function controlToHTML($name, $label)
{
$opts_template = get_template_for_action('common', 'configopts', null);
$opts_template->assign('opts', $this->opts);
$html = '
<div class="yui-skin-sam">
<div id="demo">
<div id="leftopts">';
$html .= $opts_template->render();
$html .= '</div>
</div>
</div>
';
$script = "\n\t\t\tvar cp = new configPanel(" . $this->title . ", 'leftopts', '" . $this->welcome . "', 750, 450);\n\t\t cp.fire();\n\t\t";
expJavascript::pushToFoot(array("unique" => 'cfgmgr', "yui2mods" => 'dragdrop,element,animation,resize,layout', "yui3mods" => null, "content" => '//comment', "src" => PATH_RELATIVE . 'framework/core/assets/js/exp-layout.js'));
return $html;
}
function processQuickPay()
{
global $order, $template;
// reuse the confirm action's template
$template = get_template_for_action($this, 'confirm', $this->loc);
if (!empty($this->params['billing'])) {
$billing = new billing();
$billing->billingmethod->setAddress($this->params['billing']);
}
if (!empty($this->params['shipping'])) {
die('NEED TO IMPLEMENT THE SHIPPING PIECE!!');
//TODO
$shipping = new shipping();
$shipping->shippingingmethod->setAddress($this->params['shipping']);
assign_to_template(array('shipping' => $shipping));
}
$opts = $billing->calculator->userFormUpdate($this->params);
$order->calculateGrandTotal();
expSession::set('billing_options', $opts);
assign_to_template(array('billing' => $billing, 'order' => $order, 'total' => $order->total, 'billinginfo' => $billing->calculator->userView($opts), 'nologin' => 1));
}
function process_orders()
{
/*
Testing
*/
/*echo "Here?";
$inv = 30234;
$req = 'a29f9shsgh32hsf80s7';
$amt = 101.00;
for($count=1;$count<=25;$count+=2)
{
$data[2] = $inv + $count;
$amt += $count*$count;
$successSet[$count]['message'] = "Sucessfully imported row " . $count . ", order: " . $data[2] . "<br/>";
$successSet[$count]['order_id'] = $data[2];
$successSet[$count]['amount'] = $amt;
$successSet[$count]['request_id'] = $req;
$successSet[$count]['reference_id'] = $req;
$successSet[$count]['authorization_code'] = $req;
$successSet[$count]['shipping_tracking_number'] = '1ZNF453937547';
$successSet[$count]['carrier'] = 'UPS';
}
for($count=2;$count<=25;$count+=2)
{
$data[2] = $inv + $count;
$amt += $count*$count;
$errorSet[$count]['error_code'] = '42';
$errorSet[$count]['message'] = "No go for some odd reason. Try again.";
$errorSet[$count]['order_id'] = $data[2];
$errorSet[$count]['amount'] = $amt;
}
assign_to_template(array('errorSet'=>$errorSet, 'successSet'=>$successSet));
return;*/
###########
global $db;
$template = get_template_for_action(new orderController(), 'setStatus', $this->loc);
//eDebug($_FILES);
//eDebug($this->params,true);
set_time_limit(0);
//$file = new expFile($this->params['expFile']['batch_process_upload'][0]);
if (!empty($_FILES['batch_upload_file']['error'])) {
flash('error', gt('There was an error uploading your file. Please try again.'));
redirect_to(array('controller' => 'store', 'action' => 'batch_process'));
}
$file->path = $_FILES['batch_upload_file']['tmp_name'];
echo "Validating file...<br/>";
$checkhandle = fopen($file->path, "r");
$checkdata = fgetcsv($checkhandle, 10000, ",");
$fieldCount = count($checkdata);
$count = 1;
while (($checkdata = fgetcsv($checkhandle, 10000, ",")) !== FALSE) {
$count++;
if (count($checkdata) != $fieldCount) {
echo "Line " . $count . " of your CSV import file does not contain the correct number of columns.<br/>";
echo "Found " . $fieldCount . " header fields, but only " . count($checkdata) . " field in row " . $count . " Please check your file and try again.";
exit;
