public function pjActionSaveOrder()
{
$this->setAjax(true);
if ($this->isXHR()) {
$cart = $this->_get('cart');
$pjOrderModel = pjOrderModel::factory();
$STORAGE = $_SESSION[$this->defaultStore];
$FORM = $_SESSION[$this->defaultForm];
$data = array();
$data['status'] = $this->option_arr['o_booking_status'];
$data['price'] = $this->_get('price');
$data['price_delivery'] = $this->_get('delivery');
$data['discount'] = $this->_get('discount');
$data['subtotal'] = $this->_get('subtotal');
$data['tax'] = $this->_get('tax');
$data['total'] = $this->_get('total');
$data['uuid'] = time();
$data['ip'] = $_SERVER['REMOTE_ADDR'];
$data['user_id'] = $this->_get('user_id');
$data['location_id'] = $this->_get('p_location_id');
switch ($this->_get('type')) {
case 'pickup':
$data['p_dt'] = pjUtil::formatDate($this->_get('p_date'), $this->option_arr['o_date_format']) . " " . $this->_get('p_hour') . ":" . $this->_get('p_minute') . ":00";
unset($STORAGE['d_address_1']);
unset($STORAGE['d_address_2']);
unset($STORAGE['d_country_id']);
unset($STORAGE['d_state']);
unset($STORAGE['d_city']);
unset($STORAGE['d_zip']);
unset($STORAGE['d_notes']);
unset($STORAGE['d_date']);
unset($STORAGE['d_hour']);
unset($STORAGE['d_minute']);
break;
case 'delivery':
$data['d_dt'] = pjUtil::formatDate($this->_get('d_date'), $this->option_arr['o_date_format']) . " " . $this->_get('d_hour') . ":" . $this->_get('d_minute') . ":00";
unset($STORAGE['p_date']);
unset($STORAGE['p_hour']);
unset($STORAGE['p_minute']);
break;
}
unset($STORAGE['cart']);
unset($STORAGE['subtotal']);
unset($STORAGE['total']);
unset($STORAGE['delivery']);
$payment = 'none';
if (isset($FORM['payment_method'])) {
if ($FORM['payment_method'] == 'creditcard') {
$data['cc_exp'] = $FORM['cc_exp_month'] . "/" . $FORM['cc_exp_year'];
} else {
unset($FORM['cc_type']);
unset($FORM['cc_num']);
unset($FORM['cc_exp_month']);
unset($FORM['cc_exp_year']);
unset($FORM['cc_code']);
}
$payment = $FORM['payment_method'];
}
$is_new_client = false;
$update_client = false;
$pjClientModel = pjClientModel::factory();
$data['client_id'] = ':NULL';
if ($this->isFrontLogged()) {
$cnt = $pjClientModel->where('t1.id', $this->getClientId())->findCount()->getData();
if ($cnt == 0) {
$is_new_client = true;
} else {
$update_client = true;
}
} else {
$is_new_client = true;
}
if ($is_new_client == true) {
$c_data = array();
$c_data['status'] = 'T';
$c_data['user_id'] = $this->_get('user_id');
$c_data['c_password'] = pjUtil::getRandomPassword(6);
$c_data = array_merge($FORM, $c_data);
$client_id = $pjClientModel->reset()->setAttributes($c_data)->insert()->getInsertId();
if ($client_id !== false && (int) $client_id > 0) {
$data['client_id'] = $client_id;
if ($this->isFrontLogged()) {
$client = $pjClientModel->reset()->find($client_id)->getData();
unset($_SESSION[$this->defaultClient]);
$_SESSION[$this->defaultClient] = $client;
}
pjFront::pjActionConfirmSend($this->option_arr, $c_data, PJ_SALT, 'account');
}
}
if ($update_client == true) {
if (isset($FORM['update_address'])) {
$c_data = array();
if (isset($FORM['c_address_1'])) {
$c_data['c_address_1'] = $FORM['c_address_1'];
}
if (isset($FORM['c_address_2'])) {
$c_data['c_address_1'] = $FORM['c_address_1'];
}
if (isset($FORM['c_country'])) {
$c_data['c_country'] = $FORM['c_country'];
}
if (isset($FORM['c_state'])) {
$c_data['c_state'] = $FORM['c_state'];
