/** * Gets a list of orders as a result set * * @param int $Start The starting position to retrieve orders from * @param string $SortField The field to sort the orders on * @param string $SortOrder The order in which to sort the orders by, ASC or DESC * @param variable $NumOrders $NumOrders will be set to the number of orders that are retrieved * @param mixed $limit The max orders to retrieve, or false to not limit * @param variable $numDeletedOrders will be set to the number of deleted orders that match the provided query * @return resource The database result set of orders */ public function _GetOrderList($Start, $SortField, $SortOrder, &$NumOrders, $limit = ISC_ORDERS_PER_PAGE, &$numDeletedOrders = 0) { $extraFields = ''; $extraJoins = ''; if(isset($_REQUEST['couponCode']) && trim($_REQUEST['couponCode']) != '') { $extraFields = 'DISTINCT(co.ordcouporderid), '; $extraJoins = sprintf("INNER JOIN [|PREFIX|]order_coupons co ON (co.ordcouporderid=o.orderid AND co.ordcouponcode='%s')", $GLOBALS['ISC_CLASS_DB']->Quote($_REQUEST['couponCode'])); } // Return an array containing details about orders. $query = sprintf(" SELECT %so.*, c.*, s.statusdesc AS ordstatustext, CONCAT(custconfirstname, ' ', custconlastname) AS custname, ( SELECT COUNT(messageid) FROM [|PREFIX|]order_messages WHERE messageorderid=orderid ) AS nummessages, ( SELECT COUNT(messageid) FROM [|PREFIX|]order_messages WHERE messageorderid=orderid AND messagestatus != 'read' ) AS numunreadmessages, ( SELECT COUNT(messageid) FROM [|PREFIX|]order_messages WHERE messageorderid=orderid AND messagefrom='customer' AND messagestatus='unread' ) AS newmessages FROM [|PREFIX|]orders o LEFT JOIN [|PREFIX|]customers c ON (o.ordcustid=c.customerid) LEFT JOIN [|PREFIX|]order_status s ON (s.statusid=o.ordstatus) %s", $extraFields, $extraJoins); $countQuery = "SELECT COUNT(o.orderid) FROM [|PREFIX|]orders o"; if (!empty($extraJoins)) { $countQuery .= ' '.$extraJoins; } if(isset($_REQUEST['newMessages'])) { $countQuery .= " LEFT JOIN [|PREFIX|]order_messages ON (messageorderid=orderid) AND messagefrom='customer' AND messagestatus='unread'"; } if (Interspire_Request::request('searchDeletedOrders', 'no') == 'no' && !is_numeric(Interspire_Request::request('searchQuery', ''))) { // setup to also search for deleted orders using the same parameters $deletedQuery = true; $deletedCountQuery = $countQuery; $deletedRequest = $_REQUEST; $deletedRequest['searchDeletedOrders'] = 'only'; } else { // the current search scope includes deleted orders, don't bother searching for them again $deletedQuery = false; $numDeletedOrders = 0; } // Are there any search parameters? $res = $this->BuildWhereFromVars($_REQUEST); $query .= " WHERE 1=1 " . $res["query"]; $countQuery .= " " . $res['count'] . " WHERE 1=1 " . $res['query']; if ($deletedQuery) { $res = $this->BuildWhereFromVars($deletedRequest); $deletedCountQuery .= " " . $res['count'] . " WHERE 1=1 " . $res['query']; $deletedCountQuery .= ' AND deleted = 1'; } // Only those with new messages? if (isset($_REQUEST['newMessages'])) { // @todo should this also adjust countQuery? $query .= " HAVING newmessages >= 1"; } // How many results do we have? $result = $GLOBALS['ISC_CLASS_DB']->Query($countQuery); $NumOrders = (int)$GLOBALS['ISC_CLASS_DB']->FetchOne($result); if ($deletedQuery) { $deletedResult = $this->db->Query($deletedCountQuery); $numDeletedOrders = (int)$this->db->FetchOne($deletedResult); } // Add the limit $query .= sprintf(" order by %s %s", $SortField, $SortOrder); if($limit !== false) { $query .= $GLOBALS['ISC_CLASS_DB']->AddLimit($Start, $limit); } $result = $GLOBALS['ISC_CLASS_DB']->Query($query); if($GLOBALS['ISC_CLASS_DB']->CountResult($result) == 0) { $GLOBALS['HideViewAllLink'] = 'none'; } return $result; }
public function VerifyOrderPayment() { $status = Interspire_Request::request('status'); $orderid = Interspire_Request::request('referenceId'); $hash = Interspire_Request::request('hash'); $sessionId = Interspire_Request::request('sessionId'); $amazonAmount = Interspire_Request::request('transactionAmount'); $operation = Interspire_Request::request('operation'); $paymentMethod = Interspire_Request::request('paymentMethod'); $buyerEmail = Interspire_Request::request('buyerEmail'); $transactionId = Interspire_Request::request('transactionId'); $amount = false; if ($amazonAmount) { $amount = explode(' ', $amazonAmount); if (count($amount) >= 1) { $amount = $amount[1]; } else { $amount = false; } } if (!$amount) { $GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix.'InvalidAmount'), $amazonAmount); return false; } if ($orderid != $this->GetCombinedOrderId() || $operation != 'pay' || $sessionId != $_COOKIE['SHOP_ORDER_TOKEN'] || $amount != $this->GetGatewayAmount()) { $GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix.'ErrorMismatch')); return false; } // check signature to ensure this response is from amazon simple pay if (!$this->_verifySignature()) { $GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix.'ErrorVerifySignature')); return false; } if (md5($this->GetValue("accessid").$this->GetValue("secretkey").$orderid.$sessionId.$amazonAmount) != $hash) { $GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix.'ErrorMismatch')); return false; } if (!($status == 'PS' || $status == 'PI')) { $GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), sprintf(GetLang($this->_languagePrefix.'ErrorMismatch'), $status), GetLang($this->_languagePrefix.'ResponseCodes')); return false; } $orders = $this->GetOrders(); $order = current($orders); $amazonInfo = array( 'Amazon Email' => $buyerEmail, 'Payment Method' => $paymentMethod, ); // Is there any existing extra info for the pending order? $extraInfo = serialize($amazonInfo); if ($order['extrainfo'] != "") { $extraArray = @unserialize($order['extrainfo']); if (is_array($extraArray)) { $extraInfo = serialize(array_merge($extraArray, $amazonInfo)); } } $updatedOrder = array( 'ordpayproviderid' => $transactionId, 'ordpaymentstatus' => 'captured', 'extrainfo' => $extraInfo, ); $this->UpdateOrders($updatedOrder); $this->SetPaymentStatus(PAYMENT_STATUS_PAID); $GLOBALS['ISC_CLASS_LOG']->LogSystemSuccess(array('payment', $this->GetName()), sprintf(GetLang($this->_languagePrefix.'Success'), $this->GetCombinedOrderId())); return true; }