public function editAffiliate($affiliate_id, $data) { $this->db->query("UPDATE " . DB_PREFIX . "affiliate SET firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', telephone = '" . $this->db->escape($data['telephone']) . "', fax = '" . $this->db->escape($data['fax']) . "', company = '" . $this->db->escape($data['company']) . "', address_1 = '" . $this->db->escape($data['address_1']) . "', address_2 = '" . $this->db->escape($data['address_2']) . "', city = '" . $this->db->escape($data['city']) . "', postcode = '" . $this->db->escape($data['postcode']) . "', country_id = '" . (int) $data['country_id'] . "', zone_id = '" . (int) $data['zone_id'] . "', code = '" . $this->db->escape($data['code']) . "', commission = '" . (double) $data['commission'] . "', tax = '" . $this->db->escape($data['tax']) . "', payment = '" . $this->db->escape($data['payment']) . "', cheque = '" . $this->db->escape($data['cheque']) . "', paypal = '" . $this->db->escape($data['paypal']) . "', bank_name = '" . $this->db->escape($data['bank_name']) . "', bank_branch_number = '" . $this->db->escape($data['bank_branch_number']) . "', bank_swift_code = '" . $this->db->escape($data['bank_swift_code']) . "', bank_account_name = '" . $this->db->escape($data['bank_account_name']) . "', bank_account_number = '" . $this->db->escape($data['bank_account_number']) . "', status = '" . (int) $data['status'] . "' WHERE affiliate_id = '" . (int) $affiliate_id . "'"); if ($data['password']) { $this->db->query("UPDATE " . DB_PREFIX . "affiliate SET salt = '" . $this->db->escape($salt = substr(hash_rand('md5'), 0, 9)) . "', password = '******'password'])))) . "' WHERE affiliate_id = '" . (int) $affiliate_id . "'"); } }
public function mysql($data) { $db = new DB($data['db_driver'], $data['db_host'], $data['db_user'], $data['db_password'], $data['db_name']); $file = DIR_APPLICATION . 'opencart.sql'; if (!file_exists($file)) { exit('Could not load sql file: ' . $file); } $lines = file($file); if ($lines) { $sql = ''; foreach ($lines as $line) { if ($line && substr($line, 0, 2) != '--' && substr($line, 0, 1) != '#') { $sql .= $line; if (preg_match('/;\\s*$/', $line)) { $sql = str_replace("DROP TABLE IF EXISTS `oc_", "DROP TABLE IF EXISTS `" . $data['db_prefix'], $sql); $sql = str_replace("CREATE TABLE `oc_", "CREATE TABLE `" . $data['db_prefix'], $sql); $sql = str_replace("INSERT INTO `oc_", "INSERT INTO `" . $data['db_prefix'], $sql); $db->query($sql); $sql = ''; } } } $db->query("SET CHARACTER SET utf8"); $db->query("SET @@session.sql_mode = 'MYSQL40'"); $db->query("DELETE FROM `" . $data['db_prefix'] . "user` WHERE user_id = '1'"); $db->query("INSERT INTO `" . $data['db_prefix'] . "user` SET user_id = '1', user_group_id = '1', username = '******'username']) . "', salt = '" . $db->escape($salt = substr(md5(uniqid(rand(), true)), 0, 9)) . "', password = '******'password'])))) . "', status = '1', email = '" . $db->escape($data['email']) . "', date_added = NOW()"); $db->query("DELETE FROM `" . $data['db_prefix'] . "setting` WHERE `key` = 'config_email'"); $db->query("INSERT INTO `" . $data['db_prefix'] . "setting` SET `group` = 'config', `key` = 'config_email', value = '" . $db->escape($data['email']) . "'"); $db->query("DELETE FROM `" . $data['db_prefix'] . "setting` WHERE `key` = 'config_url'"); $db->query("INSERT INTO `" . $data['db_prefix'] . "setting` SET `group` = 'config', `key` = 'config_url', value = '" . $db->escape(HTTP_OPENCART) . "'"); $db->query("DELETE FROM `" . $data['db_prefix'] . "setting` WHERE `key` = 'config_encryption'"); $db->query("INSERT INTO `" . $data['db_prefix'] . "setting` SET `group` = 'config', `key` = 'config_encryption', value = '" . $db->escape(hash_rand('md5')) . "'"); $db->query("UPDATE `" . $data['db_prefix'] . "product` SET `viewed` = '0'"); } }
public function index() { if (!$this->config->get('config_password')) { $this->redirect($this->url->link('common/login', '', 'SSL')); } $this->language->load('common/forgotten'); $this->document->setTitle($this->language->get('heading_title')); $this->load->model('user/user'); if ($this->request->server['REQUEST_METHOD'] == 'POST' && $this->validate()) { $this->language->load('mail/forgotten'); $code = hash_rand('sha1'); $this->model_user_user->editCode($this->request->post['email'], $code); $subject = sprintf($this->language->get('text_subject'), $this->config->get('config_name')); $message = sprintf($this->language->get('text_greeting'), $this->config->get('config_name')) . "\n\n"; $message .= sprintf($this->language->get('text_change'), $this->config->get('config_name')) . "\n\n"; $message .= $this->url->link('common/reset', 'code=' . $code, 'SSL') . "\n\n"; $message .= sprintf($this->language->get('text_ip'), $this->request->server['REMOTE_ADDR']) . "\n\n"; $mail = new Mail(); $mail->protocol = $this->config->get('config_mail_protocol'); $mail->parameter = $this->config->get('config_mail_parameter'); $mail->hostname = $this->config->get('config_smtp_host'); $mail->username = $this->config->get('config_smtp_username'); $mail->password = $this->config->get('config_smtp_password'); $mail->port = $this->config->get('config_smtp_port'); $mail->timeout = $this->config->get('config_smtp_timeout'); $mail->setTo($this->request->post['email']); $mail->setFrom($this->config->get('config_email')); $mail->setSender($this->config->get('config_name')); $mail->setSubject(html_entity_decode($subject, ENT_QUOTES, 'UTF-8')); $mail->setText(html_entity_decode($message, ENT_QUOTES, 'UTF-8')); $mail->send(); $this->session->data['success'] = $this->language->get('text_success'); $this->redirect($this->url->link('common/login', '', 'SSL')); } $this->data['breadcrumbs'] = array(); $this->data['breadcrumbs'][] = array('text' => $this->language->get('text_home'), 'href' => $this->url->link('common/home', '', 'SSL'), 'separator' => false); $this->data['breadcrumbs'][] = array('text' => $this->language->get('text_forgotten'), 'href' => $this->url->link('common/forgotten', '', 'SSL'), 'separator' => $this->language->get('text_separator')); $this->data['heading_title'] = $this->language->get('heading_title'); $this->data['text_your_email'] = $this->language->get('text_your_email'); $this->data['text_email'] = $this->language->get('text_email'); $this->data['entry_email'] = $this->language->get('entry_email'); $this->data['button_reset'] = $this->language->get('button_reset'); $this->data['button_cancel'] = $this->language->get('button_cancel'); if (isset($this->error['warning'])) { $this->data['error_warning'] = $this->error['warning']; } else { $this->data['error_warning'] = ''; } $this->data['action'] = $this->url->link('common/forgotten', '', 'SSL'); $this->data['cancel'] = $this->url->link('common/login', '', 'SSL'); if (isset($this->request->post['email'])) { $this->data['email'] = $this->request->post['email']; } else { $this->data['email'] = ''; } $this->template = 'common/forgotten.tpl'; $this->children = array('common/header', 'common/footer'); $this->response->setOutput($this->render()); }
public function index() { $this->language->load('tool/upload'); $json = array(); if (!empty($this->request->files['file']['name']) && is_file($this->request->files['file']['tmp_name'])) { // Sanitize the filename $filename = basename(preg_replace('/[^a-zA-Z0-9\\.\\-\\s+]/', '', html_entity_decode($this->request->files['file']['name'], ENT_QUOTES, 'UTF-8'))); // Validate the filename length if (utf8_strlen($filename) < 3 || utf8_strlen($filename) > 64) { $json['error'] = $this->language->get('error_filename'); } // Allowed file extension types $allowed = array(); $extension_allowed = preg_replace('~\\r?\\n~', "\n", $this->config->get('config_file_ext_allowed')); $filetypes = explode("\n", $extension_allowed); foreach ($filetypes as $filetype) { $allowed[] = trim($filetype); } if (!in_array(strtolower(substr(strrchr($filename, '.'), 1)), $allowed)) { $json['error'] = $this->language->get('error_filetype'); } // Allowed file mime types $allowed = array(); $mime_allowed = preg_replace('~\\r?\\n~', "\n", $this->config->get('config_file_mime_allowed')); $filetypes = explode("\n", $mime_allowed); foreach ($filetypes as $filetype) { $allowed[] = trim($filetype); } if (!in_array($this->request->files['file']['type'], $allowed)) { $json['error'] = $this->language->get('error_filetype'); } // Check to see if any PHP files are trying to be uploaded $content = file_get_contents($this->request->files['file']['tmp_name']); if (preg_match('/\\<\\?php/i', $content)) { $json['error'] = $this->language->get('error_filetype'); } // Return any upload error if ($this->request->files['file']['error'] != UPLOAD_ERR_OK) { $json['error'] = $this->language->get('error_upload_' . $this->request->files['file']['error']); } } else { $json['error'] = $this->language->get('error_upload'); } clearstatcache(); if (!$json && is_uploaded_file($this->request->files['file']['tmp_name']) && file_exists($this->request->files['file']['tmp_name'])) { $file = basename($filename) . '.' . hash_rand('md5'); move_uploaded_file($this->request->files['file']['tmp_name'], DIR_UPLOAD . $file); // Hide the uploaded file name so people can not link to it directly. $this->load->model('tool/upload'); $json['code'] = $this->model_tool_upload->addUpload($filename, $file); $json['success'] = $this->language->get('text_upload'); } $this->response->addHeader('Content-Type: application/json'); $this->response->setOutput(json_encode($json)); }