}
if (isset($FORM['c_city'])) {
$c_data['c_city'] = $FORM['c_city'];
}
if (isset($FORM['c_zip'])) {
$c_data['c_zip'] = $FORM['c_zip'];
}
$pjClientModel->reset()->where('id', $this->getClientId())->limit(1)->modifyAll($c_data);
}
if (isset($FORM['update_details'])) {
$c_data = array();
if (isset($FORM['c_title'])) {
$c_data['c_title'] = $FORM['c_title'];
}
if (isset($FORM['c_name'])) {
$c_data['c_name'] = $FORM['c_name'];
}
if (isset($FORM['c_email'])) {
$c_data['c_email'] = $FORM['c_email'];
}
if (isset($FORM['c_phone'])) {
$c_data['c_phone'] = $FORM['c_phone'];
}
if (isset($FORM['c_company'])) {
$c_data['c_company'] = $FORM['c_company'];
}
if (isset($FORM['c_notes'])) {
$c_data['c_notes'] = $FORM['c_notes'];
}
$pjClientModel->reset()->where('id', $this->getClientId())->limit(1)->modifyAll($c_data);
}
$client = $pjClientModel->reset()->find($this->getClientId())->getData();
unset($_SESSION[$this->defaultClient]);
$_SESSION[$this->defaultClient] = $client;
$data['client_id'] = $this->getClientId();
}
$data = array_merge($STORAGE, $FORM, $data);
$order_id = $pjOrderModel->setAttributes($data)->insert()->getInsertId();
if ($order_id !== false && (int) $order_id > 0) {
$pjOrderItemModel = pjOrderItemModel::factory();
$pjProductPriceModel = pjProductPriceModel::factory();
$pjProductModel = pjProductModel::factory();
$pjExtraModel = pjExtraModel::factory();
foreach ($cart as $item) {
$price_id = ':NULL';
$price = 0;
if (!empty($item['price_id'])) {
$price_arr = $pjProductPriceModel->find($item['price_id'])->getData();
if ($price_arr) {
$price_id = $price_arr['id'];
$price = $price_arr['price'];
}
} else {
$price_arr = $pjProductModel->reset()->find($item['product_id'])->getData();
if (!empty($price_arr)) {
$price = $price_arr['price'];
}
}
$hash = md5(uniqid(rand(), true));
$oid = $pjOrderItemModel->reset()->setAttributes(array('order_id' => $order_id, 'foreign_id' => $item['product_id'], 'type' => 'product', 'price_id' => $price_id, 'price' => $price, 'hash' => $hash, 'cnt' => $item['cnt']))->insert();
foreach ($item['extras'] as $extra_id => $extra_cnt) {
if ($extra_cnt > 0) {
$extra_price = 0;
$extra_arr = $pjExtraModel->reset()->find($extra_id)->getData();
if (!empty($extra_arr) && !empty($extra_arr['price'])) {
$extra_price = $extra_arr['price'];
}
$pjOrderItemModel->reset()->setAttributes(array('order_id' => $order_id, 'foreign_id' => $extra_id, 'type' => 'extra', 'price_id' => ':NULL', 'price' => $extra_price, 'hash' => $hash, 'cnt' => $extra_cnt))->insert();
}
}
}
$order_arr = $pjOrderModel->reset()->join('pjClient', "t2.id=t1.client_id", 'left outer')->select('t1.*, t2.c_title, t2.c_email, t2.c_name, t2.c_phone, t2.c_company, t2.c_address_1, t2.c_address_2, t2.c_country, t2.c_state, t2.c_city, t2.c_zip, t2.c_notes')->find($order_id)->getData();
$pdata = array();
$pdata['order_id'] = $order_id;
$pdata['payment_method'] = $payment;
$pdata['payment_type'] = 'online';
$pdata['amount'] = $order_arr['total'];
$pdata['status'] = 'notpaid';
pjOrderPaymentModel::factory()->setAttributes($pdata)->insert();
pjAppController::addOrderDetails($order_arr, $this->getLocaleId());
pjFront::pjActionConfirmSend($this->option_arr, $order_arr, PJ_SALT, 'confirm');
unset($_SESSION[$this->defaultStore]);
unset($_SESSION[$this->defaultForm]);
unset($_SESSION[$this->defaultClient]);
//Redirect to Credit card payment url.
