pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CMXX - Checkout and Placeorder

Browse Source
This commit is contained in:
“VeLiTi”
2025-02-17 19:01:04 +01:00
parent 2072250072
commit 3aaa6c6680
26 changed files with 3148 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

135
api/v2/get/discounts.php Normal file
View File

@@ -0,0 +1,135 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// discounts
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = 'WHERE d.accounthierarchy like "'.$condition.'"';
break;
}
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND name like :'.$v[0];
}
elseif ($v[0] == 'discount_category_id'){
$clause .= ' AND d.id = :'.$v[0];
}
elseif ($v[0] == 'discount_products_id'){
$clause .= ' AND d.id = :'.$v[0];
}
else {//create clause
$clause .= ' AND d.'.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM discounts '.$whereclause.'';
}
elseif(isset($criterias['discount_category_id']) && $criterias['discount_category_id'] !=''){
$sql ='SELECT c.name, c.rowID FROM discounts d JOIN categories c ON FIND_IN_SET(c.rowID, d.category_ids) '.$whereclause;
}
elseif(isset($criterias['discount_products_id']) && $criterias['discount_products_id'] !=''){
$sql ='SELECT p.productname, p.rowID FROM discounts d JOIN products p ON FIND_IN_SET(p.rowID, d.product_ids) '.$whereclause;
}
else {
//SQL for Paging
$sql = 'SELECT d.*, GROUP_CONCAT(DISTINCT p.productname) product_names, GROUP_CONCAT(DISTINCT c.name) category_names FROM discounts d LEFT JOIN products p ON FIND_IN_SET(p.rowID, d.product_ids) LEFT JOIN categories c ON FIND_IN_SET(c.rowID, d.category_ids) '.$whereclause.' GROUP BY d.id, d.category_ids, d.product_ids, d.discount_code, d.discount_type, d.discount_type, d.discount_value, d.start_date, d.end_date LIMIT :page,:num_products';
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
} else if ((isset($criterias['discount_category_id']) && $criterias['discount_category_id'] !='') || (isset($criterias['discount_products_id']) && $criterias['discount_products_id'] !='')){
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * $page_rows_discounts, PDO::PARAM_INT);
$stmt->bindValue('num_products', $page_rows_discounts, PDO::PARAM_INT);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
?>

127
api/v2/get/invoice.php Normal file
View File

@@ -0,0 +1,127 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// invoice
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = 'WHERE inv.accounthierarchy like "'.$condition.'"';
break;
}
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
else {//create clause
$clause .= ' AND inv.'.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM invoice inv '.$whereclause.'';
}
elseif (isset($criterias['list']) && $criterias['list'] =='invoice'){
//SQL for Paging
$sql = 'SELECT tx.*, txi.*, p.productname, inv.id as invoice, inv.created as invoice_created FROM transactions tx
left join invoice inv ON tx.id = inv.txn_id
left join transactions_items txi ON tx.id = txi.txn_id
left join products p ON p.rowID = txi.item_id '.$whereclause;
}
else {
//SQL for Paging
$sql = 'SELECT * FROM invoice inv '.$whereclause.' LIMIT :page,:num_products';
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
elseif (isset($criterias['list']) && $criterias['list']=='invoice'){
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
$messages = transformOrderData($messages);
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * $page_rows_invoice, PDO::PARAM_INT);
$stmt->bindValue('num_products', $page_rows_invoice, PDO::PARAM_INT);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
?>

4
api/v2/get/products_categories.php
View File

@@ -104,6 +104,10 @@ if(isset($get_content) && $get_content!=''){
//build up filter //build up filter
$clause .= ' AND c.filter = :'.$v[0]; $clause .= ' AND c.filter = :'.$v[0];
} }
elseif ($v[0] == 'status') {
//build up filter
$clause .= ' AND c.status = :'.$v[0];
}
else {//create clause else {//create clause
$clause .= ' AND pc.'.$v[0].' = :'.$v[0]; $clause .= ' AND pc.'.$v[0].' = :'.$v[0];
} }

