/**
* View the cart
*/
function shop_user_viewcart()
{
// If the user returns to the cart after taking other steps, unset any errors from earlier in the session.
xarSession::delVar('errors');
sys::import('modules.dynamicdata.class.objects.master');
$subtotals = array();
$products = array();
$total = 0;
// May want to display cust info with the cart...
$cust = xarMod::APIFunc('shop', 'user', 'customerinfo');
$data['cust'] = $cust;
$shop = xarSession::getVar('shop');
foreach ($shop as $pid => $val) {
// If this post variable is set, we must need to update the quantity
if (isset($_POST['qty' . $pid])) {
unset($qty_new);
// Have to unset this since we're in a foreach
if (!xarVarFetch('qty' . $pid, 'isset', $qty_new, NULL, XARVAR_DONT_SET)) {
return;
}
if ($qty_new == 0) {
unset($shop[$pid]);
} else {
$shop[$pid]['qty'] = $qty_new;
}
}
// If the quantity hasn't been set to zero, add it to the $products array...
if (isset($shop[$pid])) {
// Commas in the quantity seem to mess up our math
$products[$pid]['qty'] = str_replace(',', '', $shop[$pid]['qty']);
// Get the product info
$object = DataObjectMaster::getObject(array('name' => 'shop_products'));
$some_id = $object->getItem(array('itemid' => $pid));
$values = $object->getFieldValues();
$products[$pid]['title'] = xarVarPrepForDisplay($values['title']);
$products[$pid]['price'] = $values['price'];
$subtotal = $values['price'] * $products[$pid]['qty'];
$subtotals[] = $subtotal;
// so we can use array_sum() to add it all up
if (substr($subtotal, 0, 1) == '.') {
$subtotal = '0' . $subtotal;
}
$products[$pid]['subtotal'] = number_format($subtotal, 2);
}
}
xarSession::setVar('shop', $shop);
$total = array_sum($subtotals);
// Add a zero to the front of the number if it starts with a decimal...
if (substr($total, 0, 1) == '.') {
$total = '0' . $total;
}
$total = number_format($total, 2);
xarSession::setVar('products', $products);
// update the session variable
$data['products'] = $products;
// don't want too much session stuff in the templates
xarSession::setVar('total', $total);
$data['total'] = $total;
return $data;
}
/**
* Create a new customer
*/
function shop_user_newcustomer()
{
if (!xarVarFetch('objectid', 'id', $data['objectid'], NULL, XARVAR_DONT_SET)) {
return;
}
if (!xarVarFetch('returnurl', 'str', $returnurl, NULL, XARVAR_NOT_REQUIRED)) {
return;
}
sys::import('modules.dynamicdata.class.objects.master');
$rolesobject = DataObjectMaster::getObject(array('name' => 'roles_users'));
$data['properties'] = $rolesobject->properties;
// Check if we are in 'preview' mode from the input here - the rest is handled by checkInput()
// Here we are testing for a button clicked, so we test for a string
if (!xarVarFetch('preview', 'str', $data['preview'], NULL, XARVAR_DONT_SET)) {
return;
}
// Check if we are submitting the form
// Here we are testing for a hidden field we define as true on the template, so we can use a boolean (true/false)
if (!xarVarFetch('confirm', 'bool', $data['confirm'], false, XARVAR_NOT_REQUIRED)) {
return;
}
if ($data['confirm']) {
// Check for a valid confirmation key. The value is automatically gotten from the template
if (!xarSecConfirmAuthKey()) {
return xarTplModule('privileges', 'user', 'errors', array('layout' => 'bad_author'));
}
// Get the data from the form and see if it is all valid
// Either way the values are now stored in the object
$isvalid = $rolesobject->properties['email']->checkInput();
$isvalid2 = $rolesobject->properties['password']->checkInput();
if (!$isvalid || !$isvalid2) {
// Bad data: redisplay the form with the data we picked up and with error messages
return xarTplModule('shop', 'user', 'newcustomer', $data);
} else {
$email = $rolesobject->properties['email']->getValue();
$password = $rolesobject->properties['password']->getValue();
$rolesobject->properties['name']->setValue($email);
$rolesobject->properties['email']->setValue($email);
$rolesobject->properties['uname']->setValue($email);
$rolesobject->properties['password']->setValue($password);
$rolesobject->properties['state']->setValue(3);
$authmodule = (int) xarMod::getID('shop');
$rolesobject->properties['authmodule']->setValue($authmodule);
$uid = $rolesobject->createItem();
$custobject = DataObjectMaster::getObject(array('name' => 'shop_customers'));
$custobject->createItem(array('id' => $uid));
if (isset($returnurl)) {
xarMod::APIFunc('authsystem', 'user', 'login', array('uname' => $email, 'pass' => $password));
xarResponse::redirect($returnurl);
} else {
