protected function restoreOrderAction ()
{
echo isc_json_encode($this->restoreOrderActionHandler(Interspire_Request::post('orderId', 0)));
exit;
}
/**
* Gets a list of orders as a result set
*
* @param int $Start The starting position to retrieve orders from
* @param string $SortField The field to sort the orders on
* @param string $SortOrder The order in which to sort the orders by, ASC or DESC
* @param variable $NumOrders $NumOrders will be set to the number of orders that are retrieved
* @param mixed $limit The max orders to retrieve, or false to not limit
* @param variable $numDeletedOrders will be set to the number of deleted orders that match the provided query
* @return resource The database result set of orders
*/
public function _GetOrderList($Start, $SortField, $SortOrder, &$NumOrders, $limit = ISC_ORDERS_PER_PAGE, &$numDeletedOrders = 0)
{
$extraFields = '';
$extraJoins = '';
if(isset($_REQUEST['couponCode']) && trim($_REQUEST['couponCode']) != '') {
$extraFields = 'DISTINCT(co.ordcouporderid), ';
$extraJoins = sprintf("INNER JOIN [|PREFIX|]order_coupons co ON (co.ordcouporderid=o.orderid AND co.ordcouponcode='%s')", $GLOBALS['ISC_CLASS_DB']->Quote($_REQUEST['couponCode']));
}
// Return an array containing details about orders.
$query = sprintf("
SELECT %so.*, c.*, s.statusdesc AS ordstatustext, CONCAT(custconfirstname, ' ', custconlastname) AS custname,
(
SELECT COUNT(messageid)
FROM [|PREFIX|]order_messages
WHERE messageorderid=orderid
) AS nummessages,
(
SELECT COUNT(messageid)
FROM [|PREFIX|]order_messages
WHERE messageorderid=orderid AND messagestatus != 'read'
) AS numunreadmessages,
(
SELECT COUNT(messageid)
FROM [|PREFIX|]order_messages
WHERE messageorderid=orderid AND messagefrom='customer' AND messagestatus='unread'
) AS newmessages
FROM [|PREFIX|]orders o
LEFT JOIN [|PREFIX|]customers c ON (o.ordcustid=c.customerid)
LEFT JOIN [|PREFIX|]order_status s ON (s.statusid=o.ordstatus)
%s", $extraFields, $extraJoins);
$countQuery = "SELECT COUNT(o.orderid) FROM [|PREFIX|]orders o";
if (!empty($extraJoins)) {
$countQuery .= ' '.$extraJoins;
}
if(isset($_REQUEST['newMessages'])) {
$countQuery .= " LEFT JOIN [|PREFIX|]order_messages ON (messageorderid=orderid) AND messagefrom='customer' AND messagestatus='unread'";
}
if (Interspire_Request::request('searchDeletedOrders', 'no') == 'no' && !is_numeric(Interspire_Request::request('searchQuery', ''))) {
// setup to also search for deleted orders using the same parameters
$deletedQuery = true;
$deletedCountQuery = $countQuery;
$deletedRequest = $_REQUEST;
$deletedRequest['searchDeletedOrders'] = 'only';
} else {
// the current search scope includes deleted orders, don't bother searching for them again
$deletedQuery = false;
$numDeletedOrders = 0;
}
// Are there any search parameters?
$res = $this->BuildWhereFromVars($_REQUEST);
$query .= " WHERE 1=1 " . $res["query"];
$countQuery .= " " . $res['count'] . " WHERE 1=1 " . $res['query'];
if ($deletedQuery) {
$res = $this->BuildWhereFromVars($deletedRequest);
$deletedCountQuery .= " " . $res['count'] . " WHERE 1=1 " . $res['query'];
$deletedCountQuery .= ' AND deleted = 1';
}
// Only those with new messages?
if (isset($_REQUEST['newMessages'])) {
// @todo should this also adjust countQuery?
$query .= " HAVING newmessages >= 1";
}
// How many results do we have?
