/**
* Gets a list of orders as a result set
*
* @param int $Start The starting position to retrieve orders from
* @param string $SortField The field to sort the orders on
* @param string $SortOrder The order in which to sort the orders by, ASC or DESC
* @param variable $NumOrders $NumOrders will be set to the number of orders that are retrieved
* @param mixed $limit The max orders to retrieve, or false to not limit
* @param variable $numDeletedOrders will be set to the number of deleted orders that match the provided query
* @return resource The database result set of orders
*/
public function _GetOrderList($Start, $SortField, $SortOrder, &$NumOrders, $limit = ISC_ORDERS_PER_PAGE, &$numDeletedOrders = 0)
{
$extraFields = '';
$extraJoins = '';
if(isset($_REQUEST['couponCode']) && trim($_REQUEST['couponCode']) != '') {
$extraFields = 'DISTINCT(co.ordcouporderid), ';
$extraJoins = sprintf("INNER JOIN [|PREFIX|]order_coupons co ON (co.ordcouporderid=o.orderid AND co.ordcouponcode='%s')", $GLOBALS['ISC_CLASS_DB']->Quote($_REQUEST['couponCode']));
}
// Return an array containing details about orders.
$query = sprintf("
SELECT %so.*, c.*, s.statusdesc AS ordstatustext, CONCAT(custconfirstname, ' ', custconlastname) AS custname,
(
SELECT COUNT(messageid)
FROM [|PREFIX|]order_messages
WHERE messageorderid=orderid
) AS nummessages,
(
SELECT COUNT(messageid)
FROM [|PREFIX|]order_messages
WHERE messageorderid=orderid AND messagestatus != 'read'
) AS numunreadmessages,
(
SELECT COUNT(messageid)
FROM [|PREFIX|]order_messages
WHERE messageorderid=orderid AND messagefrom='customer' AND messagestatus='unread'
) AS newmessages
FROM [|PREFIX|]orders o
LEFT JOIN [|PREFIX|]customers c ON (o.ordcustid=c.customerid)
LEFT JOIN [|PREFIX|]order_status s ON (s.statusid=o.ordstatus)
%s", $extraFields, $extraJoins);
$countQuery = "SELECT COUNT(o.orderid) FROM [|PREFIX|]orders o";
if (!empty($extraJoins)) {
$countQuery .= ' '.$extraJoins;
}
if(isset($_REQUEST['newMessages'])) {
$countQuery .= " LEFT JOIN [|PREFIX|]order_messages ON (messageorderid=orderid) AND messagefrom='customer' AND messagestatus='unread'";
}
if (Interspire_Request::request('searchDeletedOrders', 'no') == 'no' && !is_numeric(Interspire_Request::request('searchQuery', ''))) {
// setup to also search for deleted orders using the same parameters
$deletedQuery = true;
$deletedCountQuery = $countQuery;
$deletedRequest = $_REQUEST;
$deletedRequest['searchDeletedOrders'] = 'only';
} else {
// the current search scope includes deleted orders, don't bother searching for them again
$deletedQuery = false;
$numDeletedOrders = 0;
}
// Are there any search parameters?
$res = $this->BuildWhereFromVars($_REQUEST);
$query .= " WHERE 1=1 " . $res["query"];
$countQuery .= " " . $res['count'] . " WHERE 1=1 " . $res['query'];
if ($deletedQuery) {
$res = $this->BuildWhereFromVars($deletedRequest);
$deletedCountQuery .= " " . $res['count'] . " WHERE 1=1 " . $res['query'];
$deletedCountQuery .= ' AND deleted = 1';
}
// Only those with new messages?
if (isset($_REQUEST['newMessages'])) {
// @todo should this also adjust countQuery?
$query .= " HAVING newmessages >= 1";
}
// How many results do we have?
$result = $GLOBALS['ISC_CLASS_DB']->Query($countQuery);
$NumOrders = (int)$GLOBALS['ISC_CLASS_DB']->FetchOne($result);
if ($deletedQuery) {
$deletedResult = $this->db->Query($deletedCountQuery);
$numDeletedOrders = (int)$this->db->FetchOne($deletedResult);
}
// Add the limit
$query .= sprintf(" order by %s %s", $SortField, $SortOrder);
if($limit !== false) {
$query .= $GLOBALS['ISC_CLASS_DB']->AddLimit($Start, $limit);
}
$result = $GLOBALS['ISC_CLASS_DB']->Query($query);
if($GLOBALS['ISC_CLASS_DB']->CountResult($result) == 0) {
$GLOBALS['HideViewAllLink'] = 'none';
}
return $result;
}
public function VerifyOrderPayment()
{
$status = Interspire_Request::request('status');
$orderid = Interspire_Request::request('referenceId');
$hash = Interspire_Request::request('hash');
$sessionId = Interspire_Request::request('sessionId');
$amazonAmount = Interspire_Request::request('transactionAmount');
$operation = Interspire_Request::request('operation');
$paymentMethod = Interspire_Request::request('paymentMethod');
$buyerEmail = Interspire_Request::request('buyerEmail');
$transactionId = Interspire_Request::request('transactionId');
$amount = false;
if ($amazonAmount) {
$amount = explode(' ', $amazonAmount);
if (count($amount) >= 1) {
$amount = $amount[1];
} else {
$amount = false;
}
}
if (!$amount) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix.'InvalidAmount'), $amazonAmount);
return false;
}
if ($orderid != $this->GetCombinedOrderId() || $operation != 'pay' || $sessionId != $_COOKIE['SHOP_ORDER_TOKEN'] || $amount != $this->GetGatewayAmount()) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix.'ErrorMismatch'));
return false;
}
// check signature to ensure this response is from amazon simple pay
if (!$this->_verifySignature()) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix.'ErrorVerifySignature'));
return false;
}
if (md5($this->GetValue("accessid").$this->GetValue("secretkey").$orderid.$sessionId.$amazonAmount) != $hash) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), GetLang($this->_languagePrefix.'ErrorMismatch'));
return false;
}
if (!($status == 'PS' || $status == 'PI')) {
$GLOBALS['ISC_CLASS_LOG']->LogSystemError(array('payment', $this->GetName()), sprintf(GetLang($this->_languagePrefix.'ErrorMismatch'), $status), GetLang($this->_languagePrefix.'ResponseCodes'));
return false;
}
$orders = $this->GetOrders();
$order = current($orders);
$amazonInfo = array(
'Amazon Email' => $buyerEmail,
'Payment Method' => $paymentMethod,
);
// Is there any existing extra info for the pending order?
$extraInfo = serialize($amazonInfo);
if ($order['extrainfo'] != "") {
$extraArray = @unserialize($order['extrainfo']);
if (is_array($extraArray)) {
$extraInfo = serialize(array_merge($extraArray, $amazonInfo));
}
}
$updatedOrder = array(
'ordpayproviderid' => $transactionId,
'ordpaymentstatus' => 'captured',
'extrainfo' => $extraInfo,
);
$this->UpdateOrders($updatedOrder);
$this->SetPaymentStatus(PAYMENT_STATUS_PAID);
$GLOBALS['ISC_CLASS_LOG']->LogSystemSuccess(array('payment', $this->GetName()), sprintf(GetLang($this->_languagePrefix.'Success'), $this->GetCombinedOrderId()));
return true;
}
