protected function editOrderSaveAction()
{
if (empty($_POST['quoteSession'])) {
exit;
}
$quoteSession = $_POST['quoteSession'];
/** @var ISC_QUOTE */
$quote = getClass('ISC_ADMIN_ORDERS')->getQuoteSession($quoteSession);
if(!$quote) {
$this->sendEditOrderNoQuoteResponse('saveError');
}
try {
$quote->setCustomerMessage(Interspire_Request::post('customerMessage'));
$quote->setStaffNotes(Interspire_Request::post('staffNotes'));
$entity = new ISC_ENTITY_ORDER;
$currency = GetDefaultCurrency();
$order = array(
'ordcurrencyid' => $currency['currencyid'],
'ordcurrencyexchangerate' => $currency['currencyexchangerate'],
'ordipaddress' => getIp(),
'extraInfo' => array(),
'quote' => $quote,
);
$createAccount = false;
// process customer details to see if an account should be made
if (Interspire_Request::post('orderFor') == 'new') {
// this really needs to be split off into another method because it's done both at the front end checkout, in save billing, and in here! -ge
$password = '';
$confirmedPassword = '';
$email = '';
$accountFormFields = $GLOBALS['ISC_CLASS_FORM']->getFormFields(FORMFIELDS_FORM_ACCOUNT, true);
$accountCustomFields = array();
foreach($accountFormFields as $formFieldId => $formField) {
$formFieldPrivateId = $formField->record['formfieldprivateid'];
if (!$formFieldPrivateId) {
$accountCustomFields[$formFieldId] = $formField->getValue();
} else if($formFieldPrivateId == 'EmailAddress') {
$email = $formField->getValue();
} else if($formFieldPrivateId == 'Password') {
$password = $formField->getValue();
} else if($formFieldPrivateId == 'ConfirmPassword') {
$confirmedPassword = $formField->getValue();
}
}
// shouldn't reach this point with a valid email without all the details already being validated after step 1 > next, so go ahead and assign it to the order
if ($email) {
$createAccount = array(
'addresses' => array(),
'password' => $password,
'customFormFields' => $accountCustomFields,
);
foreach ($quote->getAllAddresses() as /** @var ISC_QUOTE_ADDRESS */$address) {
if (!$address->getSaveAddress()) {
continue;
}
$customerAddress = $address->getAsArray();
$customFields = $address->getCustomFields();
if (!empty($customFields)) {
$customerAddress['customFormFields'] = $customFields;
// Shipping fields need to be mapped back to billing so they can be stored
if ($address->getType() == ISC_QUOTE_ADDRESS::TYPE_SHIPPING) {
$newCustomFields = array();
$map = $GLOBALS['ISC_CLASS_FORM']->mapAddressFieldList(FORMFIELDS_FORM_SHIPPING, array_keys($customFields));
foreach($map as $oldId => $newId) {
$newCustomFields[$newId] = $customFields[$oldId];
}
$customerAddress['customFormFields'] = $newCustomFields;
}
}
$createAccount['addresses'][] = $customerAddress;
}
}
}
if ($quote->getOrderId()) {
$editing = true;
$adding = false;
$orderId = $quote->getOrderId();
$existingOrder = $entity->get($orderId);
if ($existingOrder['deleted']) {
// don't allow saving changes for a deleted order
$errors[] = GetLang('EditDeletedOrderError');
} else {
$order['orderid'] = $orderId;
if (!$entity->edit($order)) {
$errors[] = $entity->getError();
}
}
} else {
$editing = false;
$adding = true;
$order['orderpaymentmodule'] = '';
$orderId = $entity->add($order);
if ($orderId) {
$quote->setOrderId($orderId);
} else {
$errors[] = $entity->getError();
}
}
if (!empty($errors)) {
$this->sendEditOrderResponse(array(
'errors' => $errors,
'stateTransition' => 'saveError',
));
}
// retrieve the created/edited order record
$order = GetOrder($orderId);
if ($createAccount) {
// this function doesn't return anything for error testing
createOrderCustomerAccount($order, $createAccount);
}
// Process a payment
$paymentMethod = Interspire_Request::post('paymentMethod');
$providerSuccess = false;
// Retrieve the payment method details
$paymentFields = Interspire_Request::post('paymentField');
if (!empty($paymentFields[$paymentMethod])) {
$paymentFields = $paymentFields[$paymentMethod];
}
else {
$paymentFields = array();
}
if ($quote->getGrandTotalWithStoreCredit() > 0 && ($adding || empty($order['ordpaymentstatus']) || empty($order['orderpaymentmodule'])) && !empty($paymentMethod)) {
$gatewayAmount = $quote->getGrandTotalWithStoreCredit();
$provider = null;
// was a custom payment specified?
