/**
* Removes service parameters from URL
* @param string $url URL
* @return string clean URL
*/
function fn_url_remove_service_params($url)
{
$params = array('is_ajax', 'callback', 'full_render', 'result_ids', 'init_context', 'skip_result_ids_check', 'anchor', Session::getName());
array_unshift($params, $url);
return call_user_func_array('fn_query_remove', $params);
}
} elseif ($mode == 'finish') {
$order_info = fn_get_order_info($order_id);
if ($order_info['status'] == 'O') {
$pp_response = array();
$pp_response['order_status'] = 'F';
$pp_response['reason_text'] = __('merchant_response_was_not_received');
$pp_response['transaction_id'] = '';
fn_finish_payment($order_id, $pp_response);
}
fn_order_placement_routines('route', $order_id, false);
}
}
} else {
$current_location = Registry::get('config.current_location');
$lang_code = CART_LANGUAGE == 'th' ? 'TH' : 'EN';
$sess = '&' . Session::getName() . '=' . Session::getId();
$_SESSION['thaiepay_refno'] = $order_id;
$return_url = fn_url("payment_notification.finish?payment=thaiepay&refno={$order_id}{$sess}", AREA, 'current');
echo <<<EOT
<form method="post" action="https://www.thaiepay.com/epaylink/payment.aspx" name="process">
<input type="hidden" name="refno" value="{$order_id}">
<input type="hidden" name="merchantid" value="{$processor_data['processor_params']['merchantid']}">
<input type="hidden" name="customeremail" value="{$order_info['email']}">
<input type="hidden" name="productdetail" value="{$processor_data['processor_params']['details']}">
<input type="hidden" name="total" value="{$order_info['total']}">
<input type="hidden" name="cc" value="{$processor_data['processor_params']['currency']}">
<input type="hidden" name="lang" value="{$lang_code}">
<input type="hidden" name="returnurl" value="{$return_url}">
EOT;
$msg = __('text_cc_processor_connection', array('[processor]' => 'thaiepay.com server'));
echo <<<EOT
/**
* Processes payment form to make payment submit via non-embedded mode
* @param string $submit_url payment submit URL
* @param array $data payment data
* @param array $payment_name payment name
* @param boolean $exclude_empty_values flag to exclude empty values
* @param string $method submit method
* @return array data to submit form to host server
*/
public static function processPaymentForm($submit_url, $data, $payment_name, $exclude_empty_values, $method)
{
$data = array(Session::getName() => Session::getId(), 'data' => json_encode(array('submit_url' => $submit_url, 'data' => $data, 'payment_name' => $payment_name, 'method' => $method, 'exclude_empty_values' => $exclude_empty_values)));
$submit_url = fn_url('payment_notification.process_embedded');
$method = 'post';
$payment_name = '';
return array($submit_url, $data, $method, $payment_name);
}
/**
* Make cmpi_lookup request to 3-D Secure sevice provider
*
* @param array $processor_data Payment processor data
* @param array $order_info Order information
* @return boolean true
*/
function fn_cmpi_lookup($processor_data, $order_info, $mode = '')
{
unset($_SESSION['cmpi']);
$amount = preg_replace('/\\D/', '', $order_info['total']);
// array with ISO codes of currencies. //TODO: move to database.
$iso4217 = array('USD' => 840, 'GBP' => 826, 'EUR' => 978, 'AUD' => 036, 'CAD' => 124, 'JPY' => 392);
$settings = array('processor_id', 'merchant_id', 'transaction_password', 'transaction_url');
foreach ($settings as $setting) {
$_SESSION['cmpi'][$setting] = $processor_data['processor_params'][$setting];
}
$cardinal_request = <<<EOT
<CardinalMPI>
<MsgType>cmpi_lookup</MsgType>
<Version>1.7</Version>
<ProcessorId>{$_SESSION['cmpi']['processor_id']}</ProcessorId>
<MerchantId>{$_SESSION['cmpi']['merchant_id']}</MerchantId>
<TransactionPwd>{$_SESSION['cmpi']['transaction_password']}</TransactionPwd>
<TransactionType>C</TransactionType>
<Amount>{$amount}</Amount>
<CurrencyCode>{$iso4217[$processor_data['processor_params']['currency']]}</CurrencyCode>
<CardNumber>{$order_info['payment_info']['card_number']}</CardNumber>
<CardExpMonth>{$order_info['payment_info']['expiry_month']}</CardExpMonth>
<CardExpYear>20{$order_info['payment_info']['expiry_year']}</CardExpYear>
<OrderNumber>{$order_info['order_id']}</OrderNumber>
<OrderDesc>Order #{$order_info['order_id']}; customer: {$order_info['b_firstname']} {$order_info['b_lastname']};</OrderDesc>
