Exemple #1
0
 /**
  *
  */
 public function preparePage()
 {
     $this->P = new \HaaseIT\HCSF\CorePage($this->serviceManager);
     $this->P->cb_pagetype = 'content';
     if (\HaaseIT\HCSF\Customer\Helper::getUserData()) {
         $this->P->oPayload->cl_html = $this->textcats->T("denied_default");
     } else {
         $sql = 'SELECT cust_email, cust_id FROM customer ' . 'WHERE cust_emailverificationcode = :key AND cust_emailverified = \'n\'';
         /** @var \PDOStatement $hResult */
         $hResult = $this->db->prepare($sql);
         $hResult->bindValue(':key', $_GET["key"], \PDO::PARAM_STR);
         $hResult->execute();
         $iRows = $hResult->rowCount();
         if ($iRows == 1) {
             $aRow = $hResult->fetch();
             $aData = ['cust_emailverified' => 'y', 'cust_id' => $aRow['cust_id']];
             $sql = \HaaseIT\DBTools::buildPSUpdateQuery($aData, 'customer', 'cust_id');
             /** @var \PDOStatement $hResult */
             $hResult = $this->db->prepare($sql);
             foreach ($aData as $sKey => $sValue) {
                 $hResult->bindValue(':' . $sKey, $sValue);
             }
             $hResult->execute();
             $this->P->oPayload->cl_html = $this->textcats->T("register_emailverificationsuccess");
         } else {
             $this->P->oPayload->cl_html = $this->textcats->T("register_emailverificationfail");
         }
     }
 }
Exemple #2
0
 public function preparePage()
 {
     $this->P = new \HaaseIT\HCSF\CorePage($this->serviceManager);
     $this->P->cb_pagetype = 'content';
     if (CHelper::getUserData()) {
         $this->P->oPayload->cl_html = $this->serviceManager->get('textcats')->T("denied_default");
     } else {
         $this->P->cb_customcontenttemplate = 'customer/register';
         $aErr = [];
         if (isset($_POST["doRegister"]) && $_POST["doRegister"] == 'yes') {
             $aErr = CHelper::validateCustomerForm(HelperConfig::$lang, $aErr);
             if (count($aErr) == 0) {
                 $sql = 'SELECT cust_email FROM customer WHERE cust_email = :email';
                 $sEmail = filter_var(trim(Tools::getFormfield("email")), FILTER_SANITIZE_EMAIL);
                 /** @var \PDOStatement $hResult */
                 $hResult = $this->serviceManager->get('db')->prepare($sql);
                 $hResult->bindValue(':email', $sEmail, \PDO::PARAM_STR);
                 $hResult->execute();
                 $iRows = $hResult->rowCount();
                 if ($iRows == 0) {
                     $sEmailVerificationcode = md5($_POST["email"] . time());
                     $aData = ['cust_email' => $sEmail, 'cust_corp' => filter_var(trim(Tools::getFormfield("corpname")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_name' => filter_var(trim(Tools::getFormfield("name")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_street' => filter_var(trim(Tools::getFormfield("street")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_zip' => filter_var(trim(Tools::getFormfield("zip")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_town' => filter_var(trim(Tools::getFormfield("town")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_phone' => filter_var(trim(Tools::getFormfield("phone")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_cellphone' => filter_var(trim(Tools::getFormfield("cellphone")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_fax' => filter_var(trim(Tools::getFormfield("fax")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_country' => filter_var(trim(Tools::getFormfield("country")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_password' => password_hash($_POST["pwd"], PASSWORD_DEFAULT), 'cust_tosaccepted' => isset($_POST["tos"]) && $_POST["tos"] == 'y' ? 'y' : 'n', 'cust_cancellationdisclaimeraccepted' => isset($_POST["cancellationdisclaimer"]) && $_POST["cancellationdisclaimer"] == 'y' ? 'y' : 'n', 'cust_emailverified' => 'n', 'cust_emailverificationcode' => $sEmailVerificationcode, 'cust_active' => HelperConfig::$customer["register_require_manual_activation"] ? 'n' : 'y', 'cust_registrationtimestamp' => time()];
                     $sql = \HaaseIT\DBTools::buildPSInsertQuery($aData, 'customer');
                     $hResult = $this->serviceManager->get('db')->prepare($sql);
                     foreach ($aData as $sKey => $sValue) {
                         $hResult->bindValue(':' . $sKey, $sValue, \PDO::PARAM_STR);
                     }
