function getContent() { /* display the module name */ $this->_html = '<h2>' . $this->displayName . '</h2>'; /* update the editorial xml */ if (isset($_POST['submitUpdate'])) { // Forbidden key $forbidden = array('submitUpdate'); foreach ($_POST as $key => $value) { if (!Validate::isCleanHtml($_POST[$key])) { $this->_html .= $this->displayError($this->l('Invalid html field, javascript is forbidden')); $this->_displayForm(); return $this->_html; } } // Generate new XML data $newXml = '<?xml version=\'1.0\' encoding=\'utf-8\' ?>' . "\n"; $newXml .= '<editorial>' . "\n"; $newXml .= ' <header>'; // Making header data foreach ($_POST as $key => $field) { if ($line = $this->putContent($newXml, $key, $field, $forbidden, 'header')) { $newXml .= $line; } } $newXml .= "\n" . ' </header>' . "\n"; $newXml .= ' <body>'; // Making body data foreach ($_POST as $key => $field) { if ($line = $this->putContent($newXml, $key, $field, $forbidden, 'body')) { $newXml .= $line; } } $newXml .= "\n" . ' </body>' . "\n"; $newXml .= '</editorial>' . "\n"; /* write it into the editorial xml file */ if ($fd = @fopen(dirname(__FILE__) . '/editorial.xml', 'w')) { if (!@fwrite($fd, $newXml)) { $this->_html .= $this->displayError($this->l('Unable to write to the editor file.')); } if (!@fclose($fd)) { $this->_html .= $this->displayError($this->l('Can\'t close the editor file.')); } } else { $this->_html .= $this->displayError($this->l('Unable to update the editor file.<br />Please check the editor file\'s writing permissions.')); } /* upload the image */ if (isset($_FILES['body_homepage_logo']) and isset($_FILES['body_homepage_logo']['tmp_name']) and !empty($_FILES['body_homepage_logo']['tmp_name'])) { Configuration::set('PS_IMAGE_GENERATION_METHOD', 1); if ($error = checkImage($_FILES['body_homepage_logo'], $this->maxImageSize)) { $this->_html .= $error; } elseif (!imageResize($_FILES['body_homepage_logo'], dirname(__FILE__) . '/homepage_logo.jpg')) { $this->_html .= $this->displayError($this->l('An error occurred during the image upload.')); } } } /* display the editorial's form */ $this->_displayForm(); return $this->_html; }
function smartyText($data) { // Prevent xss injection. if (Validate::isCleanHtml($data)) { return stripslashes(preg_replace('/\\v+|\\\\[rn]/', '<br/>', $data)); } return ''; }
public function initContent() { parent::initContent(); if (Tools::isSubmit('submitMessage')) { $message = Tools::getValue('message'); // Html entities is not usefull, iscleanHtml check there is no bad html tags. $phone = Tools::getValue('tel'); $mobile = Tools::getValue('mobile'); if (!($from = trim(Tools::getValue('from'))) || !Validate::isEmail($from)) { $this->errors[] = Tools::displayError('Invalid email address.'); } else { if (!$message) { $this->errors[] = Tools::displayError('The message cannot be blank.'); } else { if (!Validate::isCleanHtml($message)) { $this->errors[] = Tools::displayError('Invalid message'); } else { if (!Validate::isPhoneNumber($phone)) { $this->errors[] = Tools::displayError('Invalid phone number.'); } else { if (!Validate::isPhoneNumber($mobile)) { $this->errors[] = Tools::displayError('Invalid Mobile number.'); } } } } } // var_dump($this->errors,empty($this->errors)); if (empty($this->errors)) { $id_product = Tools::getValue('product_id'); //var_dump($id_product); $product = new Product($id_product); //var_dump($product); $product_name = ''; $item_number = ''; if (Validate::isLoadedObject($product) && isset($product->name[(int) $this->context->language->id])) { $product_name = $product->name[(int) $this->context->language->id]; $item_number = $product->item_number; } $data = array('{name}' => Tools::getValue('name'), '{phone}' => $phone, '{mobile}' => $mobile, '{message}' => $message, '{item_number}' => $item_number, '{product}' => $product_name, '{date}' => date('Y-m-d H:i:s'), '{email}' => $from); $sampleObj = new requestsample(); $sampleObj->sendmail($data, $from, (int) $this->context->language->id, 'request_quote', 'New Request for Quote'); $this->context->smarty->assign('confirmation', 1); } } $this->context->smarty->assign('product_id', $_GET['pr_id']); $this->setTemplate('quote_form.tpl'); }
public function update($nullValues = false) { $ishtml = false; foreach ($this->value as $i18n_value) { if (Validate::isCleanHtml($i18n_value)) { $ishtml = true; break; } } Configuration::updateValue($this->name, $this->value, $ishtml); $last_insert = Db::getInstance()->getRow(' SELECT `id_configuration` AS id FROM `' . _DB_PREFIX_ . 'configuration` WHERE `name` = \'' . pSQL($this->name) . '\''); if ($last_insert) { $this->id = $last_insert['id']; } return true; }
/** * @see AdminController::processUpdateOptions() */ public function processUpdateOptions() { if ($this->isGeoLiteCityAvailable()) { Configuration::updateValue('PS_GEOLOCATION_ENABLED', (int) Tools::getValue('PS_GEOLOCATION_ENABLED')); } elseif (Tools::getValue('PS_GEOLOCATION_ENABLED')) { $this->errors[] = $this->trans('The geolocation database is unavailable.', array(), 'Admin.International.Notification'); } if (empty($this->errors)) { if (!is_array(Tools::getValue('countries')) || !count(Tools::getValue('countries'))) { $this->errors[] = $this->trans('Country selection is invalid.', array(), 'Admin.International.Notification'); } else { Configuration::updateValue('PS_GEOLOCATION_BEHAVIOR', !(int) Tools::getValue('PS_GEOLOCATION_BEHAVIOR') ? _PS_GEOLOCATION_NO_CATALOG_ : _PS_GEOLOCATION_NO_ORDER_); Configuration::updateValue('PS_GEOLOCATION_NA_BEHAVIOR', (int) Tools::getValue('PS_GEOLOCATION_NA_BEHAVIOR')); Configuration::updateValue('PS_ALLOWED_COUNTRIES', implode(';', Tools::getValue('countries'))); } if (!Validate::isCleanHtml(Tools::getValue('PS_GEOLOCATION_WHITELIST'))) { $this->errors[] = $this->trans('Invalid whitelist', array(), 'Admin.International.Notification'); } else { Configuration::updateValue('PS_GEOLOCATION_WHITELIST', str_replace("\n", ';', str_replace("\r", '', Tools::getValue('PS_GEOLOCATION_WHITELIST')))); } } return parent::processUpdateOptions(); }
/** * Start forms process * @see FrontController::postProcess() */ public function postProcess() { if (Tools::isSubmit('submitMessage')) { $fileAttachment = null; if (isset($_FILES['fileUpload']['name']) && !empty($_FILES['fileUpload']['name']) && !empty($_FILES['fileUpload']['tmp_name'])) { $extension = array('.txt', '.rtf', '.doc', '.docx', '.pdf', '.zip', '.png', '.jpeg', '.gif', '.jpg'); $filename = uniqid() . substr($_FILES['fileUpload']['name'], -5); $fileAttachment['content'] = file_get_contents($_FILES['fileUpload']['tmp_name']); $fileAttachment['name'] = $_FILES['fileUpload']['name']; $fileAttachment['mime'] = $_FILES['fileUpload']['type']; } $message = Tools::getValue('message'); // Html entities is not usefull, iscleanHtml check there is no bad html tags. if (!($from = trim(Tools::getValue('from'))) || !Validate::isEmail($from)) { $this->errors[] = Tools::displayError('Invalid e-mail address'); } else { if (!$message) { $this->errors[] = Tools::displayError('Message cannot be blank'); } else { if (!Validate::isCleanHtml($message)) { $this->errors[] = Tools::displayError('Invalid message'); } else { if (!($id_contact = (int) Tools::getValue('id_contact')) || !Validate::isLoadedObject($contact = new Contact($id_contact, $this->context->language->id))) { $this->errors[] = Tools::displayError('Please select a subject from the list.'); } else { if (!empty($_FILES['fileUpload']['name']) && $_FILES['fileUpload']['error'] != 0) { $this->errors[] = Tools::displayError('An error occurred during the file upload'); } else { if (!empty($_FILES['fileUpload']['name']) && !in_array(substr($_FILES['fileUpload']['name'], -4), $extension) && !in_array(substr($_FILES['fileUpload']['name'], -5), $extension)) { $this->errors[] = Tools::displayError('Bad file extension'); } else { $customer = $this->context->customer; if (!$customer->id) { $customer->getByEmail($from); } $contact = new Contact($id_contact, $this->context->language->id); if (!(($id_customer_thread = (int) Tools::getValue('id_customer_thread')) && (int) Db::getInstance()->getValue(' SELECT cm.id_customer_thread FROM ' . _DB_PREFIX_ . 'customer_thread cm WHERE cm.id_customer_thread = ' . (int) $id_customer_thread . ' AND cm.id_shop = ' . (int) $this->context->shop->id . ' AND token = \'' . pSQL(Tools::getValue('token')) . '\'') || ($id_customer_thread = CustomerThread::getIdCustomerThreadByEmailAndIdOrder($from, (int) Tools::getValue('id_order'))))) { $fields = Db::getInstance()->executeS(' SELECT cm.id_customer_thread, cm.id_contact, cm.id_customer, cm.id_order, cm.id_product, cm.email FROM ' . _DB_PREFIX_ . 'customer_thread cm WHERE email = \'' . pSQL($from) . '\' AND cm.id_shop = ' . (int) $this->context->shop->id . ' AND (' . ($customer->id ? 'id_customer = ' . (int) $customer->id . ' OR ' : '') . ' id_order = ' . (int) Tools::getValue('id_order') . ')'); $score = 0; foreach ($fields as $key => $row) { $tmp = 0; if ((int) $row['id_customer'] && $row['id_customer'] != $customer->id && $row['email'] != $from) { continue; } if ($row['id_order'] != 0 && Tools::getValue('id_order') != $row['id_order']) { continue; } if ($row['email'] == $from) { $tmp += 4; } if ($row['id_contact'] == $id_contact) { $tmp++; } if (Tools::getValue('id_product') != 0 && $row['id_product'] == Tools::getValue('id_product')) { $tmp += 2; } if ($tmp >= 5 && $tmp >= $score) { $score = $tmp; $id_customer_thread = $row['id_customer_thread']; } } } $old_message = Db::getInstance()->getValue(' SELECT cm.message FROM ' . _DB_PREFIX_ . 'customer_message cm LEFT JOIN ' . _DB_PREFIX_ . 'customer_thread cc on (cm.id_customer_thread = cc.id_customer_thread) WHERE cc.id_customer_thread = ' . (int) $id_customer_thread . ' AND cc.id_shop = ' . (int) $this->context->shop->id . ' ORDER BY cm.date_add DESC'); if ($old_message == $message) { $this->context->smarty->assign('alreadySent', 1); $contact->email = ''; $contact->customer_service = 0; } if (!empty($contact->email)) { $id_order = (int) Tools::getValue('id_order', 0); $order = new Order($id_order); $mail_var_list = array('{email}' => $from, '{message}' => Tools::nl2br(stripslashes($message)), '{id_order}' => $id_order, '{order_name}' => $order->getUniqReference(), '{attached_file}' => isset($_FILES['fileUpload'], $_FILES['fileUpload']['name']) ? $_FILES['fileUpload']['name'] : ''); if (Mail::Send($this->context->language->id, 'contact', Mail::l('Message from contact form'), $mail_var_list, $contact->email, $contact->name, $from, $customer->id ? $customer->firstname . ' ' . $customer->lastname : '', $fileAttachment) && Mail::Send($this->context->language->id, 'contact_form', Mail::l('Your message has been correctly sent'), $mail_var_list, $from)) { $this->context->smarty->assign('confirmation', 1); } else { $this->errors[] = Tools::displayError('An error occurred while sending message.'); } } if ($contact->customer_service) { if ((int) $id_customer_thread) { $ct = new CustomerThread($id_customer_thread); $ct->status = 'open'; $ct->id_lang = (int) $this->context->language->id; $ct->id_contact = (int) $id_contact; if ($id_order = (int) Tools::getValue('id_order')) { $ct->id_order = $id_order; } if ($id_product = (int) Tools::getValue('id_product')) { $ct->id_product = $id_product; } $ct->update(); } else { $ct = new CustomerThread(); if (isset($customer->id)) { $ct->id_customer = (int) $customer->id; } $ct->id_shop = (int) $this->context->shop->id; if ($id_order = (int) Tools::getValue('id_order')) { $ct->id_order = $id_order; } if ($id_product = (int) Tools::getValue('id_product')) { $ct->id_product = $id_product; } $ct->id_contact = (int) $id_contact; $ct->id_lang = (int) $this->context->language->id; $ct->email = $from; $ct->status = 'open'; $ct->token = Tools::passwdGen(12); $ct->add(); } if ($ct->id) { $cm = new CustomerMessage(); $cm->id_customer_thread = $ct->id; $cm->message = Tools::htmlentitiesUTF8($message); if (isset($filename) && rename($_FILES['fileUpload']['tmp_name'], _PS_MODULE_DIR_ . '../upload/' . $filename)) { $cm->file_name = $filename; } $cm->ip_address = ip2long($_SERVER['REMOTE_ADDR']); $cm->user_agent = $_SERVER['HTTP_USER_AGENT']; if ($cm->add()) { if (empty($contact->email)) { $var_list = array('{order_name}' => '-', '{attached_file}' => '-', '{message}' => stripslashes($message)); if ($ct->id_order) { $order = new Order($ct->id_order); $var_list['{order_name}'] = $order->reference; } if (isset($filename)) { $var_list['{attached_file}'] = $_FILES['fileUpload']['name']; } Mail::Send($this->context->language->id, 'contact_form', Mail::l('Your message has been correctly sent'), $var_list, $from); } $this->context->smarty->assign('confirmation', 1); } else { $this->errors[] = Tools::displayError('An error occurred while sending message.'); } } else { $this->errors[] = Tools::displayError('An error occurred while sending message.'); } } if (count($this->errors) > 1) { array_unique($this->errors); } } } } } } } } }
public function renderFormAddress() { // Change table and className for addresses $this->table = 'address'; $this->className = 'Address'; $id_address = Tools::getValue('id_address'); // Create Object Address $address = new Address($id_address); $res = $address->getFieldsRequiredDatabase(); $required_fields = array(); foreach ($res as $row) { $required_fields[(int) $row['id_required_field']] = $row['field_name']; } $form = array('legend' => array('title' => $this->l('Addresses'), 'icon' => 'icon-building')); if (!$address->id_manufacturer || !Manufacturer::manufacturerExists($address->id_manufacturer)) { $form['input'][] = array('type' => 'select', 'label' => $this->l('Choose the manufacturer'), 'name' => 'id_manufacturer', 'options' => array('query' => Manufacturer::getManufacturers(), 'id' => 'id_manufacturer', 'name' => 'name')); } else { $form['input'][] = array('type' => 'text', 'label' => $this->l('Manufacturer'), 'name' => 'name', 'col' => 4, 'disabled' => true); $form['input'][] = array('type' => 'hidden', 'name' => 'id_manufacturer'); } $form['input'][] = array('type' => 'hidden', 'name' => 'alias'); $form['input'][] = array('type' => 'hidden', 'name' => 'id_address'); if (in_array('company', $required_fields)) { $form['input'][] = array('type' => 'text', 'label' => $this->l('Company'), 'name' => 'company', 'display' => in_array('company', $required_fields), 'required' => in_array('company', $required_fields), 'maxlength' => 16, 'col' => 4, 'hint' => $this->l('Company name for this supplier')); } $form['input'][] = array('type' => 'text', 'label' => $this->l('Last name'), 'name' => 'lastname', 'required' => true, 'col' => 4, 'hint' => $this->l('Invalid characters:') . ' 0-9!<>,;?=+()@#"�{}_$%:'); $form['input'][] = array('type' => 'text', 'label' => $this->l('First name'), 'name' => 'firstname', 'required' => true, 'col' => 4, 'hint' => $this->l('Invalid characters:') . ' 0-9!<>,;?=+()@#"�{}_$%:'); $form['input'][] = array('type' => 'text', 'label' => $this->l('Address'), 'name' => 'address1', 'col' => 6, 'required' => true); $form['input'][] = array('type' => 'text', 'label' => $this->l('Address (2)'), 'name' => 'address2', 'col' => 6, 'required' => in_array('address2', $required_fields)); $form['input'][] = array('type' => 'text', 'label' => $this->l('Zip/postal code'), 'name' => 'postcode', 'col' => 2, 'required' => in_array('postcode', $required_fields)); $form['input'][] = array('type' => 'text', 'label' => $this->l('City'), 'name' => 'city', 'col' => 4, 'required' => true); $form['input'][] = array('type' => 'select', 'label' => $this->l('Country'), 'name' => 'id_country', 'required' => false, 'default_value' => (int) $this->context->country->id, 'col' => 4, 'options' => array('query' => Country::getCountries($this->context->language->id), 'id' => 'id_country', 'name' => 'name')); $form['input'][] = array('type' => 'select', 'label' => $this->l('State'), 'name' => 'id_state', 'required' => false, 'col' => 4, 'options' => array('query' => array(), 'id' => 'id_state', 'name' => 'name')); $form['input'][] = array('type' => 'text', 'label' => $this->l('Home phone'), 'name' => 'phone', 'col' => 4, 'required' => in_array('phone', $required_fields)); $form['input'][] = array('type' => 'text', 'label' => $this->l('Mobile phone'), 'name' => 'phone_mobile', 'col' => 4, 'required' => in_array('phone_mobile', $required_fields)); $form['input'][] = array('type' => 'textarea', 'label' => $this->l('Other'), 'name' => 'other', 'required' => false, 'hint' => $this->l('Forbidden characters:') . ' <>;=#{}', 'rows' => 2, 'cols' => 10, 'col' => 6); $form['submit'] = array('title' => $this->l('Save')); $this->fields_value = array('name' => Manufacturer::getNameById($address->id_manufacturer), 'alias' => 'manufacturer', 'id_country' => $address->id_country); $this->initToolbar(); $this->fields_form[0]['form'] = $form; $this->getlanguages(); $helper = new HelperForm(); $helper->show_cancel_button = true; $back = Tools::safeOutput(Tools::getValue('back', '')); if (empty($back)) { $back = self::$currentIndex . '&token=' . $this->token; } if (!Validate::isCleanHtml($back)) { die(Tools::displayError()); } $helper->back_url = $back; $helper->currentIndex = self::$currentIndex; $helper->token = $this->token; $helper->table = $this->table; $helper->identifier = $this->identifier; $helper->title = $this->l('Edit Addresses'); $helper->id = $address->id; $helper->toolbar_scroll = true; $helper->languages = $this->_languages; $helper->default_form_language = $this->default_form_language; $helper->allow_employee_form_lang = $this->allow_employee_form_lang; $helper->fields_value = $this->getFieldsValue($address); $helper->toolbar_btn = $this->toolbar_btn; $this->content .= $helper->generateForm($this->fields_form); }