<BrowserHeader>*/*</BrowserHeader>
<EMail>{$order_info['email']}</EMail>
<IPAddress>{$_SERVER['REMOTE_ADDR']}</IPAddress>
<BillingFirstName>{$order_info['b_firstname']}</BillingFirstName>
<BillingLastName>{$order_info['b_lastname']}</BillingLastName>
<BillingAddress1>{$order_info['b_address']}</BillingAddress1>
<BillingAddress2>{$order_info['b_address_2']}</BillingAddress2>
<BillingCity>{$order_info['b_city']}</BillingCity>
<BillingState>{$order_info['b_state']}</BillingState>
<BillingPostalCode>{$order_info['b_zipcode']}</BillingPostalCode>
<BillingCountryCode>{$order_info['b_country']}</BillingCountryCode>
<ShippingFirstName>{$order_info['s_firstname']}</ShippingFirstName>
<ShippingLastName>{$order_info['s_lastname']}</ShippingLastName>
<ShippingAddress1>{$order_info['s_address']}</ShippingAddress1>
<ShippingAddress2>{$order_info['s_address_2']}</ShippingAddress2>
<ShippingCity>{$order_info['s_city']}</ShippingCity>
<ShippingState>{$order_info['s_state']}</ShippingState>
<ShippingPostalCode>{$order_info['s_zipcode']}</ShippingPostalCode>
<ShippingCountryCode>{$order_info['s_country']}</ShippingCountryCode>
</CardinalMPI>
EOT;
Registry::set('log_cut_data', array('CardNumber', 'CardExpMonth', 'CardExpYear'));
$response_data = Http::post($_SESSION['cmpi']['transaction_url'], array('cmpi_msg' => $cardinal_request));
$cmpi = @simplexml_load_string($response_data);
$err_no = 0;
$_SESSION['cmpi']['enrolled'] = 'U';
$acs_url = '';
if (empty($response_data) || $cmpi === false) {
$_SESSION['cmpi']['eci_flag'] = fn_get_payment_card($order_info['payment_info']['card_number'], array('mastercard' => 1, 'visa' => 7, 'jcb' => 7));
$err_desc = 'Connection problem';
} else {
$err_no = intval((string) $cmpi->ErrorNo);
$err_desc = (string) $cmpi->ErrorDesc;
$acs_url = (string) $cmpi->ACSUrl;
$_SESSION['cmpi']['enrolled'] = (string) $cmpi->Enrolled;
$_SESSION['cmpi']['transaction_id'] = (string) $cmpi->TransactionId;
$_SESSION['cmpi']['eci_flag'] = (string) $cmpi->EciFlag;
}
if ($err_no == 0 && $_SESSION['cmpi']['enrolled'] == 'Y' && !empty($acs_url)) {
$sess = Session::getName() . '=' . Session::getId();
$payment_name = str_replace('.php', '', $processor_data['processor_script']);
$_SESSION['cmpi']['acs_url'] = $acs_url;
$_SESSION['cmpi']['order_id'] = $order_info['order_id'];
$_SESSION['cmpi']['frame_data'] = array('PaReq' => (string) $cmpi->Payload, 'TermUrl' => fn_url("payment_notification.bank?payment={$payment_name}&{$sess}", AREA, 'current'), 'MD' => '');
$frame_src = fn_url("payment_notification.frame?payment={$payment_name}&{$sess}", AREA, 'current');
$msg = __('text_cmpi_frame_message');
$back_link_msg = __('text_cmpi_go_back');
$dispatch = $mode == 'repay' ? 'orders.details?order_id=' . $order_info['order_id'] . '&' : 'checkout.checkout?';
$back_link = fn_url($dispatch . $sess, AREA, 'current');
echo <<<EOT
<table width="100%" cellspacing="0" cellpadding="0">
<tr>
<td valign="top" align="center">
<div style="width:500px;">
{$msg}
<br /><br />
</div>
</td>
</tr>
<tr>
<td valign="top" align="center">
<iframe width="420" height="420" marginwidth="0" marginheight="0" src="{$frame_src}"></iframe><br />
<br />
<div>
<a href="{$back_link}>{$back_link_msg}</a>
</div>
</td>
</tr>
</table>
EOT;
exit;
} else {
$_SESSION['cmpi']['err_no'][0] = $err_no;
$_SESSION['cmpi']['err_desc'][0] = $err_desc;
define('DO_DIRECT_PAYMENT', true);
}
return true;
}
/**
* Redirect browser to the new location
*
* @param string $location - destination of redirect
* @param bool $allow_external_redirect - allow redirection to external resource
* @param bool $is_permanent - if true, perform 301 redirect
* @return
*/
function fn_redirect($location, $allow_external_redirect = false, $is_permanent = false)
{
$external_redirect = false;
$protocol = defined('HTTPS') ? 'https' : 'http';
$meta_redirect = false;
// Cleanup location from & signs and call fn_url()
$location = fn_url(str_replace(array('&', "\n", "\r"), array('&', '', ''), $location));
// Convert absolute link with location to relative one
if (strpos($location, '://') !== false || substr($location, 0, 7) == 'mailto:') {
if (strpos($location, Registry::get('config.http_location')) !== false) {
$location = str_replace(array(Registry::get('config.http_location') . '/', Registry::get('config.http_location')), '', $location);