155
api/v2/get/shipping.php Normal file
View File

@@ -0,0 +1,155 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// shipping
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
break;
}
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND name like :'.$v[0];
}
elseif ($v[0] == 'weight_total') {
//build up search
$clause .= ' AND weight_from <= :'.$v[0].' AND (weight_to >= :'.$v[0].' OR weight_to = 0)';
}
elseif ($v[0] == 'price_total') {
//build up search
$clause .= ' AND price_from <= :'.$v[0].' AND (price_to >= :'.$v[0].' OR price_to = 0)';
}
elseif ($v[0] == 'country') {
if ($v[1] != ''){
//CHECK IF SPECIFIC COUNTRY RECORD IS FOUND OTHERWISE CHECK FOR GLOBAL SHIPPING RECORDS
$sql = "SELECT COUNT(*) as count FROM shipping WHERE FIND_IN_SET(?, countries)";
$stmt = $pdo->prepare($sql);
$stmt->execute([$v[1]]);
$result = $stmt->fetch();
$result = $result[0];
if ($result > 0) {
$clause .= ' AND FIND_IN_SET(:'.$v[0].', countries) > 0';
} else {
//GET ALL COUNTRIES
$clause .= ' AND countries = ""';
}
}
else {
//GET ALL COUNTRIES
$clause .= ' AND countries = :'.$v[0];
}
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM shipping '.$whereclause.'';
}
elseif(isset($criterias['list']) && $criterias['list'] =='methods'){
$sql = 'SELECT * FROM shipping '.$whereclause;
}
else {
//SQL for Paging
$sql = 'SELECT * FROM shipping '.$whereclause.' LIMIT :page,:num_products';
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
elseif(isset($criterias['list']) && $criterias['list']=='methods'){
$stmt->execute();
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * $page_rows_shipping, PDO::PARAM_INT);
$stmt->bindValue('num_products', $page_rows_shipping, PDO::PARAM_INT);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
?>

115
api/v2/get/taxes.php Normal file
View File

@@ -0,0 +1,115 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Taxes
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
break;
}
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND name like :'.$v[0];
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM taxes '.$whereclause.'';
}
else {
//SQL for Paging
$sql = 'SELECT * FROM taxes '.$whereclause;
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
else {
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
?>

118
api/v2/get/transactions.php Normal file
View File

@@ -0,0 +1,118 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// transactions
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = 'WHERE tx.accounthierarchy like "'.$condition.'"';
break;
}
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND tx.name like :'.$v[0];
}
else {//create clause
$clause .= ' AND tx.'.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM transactions '.$whereclause.'';
}
else {
//SQL for Paging
$sql = 'SELECT * FROM transactions tx '.$whereclause.' LIMIT :page,:num_products';
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * $page_rows_transactions, PDO::PARAM_INT);
$stmt->bindValue('num_products', $page_rows_transactions, PDO::PARAM_INT);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
?>

118
api/v2/get/transactions_items.php Normal file
View File

@@ -0,0 +1,118 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// transactions_items
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
break;
}
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND name like :'.$v[0];
}
else {//create clause
$clause .= ' AND tai.'.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM transactions_items tai '.$whereclause.'';
}
else {
//SQL for Paging
$sql = 'SELECT ta.*, tai.* FROM transactions ta left join transactions_items tai ON ta.id = tai.txn_id '.$whereclause;
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
else {
//$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
//$stmt->bindValue('page', ($current_page - 1) * $page_rows_transactions, PDO::PARAM_INT);
//$stmt->bindValue('num_products', $page_rows_transactions, PDO::PARAM_INT);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
?>

52
api/v2/post/checkout.php Normal file
View File

@@ -0,0 +1,52 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Checkout handler
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//ENSURE PRODUCTROWID IS SEND
if (isset($post_content['cart']) && isset($post_content['checkout_input'])){
//CHECKOUT INPUT
$checkout_input = [
"products_validated" => $post_content['cart'],
"selected_country" => $post_content['checkout_input']['selected_country'],
"selected_shipping_method" => $post_content['checkout_input']['selected_shipment_method'],
"business_type" => $post_content['checkout_input']['business_type'],
"discount_code" => $post_content['checkout_input']['discount_code']
];
//Initialize calculator
$calculator = new ShoppingCartCalculator(
$checkout_input['products_validated'],
$checkout_input['selected_country'],
$checkout_input['selected_shipping_method'],
$checkout_input['business_type'],
$checkout_input['discount_code'],
$pdo
);
// Get all calculations in one array
$messages = $calculator->calculateTotals();
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
}
else
{
//------------------------------------------
// Payload not correct
//------------------------------------------
http_response_code(400); // Payload not correct
}
?>