$result = $GLOBALS['ISC_CLASS_DB']->Query($countQuery);
$NumOrders = (int)$GLOBALS['ISC_CLASS_DB']->FetchOne($result);
if ($deletedQuery) {
$deletedResult = $this->db->Query($deletedCountQuery);
$numDeletedOrders = (int)$this->db->FetchOne($deletedResult);
}
// Add the limit
$query .= sprintf(" order by %s %s", $SortField, $SortOrder);
if($limit !== false) {
$query .= $GLOBALS['ISC_CLASS_DB']->AddLimit($Start, $limit);
}
$result = $GLOBALS['ISC_CLASS_DB']->Query($query);
if($GLOBALS['ISC_CLASS_DB']->CountResult($result) == 0) {
$GLOBALS['HideViewAllLink'] = 'none';
}
return $result;
}
public function VerifyOrderPayment()
{
$status = Interspire_Request::request('status');
$orderid = Interspire_Request::request('referenceId');
$hash = Interspire_Request::request('hash');
$sessionId = Interspire_Request::request('sessionId');
$amazonAmount = Interspire_Request::request('transactionAmount');
$operation = Interspire_Request::request('operation');
$paymentMethod = Interspire_Request::request('paymentMethod');
$buyerEmail = Interspire_Request::request('buyerEmail');
$transactionId = Interspire_Request::request('transactionId');
$amount = false;
if ($amazonAmount) {
$amount = explode(' ', $amazonAmount);
if (count($amount) >= 1) {
$amount = $amount[1];
} else {
$amount = false;
}
}
if (!$amount) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix.'InvalidAmount'), $amazonAmount);
return false;
}
if ($orderid != $this->GetCombinedOrderId() || $operation != 'pay' || $sessionId != $_COOKIE['SHOP_ORDER_TOKEN'] || $amount != $this->GetGatewayAmount()) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix.'ErrorMismatch'));
return false;
}
// check signature to ensure this response is from amazon simple pay
if (!$this->_verifySignature()) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix.'ErrorVerifySignature'));
return false;
}
if (md5($this->GetValue("accessid").$this->GetValue("secretkey").$orderid.$sessionId.$amazonAmount) != $hash) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix.'ErrorMismatch'));
return false;
}
if (!($status == 'PS' || $status == 'PI')) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), sprintf(GetLang($this->_languagePrefix.'ErrorMismatch'), $status), GetLang($this->_languagePrefix.'ResponseCodes'));
return false;
}
$orders = $this->GetOrders();
$order = current($orders);
$amazonInfo = array(
'Amazon Email' => $buyerEmail,
'Payment Method' => $paymentMethod,
);
// Is there any existing extra info for the pending order?
$extraInfo = serialize($amazonInfo);
if ($order['extrainfo'] != "") {
$extraArray = @unserialize($order['extrainfo']);
if (is_array($extraArray)) {
$extraInfo = serialize(array_merge($extraArray, $amazonInfo));
}
}
$updatedOrder = array(
'ordpayproviderid' => $transactionId,
'ordpaymentstatus' => 'captured',
'extrainfo' => $extraInfo,
);
$this->UpdateOrders($updatedOrder);
$this->SetPaymentStatus(PAYMENT_STATUS_PAID);
$GLOBALS['ISC_CLASS_LOG']->LogSystemSuccess(array('payment', $this->GetName()), sprintf(GetLang($this->_languagePrefix.'Success'), $this->GetCombinedOrderId()));
return true;
}
/**
* Handle a browser request to finish a picnik edit, typically triggered by clicking the 'save and close' button in picnik -- will download the new image and store it locally
*
* @return void
*/
public function handleReceivePicnik()
{
$token = $this->loadToken(Interspire_Request::get('token'));
$remoteFile = $_GET['file'];
$this->template->assign('PicnikRemoteFile', $remoteFile);
if (!$token) {
$this->template->assign('PicnikError', GetLang('PicnikError_InvalidToken'));
} else {
$token['imagetype'] = (int)$token['imagetype'];
$this->receivePicnik($token, $remoteFile);
}
// all done, redirect to where the user was when starting the edit session
$this->template->display('pageheader.popup.tpl');
$this->template->display('picnik.received.tpl');
$this->template->display('pagefooter.popup.tpl');
}
private function SaveUpdatedCheckoutSettings()
{
// Firstly we will delete *all* existing module variables for shippers. This way, if one
// was previously configured and unchecked then its old variables wont be saved and it
// wont be marked as configured even when it's not
$GLOBALS['ISC_CLASS_DB']->DeleteQuery('module_vars', "WHERE modulename like 'checkout_%'");
if (!isset($_POST['checkoutproviders'])) {
$_POST['checkoutproviders'] = array();
}
// If they've selected to use the built in provider, override any other selections
// coming in from the request
if(GetConfig('EnableBuiltInGateway') && $_POST['builtInGateway'] == 1) {
$_POST['checkoutproviders'] = array(
'checkout_'.GetConfig('BuiltInGateway')
);
$_POST['checkout_'.GetConfig('BuiltInGateway')] = $_POST['builtin'];
}
$enabledStack = array();
$messages = array();
// Can the selected payment modules be enabled?