if ($paymentMethod == 'custom') {
$paymentMethodName = $paymentFields['custom_name'];
$providerSuccess = true;
}
// actual payment module
else {
GetModuleById('checkout', $provider, $paymentMethod);
if(is_object($provider)) {
$paymentMethodName = $provider->GetDisplayName();
if (method_exists($provider, 'ProcessManualPayment')) {
// set the order token as required by various payment methods
ISC_SetCookie('SHOP_ORDER_TOKEN', $order['ordtoken'], time() + (3600*24), true);
// make the token immediately available
$_COOKIE['SHOP_ORDER_TOKEN'] = $order['ordtoken'];
// process the payment
$result = $provider->ProcessManualPayment($order, $paymentFields);
if ($result['result']) {
$providerSuccess = true;
$gatewayAmount = $result['amount'];
FlashMessage(GetLang('OrderPaymentSuccess', array('amount' => FormatPrice($gatewayAmount), 'orderId' => $orderId, 'provider' => $paymentMethodName)), MSG_SUCCESS);
}
else {
$errors[] = GetLang('OrderPaymentFail', array('orderId' => $orderId, 'provider' => $paymentMethodName, 'reason' => $result['message']));
}
}
else {
// all manual/offline methods will always be successfull
$providerSuccess = true;
}
}
else {
// failed to get a payment module
}
}
// if the grand total after minus the coupon,etc is 0 and it's adding order also the payment method is custom.
} else if ($quote->getGrandTotalWithStoreCredit() == 0 && ($adding || empty($order['ordpaymentstatus']) || empty($order['orderpaymentmodule'])) && $paymentMethod == 'custom') {
$paymentMethodName = $paymentFields['custom_name'];
$providerSuccess = true;
}
// was payment successfull?
if ($providerSuccess) {
// record payment info for the order
$updatedOrder = array(
'orderpaymentmethod' => $paymentMethodName,
'orderpaymentmodule' => $paymentMethod,
);
$this->db->UpdateQuery("orders", $updatedOrder, "orderid = " . $orderId);
// set appropriate status for the order
if ($quote->isDigital()) {
$newStatus = ORDER_STATUS_COMPLETED;
}
else {
$newStatus = ORDER_STATUS_AWAITING_FULFILLMENT;
}
UpdateOrderStatus($orderId, $newStatus, false);
// email invoice
if (Interspire_Request::post('emailInvoiceToCustomer')) {
EmailInvoiceToCustomer($orderId);
}
}
if (!empty($errors)) {
$response = array(
'errors' => $errors,
'stateTransition' => 'saveError',
);
}
else {
if ($editing) {
FlashMessage(GetLang('OrderUpdated', array('orderId' => $orderId)), MSG_SUCCESS);
} else {
FlashMessage(GetLang('OrderCreated', array('orderId' => $orderId)), MSG_SUCCESS);
}
$response = array(
'stateTransition' => 'saveOk',
);
// remove quote object from session after successful save and successful payment
getClass('ISC_ADMIN_ORDERS')->deleteQuoteSession($quoteSession);
}
if ($adding) {
$response['updateOrderId'] = $orderId;
}
$this->sendEditOrderResponse($response);
} catch (ISC_QUOTE_EXCEPTION $exception) {
$this->sendEditOrderResponse(array(
'stateTransition' => 'saveError',
'errors' => array(
$exception->getMessage(),
),
));
}
}
/**
* This method marks orders as deleted using ISC_ENTITY_ORDER::delete
*
* @return void
*/
protected function DeleteOrders ()
{
// final permission checks
$canManage = $this->auth->HasPermission(AUTH_Manage_Orders);
$canDelete = $this->auth->HasPermission(AUTH_Delete_Orders);
if (!$canDelete) {
if ($canManage) {
$this->ManageOrders(GetLang('Unauthorized'), MSG_ERROR);
return;
}
$this->engine->DoHomePage(GetLang('Unauthorized'), MSG_ERROR);
return;
}
// input validation
$orderIds = array();
if (isset($_POST['orders']) && is_array($_POST['orders']) && !empty($_POST['orders'])) {
$orderIds = array_map('intval', $_POST['orders']);
}
if (empty($orderIds)) {
if ($canManage) {
$this->ManageOrders();
return;
}
$this->engine->DoHomePage();
return;
}
// do the order delete
$GLOBALS['ISC_CLASS_LOG']->LogAdminAction(count($orderIds));
// determine which delete method to use based on store settings
$deleteMethod = 'delete';
if (GetConfig('DeletedOrdersAction') == 'purge') {
$deleteMethod = 'purge';
}
$entity = new ISC_ENTITY_ORDER;
foreach ($orderIds as $orderId) {
if (!$entity->$deleteMethod($orderId)) {
if ($canManage) {
$this->ManageOrders($entity->getError(), MSG_ERROR);
return;
}
$this->engine->DoHomePage($entity->getError(), MSG_ERROR);
return;
}
}
$message = GetLang('OrdersDeletedSuccessfully');
if ($canManage) {
$this->ManageOrders($message, MSG_SUCCESS);
return;
}
$this->engine->DoHomePage($message, MSG_SUCCESS);
}