103
api/v2/post/discounts.php Normal file
View File

@@ -0,0 +1,103 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// discounts
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
}
//BUILD UP PARTNERHIERARCHY FROM USER
$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
$id = $post_content['id'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//IMPLODE CATEGORIES AND PRODUCTS
$post_content['category_ids'] = isset($post_content['categories']) ? implode(',', $post_content['categories']) : '';
$post_content['product_ids'] = isset($post_content['products']) ? implode(',', $post_content['products']) : '';
//REMOVE categories and products from post_content
if (isset($post_content['categories'])) { unset($post_content['categories']);}
if (isset($post_content['products'])) { unset($post_content['products']);}
if ($command == 'update'){
}
if ($command == 'insert'){
$post_content['accounthierarchy'] = $partner_product;
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'rowID'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('discounts',$profile,$permission,'U') === 1){
$sql = 'UPDATE discounts SET '.$clause.' WHERE id = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && isAllowed('discounts',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO discounts ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('discounts',$profile,$permission,'D') === 1){
$sql = 'DELETE FROM discounts WHERE id = ? '.$whereclause;
$stmt = $pdo->prepare($sql);
$stmt->execute([$id]);
//Add deletion to changelog
changelog($dbname,'discounts',$id,'Delete','Delete',$username);
} else
{
//do nothing
}
?>

121
api/v2/post/invoice.php Normal file
View File

@@ -0,0 +1,121 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Invoice
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
}
//SET PARAMETERS FOR QUERY
$id = $post_content['id'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//BUILD UP PARTNERHIERARCHY FROM USER
$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){
}
elseif ($command == 'insert' && (isset($post_content['txn_id']) && $post_content['txn_id'] != '')){
//GET RELATED TRANSACTION DETAILS
$sql = 'SELECT * FROM transactions WHERE id = ? AND payment_status = "0"';
$stmt = $pdo->prepare($sql);
//Excute Query
$stmt->execute([$post_content['txn_id']]);
//Get results
if ($messages = $stmt->fetch(PDO::FETCH_ASSOC)) {
//ADD ADDITIONAL POST CONTENT
$post_content['payment_amount'] = $messages['payment_amount'];
$post_content['shipping_amount'] = $messages['shipping_amount'];
$post_content['discount_amount'] = $messages['discount_amount'];
$post_content['tax_amount'] = $messages['tax_amount'];
$post_content['payment_status'] = $messages['payment_status'];
$post_content['accounthierarchy'] = $partner_product;
}
}
else {
//do nothing
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'rowID'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('invoice',$profile,$permission,'U') === 1){
$sql = 'UPDATE invoice SET '.$clause.' WHERE id = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && isAllowed('invoice',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO invoice ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
//GET LAST_ID
$last_id = $pdo->lastInsertId();
$messages = json_encode(array('invoice_id'=> $last_id), JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
}
elseif ($command == 'delete' && isAllowed('invoice',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE FROM invoice WHERE id = ? '.$whereclause.'');
$stmt->execute([ $id ]);
//Add deletion to changelog
changelog($dbname,'invoice',$id,'Delete','Delete',$username);
} else
{
//do nothing
}
?>

