protected function restoreOrderAction () { echo isc_json_encode($this->restoreOrderActionHandler(Interspire_Request::post('orderId', 0))); exit; }
/** * Gets a list of orders as a result set * * @param int $Start The starting position to retrieve orders from * @param string $SortField The field to sort the orders on * @param string $SortOrder The order in which to sort the orders by, ASC or DESC * @param variable $NumOrders $NumOrders will be set to the number of orders that are retrieved * @param mixed $limit The max orders to retrieve, or false to not limit * @param variable $numDeletedOrders will be set to the number of deleted orders that match the provided query * @return resource The database result set of orders */ public function _GetOrderList($Start, $SortField, $SortOrder, &$NumOrders, $limit = ISC_ORDERS_PER_PAGE, &$numDeletedOrders = 0) { $extraFields = ''; $extraJoins = ''; if(isset($_REQUEST['couponCode']) && trim($_REQUEST['couponCode']) != '') { $extraFields = 'DISTINCT(co.ordcouporderid), '; $extraJoins = sprintf("INNER JOIN [|PREFIX|]order_coupons co ON (co.ordcouporderid=o.orderid AND co.ordcouponcode='%s')", $GLOBALS['ISC_CLASS_DB']->Quote($_REQUEST['couponCode'])); } // Return an array containing details about orders. $query = sprintf(" SELECT %so.*, c.*, s.statusdesc AS ordstatustext, CONCAT(custconfirstname, ' ', custconlastname) AS custname, ( SELECT COUNT(messageid) FROM [|PREFIX|]order_messages WHERE messageorderid=orderid ) AS nummessages, ( SELECT COUNT(messageid) FROM [|PREFIX|]order_messages WHERE messageorderid=orderid AND messagestatus != 'read' ) AS numunreadmessages, ( SELECT COUNT(messageid) FROM [|PREFIX|]order_messages WHERE messageorderid=orderid AND messagefrom='customer' AND messagestatus='unread' ) AS newmessages FROM [|PREFIX|]orders o LEFT JOIN [|PREFIX|]customers c ON (o.ordcustid=c.customerid) LEFT JOIN [|PREFIX|]order_status s ON (s.statusid=o.ordstatus) %s", $extraFields, $extraJoins); $countQuery = "SELECT COUNT(o.orderid) FROM [|PREFIX|]orders o"; if (!empty($extraJoins)) { $countQuery .= ' '.$extraJoins; } if(isset($_REQUEST['newMessages'])) { $countQuery .= " LEFT JOIN [|PREFIX|]order_messages ON (messageorderid=orderid) AND messagefrom='customer' AND messagestatus='unread'"; } if (Interspire_Request::request('searchDeletedOrders', 'no') == 'no' && !is_numeric(Interspire_Request::request('searchQuery', ''))) { // setup to also search for deleted orders using the same parameters $deletedQuery = true; $deletedCountQuery = $countQuery; $deletedRequest = $_REQUEST; $deletedRequest['searchDeletedOrders'] = 'only'; } else { // the current search scope includes deleted orders, don't bother searching for them again $deletedQuery = false; $numDeletedOrders = 0; } // Are there any search parameters? $res = $this->BuildWhereFromVars($_REQUEST); $query .= " WHERE 1=1 " . $res["query"]; $countQuery .= " " . $res['count'] . " WHERE 1=1 " . $res['query']; if ($deletedQuery) { $res = $this->BuildWhereFromVars($deletedRequest); $deletedCountQuery .= " " . $res['count'] . " WHERE 1=1 " . $res['query']; $deletedCountQuery .= ' AND deleted = 1'; } // Only those with new messages? if (isset($_REQUEST['newMessages'])) { // @todo should this also adjust countQuery? $query .