public function editCustomer($customer_id, $data) { $this->db->query("UPDATE " . DB_PREFIX . "customer SET firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', telephone = '" . $this->db->escape($data['telephone']) . "', fax = '" . (isset($data['fax']) ? (int) $data['fax'] : 0) . "', gender = '" . (isset($data['gender']) ? (int) $data['gender'] : 0) . "', date_of_birth = '" . $this->db->escape($data['date_of_birth']) . "', newsletter = '" . (int) $data['newsletter'] . "', customer_group_id = '" . (int) $data['customer_group_id'] . "', status = '" . (int) $data['status'] . "', approved = '" . (int) $data['approved'] . "' WHERE customer_id = '" . (int) $customer_id . "'"); if ($data['password']) { $this->db->query("UPDATE " . DB_PREFIX . "customer SET salt = '" . $this->db->escape($salt = substr(hash_rand('md5'), 0, 9)) . "', password = '******'password'])))) . "' WHERE customer_id = '" . (int) $customer_id . "'"); } $this->db->query("DELETE FROM " . DB_PREFIX . "address WHERE customer_id = '" . (int) $customer_id . "'"); if (isset($data['address'])) { foreach ($data['address'] as $address) { $this->db->query("INSERT INTO " . DB_PREFIX . "address SET address_id = '" . (int) $address['address_id'] . "', customer_id = '" . (int) $customer_id . "', firstname = '" . $this->db->escape($address['firstname']) . "', lastname = '" . $this->db->escape($address['lastname']) . "', company = '" . $this->db->escape($address['company']) . "', company_id = '" . $this->db->escape($address['company_id']) . "', tax_id = '" . $this->db->escape($address['tax_id']) . "', address_1 = '" . $this->db->escape($address['address_1']) . "', address_2 = '" . $this->db->escape($address['address_2']) . "', city = '" . $this->db->escape($address['city']) . "', postcode = '" . $this->db->escape($address['postcode']) . "', country_id = '" . (int) $address['country_id'] . "', zone_id = '" . (int) $address['zone_id'] . "'"); if (isset($address['default'])) { $address_id = $this->db->getLastId(); $this->db->query("UPDATE " . DB_PREFIX . "customer SET address_id = '" . (int) $address_id . "' WHERE customer_id = '" . (int) $customer_id . "'"); } } } }
public function editPassword($user_id, $password) { $this->db->query("UPDATE `" . DB_PREFIX . "user` SET salt = '" . $this->db->escape($salt = substr(hash_rand('md5'), 0, 9)) . "', password = '******', code = '' WHERE user_id = '" . (int) $user_id . "'"); }
public function index() { $this->language->load('common/login'); $this->document->setTitle($this->language->get('heading_title')); if ($this->user->isLogged() && isset($this->request->get['token']) && $this->request->get['token'] == $this->session->data['token']) { $this->redirect($this->url->link('common/home', 'token=' . $this->session->data['token'], 'SSL')); } if ($this->request->server['REQUEST_METHOD'] == 'POST' && $this->validate()) { $this->session->data['token'] = hash_rand('md5'); if (isset($this->request->post['redirect']) && (strpos($this->request->post['redirect'], HTTP_SERVER) === 0 || strpos($this->request->post['redirect'], HTTPS_SERVER) === 0)) { $this->redirect($this->request->post['redirect'] . '&token=' . $this->session->data['token']); } else { $this->redirect($this->url->link('common/home', 'token=' . $this->session->data['token'], 'SSL')); } } $this->data['heading_title'] = $this->language->get('heading_title'); $this->data['text_login'] = $this->language->get('text_login'); $this->data['text_forgotten'] = $this->language->get('text_forgotten'); $this->data['entry_username'] = $this->language->get('entry_username'); $this->data['entry_password'] = $this->language->get('entry_password'); $this->data['button_login'] = $this->language->get('button_login'); if (isset($this->session->data['token']) && !isset($this->request->get['token']) || isset($this->request->get['token']) && (isset($this->session->data['token']) && $this->request->get['token'] != $this->session->data['token'])) { $this->error['warning'] = $this->language->get('error_token'); } if (isset($this->error['warning'])) { $this->data['error_warning'] = $this->error['warning']; } else { $this->data['error_warning'] = ''; } if (isset($this->session->data['success'])) { $this->data['success'] = $this->session->data['success']; unset($this->session->data['success']); } else { $this->data['success'] = ''; } $this->data['action'] = $this->url->link('common/login', '', 'SSL'); if (isset($this->request->post['username'])) { $this->data['username'] = $this->request->post['username']; } else { $this->data['username'] = ''; } if (isset($this->request->post['password'])) { $this->data['password'] = $this->request->post['password']; } else { $this->data['password'] = ''; } if (isset($this->request->get['route'])) { $route = $this->request->get['route']; unset($this->request->get['route']); if (isset($this->request->get['token'])) { unset($this->request->get['token']); } $url = ''; if ($this->request->get) { $url .= http_build_query($this->request->get); } $this->data['redirect'] = $this->url->link($route, $url, 'SSL'); } else { $this->data['redirect'] = ''; } if ($this->config->get('config_password')) { $this->data['forgotten'] = $this->url->link('common/forgotten', '', 'SSL'); } else { $this->data['forgotten'] = ''; } $this->template = 'common/login.tpl'; $this->children = array('common/header', 'common/footer'); $this->response->setOutput($this->render()); }
public function editPassword($email, $password) { $this->db->query("UPDATE " . DB_PREFIX . "customer SET salt = '" . $this->db->escape($salt = substr(hash_rand('md5'), 0, 9)) . "', password = '******' WHERE LOWER(email) = '" . $this->db->escape(utf8_strtolower($email)) . "'"); }
public function index() { if ($this->affiliate->isLogged()) { $this->redirect($this->url->link('affiliate/account', '', 'SSL')); } if ($this->config->get('config_secure') && !$this->request->isSecure()) { $this->redirect($this->url->link('affiliate/forgotten', '', 'SSL'), 301); } $this->language->load('affiliate/forgotten'); $this->document->setTitle($this->language->get('heading_title')); $this->load->model('affiliate/affiliate'); if ($this->request->server['REQUEST_METHOD'] == 'POST' && $this->validate()) { $this->language->load('mail/forgotten'); $password = substr(hash_rand('md5'), 0, 10); $this->model_affiliate_affiliate->editPassword($this->request->post['email'], $password); $subject = sprintf($this->language->get('text_subject'), $this->config->get('config_name')); $message = sprintf($this->language->get('text_greeting'), $this->config->get('config_name')) . "\n\n"; $message .= $this->language->get('text_password') . "\n\n"; $message .= $password; $mail = new Mail(); $mail->protocol = $this->config->get('config_mail_protocol'); $mail->parameter = $this->config->get('config_mail_parameter'); $mail->hostname = $this->config->get('config_smtp_host'); $mail->username = $this->config->get('config_smtp_username'); $mail->password = $this->config->get('config_smtp_password'); $mail->port = $this->config->get('config_smtp_port'); $mail->timeout = $this->config->get('config_smtp_timeout'); $mail->setTo($this->request->post['email']); $mail->setFrom($this->config->get('config_email')); $mail->setSender($this->config->get('config_name')); $mail->setSubject(html_entity_decode($subject, ENT_QUOTES, 'UTF-8')); $mail->setText(html_entity_decode($message, ENT_QUOTES, 'UTF-8')); $mail->send(); $this->session->data['success'] = $this->language->get('text_success'); $this->redirect($this->url->link('affiliate/login', '', 'SSL')); } $this->data['breadcrumbs'] = array(); $this->data['breadcrumbs'][] = array('text' => $this->language->get('text_home'), 'href' => $this->url->link('common/home'), 'separator' => false); $this->data['breadcrumbs'][] = array('text' => $this->language->get('text_account'), 'href' => $this->url->link('affiliate/account', '', 'SSL'), 'separator' => $this->language->get('text_separator')); $this->data['breadcrumbs'][] = array('text' => $this->language->get('text_forgotten'), 'href' => $this->url->link('affiliate/forgotten', '', 'SSL'), 'separator' => $this->language->get('text_separator')); $this->data['heading_title'] = $this->language->get('heading_title'); $this->data['text_your_email'] = $this->language->get('text_your_email'); $this->data['text_email'] = $this->language->get('text_email'); $this->data['entry_email'] = $this->language->get('entry_email'); $this->data['button_continue'] = $this->language->get('button_continue'); $this->data['button_back'] = $this->language->get('button_back'); if (isset($this->error['warning'])) { $this->data['error_warning'] = $this->error['warning']; } else { $this->data['error_warning'] = ''; } $this->data['action'] = $this->url->link('affiliate/forgotten', '', 'SSL'); $this->data['back'] = $this->url->link('affiliate/login', '', 'SSL'); if (file_exists(DIR_TEMPLATE . $this->config->get('config_template') . '/template/affiliate/forgotten.tpl')) { $this->template = $this->config->get('config_template') . '/template/affiliate/forgotten.tpl'; } else { $this->template = 'default/template/affiliate/forgotten.tpl'; } $this->children = array('common/column_left', 'common/column_right', 'common/content_top', 'common/content_bottom', 'common/footer', 'common/header'); $this->response->setOutput($this->render()); }