$protocol = 'http';
} elseif (strpos($location, Registry::get('config.https_location')) !== false) {
$location = str_replace(array(Registry::get('config.https_location') . '/', Registry::get('config.https_location')), '', $location);
$protocol = 'https';
} else {
if ($allow_external_redirect == false) {
// if external redirects aren't allowed, redirect to index script
$location = '';
} else {
$external_redirect = true;
}
}
// Convert absolute link without location to relative one
} else {
$_protocol = "";
$_location = "";
$http_path = Registry::get('config.http_path');
$https_path = Registry::get('config.https_path');
if (!empty($http_path) && substr($location, 0, strlen($http_path)) == $http_path) {
$_location = substr($location, strlen($http_path) + 1);
$_protocol = 'http';
}
if (!empty($https_path) && substr($location, 0, strlen($https_path)) == $https_path) {
// if https path partially equal to http path check if https path is not just a part of http path
// e. g. http://example.com/pathsimple & https://example.com/path
if ($_protocol != 'http' || empty($http_path) || substr($http_path, 0, strlen($https_path)) != $https_path) {
$_location = substr($location, strlen($https_path) + 1);
$_protocol = 'https';
}
}
$protocol = Registry::get('config.http_path') != Registry::get('config.https_path') && !empty($_protocol) ? $_protocol : $protocol;
$location = !empty($_protocol) ? $_location : $location;
}
if ($external_redirect == false) {
fn_set_hook('redirect', $location);
$protocol_changed = defined('HTTPS') && $protocol == 'http' || !defined('HTTPS') && $protocol == 'https';
// For correct redirection, location must be absolute with path
$location = ($protocol == 'http' ? Registry::get('config.http_location') : Registry::get('config.https_location')) . '/' . ltrim($location, '/');
// Parse the query string
$fragment = '';
$query_array = array();
$parsed_location = parse_url($location);
if (!empty($parsed_location['query'])) {
parse_str($parsed_location['query'], $query_array);
$location = str_replace('?' . $parsed_location['query'], '', $location);
}
if (!empty($parsed_location['fragment'])) {
$fragment = '#' . $parsed_location['fragment'];
$location = str_replace($fragment, '', $location);
}
if ($protocol_changed && (Registry::get('config.http_host') != Registry::get('config.https_host') || Registry::get('config.http_path') != Registry::get('config.https_path'))) {
$query_array[Session::getName()] = Session::getId();
}
// If this is not ajax request, remove ajax specific parameters
if (!defined('AJAX_REQUEST')) {
unset($query_array['is_ajax']);
unset($query_array['result_ids']);
} else {
$query_array['result_ids'] = implode(',', Tygh::$app['ajax']->result_ids);
$query_array['is_ajax'] = Tygh::$app['ajax']->redirect_type;
$query_array['full_render'] = !empty($_REQUEST['full_render']) ? $_REQUEST['full_render'] : false;
$query_array['callback'] = Tygh::$app['ajax']->callback;
$ajax_assigned_vars = Tygh::$app['ajax']->getAssignedVars();
if (!empty($ajax_assigned_vars['html'])) {
unset($ajax_assigned_vars['html']);
}
$query_array['_ajax_data'] = $ajax_assigned_vars;
}
if (!empty($query_array)) {
$location .= '?' . http_build_query($query_array) . $fragment;
}
// Redirect from https to http location
if ($protocol_changed && defined('HTTPS')) {
$meta_redirect = true;
}
}
fn_set_hook('redirect_complete', $meta_redirect);
if (!defined('AJAX_REQUEST') && Embedded::isEnabled()) {
if (strpos($location, Registry::get('config.http_location')) === 0) {
$location = str_replace(Registry::get('config.http_location'), '', $location);
} elseif (strpos($location, Registry::get('config.https_location')) === 0) {
$location = str_replace(Registry::get('config.https_location'), '', $location);
}
$location = Embedded::getUrl() . '#!' . urlencode($location);
$meta_redirect = true;
}
if (defined('AJAX_REQUEST')) {
// make in-script redirect during ajax request
$_purl = parse_url($location);
$_GET = array();
$_POST = array();
if (!empty($_purl['query'])) {
parse_str($_purl['query'], $_GET);
}
$_REQUEST = Bootstrap::safeInput($_GET);
$_SERVER['REQUEST_METHOD'] = 'GET';
$_SERVER['REQUEST_URI'] = $_purl['path'];
$_SERVER['QUERY_STRING'] = !empty($_purl['query']) ? $_purl['query'] : '';
