/** * Modify a customer */ function shop_admin_modifycustomer() { if (!xarVarFetch('itemid', 'id', $data['itemid'], NULL, XARVAR_DONT_SET)) { return; } if (!xarVarFetch('confirm', 'bool', $data['confirm'], false, XARVAR_NOT_REQUIRED)) { return; } $objectname = 'shop_customers'; $data['objectname'] = $objectname; // Check if we still have no id of the item to modify. if (empty($data['itemid'])) { $msg = xarML('Invalid #(1) for #(2) function #(3)() in module #(4)', 'item id', 'admin', 'modify', 'shop'); throw new Exception($msg); } if (!xarSecurityCheck('AdminShop', 1, 'Item', $data['itemid'])) { return; } sys::import('modules.dynamicdata.class.objects.master'); $object = DataObjectMaster::getObject(array('name' => $objectname)); $data['object'] = $object; $data['label'] = $object->label; $object->getItem(array('itemid' => $data['itemid'])); $values = $object->getFieldValues(); foreach ($values as $name => $value) { $data[$name] = xarVarPrepForDisplay($value); } $rolesobject = DataObjectMaster::getObject(array('name' => 'roles_users')); $rolesobject->getItem(array('itemid' => $data['itemid'])); if ($data['confirm']) { // Check for a valid confirmation key if (!xarSecConfirmAuthKey()) { return xarTplModule('privileges', 'user', 'errors', array('layout' => 'bad_author')); } // Get the data from the form $isvalid = $object->checkInput(); if (!$isvalid) { // Bad data: redisplay the form with the data we picked up and with error messages return xarTplModule('shop', 'admin', 'modifycustomer', $data); } elseif (isset($data['preview'])) { // Show a preview, same thing as the above essentially return xarTplModule('shop', 'admin', 'modifycustomer', $data); } else { $first_name = $object->properties['first_name']->getValue(); $last_name = $object->properties['last_name']->getValue(); $rolesobject->properties['name']->setValue($first_name . ' ' . $last_name); $rolesobject->updateItem(); $object->updateItem(); // Jump to the next page xarResponse::redirect(xarModURL('shop', 'admin', 'modifycustomer', array('itemid' => $data['itemid']))); return $data; } } else { // Get that specific item of the object $object->getItem(array('itemid' => $data['itemid'])); } // Return the template variables defined in this function return $data; }
/** * Create a new customer */ function shop_user_newcustomer() { if (!xarVarFetch('objectid', 'id', $data['objectid'], NULL, XARVAR_DONT_SET)) { return; } if (!xarVarFetch('returnurl', 'str', $returnurl, NULL, XARVAR_NOT_REQUIRED)) { return; } sys::import('modules.dynamicdata.class.objects.master'); $rolesobject = DataObjectMaster::getObject(array('name' => 'roles_users')); $data['properties'] = $rolesobject->properties; // Check if we are in 'preview' mode from the input here - the rest is handled by checkInput() // Here we are testing for a button clicked, so we test for a string if (!xarVarFetch('preview', 'str', $data['preview'], NULL, XARVAR_DONT_SET)) { return; } // Check if we are submitting the form // Here we are testing for a hidden field we define as true on the template, so we can use a boolean (true/false) if (!xarVarFetch('confirm', 'bool', $data['confirm'], false, XARVAR_NOT_REQUIRED)) { return; } if ($data['confirm']) { // Check for a valid confirmation key. The value is automatically gotten from the template if (!xarSecConfirmAuthKey()) { return xarTplModule('privileges', 'user', 'errors', array('layout' => 'bad_author')); } // Get the data from the form and see if it is all valid // Either way the values are now stored in the object $isvalid = $rolesobject->properties['email']->checkInput(); $isvalid2 = $rolesobject->properties['password']->checkInput(); if (!$isvalid || !$isvalid2) { // Bad data: redisplay the form with the data we picked up and with error messages return xarTplModule('shop', 'user', 'newcustomer', $data); } else { $email = $rolesobject->properties['email']->getValue(); $password = $rolesobject->properties['password']->getValue(); $rolesobject->properties['name']->setValue($email); $rolesobject->properties['email']->setValue($email); $rolesobject->properties['uname']->setValue($email); $rolesobject->properties['password']->setValue($password); $rolesobject->properties['state']->setValue(3); $authmodule = (int) xarMod::getID('shop'); $rolesobject->properties['authmodule']->setValue($authmodule); $uid = $rolesobject->createItem(); $custobject = DataObjectMaster::getObject(array('name' => 'shop_customers')); $custobject->createItem(array('id' => $uid)); if (isset($returnurl)) { xarMod::APIFunc('authsystem', 'user', 'login', array('uname' => $email, 'pass' => $password)); xarResponse::redirect($returnurl); } else { xarResponse::redirect(xarModURL('shop')); } // Always add the next line even if processing never reaches it return true; } } // Return the template variables defined in this function return $data; }