144
api/v2/post/placeorder.php Normal file
View File

@@ -0,0 +1,144 @@
<?php
defined($security_key) or exit;
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
//------------------------------------------
// placeorder handler
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//ENSURE CART, CHECK_OUT_INPUT AND CUSTOMER DATA IS SEND
if (isset($post_content['cart']) && isset($post_content['checkout_input']) && isset($post_content['customer_details'])){
$errors = validateCheckoutData($post_content);
//IF ERRORS RETURN
if (!empty($errors)){
$messages = [
"error" => $errors
];
}
else {
//CHECKOUT INPUT
$checkout_input = [
"products_validated" => $post_content['cart'],
"selected_country" => $post_content['checkout_input']['selected_country'],
"selected_shipping_method" => $post_content['checkout_input']['selected_shipment_method'],
"business_type" => $post_content['checkout_input']['business_type'],
"discount_code" => $post_content['checkout_input']['discount_code'],
"payment_method" => $post_content['checkout_input']['payment_method']
];
//Customer details
$customer_details = [
'account_id' => $post_content['customer_details']['account_id'] ?? '',
'email' => $post_content['customer_details']['email'] ?? '',
'first_name' => $post_content['customer_details']['first_name'] ?? '',
'last_name' => $post_content['customer_details']['last_name'] ?? '',
'address_street' => $post_content['customer_details']['address_street'] ?? '',
'address_city' => $post_content['customer_details']['address_city'] ?? '',
'address_state' => $post_content['customer_details']['address_state'] ?? '',
'address_zip' => $post_content['customer_details']['address_zip'] ?? '',
'address_country' => $post_content['customer_details']['address_country'] ?? '',
'address_phone' => $post_content['customer_details']['address_phone'] ?? ''
];
//Initialize calculator
$calculator = new ShoppingCartCalculator(
$checkout_input['products_validated'],
$checkout_input['selected_country'],
$checkout_input['selected_shipping_method'],
$checkout_input['business_type'],
$checkout_input['discount_code'],
$pdo
);
//Recalculate the checkout
$products_in_cart = $calculator->calculateTotals();
$subtotal = $products_in_cart['totals']['subtotal'];
$shippingtotal = $products_in_cart['totals']['shippingtotal'];
$discounttotal = $products_in_cart['totals']['discounttotal'];
$taxtotal = $products_in_cart['totals']['taxtotal'];
$total = $products_in_cart['totals']['total'];
//BUILD UP PARTNERHIERARCHY FROM USER
$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
// Generate unique transaction ID
$txn_id = strtoupper(uniqid('SC') . substr(md5(mt_rand()), 0, 5));
// Insert transaction header
$stmt = $pdo->prepare('INSERT INTO transactions (txn_id, payment_amount, payment_status, payer_email, first_name, last_name, address_street, address_city, address_state, address_zip, address_country, address_phone, account_id, payment_method, shipping_method, shipping_amount, discount_amount, discount_code, tax_amount,accounthierarchy) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)');
$stmt->execute([
$txn_id,
$total,
0,
$customer_details['email'],
$customer_details['first_name'],
$customer_details['last_name'],
$customer_details['address_street'],
$customer_details['address_city'],
$customer_details['address_state'],
$customer_details['address_zip'],
$customer_details['address_country'],
$customer_details['address_phone'],
$customer_details['account_id'],
$checkout_input['payment_method'],
$checkout_input['selected_shipping_method'],
$shippingtotal,
$discounttotal,
$checkout_input['discount_code'],
$taxtotal,
$partner_product
]);
// Get order ID
$transaction_id = $pdo->lastInsertId();
//Insert transaction items
foreach ($products_in_cart['cart_details']['products'] as $product) {
// JSON_ENCODE OPTIONS
$options = json_encode($product['options'],JSON_UNESCAPED_UNICODE) ?? '';
// For every product in the shopping cart insert a new transaction_item
$stmt = $pdo->prepare('INSERT INTO transactions_items (txn_id, item_id, item_price, item_quantity, item_options) VALUES (?,?,?,?,?)');
$stmt->execute([$transaction_id, $product['id'], $product['options_price'], $product['quantity'], $options]);
}
//Return to checkout page
$messages = [
"id" => $transaction_id,
"transaction_id" => $txn_id,
"payment_amount" => $total,
"payment_method" => $checkout_input['payment_method'],
"products_checked-out" => $products_in_cart['cart_details'],
"subtotal" => $subtotal,
"discounttotal" => $discounttotal,
"shippingtotal" => $shippingtotal,
"taxtotal" => $taxtotal,
"messages" => '',
"error" => ''
];
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
}
else
{
//------------------------------------------
// Payload not correct
//------------------------------------------
http_response_code(400); // Payload not correct
}
?>

99
api/v2/post/shipping.php Normal file
View File

@@ -0,0 +1,99 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// shipping
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
}
//BUILD UP PARTNERHIERARCHY FROM USER
$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
$id = $post_content['id'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//IMPLODE CATEGORIES AND PRODUCTS
$post_content['countries'] = isset($post_content['countries']) ? implode(',', $post_content['countries']) : '';
if ($command == 'update'){
}
if ($command == 'insert'){
$post_content['accounthierarchy'] = $partner_product;
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'rowID'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('shipping',$profile,$permission,'U') === 1){
$sql = 'UPDATE shipping SET '.$clause.' WHERE id = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && isAllowed('shipping',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO shipping ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('shipping',$profile,$permission,'D') === 1){
$sql = 'DELETE FROM shipping WHERE id = ? '.$whereclause;
$stmt = $pdo->prepare($sql);
$stmt->execute([$id]);
//Add deletion to changelog
changelog($dbname,'shipping',$id,'Delete','Delete',$username);
} else
{
//do nothing
}
?>

