pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CMXX - Checkout and Placeorder

Browse Source
This commit is contained in:
“VeLiTi”
2025-02-17 19:01:04 +01:00
parent 2072250072
commit 3aaa6c6680
26 changed files with 3148 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

52
api/v2/post/checkout.php Normal file
View File

@@ -0,0 +1,52 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Checkout handler
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//ENSURE PRODUCTROWID IS SEND
if (isset($post_content['cart']) && isset($post_content['checkout_input'])){
//CHECKOUT INPUT
$checkout_input = [
"products_validated" => $post_content['cart'],
"selected_country" => $post_content['checkout_input']['selected_country'],
"selected_shipping_method" => $post_content['checkout_input']['selected_shipment_method'],
"business_type" => $post_content['checkout_input']['business_type'],
"discount_code" => $post_content['checkout_input']['discount_code']
];
//Initialize calculator
$calculator = new ShoppingCartCalculator(
$checkout_input['products_validated'],
$checkout_input['selected_country'],
$checkout_input['selected_shipping_method'],
$checkout_input['business_type'],
$checkout_input['discount_code'],
$pdo
);
// Get all calculations in one array
$messages = $calculator->calculateTotals();
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
}
else
{
//------------------------------------------
// Payload not correct
//------------------------------------------
http_response_code(400); // Payload not correct
}
?>

103
api/v2/post/discounts.php Normal file
View File

@@ -0,0 +1,103 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// discounts
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
}
//BUILD UP PARTNERHIERARCHY FROM USER
$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
$id = $post_content['id'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//IMPLODE CATEGORIES AND PRODUCTS
$post_content['category_ids'] = isset($post_content['categories']) ? implode(',', $post_content['categories']) : '';
$post_content['product_ids'] = isset($post_content['products']) ? implode(',', $post_content['products']) : '';
//REMOVE categories and products from post_content
if (isset($post_content['categories'])) { unset($post_content['categories']);}
if (isset($post_content['products'])) { unset($post_content['products']);}
if ($command == 'update'){
}
if ($command == 'insert'){
$post_content['accounthierarchy'] = $partner_product;
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'rowID'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('discounts',$profile,$permission,'U') === 1){
$sql = 'UPDATE discounts SET '.$clause.' WHERE id = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && isAllowed('discounts',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO discounts ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('discounts',$profile,$permission,'D') === 1){
$sql = 'DELETE FROM discounts WHERE id = ? '.$whereclause;
$stmt = $pdo->prepare($sql);
$stmt->execute([$id]);
//Add deletion to changelog
changelog($dbname,'discounts',$id,'Delete','Delete',$username);
} else
{
//do nothing
}
?>

121
api/v2/post/invoice.php Normal file
View File

@@ -0,0 +1,121 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Invoice
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
}
//SET PARAMETERS FOR QUERY
$id = $post_content['id'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//BUILD UP PARTNERHIERARCHY FROM USER
$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){
}
elseif ($command == 'insert' && (isset($post_content['txn_id']) && $post_content['txn_id'] != '')){
//GET RELATED TRANSACTION DETAILS
$sql = 'SELECT * FROM transactions WHERE id = ? AND payment_status = "0"';
$stmt = $pdo->prepare($sql);
//Excute Query
$stmt->execute([$post_content['txn_id']]);
//Get results
if ($messages = $stmt->fetch(PDO::FETCH_ASSOC)) {
//ADD ADDITIONAL POST CONTENT
$post_content['payment_amount'] = $messages['payment_amount'];
$post_content['shipping_amount'] = $messages['shipping_amount'];
$post_content['discount_amount'] = $messages['discount_amount'];
$post_content['tax_amount'] = $messages['tax_amount'];
$post_content['payment_status'] = $messages['payment_status'];
$post_content['accounthierarchy'] = $partner_product;
}
}
else {
//do nothing
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'rowID'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('invoice',$profile,$permission,'U') === 1){
$sql = 'UPDATE invoice SET '.$clause.' WHERE id = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && isAllowed('invoice',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO invoice ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
//GET LAST_ID
$last_id = $pdo->lastInsertId();
$messages = json_encode(array('invoice_id'=> $last_id), JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
}
elseif ($command == 'delete' && isAllowed('invoice',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE FROM invoice WHERE id = ? '.$whereclause.'');
$stmt->execute([ $id ]);
//Add deletion to changelog
changelog($dbname,'invoice',$id,'Delete','Delete',$username);
} else
{
//do nothing
}
?>

