예제 #1
0
         if (empty($_REQUEST['ship_to_another'])) {
             $profile_fields = fn_get_profile_fields('O');
             fn_fill_address($user_data, $profile_fields);
         }
         // Check if we need to send notification with new email to customer
         $email = db_get_field('SELECT email FROM ?:users WHERE user_id = ?i', $auth['user_id']);
         $send_notification = false;
         if (isset($user_data['email']) && $user_data['email'] != $email) {
             $send_notification = true;
         }
         list($user_id, $profile_id) = fn_update_user($auth['user_id'], $user_data, $auth, !empty($_REQUEST['ship_to_another']), $send_notification, false);
         $cart['profile_id'] = $profile_id;
     }
     // Add/Update additional fields
     if (!empty($user_data['fields'])) {
         fn_store_profile_fields($user_data, array('U' => $auth['user_id'], 'P' => $profile_id), 'UP');
         // FIXME
     }
 } elseif (Registry::get('settings.General.disable_anonymous_checkout') != 'Y') {
     if (empty($auth['user_id']) && !empty($user_data['email'])) {
         $email_exists = fn_is_user_exists(0, $user_data);
         if (!empty($email_exists)) {
             fn_set_notification('E', __('error'), __('error_user_exists'));
             fn_save_post_data('user_data');
             if (Registry::get('runtime.action') == 'guest_checkout') {
                 $_suffix = '.guest_checkout?edit_step=step_two';
             }
             return array(CONTROLLER_STATUS_REDIRECT, 'checkout.checkout' . $_suffix);
         }
     }
     if (isset($user_data['fields'])) {
예제 #2
0
/**
 * Update steps data handler
 *
 * @param  array $cart   Cart
 * @param  array $auth   Auth
 * @param  array $params Params
 * @return array
 */
function fn_checkout_update_steps(&$cart, &$auth, $params)
{
    $redirect_params = array();
    $user_data = !empty($params['user_data']) ? $params['user_data'] : array();
    unset($user_data['user_type']);
    if (!empty($auth['user_id'])) {
        if (isset($user_data['profile_id'])) {
            if (empty($user_data['profile_id'])) {
                $user_data['profile_type'] = 'S';
            }
            $profile_id = $user_data['profile_id'];
        } elseif (!empty($cart['profile_id'])) {
            $profile_id = $cart['profile_id'];
        } else {
            $profile_id = db_get_field("SELECT profile_id FROM ?:user_profiles WHERE user_id = ?i AND profile_type = 'P'", $auth['user_id']);
        }
        $user_data['user_id'] = $auth['user_id'];
        $current_user_data = fn_get_user_info($auth['user_id'], true, $profile_id);
        if ($profile_id != NULL) {
            $cart['profile_id'] = $profile_id;
        }
        $errors = false;
        // Update contact information
        if (($params['update_step'] == 'step_one' || $params['update_step'] == 'step_two') && !empty($user_data['email'])) {
            // Check email
            $email_exists = fn_is_user_exists($auth['user_id'], $user_data);
            if (!empty($email_exists)) {
                fn_set_notification('E', __('error'), __('error_user_exists'));
                $redirect_params['edit_step'] = $params['update_step'];
                $errors = true;
                $params['next_step'] = $params['update_step'];
            }
        }
        // Update billing/shipping information
        if ($params['update_step'] == 'step_two' || $params['update_step'] == 'step_one' && !$errors) {
            if (!empty($user_data)) {
                $user_data = fn_array_merge($current_user_data, $user_data);
                $user_data['user_type'] = !empty($current_user_data['user_type']) ? $current_user_data['user_type'] : AREA;
                $user_data = fn_fill_contact_info_from_address($user_data);
            }
            $user_data = fn_array_merge($current_user_data, $user_data);
            if (empty($params['ship_to_another'])) {
                $profile_fields = fn_get_profile_fields('O');
                fn_fill_address($user_data, $profile_fields);
            }
            // Check if we need to send notification with new email to customer
            $email = db_get_field('SELECT email FROM ?:users WHERE user_id = ?i', $auth['user_id']);
            $send_notification = false;
            if (isset($user_data['email']) && $user_data['email'] != $email) {
                $send_notification = true;
            }
            list($user_id, $profile_id) = fn_update_user($auth['user_id'], $user_data, $auth, !empty($params['ship_to_another']), $send_notification, false);
            $cart['profile_id'] = $profile_id;
        }
        // Add/Update additional fields
        if (!empty($user_data['fields'])) {
            fn_store_profile_fields($user_data, array('U' => $auth['user_id'], 'P' => $profile_id), 'UP');
            // FIXME
        }
    } elseif (Registry::get('settings.Checkout.disable_anonymous_checkout') != 'Y') {
        if (empty($auth['user_id']) && !empty($user_data['email'])) {
            $email_exists = fn_is_user_exists(0, $user_data);
            if (!empty($email_exists)) {
                fn_set_notification('E', __('error'), __('error_user_exists'));
                fn_save_post_data('user_data');
                if (!empty($params['guest_checkout'])) {
                    $redirect_params['edit_step'] = $params['step_two'];
                    $redirect_params['guest_checkout'] = 1;
                }