14
api/v2/post/shopping_cart.php
View File

@@ -43,6 +43,19 @@ if (isset($post_content['product']) && $post_content['product'] != '' && isset($
$options_weight = 0; $options_weight = 0;
$options = $result['selected_items']; $options = $result['selected_items'];
//------------------------------------------
// ADD Product categories
//------------------------------------------
$cat_products = ioAPIv2('/v2/products_categories/status=1&product_id='.$product_ID,'',$clientsecret);
$cat_products = json_decode($cat_products,true);
$cat_input = '';
foreach($cat_products as $cat_product_id){
$cat_input .= $cat_product_id['rowID'].',';
}
$categories = substr($cat_input,0,-1);
$products_validated = [ $products_validated = [
'id' => $product_in_cart['rowID'], 'id' => $product_in_cart['rowID'],
'meta' => 'meta' =>
@@ -50,6 +63,7 @@ if (isset($post_content['product']) && $post_content['product'] != '' && isset($
"img" => $product_in_cart['full_path'], "img" => $product_in_cart['full_path'],
"name" => $product_in_cart['productname'], "name" => $product_in_cart['productname'],
"productcode" => $product_in_cart['productcode'], "productcode" => $product_in_cart['productcode'],
"category_ids" => $categories
], ],
'quantity' => $quantity, 'quantity' => $quantity,
'options' => [$options], 'options' => [$options],

125
api/v2/post/transactions.php Normal file
View File

@@ -0,0 +1,125 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Transactions
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
}
//WEBSHOP UPDATE CAN SEND TXN_ID ONLY
if (isset($post_content['txn_id']) && $post_content['txn_id'] != '' && !isset($post_content['id'])){
//CHECK IF TXN_ID is send and valid
$sql = 'SELECT * FROM transactions WHERE txn_id = ?';
$stmt = $pdo->prepare($sql);
//Excute Query
$stmt->execute([$post_content['txn_id']]);
//Get results
if ($messages = $stmt->fetch(PDO::FETCH_ASSOC)){
//UPDATE ID TO TXN_ID RELATED ID
$post_content['id'] = $messages['id'];
unset($post_content['txn_id']);
}
}
//SET PARAMETERS FOR QUERY
$id = $post_content['id'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
//CHECK FOR ERRORS
$errors = validateTransactionData($post_content);
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//BUILD UP PARTNERHIERARCHY FROM USER
$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){
}
elseif ($command == 'insert'){
$post_content['accounthierarchy'] = $partner_product;
}
else {
//do nothing
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'rowID'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('transactions',$profile,$permission,'U') === 1){
$sql = 'UPDATE transactions SET '.$clause.' WHERE id = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
//RETURN UPDATED ID
$messages = json_encode(array('transaction_id'=> $id), JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
}
elseif ($command == 'insert' && empty($errors) && isAllowed('transactions',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO transactions ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('transactions',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE FROM transactions WHERE id = ? '.$whereclause.'');
$stmt->execute([ $id ]);
//Add deletion to changelog
changelog($dbname,'transactions',$id,'Delete','Delete',$username);
} else
{
//do nothing
}
?>