}
}
fclose($checkhandle);
echo "<br/>CSV File passed validation...<br/><br/>Detecting carrier type....<br/>";
//exit();
$handle = fopen($file->path, "r");
$data = fgetcsv($handle, 10000, ",");
//eDebug($data);
$dataset = array();
$carrier = '';
if (trim($data[0]) == 'ShipmentInformationShipmentID') {
echo "Detected UPS file...<br/>";
$carrier = "UPS";
$carrierTrackingLink = "http://wwwapps.ups.com/etracking/tracking.cgi?TypeOfInquiryNumber=T&InquiryNumber1=";
} elseif (trim($data[0]) == 'PIC') {
echo "Detected United States Post Service file...<br/>";
$carrier = "USPS";
$carrierTrackingLink = "http://trkcnfrm1.smi.usps.com/PTSInternetWeb/InterLabelInquiry.do?origTrackNum=";
}
//eDebug($carrier);
$count = 1;
$errorSet = array();
$successSet = array();
$oo = new order();
while (($data = fgetcsv($handle, 10000, ",")) !== FALSE) {
$count++;
$originalOrderId = $data[2];
$data[2] = intval($data[2]);
$order = null;
$bm = null;
$transactionState = null;
//check for valid order number - if not present or not order, fail and continue with next record
if (isset($data[2]) && !empty($data[2])) {
$order = $oo->findBy('invoice_id', $data[2]);
if (empty($order->id)) {
$errorSet[$count]['message'] = $originalOrderId . " is not a valid order in this system.";
$errorSet[$count]['order_id'] = $originalOrderId;
continue;
}
} else {
$errorSet[$count]['message'] = "Row " . $count . " has no order number.";
$errorSet[$count]['order_id'] = "N/A";
continue;
}
/*we have a valid order, so let's see what we can do: */
//set status of order to var
$currentStat = $order->order_status;
//eDebug($currentStat,true);
//-- check the order for a closed status - if so, do NOT process or set shipping
if ($currentStat->treat_as_closed == true) {
$errorSet[$count]['message'] = "This is currently a closed order. Not processing.";
$errorSet[$count]['order_id'] = $data[2];
continue;
}
//ok, if we made it here we have a valid order that is "open"
//we'll try to capture the transaction if it's in an authorized state, but set shipping regardless
if (isset($order->billingmethod[0])) {
$bm = $order->billingmethod[0];
$transactionState = $bm->transaction_state;
} else {
$bm = null;
$transactionState = '';
}
if ($transactionState == 'authorized') {
//eDebug($order,true);
$calc = $bm->billingcalculator->calculator;
$calc->config = $bm->billingcalculator->config;
if (method_exists($calc, 'delayed_capture')) {
//$result = $calc->delayed_capture($bm,$bm->billing_cost);
$result = $calc->delayed_capture($bm, $order->grand_total);
if ($result->errorCode == 0) {
//we've succeeded. transaction already created and billing info updated.
//just need to set the order shipping info, check and see if we send user an email, and set statuses.
//shipping info:
$successSet[$count]['order_id'] = $data[2];
$successSet[$count]['message'] = "Sucessfully captured order " . $data[2] . " and set shipping information.";
$successSet[$count]['amount'] = $order->grand_total;
$successSet[$count]['request_id'] = $result->request_id;
$successSet[$count]['reference_id'] = $result->PNREF;
$successSet[$count]['authorization_code'] = $result->AUTHCODE;
$successSet[$count]['shipping_tracking_number'] = $data[0];
$successSet[$count]['carrier'] = $carrier;
} else {
//failed capture, so we report the error but still set the shipping information
//because it's already out the door
//$failMessage = "Attempted to delay capture order " . $data[2] . " and it failed with the following error: " . $result->errorCode . " - " .$result->message;
//if the user seelected to set a different status for failed orders, set it here.
