public function pjActionSaveOrder()
 {
     $this->setAjax(true);
     if ($this->isXHR()) {
         $cart = $this->_get('cart');
         $pjOrderModel = pjOrderModel::factory();
         $STORAGE = $_SESSION[$this->defaultStore];
         $FORM = $_SESSION[$this->defaultForm];
         $data = array();
         $data['status'] = $this->option_arr['o_booking_status'];
         $data['price'] = $this->_get('price');
         $data['price_delivery'] = $this->_get('delivery');
         $data['discount'] = $this->_get('discount');
         $data['subtotal'] = $this->_get('subtotal');
         $data['tax'] = $this->_get('tax');
         $data['total'] = $this->_get('total');
         $data['uuid'] = time();
         $data['ip'] = $_SERVER['REMOTE_ADDR'];
         $data['user_id'] = $this->_get('user_id');
         $data['location_id'] = $this->_get('p_location_id');
         switch ($this->_get('type')) {
             case 'pickup':
                 $data['p_dt'] = pjUtil::formatDate($this->_get('p_date'), $this->option_arr['o_date_format']) . " " . $this->_get('p_hour') . ":" . $this->_get('p_minute') . ":00";
                 unset($STORAGE['d_address_1']);
                 unset($STORAGE['d_address_2']);
                 unset($STORAGE['d_country_id']);
                 unset($STORAGE['d_state']);
                 unset($STORAGE['d_city']);
                 unset($STORAGE['d_zip']);
                 unset($STORAGE['d_notes']);
                 unset($STORAGE['d_date']);
                 unset($STORAGE['d_hour']);
                 unset($STORAGE['d_minute']);
                 break;
             case 'delivery':
                 $data['d_dt'] = pjUtil::formatDate($this->_get('d_date'), $this->option_arr['o_date_format']) . " " . $this->_get('d_hour') . ":" . $this->_get('d_minute') . ":00";
                 unset($STORAGE['p_date']);
                 unset($STORAGE['p_hour']);
                 unset($STORAGE['p_minute']);
                 break;
         }
         unset($STORAGE['cart']);
         unset($STORAGE['subtotal']);
         unset($STORAGE['total']);
         unset($STORAGE['delivery']);
         $payment = 'none';
         if (isset($FORM['payment_method'])) {
             if ($FORM['payment_method'] == 'creditcard') {
                 $data['cc_exp'] = $FORM['cc_exp_month'] . "/" . $FORM['cc_exp_year'];
             } else {
                 unset($FORM['cc_type']);
                 unset($FORM['cc_num']);
                 unset($FORM['cc_exp_month']);
                 unset($FORM['cc_exp_year']);
                 unset($FORM['cc_code']);
             }
             $payment = $FORM['payment_method'];
         }
         $is_new_client = false;
         $update_client = false;
         $pjClientModel = pjClientModel::factory();
         $data['client_id'] = ':NULL';
         if ($this->isFrontLogged()) {
             $cnt = $pjClientModel->where('t1.id', $this->getClientId())->findCount()->getData();
             if ($cnt == 0) {
                 $is_new_client = true;
             } else {
                 $update_client = true;
             }
         } else {
             $is_new_client = true;
         }
         if ($is_new_client == true) {
             $c_data = array();
             $c_data['status'] = 'T';
             $c_data['user_id'] = $this->_get('user_id');
             $c_data['c_password'] = pjUtil::getRandomPassword(6);
             $c_data = array_merge($FORM, $c_data);
             $client_id = $pjClientModel->reset()->setAttributes($c_data)->insert()->getInsertId();
             if ($client_id !== false && (int) $client_id > 0) {
                 $data['client_id'] = $client_id;
                 if ($this->isFrontLogged()) {
                     $client = $pjClientModel->reset()->find($client_id)->getData();
                     unset($_SESSION[$this->defaultClient]);
                     $_SESSION[$this->defaultClient] = $client;
                 }
                 pjFront::pjActionConfirmSend($this->option_arr, $c_data, PJ_SALT, 'account');
             }
         }
         if ($update_client == true) {
             if (isset($FORM['update_address'])) {