144
api/v2/post/placeorder.php Normal file
View File

@@ -0,0 +1,144 @@
<?php
defined($security_key) or exit;
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
//------------------------------------------
// placeorder handler
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//ENSURE CART, CHECK_OUT_INPUT AND CUSTOMER DATA IS SEND
if (isset($post_content['cart']) && isset($post_content['checkout_input']) && isset($post_content['customer_details'])){
$errors = validateCheckoutData($post_content);
//IF ERRORS RETURN
if (!empty($errors)){
$messages = [
"error" => $errors
];
}
else {
//CHECKOUT INPUT
$checkout_input = [
"products_validated" => $post_content['cart'],
"selected_country" => $post_content['checkout_input']['selected_country'],
"selected_shipping_method" => $post_content['checkout_input']['selected_shipment_method'],
"business_type" => $post_content['checkout_input']['business_type'],
"discount_code" => $post_content['checkout_input']['discount_code'],
"payment_method" => $post_content['checkout_input']['payment_method']
];
//Customer details
$customer_details = [
'account_id' => $post_content['customer_details']['account_id'] ?? '',
'email' => $post_content['customer_details']['email'] ?? '',
'first_name' => $post_content['customer_details']['first_name'] ?? '',
'last_name' => $post_content['customer_details']['last_name'] ?? '',
'address_street' => $post_content['customer_details']['address_street'] ?? '',
'address_city' => $post_content['customer_details']['address_city'] ?? '',
'address_state' => $post_content['customer_details']['address_state'] ?? '',
'address_zip' => $post_content['customer_details']['address_zip'] ?? '',
'address_country' => $post_content['customer_details']['address_country'] ?? '',
'address_phone' => $post_content['customer_details']['address_phone'] ?? ''
];
//Initialize calculator
$calculator = new ShoppingCartCalculator(
$checkout_input['products_validated'],
$checkout_input['selected_country'],
$checkout_input['selected_shipping_method'],
$checkout_input['business_type'],
$checkout_input['discount_code'],
$pdo
);
//Recalculate the checkout
$products_in_cart = $calculator->calculateTotals();
$subtotal = $products_in_cart['totals']['subtotal'];
$shippingtotal = $products_in_cart['totals']['shippingtotal'];
$discounttotal = $products_in_cart['totals']['discounttotal'];
$taxtotal = $products_in_cart['totals']['taxtotal'];
$total = $products_in_cart['totals']['total'];
//BUILD UP PARTNERHIERARCHY FROM USER
$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
// Generate unique transaction ID
$txn_id = strtoupper(uniqid('SC') . substr(md5(mt_rand()), 0, 5));
// Insert transaction header
$stmt = $pdo->prepare('INSERT INTO transactions (txn_id, payment_amount, payment_status, payer_email, first_name, last_name, address_street, address_city, address_state, address_zip, address_country, address_phone, account_id, payment_method, shipping_method, shipping_amount, discount_amount, discount_code, tax_amount,accounthierarchy) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)');
$stmt->execute([
$txn_id,
$total,
0,
$customer_details['email'],
$customer_details['first_name'],
$customer_details['last_name'],
$customer_details['address_street'],
$customer_details['address_city'],
$customer_details['address_state'],
$customer_details['address_zip'],
$customer_details['address_country'],
$customer_details['address_phone'],
$customer_details['account_id'],
$checkout_input['payment_method'],
$checkout_input['selected_shipping_method'],
$shippingtotal,
$discounttotal,
$checkout_input['discount_code'],
$taxtotal,
$partner_product
]);
// Get order ID
$transaction_id = $pdo->lastInsertId();
//Insert transaction items
foreach ($products_in_cart['cart_details']['products'] as $product) {
// JSON_ENCODE OPTIONS
$options = json_encode($product['options'],JSON_UNESCAPED_UNICODE) ?? '';
// For every product in the shopping cart insert a new transaction_item
$stmt = $pdo->prepare('INSERT INTO transactions_items (txn_id, item_id, item_price, item_quantity, item_options) VALUES (?,?,?,?,?)');
$stmt->execute([$transaction_id, $product['id'], $product['options_price'], $product['quantity'], $options]);
}
//Return to checkout page
$messages = [
"id" => $transaction_id,
"transaction_id" => $txn_id,
"payment_amount" => $total,
"payment_method" => $checkout_input['payment_method'],
"products_checked-out" => $products_in_cart['cart_details'],
"subtotal" => $subtotal,
"discounttotal" => $discounttotal,
"shippingtotal" => $shippingtotal,
"taxtotal" => $taxtotal,
"messages" => '',
"error" => ''
];
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
}
else
{
//------------------------------------------
// Payload not correct
//------------------------------------------
http_response_code(400); // Payload not correct
}
?>