                     $hResult->execute();
                     CHelper::sendVerificationMail($sEmailVerificationcode, $sEmail, $this->serviceManager, true);
                     $aPData["showsuccessmessage"] = true;
                 } else {
                     $aErr["emailalreadytaken"] = true;
                     $this->P->cb_customdata["customerform"] = CHelper::buildCustomerForm(HelperConfig::$lang, 'register', $aErr);
                 }
             } else {
                 $this->P->cb_customdata["customerform"] = CHelper::buildCustomerForm(HelperConfig::$lang, 'register', $aErr);
             }
         } else {
             $this->P->cb_customdata["customerform"] = CHelper::buildCustomerForm(HelperConfig::$lang, 'register');
         }
         if (isset($aPData) && count($aPData)) {
             $this->P->cb_customdata["register"] = $aPData;
         }
     }
 }
Exemple #3
0
 /**
  *
  */
 public function preparePage()
 {
     $this->P = new \HaaseIT\HCSF\CorePage($this->serviceManager);
     $this->P->cb_pagetype = 'content';
     $this->P->cb_subnav = 'admin';
     $this->P->cb_customcontenttemplate = 'shop/shopadmin';
     if (isset($_POST["change"])) {
         $iID = filter_var(trim(Tools::getFormfield("id")), FILTER_SANITIZE_NUMBER_INT);
         $aData = ['o_lastedit_timestamp' => time(), 'o_remarks_internal' => filter_var(trim(Tools::getFormfield("remarks_internal")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'o_transaction_no' => filter_var(trim(Tools::getFormfield("transaction_no")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'o_paymentcompleted' => filter_var(trim(Tools::getFormfield("order_paymentcompleted")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'o_ordercompleted' => filter_var(trim(Tools::getFormfield("order_completed")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'o_lastedit_user' => isset($_SERVER["PHP_AUTH_USER"]) ? $_SERVER["PHP_AUTH_USER"] : '', 'o_shipping_service' => filter_var(trim(Tools::getFormfield("order_shipping_service")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'o_shipping_trackingno' => filter_var(trim(Tools::getFormfield("order_shipping_trackingno")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'o_id' => $iID];
         $sql = \HaaseIT\DBTools::buildPSUpdateQuery($aData, 'orders', 'o_id');
         $hResult = $this->db->prepare($sql);
         foreach ($aData as $sKey => $sValue) {
             $hResult->bindValue(':' . $sKey, $sValue);
         }
         $hResult->execute();
         header('Location: /_admin/shopadmin.html?action=edit&id=' . $iID);
         die;
     }
     $aPData = ['searchform_type' => Tools::getFormfield('type', 'openinwork'), 'searchform_fromday' => Tools::getFormfield('fromday', '01'), 'searchform_frommonth' => Tools::getFormfield('frommonth', '01'), 'searchform_fromyear' => Tools::getFormfield('fromyear', '2014'), 'searchform_today' => Tools::getFormfield('today', date("d")), 'searchform_tomonth' => Tools::getFormfield('tomonth', date("m")), 'searchform_toyear' => Tools::getFormfield('toyear', date("Y"))];
     $CSA = ['list_orders' => [['title' => HardcodedText::get('shopadmin_list_customer'), 'key' => 'o_cust', 'width' => 280, 'linked' => false], ['title' => HardcodedText::get('shopadmin_list_sumnettoall'), 'key' => 'o_sumnettoall', 'width' => 75, 'linked' => false], ['title' => HardcodedText::get('shopadmin_list_orderstatus'), 'key' => 'o_order_status', 'width' => 80, 'linked' => false], ['title' => HardcodedText::get('shopadmin_list_ordertimenumber'), 'key' => 'o_ordertime_number', 'width' => 100, 'linked' => false], ['title' => HardcodedText::get('shopadmin_list_hostpayment'), 'key' => 'o_order_host_payment', 'width' => 140, 'linked' => false], ['title' => HardcodedText::get('shopadmin_list_edit'), 'key' => 'o_id', 'width' => 45, 'linked' => true, 'ltarget' => '/_admin/shopadmin.html', 'lkeyname' => 'id', 'lgetvars' => ['action' => 'edit']]], 'list_orderitems' => [['title' => HardcodedText::get('shopadmin_list_itemno'), 'key' => 'oi_itemno', 'width' => 95, 'linked' => false], ['title' => HardcodedText::get('shopadmin_list_itemname'), 'key' => 'oi_itemname', 'width' => 350, 'linked' => false], ['title' => HardcodedText::get('shopadmin_list_itemamount'), 'key' => 'oi_amount', 'width' => 50, 'linked' => false, 'style-data' => 'text-align: center;'], ['title' => HardcodedText::get('shopadmin_list_itemnetto'), 'key' => 'oi_price_netto', 'width' => 70, 'linked' => false], ['title' => HardcodedText::get('shopadmin_list_itemsumnetto'), 'key' => 'ges_netto', 'width' => 75, 'linked' => false]]];