if (is_array($states) and !empty($states)) { $list = ''; if (Tools::getValue('no_empty') != true) { $list = '<option value="0">-----------</option>' . "\n"; } foreach ($states as $state) { $list .= '<option value="' . (int) $state['id_state'] . '"' . ((isset($_GET['id_state']) and $_GET['id_state'] == $state['id_state']) ? ' selected="selected"' : '') . '>' . $state['name'] . '</option>' . "\n"; } } else { $list = 'false'; } die($list); } if (Tools::isSubmit('submitCustomerNote') and $id_customer = (int) Tools::getValue('id_customer')) { $note = html_entity_decode(Tools::getValue('note')); if (!empty($note) and !Validate::isCleanHtml($note)) { die('error:validation'); } if (!Db::getInstance()->Execute('UPDATE ' . _DB_PREFIX_ . 'customer SET `note` = "' . pSQL($note, true) . '" WHERE id_customer = ' . (int) $id_customer . ' LIMIT 1')) { die('error:update'); } die('ok'); } if (Tools::getValue('form_language_id')) { if (!($cookie->employee_form_lang = (int) Tools::getValue('form_language_id'))) { die('Error while updating cookie.'); } die('Form language updated.'); } if (Tools::getValue('submitPublishProduct')) { global $cookie;
/** * Function used to render the form for this controller */ public function renderForm() { if (!$this->default_form_language) { $this->getLanguages(); } if (Tools::getValue('submitFormAjax')) { $this->content .= $this->context->smarty->fetch('form_submit_ajax.tpl'); } if ($this->fields_form && is_array($this->fields_form)) { if (!$this->multiple_fieldsets) { $this->fields_form = array(array('form' => $this->fields_form)); } // For add a fields via an override of $fields_form, use $fields_form_override if (is_array($this->fields_form_override) && !empty($this->fields_form_override)) { $this->fields_form[0]['form']['input'] = array_merge($this->fields_form[0]['form']['input'], $this->fields_form_override); } $fields_value = $this->getFieldsValue($this->object); Hook::exec('action' . $this->controller_name . 'FormModifier', array('fields' => &$this->fields_form, 'fields_value' => &$fields_value, 'form_vars' => &$this->tpl_form_vars)); $helper = new HelperForm($this); $this->setHelperDisplay($helper); $helper->fields_value = $fields_value; $helper->submit_action = $this->submit_action; $helper->tpl_vars = $this->getTemplateFormVars(); $helper->show_cancel_button = isset($this->show_form_cancel_button) ? $this->show_form_cancel_button : $this->display == 'add' || $this->display == 'edit'; $back = Tools::safeOutput(Tools::getValue('back', '')); if (empty($back)) { $back = self::$currentIndex . '&token=' . $this->token; } if (!Validate::isCleanHtml($back)) { die(Tools::displayError()); } $helper->back_url = $back; !is_null($this->base_tpl_form) ? $helper->base_tpl = $this->base_tpl_form : ''; if ($this->tabAccess['view']) { if (Tools::getValue('back')) { $helper->tpl_vars['back'] = Tools::safeOutput(Tools::getValue('back')); } else { $helper->tpl_vars['back'] = Tools::safeOutput(Tools::getValue(self::$currentIndex . '&token=' . $this->token)); } } $form = $helper->generateForm($this->fields_form); return $form; } }
/** * Adds a new private message for the Admin */ public function addNewPrivateMessage($order_id, $message) { if (!(bool) $order_id) { return false; } $new_message = new Message(); $message = strip_tags($message, '<br>'); if (!Validate::isCleanHtml($message)) { $message = $this->l('Payment message is not valid, please check your module.'); } $new_message->message = $message; $new_message->id_order = $order_id; $new_message->private = 1; return $new_message->add(); }
protected function addItem() { $title = Tools::getValue('item_title'); $content = Tools::getValue('item_html'); if (!Validate::isCleanHtml($title, (int) Configuration::get('PS_ALLOW_HTML_IFRAME')) || !Validate::isCleanHtml($content, (int) Configuration::get('PS_ALLOW_HTML_IFRAME'))) { $this->context->smarty->assign('error', $this->l('Invalid content')); return false; } if (!($current_order = (int) Db::getInstance()->getValue(' SELECT item_order + 1 FROM `' . _DB_PREFIX_ . 'themeconfigurator` WHERE id_shop = ' . (int) $this->context->shop->id . ' AND id_lang = ' . (int) Tools::getValue('id_lang') . ' AND hook = \'' . pSQL(Tools::getValue('item_hook')) . '\' ORDER BY item_order DESC'))) { $current_order = 1; } $image_w = is_numeric(Tools::getValue('item_img_w')) ? (int) Tools::getValue('item_img_w') : ''; $image_h = is_numeric(Tools::getValue('item_img_h')) ? (int) Tools::getValue('item_img_h') : ''; if (!empty($_FILES['item_img']['name'])) { if (!($image = $this->uploadImage($_FILES['item_img'], $image_w, $image_h))) { return false; } } else { $image = ''; $image_w = ''; $image_h = ''; } if (!Db::getInstance()->Execute(' INSERT INTO `' . _DB_PREFIX_ . 'themeconfigurator` ( `id_shop`, `id_lang`, `item_order`, `title`, `title_use`, `hook`, `url`, `target`, `image`, `image_w`, `image_h`, `html`, `active` ) VALUES ( \'' . (int) $this->context->shop->id . '\', \'' . (int) Tools::getValue('id_lang') . '\', \'' . (int) $current_order . '\', \'' . pSQL($title) . '\', \'' . (int) Tools::getValue('item_title_use') . '\', \'' . pSQL(Tools::getValue('item_hook')) . '\', \'' . pSQL(Tools::getValue('item_url')) . '\', \'' . (int) Tools::getValue('item_target') . '\', \'' . pSQL($image) . '\', \'' . pSQL($image_w) . '\', \'' . pSQL($image_h) . '\', \'' . pSQL($this->filterVar($content), true) . '\', 1)')) { if (!Tools::isEmpty($image)) { $this->deleteImage($image); } $this->context->smarty->assign('error', $this->l('An error occurred while saving data.')); return false; } $this->context->smarty->assign('confirmation', $this->l('New item successfully added.')); return true; }
/** * @param null|string $key if null get all header params otherwise the params specified by the key * @throw WebserviceException if the key is corrupted (use Validate::isCleanHtml method) * @throw WebserviceException if the asked key does'nt exists. * @return array|string */ public function getHeaderParams($key = null) { $return = ''; if (!is_null($key)) { if (!Validate::isCleanHtml($key)) { throw new WebserviceException('the key you write is a corrupted text.', array(95, 500)); } if (!array_key_exists($key, $this->headerParams)) { throw new WebserviceException(sprintf('The key %s does\'nt exist', $key), array(96, 500)); } $return = $this->headerParams[$key]; } else { $return = $this->headerParams; } return $return; }
/** * Add order private message. * * @param $text * @return bool */ public function addMessage($text) { $message = new Message(); $text = strip_tags($text, '<br>'); if (!Validate::isCleanHtml($text)) { $text = 'Invalid payment message.'; } $message->message = $text; $message->id_order = (int) $this->getOrderId(); $message->private = 1; return $message->add(); }
/** * Method processAddAttachments() : Change name of file which are uploaded for this product * Rules: * - For the first upload the filename has been : name-of-product.extention * - For the second upload : name-of-product-1.extention * - ... * * @module now_seo_links * @return void * * @see AdminProductsControllerCore::processAddAttachments() */ public function processAddAttachments() { $languages = Language::getLanguages(false); $is_attachment_name_valid = false; foreach ($languages as $language) { $attachment_name_lang = Tools::getValue('attachment_name_' . (int) $language['id_lang']); if (Tools::strlen($attachment_name_lang) > 0) { $is_attachment_name_valid = true; } if (!Validate::isGenericName(Tools::getValue('attachment_name_' . (int) $language['id_lang']))) { $this->errors[] = Tools::displayError('Invalid Name'); } elseif (Tools::strlen(Tools::getValue('attachment_name_' . (int) $language['id_lang'])) > 32) { $this->errors[] = sprintf(Tools::displayError('The name is too long (%d chars max).'), 32); } if (!Validate::isCleanHtml(Tools::getValue('attachment_description_' . (int) $language['id_lang']))) { $this->errors[] = Tools::displayError('Invalid description'); } } if (!$is_attachment_name_valid) { $this->errors[] = Tools::displayError('An attachment name is required.'); } if (empty($this->errors)) { if (isset($_FILES['attachment_file']) && is_uploaded_file($_FILES['attachment_file']['tmp_name'])) { if ($_FILES['attachment_file']['size'] > Configuration::get('PS_ATTACHMENT_MAXIMUM_SIZE') * 1024 * 1024) { $this->errors[] = sprintf($this->l('The file is too large. Maximum size allowed is: %1$d kB. The file you\'re trying to upload is: %2$d kB.'), Configuration::get('PS_ATTACHMENT_MAXIMUM_SIZE') * 1024, number_format($_FILES['attachment_file']['size'] / 1024, 2, '.', '')); } else { do { $uniqid = sha1(microtime()); } while (file_exists(_PS_DOWNLOAD_DIR_ . $uniqid)); if (!copy($_FILES['attachment_file']['tmp_name'], _PS_DOWNLOAD_DIR_ . $uniqid)) { $this->errors[] = $this->l('File copy failed'); } @unlink($_FILES['attachment_file']['tmp_name']); } } elseif ((int) $_FILES['attachment_file']['error'] === 1) { $max_upload = (int) ini_get('upload_max_filesize'); $max_post = (int) ini_get('post_max_size'); $upload_mb = min($max_upload, $max_post); $this->errors[] = sprintf($this->l('The file %1$s exceeds the size allowed by the server. The limit is set to %2$d MB.'), '<b>' . $_FILES['attachment_file']['name'] . '</b> ', '<b>' . $upload_mb . '</b>'); } else { $this->errors[] = Tools::displayError('The file is missing.'); } if (empty($this->errors) && isset($uniqid)) { $attachment = new Attachment(); foreach ($languages as $language) { if (Tools::getIsset('attachment_name_' . (int) $language['id_lang'])) { $attachment->name[(int) $language['id_lang']] = Tools::getValue('attachment_name_' . (int) $language['id_lang']); } if (Tools::getIsset('attachment_description_' . (int) $language['id_lang'])) { $attachment->description[(int) $language['id_lang']] = Tools::getValue('attachment_description_' . (int) $language['id_lang']); } } if (Tools::getIsset('name_' . (int) Configuration::get('PS_LANG_DEFAULT'))) { $sFilename = $_FILES['attachment_file']['name']; $sExtention = substr($sFilename, strrpos($sFilename, '.') + 1); $attachment->file_name = Tools::link_rewrite(trim(Tools::getValue('name_' . (int) Configuration::get('PS_LANG_DEFAULT')))); // On regarde si c'est le premier document joint au produit ou pas $aAttachmentOfProduct = $attachment->getAttachments(Context::getContext()->language->id, (int) Tools::getValue('id_product')); $iNb = count($aAttachmentOfProduct); if ($iNb > 0) { $attachment->file_name .= '-' . $iNb; } $attachment->file_name .= '.' . $sExtention; } $attachment->file = $uniqid; $attachment->mime = $_FILES['attachment_file']['type']; if (empty($attachment->mime) || Tools::strlen($attachment->mime) > 128) { $this->errors[] = Tools::displayError('Invalid file extension'); } if (!Validate::isGenericName($attachment->file_name)) { $this->errors[] = Tools::displayError('Invalid file name'); } if (Tools::strlen($attachment->file_name) > 128) { $this->errors[] = Tools::displayError('The file name is too long.'); } if (empty($this->errors)) { $res = $attachment->add(); if (!$res) { $this->errors[] = Tools::displayError('This attachment was unable to be loaded into the database.'); } else { $id_product = (int) Tools::getValue($this->identifier); $res = $attachment->attachProduct($id_product); if (!$res) { $this->errors[] = Tools::displayError('We were unable to associate this attachment to a product.'); } } } else { $this->errors[] = Tools::displayError('Invalid file'); } } } }
/** * Options lists */ public function displayOptionsList() { $tab = Tab::getTab($this->context->language->id, $this->id); // Retrocompatibility < 1.5.0 if (!$this->optionsList && $this->_fieldsOptions) { $this->optionsList = array('options' => array('title' => $this->optionTitle ? $this->optionTitle : $this->l('Options'), 'fields' => $this->_fieldsOptions)); } if (!$this->optionsList) { return; } echo '<br />'; echo '<script type="text/javascript"> id_language = Number(' . $this->context->language->id . '); </script>'; $action = Tools::safeOutput(self::$currentIndex . '&submitOptions' . $this->table . '=1&token=' . $this->token); echo '<form action="' . $action . '" method="post" enctype="multipart/form-data">'; foreach ($this->optionsList as $category => $categoryData) { $required = false; $this->displayTopOptionCategory($category, $categoryData); echo '<fieldset>'; // Options category title $legend = '<img src="' . (!empty($tab['module']) && file_exists($_SERVER['DOCUMENT_ROOT'] . _MODULE_DIR_ . $tab['module'] . '/' . $tab['class_name'] . '.gif') ? _MODULE_DIR_ . $tab['module'] . '/' : '../img/t/') . $tab['class_name'] . '.gif" /> '; $legend .= isset($categoryData['title']) ? $categoryData['title'] : $this->l('Options'); echo '<legend>' . $legend . '</legend>'; // Category fields if (!isset($categoryData['fields'])) { continue; } // Category description if (isset($categoryData['description']) && $categoryData['description']) { echo '<p class="optionsDescription">' . $categoryData['description'] . '</p>'; } foreach ($categoryData['fields'] as $key => $field) { // Field value $value = Tools::getValue($key, Configuration::get($key)); if (!Validate::isCleanHtml($value)) { $value = Configuration::get($key); } if (isset($field['defaultValue']) && !$value) { $value = $field['defaultValue']; } // Check if var is invisible (can't edit it in current shop context), or disable (use default value for multishop) $isDisabled = $isInvisible = false; if (Shop::isFeatureActive()) { if (isset($field['visibility']) && $field['visibility'] > Shop::getContext()) { $isDisabled = true; $isInvisible = true; } elseif (Shop::getContext() != Shop::CONTEXT_ALL && !Configuration::isOverridenByCurrentContext($key)) { $isDisabled = true; } } // Display title echo '<div style="clear: both; padding-top:15px;" id="conf_id_' . $key . '" ' . ($isInvisible ? 'class="isInvisible"' : '') . '>'; if ($field['title']) { echo '<label class="conf_title">'; // Is this field required ? if (isset($field['required']) && $field['required']) { $required = true; echo '<sup>*</sup> '; } echo $field['title'] . '</label>'; } echo '<div class="margin-form" style="padding-top:5px;">'; // Display option inputs $method = 'displayOptionType' . Tools::toCamelCase($field['type'], true); if (!method_exists($this, $method)) { $this->displayOptionTypeText($key, $field, $value); } else { $this->{$method}($key, $field, $value); } // Multishop default value if (Shop::isFeatureActive() && Shop::getContext() != Shop::CONTEXT_ALL && !$isInvisible) { echo '<div class="preference_default_multishop"> <label> <input type="checkbox" name="multishopOverrideOption[' . $key . ']" value="1" ' . ($isDisabled ? 'checked="checked"' : '') . ' onclick="checkMultishopDefaultValue(this, \'' . $key . '\')" /> ' . $this->l('Use default value') . ' </label> </div>'; } // Field description //echo (isset($field['desc']) ? '<p class="preference_description">'.((isset($field['thumb']) AND $field['thumb'] AND $field['thumb']['pos'] == 'after') ? '<img src="'.$field['thumb']['file'].'" alt="'.$field['title'].'" title="'.$field['title'].'" style="float:left;" />' : '' ).$field['desc'].'</p>' : ''); echo isset($field['desc']) ? '<p class="preference_description">' . $field['desc'] . '</p>' : ''; // Is this field invisible in current shop context ? echo $isInvisible ? '<p class="multishop_warning">' . $this->l('You cannot change the value of this configuration field in this shop context') . '</p>' : ''; echo '</div></div>'; } echo '<div align="center" style="margin-top: 20px;">'; echo '<input type="submit" value="' . $this->l(' Save ') . '" name="submit' . ucfirst($category) . $this->table . '" class="button" />'; echo '</div>'; if ($required) { echo '<div class="small"><sup>*</sup> ' . $this->l('Required field') . '</div>'; } echo '</fieldset><br />'; $this->displayBottomOptionCategory($category, $categoryData); } echo '</form>'; }