public function upload() { $this->language->load('catalog/download'); $json = array(); if (!$this->user->hasPermission('modify', 'catalog/download')) { $json['error'] = $this->language->get('error_permission'); } if (!isset($json['error'])) { if (!empty($this->request->files['file']['name'])) { $filename = basename(html_entity_decode($this->request->files['file']['name'], ENT_QUOTES, 'UTF-8')); if (utf8_strlen($filename) < 3 || utf8_strlen($filename) > 128) { $json['error'] = $this->language->get('error_filename'); } // Allowed file extension types $allowed = array(); $filetypes = explode("\n", str_replace(array("\r\n", "\r"), "\n", $this->config->get('config_file_extension_allowed'))); foreach ($filetypes as $filetype) { $allowed[] = trim($filetype); } if (!in_array(substr(strrchr($filename, '.'), 1), $allowed)) { $json['error'] = $this->language->get('error_filetype'); } // Allowed file mime types $allowed = array(); $filetypes = explode("\n", str_replace(array("\r\n", "\r"), "\n", $this->config->get('config_file_mime_allowed'))); foreach ($filetypes as $filetype) { $allowed[] = trim($filetype); } if (!in_array($this->request->files['file']['type'], $allowed)) { $json['error'] = $this->language->get('error_filetype'); } // Check to see if any PHP files are trying to be uploaded $content = file_get_contents($this->request->files['file']['tmp_name']); if (preg_match('/\\<\\?php/i', $content)) { $json['error'] = $this->language->get('error_filetype'); } if ($this->request->files['file']['error'] != UPLOAD_ERR_OK) { $json['error'] = $this->language->get('error_upload_' . $this->request->files['file']['error']); } } else { $json['error'] = $this->language->get('error_upload'); } } if (!isset($json['error'])) { if (is_uploaded_file($this->request->files['file']['tmp_name']) && file_exists($this->request->files['file']['tmp_name'])) { $ext = hash_rand('md5'); $json['filename'] = $filename . '.' . $ext; $json['mask'] = $filename; move_uploaded_file($this->request->files['file']['tmp_name'], DIR_DOWNLOAD . $filename . '.' . $ext); } $json['success'] = $this->language->get('text_upload'); } $this->response->setOutput(json_encode($json)); }
public function upload() { $this->language->load('sale/order'); $json = array(); if ($this->request->server['REQUEST_METHOD'] == 'POST') { if (!empty($this->request->files['file']['name'])) { $filename = html_entity_decode($this->request->files['file']['name'], ENT_QUOTES, 'UTF-8'); if (utf8_strlen($filename) < 3 || utf8_strlen($filename) > 128) { $json['error'] = $this->language->get('error_filename'); } // Allowed file extension types $allowed = array(); $filetypes = explode("\n", str_replace(array("\r\n", "\r"), "\n", $this->config->get('config_file_extension_allowed'))); foreach ($filetypes as $filetype) { $allowed[] = trim($filetype); } if (!in_array(substr(strrchr($filename, '.'), 1), $allowed)) { $json['error'] = $this->language->get('error_filetype'); } // Allowed file mime types $allowed = array(); $filetypes = explode("\n", str_replace(array("\r\n", "\r"), "\n", $this->config->get('config_file_mime_allowed'))); foreach ($filetypes as $filetype) { $allowed[] = trim($filetype); } if (!in_array($this->request->files['file']['type'], $allowed)) { $json['error'] = $this->language->get('error_filetype'); } if ($this->request->files['file']['error'] != UPLOAD_ERR_OK) { $json['error'] = $this->language->get('error_upload_' . $this->request->files['file']['error']); } } else { $json['error'] = $this->language->get('error_upload'); } if (!isset($json['error'])) { if (is_uploaded_file($this->request->files['file']['tmp_name']) && file_exists($this->request->files['file']['tmp_name'])) { $file = basename($filename) . '.' . hash_rand('md5'); $json['file'] = $file; move_uploaded_file($this->request->files['file']['tmp_name'], DIR_DOWNLOAD . $file); } $json['success'] = $this->language->get('text_upload'); } } $this->response->setOutput(json_encode($json)); }
public function index() { $redirect = ''; if ($this->cart->hasShipping()) { // Validate if shipping address has been set $this->load->model('account/address'); if ($this->customer->isLogged() && isset($this->session->data['shipping_address_id'])) { $shipping_address = $this->model_account_address->getAddress($this->session->data['shipping_address_id']); } if (empty($shipping_address)) { $redirect = $this->url->link('checkout_express/checkout', '', 'SSL'); } // Validate if shipping method has been set if (!isset($this->session->data['shipping_method'])) { $redirect = $this->url->link('checkout_express/checkout', '', 'SSL'); } } else { unset($this->session->data['shipping_method']); unset($this->session->data['shipping_methods']); } // Validate if payment address has been set $this->load->model('account/address'); if ($this->customer->isLogged() && isset($this->session->data['payment_address_id'])) { $payment_address = $this->model_account_address->getAddress($this->session->data['payment_address_id']); } if (empty($payment_address) && !$this->config->get('config_express_billing')) { if (isset($this->session->data['shipping_country_id'])) { $payment_address['country_id'] = $this->session->data['shipping_country_id']; } else { $payment_address['country_id'] = $this->config->get('config_country_id'); } if (isset($this->session->data['shipping_zone_id'])) { $payment_address['zone_id'] = $this->session->data['shipping_zone_id']; } else { $payment_address['zone_id'] = ''; } } if (empty($payment_address)) { $redirect = $this->url->link('checkout_express/checkout', '', 'SSL'); } // Validate if payment method has been set if (!isset($this->session->data['payment_method'])) { $redirect = $this->url->link('checkout_express/checkout', '', 'SSL'); } // Validate cart has products and has stock if (!$this->cart->hasProducts() && empty($this->session->data['vouchers']) || !$this->cart->hasStock() && !$this->config->get('config_stock_checkout')) { $redirect = $this->url->link('checkout/cart'); } // Validate minimum quantity requirements $products = $this->cart->getProducts(); foreach ($products as $product) { $product_total = 0; foreach ($products as $product_2) { if ($product_2['product_id'] == $product['product_id']) { $product_total += $product_2['quantity']; } } if ($product['minimum'] > $product_total) { $redirect = $this->url->link('checkout/cart'); break; } } if (!$redirect) { // Totals $total_data = array(); $total = 0; $taxes = $this->cart->getTaxes(); $this->load->model('setting/extension'); $sort_order = array(); $results = $this->model_setting_extension->getExtensions('total'); foreach ($results as $key => $value) { $sort_order[$key] = $this->config->get($value['code'] . '_sort_order'); } array_multisort($sort_order, SORT_ASC, $results); foreach ($results as $result) { if ($this->config->get($result['code'] . '_status')) { $this->load->model('total/' . $result['code']); $this->{'model_total_' . $result['code']}->getTotal($total_data, $total, $taxes); } } $sort_order = array(); foreach ($total_data as $key => $value) { $sort_order[$key] = $value['sort_order']; } array_multisort($sort_order, SORT_ASC, $total_data); $data = array(); $data['invoice_prefix'] = $this->config->get('config_invoice_prefix'); $data['store_id'] = $this->config->get('config_store_id'); $data['store_name'] = $this->config->get('config_name'); if ($data['store_id']) { $data['store_url'] = $this->config->get('config_url'); } else { $data['store_url'] = HTTP_SERVER; } if ($this->customer->isLogged()) { $data['customer_id'] = $this->customer->getId(); $data['customer_group_id'] = $this->customer->getCustomerGroupId(); $data['firstname'] = $this->customer->getFirstName(); $data['lastname'] = $this->customer->getLastName(); $data['email'] = $this->customer->getEmail(); $data['telephone'] = $this->customer->getTelephone(); $data['fax'] = $this->customer->getFax(); if ($this->config->get('config_express_billing')) { $this->load->model('account/address'); $payment_address = $this->model_account_address->getAddress($this->session->data['payment_address_id']); $data['payment_firstname'] = $payment_address['firstname']; $data['payment_lastname'] = $payment_address['lastname']; $data['payment_company'] = $payment_address['company']; $data['payment_company_id'] = $payment_address['company_id']; $data['payment_tax_id'] = $payment_address['tax_id']; $data['payment_address_1'] = $payment_address['address_1']; $data['payment_address_2'] = $payment_address['address_2']; $data['payment_city'] = $payment_address['city']; $data['payment_postcode'] = $payment_address['postcode']; $data['payment_zone'] = $payment_address['zone']; $data['payment_zone_id'] = $payment_address['zone_id']; $data['payment_country'] = $payment_address['country']; $data['payment_country_id'] = $payment_address['country_id']; $data['payment_address_format'] = $payment_address['address_format']; } else { $data['payment_firstname'] = ''; $data['payment_lastname'] = ''; $data['payment_company'] = ''; $data['payment_company_id'] = ''; $data['payment_tax_id'] = ''; $data['payment_address_1'] = ''; $data['payment_address_2'] = ''; $data['payment_city'] = ''; $data['payment_postcode'] = ''; $data['payment_zone'] = ''; $data['payment_zone_id'] = ''; $data['payment_country'] = ''; $data['payment_country_id'] = ''; $data['payment_address_format'] = ''; } } if (isset($this->session->data['payment_method']['title'])) { $data['payment_method'] = $this->session->data['payment_method']['title']; } else { $data['payment_method'] = ''; } if (isset($this->session->data['payment_method']['code'])) { $data['payment_code'] = $this->session->data['payment_method']['code']; } else { $data['payment_code'] = ''; } if ($this->cart->hasShipping()) { if ($this->customer->isLogged()) { $this->load->model('account/address'); $shipping_address = $this->model_account_address->getAddress($this->session->data['shipping_address_id']); } $data['shipping_firstname'] = $shipping_address['firstname']; $data['shipping_lastname'] = $shipping_address['lastname']; $data['shipping_company'] = $shipping_address['company']; $data['shipping_address_1'] = $shipping_address['address_1']; $data['shipping_address_2'] = $shipping_address['address_2']; $data['shipping_city'] = $shipping_address['city']; $data['shipping_postcode'] = $shipping_address['postcode']; $data['shipping_zone'] = $shipping_address['zone']; $data['shipping_zone_id'] = $shipping_address['zone_id']; $data['shipping_country'] = $shipping_address['country']; $data['shipping_country_id'] = $shipping_address['country_id']; $data['shipping_address_format'] = $shipping_address['address_format']; if (isset($this->session->data['shipping_method']['title'])) { $data['shipping_method'] = $this->session->data['shipping_method']['title']; } else { $data['shipping_method'] = ''; } if (isset($this->session->data['shipping_method']['code'])) { $data['shipping_code'] = $this->session->data['shipping_method']['code']; } else { $data['shipping_code'] = ''; } } else { $data['shipping_firstname'] = ''; $data['shipping_lastname'] = ''; $data['shipping_company'] = ''; $data['shipping_address_1'] = ''; $data['shipping_address_2'] = ''; $data['shipping_city'] = ''; $data['shipping_postcode'] = ''; $data['shipping_zone'] = ''; $data['shipping_zone_id'] = ''; $data['shipping_country'] = ''; $data['shipping_country_id'] = ''; $data['shipping_address_format'] = ''; $data['shipping_method'] = ''; $data['shipping_code'] = ''; } $product_data = array(); foreach ($this->cart->getProducts() as $product) { $option_data = array(); foreach ($product['option'] as $option) { if ($option['type'] != 'file') { $value = $option['option_value']; } else { $value = $this->encryption->decrypt($option['option_value']); } $option_data[] = array('product_option_id' => $option['product_option_id'], 'product_option_value_id' => $option['product_option_value_id'], 'option_id' => $option['option_id'], 'option_value_id' => $option['option_value_id'], 'name' => $option['name'], 'value' => $value, 'type' => $option['type']); } $product_data[] = array('product_id' => $product['product_id'], 'name' => $product['name'], 'model' => $product['model'], 'option' => $option_data, 'download' => $product['download'], 'quantity' => $product['quantity'], 'subtract' => $product['subtract'], 'price' => $product['price'], 'cost' => $product['cost'], 'total' => $product['total'], 'tax' => $this->tax->getTax($product['price'], $product['tax_class_id']), 'reward' => $product['reward']); } // Gift Voucher $voucher_data = array(); if (!empty($this->session->data['vouchers'])) { foreach ($this->session->data['vouchers'] as $voucher) { $voucher_data[] = array('description' => $voucher['description'], 'code' => substr(hash_rand('md5'), 0, 10), 'to_name' => $voucher['to_name'], 'to_email' => $voucher['to_email'], 'from_name' => $voucher['from_name'], 'from_email' => $voucher['from_email'], 'voucher_theme_id' => $voucher['voucher_theme_id'], 'message' => $voucher['message'], 'amount' => $voucher['amount']); } } $data['products'] = $product_data; $data['vouchers'] = $voucher_data; $data['totals'] = $total_data; $data['comment'] = $this->session->data['comment']; $data['total'] = $total; if (isset($this->request->cookie['tracking'])) { $this->load->model('affiliate/affiliate'); $affiliate_info = $this->model_affiliate_affiliate->getAffiliateByCode($this->request->cookie['tracking']); $subtotal = $this->cart->getSubTotal(); if ($affiliate_info) { $data['affiliate_id'] = $affiliate_info['affiliate_id']; $data['commission'] = $subtotal / 100 * $affiliate_info['commission']; } else { $data['affiliate_id'] = 0; $data['commission'] = 0; } } else { $data['affiliate_id'] = 0; $data['commission'] = 0; } $data['language_id'] = $this->config->get('config_language_id'); $data['currency_id'] = $this->currency->getId(); $data['currency_code'] = $this->currency->getCode(); $data['currency_value'] = $this->currency->getValue($this->currency->getCode()); $data['ip'] = $this->request->server['REMOTE_ADDR']; if (!empty($this->request->server['HTTP_X_FORWARDED_FOR'])) { $data['forwarded_ip'] = $this->request->server['HTTP_X_FORWARDED_FOR']; } elseif (!empty($this->request->server['HTTP_CLIENT_IP'])) { $data['forwarded_ip'] = $this->request->server['HTTP_CLIENT_IP']; } else { $data['forwarded_ip'] = ''; } if (isset($this->request->server['HTTP_USER_AGENT'])) { $data['user_agent'] = $this->request->server['HTTP_USER_AGENT']; } else { $data['user_agent'] = ''; } if (isset($this->request->server['HTTP_ACCEPT_LANGUAGE'])) { $data['accept_language'] = $this->request->server['HTTP_ACCEPT_LANGUAGE']; } else { $data['accept_language'] = ''; } $this->language->load('checkout/checkout_express'); $this->load->model('checkout/order'); $this->session->data['order_id'] = $this->model_checkout_order->addOrder($data); // Language $this->data['text_checkout_confirm'] = $this->language->get('text_checkout_confirm'); if ($this->customer->isLogged()) { $this->load->model('account/address'); if (isset($this->session->data['shipping_address_id'])) { $ship_address = $this->model_account_address->getAddress($this->session->data['shipping_address_id']); } elseif (isset($this->session->data['payment_address_id'])) { $ship_address = $this->model_account_address->getAddress($this->session->data['payment_address_id']); } else { $customer_id = $this->customer->getId(); $address_id = $this->model_account_address->getDefaultAddressId($customer_id); $ship_address = $this->model_account_address->getAddress($address_id); } $this->data['shipping_firstname'] = $ship_address['firstname']; $this->data['shipping_lastname'] = $ship_address['lastname']; $this->data['shipping_company'] = $ship_address['company']; $this->data['shipping_address_1'] = $ship_address['address_1']; $this->data['shipping_address_2'] = $ship_address['address_2']; $this->data['shipping_city'] = $ship_address['city']; $this->data['shipping_postcode'] = $ship_address['postcode']; $this->data['shipping_zone'] = $ship_address['zone']; $this->data['shipping_country'] = $ship_address['country']; } else { $this->data['shipping_firstname'] = ''; $this->data['shipping_lastname'] = ''; $this->data['shipping_company'] = ''; $this->data['shipping_address_1'] = ''; $this->data['shipping_address_2'] = ''; $this->data['shipping_city'] = ''; $this->data['shipping_postcode'] = ''; $this->data['shipping_zone'] = ''; $this->data['shipping_country'] = ''; } if (isset($this->session->data['shipping_method']['title'])) { $this->data['shipping_method_selected'] = $this->session->data['shipping_method']['title']; } else { $this->data['shipping_method_selected'] = ''; } if (isset($this->session->data['payment_method']['title'])) { $this->data['payment_method_selected'] = $this->session->data['payment_method']['title']; } else { $this->data['payment_method_selected'] = ''; } if (isset($this->session->data['comment'])) { $this->data['order_comment'] = $this->session->data['comment']; } else { $this->data['order_comment'] = ''; } $this->data['column_name'] = $this->language->get('column_name'); $this->data['column_model'] = $this->language->get('column_model'); $this->data['column_quantity'] = $this->language->get('column_quantity'); $this->data['column_price'] = $this->language->get('column_price'); $this->data['column_total'] = $this->language->get('column_total'); $this->data['text_recurring_item'] = $this->language->get('text_recurring_item'); $this->data['text_payment_profile'] = $this->language->get('text_payment_profile'); $this->data['products'] = array(); foreach ($this->cart->getProducts() as $product) { $option_data = array(); foreach ($product['option'] as $option) { if ($option['type'] != 'file') { $value = $option['option_value']; } else { $filename = $this->encryption->decrypt($option['option_value']); $value = utf8_substr($filename, 0, utf8_strrpos($filename, '.')); } $option_data[] = array('name' => $option['name'], 'value' => utf8_strlen($value) > 20 ? utf8_substr($value, 0, 20) . '..' : $value); } $profile_description = ''; if ($product['recurring']) { $frequencies = array('day' => $this->language->get('text_day'), 'week' => $this->language->get('text_week'), 'semi_month' => $this->language->get('text_semi_month'), 'month' => $this->language->get('text_month'), 'year' => $this->language->get('text_year')); if ($product['recurring_trial']) { $recurring_price = $this->currency->format($this->tax->calculate($product['recurring_trial_price'] * $product['quantity'], $product['tax_class_id'], $this->config->get('config_tax'))); $profile_description = sprintf($this->language->get('text_trial_description'), $recurring_price, $product['recurring_trial_cycle'], $frequencies[$product['recurring_trial_frequency']], $product['recurring_trial_duration']) . ' '; } $recurring_price = $this->currency->format($this->tax->calculate($product['recurring_price'] * $product['quantity'], $product['tax_class_id'], $this->config->get('config_tax'))); if ($product['recurring_duration']) { $profile_description .