/** * Create a new product */ function shop_admin_newproduct() { // See if the current user has the privilege to add an item. We cannot pass any extra arguments here if (!xarSecurityCheck('Addshop')) { return; } if (!xarVarFetch('objectid', 'id', $data['objectid'], NULL, XARVAR_DONT_SET)) { return; } $objectname = 'shop_products'; $data['objectname'] = $objectname; // Load the DD master object class. This line will likely disappear in future versions sys::import('modules.dynamicdata.class.objects.master'); $object = DataObjectMaster::getObject(array('name' => $objectname)); $data['label'] = $object->label; $data['object'] = $object; // Check if we are in 'preview' mode from the input here - the rest is handled by checkInput() // Here we are testing for a button clicked, so we test for a string if (!xarVarFetch('preview', 'str', $data['preview'], NULL, XARVAR_DONT_SET)) { return; } // Check if we are submitting the form // Here we are testing for a hidden field we define as true on the template, so we can use a boolean (true/false) if (!xarVarFetch('confirm', 'bool', $data['confirm'], false, XARVAR_NOT_REQUIRED)) { return; } if ($data['confirm']) { // Check for a valid confirmation key. The value is automatically gotten from the template if (!xarSecConfirmAuthKey()) { return xarTplModule('privileges', 'user', 'errors', array('layout' => 'bad_author')); } // Get the data from the form and see if it is all valid // Either way the values are now stored in the object $isvalid = $data['object']->checkInput(); if (!$isvalid) { // Bad data: redisplay the form with the data we picked up and with error messages return xarTplModule('shop', 'admin', 'newproduct', $data); } elseif (isset($data['preview'])) { // Show a preview, same thing as the above essentially return xarTplModule('shop', 'admin', 'newproduct', $data); } else { $itemid = $data['object']->createItem(); // Jump to the next page xarResponse::redirect(xarModURL('shop', 'admin', 'products')); return true; } } // Return the template variables defined in this function return $data; }
/** * Remove an item from the cart */ function shop_user_remove($args) { if (!xarVarFetch('id', 'isset', $pid, NULL, XARVAR_DONT_SET)) { return; } if (!xarVarFetch('returnurl', 'isset', $returnurl, NULL, XARVAR_DONT_SET)) { return; } $shop = xarSession::getVar('shop'); unset($shop[$pid]); xarSession::setVar('shop', $shop); // Return the template variables defined in this function xarResponse::redirect($returnurl); return true; }
/** * Start the checkout process -- user can create account or log into existing account */ function shop_user_start() { // Redirects at the start of the user functions are just a way to make sure someone isn't where they don't need to be if (xarUserIsLoggedIn()) { xarResponse::redirect(xarModURL('shop', 'user', 'viewcart')); return true; } $shop = xarSession::getVar('shop'); if (empty($shop)) { xarResponse::redirect(xarModURL('shop', 'user', 'main')); return true; } sys::import('modules.dynamicdata.class.objects.master'); sys::import('modules.dynamicdata.class.properties.master'); $rolesobject = DataObjectMaster::getObject(array('name' => 'roles_users')); $properties = $rolesobject->properties; $data['properties'] = $properties; $isvalid = $rolesobject->properties['email']->checkInput(); $isvalid2 = $rolesobject->properties['password']->checkInput(); if ($isvalid && $isvalid2) { if (!xarSecConfirmAuthKey()) { // right time to do this?? return xarTplModule('privileges', 'user', 'errors', array('layout' => 'bad_author')); } // Create the role and the customer object and then log in $email = $rolesobject->properties['email']->getValue(); $password = $rolesobject->properties['password']->getValue(); $values['name'] = $email; $values['email'] = $email; $values['uname'] = $email; $values['password'] = $password; $values['state'] = 3; $rolesobject->setFieldValues($values, 1); $uid = $rolesobject->createItem(); $custobject = DataObjectMaster::getObject(array('name' => 'shop_customers')); $custobject->createItem(array('id' => $uid)); $name = 'dd_' . $properties['password']->id; $vals = $properties['password']->fetchValue($name); $pass = $vals[1][0]; $res = xarMod::APIFunc('authsystem', 'user', 'login', array('uname' => $email, 'pass' => $pass)); xarResponse::redirect(xarModURL('shop', 'user', 'shippingaddress')); return true; } else { // We don't yet have a valid email or password for registration... return xarTplModule('shop', 'user', 'start', $data); } }