public function initToolbar() { switch ($this->display) { case 'add': case 'edit': // Default save button - action dynamically handled in javascript $this->toolbar_btn['save'] = array('href' => '#', 'desc' => $this->l('Save')); $back = Tools::safeOutput(Tools::getValue('back', '')); if (empty($back)) { $back = self::$currentIndex . '&token=' . $this->token; } if (!Validate::isCleanHtml($back)) { die(Tools::displayError()); } if (!$this->lite_display) { $this->toolbar_btn['cancel'] = array('href' => $back, 'desc' => $this->l('Cancel')); } break; case 'delete': Db::getInstance()->delete(_DB_PREFIX_ . 'lgconsultas', "id_consulta = " . Tools::getValue('id_consulta')); break; case 'view': // Default cancel button - like old back link $back = Tools::safeOutput(Tools::getValue('back', '')); if (empty($back)) { $back = self::$currentIndex . '&token=' . $this->token; } if (!Validate::isCleanHtml($back)) { die(Tools::displayError()); } if (!$this->lite_display) { $this->toolbar_btn['back'] = array('href' => $back, 'desc' => $this->l('Back to the list')); } break; case 'options': $this->toolbar_btn['save'] = array('href' => '#', 'desc' => $this->l('Save')); break; default: if ($this->allow_export) { $this->toolbar_btn['export'] = array('href' => self::$currentIndex . '&export' . $this->table . '&token=' . $this->token, 'desc' => $this->l('Export')); } } unset($this->toolbar_btn['new']); unset($this->toolbar_btn['save']); unset($this->toolbar_btn['cancel']); }
/** * Uodate the customer note * * @return void */ public function ajaxProcessUpdateCustomerNote() { if ($this->tabAccess['edit'] === '1') { $note = Tools::htmlentitiesDecodeUTF8(Tools::getValue('note')); $customer = new Customer((int) Tools::getValue('id_customer')); if (!Validate::isLoadedObject($customer)) { die('error:update'); } if (!empty($note) && !Validate::isCleanHtml($note)) { die('error:validation'); } $customer->note = $note; if (!$customer->update()) { die('error:update'); } die('ok'); } }
/** * saved paramter to acces of particular subscribtion link. * * @return string the registration link. */ private function _submitRegistrationLink() { // @todo : ask for more infos about values types TSBuyerProtection::$SHOPSW = Validate::isCleanHtml(Tools::getValue('shopsw')) ? Tools::getValue('shopsw') : ''; TSBuyerProtection::$ET_CID = Validate::isCleanHtml(Tools::getValue('et_cid')) ? Tools::getValue('et_cid') : ''; TSBuyerProtection::$ET_LID = Validate::isCleanHtml(Tools::getValue('et_lid')) ? Tools::getValue('et_lid') : ''; Configuration::updateValue(TSBuyerProtection::PREFIX_TABLE . 'SHOPSW', TSBuyerProtection::$SHOPSW); Configuration::updateValue(TSBuyerProtection::PREFIX_TABLE . 'ET_CID', TSBuyerProtection::$ET_CID); Configuration::updateValue(TSBuyerProtection::PREFIX_TABLE . 'ET_LID', TSBuyerProtection::$ET_LID); $link_registration = $this->_makeRegistrationLink(TSBuyerProtection::$SHOPSW, TSBuyerProtection::$ET_CID, TSBuyerProtection::$ET_LID, Tools::getValue('lang')); $this->confirmations[] = $this->l('Registration link has been created. Follow this link if you were not redirected earlier:') . ' <a href="' . $link_registration . '" class="link">>' . $this->l('Link') . '<</a>'; return $link_registration; }
/** * Initialize parent order controller * @see FrontController::init() */ public function init() { $this->isLogged = (bool) ($this->context->customer->id && Customer::customerIdExistsStatic((int) $this->context->cookie->id_customer)); parent::init(); /* Disable some cache related bugs on the cart/order */ header('Cache-Control: no-cache, must-revalidate'); header('Expires: Mon, 26 Jul 1997 05:00:00 GMT'); $this->nbProducts = $this->context->cart->nbProducts(); if (!$this->context->customer->isLogged(true) && $this->context->getMobileDevice() && Tools::getValue('step')) { Tools::redirect($this->context->link->getPageLink('authentication', true, (int) $this->context->language->id, $params)); } // Redirect to the good order process if (Configuration::get('PS_ORDER_PROCESS_TYPE') == 0 && Dispatcher::getInstance()->getController() != 'order') { Tools::redirect('index.php?controller=order'); } if (Configuration::get('PS_ORDER_PROCESS_TYPE') == 1 && Dispatcher::getInstance()->getController() != 'orderopc') { if (isset($_GET['step']) && $_GET['step'] == 3) { Tools::redirect('index.php?controller=order-opc&isPaymentStep=true'); } Tools::redirect('index.php?controller=order-opc'); } if (Configuration::get('PS_CATALOG_MODE')) { $this->errors[] = Tools::displayError('This store has not accepted your new order.'); } if (Tools::isSubmit('submitReorder') && ($id_order = (int) Tools::getValue('id_order'))) { $oldCart = new Cart(Order::getCartIdStatic($id_order, $this->context->customer->id)); $duplication = $oldCart->duplicate(); if (!$duplication || !Validate::isLoadedObject($duplication['cart'])) { $this->errors[] = Tools::displayError('Sorry. We cannot renew your order.'); } else { if (!$duplication['success']) { $this->errors[] = Tools::displayError('Some items are no longer available, and we are unable to renew your order.'); } else { $this->context->cookie->id_cart = $duplication['cart']->id; $this->context->cookie->write(); if (Configuration::get('PS_ORDER_PROCESS_TYPE') == 1) { Tools::redirect('index.php?controller=order-opc'); } Tools::redirect('index.php?controller=order'); } } } if ($this->nbProducts) { if (CartRule::isFeatureActive()) { if (Tools::isSubmit('submitAddDiscount')) { if (!($code = trim(Tools::getValue('discount_name')))) { $this->errors[] = Tools::displayError('You must enter a voucher code.'); } elseif (!Validate::isCleanHtml($code)) { $this->errors[] = Tools::displayError('The voucher code is invalid.'); } else { if (($cartRule = new CartRule(CartRule::getIdByCode($code))) && Validate::isLoadedObject($cartRule)) { if ($error = $cartRule->checkValidity($this->context, false, true)) { $this->errors[] = $error; } else { $this->context->cart->addCartRule($cartRule->id); if (Configuration::get('PS_ORDER_PROCESS_TYPE') == 1) { Tools::redirect('index.php?controller=order-opc&addingCartRule=1'); } Tools::redirect('index.php?controller=order&addingCartRule=1'); } } else { $this->errors[] = Tools::displayError('This voucher does not exists.'); } } $this->context->smarty->assign(array('errors' => $this->errors, 'discount_name' => Tools::safeOutput($code))); } elseif (($id_cart_rule = (int) Tools::getValue('deleteDiscount')) && Validate::isUnsignedId($id_cart_rule)) { $this->context->cart->removeCartRule($id_cart_rule); Tools::redirect('index.php?controller=order-opc'); } } /* Is there only virtual product in cart */ if ($isVirtualCart = $this->context->cart->isVirtualCart()) { $this->setNoCarrier(); } } $this->context->smarty->assign('back', Tools::safeOutput(Tools::getValue('back'))); }
public function postProcess() { // If id_order is sent, we instanciate a new Order object if (Tools::isSubmit('id_order') && Tools::getValue('id_order') > 0) { $order = new Order(Tools::getValue('id_order')); if (!Validate::isLoadedObject($order)) { $this->errors[] = Tools::displayError('The order cannot be found within your database.'); } ShopUrl::cacheMainDomainForShop((int) $order->id_shop); } /* Update shipping number */ if (Tools::isSubmit('submitShippingNumber') && isset($order)) { if ($this->tabAccess['edit'] === '1') { $order_carrier = new OrderCarrier(Tools::getValue('id_order_carrier')); if (!Validate::isLoadedObject($order_carrier)) { $this->errors[] = Tools::displayError('The order carrier ID is invalid.'); } elseif (!Validate::isTrackingNumber(Tools::getValue('tracking_number'))) { $this->errors[] = Tools::displayError('The tracking number is incorrect.'); } else { // update shipping number // Keep these two following lines for backward compatibility, remove on 1.6 version $order->shipping_number = Tools::getValue('tracking_number'); $order->update(); // Update order_carrier $order_carrier->tracking_number = pSQL(Tools::getValue('tracking_number')); if ($order_carrier->update()) { // Send mail to customer $customer = new Customer((int) $order->id_customer); $carrier = new Carrier((int) $order->id_carrier, $order->id_lang); if (!Validate::isLoadedObject($customer)) { throw new PrestaShopException('Can\'t load Customer object'); } if (!Validate::isLoadedObject($carrier)) { throw new PrestaShopException('Can\'t load Carrier object'); } $templateVars = array('{followup}' => str_replace('@', $order->shipping_number, $carrier->url), '{firstname}' => $customer->firstname, '{lastname}' => $customer->lastname, '{id_order}' => $order->id, '{shipping_number}' => $order->shipping_number, '{order_name}' => $order->getUniqReference()); if (@Mail::Send((int) $order->id_lang, 'in_transit', Mail::l('Package in transit', (int) $order->id_lang), $templateVars, $customer->email, $customer->firstname . ' ' . $customer->lastname, null, null, null, null, _PS_MAIL_DIR_, true, (int) $order->id_shop)) { Hook::exec('actionAdminOrdersTrackingNumberUpdate', array('order' => $order, 'customer' => $customer, 'carrier' => $carrier), null, false, true, false, $order->id_shop); Tools::redirectAdmin(self::$currentIndex . '&id_order=' . $order->id . '&vieworder&conf=4&token=' . $this->token); } else { $this->errors[] = Tools::displayError('An error occurred while sending an email to the customer.'); } } else { $this->errors[] = Tools::displayError('The order carrier cannot be updated.'); } } } else { $this->errors[] = Tools::displayError('You do not have permission to edit this.'); } } elseif (Tools::isSubmit('submitState') && isset($order)) { if ($this->tabAccess['edit'] === '1') { $order_state = new OrderState(Tools::getValue('id_order_state')); if (!Validate::isLoadedObject($order_state)) { $this->errors[] = Tools::displayError('The new order status is invalid.'); } else { $current_order_state = $order->getCurrentOrderState(); if ($current_order_state->id != $order_state->id) { // Create new OrderHistory $history = new OrderHistory(); $history->id_order = $order->id; $history->id_employee = (int) $this->context->employee->id; $use_existings_payment = false; if (!$order->hasInvoice()) { $use_existings_payment = true; } $history->changeIdOrderState((int) $order_state->id, $order, $use_existings_payment); $carrier = new Carrier($order->id_carrier, $order->id_lang); $templateVars = array(); if ($history->id_order_state == Configuration::get('PS_OS_SHIPPING') && $order->shipping_number) { $templateVars = array('{followup}' => str_replace('@', $order->shipping_number, $carrier->url)); } // Save all changes if ($history->addWithemail(true, $templateVars)) { // synchronizes quantities if needed.. if (Configuration::get('PS_ADVANCED_STOCK_MANAGEMENT')) { foreach ($order->getProducts() as $product) { if (StockAvailable::dependsOnStock($product['product_id'])) { StockAvailable::synchronize($product['product_id'], (int) $product['id_shop']); } } } Tools::redirectAdmin(self::$currentIndex . '&id_order=' . (int) $order->id . '&vieworder&token=' . $this->token); } $this->errors[] = Tools::displayError('An error occurred while changing order status, or we were unable to send an email to the customer.'); } else { $this->errors[] = Tools::displayError('The order has already been assigned this status.'); } } } else { $this->errors[] = Tools::displayError('You do not have permission to edit this.'); } } elseif (Tools::isSubmit('submitMessage') && isset($order)) { if ($this->tabAccess['edit'] === '1') { $customer = new Customer(Tools::getValue('id_customer')); if (!Validate::isLoadedObject($customer)) { $this->errors[] = Tools::displayError('The customer is invalid.'); } elseif (!Tools::getValue('message')) { $this->errors[] = Tools::displayError('The message cannot be blank.'); } else { /* Get message rules and and check fields validity */ $rules = call_user_func(array('Message', 'getValidationRules'), 'Message'); foreach ($rules['required'] as $field) { if (($value = Tools::getValue($field)) == false && (string) $value != '0') { if (!Tools::getValue('id_' . $this->table) || $field != 'passwd') { $this->errors[] = sprintf(Tools::displayError('field %s is required.'), $field); } } } foreach ($rules['size'] as $field => $maxLength) { if (Tools::getValue($field) && Tools::strlen(Tools::getValue($field)) > $maxLength) { $this->errors[] = sprintf(Tools::displayError('field %1$s is too long (%2$d chars max).'), $field, $maxLength); } } foreach ($rules['validate'] as $field => $function) { if (Tools::getValue($field)) { if (!Validate::$function(htmlentities(Tools::getValue($field), ENT_COMPAT, 'UTF-8'))) { $this->errors[] = sprintf(Tools::displayError('field %s is invalid.'), $field); } } } if (!count($this->errors)) { //check if a thread already exist $id_customer_thread = CustomerThread::getIdCustomerThreadByEmailAndIdOrder($customer->email, $order->id); if (!$id_customer_thread) { $customer_thread = new CustomerThread(); $customer_thread->id_contact = 0; $customer_thread->id_customer = (int) $order->id_customer; $customer_thread->id_shop = (int) $this->context->shop->id; $customer_thread->id_order = (int) $order->id; $customer_thread->id_lang = (int) $this->context->language->id; $customer_thread->email = $customer->email; $customer_thread->status = 'open'; $customer_thread->token = Tools::passwdGen(12); $customer_thread->add(); } else { $customer_thread = new CustomerThread((int) $id_customer_thread); } $customer_message = new CustomerMessage(); $customer_message->id_customer_thread = $customer_thread->id; $customer_message->id_employee = (int) $this->context->employee->id; $customer_message->message = Tools::getValue('message'); $customer_message->private = Tools::getValue('visibility'); if (!