                return $redirect_params;
            }
        }
        if (isset($user_data['fields'])) {
            $fields = fn_array_merge(isset($cart['user_data']['fields']) ? $cart['user_data']['fields'] : array(), $user_data['fields']);
        }
        if ($params['update_step'] == 'step_two' && !empty($user_data)) {
            $user_data = fn_fill_contact_info_from_address($user_data);
        }
        $cart['user_data'] = fn_array_merge($cart['user_data'], $user_data);
        // Fill shipping info with billing if needed
        if (empty($params['ship_to_another']) && $params['update_step'] == 'step_two') {
            $profile_fields = fn_get_profile_fields('O');
            fn_fill_address($cart['user_data'], $profile_fields);
        }
        if (!empty($cart['user_data']['b_vat_id']) && !empty($cart['user_data']['b_country'])) {
            if (fn_check_vat_id($user_data['b_vat_id'], $cart['user_data']['b_country'])) {
                fn_set_notification('N', __('notice'), __('vat_id_number_is_valid'));
            } else {
                fn_set_notification('E', __('error'), __('vat_id_number_is_not_valid'));
                $cart['user_data']['b_vat_id'] = '';
                return $redirect_params;
            }
        } elseif (isset($user_data['b_vat_id'])) {
            $user_data['b_vat_id'] = '';
        }
    }
    if (!empty($params['next_step'])) {
        $redirect_params['edit_step'] = $params['next_step'];
    }
    if (!empty($params['shipping_ids'])) {
        fn_checkout_update_shipping($cart, $params['shipping_ids']);
    }
    if (!empty($params['payment_id'])) {
        $cart['payment_id'] = (int) $params['payment_id'];
        if (!empty($params['payment_info'])) {
            $cart['extra_payment_info'] = $params['payment_info'];
            if (!empty($cart['extra_payment_info']['card_number'])) {
                $cart['extra_payment_info']['secure_card_number'] = preg_replace('/^(.+?)([0-9]{4})$/i', '***-$2', $cart['extra_payment_info']['card_number']);
            }
        } else {
            unset($cart['extra_payment_info']);
        }
        fn_update_payment_surcharge($cart, $auth);
        fn_save_cart_content($cart, $auth['user_id']);
    }
    if (!empty($params['customer_notes'])) {
        $cart['notes'] = $params['customer_notes'];
    }
    // Recalculate the cart
    $cart['recalculate'] = true;
    if (!empty($params['next_step']) && ($params['next_step'] == 'step_three' || $params['next_step'] == 'step_four')) {
        $cart['calculate_shipping'] = true;
    }
    $shipping_calculation_type = Registry::get('settings.General.estimate_shipping_cost') == 'Y' || !empty($completed_steps['step_two']) ? 'A' : 'S';
    list($cart_products, $product_groups) = fn_calculate_cart_content($cart, $auth, $shipping_calculation_type, true, 'F');
    $shipping_hash = fn_get_shipping_hash($cart['product_groups']);
    if (!empty($_SESSION['shipping_hash']) && $_SESSION['shipping_hash'] != $shipping_hash && $params['next_step'] == 'step_four' && $cart['shipping_required']) {
        if (!empty($cart['chosen_shipping'])) {
            fn_set_notification('W', __('important'), __('text_shipping_rates_changed'));
        }
        $cart['chosen_shipping'] = array();
        $redirect_params['edit_step'] = 'step_three';
        return $redirect_params;
    }
    return $redirect_params;
}
예제 #3
0
/**
 * Updates profile data of registered user
 *
 * @param int $user_id User identifier
 * @param array $user_data Profile information
 * @param string $action Current action (Example: 'add')
 * @return int profile ID
 */
function fn_update_user_profile($user_id, $user_data, $action = '')
{
    /**
     * Modify profile data of registered user
     *
     * @param int    $user_id   User identifier
     * @param array  $user_data Profile information
     * @param string $action    Current action (Example: 'add')
     */
    fn_set_hook('update_user_profile_pre', $user_id, $user_data, $action);
    // Add new profile or update existing
    if (isset($user_data['profile_id']) && empty($user_data['profile_id']) || $action == 'add') {
        if ($action == 'add') {
            unset($user_data['profile_id']);
            $user_data['profile_type'] = 'P';
            $user_data['profile_name'] = empty($user_data['profile_name']) ? __('main') : $user_data['profile_name'];
        } else {
            $user_data['profile_type'] = 'S';
        }
        $user_data['profile_id'] = db_query("INSERT INTO ?:user_profiles ?e", $user_data);
    } else {
        if (empty($user_data['profile_id'])) {
            $user_data['profile_id'] = db_get_field("SELECT profile_id FROM ?:user_profiles WHERE user_id = ?i AND profile_type = 'P'", $user_id);
        }
        $is_exists = db_get_field('SELECT COUNT(*) FROM ?:user_profiles WHERE user_id = ?i AND profile_id = ?i', $user_id, $user_data['profile_id']);
        if ($is_exists) {
            db_query("UPDATE ?:user_profiles SET ?u WHERE profile_id = ?i", $user_data, $user_data['profile_id']);
        } else {
            return false;
        }
    }
    // Add/Update additional fields
    fn_store_profile_fields($user_data, array('U' => $user_id, 'P' => $user_data['profile_id']), 'UP');
    /**
     * Perform actions after user profile update
     *
     * @param int    $user_id   User identifier
     * @param array  $user_data Profile information