407
assets/functions.php
View File

@@ -3086,4 +3086,411 @@ function calculateTotalPrice($product_data, $selected_options) {
'total_price' => $total_price, 'total_price' => $total_price,
'selected_items' => implode(', ', $selected_item_names) 'selected_items' => implode(', ', $selected_item_names)
]; ];
}
// +++++++++++++++++++++++++++++++++++++++++++++++++++++++
// ShoppingCartCalulator ++++++++++++++
// +++++++++++++++++++++++++++++++++++++++++++++++++++++++
class ShoppingCartCalculator {
private $products;
private $selected_country;
private $selected_shipping_method;
private $business_type;
private $discount_code;
private $db;
private $discount_message;
private $tax_rate;
public function __construct($products, $selected_country, $selected_shipping_method, $business_type, $discount_code, $db) {
$this->products = $products;
$this->selected_country = $selected_country;
$this->selected_shipping_method = $selected_shipping_method;
$this->business_type = strtolower($business_type);
$this->discount_code = $discount_code;
$this->db = $db;
$this->discount_message = '';
$this->tax_rate = $this->getTaxRate();
}
public function calculateTotals() {
// Calculate basic totals
$subtotal = $this->calculateSubtotal();
$weighttotal = $this->calculateWeightTotal();
$shippingtotal = $this->calculateShippingTotal($subtotal, $weighttotal,$this->selected_shipping_method);
$discounttotal = $this->calculateDiscountTotal();
$taxtotal = $this->calculateTaxTotal($subtotal - $discounttotal + $shippingtotal);
// Calculate final total based on business type
$total = $this->calculateFinalTotal($subtotal, $shippingtotal, $discounttotal, $taxtotal);
return [
'cart_details' => [
'products' => $this->products,
'selected_country' => $this->selected_country,
'selected_shipping_method' => $this->selected_shipping_method,
'business_type' => $this->business_type,
'discount_code' => $this->discount_code
],
'totals' => [
'subtotal' => number_format($subtotal, 2, '.', ''),
'weighttotal' => number_format($weighttotal, 2, '.', ''),
'shippingtotal' => number_format($shippingtotal, 2, '.', ''),
'discounttotal' => number_format($discounttotal, 2, '.', ''),
'discount_message' => $this->discount_message,
'tax_rate' => number_format($this->tax_rate, 2, '.', '') . '%',
'taxtotal' => number_format($taxtotal, 2, '.', ''),
'total' => number_format($total, 2, '.', '')
]
];
}
private function getTaxRate() {
$sql = "SELECT rate FROM taxes WHERE country = ?";
$stmt = $this->db->prepare($sql);
$stmt->execute([$this->selected_country]);
$tax = $stmt->fetch(PDO::FETCH_ASSOC);
return $tax ? floatval($tax['rate']) : 0;
}
private function calculateSubtotal() {
$subtotal = 0;
foreach ($this->products as $product) {
$product_price = floatval(str_replace(',', '.', $product['options_price']));
$subtotal += $product_price * $product['quantity'];
}
return $subtotal;
}
private function calculateWeightTotal() {
$weighttotal = 0;
foreach ($this->products as $product) {
$options_weight = floatval($product['options_weight']);
$weighttotal += $options_weight * $product['quantity'];
}
return $weighttotal;
}
private function calculateDiscountTotal() {
if (empty($this->discount_code)) {
$this->discount_message = '';
return 0;
}
$current_date = date('Y-m-d H:i:s');
// First check if discount code exists and is valid
$sql = "SELECT * FROM discounts WHERE discount_code = ?";
$stmt = $this->db->prepare($sql);
$stmt->execute([$this->discount_code]);
$discount = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$discount) {
$this->discount_message = 'Invalid discount code';
return 0;
}
// Check date validity
if ($current_date < $discount['start_date']) {
$this->discount_message = 'Discount code not yet active';
return 0;
}
if ($current_date > $discount['end_date']) {
$this->discount_message = 'Discount code expired';
return 0;
}
// Convert string of IDs to arrays
$discount_product_ids = !empty($discount['product_ids']) ?
array_map('trim', explode(',', $discount['product_ids'])) : [];
$discount_category_ids = !empty($discount['category_ids']) ?
array_map('trim', explode(',', $discount['category_ids'])) : [];
$discounttotal = 0;
$eligible_products_found = false;
$total_eligible_price = 0;
// Calculate total eligible price
foreach ($this->products as $product) {
if ($this->isProductEligibleForDiscount($product, $discount_product_ids, $discount_category_ids)) {
$eligible_products_found = true;
$product_price = floatval(str_replace(',', '.', $product['options_price'])) * $product['quantity'];
$total_eligible_price += $product_price;
}
}
// Calculate discount if eligible products found
if ($eligible_products_found) {
if ($discount['discount_type'] == 1) {
// Percentage discount
$discounttotal = $total_eligible_price * ($discount['discount_value'] / 100);