                 $c_data = array();
                 if (isset($FORM['c_address_1'])) {
                     $c_data['c_address_1'] = $FORM['c_address_1'];
                 }
                 if (isset($FORM['c_address_2'])) {
                     $c_data['c_address_1'] = $FORM['c_address_1'];
                 }
                 if (isset($FORM['c_country'])) {
                     $c_data['c_country'] = $FORM['c_country'];
                 }
                 if (isset($FORM['c_state'])) {
                     $c_data['c_state'] = $FORM['c_state'];
                 }
                 if (isset($FORM['c_city'])) {
                     $c_data['c_city'] = $FORM['c_city'];
                 }
                 if (isset($FORM['c_zip'])) {
                     $c_data['c_zip'] = $FORM['c_zip'];
                 }
                 $pjClientModel->reset()->where('id', $this->getClientId())->limit(1)->modifyAll($c_data);
             }
             if (isset($FORM['update_details'])) {
                 $c_data = array();
                 if (isset($FORM['c_title'])) {
                     $c_data['c_title'] = $FORM['c_title'];
                 }
                 if (isset($FORM['c_name'])) {
                     $c_data['c_name'] = $FORM['c_name'];
                 }
                 if (isset($FORM['c_email'])) {
                     $c_data['c_email'] = $FORM['c_email'];
                 }
                 if (isset($FORM['c_phone'])) {
                     $c_data['c_phone'] = $FORM['c_phone'];
                 }
                 if (isset($FORM['c_company'])) {
                     $c_data['c_company'] = $FORM['c_company'];
                 }
                 if (isset($FORM['c_notes'])) {
                     $c_data['c_notes'] = $FORM['c_notes'];
                 }
                 $pjClientModel->reset()->where('id', $this->getClientId())->limit(1)->modifyAll($c_data);
             }
             $client = $pjClientModel->reset()->find($this->getClientId())->getData();
             unset($_SESSION[$this->defaultClient]);
             $_SESSION[$this->defaultClient] = $client;
             $data['client_id'] = $this->getClientId();
         }
         $data = array_merge($STORAGE, $FORM, $data);
         $order_id = $pjOrderModel->setAttributes($data)->insert()->getInsertId();
         if ($order_id !== false && (int) $order_id > 0) {
             $pjOrderItemModel = pjOrderItemModel::factory();
             $pjProductPriceModel = pjProductPriceModel::factory();
             $pjProductModel = pjProductModel::factory();
             $pjExtraModel = pjExtraModel::factory();
             foreach ($cart as $item) {
                 $price_id = ':NULL';
                 $price = 0;
                 if (!empty($item['price_id'])) {
                     $price_arr = $pjProductPriceModel->find($item['price_id'])->getData();
                     if ($price_arr) {
                         $price_id = $price_arr['id'];
                         $price = $price_arr['price'];
                     }
                 } else {
                     $price_arr = $pjProductModel->reset()->find($item['product_id'])->getData();
                     if (!empty($price_arr)) {
                         $price = $price_arr['price'];
                     }
                 }
                 $hash = md5(uniqid(rand(), true));
                 $oid = $pjOrderItemModel->reset()->setAttributes(array('order_id' => $order_id, 'foreign_id' => $item['product_id'], 'type' => 'product', 'price_id' => $price_id, 'price' => $price, 'hash' => $hash, 'cnt' => $item['cnt']))->insert();
                 foreach ($item['extras'] as $extra_id => $extra_cnt) {
                     if ($extra_cnt > 0) {
                         $extra_price = 0;
                         $extra_arr = $pjExtraModel->reset()->find($extra_id)->getData();
                         if (!empty($extra_arr) && !empty($extra_arr['price'])) {
                             $extra_price = $extra_arr['price'];
                         }
                         $pjOrderItemModel->reset()->setAttributes(array('order_id' => $order_id, 'foreign_id' => $extra_id, 'type' => 'extra', 'price_id' => ':NULL', 'price' => $extra_price, 'hash' => $hash, 'cnt' => $extra_cnt))->insert();