$customer_message->add()) { $this->errors[] = Tools::displayError('An error occurred while saving the message.'); } elseif ($customer_message->private) { Tools::redirectAdmin(self::$currentIndex . '&id_order=' . (int) $order->id . '&vieworder&conf=11&token=' . $this->token); } else { $message = $customer_message->message; if (Configuration::get('PS_MAIL_TYPE', null, null, $order->id_shop) != Mail::TYPE_TEXT) { $message = Tools::nl2br($customer_message->message); } $varsTpl = array('{lastname}' => $customer->lastname, '{firstname}' => $customer->firstname, '{id_order}' => $order->id, '{order_name}' => $order->getUniqReference(), '{message}' => $message); if (@Mail::Send((int) $order->id_lang, 'order_merchant_comment', Mail::l('New message regarding your order', (int) $order->id_lang), $varsTpl, $customer->email, $customer->firstname . ' ' . $customer->lastname, null, null, null, null, _PS_MAIL_DIR_, true, (int) $order->id_shop)) { Tools::redirectAdmin(self::$currentIndex . '&id_order=' . $order->id . '&vieworder&conf=11' . '&token=' . $this->token); } } $this->errors[] = Tools::displayError('An error occurred while sending an email to the customer.'); } } } else { $this->errors[] = Tools::displayError('You do not have permission to delete this.'); } } elseif (Tools::isSubmit('partialRefund') && isset($order)) { if ($this->tabAccess['edit'] == '1') { if (is_array($_POST['partialRefundProduct'])) { $amount = 0; $order_detail_list = array(); foreach ($_POST['partialRefundProduct'] as $id_order_detail => $amount_detail) { $order_detail_list[$id_order_detail]['quantity'] = (int) $_POST['partialRefundProductQuantity'][$id_order_detail]; if (empty($amount_detail)) { $order_detail = new OrderDetail((int) $id_order_detail); $order_detail_list[$id_order_detail]['amount'] = $order_detail->unit_price_tax_incl * $order_detail_list[$id_order_detail]['quantity']; } else { $order_detail_list[$id_order_detail]['amount'] = (double) str_replace(',', '.', $amount_detail); } $amount += $order_detail_list[$id_order_detail]['amount']; $order_detail = new OrderDetail((int) $id_order_detail); if (!$order->hasBeenDelivered() || $order->hasBeenDelivered() && Tools::isSubmit('reinjectQuantities') && $order_detail_list[$id_order_detail]['quantity'] > 0) { $this->reinjectQuantity($order_detail, $order_detail_list[$id_order_detail]['quantity']); } } $shipping_cost_amount = (double) str_replace(',', '.', Tools::getValue('partialRefundShippingCost')); if ($shipping_cost_amount > 0) { $amount += $shipping_cost_amount; } $order_carrier = new OrderCarrier((int) $order->getIdOrderCarrier()); if (Validate::isLoadedObject($order_carrier)) { $order_carrier->weight = (double) $order->getTotalWeight(); if ($order_carrier->update()) { $order->weight = sprintf("%.3f " . Configuration::get('PS_WEIGHT_UNIT'), $order_carrier->weight); } } if ($amount > 0) { if (!OrderSlip::createPartialOrderSlip($order, $amount, $shipping_cost_amount, $order_detail_list)) { $this->errors[] = Tools::displayError('You cannot generate a partial credit slip.'); } // Generate voucher if (Tools::isSubmit('generateDiscountRefund') && !count($this->errors)) { $cart_rule = new CartRule(); $cart_rule->description = sprintf($this->l('Credit slip for order #%d'), $order->id); $languages = Language::getLanguages(false); foreach ($languages as $language) { // Define a temporary name $cart_rule->name[$language['id_lang']] = sprintf('V0C%1$dO%2$d', $order->id_customer, $order->id); } // Define a temporary code $cart_rule->code = sprintf('V0C%1$dO%2$d', $order->id_customer, $order->id); $cart_rule->quantity = 1; $cart_rule->quantity_per_user = 1; // Specific to the customer $cart_rule->id_customer = $order->id_customer; $now = time(); $cart_rule->date_from = date('Y-m-d H:i:s', $now); $cart_rule->date_to = date('Y-m-d H:i:s', $now + 3600 * 24 * 365.25); /* 1 year */ $cart_rule->partial_use = 1; $cart_rule->active = 1; $cart_rule->reduction_amount = $amount; $cart_rule->reduction_tax = true; $cart_rule->minimum_amount_currency = $order->id_currency; $cart_rule->reduction_currency = $order->id_currency; if (!$cart_rule->add()) { $this->errors[] = Tools::displayError('You cannot generate a voucher.'); } else { // Update the voucher code and name foreach ($languages as $language) { $cart_rule->name[$language['id_lang']] = sprintf('V%1$dC%2$dO%3$d', $cart_rule->id, $order->id_customer, $order->id); } $cart_rule->code = sprintf('V%1$dC%2$dO%3$d', $cart_rule->id, $order->id_customer, $order->id); if (!$cart_rule->update()) { $this->errors[] = Tools::displayError('You cannot generate a voucher.'); } else { $currency = $this->context->currency; $customer = new Customer((int) $order->id_customer); $params['{lastname}'] = $customer->lastname; $params['{firstname}'] = $customer->firstname; $params['{id_order}'] = $order->id; $params['{order_name}'] = $order->getUniqReference(); $params['{voucher_amount}'] = Tools::displayPrice($cart_rule->reduction_amount, $currency, false); $params['{voucher_num}'] = $cart_rule->code; $customer = new Customer((int) $order->id_customer); @Mail::Send((int) $order->id_lang, 'voucher', sprintf(Mail::l('New voucher regarding your order %s', (int) $order->id_lang), $order->reference), $params, $customer->email, $customer->firstname . ' ' . $customer->lastname, null, null, null, null, _PS_MAIL_DIR_, true, (int) $order->id_shop); } } } } else { $this->errors[] = Tools::displayError('You have to enter an amount if you want to create a partial credit slip.'); } // Redirect if no errors if (!count($this->errors)) { Tools::redirectAdmin(self::$currentIndex . '&id_order=' . $order->id . '&vieworder&conf=30&token=' . $this->token); } } else { $this->errors[] = Tools::displayError('The partial refund data is incorrect.'); } } else { $this->errors[] = Tools::displayError('You do not have permission to delete this.'); } } elseif (Tools::isSubmit('cancelProduct') && isset($order)) { if ($this->tabAccess['delete'] === '1') { if (!Tools::isSubmit('id_order_detail') && !Tools::isSubmit('id_customization')) { $this->errors[] = Tools::displayError('You must select a product.'); } elseif (!Tools::isSubmit('cancelQuantity') && !Tools::isSubmit('cancelCustomizationQuantity')) { $this->errors[] = Tools::displayError('You must enter a quantity.'); } else { $productList = Tools::getValue('id_order_detail'); if ($productList) { $productList = array_map('intval', $productList); } $customizationList = Tools::getValue('id_customization'); if ($customizationList) { $customizationList = array_map('intval', $customizationList); } $qtyList = Tools::getValue('cancelQuantity'); if ($qtyList) { $qtyList = array_map('intval', $qtyList); } $customizationQtyList = Tools::getValue('cancelCustomizationQuantity'); if ($customizationQtyList) { $customizationQtyList = array_map('intval', $customizationQtyList); } $full_product_list = $productList; $full_quantity_list = $qtyList; if ($customizationList) { foreach ($customizationList as $key => $id_order_detail) { $full_product_list[(int) $id_order_detail] = $id_order_detail; if (isset($customizationQtyList[$key])) { $full_quantity_list[(int) $id_order_detail] += $customizationQtyList[$key]; } } } if ($productList || $customizationList) { if ($productList) { $id_cart = Cart::getCartIdByOrderId($order->id); $customization_quantities = Customization::countQuantityByCart($id_cart); foreach ($productList as $key => $id_order_detail) { $qtyCancelProduct = abs($qtyList[$key]); if (!$qtyCancelProduct) { $this->errors[] = Tools::displayError('No quantity has been selected for this product.'); } $order_detail = new OrderDetail($id_order_detail); $customization_quantity = 0; if (array_key_exists($order_detail->product_id, $customization_quantities) && array_key_exists($order_detail->product_attribute_id, $customization_quantities[$order_detail->product_id])) { $customization_quantity = (int) $customization_quantities[$order_detail->product_id][$order_detail->product_attribute_id]; } if ($order_detail->product_quantity - $customization_quantity - $order_detail->product_quantity_refunded - $order_detail->product_quantity_return < $qtyCancelProduct) { $this->errors[] = Tools::displayError('An invalid quantity was selected for this product.'); } } } if ($customizationList) { $customization_quantities = Customization::retrieveQuantitiesFromIds(array_keys($customizationList)); foreach ($customizationList as $id_customization => $id_order_detail) { $qtyCancelProduct = abs($customizationQtyList[$id_customization]); $customization_quantity = $customization_quantities[$id_customization]; if (!$qtyCancelProduct) { $this->errors[] = Tools::displayError('No quantity has been selected for this product.'); } if ($qtyCancelProduct > $customization_quantity['quantity'] - ($customization_quantity['quantity_refunded'] + $customization_quantity['quantity_returned'])) { $this->errors[] = Tools::displayError('An invalid quantity was selected for this product.'); } } } if (!count($this->errors) && $productList) { foreach ($productList as $key => $id_order_detail) { $qty_cancel_product = abs($qtyList[$key]); $order_detail = new OrderDetail((int) $id_order_detail); if (!$order->hasBeenDelivered() || $order->hasBeenDelivered() && Tools::isSubmit('reinjectQuantities') && $qty_cancel_product > 0) { $this->reinjectQuantity($order_detail, $qty_cancel_product); } // Delete product $order_detail = new OrderDetail((int) $id_order_detail); if (!$order->deleteProduct($order, $order_detail, $qty_cancel_product)) { $this->errors[] = Tools::displayError('An error occurred while attempting to delete the product.') . ' <span class="bold">' . $order_detail->product_name . '</span>'; } // Update weight SUM $order_carrier = new OrderCarrier((int) $order->getIdOrderCarrier()); if (Validate::isLoadedObject($order_carrier)) { $order_carrier->weight = (double) $order->getTotalWeight(); if ($order_carrier->update()) { $order->weight = sprintf("%.3f " . Configuration::get('PS_WEIGHT_UNIT'), $order_carrier->weight); } } Hook::exec('actionProductCancel', array('order' => $order, 'id_order_detail' => (int) $id_order_detail), null, false, true, false, $order->id_shop); } } if (!count($this->errors) && $customizationList) { foreach ($customizationList as $id_customization => $id_order_detail) { $order_detail = new OrderDetail((int) $id_order_detail); $qtyCancelProduct = abs($customizationQtyList[$id_customization]); if (!$order->deleteCustomization($id_customization, $qtyCancelProduct, $order_detail)) { $this->errors[] = Tools::displayError('An error occurred while attempting to delete product customization.') . ' ' . $id_customization; } } } // E-mail params if ((Tools::isSubmit('generateCreditSlip') || Tools::isSubmit('generateDiscount')) && !count($this->errors)) { $customer = new Customer((int) $order->id_customer); $params['{lastname}'] = $customer->lastname; $params['{firstname}'] = $customer->firstname; $params['{id_order}'] = $order->id; $params['{order_name}'] = $order->getUniqReference(); } // Generate credit slip if (Tools::isSubmit('generateCreditSlip') && !count($this->errors)) { if (!OrderSlip::createOrderSlip($order, $full_product_list, $full_quantity_list, Tools::isSubmit('shippingBack'))) { $this->errors[] = Tools::displayError('A credit slip cannot be generated. '); } else { Hook::exec('actionOrderSlipAdd', array('order' => $order, 'productList' => $full_product_list, 'qtyList' => $full_quantity_list), null, false, true, false, $order->id_shop); @Mail::Send((int) $order->id_lang, 'credit_slip', Mail::l('New credit slip regarding your order', (int) $order->id_lang), $params, $customer->email, $customer->firstname . ' ' . $customer->lastname, null, null, null, null, _PS_MAIL_DIR_, true, (int) $order->id_shop); } } // Generate voucher if (Tools::isSubmit('generateDiscount') && !count($this->errors)) { $cartrule = new CartRule(); $languages = Language::getLanguages($order); $cartrule->description = sprintf($this->l('Credit card slip for order #%d'), $order->id); foreach ($languages as $language) { // Define a temporary name $cartrule->name[$language['id_lang']] = 'V0C' . (int) $order->id_customer . 'O' . (int) $order->id; } // Define a temporary code $cartrule->code = 'V0C' . (int) $order->id_customer . 'O' . (int) $order->id; $cartrule->quantity = 1; $cartrule->quantity_per_user = 1; // Specific to the customer $cartrule->id_customer = $order->id_customer; $now = time(); $cartrule->date_from = date('Y-m-d H:i:s', $now); $cartrule->date_to = date('Y-m-d H:i:s', $now + 3600 * 24 * 365.25); /* 1 year */ $cartrule->active = 1; $products = $order->getProducts(false, $full_product_list, $full_quantity_list); $total = 0; foreach ($products as $product) { $total += $product['unit_price_tax_incl'] * $product['product_quantity']; } if (Tools::isSubmit('shippingBack')) { $total += $order->total_shipping; } $cartrule->reduction_amount = $total; $cartrule->reduction_tax = true; $cartrule->minimum_amount_currency = $order->id_currency; $cartrule->reduction_currency = $order->id_currency; if (!$cartrule->add()) { $this->errors[] = Tools::displayError('You cannot generate a voucher.'); } else { // Update the voucher code and name foreach ($languages as $language) { $cartrule->name[$language['id_lang']] = 'V' . (int) $cartrule->id . 'C' . (int) $order->id_customer . 'O' . $order->id; } $cartrule->code = 'V' . (int) $cartrule->id . 'C' . (int) $order->id_customer . 'O' . $order->id; if (!$cartrule->update()) { $this->errors[] = Tools::displayError('You cannot generate a voucher.'); } else { $currency = $this->context->currency; $params['{voucher_amount}'] = Tools::displayPrice($cartrule->reduction_amount, $currency, false); $params['{voucher_num}'] = $cartrule->code; @Mail::Send((int) $order->id_lang, 'voucher', sprintf(Mail::l('New voucher regarding your order %s', (int) $order->id_lang), $order->reference), $params, $customer->email, $customer->firstname . ' ' . $customer->lastname, null, null, null, null, _PS_MAIL_DIR_, true, (int) $order->id_shop); } } } } else { $this->errors[] = Tools::displayError('No product or quantity has been selected.'); } // Redirect if no errors if (!count($this->errors)) { Tools::redirectAdmin(self::$currentIndex . '&id_order=' . $order->id . '&vieworder&conf=31&token=' . $this->token); } } } else { $this->errors[] = Tools::displayError('You do not have permission to delete this.'); } } elseif (Tools::isSubmit('messageReaded')) { Message::markAsReaded(Tools::getValue('messageReaded'), $this->context->employee->id); } elseif (Tools::isSubmit('submitAddPayment') && isset($order)) { if ($this->tabAccess['edit'] === '1') { $amount = str_replace(',', '.', Tools::getValue('payment_amount')); $currency = new Currency(Tools::getValue('payment_currency')); $order_has_invoice = $order->hasInvoice(); if ($order_has_invoice) { $order_invoice = new OrderInvoice(Tools::getValue('payment_invoice')); } else { $order_invoice = null; } if (!Validate::isLoadedObject($order)) { $this->errors[] = Tools::displayError('The order cannot be found'); } elseif (!Validate::isNegativePrice($amount) || !(double) $amount) { $this->errors[] = Tools::displayError('The amount is invalid.'); } elseif (!Validate::isGenericName(Tools::getValue('payment_method'))) { $this->errors[] = Tools::displayError('The selected payment method is invalid.'); } elseif (!Validate::isString(Tools::getValue('payment_transaction_id'))) { $this->errors[] = Tools::displayError('The transaction ID is invalid.'); } elseif (!Validate::isLoadedObject($currency)) { $this->errors[] = Tools::displayError('The selected currency is invalid.'); } elseif ($order_has_invoice && !Validate::isLoadedObject($order_invoice)) { $this->errors[] = Tools::displayError('The invoice is invalid.'); } elseif (!Validate::isDate(Tools::getValue('payment_date'))) { $this->errors[] = Tools::displayError('The date is invalid'); } else { if (!