public function renderOrderPrintSlip()
{
$o = StoreOrder::getByID($this->post('oID'));
if (Filesystem::exists(DIR_BASE . "/application/elements/order_slip.php")) {
View::element("order_slip", array('order' => $o));
} else {
View::element("order_slip", array('order' => $o), "vivid_store");
}
}
public function view()
{
$customer = new StoreCustomer();
$order = StoreOrder::getByID($customer->getLastOrderID());
if (is_object($order)) {
$this->set("order", $order);
} else {
$this->redirect("/cart");
}
$this->requireAsset('javascript', 'vivid-store');
$this->requireAsset('css', 'vivid-store');
}
public function view()
{
$customer = new StoreCustomer();
if ($customer->getLastOrderID()) {
$order = StoreOrder::getByID($customer->getLastOrderID());
}
if (is_object($order)) {
$this->set("order", $order);
} else {
$this->redirect("/cart");
}
$this->requireAsset('javascript', 'jquery');
$js = \Concrete\Package\VividStore\Controller::returnHeaderJS();
$this->addFooterItem($js);
$this->requireAsset('javascript', 'vivid-store');
$this->requireAsset('css', 'vivid-store');
}
private static function recordStatusChange(StoreOrder $order, $statusHandle)
{
$db = Database::get();
$newOrderStatus = StoreOrderStatus::getByHandle($statusHandle);
$user = new user();
$statusHistorySql = "INSERT INTO " . self::$table . " SET oID=?, oshStatus=?, uID=?";
$statusHistoryValues = array($order->getOrderID(), $newOrderStatus->getHandle(), $user->uID);
$db->Execute($statusHistorySql, $statusHistoryValues);
$updateOrderSql = "UPDATE VividStoreOrders SET oStatus = ? WHERE oID = ?";
$updateOrderValues = array($newOrderStatus->getHandle(), $order->getOrderID());
$db->Execute($updateOrderSql, $updateOrderValues);
return $newOrderStatus->getHandle();
}
public function remove($oID)
{
StoreOrder::getByID($oID)->remove();
$this->redirect('/dashboard/store/orders/removed');
}
public static function validateCompletion()
{
// Read POST data
// reading posted data directly from $_POST causes serialization
// issues with array data in POST. Reading raw POST data from input stream instead.
$raw_post_data = file_get_contents('php://input');
$raw_post_array = explode('&', $raw_post_data);
$myPost = array();
foreach ($raw_post_array as $keyval) {
$keyval = explode('=', $keyval);
if (count($keyval) == 2) {
$myPost[$keyval[0]] = urldecode($keyval[1]);
}
}
// read the post from PayPal system and add 'cmd'
$req = 'cmd=_notify-validate';
if (function_exists('get_magic_quotes_gpc')) {
$get_magic_quotes_exists = true;
}
foreach ($myPost as $key => $value) {
if ($get_magic_quotes_exists == true && get_magic_quotes_gpc() == 1) {
$value = urlencode(stripslashes($value));
} else {
$value = urlencode($value);
}
$req .= "&{$key}={$value}";
}
// Post IPN data back to PayPal to validate the IPN data is genuine
// Without this step anyone can fake IPN data
if (Config::get('vividstore.paypalTestMode') == true) {
$paypal_url = "https://www.sandbox.paypal.com/cgi-bin/webscr";
} else {
$paypal_url = "https://www.paypal.com/cgi-bin/webscr";
}
$ch = curl_init($paypal_url);
if ($ch == false) {
return false;
}
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, $req);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 1);
curl_setopt($ch, CURLOPT_SSL_VERIFYHOST, 2);
curl_setopt($ch, CURLOPT_FORBID_REUSE, 1);
if (DEBUG == true) {
curl_setopt($ch, CURLOPT_HEADER, 1);
curl_setopt($ch, CURLINFO_HEADER_OUT, 1);
}
// CONFIG: Optional proxy configuration
//curl_setopt($ch, CURLOPT_PROXY, $proxy);
//curl_setopt($ch, CURLOPT_HTTPPROXYTUNNEL, 1);
// Set TCP timeout to 30 seconds
curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 30);
curl_setopt($ch, CURLOPT_HTTPHEADER, array('Connection: Close'));
// CONFIG: Please download 'cacert.pem' from "http://curl.haxx.se/docs/caextract.html" and set the directory path
// of the certificate as shown below. Ensure the file is readable by the webserver.
// This is mandatory for some environments.
