public function preparePage()
{
$this->P = new \HaaseIT\HCSF\CorePage($this->serviceManager);
$this->P->cb_pagetype = 'content';
$this->P->cb_subnav = 'admin';
$this->P->cb_customcontenttemplate = 'textcatadmin';
$return = '';
if (!isset($_REQUEST["action"]) || $_REQUEST["action"] == '') {
$aData = $this->textcats->getCompleteTextcatForCurrentLang();
$aListSetting = [['title' => HardcodedText::get('textcatadmin_list_title_key'), 'key' => 'tc_key', 'width' => '20%', 'linked' => false], ['title' => HardcodedText::get('textcatadmin_list_title_text'), 'key' => 'tcl_text', 'width' => '80%', 'linked' => false, 'escapehtmlspecialchars' => true], ['title' => HardcodedText::get('textcatadmin_list_title_edit'), 'key' => 'tc_id', 'width' => 35, 'linked' => true, 'ltarget' => '/_admin/textcatadmin.html', 'lkeyname' => 'id', 'lgetvars' => ['action' => 'edit']]];
$return .= Tools::makeListtable($aListSetting, $aData, $this->serviceManager->get('twig'));
} elseif ($_GET["action"] == 'edit' || $_GET["action"] == 'delete') {
if ($_GET["action"] == 'delete' && isset($_POST["delete"]) && $_POST["delete"] == 'do') {
$this->textcats->deleteText($_GET["id"]);
$this->P->cb_customdata["deleted"] = true;
} else {
$this->P->cb_customdata["edit"] = true;
$this->textcats->initTextIfVoid($_GET["id"]);
// if post:edit is set, update
if (isset($_POST["edit"]) && $_POST["edit"] == 'do') {
if (HelperConfig::$core['textcat_enable_purifier']) {
$this->textcats->purifier = \HaaseIT\HCSF\Helper::getPurifier('textcat');
} else {
$this->textcats->purifier = false;
}
$this->textcats->saveText($_POST["lid"], $_POST["text"]);
$this->P->cb_customdata["updated"] = true;
}
$aData = $this->textcats->getSingleTextByID($_GET["id"]);
$this->P->cb_customdata["editform"] = ['id' => $aData["tc_id"], 'lid' => $aData["tcl_id"], 'key' => $aData["tc_key"], 'lang' => $aData["tcl_lang"], 'text' => $aData["tcl_text"]];
// show archived versions of this textcat
/** @var \PDOStatement $hResult */
$hResult = $this->serviceManager->get('db')->query('SELECT * FROM textcat_lang_archive WHERE tcl_id = ' . $aData["tcl_id"] . " AND tcl_lang = '" . HelperConfig::$lang . "' ORDER BY tcla_timestamp DESC");
$iArchivedRows = $hResult->rowCount();
if ($iArchivedRows > 0) {
$aListSetting = [['title' => 'tcla_timestamp', 'key' => 'tcla_timestamp', 'width' => '15%', 'linked' => false], ['title' => 'tcl_text', 'key' => 'tcl_text', 'width' => '85%', 'linked' => false, 'escapehtmlspecialchars' => true]];
$aData = $hResult->fetchAll();
$this->P->cb_customdata['archived_list'] = Tools::makeListtable($aListSetting, $aData, $this->serviceManager->get('twig'));
}
}
} elseif ($_GET["action"] == 'add') {
$this->P->cb_customdata["add"] = true;
if (isset($_POST["add"]) && $_POST["add"] == 'do') {
$this->P->cb_customdata["err"] = $this->textcats->verifyAddTextKey($_POST["key"]);
if (count($this->P->cb_customdata["err"]) == 0) {
$this->P->cb_customdata["addform"] = ['key' => $_POST["key"], 'id' => $this->textcats->addTextKey($_POST["key"])];
}
}
}
$this->P->oPayload->cl_html = $return;
}
public function preparePage()
{
$this->P = new \HaaseIT\HCSF\CorePage($this->serviceManager);
$this->P->cb_pagetype = 'content';
if (CHelper::getUserData()) {
$this->P->oPayload->cl_html = $this->serviceManager->get('textcats')->T("denied_default");
} else {
$this->P->cb_customcontenttemplate = 'customer/register';
$aErr = [];
if (isset($_POST["doRegister"]) && $_POST["doRegister"] == 'yes') {
$aErr = CHelper::validateCustomerForm(HelperConfig::$lang, $aErr);
if (count($aErr) == 0) {
$sql = 'SELECT cust_email FROM customer WHERE cust_email = :email';
$sEmail = filter_var(trim(Tools::getFormfield("email")), FILTER_SANITIZE_EMAIL);
/** @var \PDOStatement $hResult */
$hResult = $this->serviceManager->get('db')->prepare($sql);
$hResult->bindValue(':email', $sEmail, \PDO::PARAM_STR);
$hResult->execute();
$iRows = $hResult->rowCount();
if ($iRows == 0) {
$sEmailVerificationcode = md5($_POST["email"] . time());
$aData = ['cust_email' => $sEmail, 'cust_corp' => filter_var(trim(Tools::getFormfield("corpname")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_name' => filter_var(trim(Tools::getFormfield("name")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_street' => filter_var(trim(Tools::getFormfield("street")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_zip' => filter_var(trim(Tools::getFormfield("zip")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_town' => filter_var(trim(Tools::getFormfield("town")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_phone' => filter_var(trim(Tools::getFormfield("phone")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_cellphone' => filter_var(trim(Tools::getFormfield("cellphone")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_fax' => filter_var(trim(Tools::getFormfield("fax")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_country' => filter_var(trim(Tools::getFormfield("country")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_password' => password_hash($_POST["pwd"], PASSWORD_DEFAULT), 'cust_tosaccepted' => isset($_POST["tos"]) && $_POST["tos"] == 'y' ? 'y' : 'n', 'cust_cancellationdisclaimeraccepted' => isset($_POST["cancellationdisclaimer"]) && $_POST["cancellationdisclaimer"] == 'y' ? 'y' : 'n', 'cust_emailverified' => 'n', 'cust_emailverificationcode' => $sEmailVerificationcode, 'cust_active' => HelperConfig::$customer["register_require_manual_activation"] ? 'n' : 'y', 'cust_registrationtimestamp' => time()];
$sql = \HaaseIT\DBTools::buildPSInsertQuery($aData, 'customer');
$hResult = $this->serviceManager->get('db')->prepare($sql);
foreach ($aData as $sKey => $sValue) {
$hResult->bindValue(':' . $sKey, $sValue, \PDO::PARAM_STR);
}
$hResult->execute();
CHelper::sendVerificationMail($sEmailVerificationcode, $sEmail, $this->serviceManager, true);
$aPData["showsuccessmessage"] = true;
} else {
$aErr["emailalreadytaken"] = true;
$this->P->cb_customdata["customerform"] = CHelper::buildCustomerForm(HelperConfig::$lang, 'register', $aErr);
}
} else {
$this->P->cb_customdata["customerform"] = CHelper::buildCustomerForm(HelperConfig::$lang, 'register', $aErr);
}
} else {
$this->P->cb_customdata["customerform"] = CHelper::buildCustomerForm(HelperConfig::$lang, 'register');
}
if (isset($aPData) && count($aPData)) {
$this->P->cb_customdata["register"] = $aPData;
}
}
}
public function preparePage()
{
$this->P = new \HaaseIT\HCSF\CorePage($this->serviceManager);
$this->P->cb_pagetype = 'content';
$html = '<pre>';
/*
$this->entityManager->getConnection()
->getConfiguration()
->setSQLLogger(new \Doctrine\DBAL\Logging\EchoSQLLogger())
;
*/
//$customer = $this->entityManager->find(ENTITY_CUSTOMER, 1);
//$this->P->oPayload->cl_html = \HaaseIT\Tools::debug($customer->getName(), 'customername', true);