$order->addOrderPayment($amount, Tools::getValue('payment_method'), Tools::getValue('payment_transaction_id'), $currency, Tools::getValue('payment_date'), $order_invoice)) { $this->errors[] = Tools::displayError('An error occurred during payment.'); } else { Tools::redirectAdmin(self::$currentIndex . '&id_order=' . $order->id . '&vieworder&conf=4&token=' . $this->token); } } } else { $this->errors[] = Tools::displayError('You do not have permission to edit this.'); } } elseif (Tools::isSubmit('submitEditNote')) { $note = Tools::getValue('note'); $order_invoice = new OrderInvoice((int) Tools::getValue('id_order_invoice')); if (Validate::isLoadedObject($order_invoice) && Validate::isCleanHtml($note)) { if ($this->tabAccess['edit'] === '1') { $order_invoice->note = $note; if ($order_invoice->save()) { Tools::redirectAdmin(self::$currentIndex . '&id_order=' . $order_invoice->id_order . '&vieworder&conf=4&token=' . $this->token); } else { $this->errors[] = Tools::displayError('The invoice note was not saved.'); } } else { $this->errors[] = Tools::displayError('You do not have permission to edit this.'); } } else { $this->errors[] = Tools::displayError('The invoice for edit note was unable to load. '); } } elseif (Tools::isSubmit('submitAddOrder') && ($id_cart = Tools::getValue('id_cart')) && ($module_name = Tools::getValue('payment_module_name')) && ($id_order_state = Tools::getValue('id_order_state')) && Validate::isModuleName($module_name)) { if ($this->tabAccess['edit'] === '1') { $payment_module = Module::getInstanceByName($module_name); $cart = new Cart((int) $id_cart); Context::getContext()->currency = new Currency((int) $cart->id_currency); Context::getContext()->customer = new Customer((int) $cart->id_customer); $employee = new Employee((int) Context::getContext()->cookie->id_employee); $payment_module->validateOrder((int) $cart->id, (int) $id_order_state, $cart->getOrderTotal(true, Cart::BOTH), $payment_module->displayName, $this->l('Manual order -- Employee:') . ' ' . substr($employee->firstname, 0, 1) . '. ' . $employee->lastname, array(), null, false, $cart->secure_key); if ($payment_module->currentOrder) { Tools::redirectAdmin(self::$currentIndex . '&id_order=' . $payment_module->currentOrder . '&vieworder' . '&token=' . $this->token); } } else { $this->errors[] = Tools::displayError('You do not have permission to add this.'); } } elseif ((Tools::isSubmit('submitAddressShipping') || Tools::isSubmit('submitAddressInvoice')) && isset($order)) { if ($this->tabAccess['edit'] === '1') { $address = new Address(Tools::getValue('id_address')); if (Validate::isLoadedObject($address)) { // Update the address on order if (Tools::isSubmit('submitAddressShipping')) { $order->id_address_delivery = $address->id; } elseif (Tools::isSubmit('submitAddressInvoice')) { $order->id_address_invoice = $address->id; } $order->update(); Tools::redirectAdmin(self::$currentIndex . '&id_order=' . $order->id . '&vieworder&conf=4&token=' . $this->token); } else { $this->errors[] = Tools::displayError('This address can\'t be loaded'); } } else { $this->errors[] = Tools::displayError('You do not have permission to edit this.'); } } elseif (Tools::isSubmit('submitChangeCurrency') && isset($order)) { if ($this->tabAccess['edit'] === '1') { if (Tools::getValue('new_currency') != $order->id_currency && !$order->valid) { $old_currency = new Currency($order->id_currency); $currency = new Currency(Tools::getValue('new_currency')); if (!Validate::isLoadedObject($currency)) { throw new PrestaShopException('Can\'t load Currency object'); } // Update order detail amount foreach ($order->getOrderDetailList() as $row) { $order_detail = new OrderDetail($row['id_order_detail']); $fields = array('ecotax', 'product_price', 'reduction_amount', 'total_shipping_price_tax_excl', 'total_shipping_price_tax_incl', 'total_price_tax_incl', 'total_price_tax_excl', 'product_quantity_discount', 'purchase_supplier_price', 'reduction_amount', 'reduction_amount_tax_incl', 'reduction_amount_tax_excl', 'unit_price_tax_incl', 'unit_price_tax_excl', 'original_product_price'); foreach ($fields as $field) { $order_detail->{$field} = Tools::convertPriceFull($order_detail->{$field}, $old_currency, $currency); } $order_detail->update(); $order_detail->updateTaxAmount($order); } $id_order_carrier = (int) $order->getIdOrderCarrier(); if ($id_order_carrier) { $order_carrier = $order_carrier = new OrderCarrier((int) $order->getIdOrderCarrier()); $order_carrier->shipping_cost_tax_excl = (double) Tools::convertPriceFull($order_carrier->shipping_cost_tax_excl, $old_currency, $currency); $order_carrier->shipping_cost_tax_incl = (double) Tools::convertPriceFull($order_carrier->shipping_cost_tax_incl, $old_currency, $currency); $order_carrier->update(); } // Update order && order_invoice amount $fields = array('total_discounts', 'total_discounts_tax_incl', 'total_discounts_tax_excl', 'total_discount_tax_excl', 'total_discount_tax_incl', 'total_paid', 'total_paid_tax_incl', 'total_paid_tax_excl', 'total_paid_real', 'total_products', 'total_products_wt', 'total_shipping', 'total_shipping_tax_incl', 'total_shipping_tax_excl', 'total_wrapping', 'total_wrapping_tax_incl', 'total_wrapping_tax_excl'); $invoices = $order->getInvoicesCollection(); if ($invoices) { foreach ($invoices as $invoice) { foreach ($fields as $field) { if (isset($invoice->{$field})) { $invoice->{$field} = Tools::convertPriceFull($invoice->{$field}, $old_currency, $currency); } } $invoice->save(); } } foreach ($fields as $field) { if (isset($order->{$field})) { $order->{$field} = Tools::convertPriceFull($order->{$field}, $old_currency, $currency); } } // Update currency in order $order->id_currency = $currency->id; // Update exchange rate $order->conversion_rate = (double) $currency->conversion_rate; $order->update(); } else { $this->errors[] = Tools::displayError('You cannot change the currency.'); } } else { $this->errors[] = Tools::displayError('You do not have permission to edit this.'); } } elseif (Tools::isSubmit('submitGenerateInvoice') && isset($order)) { if (!Configuration::get('PS_INVOICE', null, null, $order->id_shop)) { $this->errors[] = Tools::displayError('Invoice management has been disabled.'); } elseif ($order->hasInvoice()) { $this->errors[] = Tools::displayError('This order already has an invoice.'); } else { $order->setInvoice(true); Tools::redirectAdmin(self::$currentIndex . '&id_order=' . $order->id . '&vieworder&conf=4&token=' . $this->token); } } elseif (Tools::isSubmit('submitDeleteVoucher') && isset($order)) { if ($this->tabAccess['edit'] === '1') { $order_cart_rule = new OrderCartRule(Tools::getValue('id_order_cart_rule')); if (Validate::isLoadedObject($order_cart_rule) && $order_cart_rule->id_order == $order->id) { if ($order_cart_rule->id_order_invoice) { $order_invoice = new OrderInvoice($order_cart_rule->id_order_invoice); if (!Validate::isLoadedObject($order_invoice)) { throw new PrestaShopException('Can\'t load Order Invoice object'); } // Update amounts of Order Invoice $order_invoice->total_discount_tax_excl -= $order_cart_rule->value_tax_excl; $order_invoice->total_discount_tax_incl -= $order_cart_rule->value; $order_invoice->total_paid_tax_excl += $order_cart_rule->value_tax_excl; $order_invoice->total_paid_tax_incl += $order_cart_rule->value; // Update Order Invoice $order_invoice->update(); } // Update amounts of order $order->total_discounts -= $order_cart_rule->value; $order->total_discounts_tax_incl -= $order_cart_rule->value; $order->total_discounts_tax_excl -= $order_cart_rule->value_tax_excl; $order->total_paid += $order_cart_rule->value; $order->total_paid_tax_incl += $order_cart_rule->value; $order->total_paid_tax_excl += $order_cart_rule->value_tax_excl; // Delete Order Cart Rule and update Order $order_cart_rule->delete(); $order->update(); Tools::redirectAdmin(self::$currentIndex . '&id_order=' . $order->id . '&vieworder&conf=4&token=' . $this->token); } else { $this->errors[] = Tools::displayError('You cannot edit this cart rule.'); } } else { $this->errors[] = Tools::displayError('You do not have permission to edit this.'); } } elseif (Tools::isSubmit('submitNewVoucher') && isset($order)) { if ($this->tabAccess['edit'] === '1') { if (!Tools::getValue('discount_name')) { $this->errors[] = Tools::displayError('You must specify a name in order to create a new discount.'); } else { if ($order->hasInvoice()) { // If the discount is for only one invoice if (!Tools::isSubmit('discount_all_invoices')) { $order_invoice = new OrderInvoice(Tools::getValue('discount_invoice')); if (!Validate::isLoadedObject($order_invoice)) { throw new PrestaShopException('Can\'t load Order Invoice object'); } } } $cart_rules = array(); $discount_value = (double) str_replace(',', '.', Tools::getValue('discount_value')); switch (Tools::getValue('discount_type')) { // Percent type case 1: if ($discount_value < 100) { if (isset($order_invoice)) { $cart_rules[$order_invoice->id]['value_tax_incl'] = Tools::ps_round($order_invoice->total_paid_tax_incl * $discount_value / 100, 2); $cart_rules[$order_invoice->id]['value_tax_excl'] = Tools::ps_round($order_invoice->total_paid_tax_excl * $discount_value / 100, 2); // Update OrderInvoice $this->applyDiscountOnInvoice($order_invoice, $cart_rules[$order_invoice->id]['value_tax_incl'], $cart_rules[$order_invoice->id]['value_tax_excl']); } elseif ($order->hasInvoice()) { $order_invoices_collection = $order->getInvoicesCollection(); foreach ($order_invoices_collection as $order_invoice) { $cart_rules[$order_invoice->id]['value_tax_incl'] = Tools::ps_round($order_invoice->total_paid_tax_incl * $discount_value / 100, 2); $cart_rules[$order_invoice->id]['value_tax_excl'] = Tools::ps_round($order_invoice->total_paid_tax_excl * $discount_value / 100, 2); // Update OrderInvoice $this->applyDiscountOnInvoice($order_invoice, $cart_rules[$order_invoice->id]['value_tax_incl'], $cart_rules[$order_invoice->id]['value_tax_excl']); } } else { $cart_rules[0]['value_tax_incl'] = Tools::ps_round($order->total_paid_tax_incl * $discount_value / 100, 2); $cart_rules[0]['value_tax_excl'] = Tools::ps_round($order->total_paid_tax_excl * $discount_value / 100, 2); } } else { $this->errors[] = Tools::displayError('The discount value is invalid.'); } break; // Amount type // Amount type case 2: if (isset($order_invoice)) { if ($discount_value > $order_invoice->total_paid_tax_incl) { $this->errors[] = Tools::displayError('The discount value is greater than the order invoice total.'); } else { $cart_rules[$order_invoice->id]['value_tax_incl'] = Tools::ps_round($discount_value, 2); $cart_rules[$order_invoice->id]['value_tax_excl'] = Tools::ps_round($discount_value / (1 + $order->getTaxesAverageUsed() / 100), 2); // Update OrderInvoice $this->applyDiscountOnInvoice($order_invoice, $cart_rules[$order_invoice->id]['value_tax_incl'], $cart_rules[$order_invoice->id]['value_tax_excl']); } } elseif ($order->hasInvoice()) { $order_invoices_collection = $order->getInvoicesCollection(); foreach ($order_invoices_collection as $order_invoice) { if ($discount_value > $order_invoice->total_paid_tax_incl) { $this->errors[] = Tools::displayError('The discount value is greater than the order invoice total.') . $order_invoice->getInvoiceNumberFormatted(Context::getContext()->language->id, (int) $order->id_shop) . ')'; } else { $cart_rules[$order_invoice->id]['value_tax_incl'] = Tools::ps_round($discount_value, 2); $cart_rules[$order_invoice->id]['value_tax_excl'] = Tools::ps_round($discount_value / (1 + $order->getTaxesAverageUsed() / 100), 2); // Update OrderInvoice $this->applyDiscountOnInvoice($order_invoice, $cart_rules[$order_invoice->id]['value_tax_incl'], $cart_rules[$order_invoice->id]['value_tax_excl']); } } } else { if ($discount_value > $order->total_paid_tax_incl) { $this->errors[] = Tools::displayError('The discount value is greater than the order total.'); } else { $cart_rules[0]['value_tax_incl'] = Tools::ps_round($discount_value, 2); $cart_rules[0]['value_tax_excl'] = Tools::ps_round($discount_value / (1 + $order->getTaxesAverageUsed() / 100), 2); } } break; // Free shipping type // Free shipping type case 3: if (isset($order_invoice)) { if ($order_invoice->total_shipping_tax_incl > 0) { $cart_rules[$order_invoice->id]['value_tax_incl'] = $order_invoice->total_shipping_tax_incl; $cart_rules[$order_invoice->id]['value_tax_excl'] = $order_invoice->total_shipping_tax_excl; // Update OrderInvoice $this->applyDiscountOnInvoice($order_invoice, $cart_rules[$order_invoice->id]['value_tax_incl'], $cart_rules[$order_invoice->id]['value_tax_excl']); } } elseif ($order->hasInvoice()) { $order_invoices_collection = $order->getInvoicesCollection(); foreach ($order_invoices_collection as $order_invoice) { if ($order_invoice->total_shipping_tax_incl <= 0) { continue; } $cart_rules[$order_invoice->id]['value_tax_incl'] = $order_invoice->total_shipping_tax_incl; $cart_rules[$order_invoice->id]['value_tax_excl'] = $order_invoice->total_shipping_tax_excl; // Update OrderInvoice $this->applyDiscountOnInvoice($order_invoice, $cart_rules[$order_invoice->id]['value_tax_incl'], $cart_rules[$order_invoice->id]['value_tax_excl']); } } else { $cart_rules[0]['value_tax_incl'] = $order->total_shipping_tax_incl; $cart_rules[0]['value_tax_excl'] = $order->total_shipping_tax_excl; } break; default: $this->errors[] = Tools::displayError('The discount type is invalid.'); } $res = true; foreach ($cart_rules as &$cart_rule) { $cartRuleObj = new CartRule(); $cartRuleObj->date_from = date('Y-m-d H:i:s', strtotime('-1 hour', strtotime($order->date_add))); $cartRuleObj->date_to = date('Y-m-d H:i:s', strtotime('+1 hour')); $cartRuleObj->name[Configuration::get('PS_LANG_DEFAULT')] = Tools::getValue('discount_name'); $cartRuleObj->quantity = 0; $cartRuleObj->quantity_per_user = 1; if (Tools::getValue('discount_type') == 1) { $cartRuleObj->reduction_percent = $discount_value; } elseif (Tools::getValue('discount_type') == 2) { $cartRuleObj->reduction_amount = $cart_rule['value_tax_excl']; } elseif (Tools::getValue('discount_type') == 3) { $cartRuleObj->free_shipping = 1; } $cartRuleObj->active = 0; if ($res = $cartRuleObj->add()) { $cart_rule['id'] = $cartRuleObj->id; } else { break; } } if ($res) { foreach ($cart_rules as $id_order_invoice => $cart_rule) { // Create OrderCartRule $order_cart_rule = new OrderCartRule(); $order_cart_rule->id_order = $order->id; $order_cart_rule->id_cart_rule = $cart_rule['id']; $order_cart_rule->id_order_invoice = $id_order_invoice; $order_cart_rule->name = Tools::getValue('discount_name'); $order_cart_rule->value = $cart_rule['value_tax_incl']; $order_cart_rule->value_tax_excl = $cart_rule['value_tax_excl']; $res &= $order_cart_rule->add(); $order->total_discounts += $order_cart_rule->value; $order->total_discounts_tax_incl += $order_cart_rule->value; $order->total_discounts_tax_excl += $order_cart_rule->value_tax_excl; $order->total_paid -= $order_cart_rule->value; $order->total_paid_tax_incl -= $order_cart_rule->value; $order->total_paid_tax_excl -= $order_cart_rule->value_tax_excl; } // Update Order $res &= $order->update(); } if ($res) { Tools::redirectAdmin(self::$currentIndex . '&id_order=' . $order->id . '&vieworder&conf=4&token=' . $this->token); } else { $this->errors[] = Tools::displayError('An error occurred during the OrderCartRule creation'); } } } else { $this->errors[] = Tools::displayError('You do not have permission to edit this.'); } } parent::postProcess(); }