     $aShopadmin = $this->handleShopAdmin($CSA);
     $this->P->cb_customdata = array_merge($aPData, $aShopadmin);
 }
Exemple #4
0
 /**
  * @param $CUA
  * @param $twig
  * @return mixed
  */
 private function handleCustomerAdmin($CUA, $twig)
 {
     $sType = 'all';
     if (isset($_REQUEST["type"])) {
         if ($_REQUEST["type"] == 'active') {
             $sType = 'active';
         } elseif ($_REQUEST["type"] == 'inactive') {
             $sType = 'inactive';
         }
     }
     $return = '';
     if (!isset($_GET["action"])) {
         $sql = 'SELECT ' . DB_ADDRESSFIELDS . ' FROM customer';
         if ($sType == 'active') {
             $sql .= ' WHERE cust_active = \'y\'';
         } elseif ($sType == 'inactive') {
             $sql .= ' WHERE cust_active = \'n\'';
         }
         $sql .= ' ORDER BY cust_no ASC';
         $hResult = $this->db->query($sql);
         if ($hResult->rowCount() != 0) {
             $aData = $hResult->fetchAll();
             $return .= \HaaseIT\Tools::makeListtable($CUA, $aData, $twig);
         } else {
             $aInfo["nodatafound"] = true;
         }
     } elseif (isset($_GET["action"]) && $_GET["action"] == 'edit') {
         $iId = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
         $aErr = [];
         if (isset($_POST["doEdit"]) && $_POST["doEdit"] == 'yes') {
             $sCustno = filter_var(trim($_POST["custno"]), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
             if (strlen($sCustno) < HelperConfig::$customer["minimum_length_custno"]) {
                 $aErr["custnoinvalid"] = true;
             } else {
                 $sql = 'SELECT ' . DB_ADDRESSFIELDS . ' FROM customer WHERE cust_id != :id AND cust_no = :custno';
                 $hResult = $this->db->prepare($sql);
                 $hResult->bindValue(':id', $iId);
                 $hResult->bindValue(':custno', $sCustno);
                 $hResult->execute();
                 $iRows = $hResult->rowCount();
                 if ($iRows == 1) {
                     $aErr["custnoalreadytaken"] = true;
                 }
                 $sql = 'SELECT ' . DB_ADDRESSFIELDS . ' FROM customer WHERE cust_id != :id AND cust_email = :email';
                 $hResult = $this->db->prepare($sql);
                 $hResult->bindValue(':id', $iId);
                 $hResult->bindValue(':email', filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL));
                 $hResult->execute();
                 $iRows = $hResult->rowCount();
                 if ($iRows == 1) {
                     $aErr["emailalreadytaken"] = true;
                 }
                 $aErr = CHelper::validateCustomerForm(HelperConfig::$lang, $aErr, true);
                 if (count($aErr) == 0) {
                     $aData = ['cust_no' => $sCustno, 'cust_email' => trim(filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL)), 'cust_corp' => trim(filter_input(INPUT_POST, 'corpname', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_name' => trim(filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_street' => trim(filter_input(INPUT_POST, 'street', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_zip' => trim(filter_input(INPUT_POST, 'zip', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_town' => trim(filter_input(INPUT_POST, 'town', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_phone' => trim(filter_input(INPUT_POST, 'phone', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_cellphone' => trim(filter_input(INPUT_POST, 'cellphone', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_fax' => trim(filter_input(INPUT_POST, 'fax', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_country' => trim(filter_input(INPUT_POST, 'country', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_group' => trim(filter_input(INPUT_POST, 'custgroup', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_emailverified' => isset($_POST["emailverified"]) && $_POST["emailverified"] == 'y' ? 'y' : 'n', 'cust_active' => isset($_POST["active"]) && $_POST["active"] == 'y' ? 'y' : 'n', 'cust_id' => $iId];
                     if (isset($_POST["pwd"]) && $_POST["pwd"] != '') {
                         $aData['cust_password'] = password_hash($_POST["pwd"], PASSWORD_DEFAULT);
                         $aInfo["passwordchanged"] = true;
                     }