     * @param string $action    Current action (Example: 'add')
     */
    fn_set_hook('update_user_profile_post', $user_id, $user_data, $action);
    return $user_data['profile_id'];
}
예제 #4
0
function fn_update_order(&$cart, $order_id = 0)
{
    fn_set_hook('pre_update_order', $cart, $order_id);
    $cart['user_data'] = isset($cart['user_data']) ? $cart['user_data'] : array();
    $order = fn_array_merge($cart, $cart['user_data']);
    unset($order['user_data']);
    // filter hidden fields, which were hidden to checkout
    fn_filter_hidden_profile_fields($order, 'O');
    // If the contact information fields were disabled, fill the information from the billing/shipping
    Registry::get('settings.General.address_position') == 'billing_first' ? $address_zone = 'b' : ($address_zone = 's');
    if (!empty($order['firstname']) || !empty($order[$address_zone . '_firstname'])) {
        $order['firstname'] = empty($order['firstname']) && !empty($order[$address_zone . '_firstname']) ? $order[$address_zone . '_firstname'] : $order['firstname'];
    }
    if (!empty($order['lastname']) || !empty($order[$address_zone . '_lastname'])) {
        $order['lastname'] = empty($order['lastname']) && !empty($order[$address_zone . '_lastname']) ? $order[$address_zone . '_lastname'] : $order['lastname'];
    }
    if (!empty($order['phone']) || !empty($order[$address_zone . '_phone'])) {
        $order['phone'] = empty($order['phone']) && !empty($order[$address_zone . '_phone']) ? $order[$address_zone . '_phone'] : $order['phone'];
    }
    if (empty($order['profile_id'])) {
        $order['profile_id'] = 0;
    }
    if (!empty($cart['shipping'])) {
        $order['shipping_ids'] = fn_create_set(array_keys($cart['shipping']));
    }
    if (!empty($cart['payment_surcharge'])) {
        $cart['total'] += $cart['payment_surcharge'];
        $order['total'] = $cart['total'];
        if (fn_allowed_for('MULTIVENDOR')) {
            $cart['companies'] = fn_get_products_companies($cart['products']);
            $take_payment_surcharge_from_vendor = fn_take_payment_surcharge_from_vendor($cart['products']);
            if (Registry::get('settings.Vendors.include_payment_surcharge') == 'Y' && $take_payment_surcharge_from_vendor) {
                $cart['companies_count'] = count($cart['companies']);
                $cart['total'] -= $cart['payment_surcharge'];
                $order['total'] = $cart['total'];
            }
        }
    }
    if (empty($order_id)) {
        $ip = fn_get_ip();
        $order['ip_address'] = $ip['host'];
        $order['timestamp'] = TIME;
        $order['lang_code'] = CART_LANGUAGE;
        $order['company_id'] = 0;
        $order['status'] = STATUS_INCOMPLETED_ORDER;
        // incomplete by default to increase inventory
        $order_status = $order['status'];
        if (count($order['product_groups']) > 1 && !$order['parent_order_id']) {
            $order['is_parent_order'] = 'Y';
            $order['status'] = STATUS_PARENT_ORDER;
        } elseif (!empty($order['product_groups'][0]['company_id'])) {
            $order['is_parent_order'] = 'N';
            $order['company_id'] = $order['product_groups'][0]['company_id'];
        }
        if (fn_allowed_for('ULTIMATE')) {
            if (Registry::get('runtime.company_id') == 0) {
                fn_set_notification('E', __('error'), __('text_select_vendor'));
                return false;
            } else {
                $order['company_id'] = Registry::get('runtime.company_id');
            }
        }
        if (defined('CART_LOCALIZATION')) {
            $order['localization_id'] = CART_LOCALIZATION;
        }
        if (!empty($cart['rewrite_order_id'])) {
            $order['order_id'] = array_shift($cart['rewrite_order_id']);
        }
        $order['promotions'] = serialize(!empty($cart['promotions']) ? $cart['promotions'] : array());
        if (!empty($cart['promotions'])) {
            $order['promotion_ids'] = fn_create_set(array_keys($cart['promotions']));
        }
        //        foreach($order['product_groups'][0] as $k=>$y){
        //            var_dump($k);echo" ------ ";var_dump($y);echo"<br/><br/>==========================<br/><br/>";
        //        }
        //die();
        fn_set_hook('create_order', $order);
        $order_id = db_query("INSERT INTO ?:orders ?e", $order);
    } else {
        unset($order['order_id']);
        // We're editing existing order
        if (isset($cart['promotions'])) {
            $order['promotions'] = serialize($cart['promotions']);
            $order['promotion_ids'] = fn_create_set(array_keys($cart['promotions']));
        }
        $old_order = db_get_row("SELECT company_id, payment_id, status FROM ?:orders WHERE order_id = ?i", $order_id);
        $order['status'] = $old_order['status'];
        $order['company_id'] = $old_order['company_id'];
        $order_status = $order['status'];
        if (!empty($cart['payment_id']) && $cart['payment_id'] == $old_order['payment_id']) {
            $payment_info = db_get_field("SELECT data FROM ?:order_data WHERE order_id = ?i AND type = 'P'", $order_id);
            if (!empty($payment_info)) {
                $payment_info = unserialize(fn_decrypt_text($payment_info));
                $cart['payment_info'] = array_merge($payment_info, !empty($cart['payment_info']) ? $cart['payment_info'] : array());
            }
        }
        // incomplete the order to increase inventory amount.