                     }
                 }
             }
             $order_arr = $pjOrderModel->reset()->join('pjClient', "t2.id=t1.client_id", 'left outer')->select('t1.*, t2.c_title, t2.c_email, t2.c_name, t2.c_phone, t2.c_company, t2.c_address_1, t2.c_address_2, t2.c_country, t2.c_state, t2.c_city, t2.c_zip, t2.c_notes')->find($order_id)->getData();
             $pdata = array();
             $pdata['order_id'] = $order_id;
             $pdata['payment_method'] = $payment;
             $pdata['payment_type'] = 'online';
             $pdata['amount'] = $order_arr['total'];
             $pdata['status'] = 'notpaid';
             pjOrderPaymentModel::factory()->setAttributes($pdata)->insert();
             pjAppController::addOrderDetails($order_arr, $this->getLocaleId());
             pjFront::pjActionConfirmSend($this->option_arr, $order_arr, PJ_SALT, 'confirm');
             unset($_SESSION[$this->defaultStore]);
             unset($_SESSION[$this->defaultForm]);
             unset($_SESSION[$this->defaultClient]);
             //Redirect to Credit card payment url.
             if ($payment == 'creditcard') {
                 $cardData = $_SESSION['cardData'];
                 $params = 'amount=' . base64_encode($cardData['total']) . '&oid=' . $cardData['clover_order_id'] . '&mid=' . $cardData['clover_mid'] . '&at=' . $cardData['clover_access_token'] . '&uid=' . base64_encode($cardData['o_user_id']) . '&mname=' . base64_encode($cardData['o_m_name']);
                 $url = PJ_INSTALL_URL . 'payment/creditcard.php?' . $params;
                 $json = array('code' => 200, 'text' => '', 'order_id' => $order_id, 'payment' => $payment, 'path' => $url);
             } else {
                 $json = array('code' => 200, 'text' => '', 'order_id' => $order_id, 'payment' => $payment, 'path' => 'cash');
             }
         } else {
             $json = array('code' => 100, 'text' => '');
         }
         pjAppController::jsonResponse($json);
     }
 }
 public function pjActionCreate()
 {
     $this->checkLogin();
     if ($this->isAdmin() || $this->isEditor()) {
         if (isset($_POST['order_create'])) {
             $pjOrderModel = pjOrderModel::factory();
             $data = array();
             $data['uuid'] = time();
             $data['ip'] = pjUtil::getClientIp();
             if (!isset($_POST['client_id']) || isset($_POST['client_id']) && $_POST['client_id'] == '') {
                 $c_data = array();
                 $c_data['c_title'] = isset($_POST['c_title']) ? $_POST['c_title'] : ':NULL';
                 $c_data['c_name'] = isset($_POST['c_name']) ? $_POST['c_name'] : ':NULL';
                 $c_data['c_email'] = isset($_POST['c_email']) ? $_POST['c_email'] : ':NULL';
                 $c_data['c_password'] = pjUtil::getRandomPassword(6);
                 $c_data['c_phone'] = isset($_POST['c_phone']) ? $_POST['c_phone'] : ':NULL';
                 $c_data['c_address_1'] = isset($_POST['c_address_1']) ? $_POST['c_address_1'] : ':NULL';
                 $c_data['c_address_2'] = isset($_POST['c_address_2']) ? $_POST['c_address_2'] : ':NULL';
                 $c_data['c_city'] = isset($_POST['c_city']) ? $_POST['c_city'] : ':NULL';
                 $c_data['c_state'] = isset($_POST['c_state']) ? $_POST['c_state'] : ':NULL';
                 $c_data['c_zip'] = isset($_POST['c_zip']) ? $_POST['c_zip'] : ':NULL';
                 $c_data['c_country'] = isset($_POST['c_country']) ? $_POST['c_country'] : ':NULL';
                 $c_data['status'] = 'T';
                 if ($c_data['c_email'] != ':NULL') {
                     $pjClientModel = pjClientModel::factory();
                     $client_id = $pjClientModel->setAttributes($c_data)->insert()->getInsertId();
                     if ($client_id !== false && (int) $client_id > 0) {
                         $data['client_id'] = $client_id;
                         $client_arr = $pjClientModel->reset()->find($client_id)->getData();
                         $tokens = pjAppController::getClientTokens($this->option_arr, $client_arr, PJ_SALT, $this->getLocaleId());