$dql = "SELECT l, b FROM " . ENTITY_USERPAGE_LANG . " l JOIN l.basepage b WHERE l.language = ?1 AND b.key = ?2";
//$dql = "SELECT l FROM ".ENTITY_USERPAGE_LANG." l";
//die($dql);
try {
$pages = $this->entityManager->createQuery($dql)->setParameter(1, 'de')->setParameter(2, '/index.html')->setMaxResults(10)->getResult();
foreach ($pages as $page) {
$html .= 'base id:' . $page->getBasepage()->getId() . PHP_EOL;
$html .= 'base key:' . $page->getBasepage()->getKey() . PHP_EOL;
$html .= 'base group:' . $page->getBasepage()->getGroup() . PHP_EOL;
$html .= 'base pagetype:' . $page->getBasepage()->getPagetype() . PHP_EOL;
$html .= 'base pageconfig:' . $page->getBasepage()->getPageconfig() . PHP_EOL;
$html .= 'base subnav:' . $page->getBasepage()->getSubnav() . PHP_EOL;
$html .= 'lang id:' . $page->getId() . PHP_EOL;
$html .= 'lang language:' . $page->getLanguage() . PHP_EOL;
$html .= 'lang html:' . $page->getHtml() . PHP_EOL;
$html .= 'lang keywords:' . $page->getKeywords() . PHP_EOL;
$html .= 'lang description:' . $page->getDescription() . PHP_EOL;
$html .= 'lang title:' . $page->getTitle() . PHP_EOL;
$page->getBasepage()->setGroup('testi');
$page->setKeywords('testi kel');
$this->serviceManager->get('entitymanager')->persist($page);
$this->serviceManager->get('entitymanager')->flush();
}
} catch (\Exception $e) {
$html .= \HaaseIT\Tools::debug($e, 'exception', true);
}
$this->P->oPayload->cl_html = $html . '</pre>';
}
/**
* @param $aErr
* @return array
*/
private function handleForgotPassword($aErr)
{
if (!filter_var($_POST["email"], FILTER_VALIDATE_EMAIL)) {
$aErr[] = 'emailinvalid';
} else {
$sql = 'SELECT * FROM customer WHERE cust_email = :email';
$sEmail = filter_var(trim(\HaaseIT\Tools::getFormfield("email")), FILTER_SANITIZE_EMAIL);
$hResult = $this->db->prepare($sql);
$hResult->bindValue(':email', $sEmail, \PDO::PARAM_STR);
$hResult->execute();
if ($hResult->rowCount() != 1) {
$aErr[] = 'emailunknown';
} else {
$aResult = $hResult->fetch();
$iTimestamp = time();
if ($iTimestamp - HOUR < $aResult['cust_pwresettimestamp']) {
// 1 hour delay between requests
$aErr[] = 'pwresetstilllocked';
} else {
$sResetCode = md5($aResult['cust_email'] . $iTimestamp);
$aData = ['cust_pwresetcode' => $sResetCode, 'cust_pwresettimestamp' => $iTimestamp, 'cust_id' => $aResult['cust_id']];
$sql = \HaaseIT\DBTools::buildPSUpdateQuery($aData, 'customer', 'cust_id');
$hResult = $this->db->prepare($sql);
foreach ($aData as $sKey => $sValue) {
$hResult->bindValue(':' . $sKey, $sValue);
}
$hResult->execute();
$sTargetAddress = $aResult['cust_email'];
$sSubject = $this->textcats->T("forgotpw_mail_subject");
$sMessage = $this->textcats->T("forgotpw_mail_text1");
$sMessage .= "<br><br>" . '<a href="http' . (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == 'on' ? 's' : '') . '://';
$sMessage .= $_SERVER["SERVER_NAME"] . '/_misc/rp.html?key=' . $sResetCode . '&email=' . $sTargetAddress . '">';
$sMessage .= 'http' . (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == 'on' ? 's' : '') . '://';
$sMessage .= $_SERVER["SERVER_NAME"] . '/_misc/rp.html?key=' . $sResetCode . '&email=' . $sTargetAddress . '</a>';
$sMessage .= '<br><br>' . $this->textcats->T("forgotpw_mail_text2");
\HaaseIT\HCSF\Helper::mailWrapper($sTargetAddress, $sSubject, $sMessage);
}
}
}
return $aErr;
}
/**
*
*/
public function preparePage()
{
$this->P = new \HaaseIT\HCSF\CorePage($this->serviceManager);
$this->P->cb_pagetype = 'content';
if (\HaaseIT\HCSF\Customer\Helper::getUserData()) {
$this->P->oPayload->cl_html = $this->textcats->T("denied_default");
} else {
if (!isset($_GET["key"]) || !isset($_GET["email"]) || trim($_GET["key"]) == '' || trim($_GET["email"]) == '' || !\filter_var($_GET["email"], FILTER_VALIDATE_EMAIL)) {
$this->P->oPayload->cl_html = $this->textcats->T("denied_default");
} else {
$sql = 'SELECT * FROM customer WHERE cust_email = :email AND cust_pwresetcode = :pwresetcode AND cust_pwresetcode != \'\'';
$sEmail = filter_var(trim(Tools::getFormfield("email")), FILTER_SANITIZE_EMAIL);
$hResult = $this->db->prepare($sql);
$hResult->bindValue(':email', $sEmail, \PDO::PARAM_STR);
$hResult->bindValue(':pwresetcode', filter_var(trim(Tools::getFormfield("key")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), \PDO::PARAM_STR);
$hResult->execute();
if ($hResult->rowCount() != 1) {
$this->P->oPayload->cl_html = $this->textcats->T("denied_default");
} else {
$aErr = [];
$aResult = $hResult->fetch();
$iTimestamp = time();
if ($aResult['cust_pwresettimestamp'] < $iTimestamp - DAY) {
$this->P->oPayload->cl_html = $this->textcats->T("pwreset_error_expired");
} else {
$this->P->cb_customcontenttemplate = 'customer/resetpassword';
$this->P->cb_customdata["pwreset"]["minpwlength"] = HelperConfig::$customer["minimum_length_password"];
if (isset($_POST["doSend"]) && $_POST["doSend"] == 'yes') {
$aErr = $this->handlePasswordReset($aErr, $aResult['cust_id']);
if (count($aErr) == 0) {
$this->P->cb_customdata["pwreset"]["showsuccessmessage"] = true;
} else {
$this->P->cb_customdata["pwreset"]["errors"] = $aErr;
}
}
}
}
}
}
}
/**
* @param $aGroups
* @return bool|mixed
*/
private function admin_showItemgroups($aGroups)
{
$aList = [['title' => HardcodedText::get('itemgroupadmin_list_no'), 'key' => 'gno', 'width' => 80, 'linked' => false, 'style-data' => 'padding: 5px 0;'], ['title' => HardcodedText::get('itemgroupadmin_list_name'), 'key' => 'gname', 'width' => 350, 'linked' => false, 'style-data' => 'padding: 5px 0;'], ['title' => HardcodedText::get('itemgroupadmin_list_edit'), 'key' => 'gid', 'width' => 30, 'linked' => true, 'ltarget' => '/_admin/itemgroupadmin.html', 'lkeyname' => 'gid', 'lgetvars' => ['action' => 'editgroup'], 'style-data' => 'padding: 5px 0;']];
if (count($aGroups) > 0) {
$aData = [];
foreach ($aGroups as $aValue) {
$aData[] = ['gid' => $aValue['itmg_id'], 'gno' => $aValue['itmg_no'], 'gname' => $aValue['itmg_name']];
}
return Tools::makeListtable($aList, $aData, $this->serviceManager->get('twig'));
} else {
return false;
}
}
public static function getShippingcost()
{
$fShippingcost = HelperConfig::$shop["shippingcoststandardrate"];
$sCountry = CHelper::getDefaultCountryByConfig(HelperConfig::$lang);
if (isset($_SESSION["user"]["cust_country"])) {
$sCountry = $_SESSION["user"]["cust_country"];
} elseif (isset($_POST["doCheckout"]) && $_POST["doCheckout"] == 'yes' && isset($_POST["country"])) {
$sCountry = trim(\HaaseIT\Tools::getFormfield("country"));
} elseif (isset($_SESSION["formsave_addrform"]["country"])) {
$sCountry = $_SESSION["formsave_addrform"]["country"];
}
foreach (HelperConfig::$shop["shippingcosts"] as $aValue) {
if (isset($aValue["countries"][$sCountry])) {
$fShippingcost = $aValue["cost"];
break;
}
}
return $fShippingcost;
}
/**
* @param $CSA
* @return array
*/
private function handleShopAdmin($CSA)
{
$aSData = [];
$aData = [];