= " HAVING newmessages >= 1"; } // How many results do we have? $result = $GLOBALS['ISC_CLASS_DB']->Query($countQuery); $NumOrders = (int)$GLOBALS['ISC_CLASS_DB']->FetchOne($result); if ($deletedQuery) { $deletedResult = $this->db->Query($deletedCountQuery); $numDeletedOrders = (int)$this->db->FetchOne($deletedResult); } // Add the limit $query .= sprintf(" order by %s %s", $SortField, $SortOrder); if($limit !== false) { $query .= $GLOBALS['ISC_CLASS_DB']->AddLimit($Start, $limit); } $result = $GLOBALS['ISC_CLASS_DB']->Query($query); if($GLOBALS['ISC_CLASS_DB']->CountResult($result) == 0) { $GLOBALS['HideViewAllLink'] = 'none'; } return $result; }
public function VerifyOrderPayment() { $status = Interspire_Request::request('status'); $orderid = Interspire_Request::request('referenceId'); $hash = Interspire_Request::request('hash'); $sessionId = Interspire_Request::request('sessionId'); $amazonAmount = Interspire_Request::request('transactionAmount'); $operation = Interspire_Request::request('operation'); $paymentMethod = Interspire_Request::request('paymentMethod'); $buyerEmail = Interspire_Request::request('buyerEmail'); $transactionId = Interspire_Request::request('transactionId'); $amount = false; if ($amazonAmount) { $amount = explode(' ', $amazonAmount); if (count($amount) >= 1) { $amount = $amount[1]; } else { $amount = false; } } if (!$amount) { $GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix.'InvalidAmount'), $amazonAmount); return false; } if ($orderid != $this->GetCombinedOrderId() || $operation != 'pay' || $sessionId != $_COOKIE['SHOP_ORDER_TOKEN'] || $amount != $this->GetGatewayAmount()) { $GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix.'ErrorMismatch')); return false; } // check signature to ensure this response is from amazon simple pay if (!$this->_verifySignature()) { $GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix.'ErrorVerifySignature')); return false; } if (md5($this->GetValue("accessid").$this->GetValue("secretkey").$orderid.$sessionId.$amazonAmount) != $hash) { $GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix.'ErrorMismatch')); return false; } if (!($status == 'PS' || $status == 'PI')) { $GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), sprintf(GetLang($this->_languagePrefix.'ErrorMismatch'), $status), GetLang($this->_languagePrefix.'ResponseCodes')); return false; } $orders = $this->GetOrders(); $order = current($orders); $amazonInfo = array( 'Amazon Email' => $buyerEmail, 'Payment Method' => $paymentMethod, ); // Is there any existing extra info for the pending order? $extraInfo = serialize($amazonInfo); if ($order['extrainfo'] != "") { $extraArray = @unserialize($order['extrainfo']); if (is_array($extraArray)) { $extraInfo = serialize(array_merge($extraArray, $amazonInfo)); } } $updatedOrder = array( 'ordpayproviderid' => $transactionId, 'ordpaymentstatus' => 'captured', 'extrainfo' => $extraInfo, ); $this->UpdateOrders($updatedOrder); $this->SetPaymentStatus(PAYMENT_STATUS_PAID); $GLOBALS['ISC_CLASS_LOG']->LogSystemSuccess(array('payment', $this->GetName()), sprintf(GetLang($this->_languagePrefix.'Success'), $this->GetCombinedOrderId())); return true; }