                     $sql = \HaaseIT\DBTools::buildPSUpdateQuery($aData, 'customer', 'cust_id');
                     $hResult = $this->db->prepare($sql);
                     foreach ($aData as $sKey => $sValue) {
                         $hResult->bindValue(':' . $sKey, $sValue);
                     }
                     $hResult->execute();
                     $aInfo["changeswritten"] = true;
                 }
             }
         }
         $sql = 'SELECT ' . DB_ADDRESSFIELDS . ' FROM customer WHERE cust_id = :id';
         $hResult = $this->db->prepare($sql);
         $hResult->bindValue(':id', $iId);
         $hResult->execute();
         if ($hResult->rowCount() == 1) {
             $aUser = $hResult->fetch();
             $aPData["customerform"] = CHelper::buildCustomerForm(HelperConfig::$lang, 'admin', $aErr, $aUser);
         } else {
             $aInfo["nosuchuserfound"] = true;
         }
     }
     $aPData["customeradmin"]["text"] = $return;
     $aPData["customeradmin"]["type"] = $sType;
     if (isset($aInfo)) {
         $aPData["customeradmin"]["info"] = $aInfo;
     }
     return $aPData;
 }
Exemple #5
0
 public function insert($iParentID)
 {
     $aData = ['cl_cb' => $iParentID, 'cl_lang' => HelperConfig::$lang];
     $sql = DBTools::buildInsertQuery($aData, 'content_lang');
     $this->serviceManager->get('db')->exec($sql);
 }
Exemple #6
0
 /**
  * @param $purifier
  * @return bool
  */
 private function admin_updateItem($purifier)
 {
     $aData = ['itm_name' => filter_var($this->post["name"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'itm_group' => filter_var($this->post["group"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'itm_img' => filter_var($this->post["bild"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'itm_index' => filter_var($this->post["index"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'itm_order' => filter_var($this->post["prio"], FILTER_SANITIZE_NUMBER_INT), 'itm_price' => filter_var($this->post["price"], FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION), 'itm_rg' => filter_var($this->post["rg"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'itm_data' => filter_var($this->post["data"], FILTER_UNSAFE_RAW), 'itm_weight' => filter_var($this->post["weight"], FILTER_SANITIZE_NUMBER_INT), 'itm_id' => filter_var($this->post["id"], FILTER_SANITIZE_NUMBER_INT)];
     if (!HelperConfig::$shop["vat_disable"]) {
         $aData['itm_vatid'] = filter_var($this->post["vatid"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
     } else {
         $aData['itm_vatid'] = 'full';
     }
     $sql = DBTools::buildPSUpdateQuery($aData, 'item_base', 'itm_id');
     $hResult = $this->db->prepare($sql);
     foreach ($aData as $sKey => $sValue) {
         $hResult->bindValue(':' . $sKey, $sValue);
     }
     $hResult->execute();
     if (isset($this->post["textid"])) {
         $aData = ['itml_text1' => $purifier->purify($this->post["text1"]), 'itml_text2' => $purifier->purify($this->post["text2"]), 'itml_name_override' => filter_var($this->post["name_override"], FILTER_UNSAFE_RAW, FILTER_FLAG_STRIP_LOW), 'itml_id' => filter_var($this->post["textid"], FILTER_SANITIZE_NUMBER_INT)];
         $sql = DBTools::buildPSUpdateQuery($aData, 'item_lang', 'itml_id');
         $hResult = $this->db->prepare($sql);
         foreach ($aData as $sKey => $sValue) {
             $hResult->bindValue(':' . $sKey, $sValue);
         }
         $hResult->execute();
     }
     return true;
 }
Exemple #7
0
 /**
  * @param $purifier
  * @return string
  */
 private function admin_updateGroup($purifier)
 {
     $sql = 'SELECT * FROM itemgroups_base WHERE itmg_id != :id AND itmg_no = :gno';
     $hResult = $this->db->prepare($sql);
     $iGID = filter_var($_REQUEST["gid"], FILTER_SANITIZE_NUMBER_INT);
     $sGNo = filter_var($_REQUEST["no"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
     $hResult->bindValue(':id', $iGID);
     $hResult->bindValue(':gno', $sGNo);
     $hResult->execute();
     $iNumRows = $hResult->rowCount();
     if ($iNumRows > 0) {
         return 'duplicateno';
     }
     $aData = ['itmg_name' => filter_var($_REQUEST["name"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'itmg_no' => $sGNo, 'itmg_img' => filter_var($_REQUEST["img"], FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'itmg_id' => $iGID];
     $sql = DBTools::buildPSUpdateQuery($aData, 'itemgroups_base', 'itmg_id');
     $hResult = $this->db->prepare($sql);