if (!isset($_GET["action"])) {
$bIgnoreStorno = false;
$sql = 'SELECT * FROM orders WHERE ';
if (!isset($_REQUEST["type"]) or $_REQUEST["type"] == 'openinwork') {
$sql .= "(o_ordercompleted = 'n' OR o_ordercompleted = 'i') ";
} elseif ($_REQUEST["type"] == 'closed') {
$sql .= "o_ordercompleted = 'y' ";
} elseif ($_REQUEST["type"] == 'open') {
$sql .= "o_ordercompleted = 'n' ";
} elseif ($_REQUEST["type"] == 'inwork') {
$sql .= "o_ordercompleted = 'i' ";
} elseif ($_REQUEST["type"] == 'storno') {
$sql .= "o_ordercompleted = 's' ";
} elseif ($_REQUEST["type"] == 'deleted') {
$sql .= "o_ordercompleted = 'd' ";
} elseif ($_REQUEST["type"] == 'all') {
$sql .= "o_ordercompleted != 'd' ";
$bIgnoreStorno = true;
} else {
die(HardcodedText::get('shopadmin_error_invalidrequest'));
}
$bFromTo = false;
$sFrom = null;
$sTo = null;
if (isset($_REQUEST["type"]) && ($_REQUEST["type"] == 'deleted' or $_REQUEST["type"] == 'all' or $_REQUEST["type"] == 'closed')) {
$sql .= "AND ";
$sFrom = \filter_var($_REQUEST["fromyear"], FILTER_SANITIZE_NUMBER_INT) . '-' . Tools::dateAddLeadingZero(\filter_var($_REQUEST["frommonth"], FILTER_SANITIZE_NUMBER_INT));
$sFrom .= '-' . Tools::dateAddLeadingZero(\filter_var($_REQUEST["fromday"], FILTER_SANITIZE_NUMBER_INT));
$sTo = \filter_var($_REQUEST["toyear"], FILTER_SANITIZE_NUMBER_INT) . '-' . Tools::dateAddLeadingZero(\filter_var($_REQUEST["tomonth"], FILTER_SANITIZE_NUMBER_INT));
$sTo .= '-' . Tools::dateAddLeadingZero(\filter_var($_REQUEST["today"], FILTER_SANITIZE_NUMBER_INT));
$sql .= "o_orderdate >= :from ";
$sql .= "AND o_orderdate <= :to ";
$bFromTo = true;
}
$sql .= "ORDER BY o_ordertimestamp DESC";
$hResult = $this->db->prepare($sql);
if ($bFromTo) {
$hResult->bindValue(':from', $sFrom);
$hResult->bindValue(':to', $sTo);
}
$hResult->execute();
if ($hResult->rowCount() != 0) {
$i = 0;
$j = 0;
$k = 0;
$fGesamtnetto = 0.0;
while ($aRow = $hResult->fetch()) {
if ($aRow["o_ordercompleted"] == 'y') {
$sStatus = '<span style="color: green; font-weight: bold;">' . HardcodedText::get('shopadmin_orderstatus_completed') . '</span>';
} elseif ($aRow["o_ordercompleted"] == 'n') {
$sStatus = '<span style="color: orange; font-weight: bold;">' . HardcodedText::get('shopadmin_orderstatus_open') . '</span>';
} elseif ($aRow["o_ordercompleted"] == 'i') {
$sStatus = '<span style="color: orange;">' . HardcodedText::get('shopadmin_orderstatus_inwork') . '</span>';
} elseif ($aRow["o_ordercompleted"] == 's') {
$sStatus = '<span style="color: red; font-weight: bold;">' . HardcodedText::get('shopadmin_orderstatus_canceled') . '</span>';
} elseif ($aRow["o_ordercompleted"] == 'd') {
$sStatus = HardcodedText::get('shopadmin_orderstatus_deleted');
} else {
$sStatus = '';
}
if ($aRow["o_paymentcompleted"] == 'y') {
$sZahlungsmethode = '<span style="color: green;">';
} else {
$sZahlungsmethode = '<span style="color: red;">';
}
$mZahlungsmethode = $this->serviceManager->get('textcats')->T("order_paymentmethod_" . $aRow["o_paymentmethod"], true);
if ($mZahlungsmethode) {
$sZahlungsmethode .= $mZahlungsmethode;
} else {
$sZahlungsmethode .= ucwords($aRow["o_paymentmethod"]);
}
$sZahlungsmethode .= '</span>';
if (trim($aRow["o_corpname"]) == '') {
$sName = $aRow["o_name"];
} else {
$sName = $aRow["o_corpname"];
}
$aData[] = ['o_id' => $aRow["o_id"], 'o_account_no' => $aRow["o_custno"], 'o_email' => $aRow["o_email"], 'o_cust' => $sName . '<br>' . $aRow["o_zip"] . ' ' . $aRow["o_town"], 'o_authed' => $aRow["o_authed"], 'o_sumnettoall' => number_format($aRow["o_sumnettoall"], HelperConfig::$core['numberformat_decimals'], HelperConfig::$core['numberformat_decimal_point'], HelperConfig::$core['numberformat_thousands_seperator']) . ' ' . HelperConfig::$shop["waehrungssymbol"] . ($aRow["o_mindermenge"] != 0 && $aRow["o_mindermenge"] != '' ? '<br>+' . number_format($aRow["o_mindermenge"], HelperConfig::$core['numberformat_decimals'], HelperConfig::$core['numberformat_decimal_point'], HelperConfig::$core['numberformat_thousands_seperator']) . ' ' . HelperConfig::$shop["waehrungssymbol"] : ''), 'o_order_status' => $sStatus . (trim($aRow["o_lastedit_user"]) != '' ? '<br>' . $aRow["o_lastedit_user"] : ''), 'o_ordertime_number' => date(HelperConfig::$core['locale_format_date_time'], $aRow["o_ordertimestamp"]) . (trim($aRow["o_transaction_no"]) != '' ? '<br>' . $aRow["o_transaction_no"] : ''), 'o_order_host_payment' => $sZahlungsmethode . '<br>' . $aRow["o_srv_hostname"]];
if (!($aRow["o_ordercompleted"] == 's' && $bIgnoreStorno)) {
$fGesamtnetto += $aRow["o_sumnettoall"];
$j++;
} else {
$k++;
}
$i++;
}
$aSData['listtable_orders'] = Tools::makeListtable($CSA["list_orders"], $aData, $this->serviceManager->get('twig'));
$aSData['listtable_i'] = $i;
$aSData['listtable_j'] = $j;
$aSData['listtable_k'] = $k;
$aSData['listtable_gesamtnetto'] = $fGesamtnetto;
} else {
$aSData['nomatchingordersfound'] = true;
}
} elseif (isset($_GET["action"]) && $_GET["action"] == 'edit') {
$iId = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
$sql = 'SELECT * FROM orders WHERE o_id = :id';
/** @var \PDOStatement $hResult */
$hResult = $this->db->prepare($sql);
$hResult->bindValue(':id', $iId);
$hResult->execute();
if ($hResult->rowCount() == 1) {
$aSData["orderdata"] = $hResult->fetch();
$sql = 'SELECT * FROM orders_items WHERE oi_o_id = :id';
$hResult = $this->db->prepare($sql);
$hResult->bindValue(':id', $iId);
$hResult->execute();
$aItems = $hResult->fetchAll();
$aUserdata = ['cust_no' => $aSData["orderdata"]["o_custno"], 'cust_email' => $aSData["orderdata"]["o_email"], 'cust_corp' => $aSData["orderdata"]["o_corpname"], 'cust_name' => $aSData["orderdata"]["o_name"], 'cust_street' => $aSData["orderdata"]["o_street"], 'cust_zip' => $aSData["orderdata"]["o_zip"], 'cust_town' => $aSData["orderdata"]["o_town"], 'cust_phone' => $aSData["orderdata"]["o_phone"], 'cust_cellphone' => $aSData["orderdata"]["o_cellphone"], 'cust_fax' => $aSData["orderdata"]["o_fax"], 'cust_country' => $aSData["orderdata"]["o_country"], 'cust_group' => $aSData["orderdata"]["o_group"]];
$aSData["customerform"] = \HaaseIT\HCSF\Customer\Helper::buildCustomerForm(HelperConfig::$lang, 'shopadmin', '', $aUserdata);
$aSData["orderdata"]["options_shippingservices"] = [''];
foreach (HelperConfig::$shop["shipping_services"] as $sValue) {
$aSData["orderdata"]["options_shippingservices"][] = $sValue;
}
$aItemsCarttable = [];
foreach ($aItems as $aValue) {
$aPrice = ['netto_list' => $aValue["oi_price_netto_list"], 'netto_sale' => $aValue["oi_price_netto_sale"], 'netto_rebated' => $aValue["oi_price_netto_rebated"], 'netto_use' => $aValue["oi_price_netto_use"], 'brutto_use' => $aValue["oi_price_brutto_use"]];
//$aPrice = $oItem->calcPrice($aValue["oi_price_netto"], HelperConfig::$shop["vat"][$aValue["oi_vat_id"]], '', true);