fn_get_route($_REQUEST);
Registry::save();
// save registry cache to execute cleanup handlers
fn_init_settings();
fn_init_addons();
Registry::clearCacheLevels();
Tygh::$app['ajax']->updateRequest();
return fn_dispatch();
} elseif (!ob_get_contents() && !headers_sent() && !$meta_redirect) {
if ($is_permanent) {
header('HTTP/1.0 301 Moved Permanently');
}
header('Location: ' . $location);
exit;
} else {
$delay = (Debugger::isActive() || fn_is_development()) && !Registry::get('runtime.comet') ? 10 : 0;
if ($delay != 0) {
fn_echo('<a href="' . htmlspecialchars($location) . '" style="text-transform: lowercase;">' . __('continue') . '</a>');
}
fn_echo('<meta http-equiv="Refresh" content="' . $delay . ';URL=' . htmlspecialchars($location) . '" />');
}
fn_flush();
exit;
}
$pp_response['order_status'] = $_REQUEST['transStatus'] == 'Y' && (!empty($processor_data['processor_params']['callback_password']) ? !empty($_REQUEST['callbackPW']) && $_REQUEST['callbackPW'] == $processor_data['processor_params']['callback_password'] : true) ? 'P' : 'F';
if ($_REQUEST['transStatus'] == 'Y') {
$pp_response['reason_text'] = $_REQUEST['rawAuthMessage'];
$pp_response['transaction_id'] = $_REQUEST['transId'];
$pp_response['descr_avs'] = 'CVV (Security Code): ' . $avs_res[substr($_REQUEST['AVS'], 0, 1)] . '; Postcode: ' . $avs_res[substr($_REQUEST['AVS'], 1, 1)] . '; Address: ' . $avs_res[substr($_REQUEST['AVS'], 2, 1)] . '; Country: ' . $avs_res[substr($_REQUEST['AVS'], 3)];
}
if (!empty($_REQUEST['testMode'])) {
$pp_response['reason_text'] .= '; This a TEST Transaction';
}
$area = db_get_field("SELECT data FROM ?:order_data WHERE order_id = ?i AND type = 'E'", $order_id);
$override = $area == 'A' ? true : false;
fn_finish_payment($order_id, $pp_response, false);
echo "<head><meta http-equiv='refresh' content='0; url=" . fn_url("payment_notification.notify?payment=worldpay&order_id={$order_id}", $area, 'current', CART_LANGUAGE, $override) . "'></head><body><wpdisplay item=banner></body>";
exit;
} else {
if (!defined('BOOTSTRAP')) {
die('Access denied');
}
$_order_id = $order_info['repaid'] ? $order_id . '_' . $order_info['repaid'] : $order_id;
$s_id = Session::getId();
$sess_name = Session::getName();
$card_holder = $processor_data['processor_params']['test'] == $mode_test_declined ? $card_holder_for_declined_test : $order_info['b_firstname'] . ' ' . $order_info['b_lastname'];
$test_mode_id = $processor_data['processor_params']['test'] == $mode_test_declined ? $mode_test : $processor_data['processor_params']['test'];
$signature = md5($processor_data['processor_params']['md5_secret'] . ':' . $processor_data['processor_params']['account_id'] . ':' . $order_info['total'] . ':' . $processor_data['processor_params']['currency'] . ':' . $_order_id);
$data = array('signatureFields' => 'instId:amount:currency:cartId', 'signature' => $signature, 'instId' => $processor_data['processor_params']['account_id'], 'cartId' => $_order_id, 'amount' => $order_info['total'], 'currency' => $processor_data['processor_params']['currency'], 'testMode' => $test_mode_id, 'authMode' => $processor_data['processor_params']['authmode'], 'name' => $card_holder, 'tel' => $order_info['phone'], 'email' => $order_info['email'], 'address' => $order_info['b_address'] . ' ' . $order_info['b_city'] . ' ' . $order_info['b_state'] . ' ' . $order_info['b_country'], 'postcode' => $order_info['b_zipcode'], 'country' => $order_info['b_country'], "MC_{$sess_name}" => $s_id);
$order_data = array('order_id' => $order_id, 'type' => 'E', 'data' => AREA);
db_query("REPLACE INTO ?:order_data ?e", $order_data);
$submit_url = $processor_data['processor_params']['test'] == $mode_test_declined || $processor_data['processor_params']['test'] == $mode_test ? 'https://secure-test.worldpay.com/wcc/purchase' : 'https://secure.worldpay.com/wcc/purchase';
fn_create_payment_form($submit_url, $data, 'World Pay server', false);
exit;
}
$pp_response['order_status'] = 'P';
$pp_response['reason_text'] = $_REQUEST['msg'];
$pp_response['transaction_id'] = $_REQUEST['TxnGUID'];
$pp_response['card_number'] = $_REQUEST['mPAN'];
$pp_response['card'] = $_REQUEST['type'];
$pp_response['cardholder_name'] = $_REQUEST['name'];
$pp_response['expiry_month'] = substr($_REQUEST['exp'], 0, 2);
$pp_response['expiry_year'] = substr($_REQUEST['exp'], -2);
