/**
* Modify a customer
*/
function shop_admin_modifycustomer()
{
if (!xarVarFetch('itemid', 'id', $data['itemid'], NULL, XARVAR_DONT_SET)) {
return;
}
if (!xarVarFetch('confirm', 'bool', $data['confirm'], false, XARVAR_NOT_REQUIRED)) {
return;
}
$objectname = 'shop_customers';
$data['objectname'] = $objectname;
// Check if we still have no id of the item to modify.
if (empty($data['itemid'])) {
$msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', 'item id', 'admin', 'modify', 'shop');
throw new Exception($msg);
}
if (!xarSecurityCheck('AdminShop', 1, 'Item', $data['itemid'])) {
return;
}
sys::import('modules.dynamicdata.class.objects.master');
$object = DataObjectMaster::getObject(array('name' => $objectname));
$data['object'] = $object;
$data['label'] = $object->label;
$object->getItem(array('itemid' => $data['itemid']));
$values = $object->getFieldValues();
foreach ($values as $name => $value) {
$data[$name] = xarVarPrepForDisplay($value);
}
$rolesobject = DataObjectMaster::getObject(array('name' => 'roles_users'));
$rolesobject->getItem(array('itemid' => $data['itemid']));
if ($data['confirm']) {
// Check for a valid confirmation key
if (!xarSecConfirmAuthKey()) {
return xarTplModule('privileges', 'user', 'errors', array('layout' => 'bad_author'));
}
// Get the data from the form
$isvalid = $object->checkInput();
if (!$isvalid) {
// Bad data: redisplay the form with the data we picked up and with error messages
return xarTplModule('shop', 'admin', 'modifycustomer', $data);
} elseif (isset($data['preview'])) {
// Show a preview, same thing as the above essentially
return xarTplModule('shop', 'admin', 'modifycustomer', $data);
} else {
$first_name = $object->properties['first_name']->getValue();
$last_name = $object->properties['last_name']->getValue();
$rolesobject->properties['name']->setValue($first_name . ' ' . $last_name);
$rolesobject->updateItem();
$object->updateItem();
// Jump to the next page
xarResponse::redirect(xarModURL('shop', 'admin', 'modifycustomer', array('itemid' => $data['itemid'])));
return $data;
}
} else {
// Get that specific item of the object
$object->getItem(array('itemid' => $data['itemid']));
}
// Return the template variables defined in this function
return $data;
}
/**
* Create a new customer
*/
function shop_user_newcustomer()
{
if (!xarVarFetch('objectid', 'id', $data['objectid'], NULL, XARVAR_DONT_SET)) {
return;
}
if (!xarVarFetch('returnurl', 'str', $returnurl, NULL, XARVAR_NOT_REQUIRED)) {
return;
}
sys::import('modules.dynamicdata.class.objects.master');
$rolesobject = DataObjectMaster::getObject(array('name' => 'roles_users'));
$data['properties'] = $rolesobject->properties;
// Check if we are in 'preview' mode from the input here - the rest is handled by checkInput()
// Here we are testing for a button clicked, so we test for a string
if (!xarVarFetch('preview', 'str', $data['preview'], NULL, XARVAR_DONT_SET)) {
return;
}
// Check if we are submitting the form
// Here we are testing for a hidden field we define as true on the template, so we can use a boolean (true/false)
if (!xarVarFetch('confirm', 'bool', $data['confirm'], false, XARVAR_NOT_REQUIRED)) {
return;
}
if ($data['confirm']) {
// Check for a valid confirmation key. The value is automatically gotten from the template
if (!xarSecConfirmAuthKey()) {
return xarTplModule('privileges', 'user', 'errors', array('layout' => 'bad_author'));
}
// Get the data from the form and see if it is all valid
// Either way the values are now stored in the object
$isvalid = $rolesobject->properties['email']->checkInput();
$isvalid2 = $rolesobject->properties['password']->checkInput();
if (!$isvalid || !$isvalid2) {
// Bad data: redisplay the form with the data we picked up and with error messages
return xarTplModule('shop', 'user', 'newcustomer', $data);
} else {
$email = $rolesobject->properties['email']->getValue();
$password = $rolesobject->properties['password']->getValue();
$rolesobject->properties['name']->setValue($email);
$rolesobject->properties['email']->setValue($email);
$rolesobject->properties['uname']->setValue($email);
$rolesobject->properties['password']->setValue($password);