$aItemsCarttable[$aValue["oi_cartkey"]] = ['amount' => $aValue["oi_amount"], 'price' => $aPrice, 'vat' => $aValue["oi_vat"], 'rg' => $aValue["oi_rg"], 'rg_rebate' => $aValue["oi_rg_rebate"], 'name' => $aValue["oi_itemname"], 'img' => $aValue["oi_img"]];
}
$aSData = array_merge(\HaaseIT\HCSF\Shop\Helper::buildShoppingCartTable($aItemsCarttable, true, $aSData["orderdata"]["o_group"], '', $aSData["orderdata"]["o_vatfull"], $aSData["orderdata"]["o_vatreduced"]), $aSData);
} else {
$aSData['ordernotfound'] = true;
}
}
return $aSData;
}
private function showMyOrders($COList)
{
$return = '';
$sql = 'SELECT * FROM orders WHERE o_custno = :custno ORDER BY o_ordertimestamp DESC';
$hResult = $this->db->prepare($sql);
$hResult->bindValue(':custno', CHelper::getUserData('cust_no'));
$hResult->execute();
if ($hResult->rowCount() >= 1) {
$aData = [];
while ($aRow = $hResult->fetch()) {
$sStatus = SHelper::showOrderStatusText($this->textcats, $aRow["o_ordercompleted"]);
if ($aRow["o_paymentmethod"] == 'prepay') {
$sPaymentmethod = $this->textcats->T("order_paymentmethod_prepay");
} elseif ($aRow["o_paymentmethod"] == 'paypal') {
$sPaymentmethod = $this->textcats->T("order_paymentmethod_paypal");
} elseif ($aRow["o_paymentmethod"] == 'debit') {
$sPaymentmethod = $this->textcats->T("order_paymentmethod_debit");
} elseif ($aRow["o_paymentmethod"] == 'invoice') {
$sPaymentmethod = $this->textcats->T("order_paymentmethod_invoice");
} else {
$sPaymentmethod = ucwords($aRow["o_paymentmethod"]);
}
if ($aRow["o_paymentcompleted"] == 'y') {
$sPaymentstatus = ucwords($this->textcats->T("misc_yes"));
} else {
$sPaymentstatus = ucwords($this->textcats->T("misc_no"));
}
$aData[] = ['o_id' => $aRow["o_id"], 'o_order_status' => $sStatus, 'o_ordertime' => date(HelperConfig::$customer['locale_format_date_time'], $aRow["o_ordertimestamp"]), 'o_paymentmethod' => $sPaymentmethod, 'o_paymentcompleted' => $sPaymentstatus, 'o_shipping_service' => $aRow["o_shipping_service"], 'o_shipping_trackingno' => $aRow["o_shipping_trackingno"]];
}
$return .= \HaaseIT\Tools::makeListtable($COList, $aData, $this->serviceManager->get('twig'));
} else {
$return .= $this->textcats->T("myorders_no_orders_to_display");
}
return $return;
}
/**
* @param $CUA
* @param $twig
* @return mixed
*/
private function handleCustomerAdmin($CUA, $twig)
{
$sType = 'all';
if (isset($_REQUEST["type"])) {
if ($_REQUEST["type"] == 'active') {
$sType = 'active';
} elseif ($_REQUEST["type"] == 'inactive') {
$sType = 'inactive';
}
}
$return = '';
if (!isset($_GET["action"])) {
$sql = 'SELECT ' . DB_ADDRESSFIELDS . ' FROM customer';
if ($sType == 'active') {
$sql .= ' WHERE cust_active = \'y\'';
} elseif ($sType == 'inactive') {
$sql .= ' WHERE cust_active = \'n\'';
}
$sql .= ' ORDER BY cust_no ASC';
$hResult = $this->db->query($sql);
if ($hResult->rowCount() != 0) {
$aData = $hResult->fetchAll();
$return .= \HaaseIT\Tools::makeListtable($CUA, $aData, $twig);
} else {
$aInfo["nodatafound"] = true;
}
} elseif (isset($_GET["action"]) && $_GET["action"] == 'edit') {
$iId = filter_input(INPUT_GET, 'id', FILTER_SANITIZE_NUMBER_INT);
$aErr = [];
if (isset($_POST["doEdit"]) && $_POST["doEdit"] == 'yes') {
$sCustno = filter_var(trim($_POST["custno"]), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW);
if (strlen($sCustno) < HelperConfig::$customer["minimum_length_custno"]) {
$aErr["custnoinvalid"] = true;
} else {
$sql = 'SELECT ' . DB_ADDRESSFIELDS . ' FROM customer WHERE cust_id != :id AND cust_no = :custno';
$hResult = $this->db->prepare($sql);
$hResult->bindValue(':id', $iId);
$hResult->bindValue(':custno', $sCustno);
$hResult->execute();
$iRows = $hResult->rowCount();
if ($iRows == 1) {
$aErr["custnoalreadytaken"] = true;
}
$sql = 'SELECT ' . DB_ADDRESSFIELDS . ' FROM customer WHERE cust_id != :id AND cust_email = :email';
$hResult = $this->db->prepare($sql);
$hResult->bindValue(':id', $iId);
$hResult->bindValue(':email', filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL));
$hResult->execute();
$iRows = $hResult->rowCount();
if ($iRows == 1) {
$aErr["emailalreadytaken"] = true;
}
$aErr = CHelper::validateCustomerForm(HelperConfig::$lang, $aErr, true);
if (count($aErr) == 0) {
$aData = ['cust_no' => $sCustno, 'cust_email' => trim(filter_input(INPUT_POST, 'email', FILTER_SANITIZE_EMAIL)), 'cust_corp' => trim(filter_input(INPUT_POST, 'corpname', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_name' => trim(filter_input(INPUT_POST, 'name', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_street' => trim(filter_input(INPUT_POST, 'street', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_zip' => trim(filter_input(INPUT_POST, 'zip', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_town' => trim(filter_input(INPUT_POST, 'town', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_phone' => trim(filter_input(INPUT_POST, 'phone', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_cellphone' => trim(filter_input(INPUT_POST, 'cellphone', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_fax' => trim(filter_input(INPUT_POST, 'fax', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_country' => trim(filter_input(INPUT_POST, 'country', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_group' => trim(filter_input(INPUT_POST, 'custgroup', FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)), 'cust_emailverified' => isset($_POST["emailverified"]) && $_POST["emailverified"] == 'y' ? 'y' : 'n', 'cust_active' => isset($_POST["active"]) && $_POST["active"] == 'y' ? 'y' : 'n', 'cust_id' => $iId];
if (isset($_POST["pwd"]) && $_POST["pwd"] != '') {
$aData['cust_password'] = password_hash($_POST["pwd"], PASSWORD_DEFAULT);
$aInfo["passwordchanged"] = true;
}
$sql = \HaaseIT\DBTools::buildPSUpdateQuery($aData, 'customer', 'cust_id');
$hResult = $this->db->prepare($sql);
foreach ($aData as $sKey => $sValue) {
$hResult->bindValue(':' . $sKey, $sValue);
}
$hResult->execute();
$aInfo["changeswritten"] = true;
}
}
}
$sql = 'SELECT ' . DB_ADDRESSFIELDS . ' FROM customer WHERE cust_id = :id';
$hResult = $this->db->prepare($sql);
$hResult->bindValue(':id', $iId);
$hResult->execute();
if ($hResult->rowCount() == 1) {
$aUser = $hResult->fetch();
$aPData["customerform"] = CHelper::buildCustomerForm(HelperConfig::$lang, 'admin', $aErr, $aUser);
} else {
$aInfo["nosuchuserfound"] = true;
}
}
$aPData["customeradmin"]["text"] = $return;
$aPData["customeradmin"]["type"] = $sType;
if (isset($aInfo)) {
$aPData["customeradmin"]["info"] = $aInfo;
}
return $aPData;
}
private function getRoutingoverride($aPath)
{
$aRoutingoverride = [];
// /xxxx/item/0010.html
$aTMP["parts_in_path"] = count($aPath);
// if the last dir in path is 'item' and the last part of the path is not empty
if ($aPath[$aTMP["parts_in_path"] - 2] == 'item' && $aPath[$aTMP["parts_in_path"] - 1] != '') {
// explode the filename by .