//$cert = __DIR__ . "./cacert.pem";
//curl_setopt($ch, CURLOPT_CAINFO, $cert);
$res = curl_exec($ch);
if (curl_errno($ch) != 0) {
// cURL error
Log::addEntry("Can't connect to PayPal to validate IPN message: " . curl_error($ch));
curl_close($ch);
exit;
} else {
//if we want to log more stuff
//Log::addEntry("HTTP request of validation request:". curl_getinfo($ch, CURLINFO_HEADER_OUT) ." for IPN payload: $req");
//Log::addEntry("HTTP response of validation request: $res");
curl_close($ch);
}
// Inspect IPN validation result and act accordingly
// Split response headers and payload, a better way for strcmp
$tokens = explode("\r\n\r\n", trim($res));
$res = trim(end($tokens));
if (strcmp($res, "VERIFIED") == 0) {
$order = StoreOrder::getByID($_POST['invoice']);
$order->completeOrder($_POST['txn_id']);
$order->updateStatus(StoreOrderStatus::getStartingStatus()->getHandle());
} elseif (strcmp($res, "INVALID") == 0) {
// log for manual investigation
// Add business logic here which deals with invalid IPN messages
Log::addEntry("Invalid IPN: {$req}");
}
}
public function getOrderItems()
{
$orders = $this->getResults();
$orderItems = array();
$db = Database::get();
foreach ($orders as $order) {
$oID = $order->getOrderID();
$OrderOrderItems = $db->GetAll("SELECT * FROM VividStoreOrderItems WHERE oID=?", $oID);
foreach ($OrderOrderItems as $oi) {
$oi = StoreOrder::getByID($oi['oiID']);
$orderItems[] = $oi;
}
}
return $orderItems;
}
/**
* @param array $data
* @param StorePaymentMethod $pm
* @param string $transactionReference
* @param boolean $status
* @return Order
*/
public function add($data, $pm, $transactionReference = '', $status = null)
{
$customer = new StoreCustomer();
$now = new \DateTime();
$smName = StoreShippingMethod::getActiveShippingMethodName();
$shippingTotal = StoreCalculator::getShippingTotal();
$taxes = StoreTax::getConcatenatedTaxStrings();
$totals = StoreCalculator::getTotals();
$total = $totals['total'];
$pmName = $pm->getPaymentMethodName();
$order = new Order();
$order->setCustomerID($customer->getUserID());
$order->setOrderDate($now);
$order->setPaymentMethodName($pmName);
$order->setShippingMethodName($smName);
$order->setShippingTotal($shippingTotal);
$order->setTaxTotals($taxes['taxTotals']);
$order->setTaxIncluded($taxes['taxIncludedTotal']);
$order->setTaxLabels($taxes['taxLabels']);
$order->setOrderTotal($total);
$order->save();
$customer->setLastOrderID($order->getOrderID());
$order->updateStatus($status);
$order->addCustomerAddress($customer, $order->isShippable());
$order->addOrderItems(StoreCart::getCart());
$order->createNeededAccounts();
$order->assignFilePermissions();
if (!$pm->getMethodController()->external) {
$order->completeOrder($transactionReference);
}
return $order;
}
public function submit()
{
$data = $this->post();
//process payment
$pmHandle = $data['payment-method'];
$pm = StorePaymentMethod::getByHandle($pmHandle);
if ($pm === false) {
//There was no payment method enabled somehow.
//so we'll force invoice.
$pm = StorePaymentMethod::getByHandle('invoice');
}
if ($pm->getMethodController()->external == true) {
$pmsess = Session::get('paymentMethod');
$pmsess[$pm->getPaymentMethodID()] = $data['payment-method'];
Session::set('paymentMethod', $pmsess);
$order = StoreOrder::add($data, $pm, null, 'incomplete');
Session::set('orderID', $order->getOrderID());
$this->redirect('/checkout/external');
} else {
$payment = $pm->submitPayment();
if ($payment['error'] == 1) {
$pmsess = Session::get('paymentMethod');
$pmsess[$pm->getPaymentMethodID()] = $data['payment-method'];
Session::set('paymentMethod', $pmsess);
$errors = $payment['errorMessage'];
Session::set('paymentErrors', $errors);
$customer = new StoreCustomer();
if ($customer->isGuest()) {
$this->redirect("/checkout/?guest=1#payment");
} else {
$this->redirect("/checkout/failed#payment");
}
} else {
$transactionReference = $payment['transactionReference'];
StoreOrder::add($data, $pm, $transactionReference);
$this->redirect('/checkout/complete');
}
}
}
public function add($data, $oID, $tax = 0, $taxIncluded = 0, $taxName = '')
{
$db = Database::connection();
$product = StoreProduct::getByID($data['product']['pID']);
$productName = $product->getProductName();
$productPrice = $product->getActivePrice();
$sku = $product->getProductSKU();
$qty = $data['product']['qty'];
$inStock = $product->getProductQty();
$newStock = $inStock - $qty;
$variation = $product->getVariation();
if ($variation) {
if (!$variation->isUnlimited()) {
$product->updateProductQty($newStock);
}
} elseif (!$product->isUnlimited()) {
$product->updateProductQty($newStock);
}
$order = StoreOrder::getByID($oID);
$orderItem = new self();
$orderItem->setProductName($productName);
$orderItem->setSKU($sku);
$orderItem->setPricePaid($productPrice);
$orderItem->setTax($tax);
$orderItem->setTaxIncluded($taxIncluded);
$orderItem->setTaxName($taxName);
$orderItem->setQty($qty);
$orderItem->setOrder($order);
if ($product) {
$orderItem->setProductID($product->getID());
}
$orderItem->save();
foreach ($data['productAttributes'] as $optionGroup => $selectedOption) {
$optionGroupID = str_replace("pog", "", $optionGroup);
$optionGroupName = self::getProductOptionGroupNameByID($optionGroupID);
$optionValue = self::getProductOptionValueByID($selectedOption);
$orderItemOption = new StoreOrderItemOption();
$orderItemOption->setOrderItemOptionKey($optionGroupName);
$orderItemOption->setOrderItemOptionValue($optionValue);
$orderItemOption->setOrderItem($orderItem);
$orderItemOption->save();
}
return $orderItem;
}
public static function getForOrder(StoreOrder $order)
{
$db = Database::get();
$em = $db->getEntityManager();
if (!$order->getOrderID()) {
return false;
}
$history = $em->getRepository(get_class())->findBy(array('order' => $order->getOrderID()), array('oshDate' => 'DESC'));
return $history;
}
public function getResult($queryRow)
{
return StoreOrder::getByID($queryRow['oID']);
}