                         $pjMultiLangModel = pjMultiLangModel::factory();
                         $lang_message = $pjMultiLangModel->reset()->select('t1.*')->where('t1.model', 'pjOption')->where('t1.locale', $this->getLocaleId())->where('t1.field', 'o_email_account_message')->limit(0, 1)->findAll()->getData();
                         $lang_subject = $pjMultiLangModel->reset()->select('t1.*')->where('t1.model', 'pjOption')->where('t1.locale', $this->getLocaleId())->where('t1.field', 'o_email_account_subject')->limit(0, 1)->findAll()->getData();
                         if (count($lang_message) === 1 && count($lang_subject) === 1) {
                             $message = str_replace($tokens['search'], $tokens['replace'], $lang_message[0]['content']);
                             $Email = new pjEmail();
                             if ($this->option_arr['o_send_email'] == 'smtp') {
                                 $Email->setTransport('smtp')->setSmtpHost($this->option_arr['o_smtp_host'])->setSmtpPort($this->option_arr['o_smtp_port'])->setSmtpUser($this->option_arr['o_smtp_user'])->setSmtpPass($this->option_arr['o_smtp_pass']);
                             }
                             $Email->setContentType('text/html');
                             $Email->setTo($c_data['c_email'])->setFrom($this->getAdminEmail())->setSubject($lang_subject[0]['content'])->send(pjUtil::textToHtml($message));
                         }
                     }
                 }
             }
             switch ($_POST['type']) {
                 case 'pickup':
                     if (!empty($_POST['p_dt'])) {
                         $date_time = $_POST['p_dt'];
                         if (count(explode(" ", $date_time)) == 3) {
                             list($_date, $_time, $_period) = explode(" ", $date_time);
                             $time = pjUtil::formatTime($_time . ' ' . $_period, $this->option_arr['o_time_format']);
                         } else {
                             list($_date, $_time) = explode(" ", $date_time);
                             $time = pjUtil::formatTime($_time, $this->option_arr['o_time_format']);
                         }
                         unset($_POST['p_dt']);
                         $data['p_dt'] = pjUtil::formatDate($_date, $this->option_arr['o_date_format']) . ' ' . $time;
                     }
                     if (isset($_POST['p_location_id']) && (int) $_POST['p_location_id'] > 0) {
                         $data['location_id'] = $_POST['p_location_id'];
                     }
                     break;
                 case 'delivery':
                     if (!empty($_POST['d_dt'])) {
                         $date_time = $_POST['d_dt'];
                         if (count(explode(" ", $date_time)) == 3) {
                             list($_date, $_time, $_period) = explode(" ", $date_time);
                             $time = pjUtil::formatTime($_time . ' ' . $_period, $this->option_arr['o_time_format']);
                         } else {
                             list($_date, $_time) = explode(" ", $date_time);
                             $time = pjUtil::formatTime($_time, $this->option_arr['o_time_format']);
                         }
                         unset($_POST['d_dt']);
                         $data['d_dt'] = pjUtil::formatDate($_date, $this->option_arr['o_date_format']) . ' ' . $time;
                     }
                     if (isset($_POST['d_location_id']) && (int) $_POST['d_location_id'] > 0) {
                         $data['location_id'] = $_POST['d_location_id'];
                     }
                     break;
             }
             if ($_POST['payment_method'] == 'creditcard') {
                 $data['cc_exp'] = $_POST['cc_exp_month'] . "/" . $_POST['cc_exp_year'];
             }
             $id = pjOrderModel::factory(array_merge($_POST, $data))->insert()->getInsertId();
             if ($id !== false && (int) $id > 0) {
                 if (isset($_POST['product_id']) && count($_POST['product_id']) > 0) {