$aTMP["exploded_request_file"] = explode('.', $aPath[$aTMP["parts_in_path"] - 1]);
// if the filename ends in '.html', get the requested itemno
if ($aTMP["exploded_request_file"][count($aTMP["exploded_request_file"]) - 1] == 'html') {
// to allow dots in the filename, we have to iterate through all parts of the filename
$aRoutingoverride["itemno"] = '';
for ($i = 0; $i < count($aTMP["exploded_request_file"]) - 1; $i++) {
$aRoutingoverride["itemno"] .= $aTMP["exploded_request_file"][$i] . '.';
}
// remove the trailing dot
$aRoutingoverride["itemno"] = \HaaseIT\Tools::cutStringend($aRoutingoverride["itemno"], 1);
$aRoutingoverride["cb_pagetype"] = 'itemdetail';
// rebuild the path string without the trailing '/item/itemno.html'
$this->sPath = '';
for ($i = 0; $i < $aTMP["parts_in_path"] - 2; $i++) {
$this->sPath .= $aPath[$i] . '/';
}
}
}
return $aRoutingoverride;
}
/**
*
*/
public function preparePage()
{
$this->P = new \HaaseIT\HCSF\CorePage($this->serviceManager);
$this->P->cb_pagetype = 'content';
if (!CHelper::getUserData()) {
$this->P->oPayload->cl_html = $this->textcats->T("denied_notloggedin");
} else {
$this->P->cb_customcontenttemplate = 'customer/customerhome';
$aPData["display_logingreeting"] = false;
if (isset($_GET["login"]) && $_GET["login"]) {
$aPData["display_logingreeting"] = true;
}
if (isset($_GET["editprofile"])) {
$sErr = '';
if (isset($_POST["doEdit"]) && $_POST["doEdit"] == 'yes') {
$sql = 'SELECT ' . DB_ADDRESSFIELDS . ' FROM customer WHERE cust_id != :id AND cust_email = :email';
$sEmail = filter_var(trim(Tools::getFormfield("email")), FILTER_SANITIZE_EMAIL);
$hResult = $this->db->prepare($sql);
$hResult->bindValue(':id', $_SESSION["user"]['cust_id'], \PDO::PARAM_INT);
$hResult->bindValue(':email', $sEmail, \PDO::PARAM_STR);
$hResult->execute();
$iRows = $hResult->rowCount();
if ($iRows == 1) {
$sErr .= $this->textcats->T("userprofile_emailalreadyinuse") . '<br>';
}
$sErr = CHelper::validateCustomerForm(HelperConfig::$lang, $sErr, true);
if ($sErr == '') {
if (HelperConfig::$customer["allow_edituserprofile"]) {
$aData = ['cust_corp' => filter_var(trim(Tools::getFormfield("corpname")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_name' => filter_var(trim(Tools::getFormfield("name")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_street' => filter_var(trim(Tools::getFormfield("street")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_zip' => filter_var(trim(Tools::getFormfield("zip")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_town' => filter_var(trim(Tools::getFormfield("town")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_phone' => filter_var(trim(Tools::getFormfield("phone")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_cellphone' => filter_var(trim(Tools::getFormfield("cellphone")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_fax' => filter_var(trim(Tools::getFormfield("fax")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW), 'cust_country' => filter_var(trim(Tools::getFormfield("country")), FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW)];
}
if (isset($_POST["pwd"]) && $_POST["pwd"] != '') {
$aData['cust_password'] = password_hash($_POST["pwd"], PASSWORD_DEFAULT);
$aPData["infopasswordchanged"] = true;
}
$aData['cust_id'] = $_SESSION["user"]['cust_id'];
if (count($aData) > 1) {
$sql = \HaaseIT\DBTools::buildPSUpdateQuery($aData, 'customer', 'cust_id');
$hResult = $this->db->prepare($sql);
foreach ($aData as $sKey => $sValue) {
$hResult->bindValue(':' . $sKey, $sValue);
}
$hResult->execute();
$aPData["infochangessaved"] = true;
} else {
$aPData["infonothingchanged"] = true;
}
}
}
$this->P->cb_customdata["customerform"] = CHelper::buildCustomerForm(HelperConfig::$lang, 'editprofile', $sErr);
//if (HelperConfig::$customer["allow_edituserprofile"]) $P["lang"]["cl_html"] .= '<br>'.$this->textcats->T("userprofile_infoeditemail"); // Future implementation
} else {
$this->P->cb_customdata["customerform"] = CHelper::buildCustomerForm(HelperConfig::$lang, 'userhome');
}
$aPData["showprofilelinks"] = false;
if (!isset($_GET["editprofile"])) {
$aPData["showprofilelinks"] = true;
}
if (isset($aPData) && count($aPData)) {
$this->P->cb_customdata["userhome"] = $aPData;
}
}
}
public function queryItemWhereClause($mItemIndex = '', $mItemno = '')
{
$sql = " WHERE ";
if ($mItemno != '') {
if (\is_array($mItemno)) {
$sItemno = "'" . \implode("','", \filter_var_array($mItemno, FILTER_SANITIZE_SPECIAL_CHARS)) . "'";
$sql .= 'item_base.itm_no IN (' . $sItemno . ')';
} else {
$sql .= 'item_base.itm_no = :itemno';
}
} elseif (isset($_REQUEST["searchtext"]) && \strlen($_REQUEST["searchtext"]) > 2) {
if (isset($_REQUEST["artnoexact"])) {
$sql .= 'item_base.itm_no = :searchtext';
} else {
$sql .= '(item_base.itm_no LIKE :searchtextwild1 OR itm_name LIKE :searchtextwild2';
$sql .= ' OR itml_name_override LIKE :searchtextwild3 OR itml_text1 LIKE :searchtextwild4';
$sql .= ' OR itml_text2 LIKE :searchtextwild5)';
}
} else {
if (is_array($mItemIndex)) {
$sql .= "(";
foreach ($mItemIndex as $sAIndex) {
$sql .= "itm_index LIKE '%" . filter_var($sAIndex, FILTER_SANITIZE_SPECIAL_CHARS) . "%' OR ";
}
$sql = \HaaseIT\Tools::cutStringend($sql, 4);
$sql .= ")";
} else {
$sql .= "itm_index LIKE '%" . filter_var($mItemIndex, FILTER_SANITIZE_SPECIAL_CHARS) . "%'";
}
}
$sql .= ' AND itm_index NOT LIKE \'%!%\' AND itm_index NOT LIKE \'%AL%\'';
return $sql;
}
/**
* @param $sReply
* @param array $aMore
*/
private function replyToCartUpdate($sReply, $aMore = [])
{
if (isset($_REQUEST["ajax"])) {