if ($payment == 'creditcard') {
$cardData = $_SESSION['cardData'];
$params = 'amount=' . base64_encode($cardData['total']) . '&oid=' . $cardData['clover_order_id'] . '&mid=' . $cardData['clover_mid'] . '&at=' . $cardData['clover_access_token'] . '&uid=' . base64_encode($cardData['o_user_id']) . '&mname=' . base64_encode($cardData['o_m_name']);
$url = PJ_INSTALL_URL . 'payment/creditcard.php?' . $params;
$json = array('code' => 200, 'text' => '', 'order_id' => $order_id, 'payment' => $payment, 'path' => $url);
} else {
$json = array('code' => 200, 'text' => '', 'order_id' => $order_id, 'payment' => $payment, 'path' => 'cash');
}
} else {
$json = array('code' => 100, 'text' => '');
}
pjAppController::jsonResponse($json);
}
}
public function pjActionCreate()
{
$this->checkLogin();
if ($this->isAdmin() || $this->isEditor()) {
if (isset($_POST['order_create'])) {
$pjOrderModel = pjOrderModel::factory();
$data = array();
$data['uuid'] = time();
$data['ip'] = pjUtil::getClientIp();
if (!isset($_POST['client_id']) || isset($_POST['client_id']) && $_POST['client_id'] == '') {
$c_data = array();
$c_data['c_title'] = isset($_POST['c_title']) ? $_POST['c_title'] : ':NULL';
$c_data['c_name'] = isset($_POST['c_name']) ? $_POST['c_name'] : ':NULL';
$c_data['c_email'] = isset($_POST['c_email']) ? $_POST['c_email'] : ':NULL';
$c_data['c_password'] = pjUtil::getRandomPassword(6);
$c_data['c_phone'] = isset($_POST['c_phone']) ? $_POST['c_phone'] : ':NULL';
$c_data['c_address_1'] = isset($_POST['c_address_1']) ? $_POST['c_address_1'] : ':NULL';
$c_data['c_address_2'] = isset($_POST['c_address_2']) ? $_POST['c_address_2'] : ':NULL';
$c_data['c_city'] = isset($_POST['c_city']) ? $_POST['c_city'] : ':NULL';
$c_data['c_state'] = isset($_POST['c_state']) ? $_POST['c_state'] : ':NULL';
$c_data['c_zip'] = isset($_POST['c_zip']) ? $_POST['c_zip'] : ':NULL';
$c_data['c_country'] = isset($_POST['c_country']) ? $_POST['c_country'] : ':NULL';
$c_data['status'] = 'T';
if ($c_data['c_email'] != ':NULL') {
$pjClientModel = pjClientModel::factory();
$client_id = $pjClientModel->setAttributes($c_data)->insert()->getInsertId();
if ($client_id !== false && (int) $client_id > 0) {
$data['client_id'] = $client_id;
$client_arr = $pjClientModel->reset()->find($client_id)->getData();
$tokens = pjAppController::getClientTokens($this->option_arr, $client_arr, PJ_SALT, $this->getLocaleId());
$pjMultiLangModel = pjMultiLangModel::factory();
$lang_message = $pjMultiLangModel->reset()->select('t1.*')->where('t1.model', 'pjOption')->where('t1.locale', $this->getLocaleId())->where('t1.field', 'o_email_account_message')->limit(0, 1)->findAll()->getData();
$lang_subject = $pjMultiLangModel->reset()->select('t1.*')->where('t1.model', 'pjOption')->where('t1.locale', $this->getLocaleId())->where('t1.field', 'o_email_account_subject')->limit(0, 1)->findAll()->getData();
if (count($lang_message) === 1 && count($lang_subject) === 1) {
$message = str_replace($tokens['search'], $tokens['replace'], $lang_message[0]['content']);
$Email = new pjEmail();
if ($this->option_arr['o_send_email'] == 'smtp') {
$Email->setTransport('smtp')->setSmtpHost($this->option_arr['o_smtp_host'])->setSmtpPort($this->option_arr['o_smtp_port'])->setSmtpUser($this->option_arr['o_smtp_user'])->setSmtpPass($this->option_arr['o_smtp_pass']);
}
$Email->setContentType('text/html');
$Email->setTo($c_data['c_email'])->setFrom($this->getAdminEmail())->setSubject($lang_subject[0]['content'])->send(pjUtil::textToHtml($message));
}
}
}
}
switch ($_POST['type']) {
case 'pickup':
if (!empty($_POST['p_dt'])) {
$date_time = $_POST['p_dt'];
if (count(explode(" ", $date_time)) == 3) {
list($_date, $_time, $_period) = explode(" ", $date_time);