} else {
// Fixed amount discount
$discounttotal = min($discount['discount_value'], $total_eligible_price);
}
$discount_type = $discount['discount_type'] == 1 ?
$discount['discount_value'] . '% discount' :
'€' . number_format($discount['discount_value'], 2) . ' discount';
$this->discount_message = "Discount applied successfully: " . $discount_type;
} else {
$this->discount_message = 'No eligible products for this discount code';
$discounttotal = 0;
}
return $discounttotal;
}
private function isProductEligibleForDiscount($product, $discount_product_ids, $discount_category_ids) {
// If no specific products or categories are set, discount applies to all products
if (empty($discount_product_ids) && empty($discount_category_ids)) {
return true;
}
$product_match = false;
$category_match = false;
// Check product ID match
if (!empty($discount_product_ids)) {
$product_match = in_array($product['id'], $discount_product_ids);
// If only product IDs are specified (no categories), return the product match result
if (empty($discount_category_ids)) {
return $product_match;
}
} else {
// If no product IDs specified, set product_match to true
$product_match = true;
}
// Check category match
if (!empty($discount_category_ids)) {
if (isset($product['meta']['category_ids'])) {
$product_categories = is_array($product['meta']['category_ids']) ?
$product['meta']['category_ids'] :
array_map('trim', explode(',', $product['meta']['category_ids']));
$category_match = !empty(array_intersect($product_categories, $discount_category_ids));
} else {
$category_match = false;
}
// If only categories are specified (no products), return the category match result
if (empty($discount_product_ids)) {
return $category_match;
}
} else {
// If no categories specified, set category_match to true
$category_match = true;
}
// If both product IDs and categories are specified, both must match
return $product_match && $category_match;
}
private function calculateShippingTotal($subtotal, $weighttotal,$selected_shipping_method) {
//USER PROVIDED SHIPMENT METHOD
$sql = "SELECT price FROM shipping WHERE ID = ?";
$stmt = $this->db->prepare($sql);
$stmt->execute([$this->selected_shipping_method]);
$shipping = $stmt->fetch(PDO::FETCH_ASSOC);
return $shipping ? floatval($shipping['price']) : 0;
}
private function calculateTaxTotal($amount_to_tax) {
$sql = "SELECT rate FROM taxes WHERE country = ?";
$stmt = $this->db->prepare($sql);
$stmt->execute([$this->selected_country]);
$tax = $stmt->fetch(PDO::FETCH_ASSOC);
return $tax ? ($amount_to_tax * ($tax['rate'] / 100)) : 0;
}
private function calculateFinalTotal($subtotal, $shippingtotal, $discounttotal, $taxtotal) {
$base = $subtotal - $discounttotal + $shippingtotal;
if ($this->business_type === 'b2c') {
// Tax is included in final price
return $base;
} else {
// Tax is added on top for B2B
return $base + $taxtotal;
}
}
}
function validateCheckoutData($post_content) {
$errors = [];
// Required fields for checkout input
$required_checkout_fields = [
'cart' => 'Products',
'checkout_input.selected_country' => 'Country',
'checkout_input.selected_shipment_method' => 'Shipping method',
'checkout_input.business_type' => 'Business type',
'checkout_input.payment_method' => 'Payment method'
];
// Required fields for customer details
$required_customer_fields = [
'customer_details.email' => 'Email',
'customer_details.first_name' => 'First name',
'customer_details.last_name' => 'Last name',
'customer_details.address_street' => 'Street address',
'customer_details.address_city' => 'City',
'customer_details.address_zip' => 'ZIP code',
'customer_details.address_country' => 'Country',
'customer_details.address_phone' => 'Phone number'
];
// Validate checkout input fields
foreach ($required_checkout_fields as $field => $label) {
$keys = explode('.', $field);
if (count($keys) === 1) {
if (!isset($post_content[$keys[0]]) || empty($post_content[$keys[0]])) {
$errors[] = "$label is required";
}
} else {
if (!isset($post_content[$keys[0]][$keys[1]]) || empty($post_content[$keys[0]][$keys[1]])) {
$errors[] = "$label is required";
}
}
}
// Validate customer details fields
foreach ($required_customer_fields as $field => $label) {
$keys = explode('.', $field);
if (!isset($post_content[$keys[0]][$keys[1]]) || empty($post_content[$keys[0]][$keys[1]])) {
$errors[] = "$label is required";
}
}
// Additional validation for email format
if (isset($post_content['customer_details']['email']) && !empty($post_content['customer_details']['email'])) {
if (!filter_var($post_content['customer_details']['email'], FILTER_VALIDATE_EMAIL)) {
$errors[] = "Invalid email format";
}
}
// Additional validation for phone number (basic format check)