$aAR = ['cart' => $_SESSION["cart"], 'reply' => $sReply, 'cartsums' => \HaaseIT\HCSF\Shop\Helper::calculateCartItems($_SESSION["cart"]), 'currency' => HelperConfig::$shop["waehrungssymbol"], 'numberformat_decimals' => HelperConfig::$core['numberformat_decimals'], 'numberformat_decimal_point' => HelperConfig::$core['numberformat_decimal_point'], 'numberformat_thousands_seperator' => HelperConfig::$core['numberformat_thousands_seperator']];
if (count($aMore)) {
$aAR = array_merge($aAR, $aMore);
}
echo $this->serviceManager->get('twig')->render('shop/update-cart.twig', $aAR);
} else {
$aMSG["msg"] = $sReply;
if (count($aMore)) {
$aMSG = array_merge($aMSG, $aMore);
}
header('Location: ' . \HaaseIT\Tools::makeLinkHRefWithAddedGetVars($_SERVER["HTTP_REFERER"], $aMSG, true, false));
}
die;
}
/**
* @return string
*/
private function getNotification()
{
$return = '';
if (isset($this->get["msg"]) && trim($this->get["msg"]) != '') {
if ($this->get["msg"] == 'updated' && isset($this->get["cartkey"]) && isset($this->get["amount"]) || $this->get["msg"] == 'removed' && isset($this->get["cartkey"])) {
$return .= $this->textcats->T("shoppingcart_msg_" . $this->get["msg"] . "_1") . ' ';
if (isset(HelperConfig::$shop["custom_order_fields"]) && mb_strpos($this->get["cartkey"], '|') !== false) {
$mCartkeys = explode('|', $this->get["cartkey"]);
foreach ($mCartkeys as $sKey => $sValue) {
if ($sKey == 0) {
$return .= $sValue . ', ';
} else {
$TMP = explode(':', $sValue);
$return .= $this->textcats->T("shoppingcart_item_" . $TMP[0]) . ' ' . $TMP[1] . ', ';
unset($TMP);
}
}
$return = Tools::cutStringend($return, 2);
} else {
$return .= $this->get["cartkey"];
}
$return .= ' ' . $this->textcats->T("shoppingcart_msg_" . $this->get["msg"] . "_2");
if ($this->get["msg"] == 'updated') {
$return .= ' ' . $this->get["amount"];
}
$return .= '<br><br>';
}
}
return $return;
}
public static function buildCustomerForm($sLang, $sPurpose = 'none', $sErr = '', $aUserData = false)
{
$sDefaultCountry = self::getCustomerFormDefaultValue('cust_country', "country", $aUserData);
// Purposes: shoppingcart, userhome, shopadmin, editprofile, register
// fv = field_value, fr = field_required
$aData = ['purpose' => $sPurpose, 'errormessage' => $sErr, 'readonlycustno' => $sPurpose == 'shopadmin' ? true : false, 'readonly' => $sPurpose == 'shopadmin' || $sPurpose == 'userhome' || $sPurpose == 'editprofile' && !HelperConfig::$customer["allow_edituserprofile"] || $sPurpose == 'shoppingcart' && self::getUserData() ? true : false, 'fv_custno' => Tools::getFormfield('custno', self::getCustomerFormDefaultValue('cust_no', "custno", $aUserData), true), 'fv_email' => Tools::getFormfield('email', self::getCustomerFormDefaultValue('cust_email', "email", $aUserData), true), 'fv_corpname' => Tools::getFormfield('corpname', self::getCustomerFormDefaultValue('cust_corp', "corpname", $aUserData), true), 'fr_corpname' => HelperConfig::$customer["validate_corpname"], 'fv_name' => Tools::getFormfield('name', self::getCustomerFormDefaultValue('cust_name', "name", $aUserData), true), 'fr_name' => HelperConfig::$customer["validate_name"], 'fv_street' => Tools::getFormfield('street', self::getCustomerFormDefaultValue('cust_street', "street", $aUserData), true), 'fr_street' => HelperConfig::$customer["validate_street"], 'fv_zip' => Tools::getFormfield('zip', self::getCustomerFormDefaultValue('cust_zip', "zip", $aUserData), true), 'fr_zip' => HelperConfig::$customer["validate_zip"], 'fv_town' => Tools::getFormfield('town', self::getCustomerFormDefaultValue('cust_town', "town", $aUserData), true), 'fr_town' => HelperConfig::$customer["validate_town"], 'fv_phone' => Tools::getFormfield('phone', self::getCustomerFormDefaultValue('cust_phone', "phone", $aUserData), true), 'fr_phone' => HelperConfig::$customer["validate_phone"], 'fv_cellphone' => Tools::getFormfield('cellphone', self::getCustomerFormDefaultValue('cust_cellphone', "cellphone", $aUserData), true), 'fr_cellphone' => HelperConfig::$customer["validate_cellphone"], 'fv_fax' => Tools::getFormfield('fax', self::getCustomerFormDefaultValue('cust_fax', "fax", $aUserData), true), 'fr_fax' => HelperConfig::$customer["validate_fax"], 'fv_country' => Tools::getFormfield('country', $sDefaultCountry ? $sDefaultCountry : self::getDefaultCountryByConfig($sLang), true), 'fr_country' => HelperConfig::$customer["validate_country"]];
if ($sPurpose == 'admin') {
$aData["fv_custgroups"] = HelperConfig::$customer["customer_groups"];
$aData["fv_custgroup_selected"] = Tools::getFormfield('custgroup', self::getUserData('cust_group', $aUserData), true);
} elseif ($sPurpose == 'shopadmin') {
$aData["fv_custgroup"] = '';
if (isset(HelperConfig::$customer["customer_groups"][self::getUserData('cust_group', $aUserData)])) {
$aData["fv_custgroup"] = HelperConfig::$customer["customer_groups"][self::getUserData('cust_group', $aUserData)];
}
}
if ($sPurpose == 'admin' || $sPurpose == 'register' || $sPurpose == 'editprofile') {
$aData["fv_pwd"] = $sPurpose == 'admin' || $sPurpose == 'editprofile' ? '' : Tools::getFormfield('pwd', '');
$aData["fv_pwdc"] = $sPurpose == 'admin' || $sPurpose == 'editprofile' ? '' : Tools::getFormfield('pwdc', '');
}
if ($sPurpose == 'shoppingcart') {
$sRememberedRemarks = '';
if (isset($_SESSION["formsave_addrform"]["remarks"])) {
$sRememberedRemarks = $_SESSION["formsave_addrform"]["remarks"];
}
$aData["fv_remarks"] = Tools::getFormfield('remarks', $sRememberedRemarks, true);
}
if ($sPurpose == 'shoppingcart' || $sPurpose == 'register') {
if (!self::getUserData()) {
$aData["fv_tos"] = Tools::getCheckbox('tos', 'y');
$aData["fv_cancellationdisclaimer"] = Tools::getCheckbox('cancellationdisclaimer', 'y');
}
}
if ($sPurpose == 'shoppingcart') {
$aData["fv_paymentmethods"] = HelperConfig::$shop["paymentmethods"];
$aData["fv_paymentmethod"] = Tools::getFormfield('paymentmethod', '');
}
if ($sPurpose == 'admin') {