public function validateOrder($id_cart, $id_order_state, $amount_paid, $payment_method = 'Unknown', $message = null, $extra_vars = array(), $currency_special = null, $dont_touch_amount = false, $secure_key = false, Shop $shop = null) { if (self::DEBUG_MODE) { PrestaShopLogger::addLog('PaymentModule::validateOrder - Function called', 1, null, 'Cart', (int) $id_cart, true); } if (!isset($this->context)) { $this->context = Context::getContext(); } $this->context->cart = new Cart($id_cart); $this->context->customer = new Customer($this->context->cart->id_customer); // The tax cart is loaded before the customer so re-cache the tax calculation method $this->context->cart->setTaxCalculationMethod(); $this->context->language = new Language($this->context->cart->id_lang); $this->context->shop = $shop ? $shop : new Shop($this->context->cart->id_shop); ShopUrl::resetMainDomainCache(); $id_currency = $currency_special ? (int) $currency_special : (int) $this->context->cart->id_currency; $this->context->currency = new Currency($id_currency, null, $this->context->shop->id); if (Configuration::get('PS_TAX_ADDRESS_TYPE') == 'id_address_delivery') { $context_country = $this->context->country; } $order_status = new OrderState((int) $id_order_state, (int) $this->context->language->id); if (!Validate::isLoadedObject($order_status)) { PrestaShopLogger::addLog('PaymentModule::validateOrder - Order Status cannot be loaded', 3, null, 'Cart', (int) $id_cart, true); throw new PrestaShopException('Can\'t load Order status'); } if (!$this->active) { PrestaShopLogger::addLog('PaymentModule::validateOrder - Module is not active', 3, null, 'Cart', (int) $id_cart, true); die(Tools::displayError()); } // Does order already exists ? if (Validate::isLoadedObject($this->context->cart) && $this->context->cart->OrderExists() == false) { if ($secure_key !== false && $secure_key != $this->context->cart->secure_key) { PrestaShopLogger::addLog('PaymentModule::validateOrder - Secure key does not match', 3, null, 'Cart', (int) $id_cart, true); die(Tools::displayError()); } // For each package, generate an order $delivery_option_list = $this->context->cart->getDeliveryOptionList(); $package_list = $this->context->cart->getPackageList(); $cart_delivery_option = $this->context->cart->getDeliveryOption(); // If some delivery options are not defined, or not valid, use the first valid option foreach ($delivery_option_list as $id_address => $package) { if (!isset($cart_delivery_option[$id_address]) || !array_key_exists($cart_delivery_option[$id_address], $package)) { foreach ($package as $key => $val) { $cart_delivery_option[$id_address] = $key; break; } } } $order_list = array(); $order_detail_list = array(); do { $reference = Order::generateReference(); } while (Order::getByReference($reference)->count()); $this->currentOrderReference = $reference; $order_creation_failed = false; $cart_total_paid = (double) Tools::ps_round((double) $this->context->cart->getOrderTotal(true, Cart::BOTH), 2); foreach ($cart_delivery_option as $id_address => $key_carriers) { foreach ($delivery_option_list[$id_address][$key_carriers]['carrier_list'] as $id_carrier => $data) { foreach ($data['package_list'] as $id_package) { // Rewrite the id_warehouse $package_list[$id_address][$id_package]['id_warehouse'] = (int) $this->context->cart->getPackageIdWarehouse($package_list[$id_address][$id_package], (int) $id_carrier); $package_list[$id_address][$id_package]['id_carrier'] = $id_carrier; } } } // Make sure CartRule caches are empty CartRule::cleanCache(); $cart_rules = $this->context->cart->getCartRules(); foreach ($cart_rules as $cart_rule) { if (($rule = new CartRule((int) $cart_rule['obj']->id)) && Validate::isLoadedObject($rule)) { if ($error = $rule->checkValidity($this->context, true, true)) { $this->context->cart->removeCartRule((int) $rule->id); if (isset($this->context->cookie) && isset($this->context->cookie->id_customer) && $this->context->cookie->id_customer && !empty($rule->code)) { if (Configuration::get('PS_ORDER_PROCESS_TYPE') == 1) { Tools::redirect('index.php?controller=order-opc&submitAddDiscount=1&discount_name=' . urlencode($rule->code)); } Tools::redirect('index.php?controller=order&submitAddDiscount=1&discount_name=' . urlencode($rule->code)); } else { $rule_name = isset($rule->name[(int) $this->context->cart->id_lang]) ? $rule->name[(int) $this->context->cart->id_lang] : $rule->code; $error = Tools::displayError(sprintf('CartRule ID %1s (%2s) used in this cart is not valid and has been withdrawn from cart', (int) $rule->id, $rule_name)); PrestaShopLogger::addLog($error, 3, '0000002', 'Cart', (int) $this->context->cart->id); } } } } foreach ($package_list as $id_address => $packageByAddress) { foreach ($packageByAddress as $id_package => $package) { $order = new Order(); $order->product_list = $package['product_list']; if (Configuration::get('PS_TAX_ADDRESS_TYPE') == 'id_address_delivery') { $address = new Address($id_address); $this->context->country = new Country($address->id_country, $this->context->cart->id_lang); if (!$this->context->country->active) { throw new PrestaShopException('The delivery address country is not active.'); } } $carrier = null; if (!$this->context->cart->isVirtualCart() && isset($package['id_carrier'])) { $carrier = new Carrier($package['id_carrier'], $this->context->cart->id_lang); $order->id_carrier = (int) $carrier->id; $id_carrier = (int) $carrier->id; } else { $order->id_carrier = 0; $id_carrier = 0; } $order->id_customer = (int) $this->context->cart->id_customer; $order->id_address_invoice = (int) $this->context->cart->id_address_invoice; $order->id_address_delivery = (int) $id_address; $order->id_currency = $this->context->currency->id; $order->id_lang = (int) $this->context->cart->id_lang; $order->id_cart = (int) $this->context->cart->id; $order->reference = $reference; $order->id_shop = (int) $this->context->shop->id; $order->id_shop_group = (int) $this->context->shop->id_shop_group; $order->secure_key = $secure_key ? pSQL($secure_key) : pSQL($this->context->customer->secure_key); $order->payment = $payment_method; if (isset($this->name)) { $order->module = $this->name; } $order->recyclable = $this->context->cart->recyclable; $order->gift = (int) $this->context->cart->gift; $order->gift_message = $this->context->cart->gift_message; $order->mobile_theme = $this->context->cart->mobile_theme; $order->conversion_rate = $this->context->currency->conversion_rate; $amount_paid = !$dont_touch_amount ? Tools::ps_round((double) $amount_paid, 2) : $amount_paid; $order->total_paid_real = 0; $order->total_products = (double) $this->context->cart->getOrderTotal(false, Cart::ONLY_PRODUCTS, $order->product_list, $id_carrier); $order->total_products_wt = (double) $this->context->cart->getOrderTotal(true, Cart::ONLY_PRODUCTS, $order->product_list, $id_carrier); $order->total_discounts_tax_excl = (double) abs($this->context->cart->getOrderTotal(false, Cart::ONLY_DISCOUNTS, $order->product_list, $id_carrier)); $order->total_discounts_tax_incl = (double) abs($this->context->cart->getOrderTotal(true, Cart::ONLY_DISCOUNTS, $order->product_list, $id_carrier)); $order->total_discounts = $order->total_discounts_tax_incl; $order->total_shipping_tax_excl = (double) $this->context->cart->getPackageShippingCost((int) $id_carrier, false, null, $order->product_list); $order->total_shipping_tax_incl = (double) $this->context->cart->getPackageShippingCost((int) $id_carrier, true, null, $order->product_list); $order->total_shipping = $order->total_shipping_tax_incl; if (!is_null($carrier) && Validate::isLoadedObject($carrier)) { $order->carrier_tax_rate = $carrier->getTaxesRate(new Address($this->context->cart->{Configuration::get('PS_TAX_ADDRESS_TYPE')})); } $order->total_wrapping_tax_excl = (double) abs($this->context->cart->getOrderTotal(false, Cart::ONLY_WRAPPING, $order->product_list, $id_carrier)); $order->total_wrapping_tax_incl = (double) abs($this->context->cart->getOrderTotal(true, Cart::ONLY_WRAPPING, $order->product_list, $id_carrier)); $order->total_wrapping = $order->total_wrapping_tax_incl; $order->total_paid_tax_excl = (double) Tools::ps_round((double) $this->context->cart->getOrderTotal(false, Cart::BOTH, $order->product_list, $id_carrier), _PS_PRICE_COMPUTE_PRECISION_); $order->total_paid_tax_incl = (double) Tools::ps_round((double) $this->context->cart->getOrderTotal(true, Cart::BOTH, $order->product_list, $id_carrier), _PS_PRICE_COMPUTE_PRECISION_); $order->total_paid = $order->total_paid_tax_incl; $order->round_mode = Configuration::get('PS_PRICE_ROUND_MODE'); $order->invoice_date = '0000-00-00 00:00:00'; $order->delivery_date = '0000-00-00 00:00:00'; if (self::DEBUG_MODE) { PrestaShopLogger::addLog('PaymentModule::validateOrder - Order is about to be added', 1, null, 'Cart', (int) $id_cart, true); } // Creating order $result = $order->add(); if (!$result) { PrestaShopLogger::addLog('PaymentModule::validateOrder - Order cannot be created', 3, null, 'Cart', (int) $id_cart, true); throw new PrestaShopException('Can\'t save Order'); } // Amount paid by customer is not the right one -> Status = payment error // We don't use the following condition to avoid the float precision issues : http://www.php.net/manual/en/language.types.float.php // if ($order->total_paid != $order->total_paid_real) // We use number_format in order to compare two string if ($order_status->logable && number_format($cart_total_paid, _PS_PRICE_COMPUTE_PRECISION_) != number_format($amount_paid, _PS_PRICE_COMPUTE_PRECISION_)) { $id_order_state = Configuration::get('PS_OS_ERROR'); } $order_list[] = $order; if (self::DEBUG_MODE) { PrestaShopLogger::addLog('PaymentModule::validateOrder - OrderDetail is about to be added', 1, null, 'Cart', (int) $id_cart, true); } // Insert new Order detail list using cart for the current order $order_detail = new OrderDetail(null, null, $this->context); $order_detail->createList($order, $this->context->cart, $id_order_state, $order->product_list, 0, true, $package_list[$id_address][$id_package]['id_warehouse']); $order_detail_list[] = $order_detail; if (self::DEBUG_MODE) { PrestaShopLogger::addLog('PaymentModule::validateOrder - OrderCarrier is about to be added', 1, null, 'Cart', (int) $id_cart, true); } // Adding an entry in order_carrier table if (!is_null($carrier)) { $order_carrier = new OrderCarrier(); $order_carrier->id_order = (int) $order->id; $order_carrier->id_carrier = (int) $id_carrier; $order_carrier->weight = (double) $order->getTotalWeight(); $order_carrier->shipping_cost_tax_excl = (double) $order->total_shipping_tax_excl; $order_carrier->shipping_cost_tax_incl = (double) $order->total_shipping_tax_incl; $order_carrier->add(); } } } // The country can only change if the address used for the calculation is the delivery address, and if multi-shipping is activated if (Configuration::get('PS_TAX_ADDRESS_TYPE') == 'id_address_delivery') { $this->context->country = $context_country; } if (!$this->context->country->active) { PrestaShopLogger::addLog('PaymentModule::validateOrder - Country is not active', 3, null, 'Cart', (int) $id_cart, true); throw new PrestaShopException('The order address country is not active.'); } if (self::DEBUG_MODE) { PrestaShopLogger::addLog('PaymentModule::validateOrder - Payment is about to be added', 1, null, 'Cart', (int) $id_cart, true); } // Register Payment only if the order status validate the order if ($order_status->logable) { // $order is the last order loop in the foreach // The method addOrderPayment of the class Order make a create a paymentOrder // linked to the order reference and not to the order id if (isset($extra_vars['transaction_id'])) { $transaction_id = $extra_vars['transaction_id']; } else { $transaction_id = null; } if (!$order->addOrderPayment($amount_paid, null, $transaction_id)) { PrestaShopLogger::addLog('PaymentModule::validateOrder - Cannot save Order Payment', 3, null, 'Cart', (int) $id_cart, true); throw new PrestaShopException('Can\'t save Order Payment'); } } // Next ! $only_one_gift = false; $cart_rule_used = array(); $products = $this->context->cart->getProducts(); // Make sure CarRule caches are empty CartRule::cleanCache(); foreach ($order_detail_list as $key => $order_detail) { $order = $order_list[$key]; if (!$order_creation_failed && isset($order->id)) { if (!$secure_key) { $message .= '<br />' . Tools::displayError('Warning: the secure key is empty, check your payment account before validation'); } // Optional message to attach to this order if (isset($message) & !empty($message)) { $msg = new Message(); $message = strip_tags($message, '<br>'); if (Validate::isCleanHtml($message)) { if (self::DEBUG_MODE) { PrestaShopLogger::addLog('PaymentModule::validateOrder - Message is about to be added', 1, null, 'Cart', (int) $id_cart, true); } $msg->message = $message; $msg->id_order = (int) $order->id; $msg->private = 1; $msg->add(); } } // Insert new Order detail list using cart for the current order //$orderDetail = new OrderDetail(null, null, $this->context); //$orderDetail->createList($order, $this->context->cart, $id_order_state); // Construct order detail table for the email $products_list = ''; $virtual_product = true; $ppropertiessmartprice_hook1 = null; $product_var_tpl_list = array(); foreach ($order->product_list as $product) { PP::smartyPPAssign(array('cart' => $product, 'currency' => $this->context->currency)); $price = Product::getPriceStatic((int) $product['id_product'], false, $product['id_product_attribute'] ? (int) $product['id_product_attribute'] : null, 6, null, false, true, array($product['cart_quantity'], $product['cart_quantity_fractional']), false, (int) $order->id_customer, (int) $order->id_cart, (int) $order->{Configuration::get('PS_TAX_ADDRESS_TYPE')}); $price_wt = Product::getPriceStatic((int) $product['id_product'], true, $product['id_product_attribute'] ? (int) $product['id_product_attribute'] : null, 2, null, false, true, array($product['cart_quantity'], $product['cart_quantity_fractional']), false, (int) $order->id_customer, (int) $order->id_cart, (int) $order->{Configuration::get('PS_TAX_ADDRESS_TYPE')}); $ppropertiessmartprice_hook2 = ''; $product_var_tpl = array('reference' => $product['reference'], 'name' => $product['name'] . (isset($product['attributes']) ? ' - ' . $product['attributes'] : '') . PP::smartyDisplayProductName(array('name' => '')) . $ppropertiessmartprice_hook2, 'unit_price' => PP::smartyDisplayPrice(array('price' => Product::getTaxCalculationMethod() == PS_TAX_EXC ? Tools::ps_round($price, 2) : $price_wt)), 'price' => PP::smartyDisplayPrice(array('price' => Product::getTaxCalculationMethod() == PS_TAX_EXC ? $product['total'] : $product['total_wt'], 'quantity' => (int) $product['cart_quantity'], 'm' => 'total')), 'quantity' => PP::smartyDisplayQty(array('quantity' => (int) $product['cart_quantity'])), 'customization' => array()); $customized_datas = Product::getAllCustomizedDatas((int) $order->id_cart); $productHasCustomizedDatas = Product::hasCustomizedDatas($product, $customized_datas); if ($productHasCustomizedDatas && isset($customized_datas[$product['id_product']][$product['id_product_attribute']])) { $product_var_tpl['customization'] = array(); foreach ($customized_datas[$product['id_product']][$product['id_product_attribute']][$order->id_address_delivery] as $customization) { if ($product['id_cart_product'] == $customization['id_cart_product']) { $customization_text = ''; if (isset($customization['datas'][Product::CUSTOMIZE_TEXTFIELD])) { foreach ($customization['datas'][Product::CUSTOMIZE_TEXTFIELD] as $text) { $customization_text .= $text['name'] . ': ' . $text['value'] . '<br />'; } } if (isset($customization['datas'][Product::CUSTOMIZE_FILE])) { $customization_text .= sprintf(Tools::displayError('%d image(s)'), count($customization['datas'][Product::CUSTOMIZE_FILE])) . '<br />'; } $customization_quantity = (int) $product['customization_quantity']; $product_var_tpl['customization'][] = array('customization_text' => $customization_text, 'customization_quantity' => PP::smartyDisplayQty(array('quantity' => $customization_quantity)), 'quantity' => PP::smartyDisplayPrice(array('price' => Product::getTaxCalculationMethod() == PS_TAX_EXC ? $product['total_customization'] : $product['total_customization_wt'], 'm' => 'total'))); } } } $product_var_tpl_list[] = $product_var_tpl; // Check if is not a virutal product for the displaying of shipping if (!