/** * Processes the Order * * Verifies all data, updates and stores it in the database, and * initializes payment * @return boolean True on successs, false otherwise */ static function process() { global $objDatabase, $_ARRAYLANG; // FOR TESTING ONLY (repeatedly process/store the order, also disable self::destroyCart()) //$_SESSION['shop']['order_id'] = NULL; // Verify that the order hasn't yet been saved // (and has thus not yet been confirmed) if (isset($_SESSION['shop']['order_id'])) { return \Message::error($_ARRAYLANG['TXT_ORDER_ALREADY_PLACED']); } // No more confirmation self::$objTemplate->hideBlock('shopConfirm'); // Store the customer, register the order $customer_ip = $_SERVER['REMOTE_ADDR']; $customer_host = substr(@gethostbyaddr($_SERVER['REMOTE_ADDR']), 0, 100); $customer_browser = substr(getenv('HTTP_USER_AGENT'), 0, 100); $new_customer = false; //\DBG::log("Shop::process(): E-Mail: ".$_SESSION['shop']['email']); if (self::$objCustomer) { //\DBG::log("Shop::process(): Existing User username ".$_SESSION['shop']['username'].", email ".$_SESSION['shop']['email']); } else { // Registered Customers are required to be logged in! self::$objCustomer = Customer::getRegisteredByEmail($_SESSION['shop']['email']); if (self::$objCustomer) { \Message::error($_ARRAYLANG['TXT_SHOP_CUSTOMER_REGISTERED_EMAIL']); \Cx\Core\Csrf\Controller\Csrf::redirect(\Cx\Core\Routing\Url::fromModuleAndCmd('Shop', 'login') . '?redirect=' . base64_encode(\Cx\Core\Routing\Url::fromModuleAndCmd('Shop', 'confirm'))); } // Unregistered Customers are stored as well, as their information is needed // nevertheless. Their active status, however, is set to false. self::$objCustomer = Customer::getUnregisteredByEmail($_SESSION['shop']['email']); if (!self::$objCustomer) { self::$objCustomer = new Customer(); // Currently, the e-mail address is set as the user name $_SESSION['shop']['username'] = $_SESSION['shop']['email']; //\DBG::log("Shop::process(): New User username ".$_SESSION['shop']['username'].", email ".$_SESSION['shop']['email']); self::$objCustomer->username($_SESSION['shop']['username']); self::$objCustomer->email($_SESSION['shop']['email']); // Note that the password is unset when the Customer chooses // to order without registration. The generated one // defaults to length 8, fulfilling the requirements for // complex passwords. And it's kept absolutely secret. $password = empty($_SESSION['shop']['password']) ? \User::make_password() : $_SESSION['shop']['password']; //\DBG::log("Password: $password (session: {$_SESSION['shop']['password']})"); if (!self::$objCustomer->password($password)) { \Message::error($_ARRAYLANG['TXT_INVALID_PASSWORD']); \Cx\Core\Csrf\Controller\Csrf::redirect(\Cx\Core\Routing\Url::fromModuleAndCmd('Shop', 'account')); } self::$objCustomer->active(empty($_SESSION['shop']['dont_register'])); $new_customer = true; } } // Update the Customer object from the session array // (whether new or not -- it may have been edited) self::$objCustomer->gender($_SESSION['shop']['gender']); self::$objCustomer->firstname($_SESSION['shop']['firstname']); self::$objCustomer->lastname($_SESSION['shop']['lastname']); self::$objCustomer->company($_SESSION['shop']['company']); self::$objCustomer->address($_SESSION['shop']['address']); self::$objCustomer->city($_SESSION['shop']['city']); self::$objCustomer->zip($_SESSION['shop']['zip']); self::$objCustomer->country_id($_SESSION['shop']['countryId']); self::$objCustomer->phone($_SESSION['shop']['phone']); self::$objCustomer->fax($_SESSION['shop']['fax']); $arrGroups = self::$objCustomer->getAssociatedGroupIds(); $usergroup_id = \Cx\Core\Setting\Controller\Setting::getValue('usergroup_id_reseller', 'Shop'); if (empty($usergroup_id)) { //\DBG::log("Shop::process(): ERROR: Missing reseller group"); \Message::error($_ARRAYLANG['TXT_SHOP_ERROR_USERGROUP_INVALID']); \Cx\Core\Csrf\Controller\Csrf::redirect(\Cx\Core\Routing\Url::fromModuleAndCmd('Shop', '')); } if (!in_array($usergroup_id, $arrGroups)) { //\DBG::log("Shop::process(): Customer is not in Reseller group (ID $usergroup_id)"); // Not a reseller. See if she's a final customer $usergroup_id = \Cx\Core\Setting\Controller\Setting::getValue('usergroup_id_customer', 'Shop'); if (empty($usergroup_id)) { //\DBG::log("Shop::process(): ERROR: Missing final customer group"); \Message::error($_ARRAYLANG['TXT_SHOP_ERROR_USERGROUP_INVALID']); \Cx\Core\Csrf\Controller\Csrf::redirect(\Cx\Core\Routing\Url::fromModuleAndCmd('Shop', '')); } if (!in_array($usergroup_id, $arrGroups)) { //\DBG::log("Shop::process(): Customer is not in final customer group (ID $usergroup_id), either"); // Neither one, add to the final customer group (default) $arrGroups[] = $usergroup_id; self::$objCustomer->setGroups($arrGroups); //\DBG::log("Shop::process(): Added Customer to final customer group (ID $usergroup_id): ".var_export(self::$objCustomer->getAssociatedGroupIds(), true)); } else { //\DBG::log("Shop::process(): Customer is a final customer (ID $usergroup_id) already: ".var_export(self::$objCustomer->getAssociatedGroupIds(), true)); } } else { //\DBG::log("Shop::process(): Customer is a Reseller (ID $usergroup_id) already: ".var_export(self::$objCustomer->getAssociatedGroupIds(), true)); } // Insert or update the customer //\DBG::log("Shop::process(): Storing Customer: ".var_export(self::$objCustomer, true)); if (!self::$objCustomer->store()) { return \Message::error($_ARRAYLANG['TXT_SHOP_CUSTOMER_ERROR_STORING']); } // Authenticate new Customer if ($new_customer) { // Fails for "unregistered" Customers! if (self::$objCustomer->auth($_SESSION['shop']['username'], $_SESSION['shop']['password'], false, true)) { if (!self::_authenticate()) { return \Message::error($_ARRAYLANG['TXT_SHOP_CUSTOMER_ERROR_STORING']); } } } //die(); // Clear the ship-to country if there is no shipping if (!Cart::needs_shipment()) { $_SESSION['shop']['countryId2'] = 0; } $shipper_id = empty($_SESSION['shop']['shipperId']) ? null : $_SESSION['shop']['shipperId']; $payment_id = empty($_SESSION['shop']['paymentId']) ? null : $_SESSION['shop']['paymentId']; $objOrder = new Order(); $objOrder->customer_id(self::$objCustomer->id()); $objOrder->billing_gender($_SESSION['shop']['gender']); $objOrder->billing_firstname($_SESSION['shop']['firstname']); $objOrder->billing_lastname($_SESSION['shop']['lastname']); $objOrder->billing_company($_SESSION['shop']['company']); $objOrder->billing_address($_SESSION['shop']['address']); $objOrder->billing_city($_SESSION['shop']['city']); $objOrder->billing_zip($_SESSION['shop']['zip']); $objOrder->billing_country_id($_SESSION['shop']['countryId']); $objOrder->billing_phone($_SESSION['shop']['phone']); $objOrder->billing_fax($_SESSION['shop']['fax']); $objOrder->billing_email($_SESSION['shop']['email']); $objOrder->currency_id($_SESSION['shop']['currencyId']); $objOrder->sum($_SESSION['shop']['grand_total_price']); $objOrder->date_time(date(ASCMS_DATE_FORMAT_INTERNATIONAL_DATETIME)); $objOrder->status(0); $objOrder->company($_SESSION['shop']['company2']); $objOrder->gender($_SESSION['shop']['gender2']); $objOrder->firstname($_SESSION['shop']['firstname2']); $objOrder->lastname($_SESSION['shop']['lastname2']); $objOrder->address($_SESSION['shop']['address2']); $objOrder->city($_SESSION['shop']['city2']); $objOrder->zip($_SESSION['shop']['zip2']); $objOrder->country_id($_SESSION['shop']['countryId2']); $objOrder->phone($_SESSION['shop']['phone2']); $objOrder->vat_amount($_SESSION['shop']['vat_price']); $objOrder->shipment_amount($_SESSION['shop']['shipment_price']); $objOrder->shipment_id($shipper_id); $objOrder->payment_id($payment_id); $objOrder->payment_amount($_SESSION['shop']['payment_price']); $objOrder->ip($customer_ip); $objOrder->host($customer_host); $objOrder->lang_id(FRONTEND_LANG_ID); $objOrder->browser($customer_browser); $objOrder->note($_SESSION['shop']['note']); if (!