xarResponse::redirect(xarModURL('shop'));
}
// Always add the next line even if processing never reaches it
return true;
}
}
// Return the template variables defined in this function
return $data;
}
function shop_adminapi_handlepgresponse($args)
{
extract($args);
$pg = xarModVars::get('shop', 'payment_gateway');
$trans_id = false;
$pg_response = xarSession::getVar('pg_response');
switch ($pg) {
case 1:
// demo mode
$trans_id = rand(1000, 99999999);
// fake trans id
break;
case 2:
// authorize.net
$response = xarMod::APIFunc('shop', 'admin', 'authorizenet', $transfields);
if ($response[1] == 1) {
$trans_id = $response[7];
} else {
$num = $response[1];
$authorizenet_codes = array(1 => 'Approved', 2 => 'Declined', 3 => 'Error', 4 => 'Held for Review');
$msg = $response[4];
$msg .= ' Response code: ' . $authorizenet_codes[$num];
$pg_response['msg'] = $msg;
}
break;
case 3:
// paypal web payments pro
$args['transfields'] = $transfields;
$args['methodName_'] = 'DoDirectPayment';
$response = xarMod::APIFunc('shop', 'admin', 'paypal', $args);
if ($response['ACK'] == 'Success') {
$trans_id = $response['TRANSACTIONID'];
} else {
$msg = $response['ACK'];
$msg .= '. Response: ' . urldecode($response['L_LONGMESSAGE0']);
$pg_response['msg'] = $msg;
}
break;
case 4:
// something else
// your code
break;
}
if (isset($pg_response)) {
xarSession::setVar('pg_response', $pg_response);
}
$response['trans_id'] = $trans_id;
return $response;
}
/**
* List shipping addresses
*/
function shop_admin_shippingaddresses()
{
if (!xarVarFetch('startnum', 'isset', $data['startnum'], NULL, XARVAR_DONT_SET)) {
return;
}
if (!xarVarFetch('uid', 'isset', $data['uid'], NULL, XARVAR_DONT_SET)) {
return;
}
$objectname = 'shop_shippingaddresses';
$data['objectname'] = $objectname;
// Security check - important to do this as early as possible to avoid
// potential security holes or just too much wasted processing
if (!xarSecurityCheck('AdminShop')) {
return;
}
$data['items_per_page'] = xarModVars::get('shop', 'items_per_page');
// Load the DD master object class. This line will likely disappear in future versions
sys::import('modules.dynamicdata.class.objects.master');
// Get the object label for the template
$object = DataObjectMaster::getObject(array('name' => $objectname));
$data['label'] = $object->label;
// Get the fields to display in the admin interface
$config = $object->configuration;
if (!empty($config['adminfields'])) {
$data['adminfields'] = $config['adminfields'];
} else {
$data['adminfields'] = array_keys($object->getProperties());
}
// Get the object we'll be working with. Note this is a so called object list
$mylist = DataObjectMaster::getObjectList(array('name' => $objectname));
// Load the DD master property class. This line will likely disappear in future versions
sys::import('modules.dynamicdata.class.properties.master');
$data['sort'] = xarMod::ApiFunc('shop', 'admin', 'sort', array('sortfield_fallback' => 'customer', 'ascdesc_fallback' => 'DESC'));
// We have some filters for the items
$filters = array('startnum' => $data['startnum'], 'status' => DataPropertyMaster::DD_DISPLAYSTATE_ACTIVE, 'sort' => $data['sort']);
if (isset($data['uid'])) {
$filters['where'] = 'customer eq ' . $data['uid'];
$data['cust'] = xarMod::APIFunc('shop', 'user', 'customerinfo', array('id' => $data['uid']));
}
// Get the items
$items = $mylist->getItems($filters);
$data['none'] = false;
if (count($items) == 0) {
$data['none'] = true;
}
$data['mylist'] = $mylist;
// Return the template variables defined in this function
return $data;
}
/**
* Start the checkout process -- user can create account or log into existing account
*/
function shop_user_start()
{
// Redirects at the start of the user functions are just a way to make sure someone isn't where they don't need to be
if (xarUserIsLoggedIn()) {
xarResponse::redirect(xarModURL('shop', 'user', 'viewcart'));
return true;
}
$shop = xarSession::getVar('shop');
if (empty($shop)) {
xarResponse::redirect(xarModURL('shop', 'user', 'main'));
return true;
}
sys::import('modules.dynamicdata.class.objects.master');
sys::import('modules.dynamicdata.class.properties.master');
$rolesobject = DataObjectMaster::getObject(array('name' => 'roles_users'));
$properties = $rolesobject->properties;
$data['properties'] = $properties;
$isvalid = $rolesobject->properties['email']->checkInput();
$isvalid2 = $rolesobject->properties['password']->checkInput();
if ($isvalid && $isvalid2) {
if (!xarSecConfirmAuthKey()) {
// right time to do this??