$rolesobject->properties['state']->setValue(3);
$authmodule = (int) xarMod::getID('shop');
$rolesobject->properties['authmodule']->setValue($authmodule);
$uid = $rolesobject->createItem();
$custobject = DataObjectMaster::getObject(array('name' => 'shop_customers'));
$custobject->createItem(array('id' => $uid));
if (isset($returnurl)) {
xarMod::APIFunc('authsystem', 'user', 'login', array('uname' => $email, 'pass' => $password));
xarResponse::redirect($returnurl);
} else {
xarResponse::redirect(xarModURL('shop'));
}
// Always add the next line even if processing never reaches it
return true;
}
}
// Return the template variables defined in this function
return $data;
}
/**
* Create a new product
*/
function shop_admin_newproduct()
{
// See if the current user has the privilege to add an item. We cannot pass any extra arguments here
if (!xarSecurityCheck('Addshop')) {
return;
}
if (!xarVarFetch('objectid', 'id', $data['objectid'], NULL, XARVAR_DONT_SET)) {
return;
}
$objectname = 'shop_products';
$data['objectname'] = $objectname;
// Load the DD master object class. This line will likely disappear in future versions
sys::import('modules.dynamicdata.class.objects.master');
$object = DataObjectMaster::getObject(array('name' => $objectname));
$data['label'] = $object->label;
$data['object'] = $object;
// Check if we are in 'preview' mode from the input here - the rest is handled by checkInput()
// Here we are testing for a button clicked, so we test for a string
if (!xarVarFetch('preview', 'str', $data['preview'], NULL, XARVAR_DONT_SET)) {
return;
}
// Check if we are submitting the form
// Here we are testing for a hidden field we define as true on the template, so we can use a boolean (true/false)
if (!xarVarFetch('confirm', 'bool', $data['confirm'], false, XARVAR_NOT_REQUIRED)) {
return;
}
if ($data['confirm']) {
// Check for a valid confirmation key. The value is automatically gotten from the template
if (!xarSecConfirmAuthKey()) {
return xarTplModule('privileges', 'user', 'errors', array('layout' => 'bad_author'));
}
// Get the data from the form and see if it is all valid
// Either way the values are now stored in the object
$isvalid = $data['object']->checkInput();
if (!$isvalid) {
// Bad data: redisplay the form with the data we picked up and with error messages
return xarTplModule('shop', 'admin', 'newproduct', $data);
} elseif (isset($data['preview'])) {
// Show a preview, same thing as the above essentially
return xarTplModule('shop', 'admin', 'newproduct', $data);
} else {
$itemid = $data['object']->createItem();
// Jump to the next page
xarResponse::redirect(xarModURL('shop', 'admin', 'products'));
return true;
}
}
// Return the template variables defined in this function
return $data;
}
/**
* Remove an item from the cart
*/
function shop_user_remove($args)
{
if (!xarVarFetch('id', 'isset', $pid, NULL, XARVAR_DONT_SET)) {
return;
}
if (!xarVarFetch('returnurl', 'isset', $returnurl, NULL, XARVAR_DONT_SET)) {
return;
}
$shop = xarSession::getVar('shop');
unset($shop[$pid]);
xarSession::setVar('shop', $shop);
// Return the template variables defined in this function
xarResponse::redirect($returnurl);
return true;
}
/**
* Start the checkout process -- user can create account or log into existing account
*/
function shop_user_start()
{
// Redirects at the start of the user functions are just a way to make sure someone isn't where they don't need to be
if (xarUserIsLoggedIn()) {
xarResponse::redirect(xarModURL('shop', 'user', 'viewcart'));
return true;
}
$shop = xarSession::getVar('shop');
if (empty($shop)) {
xarResponse::redirect(xarModURL('shop', 'user', 'main'));
return true;
}
sys::import('modules.dynamicdata.class.objects.master');
sys::import('modules.dynamicdata.class.properties.master');
$rolesobject = DataObjectMaster::getObject(array('name' => 'roles_users'));
$properties = $rolesobject->properties;
$data['properties'] = $properties;
$isvalid = $rolesobject->properties['email']->checkInput();
$isvalid2 = $rolesobject->properties['password']->checkInput();
if ($isvalid && $isvalid2) {
if (!xarSecConfirmAuthKey()) {
// right time to do this??
