<?php
// Security
if ($SMCallback !== true) {
echo "Unauthorized!";
// Not executed in the context of Sitemagic
exit;
}
if (SMAuthentication::Authorized() === false) {
throw new exception("Unauthorized!");
}
// Parameters
$imagesFolder = SMEnvironment::GetDataDirectory() . "/SMShop";
$command = count($_FILES) > 0 ? "Upload" : "Remove";
// Upload file
if ($command === "Upload") {
if (isset($_FILES["SelectedFile"]) === false || $_FILES["SelectedFile"]["error"] !== 0 || $_FILES["SelectedFile"]["name"] === "") {
header("HTTP/1.1 500 Internal Server Error");
echo "Error";
exit;
}
// File information
$dir = $imagesFolder;
$filename = $_FILES["SelectedFile"]["name"];
// Ensure target folder
if (SMFileSystem::FolderExists($dir) === false) {
$res = SMFileSystem::CreateFolder($dir);
if ($res === false) {
header("HTTP/1.1 500 Internal Server Error");
echo "Error - unable to create '" . $dir . "'";
exit;
$json = SMShopGetJsonData();
$model = $json["Model"];
$props = $json["Properties"];
$command = $json["Operation"];
$match = isset($json["Match"]) === true ? $json["Match"] : null;
$dataSourceName = "SMShop" . ($model !== "OrderEntry" ? $model . "s" : "OrderEntries");
// $model contains e.g. "Product", "Order", or "OrderEntry"
// Make sure DataSource is supported
if (in_array($dataSourceName, array_keys($dataSourcesAllowed), true) === false) {
header("HTTP/1.1 500 Internal Server Error");
echo "Invalid data source";
exit;
}
$dsDef = $dataSourcesAllowed[$dataSourceName];
// Make sure user is authorized for operations requiring authorization
if (in_array($command, $dsDef["AuthRequired"]) === true && SMAuthentication::Authorized() === false) {
header("HTTP/1.1 500 Internal Server Error");
echo "Unauthorized - '" . $model . "' requires authentication for operation '" . $command . "'";
exit;
}
// Sanitize input
foreach ($props as $prop => $val) {
SMShopValidateField($dsDef, $prop, $val);
if ($dsDef["Fields"][$prop]["DataType"] === "string") {
$props[$prop] = strip_tags($val);
}
}
foreach ($match !== null ? $match : array() as $m) {
SMShopValidateField($dsDef, $m["Field"], $m["Value"]);
if ($m["Operator"] !== "=" && $m["Operator"] !== "!=" && $m["Operator"] !== "<" && $m["Operator"] !== "<=" && $m["Operator"] !== ">" && $m["Operator"] !== ">=") {
header("HTTP/1.1 500 Internal Server Error");
public function Render()
{
if (SMEnvironment::GetQueryValue("SMShopEditProducts") !== null) {
if (SMAuthentication::Authorized() === false) {
SMExtensionManager::ExecuteExtension(SMExtensionManager::GetDefaultExtension());
}
$frm = new SMShopFrmShop($this->context);
return $frm->Render();
}
if (SMEnvironment::GetQueryValue("SMShopBasket") !== null) {
$frm = new SMShopFrmBasket($this->context);
return $frm->Render();
} else {
$frm = new SMShopFrmProducts($this->context);
return $frm->Render();
}
}