                     $pjOrderItemModel = pjOrderItemModel::factory();
                     $pjProductPriceModel = pjProductPriceModel::factory();
                     $pjProductModel = pjProductModel::factory();
                     $pjExtraModel = pjExtraModel::factory();
                     foreach ($_POST['product_id'] as $k => $pid) {
                         $product = $pjProductModel->reset()->find($pid)->getData();
                         if (strpos($k, 'new_') === 0) {
                             $price = 0;
                             $price_id = ":NULL";
                             if ($product['set_different_sizes'] == 'T') {
                                 $price_id = $_POST['price_id'][$k];
                                 $price_arr = $pjProductPriceModel->reset()->find($price_id)->getData();
                                 if ($price_arr) {
                                     $price = $price_arr['price'];
                                 }
                             } else {
                                 $price = $product['price'];
                             }
                             $hash = md5(uniqid(rand(), true));
                             $oid = $pjOrderItemModel->reset()->setAttributes(array('order_id' => $id, 'foreign_id' => $pid, 'type' => 'product', 'hash' => $hash, 'price_id' => $price_id, 'price' => $price, 'cnt' => $_POST['cnt'][$k]))->insert()->getInsertId();
                             if ($oid !== false && (int) $oid > 0) {
                                 if (isset($_POST['extra_id']) && isset($_POST['extra_id'][$k])) {
                                     foreach ($_POST['extra_id'][$k] as $i => $eid) {
                                         $extra_price = 0;
                                         $extra_arr = $pjExtraModel->reset()->find($eid)->getData();
                                         if (!empty($extra_arr) && !empty($extra_arr['price'])) {
                                             $extra_price = $extra_arr['price'];
                                         }
                                         $pjOrderItemModel->reset()->setAttributes(array('order_id' => $id, 'foreign_id' => $eid, 'type' => 'extra', 'hash' => $hash, 'price_id' => ':NULL', 'price' => $extra_price, 'cnt' => $_POST['extra_cnt'][$k][$i]))->insert();
                                     }
                                 }
                             }
                         }
                     }
                 }
                 $err = 'AR03';
             } else {
                 $err = 'AR04';
             }
             pjUtil::redirect(PJ_INSTALL_URL . "index.php?controller=pjAdminOrders&action=pjActionIndex&err={$err}");
         } else {
             $country_arr = pjCountryModel::factory()->select('t1.id, t2.content AS country_title')->join('pjMultiLang', "t2.model='pjCountry' AND t2.foreign_id=t1.id AND t2.field='name' AND t2.locale='" . $this->getLocaleId() . "'", 'left outer')->orderBy('`country_title` ASC')->findAll()->getData();
             $this->set('country_arr', $country_arr);
             $product_arr = pjProductModel::factory()->join('pjMultiLang', "t2.foreign_id = t1.id AND t2.model = 'pjProduct' AND t2.locale = '" . $this->getLocaleId() . "' AND t2.field = 'name'", 'left')->select("t1.*, t2.content AS name")->orderBy("name ASC")->findAll()->getData();
             $this->set('product_arr', $product_arr);
             $location_arr = pjLocationModel::factory()->join('pjMultiLang', "t2.foreign_id = t1.id AND t2.model = 'pjLocation' AND t2.locale = '" . $this->getLocaleId() . "' AND t2.field = 'name'", 'left')->select("t1.*, t2.content AS name")->orderBy("name ASC")->findAll()->getData();
             $this->set('location_arr', $location_arr);
             $client_arr = pjClientModel::factory()->where('t1.status', 'T')->orderBy('t1.c_name ASC')->findAll()->getData();
             $this->set('client_arr', $client_arr);
             $this->appendJs('chosen.jquery.js', PJ_THIRD_PARTY_PATH . 'harvest/chosen/');
             $this->appendCss('chosen.css', PJ_THIRD_PARTY_PATH . 'harvest/chosen/');