$time = pjUtil::formatTime($_time . ' ' . $_period, $this->option_arr['o_time_format']);
} else {
list($_date, $_time) = explode(" ", $date_time);
$time = pjUtil::formatTime($_time, $this->option_arr['o_time_format']);
}
unset($_POST['p_dt']);
$data['p_dt'] = pjUtil::formatDate($_date, $this->option_arr['o_date_format']) . ' ' . $time;
}
if (isset($_POST['p_location_id']) && (int) $_POST['p_location_id'] > 0) {
$data['location_id'] = $_POST['p_location_id'];
}
break;
case 'delivery':
if (!empty($_POST['d_dt'])) {
$date_time = $_POST['d_dt'];
if (count(explode(" ", $date_time)) == 3) {
list($_date, $_time, $_period) = explode(" ", $date_time);
$time = pjUtil::formatTime($_time . ' ' . $_period, $this->option_arr['o_time_format']);
} else {
list($_date, $_time) = explode(" ", $date_time);
$time = pjUtil::formatTime($_time, $this->option_arr['o_time_format']);
}
unset($_POST['d_dt']);
$data['d_dt'] = pjUtil::formatDate($_date, $this->option_arr['o_date_format']) . ' ' . $time;
}
if (isset($_POST['d_location_id']) && (int) $_POST['d_location_id'] > 0) {
$data['location_id'] = $_POST['d_location_id'];
}
break;
}
if ($_POST['payment_method'] == 'creditcard') {
$data['cc_exp'] = $_POST['cc_exp_month'] . "/" . $_POST['cc_exp_year'];
}
$id = pjOrderModel::factory(array_merge($_POST, $data))->insert()->getInsertId();
if ($id !== false && (int) $id > 0) {
if (isset($_POST['product_id']) && count($_POST['product_id']) > 0) {
$pjOrderItemModel = pjOrderItemModel::factory();
$pjProductPriceModel = pjProductPriceModel::factory();
$pjProductModel = pjProductModel::factory();
$pjExtraModel = pjExtraModel::factory();
foreach ($_POST['product_id'] as $k => $pid) {
$product = $pjProductModel->reset()->find($pid)->getData();
if (strpos($k, 'new_') === 0) {
$price = 0;
$price_id = ":NULL";
if ($product['set_different_sizes'] == 'T') {
$price_id = $_POST['price_id'][$k];
$price_arr = $pjProductPriceModel->reset()->find($price_id)->getData();
if ($price_arr) {
$price = $price_arr['price'];
}
} else {
$price = $product['price'];
}
$hash = md5(uniqid(rand(), true));
$oid = $pjOrderItemModel->reset()->setAttributes(array('order_id' => $id, 'foreign_id' => $pid, 'type' => 'product', 'hash' => $hash, 'price_id' => $price_id, 'price' => $price, 'cnt' => $_POST['cnt'][$k]))->insert()->getInsertId();
if ($oid !== false && (int) $oid > 0) {
if (isset($_POST['extra_id']) && isset($_POST['extra_id'][$k])) {
foreach ($_POST['extra_id'][$k] as $i => $eid) {
$extra_price = 0;
$extra_arr = $pjExtraModel->reset()->find($eid)->getData();
if (!empty($extra_arr) && !empty($extra_arr['price'])) {
$extra_price = $extra_arr['price'];
}
$pjOrderItemModel->reset()->setAttributes(array('order_id' => $id, 'foreign_id' => $eid, 'type' => 'extra', 'hash' => $hash, 'price_id' => ':NULL', 'price' => $extra_price, 'cnt' => $_POST['extra_cnt'][$k][$i]))->insert();
}
}
}
}
}
}
$err = 'AR03';
} else {
$err = 'AR04';
}
pjUtil::redirect(PJ_INSTALL_URL . "index.php?controller=pjAdminOrders&action=pjActionIndex&err={$err}");
} else {
$country_arr = pjCountryModel::factory()->select('t1.id, t2.content AS country_title')->join('pjMultiLang', "t2.model='pjCountry' AND t2.foreign_id=t1.id AND t2.field='name' AND t2.locale='" . $this->getLocaleId() . "'", 'left outer')->orderBy('`country_title` ASC')->findAll()->getData();
$this->set('country_arr', $country_arr);
$product_arr = pjProductModel::factory()->join('pjMultiLang', "t2.foreign_id = t1.id AND t2.model = 'pjProduct' AND t2.locale = '" . $this->getLocaleId() . "' AND t2.field = 'name'", 'left')->select("t1.*, t2.content AS name")->orderBy("name ASC")->findAll()->getData();
$this->set('product_arr', $product_arr);