foreach ($_POST['checkoutproviders'] as $provider) {
GetModuleById('checkout', $module, $provider);
if (is_object($module)) {
// Is this checkout provider supported on this server?
if($module->IsSupported() == false) {
$errors = $module->GetErrors();
foreach($errors as $error) {
FlashMessage($error, MSG_ERROR);
}
continue;
}
// Otherwise, this checkout provider is fine, so add it to the stack of enabled
$enabledStack[] = $provider;
}
}
// A list of the checkout modules we've just enabled
$justEnabled = array_diff($enabledStack, explode(',', GetConfig('CheckoutMethods')));
$checkoutproviders = implode(",", $enabledStack);
$GLOBALS['ISC_NEW_CFG']['CheckoutMethods'] = $checkoutproviders;
// Save the order settings they specified too
if ($_POST['updateinventory'] == 1) {
$GLOBALS['ISC_NEW_CFG']['UpdateInventoryLevels'] = 1;
}
else {
$GLOBALS['ISC_NEW_CFG']['UpdateInventoryLevels'] = 0;
}
$GLOBALS['ISC_NEW_CFG']['UpdateInventoryOnOrderEdit'] = (int)Interspire_Request::post('UpdateInventoryOnOrderEdit', 0);
$GLOBALS['ISC_NEW_CFG']['UpdateInventoryOnOrderDelete'] = (int)Interspire_Request::post('UpdateInventoryOnOrderDelete', 0);
$GLOBALS['ISC_NEW_CFG']['DigitalOrderHandlingFee'] = 0;
if(isset($_POST['EnableDigitalOrderHandlingFee'])) {
$GLOBALS['ISC_NEW_CFG']['DigitalOrderHandlingFee'] = $_POST['DigitalOrderHandlingFee'];
}
// Save any selected notification statuses
$GLOBALS['ISC_NEW_CFG']['OrderStatusNotifications'] = '';
if (isset($_POST['orderstatusemails']) && is_array($_POST['orderstatusemails'])) {
$GLOBALS['ISC_NEW_CFG']['OrderStatusNotifications'] = implode(",", array_map("intval", $_POST['orderstatusemails']));
}
if($_POST['CheckoutType'] == 'single') {
$GLOBALS['ISC_NEW_CFG']['CheckoutType'] = 'single';
}
else {
$GLOBALS['ISC_NEW_CFG']['CheckoutType'] = 'multipage';
}
if(isset($_POST['EnableOrderComments'])) {
$GLOBALS['ISC_NEW_CFG']['EnableOrderComments'] = 1;
}
else {
$GLOBALS['ISC_NEW_CFG']['EnableOrderComments'] = 0;
}
if(isset($_POST['EnableOrderTermsAndConditions']) && isset($_POST['OrderTermsAndConditionsType'])) {
if($_POST['OrderTermsAndConditionsType'] == 'link') {
if(trim($_POST['OrderTermsAndConditionsLink']) == '' || trim($_POST['OrderTermsAndConditionsLink']) == "http://") {
FlashMessage(GetLang('EnterTermsAndConditionsLink'), MSG_ERROR);
} else {
$GLOBALS['ISC_NEW_CFG']['OrderTermsAndConditionsLink'] = $_POST['OrderTermsAndConditionsLink'];
}
} else {
if(trim($_POST['OrderTermsAndConditionsTextarea']) == '') {
FlashMessage(GetLang('EnterTermsAndConditions'), MSG_ERROR);
} else {
$GLOBALS['ISC_NEW_CFG']['OrderTermsAndConditions'] = $_POST['OrderTermsAndConditionsTextarea'];