} elseif (!empty($_REQUEST['error'])) {
$pp_response['order_status'] = 'F';
$pp_response['reason_text'] = !empty($_REQUEST['msg']) ? $_REQUEST['msg'] : __('error');
} else {
$pp_response['order_status'] = 'N';
$pp_response['reason_text'] = __('transaction_cancelled');
}
if (fn_check_payment_script('cresecure.php', $order_id)) {
fn_finish_payment($order_id, $pp_response);
fn_order_placement_routines('route', $order_id);
}
}
} else {
if ($processor_data['processor_params']['test'] == 'live') {
$post_address = "https://safe.cresecure.net/securepayments/a1/cc_collection.php";
} else {
$post_address = "https://sandbox-cresecure.net/securepayments/a1/cc_collection.php";
}
$post_data = array('CRESecureID' => $processor_data['processor_params']['cresecureid'], 'total_amt' => sprintf('%.2f', $order_info['total']), 'return_url' => fn_url("payment_notification.return?payment=cresecure&order_id={$order_id}", AREA, 'https'), 'content_template_url' => fn_payment_url('https', "cresecure.php?order_id={$order_id}&display_full_path=Y"), 'b_country' => db_get_field('SELECT a.code_A3 FROM ?:countries as a WHERE a.code = ?s', $order_info['b_country']), 's_country' => db_get_field('SELECT a.code_A3 FROM ?:countries as a WHERE a.code = ?s', $order_info['s_country']), 'customer_address' => $order_info['b_address'] . (!empty($order_info['b_address_2']) ? ' ' . $order_info['b_address_2'] : ''), 'delivery_address' => $order_info['s_address'] . (!empty($order_info['s_address_2']) ? ' ' . $order_info['s_address_2'] : ''), 'customer_phone' => !empty($order_info['b_phone']) ? $order_info['b_phone'] : '', 'delivery_phone' => !empty($order_info['s_phone']) ? $order_info['s_phone'] : '', 'allowed_types' => !empty($processor_data['processor_params']['allowed_types']) ? join('|', $processor_data['processor_params']['allowed_types']) : 'Visa|MasterCard', 'sess_id' => Session::getId(), 'sess_name' => Session::getName(), 'order_id' => $order_info['order_id'], 'currency' => $processor_data['processor_params']['currency'], 'CRESecureAPIToken' => $processor_data['processor_params']['cresecureapitoken'], 'customer_id' => $order_info['user_id'], 'customer_company' => $order_info['company'], 'customer_firstname' => $order_info['b_firstname'], 'customer_lastname' => $order_info['b_lastname'], 'customer_email' => $order_info['email'], 'customer_city' => $order_info['b_city'], 'customer_state' => $order_info['b_state'], 'customer_postal_code' => $order_info['b_zipcode'], 'customer_country' => $order_info['b_country'], 'delivery_firstname' => $order_info['s_firstname'], 'delivery_lastname' => $order_info['s_lastname'], 'delivery_city' => $order_info['s_city'], 'delivery_state' => $order_info['s_state'], 'delivery_postal_code' => $order_info['s_zipcode'], 'ip_address' => $_SERVER['REMOTE_ADDR']);
fn_create_payment_form($post_address, $post_data, 'CRE secure', false);
}
exit;
}
/**
* Dispathes the execution control to correct controller
*
* @return nothing
*/
function fn_dispatch($controller = '', $mode = '', $action = '', $dispatch_extra = '', $area = AREA)
{
Debugger::checkpoint('After init');
fn_set_hook('before_dispatch');
$controller = empty($controller) ? Registry::get('runtime.controller') : $controller;
$mode = empty($mode) ? Registry::get('runtime.mode') : $mode;
$action = empty($action) ? Registry::get('runtime.action') : $action;
$dispatch_extra = empty($dispatch_extra) ? Registry::get('runtime.dispatch_extra') : $dispatch_extra;
$regexp = "/^[a-zA-Z0-9_\\+]+\$/";
if (!preg_match($regexp, $controller) || !preg_match($regexp, $mode)) {
throw new InputException('Error processing request');
}
$view = Registry::get('view');
$run_controllers = true;
$external = false;
$status = CONTROLLER_STATUS_NO_PAGE;
// Security
if (Registry::get('config.tweaks.anti_csrf') == true) {
$trusted_csrf_controllers = array('auth');
if ($_SERVER['REQUEST_METHOD'] == 'POST' && !in_array($controller, $trusted_csrf_controllers) && (empty($_SESSION['security_hash']) || empty($_REQUEST['security_hash']) || $_REQUEST['security_hash'] != $_SESSION['security_hash'])) {
fn_set_notification('E', __('error'), __('text_csrf_attack'));
fn_redirect(fn_url());
}
}
// If $config['http_host'] was different from the domain name, there was redirection to $config['http_host'] value.
