protected function editOrderSaveAction() { if (empty($_POST['quoteSession'])) { exit; } $quoteSession = $_POST['quoteSession']; /** @var ISC_QUOTE */ $quote = getClass('ISC_ADMIN_ORDERS')->getQuoteSession($quoteSession); if(!$quote) { $this->sendEditOrderNoQuoteResponse('saveError'); } try { $quote->setCustomerMessage(Interspire_Request::post('customerMessage')); $quote->setStaffNotes(Interspire_Request::post('staffNotes')); $entity = new ISC_ENTITY_ORDER; $currency = GetDefaultCurrency(); $order = array( 'ordcurrencyid' => $currency['currencyid'], 'ordcurrencyexchangerate' => $currency['currencyexchangerate'], 'ordipaddress' => getIp(), 'extraInfo' => array(), 'quote' => $quote, ); $createAccount = false; // process customer details to see if an account should be made if (Interspire_Request::post('orderFor') == 'new') { // this really needs to be split off into another method because it's done both at the front end checkout, in save billing, and in here! -ge $password = ''; $confirmedPassword = ''; $email = ''; $accountFormFields = $GLOBALS['ISC_CLASS_FORM']->getFormFields(FORMFIELDS_FORM_ACCOUNT, true); $accountCustomFields = array(); foreach($accountFormFields as $formFieldId => $formField) { $formFieldPrivateId = $formField->record['formfieldprivateid']; if (!$formFieldPrivateId) { $accountCustomFields[$formFieldId] = $formField->getValue(); } else if($formFieldPrivateId == 'EmailAddress') { $email = $formField->getValue(); } else if($formFieldPrivateId == 'Password') { $password = $formField->getValue(); } else if($formFieldPrivateId == 'ConfirmPassword') { $confirmedPassword = $formField->getValue(); } } // shouldn't reach this point with a valid email without all the details already being validated after step 1 > next, so go ahead and assign it to the order if ($email) { $createAccount = array( 'addresses' => array(), 'password' => $password, 'customFormFields' => $accountCustomFields, ); foreach ($quote->getAllAddresses() as /** @var ISC_QUOTE_ADDRESS */$address) { if (!$address->getSaveAddress()) { continue; } $customerAddress = $address->getAsArray(); $customFields = $address->getCustomFields(); if (!empty($customFields)) { $customerAddress['customFormFields'] = $customFields; // Shipping fields need to be mapped back to billing so they can be stored if ($address->getType() == ISC_QUOTE_ADDRESS::TYPE_SHIPPING) { $newCustomFields = array(); $map = $GLOBALS['ISC_CLASS_FORM']->mapAddressFieldList(FORMFIELDS_FORM_SHIPPING, array_keys($customFields)); foreach($map as $oldId => $newId) { $newCustomFields[$newId] = $customFields[$oldId]; } $customerAddress['customFormFields'] = $newCustomFields; } } $createAccount['addresses'][] = $customerAddress; } } } if ($quote->getOrderId()) { $editing = true; $adding = false; $orderId = $quote->getOrderId(); $existingOrder = $entity->get($orderId); if ($existingOrder['deleted']) { // don't allow saving changes for a deleted order $errors[] = GetLang('EditDeletedOrderError'); } else { $order['orderid'] = $orderId; if (!$entity->edit($order)) { $errors[] = $entity->getError(); } } } else { $editing = false; $adding = true; $order['orderpaymentmodule'] = ''; $orderId = $entity->add($order); if ($orderId) { $quote->setOrderId($orderId); } else { $errors[] = $entity->getError(); } } if (!empty($errors)) { $this->sendEditOrderResponse(array( 'errors' => $errors, 'stateTransition' => 'saveError', )); } // retrieve the created/edited order record $order = GetOrder($orderId); if ($createAccount) { // this function doesn't return anything for error testing createOrderCustomerAccount($order, $createAccount); } // Process a payment $paymentMethod = Interspire_Request::post('paymentMethod'); $providerSuccess = false; // Retrieve the payment method details $paymentFields = Interspire_Request::post('paymentField'); if (!empty($paymentFields[$paymentMethod])) { $paymentFields = $paymentFields[$paymentMethod]; } else { $paymentFields = array(); } if ($quote->getGrandTotalWithStoreCredit() > 0 && ($adding || empty($order['ordpaymentstatus']) || empty($order['orderpaymentmodule'])) && !empty($paymentMethod)) { $gatewayAmount = $quote->getGrandTotalWithStoreCredit(); $provider = null; // was a custom payment specified? if ($paymentMethod == 'custom') { $paymentMethodName = $paymentFields['custom_name']; $providerSuccess = true; } // actual payment module else { GetModuleById('checkout', $provider, $paymentMethod); if(is_object($provider)) { $paymentMethodName = $provider->GetDisplayName(); if (method_exists($provider, 'ProcessManualPayment')) { // set the order token as required by various payment methods ISC_SetCookie('SHOP_ORDER_TOKEN', $order['ordtoken'], time() + (3600*24), true); // make the token immediately available $_COOKIE['SHOP_ORDER_TOKEN'] = $order['ordtoken']; // process the payment $result = $provider->ProcessManualPayment($order, $paymentFields); if ($result['result']) { $providerSuccess = true; $gatewayAmount = $result['amount']; FlashMessage(GetLang('OrderPaymentSuccess', array('amount' => FormatPrice($gatewayAmount), 'orderId' => $orderId, 'provider' => $paymentMethodName)), MSG_SUCCESS); } else { $errors[] = GetLang('OrderPaymentFail', array('orderId' => $orderId, 'provider' => $paymentMethodName, 'reason' => $result['message'])); } } else { // all manual/offline methods will always be successfull $providerSuccess = true; } } else { // failed to get a payment module } } // if the grand total after minus the coupon,etc is 0 and it's adding order also the payment method is custom. } else if ($quote->getGrandTotalWithStoreCredit() == 0 && ($adding || empty($order['ordpaymentstatus']) || empty($order['orderpaymentmodule'])) && $paymentMethod == 'custom') { $paymentMethodName = $paymentFields['custom_name']; $providerSuccess = true; } // was payment successfull? if ($providerSuccess) { // record payment info for the order $updatedOrder = array( 'orderpaymentmethod' => $paymentMethodName, 'orderpaymentmodule' => $paymentMethod, ); $this->db->UpdateQuery("orders", $updatedOrder, "orderid = " . $orderId); // set appropriate status for the order if ($quote->isDigital()) { $newStatus = ORDER_STATUS_COMPLETED; } else { $newStatus = ORDER_STATUS_AWAITING_FULFILLMENT; } UpdateOrderStatus($orderId, $newStatus, false); // email invoice if (Interspire_Request::post('emailInvoiceToCustomer')) { EmailInvoiceToCustomer($orderId); } } if (!empty($errors)) { $response = array( 'errors' => $errors, 'stateTransition' => 'saveError', ); } else { if ($editing) { FlashMessage(GetLang('OrderUpdated', array('orderId' => $orderId)), MSG_SUCCESS); } else { FlashMessage(GetLang('OrderCreated', array('orderId' => $orderId)), MSG_SUCCESS); } $response = array( 'stateTransition' => 'saveOk', ); // remove quote object from session after successful save and successful payment getClass('ISC_ADMIN_ORDERS')->deleteQuoteSession($quoteSession); } if ($adding) { $response['updateOrderId'] = $orderId; } $this->sendEditOrderResponse($response); } catch (ISC_QUOTE_EXCEPTION $exception) { $this->sendEditOrderResponse(array( 'stateTransition' => 'saveError', 'errors' => array( $exception->getMessage(), ), )); } }
/** * This method marks orders as deleted using ISC_ENTITY_ORDER::delete * * @return void */ protected function DeleteOrders () { // final permission checks $canManage = $this->auth->HasPermission(AUTH_Manage_Orders); $canDelete = $this->auth->HasPermission(AUTH_Delete_Orders); if (!$canDelete) { if ($canManage) { $this->ManageOrders(GetLang('Unauthorized'), MSG_ERROR); return; } $this->engine->DoHomePage(GetLang('Unauthorized'), MSG_ERROR); return; } // input validation $orderIds = array(); if (isset($_POST['orders']) && is_array($_POST['orders']) && !empty($_POST['orders'])) { $orderIds = array_map('intval', $_POST['orders']); } if (empty($orderIds)) { if ($canManage) { $this->ManageOrders(); return; } $this->engine->DoHomePage(); return; } // do the order delete $GLOBALS['ISC_CLASS_LOG']->LogAdminAction(count($orderIds)); // determine which delete method to use based on store settings $deleteMethod = 'delete'; if (GetConfig('DeletedOrdersAction') == 'purge') { $deleteMethod = 'purge'; } $entity = new ISC_ENTITY_ORDER; foreach ($orderIds as $orderId) { if (!$entity->$deleteMethod($orderId)) { if ($canManage) { $this->ManageOrders($entity->getError(), MSG_ERROR); return; } $this->engine->DoHomePage($entity->getError(), MSG_ERROR); return; } } $message = GetLang('OrdersDeletedSuccessfully'); if ($canManage) { $this->ManageOrders($message, MSG_SUCCESS); return; } $this->engine->DoHomePage($message, MSG_SUCCESS); }