return xarTplModule('privileges', 'user', 'errors', array('layout' => 'bad_author'));
}
// Create the role and the customer object and then log in
$email = $rolesobject->properties['email']->getValue();
$password = $rolesobject->properties['password']->getValue();
$values['name'] = $email;
$values['email'] = $email;
$values['uname'] = $email;
$values['password'] = $password;
$values['state'] = 3;
$rolesobject->setFieldValues($values, 1);
$uid = $rolesobject->createItem();
$custobject = DataObjectMaster::getObject(array('name' => 'shop_customers'));
$custobject->createItem(array('id' => $uid));
$name = 'dd_' . $properties['password']->id;
$vals = $properties['password']->fetchValue($name);
$pass = $vals[1][0];
$res = xarMod::APIFunc('authsystem', 'user', 'login', array('uname' => $email, 'pass' => $pass));
xarResponse::redirect(xarModURL('shop', 'user', 'shippingaddress'));
return true;
} else {
// We don't yet have a valid email or password for registration...
return xarTplModule('shop', 'user', 'start', $data);
}
}
/**
* Select existing payment method or create new one to use for this transaction
*/
function shop_user_paymentmethod()
{
// Redirects at the start of the user functions are just a way to make sure someone isn't where they don't need to be
$shippingaddress = xarSession::getVar('shippingaddress');
if (empty($shippingaddress)) {
xarResponse::redirect(xarModURL('shop', 'user', 'shippingaddress'));
return true;
}
$shop = xarSession::getVar('shop');
if (!xarUserIsLoggedIn() || empty($shop)) {
xarResponse::redirect(xarModURL('shop', 'user', 'main'));
return true;
}
if (!xarVarFetch('proceedsaved', 'str', $proceedsaved, NULL, XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('proceednew', 'str', $proceednew, NULL, XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('paymentmethod', 'str', $paymentmethod, NULL, XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('remove', 'str', $remove, NULL, XARVAR_NOT_REQUIRED)) {
return;
}
$cust = xarMod::APIFunc('shop', 'user', 'customerinfo');
$data['cust'] = $cust;
sys::import('modules.dynamicdata.class.objects.master');
sys::import('modules.dynamicdata.class.properties.master');
$shippingobject = DataObjectMaster::getObject(array('name' => 'shop_shippingaddresses'));
$shippingobject->getItem(array('itemid' => xarSession::getVar('shippingaddress')));
$shippingvals = $shippingobject->getFieldValues();
$data['shippingvals'] = $shippingvals;
// Get the saved payment methods, if any exist
$mylist = DataObjectMaster::getObjectList(array('name' => 'shop_paymentmethods'));
$filters = array('status' => DataPropertyMaster::DD_DISPLAYSTATE_ACTIVE, 'where' => 'customer eq ' . xarUserGetVar('id'));
$paymentmethods = $mylist->getItems($filters);
$data['paymentmethods'] = $paymentmethods;
$data['paymentobject'] = DataObjectMaster::getObject(array('name' => 'shop_paymentmethods'));
$data['paymentobject']->properties['name']->display_show_salutation = false;
$data['paymentobject']->properties['name']->display_show_middlename = false;
$data['paymentobject']->properties['address']->display_rows = 1;
$data['paymentobject']->properties['address']->display_show_country = false;
$data['properties'] = $data['paymentobject']->getProperties();
if ($remove) {
if ($remove == xarSession::getVar('paymentmethod')) {
xarSession::delVar('paymentmethod');
}
$data['paymentobject']->getItem(array('itemid' => $remove));
$data['paymentobject']->deleteItem();
xarResponse::redirect(xarModURL('shop', 'user', 'paymentmethod'));
return true;
}
$selectedpaymentmethod = xarSession::getVar('paymentmethod');
if (!empty($selectedpaymentmethod)) {
$data['paymentmethod'] = $selectedpaymentmethod;
}
// If we're using a saved payment method...
if ($proceedsaved) {
xarSession::setVar('paymentmethod', $paymentmethod);
xarResponse::redirect(xarModURL('shop', 'user', 'order'));
return true;
} elseif ($proceednew) {
// We're not using a saved payment method...