     foreach ($aData as $sKey => $sValue) {
         $hResult->bindValue(':' . $sKey, $sValue);
     }
     $hResult->execute();
     $sql = 'SELECT itmgt_id FROM itemgroups_text WHERE itmgt_pid = :gid AND itmgt_lang = :lang';
     $hResult = $this->db->prepare($sql);
     $hResult->bindValue(':gid', $iGID);
     $hResult->bindValue(':lang', HelperConfig::$lang, \PDO::PARAM_STR);
     $hResult->execute();
     $iNumRows = $hResult->rowCount();
     if ($iNumRows == 1) {
         $aRow = $hResult->fetch();
         $aData = ['itmgt_shorttext' => $purifier->purify($_REQUEST["shorttext"]), 'itmgt_details' => $purifier->purify($_REQUEST["details"]), 'itmgt_id' => $aRow['itmgt_id']];
         $sql = DBTools::buildPSUpdateQuery($aData, 'itemgroups_text', 'itmgt_id');
         $hResult = $this->db->prepare($sql);
         foreach ($aData as $sKey => $sValue) {
             $hResult->bindValue(':' . $sKey, $sValue);
         }
         $hResult->execute();
     }
     return 'success';
 }
Exemple #8
0
 /**
  *
  */
 public function preparePage()
 {
     $this->P = new \HaaseIT\HCSF\CorePage($this->serviceManager);
     $this->P->cb_pagetype = 'content';
     $sLogData = '';
     $iId = \filter_input(INPUT_POST, 'custom', FILTER_SANITIZE_NUMBER_INT);
     $sql = 'SELECT * FROM orders WHERE o_id = ' . $iId . ' AND o_paymentmethod' . " = 'paypal' AND o_paymentcompleted = 'n'";
     $hResult = $this->db->query($sql);
     if ($hResult->rowCount() == 1) {
         $aOrder = $hResult->fetch();
         $fGesamtbrutto = \HaaseIT\HCSF\Shop\Helper::calculateTotalFromDB($aOrder);
         $postdata = '';
         foreach ($_POST as $i => $v) {
             $postdata .= $i . '=' . urlencode($v) . '&';
         }
         $postdata .= 'cmd=_notify-validate';
         $web = parse_url(HelperConfig::$shop["paypal"]["url"]);
         if ($web['scheme'] == 'https') {
             $web['port'] = 443;
             $ssl = 'ssl://';
         } else {
             $web['port'] = 80;
             $ssl = '';
         }
         $fp = @fsockopen($ssl . $web['host'], $web['port'], $errnum, $errstr, 30);
         if ($fp) {
             fputs($fp, "POST " . $web['path'] . " HTTP/1.1\r\n");
             fputs($fp, "Host: " . $web['host'] . "\r\n");
             fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n");
             fputs($fp, "Content-length: " . strlen($postdata) . "\r\n");
             fputs($fp, "Connection: close\r\n\r\n");
             fputs($fp, $postdata . "\r\n\r\n");
             $info = [];
             while (!feof($fp)) {
                 $info[] = @fgets($fp, 1024);
             }
             fclose($fp);
             $info = implode(',', $info);
             if (!(strpos($info, 'VERIFIED') === false)) {
                 $sLogData .= "-- new entry - " . date(HelperConfig::$core['locale_format_date_time']) . " --\n\n";
                 $sLogData .= "W00T!\n\n";
                 $sLogData .= \HaaseIT\Tools::debug($_REQUEST, '', true, true) . "\n\n";
                 // Check if the transaction id has been used before
                 $sTxn_idQ = 'SELECT o_paypal_tx FROM orders WHERE o_paypal_tx = :txn_id';
                 $hTxn_idResult = $this->db->prepare($sTxn_idQ);
                 $hTxn_idResult->bindValue(':txn_id', $_REQUEST["txn_id"]);
                 $hTxn_idResult->execute();
                 if ($hTxn_idResult->rowCount() == 0) {
                     if ($_REQUEST["mc_gross"] == number_format($fGesamtbrutto, 2, '.', '') && $_REQUEST["custom"] == $aOrder['o_id'] && $_REQUEST["payment_status"] == "Completed" && $_REQUEST["mc_currency"] == HelperConfig::$shop["paypal"]["currency_id"] && $_REQUEST["business"] == HelperConfig::$shop["paypal"]["business"]) {
                         $aTxnUpdateData = ['o_paypal_tx' => $_REQUEST["txn_id"], 'o_paymentcompleted' => 'y', 'o_id' => $iId];
                         $sql = \HaaseIT\DBTools::buildPSUpdateQuery($aTxnUpdateData, 'orders', 'o_id');
                         $hResult = $this->db->prepare($sql);
                         foreach ($aTxnUpdateData as $sKey => $sValue) {
                             $hResult->bindValue(':' . $sKey, $sValue);
                         }
                         $hResult->execute();
                         $sLogData .= "-- Alles ok. Zahlung erfolgreich. TXNID: " . $_REQUEST["txn_id"] . " --\n\n";
                     } else {
                         $sLogData .= "-- In my country we have problem; Problem is evaluation. Throw the data down the log!\n";