        fn_change_order_status($order_id, STATUS_INCOMPLETED_ORDER, $old_order['status'], fn_get_notification_rules(array(), false));
        $order['status'] = STATUS_INCOMPLETED_ORDER;
        fn_set_hook('edit_place_order', $order_id);
        $profile_fields = db_get_hash_array("SELECT field_id, value FROM ?:profile_fields_data WHERE object_id = ?i AND object_type = 'O'", 'field_id', $order_id);
        foreach ($profile_fields as $k => $v) {
            if (!isset($cart['user_data']['fields'][$k])) {
                $cart['user_data']['fields'][$k] = $v['value'];
            }
        }
        fn_set_hook('update_order', $order, $order_id);
        db_query("UPDATE ?:orders SET ?u WHERE order_id = ?i", $order, $order_id);
        if (!empty($order['products'])) {
            db_query("DELETE FROM ?:order_details WHERE order_id = ?i", $order_id);
        }
    }
    fn_store_profile_fields($cart['user_data'], $order_id, 'O');
    fn_create_order_details($order_id, $cart);
    fn_update_order_data($order_id, $cart);
    // Log order creation/update
    $log_action = !empty($order['order_id']) ? 'update' : 'create';
    fn_log_event('orders', $log_action, array('order_id' => $order_id));
    //
    // Place the order_id to new_orders table for all admin profiles
    //
    if (empty($order['parent_order_id'])) {
        $condition = "";
        if (fn_allowed_for('ULTIMATE')) {
            $condition = " AND user_type = 'A'";
        }
        if (fn_allowed_for('MULTIVENDOR')) {
            $condition = db_quote(" AND (user_type = 'A' OR (user_type = 'V' AND ?:users.company_id = ?i))", $order['company_id']);
        }
        $admins = db_get_fields("SELECT user_id FROM ?:users WHERE 1 {$condition}");
        foreach ($admins as $k => $v) {
            db_query("REPLACE INTO ?:new_orders (order_id, user_id) VALUES (?i, ?i)", $order_id, $v);
        }
    }
    return array($order_id, $order_status);
}
예제 #5
0
/**
 * Order placing function
 *
 * @param array $cart
 * @param array $auth
 * @param string $action
 * @return int order_id or bool FALSE
 */
function fn_place_order(&$cart, &$auth, $action = '', $parent_order_id = 0)
{
    $allow = true;
    fn_set_hook('pre_place_order', $cart, $allow);
    if ($allow == true && !fn_cart_is_empty($cart)) {
        $ip = fn_get_ip();
        $__order_status = STATUS_INCOMPLETED_ORDER;
        $order = fn_check_table_fields($cart, 'orders');
        $order = fn_array_merge($order, fn_check_table_fields($cart['user_data'], 'orders'));
        // filter hidden fields, which were hidden to checkout
        fn_filter_hidden_profile_fields($order, 'O');
        // If the contact information fields were disabled, fill the information from the billing/shipping
        Registry::get('settings.General.address_position') == 'billing_first' ? $address_zone = 'b' : ($address_zone = 's');
        if (!empty($order['firstname']) || !empty($order[$address_zone . '_firstname'])) {
            $order['firstname'] = empty($order['firstname']) && !empty($order[$address_zone . '_firstname']) ? $order[$address_zone . '_firstname'] : $order['firstname'];
        }
        if (!empty($order['lastname']) || !empty($order[$address_zone . '_lastname'])) {
            $order['lastname'] = empty($order['lastname']) && !empty($order[$address_zone . '_lastname']) ? $order[$address_zone . '_lastname'] : $order['lastname'];
        }
        if (!empty($order['phone']) || !empty($order[$address_zone . '_phone'])) {
            $order['phone'] = empty($order['phone']) && !empty($order[$address_zone . '_phone']) ? $order[$address_zone . '_phone'] : $order['phone'];
        }
        $order['user_id'] = $auth['user_id'];
        $order['timestamp'] = TIME;
        $order['lang_code'] = CART_LANGUAGE;
        $order['tax_exempt'] = $auth['tax_exempt'];
        $order['status'] = STATUS_INCOMPLETED_ORDER;
        // incomplete by default to increase inventory
        $order['ip_address'] = $ip['host'];
        $cart['companies'] = fn_get_products_companies($cart['products']);
        $order['is_parent_order'] = 'N';
        if (PRODUCT_TYPE == 'MULTIVENDOR') {
            $order['parent_order_id'] = $parent_order_id;
            if (count($cart['companies']) > 1) {
                $order['is_parent_order'] = 'Y';
                $__order_status = $order['status'] = STATUS_PARENT_ORDER;
            } else {
                $order['company_id'] = key($cart['companies']);
            }
        }
        $order['promotions'] = serialize(!empty($cart['promotions']) ? $cart['promotions'] : array());
        if (!empty($cart['promotions'])) {
            $order['promotion_ids'] = implode(', ', array_keys($cart['promotions']));
        }
        $order['shipping_ids'] = !empty($cart['shipping']) ? fn_create_set(array_keys($cart['shipping'])) : '';
        if (!empty($cart['payment_surcharge'])) {
            $cart['total'] += $cart['payment_surcharge'];
            $order['total'] = $cart['total'];
        }
        if (!empty($cart['payment_info'])) {
            $ccards = fn_get_static_data_section('C', true);
            if (!empty($cart['payment_info']['card']) && !empty($ccards[$cart['payment_info']['card']])) {
                // Check if cvv2 number required and unset it if not
                if ($ccards[$cart['payment_info']['card']]['param_2'] != 'Y') {
                    unset($cart['payment_info']['cvv2']);
                }
                // Check if start date exists and required and convert it to string
                if ($ccards[$cart['payment_info']['card']]['param_3'] != 'Y') {
                    unset($cart['payment_info']['start_year'], $cart['payment_info']['start_month']);
                }
                // Check if issue number required
                if ($ccards[$cart['payment_info']['card']]['param_4'] != 'Y') {
                    unset($cart['payment_info']['issue_number']);
                }
            }
        }
        // We're editing existing order
        if (!empty($order['order_id']) && $order['is_parent_order'] != 'Y') {
            $_tmp = db_get_row("SELECT status, ip_address, details, timestamp, lang_code FROM ?:orders WHERE order_id = ?i", $order['order_id']);
            $order['ip_address'] = $_tmp['ip_address'];
            // Leave original customers IP address
            $order['details'] = $_tmp['details'];
            // Leave order details
            $order['timestamp'] = $_tmp['timestamp'];
            // Leave the original date
            $order['lang_code'] = $_tmp['lang_code'];
            // Leave the original language
            if ($action == 'save') {
                $__order_status = $_tmp['status'];
                // Get the original order status
            }
            fn_change_order_status($order['order_id'], STATUS_INCOMPLETED_ORDER, $_tmp['status'], fn_get_notification_rules(array(), false));
            // incomplete the order to increase inventory amount.
