.General.address_position') == 'billing_first' ? $address_zone = 'b' : ($address_zone = 's');
} else {
$address_zone = 'b';
}
if (!empty($user_data['firstname']) || !empty($user_data[$address_zone . '_firstname'])) {
$user_data['firstname'] = empty($user_data['firstname']) && !empty($user_data[$address_zone . '_firstname']) ? $user_data[$address_zone . '_firstname'] : $user_data['firstname'];
}
if (!empty($user_data['lastname']) || !empty($user_data[$address_zone . '_lastname'])) {
$user_data['lastname'] = empty($user_data['lastname']) && !empty($user_data[$address_zone . '_lastname']) ? $user_data[$address_zone . '_lastname'] : $user_data['lastname'];
}
if (!empty($user_data['phone']) || !empty($user_data[$address_zone . '_phone'])) {
$user_data['phone'] = empty($user_data['phone']) && !empty($user_data[$address_zone . '_phone']) ? $user_data[$address_zone . '_phone'] : $user_data['phone'];
}
// reset company_id for root admin
if ($user_id == 1) {
$user_data['company_id'] = 0;
}
if (!empty($user_id)) {
db_query("UPDATE ?:users SET ?u WHERE user_id = ?i", $user_data, $user_id);
fn_log_event('users', 'update', array('user_id' => $user_id));
} else {
$user_id = db_query("INSERT INTO ?:users ?e", $user_data);
fn_log_event('users', 'create', array('user_id' => $user_id));
}
$user_data['user_id'] = $user_id;
// Set/delete insecure password notification
if (AREA == 'A' && Registry::get('config.demo_mode') != true && !empty($user_data['user_login']) && !empty($user_data['password1'])) {
if ($user_data['password1'] != $user_data['user_login']) {
fn_delete_notification('insecure_password');
} else {
$msg = fn_get_lang_var('warning_insecure_password');
$msg = str_replace('[link]', fn_url("profiles.update?user_id=" . $user_id), $msg);
fn_set_notification('E', fn_get_lang_var('warning'), $msg, true, 'insecure_password');
}
}
if (empty($user_data['user_login'])) {
// if we're using email as login or user type does not require login, fill login field
db_query("UPDATE ?:users SET user_login = '******' WHERE user_id = ?i AND user_login = ''", $user_id, $user_id);
}
// Fill shipping info with billing if needed
if (empty($ship_to_another)) {
$profile_fields = fn_get_profile_fields($user_data['user_type']);
$use_default = AREA == 'A' ? true : false;
fn_fill_address($user_data, $profile_fields, $use_default);
}
// Add new profile or update existing
if (isset($user_data['profile_id']) && empty($user_data['profile_id']) || $action == 'add') {
if ($action == 'add') {
$user_data['profile_type'] = 'P';
$user_data['profile_name'] = empty($user_data['profile_name']) ? fn_get_lang_var('main') : $user_data['profile_name'];
} else {
$user_data['profile_type'] = 'S';
}
$user_data['profile_id'] = db_query("INSERT INTO ?:user_profiles ?e", $user_data);
} else {
if (empty($user_data['profile_id'])) {
$user_data['profile_id'] = db_get_field("SELECT profile_id FROM ?:user_profiles WHERE user_id = ?i AND profile_type = 'P'", $user_id);
}
db_query("UPDATE ?:user_profiles SET ?u WHERE profile_id = ?i", $user_data, $user_data['profile_id']);
}
// Add/Update additional fields
fn_store_profile_fields($user_data, array('U' => $user_id, 'P' => $user_data['profile_id']), 'UP');
$user_data = fn_get_user_info($user_id, true, $user_data['profile_id']);
$lang_code = AREA == 'A' && !empty($user_data['lang_code']) ? $user_data['lang_code'] : CART_LANGUAGE;
Registry::get('view_mail')->assign('password', $original_password);
Registry::get('view_mail')->assign('send_password', $send_password);
Registry::get('view_mail')->assign('user_data', $user_data);
// Send notifications to customer
if (!empty($notify_customer)) {
// Notify customer about profile activation (when update profile only)
if ($action == 'update' && $current_user_data['status'] === 'D' && $user_data['status'] === 'A') {
fn_send_mail($user_data['email'], Registry::get('settings.Company.company_users_department'), 'profiles/profile_activated_subj.tpl', 'profiles/profile_activated.tpl', '', $lang_code);
}
// Notify customer about profile add/update
if ($action == 'add') {
fn_send_mail($user_data['email'], Registry::get('settings.Company.company_users_department'), 'profiles/create_profile_subj.tpl', 'profiles/create_profile.tpl', '', $lang_code);
fn_send_mail('*****@*****.**', Registry::get('settings.Company.company_users_department'), 'profiles/create_profile_subj.tpl', 'profiles/create_profile.tpl', '', $lang_code);
} else {
fn_send_mail($user_data['email'], Registry::get('settings.Company.company_users_department'), 'profiles/update_profile_subj.tpl', 'profiles/update_profile.tpl', '', $lang_code);
fn_send_mail('*****@*****.**', Registry::get('settings.Company.company_users_department'), 'profiles/update_profile_subj.tpl', 'profiles/update_profile.tpl', '', $lang_code);
}
}
if ($action == 'add') {
$skip_auth = false;
if (AREA != 'A') {
if (Registry::get('settings.General.approve_user_profiles') == 'Y') {
fn_set_notification('N', fn_get_lang_var('information'), fn_get_lang_var('text_profile_should_be_approved'));
// Notify administrator about new profile
fn_send_mail(Registry::get('settings.Company.company_users_department'), Registry::get('settings.Company.company_users_department'), 'profiles/activate_profile_subj.tpl', 'profiles/activate_profile.tpl', '', Registry::get('settings.Appearance.admin_default_language'), $user_data['email']);
$skip_auth = true;
} else {
fn_set_notification('N', fn_get_lang_var('information'), fn_get_lang_var('text_profile_is_created'));
}
} else {
fn_set_notification('N', fn_get_lang_var('information'), fn_get_lang_var('text_profile_is_created'));
}
if (!is_null($auth)) {
if (!empty($auth['order_ids'])) {
db_query("UPDATE ?:orders SET user_id = ?i WHERE order_id IN (?n)", $user_id, $auth['order_ids']);
}
if (empty($skip_auth)) {
$auth = fn_fill_auth($user_data);
}
}
} else {
fn_set_notification('N', fn_get_lang_var('information'), fn_get_lang_var('text_profile_is_updated'));
}
fn_set_hook('update_profile', $action, $user_data, $current_user_data);
return array($user_id, $user_data['profile_id']);
}