$objOrder->insert()) { // $order_id is unset! return \Message::error($_ARRAYLANG['TXT_SHOP_ORDER_ERROR_STORING']); } $order_id = $objOrder->id(); $_SESSION['shop']['order_id'] = $order_id; // The products will be tested one by one below. // If any single one of them requires delivery, this // flag will be set to true. // This is used to determine the order status at the // end of the shopping process. $_SESSION['shop']['isDelivery'] = false; // Try to redeem the Coupon, if any $coupon_code = isset($_SESSION['shop']['coupon_code']) ? $_SESSION['shop']['coupon_code'] : null; //\DBG::log("Cart::update(): Coupon Code: $coupon_code"); $items_total = 0; // Suppress Coupon messages (see Coupon::available()) \Message::save(); foreach (Cart::get_products_array() as $arrProduct) { $objProduct = Product::getById($arrProduct['id']); if (!$objProduct) { unset($_SESSION['shop']['order_id']); return \Message::error($_ARRAYLANG['TXT_ERROR_LOOKING_UP_ORDER']); } $product_id = $arrProduct['id']; $name = $objProduct->name(); $priceOptions = !empty($arrProduct['optionPrice']) ? $arrProduct['optionPrice'] : 0; $quantity = $arrProduct['quantity']; $price = $objProduct->get_custom_price(self::$objCustomer, $priceOptions, $quantity); $item_total = $price * $quantity; $items_total += $item_total; $productVatId = $objProduct->vat_id(); $vat_rate = $productVatId && Vat::getRate($productVatId) ? Vat::getRate($productVatId) : '0.00'; // Test the distribution method for delivery $productDistribution = $objProduct->distribution(); if ($productDistribution == 'delivery') { $_SESSION['shop']['isDelivery'] = true; } $weight = $productDistribution == 'delivery' ? $objProduct->weight() : 0; // grams if ($weight == '') { $weight = 0; } // Add to order items table $result = $objOrder->insertItem($order_id, $product_id, $name, $price, $quantity, $vat_rate, $weight, $arrProduct['options']); if (!$result) { unset($_SESSION['shop']['order_id']); // TODO: Verify error message set by Order::insertItem() return false; } // Store the Product Coupon, if applicable. // Note that it is not redeemed yet (uses=0)! if ($coupon_code) { $objCoupon = Coupon::available($coupon_code, $item_total, self::$objCustomer->id(), $product_id, $payment_id); if ($objCoupon) { //\DBG::log("Shop::process(): Got Coupon for Product ID $product_id: ".var_export($objCoupon, true)); if (!$objCoupon->redeem($order_id, self::$objCustomer->id(), $price * $quantity, 0)) { // TODO: Do something if the Coupon does not work \DBG::log("Shop::process(): ERROR: Failed to store Coupon for Product ID {$product_id}"); } $coupon_code = null; } } } // foreach product in cart // Store the Global Coupon, if applicable. // Note that it is not redeemed yet (uses=0)! //\DBG::log("Shop::process(): Looking for global Coupon $coupon_code"); if ($coupon_code) { $objCoupon = Coupon::available($coupon_code, $items_total, self::$objCustomer->id(), null, $payment_id); if ($objCoupon) { //\DBG::log("Shop::process(): Got global Coupon: ".var_export($objCoupon, true)); if (!$objCoupon->redeem($order_id, self::$objCustomer->id(), $items_total, 0)) { \DBG::log("Shop::process(): ERROR: Failed to store global Coupon"); } } } \Message::restore(); $processor_id = Payment::getProperty($_SESSION['shop']['paymentId'], 'processor_id'); $processor_name = PaymentProcessing::getPaymentProcessorName($processor_id); // other payment methods PaymentProcessing::initProcessor($processor_id); // TODO: These arguments are no longer valid. Set them up later? // Currency::getActiveCurrencyCode(), // FWLanguage::getLanguageParameter(FRONTEND_LANG_ID, 'lang')); // if the processor is Internal_LSV, and there is account information, // store the information. if ($processor_name == 'internal_lsv') { if (!self::lsv_complete()) { // Missing mandatory data; return to payment unset($_SESSION['shop']['order_id']); \Message::error($_ARRAYLANG['TXT_ERROR_ACCOUNT_INFORMATION_NOT_AVAILABLE']); \Cx\Core\Csrf\Controller\Csrf::redirect(\Cx\Core\Routing\Url::fromModuleAndCmd('Shop', 'payment')); } $query = "\n INSERT INTO " . DBPREFIX . "module_shop" . MODULE_INDEX . "_lsv (\n order_id, holder, bank, blz\n ) VALUES (\n {$order_id},\n '" . contrexx_raw2db($_SESSION['shop']['account_holder']) . "',\n '" . contrexx_raw2db($_SESSION['shop']['account_bank']) . "',\n '" . contrexx_raw2db($_SESSION['shop']['account_blz']) . "'\n )"; $objResult = $objDatabase->Execute($query); if (!$objResult) { // Return to payment unset($_SESSION['shop']['order_id']); \Message::error($_ARRAYLANG['TXT_ERROR_INSERTING_ACCOUNT_INFORMATION']); \Cx\Core\Csrf\Controller\Csrf::redirect(\Cx\Core\Routing\Url::fromModuleAndCmd('Shop', 'payment')); } } $_SESSION['shop']['order_id_checkin'] = $order_id; $strProcessorType = PaymentProcessing::getCurrentPaymentProcessorType(); // Test whether the selected payment method can be // considered an instant or deferred one. // This is used to set the order status at the end // of the shopping process. // TODO: Invert this flag, as it may no longer be present after paying // online using one of the external payment methods! Ensure that it is set // instead when paying "deferred". $_SESSION['shop']['isInstantPayment'] = false; if ($strProcessorType == 'external') { // For the sake of simplicity, all external payment // methods are considered to be 'instant'. // All currently implemented internal methods require // further action from the merchant, and thus are // considered to be 'deferred'. $_SESSION['shop']['isInstantPayment'] = true; } // Send the Customer login separately, as the password possibly // won't be available later if (!empty($_SESSION['shop']['password'])) { self::sendLogin(self::$objCustomer->email(), $_SESSION['shop']['password']); } // Show payment processing page. // Note that some internal payments are redirected away // from this page in checkOut(): // 'internal', 'internal_lsv' self::$objTemplate->setVariable('SHOP_PAYMENT_PROCESSING', PaymentProcessing::checkOut()); // Clear the order ID. // The order may be resubmitted and the payment retried. unset($_SESSION['shop']['order_id']); // Custom. // Enable if Discount class is customized and in use. //self::showCustomerDiscount(Cart::get_price()); return true; }
/** * Updates the status of the Order with the given ID * * If the order exists and has the pending status (status == 0), * it is updated according to the payment and distribution type. * Note that status other than pending are never changed! * If the optional argument $newOrderStatus is set and not pending, * the order status is set to that value instead. * Returns the new Order status on success. * If either the order ID is invalid, or if the update fails, returns * the Order status "pending" (zero). * @access private * @static * @param integer $order_id The ID of the current order * @param integer $newOrderStatus The optional new order status. * @param string $handler The Payment type name in use * @return integer The new order status (may be zero) * if the order status can be changed * accordingly, zero otherwise */ static function update_status($order_id, $newOrderStatus = 0, $handler = NULL) { global $objDatabase, $_ARRAYLANG; if (is_null($handler) && isset($_REQUEST['handler'])) { $handler = contrexx_input2raw($_REQUEST['handler']); } $order_id = intval($order_id); if ($order_id == 0) { return Order::STATUS_CANCELLED; } $query = "\n SELECT status, payment_id, shipment_id\n FROM " . DBPREFIX . "module_shop" . MODULE_INDEX . "_orders\n WHERE id={$order_id}"; $objResult = $objDatabase->Execute($query); if (!