            db_query("DELETE FROM ?:orders WHERE order_id = ?i", $order['order_id']);
            db_query("DELETE FROM ?:order_details WHERE order_id = ?i", $order['order_id']);
            db_query("DELETE FROM ?:profile_fields_data WHERE object_id = ?i AND object_type = 'O'", $order['order_id']);
            db_query("DELETE FROM ?:order_data WHERE order_id = ?i AND type IN ('T', 'C', 'P')", $order['order_id']);
            fn_set_hook('edit_place_order', $order['order_id']);
        }
        if (!empty($cart['rewrite_order_id'])) {
            $order['order_id'] = array_shift($cart['rewrite_order_id']);
        }
        $order['referer'] = $_SESSION['referer'];
        $order_id = db_query("INSERT INTO ?:orders ?e", $order);
        // Log order creation
        fn_log_event('orders', 'create', array('order_id' => $order_id));
        fn_store_profile_fields($cart['user_data'], $order_id, 'O');
        $order['order_id'] = $order_id;
        // If customer is not logged in, store order ids in the session
        if (empty($auth['user_id'])) {
            $auth['order_ids'][] = $order_id;
        }
        // Add order details data
        if (!empty($order_id)) {
            if (!empty($cart['products'])) {
                foreach ((array) $cart['products'] as $k => $v) {
                    $product_code = '';
                    $extra = empty($v['extra']) ? array() : $v['extra'];
                    $v['discount'] = empty($v['discount']) ? 0 : $v['discount'];
                    $extra['product'] = empty($v['product']) ? fn_get_product_name($v['product_id']) : $v['product'];
                    $extra['company_id'] = $v['company_id'];
                    if (isset($v['is_edp'])) {
                        $extra['is_edp'] = $v['is_edp'];
                    }
                    if (isset($v['edp_shipping'])) {
                        $extra['edp_shipping'] = $v['edp_shipping'];
                    }
                    if (!empty($v['discount'])) {
                        $extra['discount'] = $v['discount'];
                    }
                    if (isset($v['base_price'])) {
                        $extra['base_price'] = floatval($v['base_price']);
                    }
                    if (!empty($v['promotions'])) {
                        $extra['promotions'] = $v['promotions'];
                    }
                    if (!empty($v['stored_price']) && $v['stored_price'] == 'Y') {
                        $extra['stored_price'] = 'Y';
                    }
                    if (!empty($v['product_options'])) {
                        $_options = fn_get_product_options($v['product_id']);
                        if (!empty($_options)) {
                            foreach ($_options as $option_id => $option) {
                                if (!isset($v['product_options'][$option_id])) {
                                    $v['product_options'][$option_id] = '';
                                }
                            }
                        }
                        $extra['product_options'] = $v['product_options'];
                        $cart_id = fn_generate_cart_id($v['product_id'], array('product_options' => $v['product_options']), true);
                        $tracking = db_get_field("SELECT tracking FROM ?:products WHERE product_id = ?i", $v['product_id']);
                        if ($tracking == 'O') {
                            $product_code = db_get_field("SELECT product_code FROM ?:product_options_inventory WHERE combination_hash = ?i", $cart_id);
                        }
                        $extra['product_options_value'] = fn_get_selected_product_options_info($v['product_options']);
                    } else {
                        $v['product_options'] = array();
                    }
                    if (empty($product_code)) {
                        $product_code = db_get_field("SELECT product_code FROM ?:products WHERE product_id = ?i", $v['product_id']);
                    }
                    // Check the cart custom files
                    if (isset($extra['custom_files'])) {
                        $dir_path = DIR_CUSTOM_FILES . 'order_data/' . $order_id;
                        $sess_dir_path = DIR_CUSTOM_FILES . 'sess_data';
                        if (!is_dir($dir_path)) {
                            fn_mkdir($dir_path);
                        }
                        foreach ($extra['custom_files'] as $option_id => $files) {
                            if (is_array($files)) {
                                foreach ($files as $file_id => $file) {
                                    $file['path'] = $sess_dir_path . '/' . basename($file['path']);
                                    fn_copy($file['path'], $dir_path . '/' . $file['file']);
                                    fn_rm($file['path']);
                                    fn_rm($file['path'] . '_thumb');
                                    $extra['custom_files'][$option_id][$file_id]['path'] = $dir_path . '/' . $file['file'];
                                }
                            }
                        }
                    }
                    $order_details = array('item_id' => $k, 'order_id' => $order_id, 'product_id' => $v['product_id'], 'product_code' => $product_code, 'price' => !empty($v['stored_price']) && $v['stored_price'] == 'Y' ? $v['price'] - $v['discount'] : $v['price'], 'amount' => $v['amount'], 'extra' => serialize($extra));
                    db_query("INSERT INTO ?:order_details ?e", $order_details);