= sprintf($this->language->get('text_payment_description'), $recurring_price, $product['recurring_cycle'], $frequencies[$product['recurring_frequency']], $product['recurring_duration']); } else { $profile_description .= sprintf($this->language->get('text_payment_until_canceled_description'), $recurring_price, $product['recurring_cycle'], $frequencies[$product['recurring_frequency']], $product['recurring_duration']); } } $this->data['products'][] = array('product_id' => $product['product_id'], 'name' => $product['name'], 'model' => $product['model'], 'option' => $option_data, 'quantity' => $product['quantity'], 'subtract' => $product['subtract'], 'price' => $this->currency->format($this->tax->calculate($product['price'], $product['tax_class_id'], $this->config->get('config_tax'))), 'total' => $this->currency->format($this->tax->calculate($product['price'], $product['tax_class_id'], $this->config->get('config_tax')) * $product['quantity']), 'href' => $this->url->link('product/product', 'product_id=' . $product['product_id']), 'recurring' => $product['recurring'], 'profile_name' => $product['profile_name'], 'profile_description' => $profile_description); } // Gift Voucher $this->data['vouchers'] = array(); if (!empty($this->session->data['vouchers'])) { foreach ($this->session->data['vouchers'] as $voucher) { $this->data['vouchers'][] = array('description' => $voucher['description'], 'amount' => $this->currency->format($voucher['amount'])); } } $this->data['totals'] = $total_data; $this->data['payment'] = $this->getChild('payment/' . $this->session->data['payment_method']['code']); } else { $this->data['redirect'] = $redirect; } // Theme $this->data['template'] = $this->config->get('config_template'); if (file_exists(DIR_TEMPLATE . $this->config->get('config_template') . '/template/checkout_express/confirm.tpl')) { $this->template = $this->config->get('config_template') . '/template/checkout_express/confirm.tpl'; } else { $this->template = 'default/template/checkout_express/confirm.tpl'; } $this->response->setOutput($this->render()); }
public function index() { $this->language->load('payment/paymate'); $this->document->setTitle($this->language->get('heading_title')); $this->load->model('setting/setting'); if ($this->request->server['REQUEST_METHOD'] == 'POST' && $this->validate()) { $this->model_setting_setting->editSetting('paymate', $this->request->post); $this->session->data['success'] = $this->language->get('text_success'); $this->redirect($this->url->link('extension/payment', 'token=' . $this->session->data['token'], 'SSL')); } $this->data['heading_title'] = $this->language->get('heading_title'); $this->data['text_enabled'] = $this->language->get('text_enabled'); $this->data['text_disabled'] = $this->language->get('text_disabled'); $this->data['text_all_zones'] = $this->language->get('text_all_zones'); $this->data['text_yes'] = $this->language->get('text_yes'); $this->data['text_no'] = $this->language->get('text_no'); $this->data['entry_username'] = $this->language->get('entry_username'); $this->data['entry_password'] = $this->language->get('entry_password'); $this->data['entry_test'] = $this->language->get('entry_test'); $this->data['entry_total'] = $this->language->get('entry_total'); $this->data['entry_order_status'] = $this->language->get('entry_order_status'); $this->data['entry_geo_zone'] = $this->language->get('entry_geo_zone'); $this->data['entry_status'] = $this->language->get('entry_status'); $this->data['entry_sort_order'] = $this->language->get('entry_sort_order'); $this->data['button_save'] = $this->language->get('button_save'); $this->data['button_cancel'] = $this->language->get('button_cancel'); if (isset($this->error['warning'])) { $this->data['error_warning'] = $this->error['warning']; } else { $this->data['error_warning'] = ''; } if (isset($this->error['username'])) { $this->data['error_username'] = $this->error['username']; } else { $this->data['error_username'] = ''; } if (isset($this->error['password'])) { $this->data['error_password'] = $this->error['password']; } else { $this->data['error_password'] = ''; } $this->data['breadcrumbs'] = array(); $this->data['breadcrumbs'][] = array('text' => $this->language->get('text_home'), 'href' => $this->url->link('common/home', 'token=' . $this->session->data['token'], 'SSL'), 'separator' => false); $this->data['breadcrumbs'][] = array('text' => $this->language->get('text_payment'), 'href' => $this->url->link('extension/payment', 'token=' . $this->session->data['token'], 'SSL'), 'separator' => ' :: '); $this->data['breadcrumbs'][] = array('text' => $this->language->get('heading_title'), 'href' => $this->url->link('payment/paymate', 'token=' . $this->session->data['token'], 'SSL'), 'separator' => ' :: '); $this->data['action'] = $this->url->link('payment/paymate', 'token=' . $this->session->data['token'], 'SSL'); $this->data['cancel'] = $this->url->link('extension/payment', 'token=' . $this->session->data['token'], 'SSL'); if (isset($this->request->post['paymate_username'])) { $this->data['paymate_username'] = $this->request->post['paymate_username']; } else { $this->data['paymate_username'] = $this->config->get('paymate_username'); } if (isset($this->request->post['paymate_password'])) { $this->data['paymate_username'] = $this->request->post['paymate_username']; } elseif ($this->config->get('paymate_password')) { $this->data['paymate_password'] = $this->config->get('paymate_password'); } else { $this->data['paymate_password'] = hash_rand('md5'); } if (isset($this->request->post['paymate_test'])) { $this->data['paymate_test'] = $this->request->post['paymate_test']; } else { $this->data['paymate_test'] = $this->config->get('paymate_test'); } if (isset($this->request->post['paymate_total'])) { $this->data['paymate_total'] = $this->request->post['paymate_total']; } else { $this->data['paymate_total'] = $this->config->get('paymate_total'); } if (isset($this->request->post['paymate_order_status_id'])) { $this->data['paymate_order_status_id'] = $this->request->post['paymate_order_status_id']; } else { $this->data['paymate_order_status_id'] = $this->config->get('paymate_order_status_id'); } $this->load->model('localisation/order_status'); $this->data['order_statuses'] = $this->model_localisation_order_status->getOrderStatuses(); if (isset($this->request->post['paymate_geo_zone_id'])) { $this->data['paymate_geo_zone_id'] = $this->request->post['paymate_geo_zone_id']; } else { $this->data['paymate_geo_zone_id'] = $this->config->get('paymate_geo_zone_id'); } $this->load->model('localisation/geo_zone'); $this->data['geo_zones'] = $this->model_localisation_geo_zone->getGeoZones(); if (isset($this->request->post['paymate_status'])) { $this->data['paymate_status'] = $this->request->post['paymate_status']; } else { $this->data['paymate_status'] = $this->config->get('paymate_status'); } if (isset($this->request->post['paymate_sort_order'])) { $this->data['paymate_sort_order'] = $this->request->post['paymate_sort_order']; } else { $this->data['paymate_sort_order'] = $this->config->get('paymate_sort_order'); } $this->template = 'payment/paymate.tpl'; $this->children = array('common/header', 'common/footer'); $this->response->setOutput($this->render()); }
public function setToken() { $this->session->data['customer_token'] = hash_rand('md5'); }
public function index() { $this->language->load('checkout/manual'); $json = array(); $this->load->library('user'); $this->user = new User($this->registry); if ($this->user->isLogged() && $this->user->hasPermission('modify', 'sale/order')) { // Reset everything $this->cart->clear(); $this->customer->logout(); unset($this->session->data['shipping_method']); unset($this->session->data['shipping_methods']); unset($this->session->data['payment_method']); unset($this->session->data['payment_methods']); unset($this->session->data['coupon']); unset($this->session->data['reward']); unset($this->session->data['voucher']); unset($this->session->data['vouchers']); unset($this->session->data['current_voucher']); unset($this->session->data['current_voucher_value']); unset($this->session->data['current_reward']); unset($this->session->data['current_credit']); // Manual order flag $this->session->data['manual'] = true; // Settings $this->load->model('setting/setting'); $settings = $this->model_setting_setting->getSetting('config', $this->request->post['store_id']); foreach ($settings as $key => $value) { $this->config->set($key, $value); } // Customer if ($this->request->post['customer_id']) { $this->load->model('account/customer'); $customer_info = $this->model_account_customer->getCustomer($this->request->post['customer_id']); if ($customer_info) { $this->customer->login($customer_info['email'], '', true); $this->cart->clear(); } else { $json['error']['customer'] = $this->language->get('error_customer'); } } else { // Customer Group $this->config->set('config_customer_group_id', $this->request->post['customer_group_id']); } // Product $this->load->model('catalog/product'); if (isset($this->request->post['order_product'])) { foreach ($this->request->post['order_product'] as $order_product) { $option_data = array(); if (isset($order_product['order_option'])) { foreach ($order_product['order_option'] as $option) { if ($option['type'] == 'select' || $option['type'] == 'radio' || $option['type'] == 'image') { $option_data[$option['product_option_id']] = $option['product_option_value_id']; } elseif ($option['type'] == 'checkbox') { $option_data[$option['product_option_id']][] = $option['product_option_value_id']; } elseif ($option['type'] == 'text' || $option['type'] == 'textarea' || $option['type'] == 'file' || $option['type'] == 'date' || $option['type'] == 'datetime' || $option['type'] == 'time') { $option_data[$option['product_option_id']] = $option['value']; } } } $this->cart->add($order_product['product_id'], $order_product['quantity'], $option_data); } } if (isset($this->request->post['product_id'])) { $product_info = $this->model_catalog_product->getProduct($this->request->post['product_id']); if ($product_info) { if (isset($this->request->post['quantity'])) { $quantity = $this->request->post['quantity']; } else { $quantity = 1; } if (isset($this->request->post['option'])) { $option = array_filter($this->request->post['option']); } else { $option = array(); } $product_options = $this->model_catalog_product->getProductOptions($this->request->post['product_id']); foreach ($product_options as $product_option) { if ($product_option['required'] && empty($option[$product_option['product_option_id']])) { $json['error']['product']['option'][$product_option['product_option_id']] = sprintf($this->language->get('error_required'), $product_option['name']); } } if (!isset($json['error']['product']['option'])) { $this->cart->add($this->request->post['product_id'], $quantity, $option); } } } // Stock if (!