function publications_user_create() { if (!xarVarFetch('ptid', 'id', $data['ptid'])) { return; } if (!xarVarFetch('new_cids', 'array', $cids, NULL, XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('preview', 'str', $data['preview'], NULL, XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('save', 'str', $save, NULL, XARVAR_NOT_REQUIRED)) { return; } // Confirm authorisation code // This has been disabled for now // if (!xarSecConfirmAuthKey()) return; $data['items'] = array(); $pubtypeobject = DataObjectMaster::getObject(array('name' => 'publications_types')); $pubtypeobject->getItem(array('itemid' => $data['ptid'])); $data['object'] = DataObjectMaster::getObject(array('name' => $pubtypeobject->properties['name']->value)); $isvalid = $data['object']->checkInput(); $data['settings'] = xarModAPIFunc('publications', 'user', 'getsettings', array('ptid' => $data['ptid'])); if ($data['preview'] || $isvalid) { // Preview or bad data: redisplay the form $data['properties'] = $data['object']->getProperties(); if ($data['preview']) { $data['tab'] = 'preview'; } return xarTplModule('publications', 'user', 'new', $data); } // Create the object $id = $data['object']->createItem(); // if we can edit publications, go to admin view, otherwise go to user view if (xarSecurityCheck('EditPublications', 0, 'Publication', $data['ptid'] . ':All:All:All')) { xarResponse::redirect(xarModURL('publications', 'admin', 'view', array('ptid' => $data['ptid']))); } else { xarResponse::redirect(xarModURL('publications', 'user', 'view', array('ptid' => $data['ptid']))); } return true; }
/** * Add an item to the cart */ function shop_user_add($args) { if (!xarVarFetch('id', 'isset', $pid, NULL, XARVAR_DONT_SET)) { return; } if (!xarVarFetch('returnurl', 'isset', $returnurl, NULL, XARVAR_DONT_SET)) { return; } extract($args); // if we've previously added this product, add one more $shop = xarSession::getVar('shop'); if (isset($shop[$pid])) { $qty = $shop[$pid]['qty'] + 1; } else { $qty = 1; } $shop[$pid]['qty'] = $qty; xarSession::setVar('shop', $shop); // Return the template variables defined in this function xarResponse::redirect($returnurl); return true; }
/** * Complete the order. If all goes well, we'll submit the transaction to the payment gateway, save our own transaction record, and update customer info */ function shop_user_complete() { // Redirects at the start of the user functions are just a way to make sure someone isn't where they don't need to be if (!xarUserIsLoggedIn()) { xarResponse::redirect(xarModURL('shop', 'user', 'viewcart')); return true; } $order = xarSession::getVar('order'); if (empty($order)) { //Probably a page reload... no reason to be here anymore xarResponse::redirect(xarModURL('shop', 'user', 'main')); return true; } $data['order'] = $order['products']; $data['ordertid'] = $order['tid']; $data['orderdate'] = $order['date']; $data['total'] = xarSession::getVar('total'); xarSession::delVar('order'); // For privacy, order will not be redisplayed if the page is visited later xarSession::delVar('total'); return $data; }
/** * Select existing payment method or create new one to use for this transaction */ function shop_user_paymentmethod() { // Redirects at the start of the user functions are just a way to make sure someone isn't where they don't need to be $shippingaddress = xarSession::getVar('shippingaddress'); if (empty($shippingaddress)) { xarResponse::redirect(xarModURL('shop', 'user', 'shippingaddress')); return true; } $shop = xarSession::getVar('shop'); if (!xarUserIsLoggedIn() || empty($shop)) { xarResponse::redirect(xarModURL('shop', 'user', 'main')); return true; } if (!xarVarFetch('proceedsaved', 'str', $proceedsaved, NULL, XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('proceednew', 'str', $proceednew, NULL, XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('paymentmethod', 'str', $paymentmethod, NULL, XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('remove', 'str', $remove, NULL, XARVAR_NOT_REQUIRED)) { return; } $cust = xarMod::APIFunc('shop', 'user', 'customerinfo'); $data['cust'] = $cust; sys::import('modules.dynamicdata.class.objects.master'); sys::import('modules.dynamicdata.class.properties.master'); $shippingobject = DataObjectMaster::getObject(array('name' => 'shop_shippingaddresses')); $shippingobject->getItem(array('itemid' => xarSession::getVar('shippingaddress'))); $shippingvals = $shippingobject->getFieldValues(); $data['shippingvals'] = $shippingvals; // Get the saved payment methods, if any exist $mylist = DataObjectMaster::getObjectList(array('name' => 'shop_paymentmethods')); $filters = array('status' => DataPropertyMaster::DD_DISPLAYSTATE_ACTIVE, 'where' => 'customer eq ' . xarUserGetVar('id')); $paymentmethods = $mylist->getItems($filters); $data['paymentmethods'] = $paymentmethods; $data['paymentobject'] = DataObjectMaster::getObject(array('name' => 'shop_paymentmethods')); $data['paymentobject']->properties['name']->display_show_salutation = false; $data['paymentobject']->properties['name']->display_show_middlename = false; $data['paymentobject']->properties['address']->display_rows = 1; $data['paymentobject']->properties['address']->display_show_country = false; $data['properties'] = $data['paymentobject']->getProperties(); if ($remove) { if ($remove == xarSession::getVar('paymentmethod')) { xarSession::delVar('paymentmethod'); } $data['paymentobject']->getItem(array('itemid' => $remove)); $data['paymentobject']->deleteItem(); xarResponse::redirect(xarModURL('shop', 'user', 'paymentmethod')); return true; } $selectedpaymentmethod = xarSession::getVar('paymentmethod'); if (!empty($selectedpaymentmethod)) { $data['paymentmethod'] = $selectedpaymentmethod; } // If we're using a saved payment method... if ($proceedsaved) { xarSession::setVar('paymentmethod', $paymentmethod); xarResponse::redirect(xarModURL('shop', 'user', 'order')); return true; } elseif ($proceednew) { // We're not using a saved payment method... $isvalid = $data['paymentobject']->checkInput(); if (isset($exp_date)) { $exp_month = substr($exp_date, 0, 2); $exp_year = substr($exp_date, 2, 4); $reverse_date = $exp_year . $exp_month; $minimum_date = date('ym', time()); if ($minimum_date > $reverse_date) { $errors['exp_date'] = true; } } if (isset($errors)) { xarSession::setVar('errors', $errors); } if (!$isvalid) { return xarTplModule('shop', 'user', 'paymentmethod', $data); } else { xarSession::setVar('paymentmethod', $data['paymentobject']->createItem()); xarResponse::redirect(xarModURL('shop', 'user', 'order')); return true; } } return $data; }
/** * New account info (ship address) */ function shop_user_shippingaddress() { // Redirects at the start of the user functions are just a way to make sure someone isn't where they don't need to be $shop = xarSession::getVar('shop'); if (!xarUserIsLoggedIn() || empty($shop)) { xarResponse::redirect(xarModURL('shop', 'user', 'main')); return true; } if (!xarVarFetch('proceed', 'str', $proceed, NULL, XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('shipto', 'str', $shipto, NULL, XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('remove', 'str', $remove, NULL, XARVAR_NOT_REQUIRED)) { return; } if (!xarVarFetch('next', 'str', $data['next'], NULL, XARVAR_NOT_REQUIRED)) { return; } sys::import('modules.dynamicdata.class.objects.master'); $data['shippingobject'] = DataObjectMaster::getObject(array('name' => 'shop_shippingaddresses')); $data['shippingobject']->properties['name']->display_show_salutation = false; $data['shippingobject']->properties['name']->display_show_middlename = false; $data['shippingobject']->properties['address']->display_rows = 1; $data['shippingobject']->properties['address']->display_show_country = false; $data['properties'] = $data['shippingobject']->properties; if ($shipto) { xarSession::setVar('shippingaddress', $shipto); if (isset($data['next']) && !empty($data['next'])) { $func = $data['next']; } else { $func = 'paymentmethod'; } xarResponse::redirect(xarModURL('shop', 'user', $func)); return true; } if ($remove) { if ($remove == xarSession::getVar('shippingaddress')) { xarSession::delVar('shippingaddress'); } $data['shippingobject']->getItem(array('itemid' => $remove)); $data['shippingobject']->deleteItem(); xarResponse::redirect(xarModURL('shop', 'user', 'shippingaddress')); return true; } if ($proceed) { $isvalid = $data['shippingobject']->checkInput(); if (!