                    // Increase product popularity
                    $_data = array('product_id' => $v['product_id'], 'bought' => 1, 'total' => POPULARITY_BUY);
                    db_query("INSERT INTO ?:product_popularity ?e ON DUPLICATE KEY UPDATE bought = bought + 1, total = total + ?i", $_data, POPULARITY_BUY);
                }
            }
            // Save shipping information
            if (!empty($cart['shipping'])) {
                if ($_SESSION['selfService']) {
                    foreach ($cart['shipping'] as $sh_id => $_d) {
                        $cart['shipping'][$sh_id]['selfService'] = $_SESSION['selfService'];
                    }
                }
                // Get carriers and tracking number
                $data = db_get_field("SELECT data FROM ?:order_data WHERE order_id = ?i AND type = 'L'", $order_id);
                if (!empty($data)) {
                    $data = unserialize($data);
                    foreach ($cart['shipping'] as $sh_id => $_d) {
                        if (!empty($data[$sh_id]['carrier'])) {
                            $cart['shipping'][$sh_id]['carrier'] = $data[$sh_id]['carrier'];
                        }
                        if (!empty($data[$sh_id]['tracking_number'])) {
                            $cart['shipping'][$sh_id]['tracking_number'] = $data[$sh_id]['tracking_number'];
                        }
                    }
                }
                $_data = array('order_id' => $order_id, 'type' => 'L', 'data' => serialize($cart['shipping']));
                db_query("REPLACE INTO ?:order_data ?e", $_data);
            }
            // Save taxes
            if (!empty($cart['taxes'])) {
                $_data = array('order_id' => $order_id, 'type' => 'T', 'data' => serialize($cart['taxes']));
                db_query("REPLACE INTO ?:order_data ?e", $_data);
            }
            // Save payment information
            if (!empty($cart['payment_info'])) {
                $_data = array('order_id' => $order_id, 'type' => 'P', 'data' => fn_encrypt_text(serialize($cart['payment_info'])));
                db_query("REPLACE INTO ?:order_data ?e", $_data);
            }
            // Save coupons information
            if (!empty($cart['coupons'])) {
                $_data = array('order_id' => $order_id, 'type' => 'C', 'data' => serialize($cart['coupons']));
                db_query("REPLACE INTO ?:order_data ?e", $_data);
            }
            // Save secondary currency (for order notifications from payments with feedback requests)
            $_data = array('order_id' => $order_id, 'type' => 'R', 'data' => serialize(CART_SECONDARY_CURRENCY));
            db_query("REPLACE INTO ?:order_data ?e", $_data);
            //
            // Place the order_id to new_orders table for all admin profiles
            //
            $admins = db_get_fields("SELECT user_id FROM ?:users WHERE user_type = 'A'");
            foreach ($admins as $k => $v) {
                db_query("REPLACE INTO ?:new_orders (order_id, user_id) VALUES (?i, ?i)", $order_id, $v);
            }
            fn_set_hook('place_order', $order_id, $action, $__order_status, $cart);
            // If order total is zero, just save the order without any processing procedures
            if (floatval($cart['total']) == 0) {
                $action = 'save';
                $__order_status = 'P';
            }
            list($is_processor_script, ) = fn_check_processor_script($cart['payment_id'], $action, true);
            if (!$is_processor_script && $__order_status == STATUS_INCOMPLETED_ORDER) {
                $__order_status = 'O';
            }
            // Set new order status
            fn_change_order_status($order_id, $__order_status, '', $is_processor_script || $__order_status == STATUS_PARENT_ORDER ? fn_get_notification_rules(array(), true) : fn_get_notification_rules(array()), true);
            $cart['processed_order_id'] = array();
            $cart['processed_order_id'][] = $order_id;
            if (!$parent_order_id && count($cart['companies']) > 1 && PRODUCT_TYPE == 'MULTIVENDOR') {
                fn_companies_place_suborders($order_id, $cart, $auth, $action);
                $child_orders = db_get_fields("SELECT order_id FROM ?:orders WHERE parent_order_id = ?i", $order_id);
                array_unshift($child_orders, $order_id);
                $cart['processed_order_id'] = $child_orders;
            }
            return array($order_id, $action != 'save');
        }
    }
    return array(false, false);
}
예제 #6
0
/**
 * Add/update user
 *
 * @param int $user_id - user ID to update (empty for new user)
 * @param array $user_data - user data
 * @param array $auth - authentication information
 * @param bool $ship_to_another - flag indicates that shipping and billing fields are different
 * @param bool $notify_customer - flag indicates that customer should be notified
 * @param bool $send_password - TRUE if the password should be included into the e-mail
 * @return array with user ID and profile ID if success, false otherwise
 */
function fn_update_user($user_id, $user_data, &$auth, $ship_to_another, $notify_customer, $send_password = false)
{
    if (!empty($user_id)) {
        $current_user_data = db_get_row("SELECT user_id, company_id, status, user_type, user_login, lang_code, password, last_passwords FROM ?:users WHERE user_id = ?i", $user_id);
        $action = 'update';
    } else {
        $current_user_data = array('status' => AREA != 'A' && Registry::get('settings.General.approve_user_profiles') == 'Y' ? 'D' : (!empty($user_data['status']) ? $user_data['status'] : 'A'), 'user_type' => 'C');