if (Registry::get('config.current_host') != REAL_HOST && $_SERVER['REQUEST_METHOD'] == 'GET' && !defined('CONSOLE')) {
if (!empty($_SERVER['REDIRECT_URL'])) {
$qstring = $_SERVER['REDIRECT_URL'];
} else {
if (!empty($_SERVER['REQUEST_URI'])) {
$qstring = $_SERVER['REQUEST_URI'];
} else {
$qstring = Registry::get('config.current_url');
}
}
$curent_path = Registry::get('config.current_path');
if (!empty($curent_path) && strpos($qstring, $curent_path) === 0) {
$qstring = substr_replace($qstring, '', 0, fn_strlen($curent_path));
}
fn_redirect(Registry::get('config.current_location') . $qstring, false, true);
}
if (isset($_SERVER['CONTENT_LENGTH']) && ($_SERVER['CONTENT_LENGTH'] > fn_return_bytes(ini_get('upload_max_filesize')) || $_SERVER['CONTENT_LENGTH'] > fn_return_bytes(ini_get('post_max_size')))) {
$max_size = fn_return_bytes(ini_get('upload_max_filesize')) < fn_return_bytes(ini_get('post_max_size')) ? ini_get('upload_max_filesize') : ini_get('post_max_size');
fn_set_notification('E', __('error'), __('text_forbidden_uploaded_file_size', array('[size]' => $max_size)));
fn_redirect($_SERVER['HTTP_REFERER']);
}
// If URL contains session ID, remove it
if (!empty($_REQUEST[Session::getName()]) && $_SERVER['REQUEST_METHOD'] == 'GET') {
fn_redirect(fn_query_remove(Registry::get('config.current_url'), Session::getName()));
}
// If demo mode is enabled, check permissions FIX ME - why did we need one more user login check?
if ($area == 'A') {
if (Registry::get('config.demo_mode') == true) {
$run_controllers = fn_check_permissions($controller, $mode, 'demo');
if ($run_controllers == false) {
fn_set_notification('W', __('demo_mode'), __('demo_mode_content_text'), 'K', 'demo_mode');
if (defined('AJAX_REQUEST')) {
exit;
}
fn_delete_notification('changes_saved');
$status = CONTROLLER_STATUS_REDIRECT;
$_REQUEST['redirect_url'] = !empty($_SERVER['HTTP_REFERER']) ? $_SERVER['HTTP_REFERER'] : fn_url('');
}
} else {
$run_controllers = fn_check_permissions($controller, $mode, 'admin', '', $_REQUEST);
if ($run_controllers == false) {
if (defined('AJAX_REQUEST')) {
$_info = Debugger::isActive() || defined('DEVELOPMENT') ? ' ' . $controller . '.' . $mode : '';
fn_set_notification('W', __('warning'), __('access_denied') . $_info);
exit;
}
$status = CONTROLLER_STATUS_DENIED;
}
}
}
if ($area == 'A' && Registry::get('settings.Security.secure_admin') == 'Y' && !defined('HTTPS') && $_SERVER['REQUEST_METHOD'] != 'POST' && !defined('AJAX_REQUEST') && empty($_REQUEST['keep_location']) && !defined('CONSOLE')) {
fn_redirect(Registry::get('config.https_location') . '/' . Registry::get('config.current_url'));
} elseif ($area == 'C' && $_SERVER['REQUEST_METHOD'] != 'POST' && !defined('AJAX_REQUEST')) {
$secure_controllers = fn_get_secure_controllers();
// if we are not on https but controller is secure, redirect to https
if (isset($secure_controllers[$controller]) && $secure_controllers[$controller] == 'active' && !defined('HTTPS')) {
fn_redirect(Registry::get('config.https_location') . '/' . Registry::get('config.current_url'));
}
// if we are on https and the controller is insecure, redirect to http
if (!isset($secure_controllers[$controller]) && defined('HTTPS') && Registry::get('settings.Security.keep_https') != 'Y') {
fn_redirect('http://' . Registry::get('config.http_host') . Registry::get('config.http_path') . '/' . Registry::get('config.current_url'));
}
}
LastView::instance()->prepare($_REQUEST);
$controllers_cascade = array();
$controllers_list = array('init');
if ($run_controllers == true) {
$controllers_list[] = $controller;
$controllers_list = array_unique($controllers_list);
}
foreach ($controllers_list as $ctrl) {
$core_controllers = fn_init_core_controllers($ctrl);
list($addon_controllers) = fn_init_addon_controllers($ctrl);
if (empty($core_controllers) && empty($addon_controllers)) {
//$controllers_cascade = array(); // FIXME: controllers_cascade contains INIT. We should not clear initiation code.