$this->cart->hasStock() && (!$this->config->get('config_stock_checkout') || $this->config->get('config_stock_warning'))) { $json['error']['product']['stock'] = $this->language->get('error_stock'); } // Tax if ($this->cart->hasShipping()) { $this->tax->setShippingAddress($this->request->post['shipping_country_id'], $this->request->post['shipping_zone_id']); } else { $this->tax->setShippingAddress($this->config->get('config_country_id'), $this->config->get('config_zone_id')); } $this->tax->setPaymentAddress($this->request->post['payment_country_id'], $this->request->post['payment_zone_id']); $this->tax->setStoreAddress($this->config->get('config_country_id'), $this->config->get('config_zone_id')); // Products $json['order_product'] = array(); $products = $this->cart->getProducts(); foreach ($products as $product) { $product_total = 0; foreach ($products as $product_2) { if ($product_2['product_id'] == $product['product_id']) { $product_total += $product_2['quantity']; } } if ($product['minimum'] > $product_total) { $json['error']['product']['minimum'][] = sprintf($this->language->get('error_minimum'), $product['name'], $product['minimum']); } $option_data = array(); foreach ($product['option'] as $option) { $option_data[] = array('product_option_id' => $option['product_option_id'], 'product_option_value_id' => $option['product_option_value_id'], 'name' => $option['name'], 'value' => $option['option_value'], 'type' => $option['type']); } $download_data = array(); foreach ($product['download'] as $download) { $download_data[] = array('name' => $download['name'], 'filename' => $download['filename'], 'mask' => $download['mask'], 'remaining' => $download['remaining']); } $json['order_product'][] = array('product_id' => $product['product_id'], 'name' => $product['name'], 'model' => $product['model'], 'option' => $option_data, 'download' => $download_data, 'quantity' => $product['quantity'], 'stock' => $product['stock'], 'price' => $product['price'], 'total' => $product['total'], 'tax' => $this->tax->getTax($product['price'], $product['tax_class_id']), 'reward' => $product['reward']); } // Voucher $this->session->data['vouchers'] = array(); if (isset($this->request->post['order_voucher'])) { foreach ($this->request->post['order_voucher'] as $voucher) { $this->session->data['vouchers'][] = array('voucher_id' => $voucher['voucher_id'], 'description' => $voucher['description'], 'code' => substr(hash_rand('md5'), 0, 10), 'from_name' => $voucher['from_name'], 'from_email' => $voucher['from_email'], 'to_name' => $voucher['to_name'], 'to_email' => $voucher['to_email'], 'voucher_theme_id' => $voucher['voucher_theme_id'], 'message' => $voucher['message'], 'amount' => $voucher['amount']); } } // Add a new voucher if set if (isset($this->request->post['from_name']) && isset($this->request->post['from_email']) && isset($this->request->post['to_name']) && isset($this->request->post['to_email']) && isset($this->request->post['amount'])) { if (utf8_strlen($this->request->post['from_name']) < 1 || utf8_strlen($this->request->post['from_name']) > 64) { $json['error']['vouchers']['from_name'] = $this->language->get('error_from_name'); } if (utf8_strlen($this->request->post['from_email']) > 96 || !preg_match('/^[^\\@]+@.*.[a-z]{2,15}$/i', $this->request->post['from_email'])) { $json['error']['vouchers']['from_email'] = $this->language->get('error_email'); } if (utf8_strlen($this->request->post['to_name']) < 1 || utf8_strlen($this->request->post['to_name']) > 64) { $json['error']['vouchers']['to_name'] = $this->language->get('error_to_name'); } if (utf8_strlen($this->request->post['to_email']) > 96 || !preg_match('/^[^\\@]+@.*.[a-z]{2,15}$/i', $this->request->post['to_email'])) { $json['error']['vouchers']['to_email'] = $this->language->get('error_email'); } if ($this->request->post['amount'] < $this->config->get('config_voucher_min') || $this->request->post['amount'] > $this->config->get('config_voucher_max')) { $json['error']['vouchers']['amount'] = sprintf($this->language->get('error_amount'), $this->currency->format($this->config->get('config_voucher_min'), false, 1), $this->currency->format($this->config->get('config_voucher_max'), false, 1) . ' ' . $this->config->get('config_currency')); } if (!isset($json['error']['vouchers'])) { $voucher_data = array('order_id' => 0, 'code' => substr(hash_rand('md5'), 0, 10), 'from_name' => $this->request->post['from_name'], 'from_email' => $this->request->post['from_email'], 'to_name' => $this->request->post['to_name'], 'to_email' => $this->request->post['to_email'], 'voucher_theme_id' => $this->request->post['voucher_theme_id'], 'message' => $this->request->post['message'], 'amount' => $this->request->post['amount'], 'status' => true); $this->load->model('checkout/voucher'); $voucher_id = $this->model_checkout_voucher->addVoucher(0, $voucher_data); $this->session->data['vouchers'][] = array('voucher_id' => $voucher_id, 'description' => sprintf($this->language->get('text_for'), $this->currency->format($this->request->post['amount'], $this->config->get('config_currency')), $this->request->post['to_name']), 'code' => substr(hash_rand('md5'), 0, 10), 'from_name' => $this->request->post['from_name'], 'from_email' => $this->request->post['from_email'], 'to_name' => $this->request->post['to_name'], 'to_email' => $this->request->post['to_email'], 'voucher_theme_id' => $this->request->post['voucher_theme_id'], 'message' => $this->request->post['message'], 'amount' => $this->request->post['amount']); } } $json['order_voucher'] = array(); foreach ($this->session->data['vouchers'] as $voucher) { $json['order_voucher'][] = array('voucher_id' => $voucher['voucher_id'], 'description' => $voucher['description'], 'code' => $voucher['code'], 'from_name' => $voucher['from_name'], 'from_email' => $voucher['from_email'], 'to_name' => $voucher['to_name'], 'to_email' => $voucher['to_email'], 'voucher_theme_id' => $voucher['voucher_theme_id'], 'message' => $voucher['message'], 'amount' => $voucher['amount']); } $this->load->model('setting/extension'); $this->load->model('localisation/country'); $this->load->model('localisation/zone'); // Shipping $json['shipping_method'] = array(); if ($this->cart->hasShipping()) { $country_info = $this->model_localisation_country->getCountry($this->request->post['shipping_country_id']); if ($this->request->post['shipping_country_id'] == '') { $json['error']['shipping']['country'] = $this->language->get('error_country'); } if (!isset($this->request->post['shipping_zone_id']) || $this->request->post['shipping_zone_id'] == '') { $json['error']['shipping']['zone'] = $this->language->get('error_zone'); } if ($country_info && $country_info['postcode_required'] && utf8_strlen($this->request->post['shipping_postcode']) < 2 || utf8_strlen($this->request->post['shipping_postcode']) > 10) { $json['error']['shipping']['postcode'] = $this->language->get('error_postcode'); } if (!isset($json['error']['shipping'])) { if ($country_info) { $country = $country_info['name']; $iso_code_2 = $country_info['iso_code_2']; $iso_code_3 = $country_info['iso_code_3']; $address_format = $country_info['address_format']; } else { $country = ''; $iso_code_2 = ''; $iso_code_3 = ''; $address_format = ''; } $zone_info = $this->model_localisation_zone->getZone($this->request->post['shipping_zone_id']); if ($zone_info) { $zone = $zone_info['name']; $zone_code = $zone_info['code']; } else { $zone = ''; $zone_code = ''; } $address_data = array('firstname' => $this->request->post['shipping_firstname'], 'lastname' => $this->request->post['shipping_lastname'], 'company' => $this->request->post['shipping_company'], 'address_1' => $this->request->post['shipping_address_1'], 'address_2' => $this->request->post['shipping_address_2'], 'postcode' => $this->request->post['shipping_postcode'], 'city' => $this->request->post['shipping_city'], 'zone_id' => $this->request->post['shipping_zone_id'], 'zone' => $zone, 'zone_code' => $zone_code, 'country_id' => $this->request->post['shipping_country_id'], 'country' => $country, 'iso_code_2' => $iso_code_2, 'iso_code_3' => $iso_code_3, 'address_format' => $address_format); $results = $this->model_setting_extension->getExtensions('shipping'); foreach ($results as $result) { if ($this->config->get($result['code'] . '_status')) { $this->load->model('shipping/' . $result['code']); $quote = $this->{'model_shipping_' . $result['code']}->getQuote($address_data); if ($quote) { $json['shipping_method'][$result['code']] = array('title' => $quote['title'], 'quote' => $quote['quote'], 'sort_order' => $quote['sort_order'], 'error' => $quote['error']); } } } $sort_order = array(); foreach ($json['shipping_method'] as $key => $value) { $sort_order[$key] = $value['sort_order']; } array_multisort($sort_order, SORT_ASC, $json['shipping_method']); if (!