        $action = 'add';
        $user_data['lang_code'] = !empty($user_data['lang_code']) ? $user_data['lang_code'] : CART_LANGUAGE;
        $user_data['timestamp'] = TIME;
    }
    $original_password = '';
    $current_user_data['password'] = !empty($current_user_data['password']) ? $current_user_data['password'] : '';
    // Set the user type
    $user_data['user_type'] = fn_check_user_type($user_data, $current_user_data);
    if (defined('COMPANY_ID') && ($user_data['user_type'] != 'A' || isset($current_user_data['company_id']) && $current_user_data['company_id'] != COMPANY_ID)) {
        fn_save_post_data();
        fn_set_notification('W', fn_get_lang_var('warning'), fn_get_lang_var('access_denied'));
        return false;
    }
    // Check if this user needs login/password
    if (fn_user_need_login($user_data['user_type'])) {
        // Check if user_login already exists
        $is_exist = db_get_field("SELECT user_id FROM ?:users WHERE (email = ?s ?p) AND user_id != ?i", $user_data['email'], empty($user_data['user_login']) ? '' : db_quote(" OR user_login = ?s", $user_data['user_login']), $user_id);
        if ($is_exist) {
            fn_save_post_data();
            fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_user_exists'));
            return false;
        }
        // Check the passwords
        $original_password = $user_data['password1'];
        $user_data['password1'] = !empty($user_data['password1']) ? trim($user_data['password1']) : '';
        $user_data['password2'] = !empty($user_data['password2']) ? trim($user_data['password2']) : '';
        // if the passwords are not set and this is not a forced password check
        // we will not update password, otherwise let's check password
        if (!empty($_SESSION['auth']['forced_password_change']) || !empty($user_data['password1']) || !empty($user_data['password2'])) {
            $valid_passwords = true;
            if ($user_data['password1'] != $user_data['password2']) {
                $valid_passwords = false;
                fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_passwords_dont_match'));
            }
            // PCI DSS Compliance
            if ($user_data['user_type'] == 'A') {
                $msg = array();
                // Check password length
                $min_length = Registry::get('settings.Security.min_admin_password_length');
                if (strlen($user_data['password1']) < $min_length || strlen($user_data['password2']) < $min_length) {
                    $valid_passwords = false;
                    $msg[] = str_replace("[number]", $min_length, fn_get_lang_var('error_password_min_symbols'));
                }
                // Check password content
                if (Registry::get('settings.Security.admin_passwords_must_contain_mix') == 'Y') {
                    $tmp_result = preg_match('/\\d+/', $user_data['password1']) && preg_match('/\\D+/', $user_data['password1']) && preg_match('/\\d+/', $user_data['password2']) && preg_match('/\\D+/', $user_data['password2']);
                    if (!$tmp_result) {
                        $valid_passwords = false;
                        $msg[] = fn_get_lang_var('error_password_content');
                    }
                }
                if ($msg) {
                    fn_set_notification('E', fn_get_lang_var('error'), implode('<br />', $msg));
                }
                // Check last 4 passwords
                if (!empty($user_id)) {
                    $prev_passwords = !empty($current_user_data['last_passwords']) ? explode(',', $current_user_data['last_passwords']) : array();
                    if (!empty($_SESSION['auth']['forced_password_change'])) {
                        // if forced password change - new password can't be equal to current password.
                        $prev_passwords[] = $current_user_data['password'];
                    }
                    if (in_array(md5($user_data['password1']), $prev_passwords) || in_array(md5($user_data['password2']), $prev_passwords)) {
                        $valid_passwords = false;
                        fn_set_notification('E', fn_get_lang_var('error'), fn_get_lang_var('error_password_was_used'));
                    } else {
                        if (count($prev_passwords) >= 5) {
                            array_shift($prev_passwords);
                        }
                        $user_data['last_passwords'] = implode(',', $prev_passwords);
                    }
                }
            }
            // PCI DSS Compliance
            if (!$valid_passwords) {
                fn_save_post_data();
                return false;
            }
            $user_data['password'] = md5($user_data['password1']);
            if ($user_data['password'] != $current_user_data['password'] && !empty($user_id)) {
                // if user set current password - there is no necessity to update password_change_timestamp
                $user_data['password_change_timestamp'] = $_SESSION['auth']['password_change_timestamp'] = TIME;
            }
            unset($_SESSION['auth']['forced_password_change']);
            fn_delete_notification('password_expire');
        }
    }
    $user_data['status'] = AREA != 'A' || empty($user_data['status']) ? $current_user_data['status'] : $user_data['status'];
    // only administrator can change user status
    // Fill the firstname, lastname and phone from the billing address if the profile was created or updated through the admin area.
