SMShopValidateField($dsDef, $prop, $val);
if ($dsDef["Fields"][$prop]["DataType"] === "string") {
$props[$prop] = strip_tags($val);
}
}
foreach ($match !== null ? $match : array() as $m) {
SMShopValidateField($dsDef, $m["Field"], $m["Value"]);
if ($m["Operator"] !== "=" && $m["Operator"] !== "!=" && $m["Operator"] !== "<" && $m["Operator"] !== "<=" && $m["Operator"] !== ">" && $m["Operator"] !== ">=") {
header("HTTP/1.1 500 Internal Server Error");
echo "Match operator '" . $m["Operator"] . "' is not supported";
exit;
}
}
// Initialize data source
$ds = new SMDataSource($dataSourceName);
if ($ds->GetDataSourceType() === SMDataSourceType::$Xml && $dsDef["XmlTimeOut"] > 0) {
// Notice: Server configuration could potentially prevent this value from being changed,
// in which case a timeout may occure if huge amounts of data is contained in DataSource,
// and the server has limited resources.
set_time_limit($dsDef["XmlTimeOut"]);
// Make sure a potentially large XML based DataSource have sufficient time to process data
}
if ($ds->GetDataSourceType() === SMDataSourceType::$Xml && $dsDef["XmlMemoryRequired"] > 0) {
$mem = $dsDef["XmlMemoryRequired"];
// Notice: Server configuration could potentially prevent this value from being changed (e.g. using Suhosin), in which
// case problems may occure if huge amounts of data is contained in DataSource, and the server has limited resources.
$res = ini_set("memory_limit", $mem . "M");
// Make sure a potentially large XML based DataSource have sufficient memory to process data
if ($res === false && $mem >= 128) {
$mem = $mem / 2;
$res = ini_set("memory_limit", $mem . "M");
function SMShopProcessNewOrder(SMKeyValueCollection $order)
{
// Variables
$eDs = new SMDataSource("SMShopOrderEntries");
$pDs = new SMDataSource("SMShopProducts");
$products = null;
$product = null;
$discount = 0;
$discountExpression = null;
$expr = null;
$price = 0;
$priceTotal = 0;
$vatTotal = 0;
$currency = null;
$weightTotal = 0;
$weightUnit = null;
$shippingExpense = 0;
$shippingVat = 0;
// Load order entries
if ($eDs->GetDataSourceType() === SMDataSourceType::$Xml) {
$eDs->Lock();
}
$entries = $eDs->Select("*", "OrderId = '" . $eDs->Escape($order["Id"]) . "'");
// Ensure that order has order entries associated
if (count($entries) === 0) {
header("HTTP/1.1 500 Internal Server Error");
echo "Inconsistent order - no associated order entries found (must be created first)";
exit;
}
// Obtain new order ID (order was created with a temporary ID (GUID) generated client side)
SMAttributes::Lock();
// Prevent two sessions from obtaining the same Order ID
SMAttributes::Reload(false);
// No data will be lost when reloading attributes from a callback since no extensions are being executed
$orderIdStr = SMAttributes::GetAttribute("SMShopNextOrderId");
$orderId = $orderIdStr !== null ? (int) $orderIdStr : 1;
SMAttributes::SetAttribute("SMShopNextOrderId", (string) ($orderId + 1));
SMAttributes::Commit();
// Also releases lock
// Loop through order entries to extract currency, calculate
// discounts/totals/VAT, and update entries with these information.
foreach ($entries as $entry) {
// Get product associated with entry
$products = $pDs->Select("*", "Id = '" . $entry["ProductId"] . "'");
if (count($products) === 0) {
header("HTTP/1.1 500 Internal Server Error");
echo "Product with ID '" . $entry["ProductId"] . "' has been removed";
exit;
}
$product = $products[0];
// Make sure all products are defined with the same currency and weight unit
$currency = $currency !== null ? $currency : $product["Currency"];
if ($currency !== $product["Currency"]) {
header("HTTP/1.1 500 Internal Server Error");
echo "Buying products with different currencies is not supported";
exit;
}
$weightUnit = $weightUnit !== null ? $weightUnit : $product["WeightUnit"];
if ($weightUnit !== $product["WeightUnit"]) {
header("HTTP/1.1 500 Internal Server Error");
echo "Buying products with different weight units is not supported";
exit;
}
// Get discount expression
$discount = 0;
$discountExpression = $product["DiscountExpression"];
if ($discountExpression !== "") {
// Security validation
//$discountExpression = preg_replace("/Math\\.[a-z]+/i", "", $discountExpression);
$discountExpression = preg_replace("/ |[0-9]|\\*|\\+|\\-|\\/|=|&|\\||!|\\.|:|\\(|\\)|>|<|\\?|true|false/", "", $discountExpression);