                         $sLogData .= "mc_gross: " . $_REQUEST["mc_gross"] . ' - number_format($fGesamtbrutto, 2, \'.\', \'\'): ' . number_format($fGesamtbrutto, 2, '.', '') . "\n";
                         $sLogData .= "custom: " . $_REQUEST["custom"] . ' - $aOrder[\'o_id\']: ' . $aOrder['o_id'] . "\n";
                         $sLogData .= "payment_status: " . $_REQUEST["payment_status"] . "\n";
                         $sLogData .= "mc_currency: " . $_REQUEST["mc_currency"] . ' - HelperConfig::$shop["paypal"]["currency_id"]: ' . HelperConfig::$shop["paypal"]["currency_id"] . "\n";
                         $sLogData .= "business: " . $_REQUEST["receiver_email"] . ' - HelperConfig::$shop["paypal"]["business"]: ' . HelperConfig::$shop["paypal"]["business"] . "\n\n";
                     }
                 } else {
                     // INVALID LOGGING ERROR
                     $sLogData .= "-- new entry - " . date(HelperConfig::$core['locale_format_date_time']) . " --\n\nPHAIL\n\n";
                     $sLogData .= "!!! JEMAND HAT EINE ALTE TXN_ID BENUTZT: " . $_REQUEST["txn_id"] . " !!!\n\n";
                     $sLogData .= "!!! INVALID !!!\n\n";
                 }
             } else {
                 $sLogData .= "-- new entry - " . date(HelperConfig::$core['locale_format_date_time']) . " --\n\nPHAIL - Transaktion fehlgeschlagen. TXNID: " . $_REQUEST["txn_id"] . "\n" . $info . "\n\n";
             }
             $fp = fopen(PATH_LOGS . FILE_PAYPALLOG, 'a');
             // Write $somecontent to our opened file.
             fwrite($fp, $sLogData);
             fclose($fp);
         }
     }
     die;
 }
Exemple #9
0
 /**
  * @param $sKey
  * @return mixed
  */
 public function addTextKey($sKey)
 {
     $aData = ['tc_key' => trim(filter_var($sKey, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW))];
     $sql = \HaaseIT\DBTools::buildInsertQuery($aData, 'textcat_base');
     $this->DB->exec($sql);
     $iId = $this->DB->lastInsertId();
     return $iId;
 }
Exemple #10
0
 /**
  *
  */
 public function preparePage()
 {
     $this->P = new \HaaseIT\HCSF\CorePage($this->serviceManager);
     $this->P->cb_pagetype = 'content';
     if (!CHelper::getUserData()) {
         $this->P->oPayload->cl_html = $this->textcats->T("denied_notloggedin");
     } else {
         $this->P->cb_customcontenttemplate = 'customer/customerhome';
         $aPData["display_logingreeting"] = false;
         if (isset($_GET["login"]) && $_GET["login"]) {
             $aPData["display_logingreeting"] = true;
         }
         if (isset($_GET["editprofile"])) {
             $sErr = '';
             if (isset($_POST["doEdit"]) && $_POST["doEdit"] == 'yes') {
                 $sql = 'SELECT ' . DB_ADDRESSFIELDS . ' FROM customer WHERE cust_id != :id AND cust_email = :email';
                 $sEmail = filter_var(trim(Tools::getFormfield("email")), FILTER_SANITIZE_EMAIL);
                 $hResult = $this->db->prepare($sql);
                 $hResult->bindValue(':id', $_SESSION["user"]['cust_id'], \PDO::PARAM_INT);
                 $hResult->bindValue(':email', $sEmail, \PDO::PARAM_STR);
                 $hResult->execute();
                 $iRows = $hResult->rowCount();
                 if ($iRows == 1) {
                     $sErr .= $this->textcats->T("userprofile_emailalreadyinuse") . '<br>';
                 }
                 $sErr = CHelper::validateCustomerForm(HelperConfig::$lang, $sErr, true);
                 if ($sErr == '') {
                     if (HelperConfig::$customer["allow_edituserprofile"]) {
                         $aData = ['cust_corp' => filter_var(trim(Tools::getFormfield("corpname")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_name' => filter_var(trim(Tools::getFormfield("name")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_street' => filter_var(trim(Tools::getFormfield("street")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_zip' => filter_var(trim(Tools::getFormfield("zip")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_town' => filter_var(trim(Tools::getFormfield("town")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_phone' => filter_var(trim(Tools::getFormfield("phone")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_cellphone' => filter_var(trim(Tools::getFormfield("cellphone")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_fax' => filter_var(trim(Tools::getFormfield("fax")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_country' => filter_var(trim(Tools::getFormfield("country")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)];