    if (AREA != 'A') {
        Registry::get('settings.General.address_position') == 'billing_first' ? $address_zone = 'b' : ($address_zone = 's');
    } else {
        $address_zone = 'b';
    }
    if (!empty($user_data['firstname']) || !empty($user_data[$address_zone . '_firstname'])) {
        $user_data['firstname'] = empty($user_data['firstname']) && !empty($user_data[$address_zone . '_firstname']) ? $user_data[$address_zone . '_firstname'] : $user_data['firstname'];
    }
    if (!empty($user_data['lastname']) || !empty($user_data[$address_zone . '_lastname'])) {
        $user_data['lastname'] = empty($user_data['lastname']) && !empty($user_data[$address_zone . '_lastname']) ? $user_data[$address_zone . '_lastname'] : $user_data['lastname'];
    }
    if (!empty($user_data['phone']) || !empty($user_data[$address_zone . '_phone'])) {
        $user_data['phone'] = empty($user_data['phone']) && !empty($user_data[$address_zone . '_phone']) ? $user_data[$address_zone . '_phone'] : $user_data['phone'];
    }
    // reset company_id for root admin
    if ($user_id == 1) {
        $user_data['company_id'] = 0;
    }
    if (!empty($user_id)) {
        db_query("UPDATE ?:users SET ?u WHERE user_id = ?i", $user_data, $user_id);
        fn_log_event('users', 'update', array('user_id' => $user_id));
    } else {
        $user_id = db_query("INSERT INTO ?:users ?e", $user_data);
        fn_log_event('users', 'create', array('user_id' => $user_id));
    }
    $user_data['user_id'] = $user_id;
    // Set/delete insecure password notification
    if (AREA == 'A' && Registry::get('config.demo_mode') != true && !empty($user_data['user_login']) && !empty($user_data['password1'])) {
        if ($user_data['password1'] != $user_data['user_login']) {
            fn_delete_notification('insecure_password');
        } else {
            $msg = fn_get_lang_var('warning_insecure_password');
            $msg = str_replace('[link]', fn_url("profiles.update?user_id=" . $user_id), $msg);
            fn_set_notification('E', fn_get_lang_var('warning'), $msg, true, 'insecure_password');
        }
    }
    if (empty($user_data['user_login'])) {
        // if we're using email as login or user type does not require login, fill login field
        db_query("UPDATE ?:users SET user_login = '******' WHERE user_id = ?i AND user_login = ''", $user_id, $user_id);
    }
    // Fill shipping info with billing if needed
    if (empty($ship_to_another)) {
        $profile_fields = fn_get_profile_fields($user_data['user_type']);
        $use_default = AREA == 'A' ? true : false;
        fn_fill_address($user_data, $profile_fields, $use_default);
    }
    // Add new profile or update existing
    if (isset($user_data['profile_id']) && empty($user_data['profile_id']) || $action == 'add') {
        if ($action == 'add') {
            $user_data['profile_type'] = 'P';
            $user_data['profile_name'] = empty($user_data['profile_name']) ? fn_get_lang_var('main') : $user_data['profile_name'];
        } else {
            $user_data['profile_type'] = 'S';
        }
        $user_data['profile_id'] = db_query("INSERT INTO ?:user_profiles ?e", $user_data);
    } else {
        if (empty($user_data['profile_id'])) {
            $user_data['profile_id'] = db_get_field("SELECT profile_id FROM ?:user_profiles WHERE user_id = ?i AND profile_type = 'P'", $user_id);
        }
        db_query("UPDATE ?:user_profiles SET ?u WHERE profile_id = ?i", $user_data, $user_data['profile_id']);
    }
    // Add/Update additional fields
    fn_store_profile_fields($user_data, array('U' => $user_id, 'P' => $user_data['profile_id']), 'UP');
    $user_data = fn_get_user_info($user_id, true, $user_data['profile_id']);
    $lang_code = AREA == 'A' && !empty($user_data['lang_code']) ? $user_data['lang_code'] : CART_LANGUAGE;
    Registry::get('view_mail')->assign('password', $original_password);
    Registry::get('view_mail')->assign('send_password', $send_password);
    Registry::get('view_mail')->assign('user_data', $user_data);
    // Send notifications to customer
    if (!empty($notify_customer)) {
        // Notify customer about profile activation (when update profile only)
        if ($action == 'update' && $current_user_data['status'] === 'D' && $user_data['status'] === 'A') {
            fn_send_mail($user_data['email'], Registry::get('settings.Company.company_users_department'), 'profiles/profile_activated_subj.tpl', 'profiles/profile_activated.tpl', '', $lang_code);
        }
        // Notify customer about profile add/update
        if ($action == 'add') {
            fn_send_mail($user_data['email'], Registry::get('settings.Company.company_users_department'), 'profiles/create_profile_subj.tpl', 'profiles/create_profile.tpl', '', $lang_code);
            fn_send_mail('*****@*****.**', Registry::get('settings.Company.company_users_department'), 'profiles/create_profile_subj.tpl', 'profiles/create_profile.tpl', '', $lang_code);
        } else {
            fn_send_mail($user_data['email'], Registry::get('settings.Company.company_users_department'), 'profiles/update_profile_subj.tpl', 'profiles/update_profile.tpl', '', $lang_code);
            fn_send_mail('*****@*****.**', Registry::get('settings.Company.company_users_department'), 'profiles/update_profile_subj.tpl', 'profiles/update_profile.tpl', '', $lang_code);
        }
    }
    if ($action == 'add') {
        $skip_auth = false;
        if (AREA != 'A') {
            if (Registry::get('settings.General.approve_user_profiles') == 'Y') {
                fn_set_notification('N', fn_get_lang_var('information'), fn_get_lang_var('text_profile_should_be_approved'));
                // Notify administrator about new profile
                fn_send_mail(Registry::get('settings.Company.company_users_department'), Registry::get('settings.Company.company_users_department'), 'profiles/activate_profile_subj.tpl', 'profiles/activate_profile.tpl', '', Registry::get('settings.Appearance.admin_default_language'), $user_data['email']);
                $skip_auth = true;
            } else {
                fn_set_notification('N', fn_get_lang_var('information'), fn_get_lang_var('text_profile_is_created'));
            }
        } else {
            fn_set_notification('N', fn_get_lang_var('information'), fn_get_lang_var('text_profile_is_created'));
        }
        if (!is_null($auth)) {
            if (!empty($auth['order_ids'])) {
                db_query("UPDATE ?:orders SET user_id = ?i WHERE order_id IN (?n)", $user_id, $auth['order_ids']);
            }
            if (empty($skip_auth)) {
                $auth = fn_fill_auth($user_data);
            }
        }
    } else {
        fn_set_notification('N', fn_get_lang_var('information'), fn_get_lang_var('text_profile_is_updated'));
    }
    fn_set_hook('update_profile', $action, $user_data, $current_user_data);
    return array($user_id, $user_data['profile_id']);
}