/** * Handle a browser request to finish a picnik edit, typically triggered by clicking the 'save and close' button in picnik -- will download the new image and store it locally * * @return void */ public function handleReceivePicnik() { $token = $this->loadToken(Interspire_Request::get('token')); $remoteFile = $_GET['file']; $this->template->assign('PicnikRemoteFile', $remoteFile); if (!$token) { $this->template->assign('PicnikError', GetLang('PicnikError_InvalidToken')); } else { $token['imagetype'] = (int)$token['imagetype']; $this->receivePicnik($token, $remoteFile); } // all done, redirect to where the user was when starting the edit session $this->template->display('pageheader.popup.tpl'); $this->template->display('picnik.received.tpl'); $this->template->display('pagefooter.popup.tpl'); }
private function SaveUpdatedCheckoutSettings() { // Firstly we will delete *all* existing module variables for shippers. This way, if one // was previously configured and unchecked then its old variables wont be saved and it // wont be marked as configured even when it's not $GLOBALS['ISC_CLASS_DB']->DeleteQuery('module_vars', "WHERE modulename like 'checkout_%'"); if (!isset($_POST['checkoutproviders'])) { $_POST['checkoutproviders'] = array(); } // If they've selected to use the built in provider, override any other selections // coming in from the request if(GetConfig('EnableBuiltInGateway') && $_POST['builtInGateway'] == 1) { $_POST['checkoutproviders'] = array( 'checkout_'.GetConfig('BuiltInGateway') ); $_POST['checkout_'.GetConfig('BuiltInGateway')] = $_POST['builtin']; } $enabledStack = array(); $messages = array(); // Can the selected payment modules be enabled? foreach ($_POST['checkoutproviders'] as $provider) { GetModuleById('checkout', $module, $provider); if (is_object($module)) { // Is this checkout provider supported on this server? if($module->IsSupported() == false) { $errors = $module->GetErrors(); foreach($errors as $error) { FlashMessage($error, MSG_ERROR); } continue; } // Otherwise, this checkout provider is fine, so add it to the stack of enabled $enabledStack[] = $provider; } } // A list of the checkout modules we've just enabled $justEnabled = array_diff($enabledStack, explode(',', GetConfig('CheckoutMethods'))); $checkoutproviders = implode(",", $enabledStack); $GLOBALS['ISC_NEW_CFG']['CheckoutMethods'] = $checkoutproviders; // Save the order settings they specified too if ($_POST['updateinventory'] == 1) { $GLOBALS['ISC_NEW_CFG']['UpdateInventoryLevels'] = 1; } else { $GLOBALS['ISC_NEW_CFG']['UpdateInventoryLevels'] = 0; } $GLOBALS['ISC_NEW_CFG']['UpdateInventoryOnOrderEdit'] = (int)Interspire_Request::post('UpdateInventoryOnOrderEdit', 0); $GLOBALS['ISC_NEW_CFG']['UpdateInventoryOnOrderDelete'] = (int)Interspire_Request::post('UpdateInventoryOnOrderDelete', 0); $GLOBALS['ISC_NEW_CFG']['DigitalOrderHandlingFee'] = 0; if(isset($_POST['EnableDigitalOrderHandlingFee'])) { $GLOBALS['ISC_NEW_CFG']['DigitalOrderHandlingFee'] = $_POST['DigitalOrderHandlingFee']; } // Save any selected notification statuses $GLOBALS['ISC_NEW_CFG']['OrderStatusNotifications'] = ''; if (isset($_POST['orderstatusemails']) && is_array($_POST['orderstatusemails'])) { $GLOBALS['ISC_NEW_CFG']['OrderStatusNotifications'] = implode(",", array_map("intval", $_POST['orderstatusemails'])); } if($_POST['CheckoutType'] == 'single') { $GLOBALS['ISC_NEW_CFG']['CheckoutType'] = 'single'; } else { $GLOBALS['ISC_NEW_CFG']['CheckoutType'] = 'multipage'; } if(isset($_POST['EnableOrderComments'])) { $GLOBALS['ISC_NEW_CFG']['EnableOrderComments'] = 