$product['is_virtual']) { $virtual_product &= false; } } // end foreach ($products) PP::smartyPPAssign(); $product_list_txt = ''; $product_list_html = ''; if (count($product_var_tpl_list) > 0) { $product_list_txt = $this->getEmailTemplateContent('order_conf_product_list.txt', Mail::TYPE_TEXT, $product_var_tpl_list); $product_list_html = $this->getEmailTemplateContent('order_conf_product_list.tpl', Mail::TYPE_HTML, $product_var_tpl_list); } $cart_rules_list = array(); $total_reduction_value_ti = 0; $total_reduction_value_tex = 0; foreach ($cart_rules as $cart_rule) { $package = array('id_carrier' => $order->id_carrier, 'id_address' => $order->id_address_delivery, 'products' => $order->product_list); $values = array('tax_incl' => $cart_rule['obj']->getContextualValue(true, $this->context, CartRule::FILTER_ACTION_ALL_NOCAP, $package), 'tax_excl' => $cart_rule['obj']->getContextualValue(false, $this->context, CartRule::FILTER_ACTION_ALL_NOCAP, $package)); // If the reduction is not applicable to this order, then continue with the next one if (!$values['tax_excl']) { continue; } // IF // This is not multi-shipping // The value of the voucher is greater than the total of the order // Partial use is allowed // This is an "amount" reduction, not a reduction in % or a gift // THEN // The voucher is cloned with a new value corresponding to the remainder if (count($order_list) == 1 && $values['tax_incl'] > $order->total_products_wt - $total_reduction_value_ti && $cart_rule['obj']->partial_use == 1 && $cart_rule['obj']->reduction_amount > 0) { // Create a new voucher from the original $voucher = new CartRule($cart_rule['obj']->id); // We need to instantiate the CartRule without lang parameter to allow saving it unset($voucher->id); // Set a new voucher code $voucher->code = empty($voucher->code) ? Tools::substr(md5($order->id . '-' . $order->id_customer . '-' . $cart_rule['obj']->id), 0, 16) : $voucher->code . '-2'; if (preg_match('/\\-([0-9]{1,2})\\-([0-9]{1,2})$/', $voucher->code, $matches) && $matches[1] == $matches[2]) { $voucher->code = preg_replace('/' . $matches[0] . '$/', '-' . (int) ($matches[1] + 1), $voucher->code); } // Set the new voucher value if ($voucher->reduction_tax) { $voucher->reduction_amount = $total_reduction_value_ti + $values['tax_incl'] - $order->total_products_wt; // Add total shipping amout only if reduction amount > total shipping if ($voucher->free_shipping == 1 && $voucher->reduction_amount >= $order->total_shipping_tax_incl) { $voucher->reduction_amount -= $order->total_shipping_tax_incl; } } else { $voucher->reduction_amount = $total_reduction_value_tex + $values['tax_excl'] - $order->total_products; // Add total shipping amout only if reduction amount > total shipping if ($voucher->free_shipping == 1 && $voucher->reduction_amount >= $order->total_shipping_tax_excl) { $voucher->reduction_amount -= $order->total_shipping_tax_excl; } } if ($voucher->reduction_amount <= 0) { continue; } $voucher->id_customer = $order->id_customer; $voucher->quantity = 1; $voucher->quantity_per_user = 1; $voucher->free_shipping = 0; if ($voucher->add()) { // If the voucher has conditions, they are now copied to the new voucher CartRule::copyConditions($cart_rule['obj']->id, $voucher->id); $params = array('{voucher_amount}' => Tools::displayPrice($voucher->reduction_amount, $this->context->currency, false), '{voucher_num}' => $voucher->code, '{firstname}' => $this->context->customer->firstname, '{lastname}' => $this->context->customer->lastname, '{id_order}' => $order->reference, '{order_name}' => $order->getUniqReference()); Mail::Send((int) $order->id_lang, 'voucher', sprintf(Mail::l('New voucher for your order %s', (int) $order->id_lang), $order->reference), $params, $this->context->customer->email, $this->context->customer->firstname . ' ' . $this->context->customer->lastname, null, null, null, null, _PS_MAIL_DIR_, false, (int) $order->id_shop); } $values['tax_incl'] = $order->total_products_wt - $total_reduction_value_ti; $values['tax_excl'] = $order->total_products - $total_reduction_value_tex; } $total_reduction_value_ti += $values['tax_incl']; $total_reduction_value_tex += $values['tax_excl']; $order->addCartRule($cart_rule['obj']->id, $cart_rule['obj']->name, $values, 0, $cart_rule['obj']->free_shipping); if ($id_order_state != Configuration::get('PS_OS_ERROR') && $id_order_state != Configuration::get('PS_OS_CANCELED') && !in_array($cart_rule['obj']->id, $cart_rule_used)) { $cart_rule_used[] = $cart_rule['obj']->id; // Create a new instance of Cart Rule without id_lang, in order to update its quantity $cart_rule_to_update = new CartRule($cart_rule['obj']->id); $cart_rule_to_update->quantity = max(0, $cart_rule_to_update->quantity - 1); $cart_rule_to_update->update(); } $cart_rules_list[] = array('voucher_name' => $cart_rule['obj']->name, 'voucher_reduction' => ($values['tax_incl'] != 0.0 ? '-' : '') . Tools::displayPrice($values['tax_incl'], $this->context->currency, false)); } $cart_rules_list_txt = ''; $cart_rules_list_html = ''; if (count($cart_rules_list) > 0) { $cart_rules_list_txt = $this->getEmailTemplateContent('order_conf_cart_rules.txt', Mail::TYPE_TEXT, $cart_rules_list); $cart_rules_list_html = $this->getEmailTemplateContent('order_conf_cart_rules.tpl', Mail::TYPE_HTML, $cart_rules_list); } // Specify order id for message $old_message = Message::getMessageByCartId((int) $this->context->cart->id); if ($old_message) { $update_message = new Message((int) $old_message['id_message']); $update_message->id_order = (int) $order->id; $update_message->update(); // Add this message in the customer thread $customer_thread = new CustomerThread(); $customer_thread->id_contact = 0; $customer_thread->id_customer = (int) $order->id_customer; $customer_thread->id_shop = (int) $this->context->shop->id; $customer_thread->id_order = (int) $order->id; $customer_thread->id_lang = (int) $this->context->language->id; $customer_thread->email = $this->context->customer->email; $customer_thread->status = 'open'; $customer_thread->token = Tools::passwdGen(12); $customer_thread->add(); $customer_message = new CustomerMessage(); $customer_message->id_customer_thread = $customer_thread->id; $customer_message->id_employee = 0; $customer_message->message = $update_message->message; $customer_message->private = 0; if (!$customer_message->add()) { $this->errors[] = Tools::displayError('An error occurred while saving message'); } } if (self::DEBUG_MODE) { PrestaShopLogger::addLog('PaymentModule::validateOrder - Hook validateOrder is about to be called', 1, null, 'Cart', (int) $id_cart, true); } // Hook validate order Hook::exec('actionValidateOrder', array('cart' => $this->context->cart, 'order' => $order, 'customer' => $this->context->customer, 'currency' => $this->context->currency, 'orderStatus' => $order_status)); foreach ($this->context->cart->getProducts() as $product) { if ($order_status->logable) { ProductSale::addProductSale((int) $product['id_product'], (int) $product['cart_quantity']); } } if (self::DEBUG_MODE) { PrestaShopLogger::addLog('PaymentModule::validateOrder - Order Status is about to be added', 1, null, 'Cart', (int) $id_cart, true); } // Set the order status $new_history = new OrderHistory(); $new_history->id_order = (int) $order->id; $new_history->changeIdOrderState((int) $id_order_state, $order, true); $new_history->addWithemail(true, $extra_vars); // Switch to back order if needed if (Configuration::get('PS_STOCK_MANAGEMENT') && $order_detail->getStockState()) { $history = new OrderHistory(); $history->id_order = (int) $order->id; $history->changeIdOrderState(Configuration::get($order->valid ? 'PS_OS_OUTOFSTOCK_PAID' : 'PS_OS_OUTOFSTOCK_UNPAID'), $order, true); $history->addWithemail(); } unset($order_detail); // Order is reloaded because the status just changed $order = new Order($order->id); // Send an e-mail to customer (one order = one email) if ($id_order_state != Configuration::get('PS_OS_ERROR') && $id_order_state != Configuration::get('PS_OS_CANCELED') && $this->context->customer->id) { $invoice = new Address($order->id_address_invoice); $delivery = new Address($order->id_address_delivery); $delivery_state = $delivery->id_state ? new State($delivery->id_state) : false; $invoice_state = $invoice->id_state ? new State($invoice->id_state) : false; $data = array('{firstname}' => $this->context->customer->firstname, '{lastname}' => $this->context->customer->lastname, '{email}' => $this->context->customer->email, '{delivery_block_txt}' => $this->_getFormatedAddress($delivery, "\n"), '{invoice_block_txt}' => $this->_getFormatedAddress($invoice, "\n"), '{delivery_block_html}' => $this->_getFormatedAddress($delivery, '<br />', array('firstname' => '<span style="font-weight:bold;">%s</span>', 'lastname' => '<span style="font-weight:bold;">%s</span>')), '{invoice_block_html}' => $this->_getFormatedAddress($invoice, '<br />', array('firstname' => '<span style="font-weight:bold;">%s</span>', 'lastname' => '<span style="font-weight:bold;">%s</span>')), '{delivery_company}' => $delivery->company, '{delivery_firstname}' => $delivery->firstname, '{delivery_lastname}' => $delivery->lastname, '{delivery_address1}' => $delivery->address1, '{delivery_address2}' => $delivery->address2, '{delivery_city}' => $delivery->city, '{delivery_postal_code}' => $delivery->postcode, '{delivery_country}' => $delivery->country, '{delivery_state}' => $delivery->id_state ? $delivery_state->name : '', '{delivery_phone}' => $delivery->phone ? $delivery->phone : $delivery->phone_mobile, '{delivery_other}' => $delivery->other, '{invoice_company}' => $invoice->company, '{invoice_vat_number}' => $invoice->vat_number, '{invoice_firstname}' => $invoice->firstname, '{invoice_lastname}' => $invoice->lastname, '{invoice_address2}' => $invoice->address2, '{invoice_address1}' => $invoice->address1, '{invoice_city}' => $invoice->city, '{invoice_postal_code}' => $invoice->postcode, '{invoice_country}' => $invoice->country, '{invoice_state}' => $invoice->id_state ? $invoice_state->name : '', '{invoice_phone}' => $invoice->phone ? $invoice->phone : $invoice->phone_mobile, '{invoice_other}' => $invoice->other, '{order_name}' => $order->getUniqReference(), '{date}' => Tools::displayDate(date('Y-m-d H:i:s'), null, 1), '{carrier}' => $virtual_product || !isset($carrier->name) ? Tools::displayError('No carrier') : $carrier->name, '{payment}' => Tools::substr($order->payment, 0, 32), '{products}' => $product_list_html, '{products_txt}' => $product_list_txt, '{discounts}' => $cart_rules_list_html, '{discounts_txt}' => $cart_rules_list_txt, '{total_paid}' => Tools::displayPrice($order->total_paid, $this->context->currency, false), '{total_products}' => Tools::displayPrice($order->total_paid - $order->total_shipping - $order->total_wrapping + $order->total_discounts, $this->context->currency, false), '{total_discounts}' => Tools::displayPrice($order->total_discounts, $this->context->currency, false), '{total_shipping}' => Tools::displayPrice($order->total_shipping, $this->context->currency, false), '{total_wrapping}' => Tools::displayPrice($order->total_wrapping, $this->context->currency, false), '{total_tax_paid}' => Tools::displayPrice($order->total_products_wt - $order->total_products + ($order->total_shipping_tax_incl - $order->total_shipping_tax_excl), $this->context->currency, false)); if (is_array($extra_vars)) { $data = array_merge($data, $extra_vars); } // Join PDF invoice if ((int) Configuration::get('PS_INVOICE') && $order_status->invoice && $order->invoice_number) { $pdf = new PDF($order->getInvoicesCollection(), PDF::TEMPLATE_INVOICE, $this->context->smarty); $file_attachement = array(); $file_attachement['content'] = $pdf->render(false); $file_attachement['name'] = Configuration::get('PS_INVOICE_PREFIX', (int) $order->id_lang, null, $order->id_shop) . sprintf('%06d', $order->invoice_number) . '.pdf'; $file_attachement['mime'] = 'application/pdf'; } else { $file_attachement = null; } if (self::DEBUG_MODE) { PrestaShopLogger::addLog('PaymentModule::validateOrder - Mail is about to be sent', 1, null, 'Cart', (int) $id_cart, true); } if (Validate::isEmail($this->context->customer->email)) { Mail::Send((int) $order->id_lang, 'order_conf', Mail::l('Order confirmation', (int) $order->id_lang), $data, $this->context->customer->email, $this->context->customer->firstname . ' ' . $this->context->customer->lastname, null, null, $file_attachement, null, _PS_MAIL_DIR_, false, (int) $order->id_shop); } } // updates stock in shops if (Configuration::get('PS_ADVANCED_STOCK_MANAGEMENT')) { $product_list = $order->getProducts(); foreach ($product_list as $product) { // if the available quantities depends on the physical stock if (StockAvailable::dependsOnStock($product['product_id'])) { // synchronizes StockAvailable::synchronize($product['product_id'], $order->id_shop); } } } } else { $error = Tools::displayError('Order creation failed'); PrestaShopLogger::addLog($error, 4, '0000002', 'Cart', (int) $order->id_cart); die($error); } } // End foreach $order_detail_list // Update Order Details Tax in case cart rules have free shipping foreach ($order->getOrderDetailList() as $detail) { $order_detail = new OrderDetail($detail['id_order_detail']); $order_detail->updateTaxAmount($order); } // Use the last order as currentOrder if (isset($order) && $order->id) { $this->currentOrder = (int) $order->id; } if (self::DEBUG_MODE) { PrestaShopLogger::addLog('PaymentModule::validateOrder - End of validateOrder', 1, null, 'Cart', (int) $id_cart, true); } return true; } else { $error = Tools::displayError('Cart cannot be loaded or an order has already been placed using this cart'); PrestaShopLogger::addLog($error, 4, '0000001', 'Cart', (int) $this->context->cart->id); die($error); } }
private function _addNewPrivateMessage($id_order, $message) { if (!$id_order) { return false; } $msg = new Message(); $message = strip_tags($message, '<br>'); if (!Validate::isCleanHtml($message)) { $message = $this->l('Payment message is not valid, please check your module.'); } $msg->message = $message; $msg->id_order = (int) $id_order; $msg->private = 1; return $msg->add(); }
/** * Process vadiation before saving data */ private function _postValidation() { if (!Validate::isCleanHtml(Tools::getValue('module_height'))) { $this->_postErrors[] = $this->l('The module height you entered was not allowed, sorry'); } }