return xarTplModule('privileges', 'user', 'errors', array('layout' => 'bad_author'));
}
// Create the role and the customer object and then log in
$email = $rolesobject->properties['email']->getValue();
$password = $rolesobject->properties['password']->getValue();
$values['name'] = $email;
$values['email'] = $email;
$values['uname'] = $email;
$values['password'] = $password;
$values['state'] = 3;
$rolesobject->setFieldValues($values, 1);
$uid = $rolesobject->createItem();
$custobject = DataObjectMaster::getObject(array('name' => 'shop_customers'));
$custobject->createItem(array('id' => $uid));
$name = 'dd_' . $properties['password']->id;
$vals = $properties['password']->fetchValue($name);
$pass = $vals[1][0];
$res = xarMod::APIFunc('authsystem', 'user', 'login', array('uname' => $email, 'pass' => $pass));
xarResponse::redirect(xarModURL('shop', 'user', 'shippingaddress'));
return true;
} else {
// We don't yet have a valid email or password for registration...
return xarTplModule('shop', 'user', 'start', $data);
}
}
function publications_user_create()
{
if (!xarVarFetch('ptid', 'id', $data['ptid'])) {
return;
}
if (!xarVarFetch('new_cids', 'array', $cids, NULL, XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('preview', 'str', $data['preview'], NULL, XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('save', 'str', $save, NULL, XARVAR_NOT_REQUIRED)) {
return;
}
// Confirm authorisation code
// This has been disabled for now
// if (!xarSecConfirmAuthKey()) return;
$data['items'] = array();
$pubtypeobject = DataObjectMaster::getObject(array('name' => 'publications_types'));
$pubtypeobject->getItem(array('itemid' => $data['ptid']));
$data['object'] = DataObjectMaster::getObject(array('name' => $pubtypeobject->properties['name']->value));
$isvalid = $data['object']->checkInput();
$data['settings'] = xarModAPIFunc('publications', 'user', 'getsettings', array('ptid' => $data['ptid']));
if ($data['preview'] || $isvalid) {
// Preview or bad data: redisplay the form
$data['properties'] = $data['object']->getProperties();
if ($data['preview']) {
$data['tab'] = 'preview';
}
return xarTplModule('publications', 'user', 'new', $data);
}
// Create the object
$id = $data['object']->createItem();
// if we can edit publications, go to admin view, otherwise go to user view
if (xarSecurityCheck('EditPublications', 0, 'Publication', $data['ptid'] . ':All:All:All')) {
xarResponse::redirect(xarModURL('publications', 'admin', 'view', array('ptid' => $data['ptid'])));
} else {
xarResponse::redirect(xarModURL('publications', 'user', 'view', array('ptid' => $data['ptid'])));
}
return true;
}
/**
* Add an item to the cart
*/
function shop_user_add($args)
{
if (!xarVarFetch('id', 'isset', $pid, NULL, XARVAR_DONT_SET)) {
return;
}
if (!xarVarFetch('returnurl', 'isset', $returnurl, NULL, XARVAR_DONT_SET)) {
return;
}
extract($args);
// if we've previously added this product, add one more
$shop = xarSession::getVar('shop');
if (isset($shop[$pid])) {
$qty = $shop[$pid]['qty'] + 1;
} else {
$qty = 1;
}
$shop[$pid]['qty'] = $qty;
xarSession::setVar('shop', $shop);
// Return the template variables defined in this function
xarResponse::redirect($returnurl);
return true;
}
/**
* Complete the order. If all goes well, we'll submit the transaction to the payment gateway, save our own transaction record, and update customer info
*/
function shop_user_complete()
{
// Redirects at the start of the user functions are just a way to make sure someone isn't where they don't need to be