}
}
$GLOBALS['ISC_NEW_CFG']['OrderTermsAndConditionsType'] = $_POST['OrderTermsAndConditionsType'];
$GLOBALS['ISC_NEW_CFG']['EnableOrderTermsAndConditions'] = 1;
}
else {
$GLOBALS['ISC_NEW_CFG']['EnableOrderTermsAndConditions'] = 0;
$GLOBALS['ISC_NEW_CFG']['OrderTermsAndConditions'] = "";
}
if(isset($_POST['MultipleShippingAddresses'])) {
$GLOBALS['ISC_NEW_CFG']['MultipleShippingAddresses'] = 1;
}
else {
$GLOBALS['ISC_NEW_CFG']['MultipleShippingAddresses'] = 0;
}
$GLOBALS['ISC_NEW_CFG']['GuestCheckoutEnabled'] = 0;
$GLOBALS['ISC_NEW_CFG']['GuestCheckoutCreateAccounts'] = 0;
if(isset($_POST['GuestCheckoutEnabled'])) {
$GLOBALS['ISC_NEW_CFG']['GuestCheckoutEnabled'] = 1;
if(isset($_POST['GuestCheckoutCreateAccounts'])) {
$GLOBALS['ISC_NEW_CFG']['GuestCheckoutCreateAccounts'] = 1;
}
}
$settings = GetClass('ISC_ADMIN_SETTINGS');
$messages = array();
if ($settings->CommitSettings($messages)) {
// Save the module settings to the module_vars table
// First, delete all existing entries
foreach($messages as $message => $status) {
FlashMessage($message, $status);
}
// Delete existing module configuration
$GLOBALS['ISC_CLASS_DB']->DeleteQuery('module_vars', "WHERE modulename LIKE 'checkout\_%'");
// Now get all checkout variables (they are in an array from $_POST)
foreach($enabledStack as $module_id) {
$vars = array();
if(isset($_POST[$module_id])) {
$vars = $_POST[$module_id];
}
GetModuleById('checkout', $module, $module_id);
if (!$module->SaveModuleSettings($vars)) {
$errors = $module->GetErrors();
foreach($errors as $error) {
FlashMessage($error, MSG_ERROR);
}
}
}
// Rebuild the cache of the checkout module variables
$GLOBALS['ISC_CLASS_DATA_STORE']->UpdateCheckoutModuleVars();
if ($GLOBALS['ISC_CLASS_DB']->Error() == "") {
// Log this action
$GLOBALS['ISC_CLASS_LOG']->LogAdminAction();
// Just configured tax
$redirectUrl = 'index.php?ToDo=viewCheckoutSettings';
$message = GetLang('CheckoutSettingsSavedSuccessfully');
// If we haven't enabled anything new, we've just saved settings. So mark as complete
if(!in_array('paymentMethods', GetConfig('GettingStartedCompleted')) && empty($justEnabled)) {
GetClass('ISC_ADMIN_ENGINE')->MarkGettingStartedComplete('paymentMethods');
$redirectUrl = 'index.php';
$message = GetLang('CheckoutSettingsSavedNoConfigure');
}
FlashMessage($message, MSG_SUCCESS, $redirectUrl);
}
else {
FlashMessage(GetLang('CheckoutSettingsNotSaved'), MSG_ERROR, 'index.php?ToDo=viewCheckoutSettings');
}
} else {
FlashMessage(GetLang('CheckoutSettingsNotSaved'), MSG_ERROR, 'index.php?ToDo=viewCheckoutSettings');
}
}