$json['shipping_method']) { $json['error']['shipping_method'] = $this->language->get('error_no_shipping'); } elseif ($this->request->post['shipping_code']) { $shipping = explode('.', $this->request->post['shipping_code']); if (!isset($shipping[0]) || !isset($shipping[1]) || !isset($json['shipping_method'][$shipping[0]]['quote'][$shipping[1]])) { $json['error']['shipping_method'] = $this->language->get('error_shipping'); } else { $this->session->data['shipping_method'] = $json['shipping_method'][$shipping[0]]['quote'][$shipping[1]]; } } } } // Coupon if (!empty($this->request->post['coupon'])) { $this->load->model('checkout/coupon'); $coupon_info = $this->model_checkout_coupon->getCoupon($this->request->post['coupon']); if ($coupon_info) { $this->session->data['coupon'] = $this->request->post['coupon']; } else { $json['error']['coupon'] = $this->language->get('error_coupon'); } } // Voucher if (!empty($this->request->post['voucher'])) { $this->load->model('checkout/voucher'); $voucher_info = $this->model_checkout_voucher->getVoucher($this->request->post['voucher']); if ($this->request->post['voucher'] == $this->request->post['current_voucher']) { $this->session->data['current_voucher_value'] = $this->request->post['current_voucher_value']; $this->session->data['voucher'] = $this->request->post['voucher']; } elseif ($voucher_info) { $this->session->data['voucher'] = $this->request->post['voucher']; } else { $json['error']['voucher'] = $this->language->get('error_voucher'); } } // Reward Points if (!empty($this->request->post['current_reward'])) { $this->session->data['current_reward'] = $this->request->post['current_reward']; } if (!empty($this->request->post['reward'])) { $points = $this->customer->getRewardPoints(); if ($this->request->post['reward'] > $points) { $json['error']['reward'] = sprintf($this->language->get('error_points'), $this->request->post['reward']); } if (!isset($json['error']['reward'])) { $points_total = 0; foreach ($this->cart->getProducts() as $product) { if ($product['points']) { $points_total += $product['points']; } } if ($this->request->post['reward'] > $points_total) { $json['error']['reward'] = sprintf($this->language->get('error_maximum'), $points_total); } if (!isset($json['error']['reward'])) { $this->session->data['reward'] = $this->request->post['reward']; } } } // Credit if (!empty($this->request->post['current_credit'])) { $this->session->data['current_credit'] = $this->request->post['current_credit']; } // Save payment code to session. Klarna fee total needs this. $this->session->data['payment_method']['code'] = isset($this->request->post['payment_code']) ? $this->request->post['payment_code'] : ''; // Totals $json['order_total'] = array(); $total = 0; $taxes = $this->cart->getTaxes(); $sort_order = array(); $results = $this->model_setting_extension->getExtensions('total'); foreach ($results as $key => $value) { $sort_order[$key] = $this->config->get($value['code'] . '_sort_order'); } array_multisort($sort_order, SORT_ASC, $results); foreach ($results as $result) { if ($this->config->get($result['code'] . '_status')) { $this->load->model('total/' . $result['code']); $this->{'model_total_' . $result['code']}->getTotal($json['order_total'], $total, $taxes); } $sort_order = array(); foreach ($json['order_total'] as $key => $value) { $sort_order[$key] = $value['sort_order']; } array_multisort($sort_order, SORT_ASC, $json['order_total']); } // Payment $this->load->model('localisation/country'); $country_info = $this->model_localisation_country->getCountry($this->request->post['payment_country_id']); if ($country_info && $country_info['postcode_required'] && utf8_strlen($this->request->post['payment_postcode']) < 2 || utf8_strlen($this->request->post['payment_postcode']) > 10) { $json['error']['payment']['postcode'] = $this->language->get('error_postcode'); } if ($this->request->post['payment_country_id'] == '') { $json['error']['payment']['country'] = $this->language->get('error_country'); } if (!isset($this->request->post['payment_zone_id']) || $this->request->post['payment_zone_id'] == '') { $json['error']['payment']['zone'] = $this->language->get('error_zone'); } if (!isset($json['error']['payment'])) { $json['payment_methods'] = array(); $country_info = $this->model_localisation_country->getCountry($this->request->post['payment_country_id']); if ($country_info) { $country = $country_info['name']; $iso_code_2 = $country_info['iso_code_2']; $iso_code_3 = $country_info['iso_code_3']; $address_format = $country_info['address_format']; } else { $country = ''; $iso_code_2 = ''; $iso_code_3 = ''; $address_format = ''; } $zone_info = $this->model_localisation_zone->getZone($this->request->post['payment_zone_id']); if ($zone_info) { $zone = $zone_info['name']; $zone_code = $zone_info['code']; } else { $zone = ''; $zone_code = ''; } $address_data = array('firstname' => $this->request->post['payment_firstname'], 'lastname' => $this->request->post['payment_lastname'], 'company' => $this->request->post['payment_company'], 'address_1' => $this->request->post['payment_address_1'], 'address_2' => $this->request->post['payment_address_2'], 'postcode' => $this->request->post['payment_postcode'], 'city' => $this->request->post['payment_city'], 'zone_id' => $this->request->post['payment_zone_id'], 'zone' => $zone, 'zone_code' => $zone_code, 'country_id' => $this->request->post['payment_country_id'], 'country' => $country, 'iso_code_2' => $iso_code_2, 'iso_code_3' => $iso_code_3, 'address_format' => $address_format); $json['payment_method'] = array(); $results = $this->model_setting_extension->getExtensions('payment'); foreach ($results as $result) { if ($this->config->get($result['code'] . '_status')) { $this->load->model('payment/' . $result['code']); $method = $this->{'model_payment_' . $result['code']}->getMethod($address_data, $total); if ($method) { $json['payment_method'][$result['code']] = $method; } } } $sort_order = array(); foreach ($json['payment_method'] as $key => $value) { $sort_order[$key] = $value['sort_order']; } array_multisort($sort_order, SORT_ASC, $json['payment_method']); if (!$json['payment_method']) { $json['error']['payment_method'] = $this->language->get('error_no_payment'); } elseif ($this->request->post['payment_code']) { if (!isset($json['payment_method'][$this->request->post['payment_code']])) { $json['error']['payment_method'] = $this->language->get('error_payment'); } } } if (!isset($json['error'])) { $json['success'] = $this->language->get('text_success'); } else { $json['error']['warning'] = $this->language->get('error_warning'); } // Reset everything $this->cart->clear(); $this->customer->logout(); unset($this->session->data['shipping_method']); unset($this->session->data['shipping_methods']); unset($this->session->data['payment_method']); unset($this->session->data['payment_methods']); unset($this->session->data['coupon']); unset($this->session->data['reward']); unset($this->session->data['voucher']); unset($this->session->data['vouchers']); unset($this->session->data['current_voucher']); unset($this->session->data['current_voucher_value']); unset($this->session->data['current_reward']); unset($this->session->data['current_credit']); unset($this->session->data['manual']); } else { $json['error']['warning'] = $this->language->get('error_permission'); } $this->response->addHeader('Content-Type: application/json'); $this->response->setOutput(json_encode($json)); }
public function upload() { $this->language->load('product/product'); $json = array(); if (!empty($this->request->files['file']['name'])) { $filename = basename(preg_replace('/[^a-zA-Z0-9\\.\\-\\s+]/', '', html_entity_decode($this->request->files['file']['name'], ENT_QUOTES, 'UTF-8'))); if (utf8_strlen($filename) < 3 || utf8_strlen($filename) > 64) { $json['error'] = $this->language->get('error_filename'); } // Allowed file extension types $allowed = array(); $filetypes = explode("\n", str_replace(array("\r\n", "\r"), "\n", $this->config->get('config_file_extension_allowed'))); foreach ($filetypes as $filetype) { $allowed[] = trim($filetype); } if (!in_array(substr(strrchr($filename, '.'), 1), $allowed)) { $json['error'] = $this->language->get('error_filetype'); } // Allowed file mime types $allowed = array(); $filetypes = explode("\n", str_replace(array("\r\n", "\r"), "\n", $this->config->get('config_file_mime_allowed'))); foreach ($filetypes as $filetype) { $allowed[] = trim($filetype); } if (!in_array($this->request->files['file']['type'], $allowed)) { $json['error'] = $this->language->get('error_filetype'); } if ($this->request->files['file']['error'] != UPLOAD_ERR_OK) { $json['error'] = $this->language->get('error_upload_' . $this->request->files['file']['error']); } } else { $json['error'] = $this->language->get('error_upload'); } if (!$json && is_uploaded_file($this->request->files['file']['tmp_name']) && file_exists($this->request->files['file']['tmp_name'])) { $file = basename($filename) . '.' . hash_rand('md5'); // Hide the uploaded file name so people can not link to it directly. $json['file'] = $this->encryption->encrypt($file); move_uploaded_file($this->request->files['file']['tmp_name'], DIR_DOWNLOAD . $file); $json['success'] = $this->language->get('text_upload'); } $this->response->setOutput(json_encode($json)); }