99
api/v2/post/shipping.php Normal file
View File

@@ -0,0 +1,99 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// shipping
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
}
//BUILD UP PARTNERHIERARCHY FROM USER
$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
$id = $post_content['id'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//IMPLODE CATEGORIES AND PRODUCTS
$post_content['countries'] = isset($post_content['countries']) ? implode(',', $post_content['countries']) : '';
if ($command == 'update'){
}
if ($command == 'insert'){
$post_content['accounthierarchy'] = $partner_product;
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'rowID'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('shipping',$profile,$permission,'U') === 1){
$sql = 'UPDATE shipping SET '.$clause.' WHERE id = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && isAllowed('shipping',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO shipping ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('shipping',$profile,$permission,'D') === 1){
$sql = 'DELETE FROM shipping WHERE id = ? '.$whereclause;
$stmt = $pdo->prepare($sql);
$stmt->execute([$id]);
//Add deletion to changelog
changelog($dbname,'shipping',$id,'Delete','Delete',$username);
} else
{
//do nothing
}
?>

14
api/v2/post/shopping_cart.php
View File

@@ -43,6 +43,19 @@ if (isset($post_content['product']) && $post_content['product'] != '' && isset($
$options_weight = 0;
$options = $result['selected_items'];
//------------------------------------------
// ADD Product categories
//------------------------------------------
$cat_products = ioAPIv2('/v2/products_categories/status=1&product_id='.$product_ID,'',$clientsecret);
$cat_products = json_decode($cat_products,true);
$cat_input = '';
foreach($cat_products as $cat_product_id){
$cat_input .= $cat_product_id['rowID'].',';
}
$categories = substr($cat_input,0,-1);
$products_validated = [
'id' => $product_in_cart['rowID'],
'meta' =>
@@ -50,6 +63,7 @@ if (isset($post_content['product']) && $post_content['product'] != '' && isset($
"img" => $product_in_cart['full_path'],
"name" => $product_in_cart['productname'],
"productcode" => $product_in_cart['productcode'],
"category_ids" => $categories
],
'quantity' => $quantity,
'options' => [$options],

125
api/v2/post/transactions.php Normal file
View File

@@ -0,0 +1,125 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Transactions
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
}
//WEBSHOP UPDATE CAN SEND TXN_ID ONLY
if (isset($post_content['txn_id']) && $post_content['txn_id'] != '' && !isset($post_content['id'])){
//CHECK IF TXN_ID is send and valid
$sql = 'SELECT * FROM transactions WHERE txn_id = ?';
$stmt = $pdo->prepare($sql);
//Excute Query
$stmt->execute([$post_content['txn_id']]);
//Get results
if ($messages = $stmt->fetch(PDO::FETCH_ASSOC)){
//UPDATE ID TO TXN_ID RELATED ID
$post_content['id'] = $messages['id'];
unset($post_content['txn_id']);
}
}
//SET PARAMETERS FOR QUERY
$id = $post_content['id'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
//CHECK FOR ERRORS
$errors = validateTransactionData($post_content);
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//BUILD UP PARTNERHIERARCHY FROM USER
$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){
}
elseif ($command == 'insert'){
$post_content['accounthierarchy'] = $partner_product;
}
else {
//do nothing
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'rowID'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('transactions',$profile,$permission,'U') === 1){
$sql = 'UPDATE transactions SET '.$clause.' WHERE id = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
//RETURN UPDATED ID
$messages = json_encode(array('transaction_id'=> $id), JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
}
elseif ($command == 'insert' && empty($errors) && isAllowed('transactions',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO transactions ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('transactions',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE FROM transactions WHERE id = ? '.$whereclause.'');
$stmt->execute([ $id ]);
//Add deletion to changelog
changelog($dbname,'transactions',$id,'Delete','Delete',$username);
} else
{
//do nothing
}
?>