$isvalid = $data['paymentobject']->checkInput();
if (isset($exp_date)) {
$exp_month = substr($exp_date, 0, 2);
$exp_year = substr($exp_date, 2, 4);
$reverse_date = $exp_year . $exp_month;
$minimum_date = date('ym', time());
if ($minimum_date > $reverse_date) {
$errors['exp_date'] = true;
}
}
if (isset($errors)) {
xarSession::setVar('errors', $errors);
}
if (!$isvalid) {
return xarTplModule('shop', 'user', 'paymentmethod', $data);
} else {
xarSession::setVar('paymentmethod', $data['paymentobject']->createItem());
xarResponse::redirect(xarModURL('shop', 'user', 'order'));
return true;
}
}
return $data;
}
/**
* Review and submit order
*/
function shop_user_order()
{
// Redirects at the start of the user functions are just a way to make sure someone isn't where they don't need to be
$shippingaddress = xarSession::getVar('shippingaddress');
if (empty($shippingaddress)) {
xarResponse::redirect(xarModURL('shop', 'user', 'shippingaddress'));
return true;
}
$paymentmethod = xarSession::getVar('paymentmethod');
if (empty($paymentmethod)) {
xarResponse::redirect(xarModURL('shop', 'user', 'paymentmethod'));
return true;
}
$shop = xarSession::getVar('shop');
if (!xarUserIsLoggedIn() || empty($shop)) {
xarResponse::redirect(xarModURL('shop', 'user', 'main'));
return;
}
if (!xarVarFetch('placeorder', 'str', $placeorder, NULL, XARVAR_NOT_REQUIRED)) {
return;
}
sys::import('modules.dynamicdata.class.objects.master');
$shippingobject = DataObjectMaster::getObject(array('name' => 'shop_shippingaddresses'));
$shippingobject->getItem(array('itemid' => xarSession::getVar('shippingaddress')));
$shippingvals = $shippingobject->getFieldValues();
$data['shippingvals'] = $shippingvals;
$data['products'] = xarSession::getVar('products');
$data['total'] = xarSession::getVar('total');
$time = time();
xarSession::setVar('time', $time);
$paymentobject = DataObjectMaster::getObject(array('name' => 'shop_paymentmethods'));
$paymentmethod = xarSession::getVar('paymentmethod');
$paymentobject->getItem(array('itemid' => $paymentmethod));
$values = $paymentobject->getFieldValues();
$data['payvalues'] = $values;
if ($placeorder) {
/*if (isset($exp_date)) {
$exp_month = substr($exp_date,0,2);
$exp_year = substr($exp_date,2,4);
$reverse_date = $exp_year . $exp_month;
$minimum_date = date('ym',time());
if ($minimum_date > $reverse_date) {
$errors = xarSession::getVar('errors');
$errors['exp_date'] = true;
xarSession::setVar('errors',$errors);
}
}*/
// A few more things
$values['date'] = $time;
$values['products'] = serialize($data['products']);
$values['total'] = xarSession::getVar('total');
/*****************************/
/***** PAYMENT PROCESSING ****/
/*****************************/
$response = xarMod::APIFunc('shop', 'admin', 'handlepgresponse', array('transfields' => $values));
if (isset($response['trans_id']) && !empty($response['trans_id'])) {
// We have a successful transaction...
$data['response'] = $response;
$values['pg_transaction_id'] = $response['trans_id'];
$transobject = DataObjectMaster::getObject(array('name' => 'shop_transactions'));
$tid = $transobject->createItem($values);
$order = xarSession::getVar('order');
$order['products'] = xarSession::getVar('products');
$order['tid'] = $tid;
$order['date'] = date('F j, Y g:i a', xarSession::getVar('time'));
xarSession::setVar('order', $order);
xarSession::delVar('pg_response');
// This is set in shop_adminapi_handlepgresponse()
//Need to clear all this now that the purchase went through. Doing so ensures we don't re-submit the order
xarSession::delVar('errors');
xarSession::delVar('shop');
xarSession::delVar('products');
xarResponse::redirect(xarModURL('shop', 'user', 'complete'));
return true;
} else {
// There must be a problem...
$pg_key = xarModVars::get('shop', 'pg_key');
// Assuming we're using the key field for all payment gateways for keys, passwords and the like...
if (empty($pg_key)) {
$errors = xarSession::getVar('pg_response');
$pg_response['msg'] .= "<p style='color:red'><strong>Looks like you haven't entered a payment gateway key. <a href='" . xarModURL('shop', 'admin', 'overview') . "'>Read me</a>.</strong></p>";
xarSession::setVar('pg_response', $pg_response);
}
xarResponse::redirect(xarModURL('shop', 'user', 'order'));
return true;
}
}
return $data;
}