$location_arr = pjLocationModel::factory()->join('pjMultiLang', "t2.foreign_id = t1.id AND t2.model = 'pjLocation' AND t2.locale = '" . $this->getLocaleId() . "' AND t2.field = 'name'", 'left')->select("t1.*, t2.content AS name")->orderBy("name ASC")->findAll()->getData();
$this->set('location_arr', $location_arr);
$client_arr = pjClientModel::factory()->where('t1.status', 'T')->orderBy('t1.c_name ASC')->findAll()->getData();
$this->set('client_arr', $client_arr);
$this->appendJs('chosen.jquery.js', PJ_THIRD_PARTY_PATH . 'harvest/chosen/');
$this->appendCss('chosen.css', PJ_THIRD_PARTY_PATH . 'harvest/chosen/');
$this->appendJs('jquery-ui-sliderAccess.js', PJ_THIRD_PARTY_PATH . 'timepicker/');
$this->appendJs('jquery-ui-timepicker-addon.js', PJ_THIRD_PARTY_PATH . 'timepicker/');
$this->appendCss('jquery-ui-timepicker-addon.css', PJ_THIRD_PARTY_PATH . 'timepicker/');
$this->appendJs('jquery.validate.min.js', PJ_THIRD_PARTY_PATH . 'validate/');
$this->appendJs('pjAdminOrders.js');
}
} else {
$this->set('status', 2);
}
}
public function pjActionSetConfig()
{
$this->setAjax(true);
if ($this->isXHR()) {
if (!self::pjActionCheckConfig(false)) {
pjAppController::jsonResponse(array('code' => 107, 'text' => 'Product is already installed. If you need to re-install it empty app/config/config.inc.php file.'));
}
$resp = array();
$sample = 'app/config/config.sample.php';
$filename = 'app/config/config.inc.php';
ob_start();
readfile($sample);
$string = ob_get_contents();
ob_end_clean();
if ($string === FALSE) {
$resp['code'] = 100;
$resp['text'] = "An error occurs while reading 'app/config/config.sample.php'";
} else {
if (!self::pjActionCheckVars()) {
pjAppController::jsonResponse(array('status' => 'ERR', 'code' => 108, 'text' => 'Missing, empty or invalid parameters.'));
}
$string = str_replace('[hostname]', $_SESSION[$this->defaultInstaller]['hostname'], $string);
$string = str_replace('[username]', $_SESSION[$this->defaultInstaller]['username'], $string);
$string = str_replace('[password]', str_replace(array('$'), array('\\$'), $_SESSION[$this->defaultInstaller]['password']), $string);
$string = str_replace('[database]', $_SESSION[$this->defaultInstaller]['database'], $string);
$string = str_replace('[prefix]', $_SESSION[$this->defaultInstaller]['prefix'], $string);
$string = str_replace('[install_folder]', $_SESSION[$this->defaultInstaller]['install_folder'], $string);
$string = str_replace('[install_path]', $_SESSION[$this->defaultInstaller]['install_path'], $string);
$string = str_replace('[install_url]', $_SESSION[$this->defaultInstaller]['install_url'], $string);
$string = str_replace('[salt]', pjUtil::getRandomPassword(8), $string);
$Http = new pjHttp();
$Http->request(base64_decode("aHR0cDovL3N1cHBvcnQuc3RpdmFzb2Z0LmNvbS8=") . 'index.php?controller=Api&action=getInstall' . "&key=" . urlencode($_SESSION[$this->defaultInstaller]['license_key']) . "&modulo=" . urlencode(PJ_RSA_MODULO) . "&private=" . urlencode(PJ_RSA_PRIVATE) . "&server_name=" . urlencode($_SERVER['SERVER_NAME']));
$response = $Http->getResponse();
$output = unserialize($response);
if (isset($output['hash']) && isset($output['code']) && $output['code'] == 200) {
$string = str_replace('[pj_installation]', $output['hash'], $string);
if (is_writable($filename)) {
if (!($handle = @fopen($filename, 'wb'))) {
$resp['code'] = 103;
$resp['text'] = "'app/config/config.inc.php' open fails";
} else {
if (fwrite($handle, $string) === FALSE) {
$resp['code'] = 102;
$resp['text'] = "An error occurs while writing to 'app/config/config.inc.php'";
} else {
fclose($handle);
$resp['code'] = 200;
}
}
} else {
$resp['code'] = 101;
$resp['text'] = "'app/config/config.inc.php' do not exists or not writable";
}
} else {
$resp['code'] = 104;
$resp['text'] = "Security vulnerability detected";
}
}
pjAppController::jsonResponse($resp);
}
exit;
}