$objResult || $objResult->EOF) { return Order::STATUS_CANCELLED; } $status = $objResult->fields['status']; // Never change a non-pending status! // Whether a payment was successful or not, the status must be // left alone. if ($status != Order::STATUS_PENDING) { // The status of the order is not pending. // This may be due to a wrong order ID, a page reload, // or a PayPal IPN that has been received already. // No order status is changed automatically in these cases! // Leave it as it is. return $status; } // Determine and verify the payment handler $payment_id = $objResult->fields['payment_id']; //if (!$payment_id) DBG::log("update_status($order_id, $newOrderStatus): Failed to find Payment ID for Order ID $order_id"); $processor_id = Payment::getPaymentProcessorId($payment_id); //if (!$processor_id) DBG::log("update_status($order_id, $newOrderStatus): Failed to find Processor ID for Payment ID $payment_id"); $processorName = PaymentProcessing::getPaymentProcessorName($processor_id); //if (!$processorName) DBG::log("update_status($order_id, $newOrderStatus): Failed to find Processor Name for Processor ID $processor_id"); // The payment processor *MUST* match the handler returned. if (!preg_match("/^{$handler}/i", $processorName)) { //DBG::log("update_status($order_id, $newOrderStatus): Mismatching Handlers: Order $processorName, Request ".$_GET['handler']); return Order::STATUS_CANCELLED; } // Only if the optional new order status argument is zero, // determine the new status automatically. if ($newOrderStatus == Order::STATUS_PENDING) { // The new order status is determined by two properties: // - The method of payment (instant/deferred), and // - The method of delivery (if any). // If the payment takes place instantly (currently, all // external payments processors are considered to do so), // and there is no delivery needed (because it's all // downloads), the order status is switched to 'completed' // right away. // If only one of these conditions is met, the status is set to // 'paid', or 'delivered' respectively. // If neither condition is met, the status is set to 'confirmed'. $newOrderStatus = Order::STATUS_CONFIRMED; $processorType = PaymentProcessing::getCurrentPaymentProcessorType($processor_id); $shipmentId = $objResult->fields['shipment_id']; if ($processorType == 'external') { // External payment types are considered instant. // See $_SESSION['shop']['isInstantPayment']. if ($shipmentId == 0) { // instant, download -> completed $newOrderStatus = Order::STATUS_COMPLETED; } else { // There is a shipper, so this order will bedelivered. // See $_SESSION['shop']['isDelivery']. // instant, delivery -> paid $newOrderStatus = Order::STATUS_PAID; } } else { // Internal payment types are considered deferred. if ($shipmentId == 0) { // deferred, download -> shipped $newOrderStatus = Order::STATUS_SHIPPED; } //else { deferred, delivery -> confirmed } } } $query = "\n UPDATE " . DBPREFIX . "module_shop" . MODULE_INDEX . "_orders\n SET status='{$newOrderStatus}'\n WHERE id={$order_id}"; $objResult = $objDatabase->Execute($query); if (!$objResult) { // The query failed, but all the data is okay. // Don't cancel the order, leave it as it is and let the shop // manager handle this. Return pending status. return Order::STATUS_PENDING; } if ($newOrderStatus == Order::STATUS_CONFIRMED || $newOrderStatus == Order::STATUS_PAID || $newOrderStatus == Order::STATUS_SHIPPED || $newOrderStatus == Order::STATUS_COMPLETED) { if (!ShopLibrary::sendConfirmationMail($order_id)) { // Note that this message is only shown when the page is // displayed, which may be on another request! \Message::error($_ARRAYLANG['TXT_SHOP_UNABLE_TO_SEND_EMAIL']); } } // The shopping cart *MUST* be flushed right after this method // returns a true value (greater than zero). // If the new order status is zero however, the cart may // be left alone and the payment process can be tried again. return $newOrderStatus; }