                     }
                     if (isset($_POST["pwd"]) && $_POST["pwd"] != '') {
                         $aData['cust_password'] = password_hash($_POST["pwd"], PASSWORD_DEFAULT);
                         $aPData["infopasswordchanged"] = true;
                     }
                     $aData['cust_id'] = $_SESSION["user"]['cust_id'];
                     if (count($aData) > 1) {
                         $sql = \HaaseIT\DBTools::buildPSUpdateQuery($aData, 'customer', 'cust_id');
                         $hResult = $this->db->prepare($sql);
                         foreach ($aData as $sKey => $sValue) {
                             $hResult->bindValue(':' . $sKey, $sValue);
                         }
                         $hResult->execute();
                         $aPData["infochangessaved"] = true;
                     } else {
                         $aPData["infonothingchanged"] = true;
                     }
                 }
             }
             $this->P->cb_customdata["customerform"] = CHelper::buildCustomerForm(HelperConfig::$lang, 'editprofile', $sErr);
             //if (HelperConfig::$customer["allow_edituserprofile"]) $P["lang"]["cl_html"] .= '<br>'.$this->textcats->T("userprofile_infoeditemail"); // Future implementation
         } else {
             $this->P->cb_customdata["customerform"] = CHelper::buildCustomerForm(HelperConfig::$lang, 'userhome');
         }
         $aPData["showprofilelinks"] = false;
         if (!isset($_GET["editprofile"])) {
             $aPData["showprofilelinks"] = true;
         }
         if (isset($aPData) && count($aPData)) {
             $this->P->cb_customdata["userhome"] = $aPData;
         }
     }
 }
Exemple #11
0
 /**
  * @param $aErr
  * @return array
  */
 private function handleForgotPassword($aErr)
 {
     if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
         $aErr[] = 'emailinvalid';
     } else {
         $sql = 'SELECT * FROM customer WHERE cust_email = :email';
         $sEmail = filter_var(trim(\HaaseIT\Tools::getFormfield("email")), FILTER_SANITIZE_EMAIL);
         $hResult = $this->db->prepare($sql);
         $hResult->bindValue(':email', $sEmail, \PDO::PARAM_STR);
         $hResult->execute();
         if ($hResult->rowCount() != 1) {
             $aErr[] = 'emailunknown';
         } else {
             $aResult = $hResult->fetch();
             $iTimestamp = time();
             if ($iTimestamp - HOUR < $aResult['cust_pwresettimestamp']) {
                 // 1 hour delay between requests
                 $aErr[] = 'pwresetstilllocked';
             } else {
                 $sResetCode = md5($aResult['cust_email'] . $iTimestamp);
                 $aData = ['cust_pwresetcode' => $sResetCode, 'cust_pwresettimestamp' => $iTimestamp, 'cust_id' => $aResult['cust_id']];
                 $sql = \HaaseIT\DBTools::buildPSUpdateQuery($aData, 'customer', 'cust_id');
                 $hResult = $this->db->prepare($sql);
                 foreach ($aData as $sKey => $sValue) {
                     $hResult->bindValue(':' . $sKey, $sValue);
                 }
                 $hResult->execute();
                 $sTargetAddress = $aResult['cust_email'];
                 $sSubject = $this->textcats->T("forgotpw_mail_subject");
                 $sMessage = $this->textcats->T("forgotpw_mail_text1");
                 $sMessage .= "<br><br>" . '<a href="http' . (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == 'on' ? 's' : '') . '://';
                 $sMessage .= $_SERVER["SERVER_NAME"] . '/_misc/rp.html?key=' . $sResetCode . '&amp;email=' . $sTargetAddress . '">';
                 $sMessage .= 'http' . (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == 'on' ? 's' : '') . '://';
                 $sMessage .= $_SERVER["SERVER_NAME"] . '/_misc/rp.html?key=' . $sResetCode . '&amp;email=' . $sTargetAddress . '</a>';
                 $sMessage .= '<br><br>' . $this->textcats->T("forgotpw_mail_text2");
                 \HaaseIT\HCSF\Helper::mailWrapper($sTargetAddress, $sSubject, $sMessage);
             }
         }
     }
     return $aErr;
 }
Exemple #12
0
 /**
  * @return bool
  */
 private function doCheckout()
 {
     if (empty($_SESSION["cart"])) {
         return false;
     }
     /** @var \PDO $db */