1; } else { $GLOBALS['ISC_NEW_CFG']['EnableOrderComments'] = 0; } if(isset($_POST['EnableOrderTermsAndConditions']) && isset($_POST['OrderTermsAndConditionsType'])) { if($_POST['OrderTermsAndConditionsType'] == 'link') { if(trim($_POST['OrderTermsAndConditionsLink']) == '' || trim($_POST['OrderTermsAndConditionsLink']) == "http://") { FlashMessage(GetLang('EnterTermsAndConditionsLink'), MSG_ERROR); } else { $GLOBALS['ISC_NEW_CFG']['OrderTermsAndConditionsLink'] = $_POST['OrderTermsAndConditionsLink']; } } else { if(trim($_POST['OrderTermsAndConditionsTextarea']) == '') { FlashMessage(GetLang('EnterTermsAndConditions'), MSG_ERROR); } else { $GLOBALS['ISC_NEW_CFG']['OrderTermsAndConditions'] = $_POST['OrderTermsAndConditionsTextarea']; } } $GLOBALS['ISC_NEW_CFG']['OrderTermsAndConditionsType'] = $_POST['OrderTermsAndConditionsType']; $GLOBALS['ISC_NEW_CFG']['EnableOrderTermsAndConditions'] = 1; } else { $GLOBALS['ISC_NEW_CFG']['EnableOrderTermsAndConditions'] = 0; $GLOBALS['ISC_NEW_CFG']['OrderTermsAndConditions'] = ""; } if(isset($_POST['MultipleShippingAddresses'])) { $GLOBALS['ISC_NEW_CFG']['MultipleShippingAddresses'] = 1; } else { $GLOBALS['ISC_NEW_CFG']['MultipleShippingAddresses'] = 0; } $GLOBALS['ISC_NEW_CFG']['GuestCheckoutEnabled'] = 0; $GLOBALS['ISC_NEW_CFG']['GuestCheckoutCreateAccounts'] = 0; if(isset($_POST['GuestCheckoutEnabled'])) { $GLOBALS['ISC_NEW_CFG']['GuestCheckoutEnabled'] = 1; if(isset($_POST['GuestCheckoutCreateAccounts'])) { $GLOBALS['ISC_NEW_CFG']['GuestCheckoutCreateAccounts'] = 1; } } $settings = GetClass('ISC_ADMIN_SETTINGS'); $messages = array(); if ($settings->CommitSettings($messages)) { // Save the module settings to the module_vars table // First, delete all existing entries foreach($messages as $message => $status) { FlashMessage($message, $status); } // Delete existing module configuration $GLOBALS['ISC_CLASS_DB']->DeleteQuery('module_vars', "WHERE modulename LIKE 'checkout\_%'"); // Now get all checkout variables (they are in an array from $_POST) foreach($enabledStack as $module_id) { $vars = array(); if(isset($_POST[$module_id])) { $vars = $_POST[$module_id]; } GetModuleById('checkout', $module, $module_id); if (!$module->SaveModuleSettings($vars)) { $errors = $module->GetErrors(); foreach($errors as $error) { FlashMessage($error, MSG_ERROR); } } } // Rebuild the cache of the checkout module variables $GLOBALS['ISC_CLASS_DATA_STORE']->UpdateCheckoutModuleVars(); if ($GLOBALS['ISC_CLASS_DB']->Error() == "") { // Log this action $GLOBALS['ISC_CLASS_LOG']->LogAdminAction(); // Just configured tax $redirectUrl = 'index.php?ToDo=viewCheckoutSettings'; $message = GetLang('CheckoutSettingsSavedSuccessfully'); // If we haven't enabled anything new, we've just saved settings. So mark as complete if(!in_array('paymentMethods', GetConfig('GettingStartedCompleted')) && empty($justEnabled)) { GetClass('ISC_ADMIN_ENGINE')->MarkGettingStartedComplete('paymentMethods'); $redirectUrl = 'index.php'; $message = GetLang('CheckoutSettingsSavedNoConfigure'); } FlashMessage($message, MSG_SUCCESS, $redirectUrl); } else { FlashMessage(GetLang('CheckoutSettingsNotSaved'), MSG_ERROR, 'index.php?ToDo=viewCheckoutSettings'); } } else { FlashMessage(GetLang('CheckoutSettingsNotSaved'), MSG_ERROR, 'index.php?ToDo=viewCheckoutSettings'); } }