$isvalid) { return xarTplModule('shop', 'user', 'shippingaddress', $data); } // Save the customer data $custobject = DataObjectMaster::getObject(array('name' => 'shop_customers')); $custobject->getItem(array('itemid' => xarUserGetVar('id'))); $name = $data['shippingobject']->properties['name']->value; $custobject->properties['name']->setValue($name); $custobject->updateItem(); // Save the shipping address $itemid = $data['shippingobject']->createItem(); xarSession::setVar('shippingaddress', $itemid); // update the name field in roles to use first and last name instead of email $rolesobject = xarCurrentRole(); $rolesobject->properties['name']->value = $name; $rolesobject->updateItem(); xarResponse::redirect(xarModURL('shop', 'user', 'paymentmethod')); return true; xarSession::setVar('errors', $errors); } return $data; }
/** * Review and submit order */ function shop_user_order() { // Redirects at the start of the user functions are just a way to make sure someone isn't where they don't need to be $shippingaddress = xarSession::getVar('shippingaddress'); if (empty($shippingaddress)) { xarResponse::redirect(xarModURL('shop', 'user', 'shippingaddress')); return true; } $paymentmethod = xarSession::getVar('paymentmethod'); if (empty($paymentmethod)) { xarResponse::redirect(xarModURL('shop', 'user', 'paymentmethod')); return true; } $shop = xarSession::getVar('shop'); if (!xarUserIsLoggedIn() || empty($shop)) { xarResponse::redirect(xarModURL('shop', 'user', 'main')); return; } if (!xarVarFetch('placeorder', 'str', $placeorder, NULL, XARVAR_NOT_REQUIRED)) { return; } sys::import('modules.dynamicdata.class.objects.master'); $shippingobject = DataObjectMaster::getObject(array('name' => 'shop_shippingaddresses')); $shippingobject->getItem(array('itemid' => xarSession::getVar('shippingaddress'))); $shippingvals = $shippingobject->getFieldValues(); $data['shippingvals'] = $shippingvals; $data['products'] = xarSession::getVar('products'); $data['total'] = xarSession::getVar('total'); $time = time(); xarSession::setVar('time', $time); $paymentobject = DataObjectMaster::getObject(array('name' => 'shop_paymentmethods')); $paymentmethod = xarSession::getVar('paymentmethod'); $paymentobject->getItem(array('itemid' => $paymentmethod)); $values = $paymentobject->getFieldValues(); $data['payvalues'] = $values; if ($placeorder) { /*if (isset($exp_date)) { $exp_month = substr($exp_date,0,2); $exp_year = substr($exp_date,2,4); $reverse_date = $exp_year . $exp_month; $minimum_date = date('ym',time()); if ($minimum_date > $reverse_date) { $errors = xarSession::getVar('errors'); $errors['exp_date'] = true; xarSession::setVar('errors',$errors); } }*/ // A few more things $values['date'] = $time; $values['products'] = serialize($data['products']); $values['total'] = xarSession::getVar('total'); /*****************************/ /***** PAYMENT PROCESSING ****/ /*****************************/ $response = xarMod::APIFunc('shop', 'admin', 'handlepgresponse', array('transfields' => $values)); if (isset($response['trans_id']) && !empty($response['trans_id'])) { // We have a successful transaction... $data['response'] = $response; $values['pg_transaction_id'] = $response['trans_id']; $transobject = DataObjectMaster::getObject(array('name' => 'shop_transactions')); $tid = $transobject->createItem($values); $order = xarSession::getVar('order'); $order['products'] = xarSession::getVar('products'); $order['tid'] = $tid; $order['date'] = date('F j, Y g:i a', xarSession::getVar('time')); xarSession::setVar('order', $order); xarSession::delVar('pg_response'); // This is set in shop_adminapi_handlepgresponse() //Need to clear all this now that the purchase went through. Doing so ensures we don't re-submit the order xarSession::delVar('errors'); xarSession::delVar('shop'); xarSession::delVar('products'); xarResponse::redirect(xarModURL('shop', 'user', 'complete')); return true; } else { // There must be a problem... $pg_key = xarModVars::get('shop', 'pg_key'); // Assuming we're using the key field for all payment gateways for keys, passwords and the like... if (empty($pg_key)) { $errors = xarSession::getVar('pg_response'); $pg_response['msg'] .= "<p style='color:red'><strong>Looks like you haven't entered a payment gateway key. <a href='" . xarModURL('shop', 'admin', 'overview') . "'>Read me</a>.</strong></p>"; xarSession::setVar('pg_response', $pg_response); } xarResponse::redirect(xarModURL('shop', 'user', 'order')); return true; } } return $data; }