/*if(isset($this->params['order_status_fail'][0]) && $this->params['order_status_fail'][0] > -1)
{
$change = new order_status_changes();
// save the changes
$change->from_status_id = $order->order_status_id;
//$change->comment = $this->params['comment'];
$change->to_status_id = $this->params['order_status_fail'][0];
$change->orders_id = $order->id;
$change->save();
// update the status of the order
$order->order_status_id = $this->params['order_status_fail'][0];
$order->save();
}*/
$errorSet[$count]['error_code'] = $result->errorCode;
$errorSet[$count]['message'] = "Capture failed: " . $result->message . "<br/>Setting shipping information.";
$errorSet[$count]['order_id'] = $data[2];
$errorSet[$count]['amount'] = $order->grand_total;
$errorSet[$count]['shipping_tracking_number'] = $data[0];
$errorSet[$count]['carrier'] = $carrier;
//continue;
}
} else {
//dont suppose we do anything here, as it may be set to approved manually
//$errorSet[$count] = "Order " . $data[2] . " does not use a billing method with delayed capture ability.";
$successSet[$count]['message'] = 'No capture processing available for order:' . $data[2] . '. Setting shipping information.';
$successSet[$count]['order_id'] = $data[2];
$successSet[$count]['amount'] = $order->grand_total;
$successSet[$count]['shipping_tracking_number'] = $data[0];
$successSet[$count]['carrier'] = $carrier;
}
} else {
$successSet[$count]['message'] = 'No processing necessary for order:' . $data[2] . '. Setting shipping information.';
$successSet[$count]['order_id'] = $data[2];
$successSet[$count]['amount'] = $order->grand_total;
$successSet[$count]['shipping_tracking_number'] = $data[0];
$successSet[$count]['carrier'] = $carrier;
}
$order->shipped = time();
$order->shipping_tracking_number = $data[0];
$order->save();
$s = array_pop($order->shippingmethods);
$sm = new shippingmethod($s->id);
$sm->carrier = $carrier;
$sm->save();
//statuses and email
if (isset($this->params['order_status_success'][0]) && $this->params['order_status_success'][0] > -1) {
$change = new order_status_changes();
// save the changes
$change->from_status_id = $order->order_status_id;
//$change->comment = $this->params['comment'];
$change->to_status_id = $this->params['order_status_success'][0];
$change->orders_id = $order->id;
$change->save();
// update the status of the order
$order->order_status_id = $this->params['order_status_success'][0];
$order->save();
// email the user if we need to
if (!empty($this->params['email_customer'])) {
$email_addy = $order->billingmethod[0]->email;
if (!empty($email_addy)) {
$from_status = $db->selectValue('order_status', 'title', 'id=' . $change->from_status_id);
$to_status = $db->selectValue('order_status', 'title', 'id=' . $change->to_status_id);
$template->assign(array('comment' => $change->comment, 'to_status' => $to_status, 'from_status' => $from_status, 'order' => $order, 'date' => date("F j, Y, g:i a"), 'storename' => ecomconfig::getConfig('storename'), 'include_shipping' => true, 'tracking_link' => $carrierTrackingLink . $order->shipping_tracking_number, 'carrier' => $carrier));
$html = $template->render();
$html .= ecomconfig::getConfig('footer');
try {
$mail = new expMail();
$mail->quickSend(array('html_message' => $html, 'text_message' => str_replace("<br>", "\r\n", $template->render()), 'to' => $email_addy, 'from' => ecomconfig::getConfig('from_address'), 'subject' => 'Your Order Has Been Shipped (#' . $order->invoice_id . ') - ' . ecomconfig::getConfig('storename')));
} catch (Exception $e) {
//do nothing for now
eDebug("Email error:");
eDebug($e);
}
}
//else {
// $errorSet[$count]['message'] .= "<br/>Order " . $data[2] . " was captured successfully, however the email notification was not successful.";
//}
}
}
//eDebug($product);
}
assign_to_template(array('errorSet' => $errorSet, 'successSet' => $successSet));
}
public function confirm_password_reset()
{
global $db;
$db->delete('passreset_token', 'expires < ' . time());
$tok = $db->selectObject('passreset_token', 'uid=' . trim($_GET['uid']) . " AND token='" . preg_replace('/[^A-Za-z0-9]/', '', $_GET['token']) . "'");
if ($tok == null) {
flash('error', gt('Your password reset has expired. Please try again.'));
expHistory::back();
}
// create the password
$newpass = '';
for ($i = 0; $i < rand(12, 20); $i++) {
$num = rand(48, 122);
if ($num > 97 && $num < 122 || $num > 65 && $num < 90 || $num > 48 && $num < 57) {
$newpass .= chr($num);
} else {
$i--;
}
}
// look up the user
$u = new user($tok->uid);
// get the email message body and render it
$email = $template = get_template_for_action($this, 'confirm_password_email', $this->loc);
$email->assign('newpass', $newpass);
$msg = $email->render();
// send the new password to the user
$mail = new expMail();
$mail->quickSend(array('html_message' => $msg, 'to' => trim($u->email), 'from' => SMTP_FROMADDRESS, 'subject' => 'Your new password for ' . HOSTNAME));
// Save new password
$u->update(array('password' => md5($newpass)));
// cleanup the reset token
$db->delete('passreset_token', 'uid=' . $tok->uid);
flash('message', gt('Your new password has been emailed to your email account.'));
// send the user the login page.