$aData["fv_active"] = self::getUserData('cust_active', $aUserData) == 'y' ? true : false;
$aData["fv_emailverified"] = self::getUserData('cust_emailverified', $aUserData) == 'y' ? true : false;
}
return $aData;
}
/**
* @param $aItemdata
* @return array
*/
private function admin_prepareItem($aItemdata)
{
$aData = ['form' => ['action' => Tools::makeLinkHRefWithAddedGetVars('/_admin/itemadmin.html', ['action' => 'showitem', 'itemno' => $aItemdata["base"]['itm_no']])], 'id' => $aItemdata["base"]['itm_id'], 'itemno' => $aItemdata["base"]['itm_no'], 'name' => $aItemdata["base"]['itm_name'], 'img' => $aItemdata["base"]['itm_img'], 'price' => $aItemdata["base"]['itm_price'], 'vatid' => $aItemdata["base"]['itm_vatid'], 'rg' => $aItemdata["base"]['itm_rg'], 'index' => $aItemdata["base"]['itm_index'], 'prio' => $aItemdata["base"]['itm_order'], 'group' => $aItemdata["base"]['itm_group'], 'data' => $aItemdata["base"]['itm_data'], 'weight' => $aItemdata["base"]['itm_weight']];
if (!HelperConfig::$shop["vat_disable"]) {
$aOptions[] = '|';
foreach (HelperConfig::$shop["vat"] as $sKey => $sValue) {
$aOptions[] = $sKey . '|' . $sValue;
}
$aData["vatoptions"] = $aOptions;
unset($aOptions);
}
$aData["rgoptions"][] = '';
foreach (HelperConfig::$shop["rebate_groups"] as $sKey => $aValue) {
$aData["rgoptions"][] = $sKey;
}
$aGroups = $this->admin_getItemgroups('');
$aData["groupoptions"][] = '';
foreach ($aGroups as $aValue) {
$aData["groupoptions"][] = $aValue['itmg_id'] . '|' . $aValue['itmg_no'] . ' - ' . $aValue['itmg_name'];
}
unset($aGroups);
if (isset($aItemdata["text"])) {
$aData["lang"] = ['textid' => $aItemdata["text"]['itml_id'], 'nameoverride' => $aItemdata["text"]['itml_name_override'], 'text1' => $aItemdata["text"]['itml_text1'], 'text2' => $aItemdata["text"]['itml_text2']];
}
return $aData;
}
/**
*
*/
public function preparePage()
{
$this->P = new \HaaseIT\HCSF\CorePage($this->serviceManager);
$this->P->cb_pagetype = 'content';
$sLogData = '';
$iId = \filter_input(INPUT_POST, 'custom', FILTER_SANITIZE_NUMBER_INT);
$sql = 'SELECT * FROM orders WHERE o_id = ' . $iId . ' AND o_paymentmethod' . " = 'paypal' AND o_paymentcompleted = 'n'";
$hResult = $this->db->query($sql);
if ($hResult->rowCount() == 1) {
$aOrder = $hResult->fetch();
$fGesamtbrutto = \HaaseIT\HCSF\Shop\Helper::calculateTotalFromDB($aOrder);
$postdata = '';
foreach ($_POST as $i => $v) {
$postdata .= $i . '=' . urlencode($v) . '&';
}
$postdata .= 'cmd=_notify-validate';
$web = parse_url(HelperConfig::$shop["paypal"]["url"]);
if ($web['scheme'] == 'https') {
$web['port'] = 443;
$ssl = 'ssl://';
} else {
$web['port'] = 80;
$ssl = '';
}
$fp = @fsockopen($ssl . $web['host'], $web['port'], $errnum, $errstr, 30);
if ($fp) {
fputs($fp, "POST " . $web['path'] . " HTTP/1.1\r\n");
fputs($fp, "Host: " . $web['host'] . "\r\n");
fputs($fp, "Content-type: application/x-www-form-urlencoded\r\n");
fputs($fp, "Content-length: " . strlen($postdata) . "\r\n");
fputs($fp, "Connection: close\r\n\r\n");
fputs($fp, $postdata . "\r\n\r\n");
$info = [];
while (!feof($fp)) {
$info[] = @fgets($fp, 1024);
}
fclose($fp);
$info = implode(',', $info);
if (!(strpos($info, 'VERIFIED') === false)) {
$sLogData .= "-- new entry - " . date(HelperConfig::$core['locale_format_date_time']) . " --\n\n";
$sLogData .= "W00T!\n\n";
$sLogData .= \HaaseIT\Tools::debug($_REQUEST, '', true, true) . "\n\n";
// Check if the transaction id has been used before
$sTxn_idQ = 'SELECT o_paypal_tx FROM orders WHERE o_paypal_tx = :txn_id';
$hTxn_idResult = $this->db->prepare($sTxn_idQ);
$hTxn_idResult->bindValue(':txn_id', $_REQUEST["txn_id"]);
$hTxn_idResult->execute();
if ($hTxn_idResult->rowCount() == 0) {
if ($_REQUEST["mc_gross"] == number_format($fGesamtbrutto, 2, '.', '') && $_REQUEST["custom"] == $aOrder['o_id'] && $_REQUEST["payment_status"] == "Completed" && $_REQUEST["mc_currency"] == HelperConfig::$shop["paypal"]["currency_id"] && $_REQUEST["business"] == HelperConfig::$shop["paypal"]["business"]) {
$aTxnUpdateData = ['o_paypal_tx' => $_REQUEST["txn_id"], 'o_paymentcompleted' => 'y', 'o_id' => $iId];
$sql = \HaaseIT\DBTools::buildPSUpdateQuery($aTxnUpdateData, 'orders', 'o_id');
$hResult = $this->db->prepare($sql);
foreach ($aTxnUpdateData as $sKey => $sValue) {
$hResult->bindValue(':' . $sKey, $sValue);
}
$hResult->execute();
$sLogData .= "-- Alles ok. Zahlung erfolgreich. TXNID: " . $_REQUEST["txn_id"] . " --\n\n";
} else {
$sLogData .= "-- In my country we have problem; Problem is evaluation. Throw the data down the log!\n";
$sLogData .= "mc_gross: " . $_REQUEST["mc_gross"] . ' - number_format($fGesamtbrutto, 2, \'.\', \'\'): ' . number_format($fGesamtbrutto, 2, '.', '') . "\n";
$sLogData .= "custom: " . $_REQUEST["custom"] . ' - $aOrder[\'o_id\']: ' . $aOrder['o_id'] . "\n";
$sLogData .= "payment_status: " . $_REQUEST["payment_status"] . "\n";
$sLogData .= "mc_currency: " . $_REQUEST["mc_currency"] . ' - HelperConfig::$shop["paypal"]["currency_id"]: ' . HelperConfig::$shop["paypal"]["currency_id"] . "\n";
$sLogData .= "business: " . $_REQUEST["receiver_email"] . ' - HelperConfig::$shop["paypal"]["business"]: ' . HelperConfig::$shop["paypal"]["business"] . "\n\n";
}
} else {
// INVALID LOGGING ERROR
$sLogData .= "-- new entry - " . date(HelperConfig::$core['locale_format_date_time']) . " --\n\nPHAIL\n\n";
$sLogData .= "!!! JEMAND HAT EINE ALTE TXN_ID BENUTZT: " . $_REQUEST["txn_id"] . " !!!\n\n";
$sLogData .= "!!! INVALID !!!\n\n";
}
} else {
$sLogData .= "-- new entry - " . date(HelperConfig::$core['locale_format_date_time']) . " --\n\nPHAIL - Transaktion fehlgeschlagen. TXNID: " . $_REQUEST["txn_id"] . "\n" . $info . "\n\n";
}
$fp = fopen(PATH_LOGS . FILE_PAYPALLOG, 'a');
// Write $somecontent to our opened file.