if (!xarUserIsLoggedIn()) {
xarResponse::redirect(xarModURL('shop', 'user', 'viewcart'));
return true;
}
$order = xarSession::getVar('order');
if (empty($order)) {
//Probably a page reload... no reason to be here anymore
xarResponse::redirect(xarModURL('shop', 'user', 'main'));
return true;
}
$data['order'] = $order['products'];
$data['ordertid'] = $order['tid'];
$data['orderdate'] = $order['date'];
$data['total'] = xarSession::getVar('total');
xarSession::delVar('order');
// For privacy, order will not be redisplayed if the page is visited later
xarSession::delVar('total');
return $data;
}
/**
* Select existing payment method or create new one to use for this transaction
*/
function shop_user_paymentmethod()
{
// Redirects at the start of the user functions are just a way to make sure someone isn't where they don't need to be
$shippingaddress = xarSession::getVar('shippingaddress');
if (empty($shippingaddress)) {
xarResponse::redirect(xarModURL('shop', 'user', 'shippingaddress'));
return true;
}
$shop = xarSession::getVar('shop');
if (!xarUserIsLoggedIn() || empty($shop)) {
xarResponse::redirect(xarModURL('shop', 'user', 'main'));
return true;
}
if (!xarVarFetch('proceedsaved', 'str', $proceedsaved, NULL, XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('proceednew', 'str', $proceednew, NULL, XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('paymentmethod', 'str', $paymentmethod, NULL, XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('remove', 'str', $remove, NULL, XARVAR_NOT_REQUIRED)) {
return;
}
$cust = xarMod::APIFunc('shop', 'user', 'customerinfo');
$data['cust'] = $cust;
sys::import('modules.dynamicdata.class.objects.master');
sys::import('modules.dynamicdata.class.properties.master');
$shippingobject = DataObjectMaster::getObject(array('name' => 'shop_shippingaddresses'));
$shippingobject->getItem(array('itemid' => xarSession::getVar('shippingaddress')));
$shippingvals = $shippingobject->getFieldValues();
$data['shippingvals'] = $shippingvals;
// Get the saved payment methods, if any exist
$mylist = DataObjectMaster::getObjectList(array('name' => 'shop_paymentmethods'));
$filters = array('status' => DataPropertyMaster::DD_DISPLAYSTATE_ACTIVE, 'where' => 'customer eq ' . xarUserGetVar('id'));
$paymentmethods = $mylist->getItems($filters);
$data['paymentmethods'] = $paymentmethods;
$data['paymentobject'] = DataObjectMaster::getObject(array('name' => 'shop_paymentmethods'));
$data['paymentobject']->properties['name']->display_show_salutation = false;
$data['paymentobject']->properties['name']->display_show_middlename = false;
$data['paymentobject']->properties['address']->display_rows = 1;
$data['paymentobject']->properties['address']->display_show_country = false;
$data['properties'] = $data['paymentobject']->getProperties();
if ($remove) {
if ($remove == xarSession::getVar('paymentmethod')) {
xarSession::delVar('paymentmethod');
}
$data['paymentobject']->getItem(array('itemid' => $remove));
$data['paymentobject']->deleteItem();
xarResponse::redirect(xarModURL('shop', 'user', 'paymentmethod'));
return true;
}
$selectedpaymentmethod = xarSession::getVar('paymentmethod');
if (!empty($selectedpaymentmethod)) {
$data['paymentmethod'] = $selectedpaymentmethod;
}
// If we're using a saved payment method...
if ($proceedsaved) {
xarSession::setVar('paymentmethod', $paymentmethod);
xarResponse::redirect(xarModURL('shop', 'user', 'order'));
return true;
} elseif ($proceednew) {
// We're not using a saved payment method...