             $this->appendJs('jquery-ui-sliderAccess.js', PJ_THIRD_PARTY_PATH . 'timepicker/');
             $this->appendJs('jquery-ui-timepicker-addon.js', PJ_THIRD_PARTY_PATH . 'timepicker/');
             $this->appendCss('jquery-ui-timepicker-addon.css', PJ_THIRD_PARTY_PATH . 'timepicker/');
             $this->appendJs('jquery.validate.min.js', PJ_THIRD_PARTY_PATH . 'validate/');
             $this->appendJs('pjAdminOrders.js');
         }
     } else {
         $this->set('status', 2);
     }
 }
 public function pjActionSetConfig()
 {
     $this->setAjax(true);
     if ($this->isXHR()) {
         if (!self::pjActionCheckConfig(false)) {
             pjAppController::jsonResponse(array('code' => 107, 'text' => 'Product is already installed. If you need to re-install it empty app/config/config.inc.php file.'));
         }
         $resp = array();
         $sample = 'app/config/config.sample.php';
         $filename = 'app/config/config.inc.php';
         ob_start();
         readfile($sample);
         $string = ob_get_contents();
         ob_end_clean();
         if ($string === FALSE) {
             $resp['code'] = 100;
             $resp['text'] = "An error occurs while reading 'app/config/config.sample.php'";
         } else {
             if (!self::pjActionCheckVars()) {
                 pjAppController::jsonResponse(array('status' => 'ERR', 'code' => 108, 'text' => 'Missing, empty or invalid parameters.'));
             }
             $string = str_replace('[hostname]', $_SESSION[$this->defaultInstaller]['hostname'], $string);
             $string = str_replace('[username]', $_SESSION[$this->defaultInstaller]['username'], $string);
             $string = str_replace('[password]', str_replace(array('$'), array('\\$'), $_SESSION[$this->defaultInstaller]['password']), $string);
             $string = str_replace('[database]', $_SESSION[$this->defaultInstaller]['database'], $string);
             $string = str_replace('[prefix]', $_SESSION[$this->defaultInstaller]['prefix'], $string);
             $string = str_replace('[install_folder]', $_SESSION[$this->defaultInstaller]['install_folder'], $string);
             $string = str_replace('[install_path]', $_SESSION[$this->defaultInstaller]['install_path'], $string);
             $string = str_replace('[install_url]', $_SESSION[$this->defaultInstaller]['install_url'], $string);
             $string = str_replace('[salt]', pjUtil::getRandomPassword(8), $string);
             $Http = new pjHttp();
             $Http->request(base64_decode("aHR0cDovL3N1cHBvcnQuc3RpdmFzb2Z0LmNvbS8=") . 'index.php?controller=Api&action=getInstall' . "&key=" . urlencode($_SESSION[$this->defaultInstaller]['license_key']) . "&modulo=" . urlencode(PJ_RSA_MODULO) . "&private=" . urlencode(PJ_RSA_PRIVATE) . "&server_name=" . urlencode($_SERVER['SERVER_NAME']));
             $response = $Http->getResponse();
             $output = unserialize($response);
             if (isset($output['hash']) && isset($output['code']) && $output['code'] == 200) {
                 $string = str_replace('[pj_installation]', $output['hash'], $string);
                 if (is_writable($filename)) {
                     if (!($handle = @fopen($filename, 'wb'))) {
                         $resp['code'] = 103;
                         $resp['text'] = "'app/config/config.inc.php' open fails";
                     } else {
                         if (fwrite($handle, $string) === FALSE) {
                             $resp['code'] = 102;
                             $resp['text'] = "An error occurs while writing to 'app/config/config.inc.php'";
                         } else {
                             fclose($handle);
                             $resp['code'] = 200;
                         }
                     }
                 } else {
                     $resp['code'] = 101;
                     $resp['text'] = "'app/config/config.inc.php' do not exists or not writable";
                 }
             } else {
                 $resp['code'] = 104;
                 $resp['text'] = "Security vulnerability detected";
             }
         }
         pjAppController::jsonResponse($resp);
     }
     exit;
 }