fwrite($fp, $sLogData);
fclose($fp);
}
}
die;
}
}
echo $sMailcontent;
?>
</textarea>
<input type="hidden" name="action" value="send">
<br>
<input type="checkbox" name="preservenbsp" id="preservenbsp" value="yes"<?php
echo \HaaseIT\Tools::getCheckbox('preservenbsp', 'yes') ? ' checked' : '';
?>
><label for="preservenbsp">Preserve &nbsp;</label>
<?php
if (isset($C["premailer_enable"]) && $C["premailer_enable"]) {
?>
<br>
<input type="checkbox" name="usepremailer" id="usepremailer" value="yes"<?php
echo \HaaseIT\Tools::getCheckbox('usepremailer', 'yes') ? ' checked' : '';
?>
><label for="usepremailer">Use Premailer</label>
<?php
}
if ($bEmbImgAttachmentsExist) {
echo '<br><label for="embedimage">Embed these images:</label><br>';
$iSelectSize = count($sEmbImgAttachments);
if ($iSelectSize > 5) {
$iSelectSize = 5;
}
echo '<select name="EmbImg[]" id="embedimage" size="' . $iSelectSize . '" multiple="multiple">';
foreach ($sEmbImgAttachments as $sKey => $sValue) {
echo '<option value="' . $sKey . '"';
if (isset($_REQUEST["EmbImg"]) && in_array($sKey, $_REQUEST["EmbImg"])) {
echo ' selected';
/**
*
*/
private function handleOrderItems()
{
if (isset($_GET['clearorphanedorderitems'])) {
$this->db->exec('DELETE FROM orders_items WHERE oi_o_id NOT IN (SELECT o_id FROM orders)');
}
/** @var \PDOStatement $hResult */
$hResult = $this->db->query('SELECT * FROM orders_items WHERE oi_o_id NOT IN (SELECT o_id FROM orders)');
$this->P->cb_customdata['rows_orders_items'] = $hResult->rowCount();
if ($this->P->cb_customdata['rows_orders_items'] > 0) {
$aListSetting = [['title' => 'oi_id', 'key' => 'oi_id', 'width' => '8%', 'linked' => false], ['title' => 'oi_o_id', 'key' => 'oi_o_id', 'width' => '9%', 'linked' => false], ['title' => 'oi_cartkey', 'key' => 'oi_cartkey', 'width' => '13%', 'linked' => false], ['title' => 'oi_amount', 'key' => 'oi_amount', 'width' => '9%', 'linked' => false], ['title' => 'oi_vat', 'key' => 'oi_vat', 'width' => '8%', 'linked' => false], ['title' => 'oi_rg', 'key' => 'oi_rg', 'width' => '8%', 'linked' => false], ['title' => 'oi_rg_rebate', 'key' => 'oi_rg_rebate', 'width' => '9%', 'linked' => false], ['title' => 'oi_price_netto_list', 'key' => 'oi_price_netto_list', 'width' => '9%', 'linked' => false], ['title' => 'oi_price_netto_sale', 'key' => 'oi_price_netto_sale', 'width' => '9%', 'linked' => false], ['title' => 'oi_price_netto_rebated', 'key' => 'oi_price_netto_rebated', 'width' => '9%', 'linked' => false], ['title' => 'oi_price_brutto_use', 'key' => 'oi_price_brutto_use', 'width' => '9%', 'linked' => false]];
$aData = $hResult->fetchAll();
$this->P->cb_customdata['rows_orders_items_list'] = Tools::makeListtable($aListSetting, $aData, $this->twig);
}
}
/**
*
*/
public function preparePage()
{
$this->P = new \HaaseIT\HCSF\CorePage($this->serviceManager);
$this->P->cb_pagetype = 'content';
$this->P->cb_subnav = 'admin';
$this->P->cb_customcontenttemplate = 'pageadmin';
// adding language to page here
if (isset($_REQUEST["action"]) && $_REQUEST["action"] == 'insert_lang') {
$Ptoinsertlang = new UserPage($this->serviceManager, $_REQUEST["page_key"], true);
if ($Ptoinsertlang->cb_id != NULL && $Ptoinsertlang->oPayload->cl_id == NULL) {
$Ptoinsertlang->oPayload->insert($Ptoinsertlang->cb_id);
header('Location: /_admin/pageadmin.html?page_key=' . $Ptoinsertlang->cb_key . '&action=edit');
die;
} else {
die(HardcodedText::get('pageadmin_exception_couldnotinsertlang'));
}
}
if (!isset($this->get["action"])) {
$this->P->cb_customdata["pageselect"] = $this->showPageselect();
} elseif (($this->get["action"] == 'edit' || $this->get["action"] == 'delete') && isset($_REQUEST["page_key"]) && $_REQUEST["page_key"] != '') {
if ($this->get["action"] == 'delete' && isset($this->post["delete"]) && $this->post["delete"] == 'do') {
// delete and put message in customdata
$Ptodelete = new UserPage($this->serviceManager, $this->get["page_key"], true);
if ($Ptodelete->cb_id != NULL) {
$Ptodelete->remove();
} else {
die(HardcodedText::get('pageadmin_exception_pagetodeletenotfound'));
}
$this->P->cb_customdata["deleted"] = true;
} else {
// edit or update page
if (isset($_REQUEST["page_key"]) && ($Ptoedit = new UserPage($this->serviceManager, $_REQUEST["page_key"], true))) {
if (isset($_REQUEST["action_a"]) && $_REQUEST["action_a"] == 'true') {
if (HelperConfig::$core['pagetext_enable_purifier']) {
$purifier = \HaaseIT\HCSF\Helper::getPurifier('page');
} else {
$purifier = false;
}
$Ptoedit->cb_pagetype = $this->post['page_type'];
$Ptoedit->cb_group = $this->post['page_group'];
$Ptoedit->cb_pageconfig = $this->post['page_config'];
$Ptoedit->cb_subnav = $this->post['page_subnav'];
$Ptoedit->purifier = $purifier;
$Ptoedit->write();
if ($Ptoedit->oPayload->cl_id != NULL) {
$Ptoedit->oPayload->cl_html = $this->post['page_html'];
$Ptoedit->oPayload->cl_title = $this->post['page_title'];
$Ptoedit->oPayload->cl_description = $this->post['page_description'];
$Ptoedit->oPayload->cl_keywords = $this->post['page_keywords'];
$Ptoedit->oPayload->purifier = $purifier;
$Ptoedit->oPayload->write();
}
$Ptoedit = new UserPage($this->serviceManager, $_REQUEST["page_key"], true);
$this->P->cb_customdata["updated"] = true;
}
$this->P->cb_customdata["page"] = $Ptoedit;
$this->P->cb_customdata["admin_page_types"] = HelperConfig::$core["admin_page_types"];
$this->P->cb_customdata["admin_page_groups"] = HelperConfig::$core["admin_page_groups"];
$aOptions = [''];
foreach (HelperConfig::$navigation as $sKey => $aValue) {
if ($sKey == 'admin') {
continue;
}
$aOptions[] = $sKey;
}
$this->P->cb_customdata["subnavarea_options"] = $aOptions;
unset($aOptions);
// show archived versions of this page
if ($Ptoedit->oPayload->cl_id != NULL) {
/** @var \PDOStatement $hResult */
$hResult = $this->serviceManager->get('db')->query('SELECT * FROM content_lang_archive WHERE cl_id = ' . $Ptoedit->oPayload->cl_id . " AND cl_lang = '" . HelperConfig::$lang . "' ORDER BY cla_timestamp DESC");
$iArchivedRows = $hResult->rowCount();
if ($iArchivedRows > 0) {
$aListSetting = [['title' => 'cla_timestamp', 'key' => 'cla_timestamp', 'width' => '15%', 'linked' => false], ['title' => 'cl_html', 'key' => 'cl_html', 'width' => '40%', 'linked' => false, 'escapehtmlspecialchars' => true], ['title' => 'cl_keywords', 'key' => 'cl_keywords', 'width' => '15%', 'linked' => false, 'escapehtmlspecialchars' => true], ['title' => 'cl_description', 'key' => 'cl_description', 'width' => '15%', 'linked' => false, 'escapehtmlspecialchars' => true], ['title' => 'cl_title', 'key' => 'cl_title', 'width' => '15%', 'linked' => false, 'escapehtmlspecialchars' => true]];
$aData = $hResult->fetchAll();
$this->P->cb_customdata['archived_list'] = \HaaseIT\Tools::makeListtable($aListSetting, $aData, $this->serviceManager->get('twig'));
}
}
} else {
die(HardcodedText::get('pageadmin_exception_pagenotfound'));
}
}
} elseif ($this->get["action"] == 'addpage') {
$aErr = [];
if (isset($this->post["addpage"]) && $this->post["addpage"] == 'do') {
$sPagekeytoadd = \trim(\filter_input(INPUT_POST, 'pagekey', FILTER_SANITIZE_SPECIAL_CHARS));
if (mb_substr($sPagekeytoadd, 0, 2) == '/_') {
$aErr["reservedpath"] = true;
} elseif (strlen($sPagekeytoadd) < 4) {
$aErr["keytooshort"] = true;
} else {
$Ptoadd = new UserPage($this->serviceManager, $sPagekeytoadd, true);
if ($Ptoadd->cb_id == NULL) {
if ($Ptoadd->insert($sPagekeytoadd)) {
header('Location: /_admin/pageadmin.html?page_key=' . $sPagekeytoadd . '&action=edit');
die;
} else {
die(HardcodedText::get('pageadmin_exception_couldnotinsertpage'));
}
} else {
$aErr["keyalreadyinuse"] = true;
}
}
$this->P->cb_customdata["err"] = $aErr;
unset($aErr);
}
$this->P->cb_customdata["showaddform"] = true;
}
}
private static function getDebug($aP, $P)
{
if (!empty($_POST)) {
Tools::debug($_POST, '$_POST');
} elseif (!empty($_REQUEST)) {
Tools::debug($_REQUEST, '$_REQUEST');
}
if (!empty($_SESSION)) {
Tools::debug($_SESSION, '$_SESSION');
}
Tools::debug($aP, '$aP');
//Tools::debug($P, '$P');
}