$isvalid = $data['paymentobject']->checkInput();
if (isset($exp_date)) {
$exp_month = substr($exp_date, 0, 2);
$exp_year = substr($exp_date, 2, 4);
$reverse_date = $exp_year . $exp_month;
$minimum_date = date('ym', time());
if ($minimum_date > $reverse_date) {
$errors['exp_date'] = true;
}
}
if (isset($errors)) {
xarSession::setVar('errors', $errors);
}
if (!$isvalid) {
return xarTplModule('shop', 'user', 'paymentmethod', $data);
} else {
xarSession::setVar('paymentmethod', $data['paymentobject']->createItem());
xarResponse::redirect(xarModURL('shop', 'user', 'order'));
return true;
}
}
return $data;
}
/**
* New account info (ship address)
*/
function shop_user_shippingaddress()
{
// Redirects at the start of the user functions are just a way to make sure someone isn't where they don't need to be
$shop = xarSession::getVar('shop');
if (!xarUserIsLoggedIn() || empty($shop)) {
xarResponse::redirect(xarModURL('shop', 'user', 'main'));
return true;
}
if (!xarVarFetch('proceed', 'str', $proceed, NULL, XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('shipto', 'str', $shipto, NULL, XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('remove', 'str', $remove, NULL, XARVAR_NOT_REQUIRED)) {
return;
}
if (!xarVarFetch('next', 'str', $data['next'], NULL, XARVAR_NOT_REQUIRED)) {
return;
}
sys::import('modules.dynamicdata.class.objects.master');
$data['shippingobject'] = DataObjectMaster::getObject(array('name' => 'shop_shippingaddresses'));
$data['shippingobject']->properties['name']->display_show_salutation = false;
$data['shippingobject']->properties['name']->display_show_middlename = false;
$data['shippingobject']->properties['address']->display_rows = 1;
$data['shippingobject']->properties['address']->display_show_country = false;
$data['properties'] = $data['shippingobject']->properties;
if ($shipto) {
xarSession::setVar('shippingaddress', $shipto);
if (isset($data['next']) && !empty($data['next'])) {
$func = $data['next'];
} else {
$func = 'paymentmethod';
}
xarResponse::redirect(xarModURL('shop', 'user', $func));
return true;
}
if ($remove) {
if ($remove == xarSession::getVar('shippingaddress')) {
xarSession::delVar('shippingaddress');
}
$data['shippingobject']->getItem(array('itemid' => $remove));
$data['shippingobject']->deleteItem();
xarResponse::redirect(xarModURL('shop', 'user', 'shippingaddress'));
return true;
}
if ($proceed) {
$isvalid = $data['shippingobject']->checkInput();
if (!$isvalid) {
return xarTplModule('shop', 'user', 'shippingaddress', $data);
}
// Save the customer data
$custobject = DataObjectMaster::getObject(array('name' => 'shop_customers'));
$custobject->getItem(array('itemid' => xarUserGetVar('id')));
$name = $data['shippingobject']->properties['name']->value;
$custobject->properties['name']->setValue($name);
$custobject->updateItem();
// Save the shipping address
$itemid = $data['shippingobject']->createItem();
xarSession::setVar('shippingaddress', $itemid);
// update the name field in roles to use first and last name instead of email
$rolesobject = xarCurrentRole();
$rolesobject->properties['name']->value = $name;
$rolesobject->updateItem();
xarResponse::redirect(xarModURL('shop', 'user', 'paymentmethod'));
return true;
xarSession::setVar('errors', $errors);
}
return $data;
}
/**
* Review and submit order
*/
function shop_user_order()
{
// Redirects at the start of the user functions are just a way to make sure someone isn't where they don't need to be