$status = CONTROLLER_STATUS_NO_PAGE;
$run_controllers = false;
break;
}
if (count($core_controllers) + count($addon_controllers) > 1) {
throw new DeveloperException('Duplicate controller ' . $controller . var_export(array_merge($core_controllers, $addon_controllers), true));
}
$core_pre_controllers = fn_init_core_controllers($ctrl, GET_PRE_CONTROLLERS);
$core_post_controllers = fn_init_core_controllers($ctrl, GET_POST_CONTROLLERS);
list($addon_pre_controllers) = fn_init_addon_controllers($ctrl, GET_PRE_CONTROLLERS);
list($addon_post_controllers, $addons) = fn_init_addon_controllers($ctrl, GET_POST_CONTROLLERS);
// we put addon post-controller to the top of post-controller cascade if current addon serves this request
if (count($addon_controllers)) {
$addon_post_controllers = fn_reorder_post_controllers($addon_post_controllers, $addon_controllers[0]);
}
$controllers_cascade = array_merge($controllers_cascade, $addon_pre_controllers, $core_pre_controllers, $core_controllers, $addon_controllers, $core_post_controllers, $addon_post_controllers);
if (empty($controllers_cascade)) {
throw new DeveloperException("No controllers for: {$ctrl}");
}
}
if ($mode == 'add') {
$tpl = 'update.tpl';
} elseif (strpos($mode, 'add_') === 0) {
$tpl = str_replace('add_', 'update_', $mode) . '.tpl';
} else {
$tpl = $mode . '.tpl';
}
$view = Registry::get('view');
if ($view->templateExists('views/' . $controller . '/' . $tpl)) {
// try to find template in base views
$view->assign('content_tpl', 'views/' . $controller . '/' . $tpl);
} elseif (defined('LOADED_ADDON_PATH') && $view->templateExists('addons/' . LOADED_ADDON_PATH . '/views/' . $controller . '/' . $tpl)) {
// try to find template in addon views
$view->assign('content_tpl', 'addons/' . LOADED_ADDON_PATH . '/views/' . $controller . '/' . $tpl);
} elseif (!empty($addons)) {
// try to find template in addon views that extend base views
foreach ($addons as $addon => $_v) {
if ($view->templateExists('addons/' . $addon . '/views/' . $controller . '/' . $tpl)) {
$view->assign('content_tpl', 'addons/' . $addon . '/views/' . $controller . '/' . $tpl);
break;
}
}
}
fn_set_hook('dispatch_assign_template', $controller, $mode, $area);
foreach ($controllers_cascade as $item) {
$_res = fn_run_controller($item, $controller, $mode, $action, $dispatch_extra);
// 0 - status, 1 - url
$url = !empty($_res[1]) ? $_res[1] : '';
$external = !empty($_res[2]) ? $_res[2] : false;
$permanent = !empty($_res[3]) ? $_res[3] : false;
// Status could be changed only if we allow to run controllers despite of init controller
if ($run_controllers == true) {
$status = !empty($_res[0]) ? $_res[0] : CONTROLLER_STATUS_OK;
}
if ($status == CONTROLLER_STATUS_OK && !empty($url)) {
$redirect_url = $url;
} elseif ($status == CONTROLLER_STATUS_REDIRECT && !empty($url)) {
$redirect_url = $url;
break;
} elseif ($status == CONTROLLER_STATUS_DENIED || $status == CONTROLLER_STATUS_NO_PAGE) {
break;
}
}
LastView::instance()->init($_REQUEST);
// In console mode, just stop here
if (defined('CONSOLE')) {
exit;
}
if (!empty($_SESSION['auth']['this_login']) && Registry::ifGet($_SESSION['auth']['this_login'], 'N') === 'Y') {
fn_set_notification('E', __('error'), __(ACCOUNT_TYPE . LOGIN_STATUS_USER_DISABLED));
$status = CONTROLLER_STATUS_DENIED;
}
// [Block manager]
// block manager is disabled for vendors.