     $db = $this->serviceManager->get('db');
     try {
         $db->beginTransaction();
         $aDataOrder = $this->prepareDataOrder();
         $sql = DBTools::buildPSInsertQuery($aDataOrder, 'orders');
         $hResult = $db->prepare($sql);
         foreach ($aDataOrder as $sKey => $sValue) {
             $hResult->bindValue(':' . $sKey, $sValue);
         }
         $hResult->execute();
         $iInsertID = $db->lastInsertId();
         $aDataOrderItems = [];
         $aImagesToSend = [];
         foreach ($_SESSION["cart"] as $sK => $aV) {
             $aImagesToSend[$aV["img"]] = $this->getItemImage($aV);
             $aDataOrderItems[] = ['oi_o_id' => $iInsertID, 'oi_cartkey' => $sK, 'oi_amount' => $aV["amount"], 'oi_price_netto_list' => $aV["price"]["netto_list"], 'oi_price_netto_use' => $aV["price"]["netto_use"], 'oi_price_brutto_use' => $aV["price"]["brutto_use"], 'oi_price_netto_sale' => isset($aV["price"]["netto_sale"]) ? $aV["price"]["netto_sale"] : '', 'oi_price_netto_rebated' => isset($aV["price"]["netto_rebated"]) ? $aV["price"]["netto_rebated"] : '', 'oi_vat' => HelperConfig::$shop["vat"][$aV["vat"]], 'oi_rg' => $aV["rg"], 'oi_rg_rebate' => isset(HelperConfig::$shop["rebate_groups"][$aV["rg"]][trim(CHelper::getUserData('cust_group'))]) ? HelperConfig::$shop["rebate_groups"][$aV["rg"]][trim(CHelper::getUserData('cust_group'))] : '', 'oi_itemname' => $aV["name"], 'oi_img' => $aImagesToSend[$aV["img"]]['base64img']];
         }
         foreach ($aDataOrderItems as $aV) {
             $sql = DBTools::buildPSInsertQuery($aV, 'orders_items');
             $hResult = $db->prepare($sql);
             foreach ($aV as $sKey => $sValue) {
                 $hResult->bindValue(':' . $sKey, $sValue);
             }
             $hResult->execute();
         }
         $db->commit();
     } catch (\Exception $e) {
         // If something raised an exception in our transaction block of statements,
         // roll back any work performed in the transaction
         print '<p>Unable to complete transaction!</p>';
         print $e;
         $db->rollBack();
     }
     $sMailbody_us = $this->buildOrderMailBody(false, $iInsertID);
     $sMailbody_they = $this->buildOrderMailBody(true, $iInsertID);
     // write to file
     $this->writeCheckoutToFile($sMailbody_us);
     // Send Mails
     $this->sendCheckoutMails($iInsertID, $sMailbody_us, $sMailbody_they, $aImagesToSend);
     if (isset($_SESSION["cart"])) {
         unset($_SESSION["cart"]);
     }
     if (isset($_SESSION["cartpricesums"])) {
         unset($_SESSION["cartpricesums"]);
     }
     if (isset($_SESSION["sondercart"])) {
         unset($_SESSION["sondercart"]);
     }
     if (isset($this->post["paymentmethod"]) && $this->post["paymentmethod"] == 'paypal' && array_search('paypal', HelperConfig::$shop["paymentmethods"]) !== false && isset(HelperConfig::$shop["paypal_interactive"]) && HelperConfig::$shop["paypal_interactive"]) {
         header('Location: /_misc/paypal.html?id=' . $iInsertID);
     } elseif (isset($this->post["paymentmethod"]) && $this->post["paymentmethod"] == 'sofortueberweisung' && array_search('sofortueberweisung', HelperConfig::$shop["paymentmethods"]) !== false) {
         header('Location: /_misc/sofortueberweisung.html?id=' . $iInsertID);
     } else {
         header('Location: /_misc/checkedout.html?id=' . $iInsertID);
     }
     die;
 }
Exemple #13
0
 /**
  * @param $aErr
  * @param $iID
  * @return array
  */
 private function handlePasswordReset($aErr, $iID)
 {
     if (isset($_POST["pwd"]) && trim($_POST["pwd"]) != '') {
         if (strlen($_POST["pwd"]) < HelperConfig::$customer["minimum_length_password"] || strlen($_POST["pwd"]) > HelperConfig::$customer["maximum_length_password"]) {
             $aErr[] = 'pwlength';
         }
         if ($_POST["pwd"] != $_POST["pwdc"]) {
             $aErr[] = 'pwmatch';
         }
         if (count($aErr) == 0) {
             $sEnc = password_hash($_POST["pwd"], PASSWORD_DEFAULT);
             $aData = ['cust_password' => $sEnc, 'cust_pwresetcode' => '', 'cust_id' => $iID];
             $sql = \HaaseIT\DBTools::buildPSUpdateQuery($aData, 'customer', 'cust_id');
             $hResult = $this->db->prepare($sql);
             foreach ($aData as $sKey => $sValue) {
                 $hResult->bindValue(':' . $sKey, $sValue);
             }
             $hResult->execute();
         }
     } else {
         $aErr[] = 'nopw';
     }
     return $aErr;
 }