$shippingaddress = xarSession::getVar('shippingaddress');
if (empty($shippingaddress)) {
xarResponse::redirect(xarModURL('shop', 'user', 'shippingaddress'));
return true;
}
$paymentmethod = xarSession::getVar('paymentmethod');
if (empty($paymentmethod)) {
xarResponse::redirect(xarModURL('shop', 'user', 'paymentmethod'));
return true;
}
$shop = xarSession::getVar('shop');
if (!xarUserIsLoggedIn() || empty($shop)) {
xarResponse::redirect(xarModURL('shop', 'user', 'main'));
return;
}
if (!xarVarFetch('placeorder', 'str', $placeorder, NULL, XARVAR_NOT_REQUIRED)) {
return;
}
sys::import('modules.dynamicdata.class.objects.master');
$shippingobject = DataObjectMaster::getObject(array('name' => 'shop_shippingaddresses'));
$shippingobject->getItem(array('itemid' => xarSession::getVar('shippingaddress')));
$shippingvals = $shippingobject->getFieldValues();
$data['shippingvals'] = $shippingvals;
$data['products'] = xarSession::getVar('products');
$data['total'] = xarSession::getVar('total');
$time = time();
xarSession::setVar('time', $time);
$paymentobject = DataObjectMaster::getObject(array('name' => 'shop_paymentmethods'));
$paymentmethod = xarSession::getVar('paymentmethod');
$paymentobject->getItem(array('itemid' => $paymentmethod));
$values = $paymentobject->getFieldValues();
$data['payvalues'] = $values;
if ($placeorder) {
/*if (isset($exp_date)) {
$exp_month = substr($exp_date,0,2);
$exp_year = substr($exp_date,2,4);
$reverse_date = $exp_year . $exp_month;
$minimum_date = date('ym',time());
if ($minimum_date > $reverse_date) {
$errors = xarSession::getVar('errors');
$errors['exp_date'] = true;
xarSession::setVar('errors',$errors);
}
}*/
// A few more things
$values['date'] = $time;
$values['products'] = serialize($data['products']);
$values['total'] = xarSession::getVar('total');
/*****************************/
/***** PAYMENT PROCESSING ****/
/*****************************/
$response = xarMod::APIFunc('shop', 'admin', 'handlepgresponse', array('transfields' => $values));
if (isset($response['trans_id']) && !empty($response['trans_id'])) {
// We have a successful transaction...
$data['response'] = $response;
$values['pg_transaction_id'] = $response['trans_id'];
$transobject = DataObjectMaster::getObject(array('name' => 'shop_transactions'));
$tid = $transobject->createItem($values);
$order = xarSession::getVar('order');
$order['products'] = xarSession::getVar('products');
$order['tid'] = $tid;
$order['date'] = date('F j, Y g:i a', xarSession::getVar('time'));
xarSession::setVar('order', $order);
xarSession::delVar('pg_response');
// This is set in shop_adminapi_handlepgresponse()
//Need to clear all this now that the purchase went through. Doing so ensures we don't re-submit the order
xarSession::delVar('errors');
xarSession::delVar('shop');
xarSession::delVar('products');
xarResponse::redirect(xarModURL('shop', 'user', 'complete'));
return true;
} else {
// There must be a problem...
$pg_key = xarModVars::get('shop', 'pg_key');
// Assuming we're using the key field for all payment gateways for keys, passwords and the like...
if (empty($pg_key)) {
$errors = xarSession::getVar('pg_response');
$pg_response['msg'] .= "<p style='color:red'><strong>Looks like you haven't entered a payment gateway key. <a href='" . xarModURL('shop', 'admin', 'overview') . "'>Read me</a>.</strong></p>";
xarSession::setVar('pg_response', $pg_response);
}
xarResponse::redirect(xarModURL('shop', 'user', 'order'));
return true;
}
}
return $data;
}