$discountExpression = preg_replace("/units|price|vat|currency|weight|weightunit/", "", $discountExpression);
if ($discountExpression !== "") {
header("HTTP/1.1 500 Internal Server Error");
echo "Invalid and potentially insecure DiscountExpression detected";
exit;
}
// Make variables available to discount expression
$expr = "";
$expr .= "\nunits = " . $entry["Units"] . ";";
$expr .= "\nprice = " . $product["Price"] . ";";
$expr .= "\nvat = " . $product["Vat"] . ";";
$expr .= "\ncurrency = \"" . $product["Currency"] . "\";";
$expr .= "\nweight = " . $product["Weight"] . ";";
$expr .= "\nweightunit = \"" . $product["WeightUnit"] . "\";";
$expr .= "\nreturn (" . $product["DiscountExpression"] . ");";
// Turn JS variables into PHP compliant variables
$expr = str_replace("units", "\$units", $expr);
$expr = str_replace("price", "\$price", $expr);
$expr = str_replace("vat", "\$vat", $expr);
$expr = str_replace("currency", "\$currency", $expr);
$expr = str_replace("weight", "\$weight", $expr);
// $weight AND $weightunit (both starts with "weight")
// Evaluate discount expression, and calculate price and VAT
$discount = eval($expr);
if (is_numeric($discount) === false) {
header("HTTP/1.1 500 Internal Server Error");
echo "DiscountExpression did not result in a valid numeric value";
exit;
}
}
// Totals
$price = (int) $entry["Units"] * (double) $product["Price"] - $discount;
$priceTotal += $price;
$vatTotal += $price * ((double) $product["Vat"] / 100);
$weightTotal += (int) $entry["Units"] * (double) $product["Weight"];
// Update entry
$entry["OrderId"] = (string) $orderId;
$entry["UnitPrice"] = $product["Price"];
$entry["Vat"] = $product["Vat"];
$entry["Currency"] = $product["Currency"];
$entry["Discount"] = (string) $discount;
$entry["DiscountMessage"] = $discount !== 0 ? $product["DiscountMessage"] : "";
$eDs->Update($entry, "Id = '" . $eDs->Escape($entry["Id"]) . "'");
}
$eDs->Commit();
// Calculate shipping expense
$shippingExpenseExpression = SMAttributes::GetAttribute("SMShopShippingExpenseExpression");
$shippingExpenseVatPercentage = SMAttributes::GetAttribute("SMShopShippingExpenseVat");
$shippingExpenseMessage = SMAttributes::GetAttribute("SMShopShippingExpenseMessage");
if ($shippingExpenseExpression !== null && $shippingExpenseExpression !== "") {
// Security validation
$shippingExpenseExpression = preg_replace("/ |[0-9]|\\*|\\+|\\-|\\/|=|&|\\||!|\\.|:|\\(|\\)|>|<|\\?|true|false/", "", $shippingExpenseExpression);
$shippingExpenseExpression = preg_replace("/price|vat|currency|weight|weightunit/", "", $shippingExpenseExpression);
if ($shippingExpenseExpression !== "") {
header("HTTP/1.1 500 Internal Server Error");
echo "Invalid and potentially insecure ShippingExpenseExpression detected";
exit;
}
// Make variables available to discount expression
$expr = "";
$expr .= "\nprice = " . $priceTotal . ";";
$expr .= "\nvat = " . $vatTotal . ";";
$expr .= "\ncurrency = \"" . $currency . "\";";
$expr .= "\nweight = " . $weightTotal . ";";
$expr .= "\nweightunit = \"" . $weightUnit . "\";";
$expr .= "\nreturn (" . SMAttributes::GetAttribute("SMShopShippingExpenseExpression") . ");";
// Turn JS variables into PHP compliant variables
$expr = str_replace("price", "\$price", $expr);
$expr = str_replace("vat", "\$vat", $expr);
$expr = str_replace("currency", "\$currency", $expr);
$expr = str_replace("weight", "\$weight", $expr);
// $weight AND $weightunit (both starts with "weight")
// Evaluate shipping expense expression
$shippingExpense = eval($expr);
if (is_numeric($shippingExpense) === false) {
header("HTTP/1.1 500 Internal Server Error");
echo "ShippingExpenseExpression did not result in a valid numeric value";
exit;
}
$priceTotal += $shippingExpense;
if ($shippingExpenseVatPercentage !== null && $shippingExpenseVatPercentage !== "") {
$shippingVat = $shippingExpense * ((double) $shippingExpenseVatPercentage / 100);
$vatTotal += $shippingVat;
}
}
// Update order details
$order["Id"] = (string) $orderId;
$order["Price"] = (string) $priceTotal;
$order["Vat"] = (string) $vatTotal;
$order["Currency"] = $currency;
$order["Weight"] = (string) $weightTotal;
$order["WeightUnit"] = $weightUnit;
$order["ShippingExpense"] = (string) $shippingExpense;
$order["ShippingVat"] = (string) $shippingVat;
$order["ShippingMessage"] = $shippingExpenseMessage !== null ? $shippingExpenseMessage : "";
$order["TransactionId"] = "";
$order["State"] = "Initial";
}