if (!(fn_allowed_for('MULTIVENDOR') && Registry::get('runtime.company_id') || fn_allowed_for('ULTIMATE') && !Registry::get('runtime.company_id'))) {
if (fn_check_permissions('block_manager', 'manage', 'admin')) {
$dynamic_object = SchemesManager::getDynamicObject($_REQUEST['dispatch'], $area);
if (!empty($dynamic_object)) {
if ($area == 'A' && Registry::get('runtime.mode') != 'add' && !empty($_REQUEST[$dynamic_object['key']])) {
$object_id = $_REQUEST[$dynamic_object['key']];
$location = Location::instance()->get($dynamic_object['customer_dispatch'], $dynamic_object, CART_LANGUAGE);
if (!empty($location) && $location['is_default'] != 1) {
$params = array('dynamic_object' => array('object_type' => $dynamic_object['object_type'], 'object_id' => $object_id), $dynamic_object['key'] => $object_id, 'manage_url' => Registry::get('config.current_url'));
Registry::set('navigation.tabs.blocks', array('title' => __('layouts'), 'href' => 'block_manager.manage_in_tab?' . http_build_query($params), 'ajax' => true));
}
}
}
}
}
// [/Block manager]
// Redirect if controller returned successful/redirect status only
if (in_array($status, array(CONTROLLER_STATUS_OK, CONTROLLER_STATUS_REDIRECT)) && !empty($_REQUEST['redirect_url']) && !$external) {
$redirect_url = $_REQUEST['redirect_url'];
}
// If controller returns "Redirect" status, check if redirect url exists
if ($status == CONTROLLER_STATUS_REDIRECT && empty($redirect_url)) {
$status = CONTROLLER_STATUS_NO_PAGE;
}
// In backend show "changes saved" notification
if ($area == 'A' && $_SERVER['REQUEST_METHOD'] == 'POST' && in_array($status, array(CONTROLLER_STATUS_OK, CONTROLLER_STATUS_REDIRECT))) {
if (strpos($mode, 'update') !== false && !fn_notification_exists('extra', 'demo_mode') && !fn_notification_exists('type', 'E')) {
fn_set_notification('N', __('notice'), __('text_changes_saved'), 'I', 'changes_saved');
}
}
// Attach params and redirect if needed
if (in_array($status, array(CONTROLLER_STATUS_OK, CONTROLLER_STATUS_REDIRECT)) && !empty($redirect_url)) {
$params = array('page', 'selected_section', 'active_tab');
$url_params = array();
foreach ($params as $param) {
if (!empty($_REQUEST[$param])) {
$url_params[$param] = $_REQUEST[$param];
}
}
if (!empty($url_params)) {
$redirect_url = fn_link_attach($redirect_url, http_build_query($url_params));
}
if (!isset($external)) {
$external = false;
}
if (!isset($permanent)) {
$permanent = false;
}
fn_redirect($redirect_url, $external, $permanent);
}
if (!$view->getTemplateVars('content_tpl') && $status == CONTROLLER_STATUS_OK) {
// FIXME
$status = CONTROLLER_STATUS_NO_PAGE;
}
if ($status != CONTROLLER_STATUS_OK) {
if ($status == CONTROLLER_STATUS_NO_PAGE) {
if ($area == 'A' && empty($_SESSION['auth']['user_id'])) {
// If admin is not logged in redirect to login page from not found page
fn_set_notification('W', __('page_not_found'), __('page_not_found_text'));
fn_redirect("auth.login_form");
}
header(' ', true, 404);
}
$view->assign('exception_status', $status);
if ($area == 'A') {
$view->assign('content_tpl', 'exception.tpl');
// for backend only
}
if ($status == CONTROLLER_STATUS_DENIED) {
$view->assign('page_title', __('access_denied'));
} elseif ($status == CONTROLLER_STATUS_NO_PAGE) {
$view->assign('page_title', __('page_not_found'));
}
}
fn_set_hook('dispatch_before_display');
Debugger::checkpoint('Before TPL');
// Pass current URL to ajax response only if we render whole page
if (defined('AJAX_REQUEST') && Registry::get('runtime.root_template') == 'index.tpl') {
Registry::get('ajax')->assign('current_url', fn_url(Registry::get('config.current_url'), $area, 'current'));
}
Registry::get('view')->display(Registry::get('runtime.root_template'));
Debugger::checkpoint('After TPL');
Debugger::display();
fn_set_hook('complete');
exit;
// stop execution
}
