/** * the first thing after checkout. * */ public function preprocess() { //eDebug($this->params,true); global $order, $user, $db; //eDebug($_POST, true); // get the shippnig and billing objects, these objects handle the setting up the billing/shipping methods // and their calculators $shipping = new shipping(); $billing = new billing(); // since we're skipping the billing method selection, do it here $billing->billingmethod->update($this->params); //this is just dumb. it doesn't update the object, refresh doesn't work, and I'm tired $billing = new billing(); if (!$user->isLoggedIn()) { flash('message', gt("It appears that your session has expired. Please log in to continue the checkout process.")); expHistory::redirecto_login(makeLink(array('module' => 'cart', 'action' => 'checkout'), 'secure')); } // Make sure all the pertanent data is there...otherwise flash an error and redirect to the checkout form. if (empty($order->orderitem)) { flash('error', gt('There are no items in your cart.')); } if (empty($shipping->calculator->id) && !$shipping->splitshipping) { flash('error', gt('You must pick a shipping method')); } if (empty($shipping->address->id) && !$shipping->splitshipping) { flash('error', gt('You must pick a shipping address')); } if (empty($billing->calculator->id)) { flash('error', gt('You must pick a billing method')); } if (empty($billing->address->id)) { flash('error', gt('You must select a billing address')); } // make sure all the methods picked for shipping meet the requirements foreach ($order->getShippingMethods() as $smid) { $sm = new shippingmethod($smid); $calcname = $db->selectValue('shippingcalculator', 'calculator_name', 'id=' . $sm->shippingcalculator_id); $calc = new $calcname($sm->shippingcalculator_id); $ret = $calc->meetsCriteria($sm); if (is_string($ret)) { flash('error', $ret); } } // if we encounterd any errors we will return to the checkout page and show the errors if (!expQueue::isQueueEmpty('error')) { redirect_to(array('controller' => 'cart', 'action' => 'checkout')); } // get the billing options..this is usually the credit card info entered by the user $opts = $billing->calculator->userFormUpdate($this->params); //$billing->calculator->preprocess($this->params); //eDebug($opts); expSession::set('billing_options', $opts); //$o = expSession::get('billing_options'); //eDebug($o,true); //eDebug($this->params,true); //this should probably be genericized a bit more - currently assuming order_type parameter is present, or defaults //eDebug($order->getDefaultOrderType(),true); $order->setOrderType($this->params); $order->setOrderStatus($this->params); //eDebug($order,true); // final the cart totals $order->calculateGrandTotal(); //eDebug($order,true); // call the billing mehod's preprocess in case it needs to prepare things. // eDebug($billing); $result = $billing->calculator->preprocess($billing->billingmethod, $opts, $this->params, $order); // once in a while it appears the payment processor will return a nullo value in the errorCode field // which the previous check takes as a TRUE, as 0, null, and empty will all equate out the same using the == // adding the === will specifically test for a 0 and only a 0, which is what we want if (empty($result->errorCode)) { redirect_to(array('controller' => 'cart', 'action' => 'confirm')); } else { flash('error', gt('An error was encountered while processing your transaction.') . '<br /><br />' . $result->message); expHistory::back(); } }
function renderAction(array $parms = array()) { global $user; //Get some info about the controller $baseControllerName = expModules::getControllerName($parms['controller']); $fullControllerName = expModules::getControllerClassName($parms['controller']); $controllerClass = new ReflectionClass($fullControllerName); // Figure out the action to use...if the specified action doesn't exist then // we look for the index action. if ($controllerClass->hasMethod($parms['action'])) { $action = $parms['action']; /* TODO: Not sure if this needs to be here. FJD $meth = $controllerClass->getMethod($action); if ($meth->isPrivate()) expQueue::flashAndFlow('error', 'The requested action could not be performed: Action not found');*/ } elseif ($controllerClass->hasMethod('index')) { $action = 'index'; } elseif ($controllerClass->hasMethod('showall')) { $action = 'showall'; } else { expQueue::flashAndFlow('error', gt('The requested action could not be performed: Action not found')); } // initialize the controller. $src = isset($parms['src']) ? $parms['src'] : null; $controller = new $fullControllerName($src, $parms); //Set up the template to use for this action global $template; $view = !empty($parms['view']) ? $parms['view'] : $action; $template = get_template_for_action($controller, $view, $controller->loc); // have the controller assign knowledge about itself to the template. // this has to be done after the controller get the template for its actions $controller->moduleSelfAwareness(); //if this controller is being called by a container then we should have a module title. if (isset($parms['moduletitle'])) { $template->assign('moduletitle', $parms['moduletitle']); } //setup some default models for this controller's actions to use foreach ($controller->getModels() as $model) { $controller->{$model} = new $model(null, false, false); //added null,false,false to reduce unnecessary queries. FJD } // add the $_REQUEST values to the controller <- pb: took this out and passed in the params to the controller constructor above //$controller->params = $parms; //check the perms for this action $perms = $controller->permissions(); //we have to treat the update permission a little different..it's tied to the create/edit //permissions. Really the only way this will fail will be if someone bypasses the perm check //on the edit form somehow..like a hacker trying to bypass the form and just submit straight to //the action. To safeguard, we'll catch if the action is update and change it either to create or //edit depending on whether an id param is passed to. that should be sufficient. $common_action = null; if ($parms['action'] == 'update') { $perm_action = !isset($parms['id']) || $parms['id'] == 0 ? 'create' : 'edit'; } elseif ($parms['action'] == 'saveconfig') { $perm_action = 'configure'; } else { // action convention for controllers that manage more than one model (datatype). // if you preface the name action name with a common crud action name we can check perms on // it with the developer needing to specify any...better safe than sorry. // i.e if the action is edit_mymodel it will be checked against the edit permission if (stristr($parms['action'], '_')) { $parts = explode("_", $parms['action']); } $common_action = isset($parts[0]) ? $parts[0] : null; $perm_action = $parms['action']; } if (array_key_exists($perm_action, $perms)) { if (!expPermissions::check($perm_action, $controller->loc)) { if (expTheme::inAction()) { flash('error', gt("You don't have permission to") . " " . $perms[$perm_action]); expHistory::returnTo('viewable'); } else { return false; } } } elseif (array_key_exists($common_action, $perms)) { if (!expPermissions::check($common_action, $controller->loc)) { if (expTheme::inAction()) { flash('error', gt("You don't have permission to") . " " . $perms[$common_action]); expHistory::returnTo('viewable'); } else { return false; } } } elseif (array_key_exists($perm_action, $controller->requires_login)) { // check if the action requires the user to be logged in if (!$user->isLoggedIn()) { $msg = empty($controller->requires_login[$perm_action]) ? gt("You must be logged in to perform this action") : $controller->requires_login[$perm_action]; flash('error', $msg); expHistory::redirecto_login(); } } elseif (array_key_exists($common_action, $controller->requires_login)) { // check if the action requires the user to be logged in if (!$user->isLoggedIn()) { $msg = empty($controller->requires_login[$common_action]) ? gt("You must be logged in to perform this action") : $controller->requires_login[$common_action]; flash('error', $msg); expHistory::redirecto_login(); } } // run the action $controller->{$action}(); //register this controllers permissions to the view for in view perm checks $template->register_permissions(array_keys($perms), $controller->loc); // pass this controllers config off to the view $template->assign('config', $controller->config); // globalizing $user inside all templates $template->assign('user', $user); //assign the controllers basemodel to the view $template->assign('modelname', $controller->basemodel_name); if (empty($parms['no_output'])) { $template->output(); } else { $html = $template->render(); return $html; } //$html = $template->output(); //return $html; }