redirect_to(array('controller' => 'login', 'action' => 'loginredirect'));
}
function email()
{
global $template, $user;
// setup a template suitable for emailing
$template = get_template_for_action($this, 'email_invoice', $this->loc);
$order = new order($this->params['id']);
$billing = new billing($this->params['id']);
//$css = file_get_contents(BASE.'framework/modules/ecommerce/assets/css/print-invoice.css');
assign_to_template(array('order' => $order, 'shipping' => $order->orderitem[0], 'billing' => $billing));
// build the html and text versions of the message
$html = $template->render();
$txt = strip_tags($html);
// send email invoices to the admins if needed
if (ecomconfig::getConfig('email_invoice') == true) {
$addresses = explode(',', ecomconfig::getConfig('email_invoice_addresses'));
foreach ($addresses as $address) {
$mail = new expMail();
$mail->quickSend(array('html_message' => $html, 'text_message' => $txt, 'to' => trim($address), 'from' => array(ecomconfig::getConfig('from_address') => ecomconfig::getConfig('from_name')), 'subject' => 'An order was placed on the ' . ecomconfig::getConfig('storename')));
}
}
// email the invoice to the user if we need to
if (ecomconfig::getConfig('email_invoice_to_user') == true && !empty($user->email)) {
$usermsg = "<p>" . ecomconfig::getConfig('invoice_msg') . "<p>";
$usermsg .= $html;
$usermsg .= ecomconfig::getConfig('footer');
$mail = new expMail();
$mail->quickSend(array('html_message' => $usermsg, 'text_message' => $txt, 'to' => $user->email, 'from' => array(ecomconfig::getConfig('from_address') => ecomconfig::getConfig('from_name')), 'subject' => ecomconfig::getConfig('invoice_subject')));
}
}
public function signup()
{
global $db;
// check the anti-spam control
expValidator::check_antispam($this->params, gt("Anti-spam verification failed. Please try again."));
// make sure we have what we need.
if (empty($this->params['email'])) {
expQueue::flashAndFlow('error', 'You must supply an email address to sign up for email alerts.');
}
if (empty($this->params['ealerts'])) {
expQueue::flashAndFlow('error', 'You did not select any E-Alert topics to subscribe to.');
}
// find or create the subscriber
$id = $db->selectValue('subscribers', 'id', 'email="' . $this->params['email'] . '"');
$subscriber = new subscribers($id);
if (empty($subscriber->id)) {
$subscriber->email = trim($this->params['email']);
$subscriber->hash = md5($subscriber->email . time());
$subscriber->save();
}
// delete any old subscriptions and add the user to new subscriptions
$db->delete('expeAlerts_subscribers', 'subscribers_id=' . $subscriber->id);
foreach ($this->params['ealerts'] as $ea_id) {
$obj = null;
$obj->subscribers_id = $subscriber->id;
$obj->expeAlerts_id = $ea_id;
$db->insertObject($obj, 'expeAlerts_subscribers');
}
// send a confirmation email to the user.
$ealerts = $db->selectObjects('expeAlerts', 'id IN (' . implode(',', $this->params['ealerts']) . ')');
$body = get_template_for_action($this, 'confirmation_email', $this->loc);
$body->assign('ealerts', $ealerts);
$body->assign('subscriber', $subscriber);
$mail = new expMail();
$mail->quickSend(array('html_message' => $body->render(), 'to' => $subscriber->email, 'from' => SMTP_FROMADDRESS, 'subject' => 'Please confirm your E-Alert subscriptions'));
redirect_to(array('controller' => 'ealert', 'action' => 'pending', 'id' => $subscriber->id));
}
function renderAction(array $parms = array())
{
global $user;
//Get some info about the controller
$baseControllerName = expModules::getControllerName($parms['controller']);
$fullControllerName = expModules::getControllerClassName($parms['controller']);
$controllerClass = new ReflectionClass($fullControllerName);
// Figure out the action to use...if the specified action doesn't exist then
// we look for the index action.
if ($controllerClass->hasMethod($parms['action'])) {
$action = $parms['action'];
/* TODO: Not sure if this needs to be here. FJD
$meth = $controllerClass->getMethod($action);
if ($meth->isPrivate()) expQueue::flashAndFlow('error', 'The requested action could not be performed: Action not found');*/
} elseif ($controllerClass->hasMethod('index')) {
$action = 'index';
} elseif ($controllerClass->hasMethod('showall')) {
$action = 'showall';
} else {
expQueue::flashAndFlow('error', gt('The requested action could not be performed: Action not found'));
}
// initialize the controller.