public function setToken() { $this->session->data['affiliate_token'] = hash_rand('md5'); }
public function login() { $json = array(); if (isset($this->request->get['customer_id'])) { $customer_id = $this->request->get['customer_id']; } else { $customer_id = 0; } $this->load->model('sale/customer'); $customer_info = $this->model_sale_customer->getCustomer($customer_id); if ($customer_info) { $token = hash_rand('md5'); $this->model_sale_customer->editToken($customer_id, $token); if (isset($this->request->get['store_id'])) { $store_id = $this->request->get['store_id']; } else { $store_id = 0; } $this->load->model('setting/store'); $store_info = $this->model_setting_store->getStore($store_id); if ($store_info) { $this->redirect(($this->config->get('config_secure') ? $store_info['ssl'] : $store_info['url']) . 'index.php?route=account/login&token=' . $token); } else { $this->redirect(($this->config->get('config_secure') ? HTTPS_CATALOG : HTTP_CATALOG) . 'index.php?route=account/login&token=' . $token); } } else { $this->language->load('error/not_found'); $this->document->setTitle($this->language->get('heading_title')); $this->data['heading_title'] = $this->language->get('heading_title'); $this->data['text_not_found'] = $this->language->get('text_not_found'); $this->data['breadcrumbs'] = array(); $this->data['breadcrumbs'][] = array('text' => $this->language->get('text_home'), 'href' => $this->url->link('common/home', 'token=' . $this->session->data['token'], 'SSL'), 'separator' => false); $this->data['breadcrumbs'][] = array('text' => $this->language->get('heading_title'), 'href' => $this->url->link('error/not_found', 'token=' . $this->session->data['token'], 'SSL'), 'separator' => ' :: '); $this->template = 'error/not_found.tpl'; $this->children = array('common/header', 'common/footer'); $this->response->setOutput($this->render()); } }
public function database($data) { $db = new DB($data['db_driver'], $data['db_hostname'], $data['db_username'], $data['db_password'], $data['db_database'], $data['db_port']); if (isset($data['demo_data'])) { $file = DIR_APPLICATION . 'opencart-clean.sql'; if (!file_exists($file)) { exit('Could not load sql file: ' . $file); } } else { $file = DIR_APPLICATION . 'opencart.sql'; if (!file_exists($file)) { exit('Could not load sql file: ' . $file); } } clearstatcache(); $lines = file($file); if ($lines) { $sql = ''; foreach ($lines as $line) { if ($line && substr($line, 0, 2) != '--' && substr($line, 0, 1) != '#') { $sql .= $line; if (preg_match('/;\\s*$/', $line)) { $sql = str_replace("DROP TABLE IF EXISTS `oc_", "DROP TABLE IF EXISTS `" . $data['db_prefix'], $sql); $sql = str_replace("CREATE TABLE `oc_", "CREATE TABLE `" . $data['db_prefix'], $sql); $sql = str_replace("INSERT INTO `oc_", "INSERT INTO `" . $data['db_prefix'], $sql); $db->query($sql); $sql = ''; } } } $db->query("SET CHARACTER SET utf8"); $db->query("SET @@session.sql_mode = 'MYSQL40'"); $db->query("DELETE FROM `" . $data['db_prefix'] . "user` WHERE user_id = '1'"); $db->query("INSERT INTO `" . $data['db_prefix'] . "user` SET user_id = '1', user_group_id = '1', username = '******'username']) . "', salt = '" . $db->escape($salt = substr(md5(uniqid(rand(), true)), 0, 9)) . "', password = '******'password'])))) . "', status = '1', email = '" . $db->escape($data['email']) . "', date_added = NOW()"); $db->query("DELETE FROM " . $data['db_prefix'] . "setting WHERE `key` = 'config_email'"); $db->query("INSERT INTO " . $data['db_prefix'] . "setting SET `group` = 'config', `key` = 'config_email', `value` = '" . $db->escape($data['email']) . "'"); $db->query("DELETE FROM " . $data['db_prefix'] . "setting WHERE `key` = 'config_url'"); $db->query("INSERT INTO " . $data['db_prefix'] . "setting SET `group` = 'config', `key` = 'config_url', `value` = '" . $db->escape(HTTP_OPENCART) . "'"); $db->query("DELETE FROM " . $data['db_prefix'] . "setting WHERE `key` = 'config_encryption'"); $db->query("INSERT INTO " . $data['db_prefix'] . "setting SET `group` = 'config', `key` = 'config_encryption', `value` = '" . $db->escape(hash_rand('md5')) . "'"); $db->query("DELETE FROM " . $data['db_prefix'] . "setting WHERE `key` = 'config_maintenance'"); $db->query("INSERT INTO " . $data['db_prefix'] . "setting SET `group` = 'config', `key` = 'config_maintenance', `value` = '" . (isset($data['maintenance']) ? 1 : 0) . "'"); $db->query("UPDATE " . $data['db_prefix'] . "product SET viewed = '0'"); } if (isset($data['rewrite'])) { if (function_exists('apache_get_modules')) { $modules = apache_get_modules(); $mod_rewrite = in_array('mod_rewrite', $modules); } else { $mod_rewrite = getenv('HTTP_MOD_REWRITE') == 'On' ? true : false; } if ($mod_rewrite && file_exists('../.htaccess.txt') && is_writable('../.htaccess.txt')) { $file = fopen('../.htaccess.txt', 'a'); $document = file_get_contents('../.htaccess.txt'); $root = rtrim(HTTP_SERVER, '/'); $folder = substr(strrchr($root, '/'), 1); $path = rtrim(rtrim(dirname($_SERVER['SCRIPT_NAME']), ''), '/' . $folder . '.\\'); if (strlen($path) > 1) { $path .= '/'; } if (!$path) { $path = '/'; } $document = str_replace('RewriteBase /', 'RewriteBase ' . $path, $document); file_put_contents('../.htaccess.txt', $document); fflush($file); fclose($file); rename('../.htaccess.txt', '../.htaccess'); $db->query("DELETE FROM " . $data['db_prefix'] . "setting WHERE `key` = 'config_seo_url'"); $db->query("INSERT INTO " . $data['db_prefix'] . "setting SET `group` = 'config', `key` = 'config_seo_url', `value` = '" . (isset($data['rewrite']) ? 1 : 0) . "'"); clearstatcache(); } } }
public function index() { $this->language->load('common/login'); $this->document->setTitle($this->language->get('heading_title')); // Delete install directory if exists if (is_dir(dirname(DIR_APPLICATION) . '/install')) { $this->load->model('tool/system'); $this->model_tool_system->deleteDirectory('../install'); } if ($this->user->isLogged() && isset($this->request->get['token']) && $this->request->get['token'] == $this->session->data['token']) { $this->redirect($this->url->link('common/home', 'token=' . $this->session->data['token'], 'SSL')); } if ($this->request->server['REQUEST_METHOD'] == 'POST' && isset($this->request->post['username']) && isset($this->request->post['password']) && $this->validate()) { $this->session->data['token'] = hash_rand('md5'); // Added strpos check to pass McAfee PCI compliance test (http://forum.opencart.com/viewtopic.php?f=10&t=12043&p=151494#p151295) if (isset($this->request->post['redirect']) && (strpos($this->request->post['redirect'], $this->config->get('config_url')) === 0 || strpos($this->request->post['redirect'], $this->config->get('config_ssl')) === 0)) { $this->redirect(str_replace('&', '&', $this->request->post['redirect'])); } else { $this->redirect($this->url->link('common/home', 'token=' . $this->session->data['token'], 'SSL')); } } $this->data['heading_title'] = $this->language->get('heading_title'); $this->data['text_login'] = $this->language->get('text_login'); $this->data['text_forgotten'] = $this->language->get('text_forgotten'); $this->data['entry_username'] = $this->language->get('entry_username'); $this->data['entry_password'] = $this->language->get('entry_password'); $this->data['button_login'] = $this->language->get('button_login'); if (isset($this->session->data['token']) && !isset($this->request->get['token']) || isset($this->request->get['token']) && (isset($this->session->data['token']) && $this->request->get['token'] != $this->session->data['token'])) { $this->error['warning'] = $this->language->get('error_token'); } if (isset($this->request->post['redirect'])) { $this->data['redirect'] = $this->request->post['redirect']; } elseif (isset($this->session->data['redirect'])) { $this->data['redirect'] = $this->session->data['redirect']; unset($this->session->data['redirect']); } else { $this->data['redirect'] = ''; } if (isset($this->error['warning'])) { $this->data['error_warning'] = $this->error['warning']; } else { $this->data['error_warning'] = ''; } if (isset($this->session->data['success'])) { $this->data['success'] = $this->session->data['success']; unset($this->session->data['success']); } else { $this->data['success'] = ''; } $this->data['action'] = $this->url->link('common/login', '', 'SSL'); if (isset($this->request->post['username'])) { $this->data['username'] = $this->request->post['username']; } else { $this->data['username'] = ''; } if (isset($this->request->post['password'])) { $this->data['password'] = $this->request->post['password']; } else { $this->data['password'] = ''; } if ($this->config->get('config_password')) { $this->data['forgotten'] = $this->url->link('common/forgotten', '', 'SSL'); } else { $this->data['forgotten'] = ''; } $this->template = 'common/login.tpl'; $this->children = array('common/header', 'common/footer'); $this->response->setOutput($this->render()); }