private function _postProcess() { $errors = array(); if (Tools::isSubmit('submitMoreOptions')) { if (Tools::getValue('date_format') == '' or !Validate::isCleanHtml(Tools::getValue('date_format'))) { $errors[] = $this->l('Date format is invalid'); } if (!sizeof($errors)) { Configuration::updateValue('DOD_EXTRA_TIME_PRODUCT_OOS', (int) Tools::getValue('extra_time_product_oos')); Configuration::updateValue('DOD_EXTRA_TIME_PREPARATION', (int) Tools::getValue('extra_time_preparation')); Configuration::updateValue('DOD_PREPARATION_SATURDAY', (int) Tools::isSubmit('preparation_saturday')); Configuration::updateValue('DOD_PREPARATION_SUNDAY', (int) Tools::isSubmit('preparation_sunday')); Configuration::updateValue('DOD_DATE_FORMAT', Tools::getValue('date_format')); $this->_html .= $this->displayConfirmation($this->l('Settings are updated')); } else { $this->_html .= $this->displayError(implode('<br />', $errors)); } } if (Tools::isSubmit('submitCarrierRule')) { if (!Validate::isUnsignedInt(Tools::getValue('minimal_time'))) { $errors[] = $this->l('Minimum time is invalid'); } if (!Validate::isUnsignedInt(Tools::getValue('maximal_time'))) { $errors[] = $this->l('Maximum time is invalid'); } if ($carrier = new Carrier((int) Tools::getValue('id_carrier')) and !Validate::isLoadedObject($carrier)) { $errors[] = $this->l('Carrier is invalid'); } if ($this->_isAlreadyDefinedForCarrier((int) $carrier->id, (int) Tools::getValue('id_carrier_rule', 0))) { $errors[] = $this->l('You cannot use this carrier, a rule has already been saved.'); } if (!sizeof($errors)) { if (Tools::isSubmit('addCarrierRule')) { if (Db::getInstance()->execute(' INSERT INTO `' . _DB_PREFIX_ . 'dateofdelivery_carrier_rule`(`id_carrier`, `minimal_time`, `maximal_time`, `delivery_saturday`, `delivery_sunday`) VALUES (' . (int) $carrier->id . ', ' . (int) Tools::getValue('minimal_time') . ', ' . (int) Tools::getValue('maximal_time') . ', ' . (int) Tools::isSubmit('delivery_saturday') . ', ' . (int) Tools::isSubmit('delivery_sunday') . ') ')) { Tools::redirectAdmin(AdminController::$currentIndex . '&configure=' . $this->name . '&token=' . Tools::getAdminTokenLite('AdminModules') . '&confirmAddCarrierRule'); } else { $this->_html .= $this->displayError($this->l('An error occurred on adding of carrier rule.')); } } else { if (Db::getInstance()->execute(' UPDATE `' . _DB_PREFIX_ . 'dateofdelivery_carrier_rule` SET `id_carrier` = ' . (int) $carrier->id . ', `minimal_time` = ' . (int) Tools::getValue('minimal_time') . ', `maximal_time` = ' . (int) Tools::getValue('maximal_time') . ', `delivery_saturday` = ' . (int) Tools::isSubmit('delivery_saturday') . ', `delivery_sunday` = ' . (int) Tools::isSubmit('delivery_sunday') . ' WHERE `id_carrier_rule` = ' . (int) Tools::getValue('id_carrier_rule'))) { Tools::redirectAdmin(AdminController::$currentIndex . '&configure=' . $this->name . '&token=' . Tools::getAdminTokenLite('AdminModules') . '&confirmEditCarrierRule'); } else { $this->_html .= $this->displayError($this->l('An error occurred on updating of carrier rule.')); } } } else { $this->_html .= $this->displayError(implode('<br />', $errors)); } } if (Tools::isSubmit('deleteCarrierRule') and Tools::isSubmit('id_carrier_rule') and (int) Tools::getValue('id_carrier_rule') and $this->_isCarrierRuleExists((int) Tools::getValue('id_carrier_rule'))) { $this->_deleteByIdCarrierRule((int) Tools::getValue('id_carrier_rule')); $this->_html .= $this->displayConfirmation($this->l('Carrier rule deleted successfully')); } if (Tools::isSubmit('confirmAddCarrierRule')) { $this->_html = $this->displayConfirmation($this->l('Carrier rule added successfully')); } if (Tools::isSubmit('confirmEditCarrierRule')) { $this->_html = $this->displayConfirmation($this->l('Carrier rule updated successfully')); } }
/** * Update shop SSL domain (for mono shop) */ public function updateOptionDomainSsl($value) { if (!Shop::isFeatureActive() && $this->url && $this->url->domain_ssl != $value) { if (Validate::isCleanHtml($value)) { $this->url->domain_ssl = $value; $this->url->update(); Configuration::updateGlobalValue('PS_SHOP_DOMAIN_SSL', $value); } else { $this->errors[] = Tools::displayError('The SSL domain is not valid.'); } } }
/** * Retrieves the id associated to the given code * * @static * @param string $code * @return int|bool */ public static function getIdByCode($code) { if (!Validate::isCleanHtml($code)) { return false; } return Db::getInstance(_PS_USE_SQL_SLAVE_)->getValue('SELECT `id_cart_rule` FROM `' . _DB_PREFIX_ . 'cart_rule` WHERE `code` = \'' . pSQL($code) . '\''); }
public static function create_category($parent, $name, $linkRewrite, $description = '', $meta_title = '', $meta_description = '', $meta_keywords = '') { $configuration = PS_CLI_CONFIGURE::getConfigurationInstance(); $category = new CMSCategory(); if (!Validate::isUnsignedId($parent)) { echo "Error, {$parent} is not a valid category ID\n"; return false; } $parentCat = new CMSCategory($parent); if (!Validate::isloadedObject($parentCat)) { echo "Error: category {$parentCat} does not exists\n"; return false; } $category->id_parent = $parent; if (!Validate::isName($name)) { echo "Error, {$name} is not a valid category name\n"; return false; } $category->name = array($configuration->lang => $name); if (!Validate::isLinkRewrite($linkRewrite)) { echo "Error, {$linkRewrite} is not a valid link rewrite\n"; return false; } $category->link_rewrite = array($configuration->lang => $linkRewrite); if (!Validate::isCleanHtml($description)) { echo "Warning, {$description} is not a valid category description\n"; $description = ''; } $category->description = array($configuration->lang => $description); if (!Validate::isGenericName($meta_title)) { echo "Warning, {$meta_title} is not a valid value for meta_title\n"; $meta_title = ''; } $category->meta_title = array($configuration->lang => $meta_title); if (!Validate::isGenericName($meta_description)) { echo "Warning, {$meta_description} is not a valid value for meta_description\n"; $meta_description = ''; } $category->meta_description = array($configuration->lang => $meta_description); if (!Validate::isGenericName($meta_keywords)) { echo "Warning, {$meta_keywords} is not a valid value for meta_keywords\n"; $meta_keywords = ''; } $category->meta_keywords = array($configuration->lang => $meta_keywords); if ($category->add()) { if ($configuration->porcelain) { echo $category->id_cms_category; } else { echo "Successfully created category {$category->id_cms_category}\n"; } return true; } else { echo "Error, could not create category {$name}\n"; return false; } }
public function ajaxProcessGetBlogRss() { $return = array('has_errors' => false, 'rss' => array()); if (!$this->isFresh('/config/xml/blog-' . $this->context->language->iso_code . '.xml', 86400)) { if (!$this->refresh('/config/xml/blog-' . $this->context->language->iso_code . '.xml', _PS_API_URL_ . '/rss/blog/blog-' . $this->context->language->iso_code . '.xml')) { $return['has_errors'] = true; } } if (!$return['has_errors']) { $rss = @simplexml_load_file(_PS_ROOT_DIR_ . '/config/xml/blog-' . $this->context->language->iso_code . '.xml'); if (!$rss) { $return['has_errors'] = true; } $articles_limit = 2; if ($rss) { foreach ($rss->channel->item as $item) { if ($articles_limit > 0 && Validate::isCleanHtml((string) $item->title) && Validate::isCleanHtml((string) $item->description) && isset($item->link) && isset($item->title)) { if (in_array($this->context->mode, array(Context::MODE_HOST, Context::MODE_HOST_CONTRIB))) { $utm_content = 'cloud'; } else { $utm_content = 'download'; } $shop_default_country_id = (int) Configuration::get('PS_COUNTRY_DEFAULT'); $shop_default_iso_country = (string) Tools::strtoupper(Country::getIsoById($shop_default_country_id)); $analytics_params = array('utm_source' => 'back-office', 'utm_medium' => 'rss', 'utm_campaign' => 'back-office-' . $shop_default_iso_country, 'utm_content' => $utm_content); $url_query = parse_url($item->link, PHP_URL_QUERY); parse_str($url_query, $link_query_params); if ($link_query_params) { $full_url_params = array_merge($link_query_params, $analytics_params); $base_url = explode('?', (string) $item->link); $base_url = (string) $base_url[0]; $article_link = $base_url . '?' . http_build_query($full_url_params); } else { $article_link = (string) $item->link . '?' . http_build_query($analytics_params); } $return['rss'][] = array('date' => Tools::displayDate(date('Y-m-d', strtotime((string) $item->pubDate))), 'title' => (string) Tools::htmlentitiesUTF8($item->title), 'short_desc' => Tools::truncateString(strip_tags((string) $item->description), 150), 'link' => (string) $article_link); } else { break; } $articles_limit--; } } } die(Tools::jsonEncode($return)); }
/** * Options lists */ public function displayOptionsList() { global $currentIndex, $cookie, $tab; if (!isset($this->_fieldsOptions) or !sizeof($this->_fieldsOptions)) { return false; } $defaultLanguage = (int) Configuration::get('PS_LANG_DEFAULT'); $this->_languages = Language::getLanguages(false); $tab = Tab::getTab((int) $cookie->id_lang, Tab::getIdFromClassName($tab)); echo '<br /><br />'; echo isset($this->optionTitle) ? '<h2>' . $this->optionTitle . '</h2>' : ''; echo ' <script type="text/javascript"> id_language = Number(' . $defaultLanguage . '); </script> <form action="' . $currentIndex . '" id="' . $tab['name'] . '" name="' . $tab['name'] . '" method="post"> <fieldset>'; echo isset($this->optionTitle) ? '<legend> <img src="' . (!empty($tab['module']) && file_exists($_SERVER['DOCUMENT_ROOT'] . _MODULE_DIR_ . $tab['module'] . '/' . $tab['class_name'] . '.gif') ? _MODULE_DIR_ . $tab['module'] . '/' : '../img/t/') . $tab['class_name'] . '.gif" />' . $this->optionTitle . '</legend>' : ''; foreach ($this->_fieldsOptions as $key => $field) { $val = Tools::getValue($key, Configuration::get($key)); if ($field['type'] != 'textLang') { if (!Validate::isCleanHtml($val)) { $val = Configuration::get($key); } } echo '<label>' . $field['title'] . ' </label> <div class="margin-form">'; switch ($field['type']) { case 'select': echo '<select name="' . $key . '">'; foreach ($field['list'] as $value) { echo '<option value="' . (isset($field['cast']) ? $field['cast']($value[$field['identifier']]) : $value[$field['identifier']]) . '"' . ($val == $value[$field['identifier']] ? ' selected="selected"' : '') . '>' . $value['name'] . '</option>'; } echo '</select>'; break; case 'bool': echo '<label class="t" for="' . $key . '_on"><img src="../img/admin/enabled.gif" alt="' . $this->l('Yes') . '" title="' . $this->l('Yes') . '" /></label> <input type="radio" name="' . $key . '" id="' . $key . '_on" value="1"' . ($val ? ' checked="checked"' : '') . ' /> <label class="t" for="' . $key . '_on"> ' . $this->l('Yes') . '</label> <label class="t" for="' . $key . '_off"><img src="../img/admin/disabled.gif" alt="' . $this->l('No') . '" title="' . $this->l('No') . '" style="margin-left: 10px;" /></label> <input type="radio" name="' . $key . '" id="' . $key . '_off" value="0" ' . (!$val ? 'checked="checked"' : '') . '/> <label class="t" for="' . $key . '_off"> ' . $this->l('No') . '</label>'; break; case 'textLang': foreach ($this->_languages as $language) { $val = Tools::getValue($key . '_' . $language['id_lang'], Configuration::get($key, $language['id_lang'])); if (!Validate::isCleanHtml($val)) { $val = Configuration::get($key); } echo ' <div id="' . $key . '_' . $language['id_lang'] . '" style="display: ' . ($language['id_lang'] == $defaultLanguage ? 'block' : 'none') . '; float: left;"> <input size="' . $field['size'] . '" type="text" name="' . $key . '_' . $language['id_lang'] . '" value="' . $val . '" /> </div>'; } $this->displayFlags($this->_languages, $defaultLanguage, $key, $key); echo '<br style="clear:both">'; break; case 'textareaLang': foreach ($this->_languages as $language) { $val = Configuration::get($key, $language['id_lang']); echo ' <div id="' . $key . '_' . $language['id_lang'] . '" style="display: ' . ($language['id_lang'] == $defaultLanguage ? 'block' : 'none') . '; float: left;"> <textarea rows="' . (int) $field['rows'] . '" cols="' . (int) $field['cols'] . '" name="' . $key . '_' . $language['id_lang'] . '">' . str_replace('\\r\\n', "\n", $val) . '</textarea> </div>'; } $this->displayFlags($this->_languages, $defaultLanguage, $key, $key); echo '<br style="clear:both">'; break; case 'text': default: echo '<input type="text" name="' . $key . '" value="' . $val . '" size="' . $field['size'] . '" />' . (isset($field['suffix']) ? $field['suffix'] : ''); } if (isset($field['required']) and $field['required']) { echo ' <sup>*</sup>'; } echo isset($field['desc']) ? '<p>' . $field['desc'] . '</p>' : ''; echo '</div>'; } echo '<div class="margin-form"> <input type="submit" value="' . $this->l(' Save ') . '" name="submitOptions' . $this->table . '" class="button" /> </div> </fieldset> <input type="hidden" name="token" value="' . $this->token . '" /> </form>'; }
public function ajaxProcessAddAttachment() { if (isset($_FILES['attachment_file'])) { if ((int) $_FILES['attachment_file']['error'] === 1) { $_FILES['attachment_file']['error'] = array(); $max_upload = (int) ini_get('upload_max_filesize'); $max_post = (int) ini_get('post_max_size'); $upload_mb = min($max_upload, $max_post); $_FILES['attachment_file']['error'][] = sprintf($this->l('File %1$s exceeds the size allowed by the server. The limit is set to %2$d MB.'), '<b>' . $_FILES['attachment_file']['name'] . '</b> ', '<b>' . $upload_mb . '</b>'); } $_FILES['attachment_file']['error'] = array(); $is_attachment_name_valid = false; $attachment_names = Tools::getValue('attachment_name'); $attachment_descriptions = Tools::getValue('attachment_description'); if (!isset($attachment_names) || !$attachment_names) { $attachment_names = array(); } if (!isset($attachment_descriptions) || !$attachment_descriptions) { $attachment_descriptions = array(); } foreach ($attachment_names as $lang => $name) { $language = Language::getLanguage((int) $lang); if (Tools::strlen($name) > 0) { $is_attachment_name_valid = true; } if (!Validate::isGenericName($name)) { $_FILES['attachment_file']['error'][] = sprintf(Tools::displayError('Invalid name for %s language'), $language['name']); } elseif (Tools::strlen($name) > 32) { $_FILES['attachment_file']['error'][] = sprintf(Tools::displayError('The name for %1s language is too long (%2d chars max).'), $language['name'], 32); } } foreach ($attachment_descriptions as $lang => $description) { $language = Language::getLanguage((int) $lang); if (!Validate::isCleanHtml($description)) { $_FILES['attachment_file']['error'][] = sprintf(Tools::displayError('Invalid description for %s language'), $language['name']); } } if (!$is_attachment_name_valid) { $_FILES['attachment_file']['error'][] = Tools::displayError('An attachment name is required.'); } if (empty($_FILES['attachment_file']['error'])) { if (is_uploaded_file($_FILES['attachment_file']['tmp_name'])) { if ($_FILES['attachment_file']['size'] > Configuration::get('PS_ATTACHMENT_MAXIMUM_SIZE') * 1024 * 1024) { $_FILES['attachment_file']['error'][] = sprintf($this->l('The file is too large. Maximum size allowed is: %1$d kB. The file you\'re trying to upload is: %2$d kB.'), Configuration::get('PS_ATTACHMENT_MAXIMUM_SIZE') * 1024, number_format($_FILES['attachment_file']['size'] / 1024, 2, '.', '')); } else { do { $uniqid = sha1(microtime()); } while (file_exists(_PS_DOWNLOAD_DIR_ . $uniqid)); if (!copy($_FILES['attachment_file']['tmp_name'], _PS_DOWNLOAD_DIR_ . $uniqid)) { $_FILES['attachment_file']['error'][] = $this->l('File copy failed'); } @unlink($_FILES['attachment_file']['tmp_name']); } } else { $_FILES['attachment_file']['error'][] = Tools::displayError('The file is missing.'); } if (empty($_FILES['attachment_file']['error']) && isset($uniqid)) { $attachment = new Attachment(); foreach ($attachment_names as $lang => $name) { $attachment->name[(int) $lang] = $name; } foreach ($attachment_descriptions as $lang => $description) { $attachment->description[(int) $lang] = $description; } $attachment->file = $uniqid; $attachment->mime = $_FILES['attachment_file']['type']; $attachment->file_name = $_FILES['attachment_file']['name']; if (empty($attachment->mime) || Tools::strlen($attachment->mime) > 128) { $_FILES['attachment_file']['error'][] = Tools::displayError('Invalid file extension'); } if (!Validate::isGenericName($attachment->file_name)) { $_FILES['attachment_file']['error'][] = Tools::displayError('Invalid file name'); } if (Tools::strlen($attachment->file_name) > 128) { $_FILES['attachment_file']['error'][] = Tools::displayError('The file name is too long.'); } if (empty($this->errors)) { $res = $attachment->add(); if (!$res) { $_FILES['attachment_file']['error'][] = Tools::displayError('This attachment was unable to be loaded into the database.'); } else { $_FILES['attachment_file']['id_attachment'] = $attachment->id; $_FILES['attachment_file']['filename'] = $attachment->name[$this->context->employee->id_lang]; $id_product = (int) Tools::getValue($this->identifier); $res = $attachment->attachProduct($id_product); if (!$res) { $_FILES['attachment_file']['error'][] = Tools::displayError('We were unable to associate this attachment to a product.'); } } } else { $_FILES['attachment_file']['error'][] = Tools::displayError('Invalid file'); } } } die(Tools::jsonEncode($_FILES)); } }