$src = isset($parms['src']) ? $parms['src'] : null;
$controller = new $fullControllerName($src, $parms);
//Set up the template to use for this action
global $template;
$view = !empty($parms['view']) ? $parms['view'] : $action;
$template = get_template_for_action($controller, $view, $controller->loc);
// have the controller assign knowledge about itself to the template.
// this has to be done after the controller get the template for its actions
$controller->moduleSelfAwareness();
//if this controller is being called by a container then we should have a module title.
if (isset($parms['moduletitle'])) {
$template->assign('moduletitle', $parms['moduletitle']);
}
//setup some default models for this controller's actions to use
foreach ($controller->getModels() as $model) {
$controller->{$model} = new $model(null, false, false);
//added null,false,false to reduce unnecessary queries. FJD
}
// add the $_REQUEST values to the controller <- pb: took this out and passed in the params to the controller constructor above
//$controller->params = $parms;
//check the perms for this action
$perms = $controller->permissions();
//we have to treat the update permission a little different..it's tied to the create/edit
//permissions. Really the only way this will fail will be if someone bypasses the perm check
//on the edit form somehow..like a hacker trying to bypass the form and just submit straight to
//the action. To safeguard, we'll catch if the action is update and change it either to create or
//edit depending on whether an id param is passed to. that should be sufficient.
$common_action = null;
if ($parms['action'] == 'update') {
$perm_action = !isset($parms['id']) || $parms['id'] == 0 ? 'create' : 'edit';
} elseif ($parms['action'] == 'saveconfig') {
$perm_action = 'configure';
} else {
// action convention for controllers that manage more than one model (datatype).
// if you preface the name action name with a common crud action name we can check perms on
// it with the developer needing to specify any...better safe than sorry.
// i.e if the action is edit_mymodel it will be checked against the edit permission
if (stristr($parms['action'], '_')) {
$parts = explode("_", $parms['action']);
}
$common_action = isset($parts[0]) ? $parts[0] : null;
$perm_action = $parms['action'];
}
if (array_key_exists($perm_action, $perms)) {
if (!expPermissions::check($perm_action, $controller->loc)) {
if (expTheme::inAction()) {
flash('error', gt("You don't have permission to") . " " . $perms[$perm_action]);
expHistory::returnTo('viewable');
} else {
return false;
}
}
} elseif (array_key_exists($common_action, $perms)) {
if (!expPermissions::check($common_action, $controller->loc)) {
if (expTheme::inAction()) {
flash('error', gt("You don't have permission to") . " " . $perms[$common_action]);
expHistory::returnTo('viewable');
} else {
return false;
}
}
} elseif (array_key_exists($perm_action, $controller->requires_login)) {
// check if the action requires the user to be logged in
if (!$user->isLoggedIn()) {
$msg = empty($controller->requires_login[$perm_action]) ? gt("You must be logged in to perform this action") : $controller->requires_login[$perm_action];
flash('error', $msg);
expHistory::redirecto_login();
}
} elseif (array_key_exists($common_action, $controller->requires_login)) {
// check if the action requires the user to be logged in
if (!$user->isLoggedIn()) {
$msg = empty($controller->requires_login[$common_action]) ? gt("You must be logged in to perform this action") : $controller->requires_login[$common_action];
flash('error', $msg);
expHistory::redirecto_login();
}
}
// run the action
$controller->{$action}();
//register this controllers permissions to the view for in view perm checks
$template->register_permissions(array_keys($perms), $controller->loc);
// pass this controllers config off to the view
$template->assign('config', $controller->config);
// globalizing $user inside all templates
$template->assign('user', $user);
//assign the controllers basemodel to the view
$template->assign('modelname', $controller->basemodel_name);
if (empty($parms['no_output'])) {
$template->output();
} else {
$html = $template->render();
return $html;
}
//$html = $template->output();
//return $html;
}