if (isset($post_content['customer_details']['address_phone']) && !empty($post_content['customer_details']['address_phone'])) {
if (!preg_match("/^[0-9\-\(\)\/\+\s]*$/", $post_content['customer_details']['address_phone'])) {
$errors[] = "Invalid phone number format";
}
}
return $errors;
}
function validateTransactionData($post_content) {
$errors = [];
// Required fields for customer details
$required_fields = [
'customer_details.email' => 'Email',
'customer_details.first_name' => 'First name',
'customer_details.last_name' => 'Last name',
'customer_details.address_street' => 'Street address',
'customer_details.address_city' => 'City',
'customer_details.address_zip' => 'ZIP code',
'customer_details.address_country' => 'Country',
'total.payment_amount' => 'Payment_amount',
];
// Validate customer details fields
foreach ($required_fields as $field => $label) {
$keys = explode('.', $field);
if (!isset($post_content[$keys[0]][$keys[1]]) || empty($post_content[$keys[0]][$keys[1]])) {
$errors[] = "$label is required";
}
}
return $errors;
}
function getCountryNamesByIds($countries, $idString) {
// Create a lookup array where ID is the key and country name is the value
$countryMap = array_column($countries, 'country', 'id');
// Convert comma-separated string to array
$ids = explode(',', $idString);
// Get country names for each ID
$countryNames = [];
foreach ($ids as $id) {
$id = trim($id);
if (isset($countryMap[$id])) {
$countryNames[] = $countryMap[$id];
}
}
return $countryNames;
}
function transformOrderData(array $orderData): array {
// Initialize the result array with the first row's common data
$firstRow = $orderData[0];
$result = [
'customer' => [
'email' => $firstRow['payer_email'],
'name' => $firstRow['first_name'] . ' ' . $firstRow['last_name'],
'street' => $firstRow['address_street'],
'zip' => $firstRow['address_zip'],
'city' => $firstRow['address_city'],
'country' => $firstRow['address_country']
],
'products' => [],
'invoice' => [
'id' => $firstRow['invoice'],
'created' => $firstRow['invoice_created'],
'payment_status' => $firstRow['payment_status']
],
'pricing' => [
'subtotal' => 0,
'shipping_total' => $firstRow['shipping_amount'],
'tax_total' => $firstRow['tax_amount'],
'discount_total' => $firstRow['discount_amount'],
'payment_amount' => $firstRow['payment_amount']
]
];
// Process products from all rows
foreach ($orderData as $row) {
// Decode JSON string for item options
$itemOptions = json_decode($row['item_options'], true) ?? [];
// Calculate line total
$lineTotal = floatval($row['item_price']) * intval($row['item_quantity']);
// Add to subtotal
$result['pricing']['subtotal'] += $lineTotal;
// Add product information
$result['products'][] = [
'item_id' => $row['item_id'],
'product_name' => $row['productname'],
'options' => $itemOptions,
'quantity' => $row['item_quantity'],
'price' => $row['item_price'],
'line_total' => number_format($lineTotal, 2, '.', '')
];
}
// Format monetary values
$result['pricing']['subtotal'] = number_format($result['pricing']['subtotal'], 2, '.', '');
$result['pricing']['shipping_total'] = number_format(floatval($result['pricing']['shipping_total']), 2, '.', '');
$result['pricing']['tax_total'] = number_format(floatval($result['pricing']['tax_total']), 2, '.', '');
$result['pricing']['discount_total'] = number_format(floatval($result['pricing']['discount_total']), 2, '.', '');
$result['pricing']['payment_amount'] = number_format(floatval($result['pricing']['payment_amount']), 2, '.', '');
return $result;
} }

190
discount.php Normal file
View File

@@ -0,0 +1,190 @@
<?php
defined(page_security_key) or exit;
$page = 'discount';
//Check if allowed
if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){
header('location: index.php');
exit;
}
//PAGE Security
$update_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'U');
$delete_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'D');
$create_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'C');
$discount = [
'id' =>'',
'category_ids' => '',
'product_ids' => '',
'discount_code' => '',
'discount_type' => 1,
'discount_value' => 0,
'start_date' => date('Y-m-d\TH:i'),
'end_date' => date('Y-m-d\TH:i', strtotime('+1 month', strtotime(date('Y-m-d\TH:i')))),
'categories' => [],
'products' => []
];
//GET ALL CATEGORIES
$api_url = '/v2/categories/';
$categories = ioServer($api_url,'');
//Decode Payload
if (!empty($categories)){$categories = json_decode($categories,true);}else{$categories = null;}
//GET PRODUCTS
$api_url = '/v2/products/list=';
$products = ioServer($api_url,'');
//Decode Payload
if (!empty($products)){$products = json_decode($products,true);}else{$products = null;}
if (isset($_GET['id'])) {
//CALL TO API FOR DISCOUNT
$api_url = '/v2/discounts/id='.$_GET['id'];
$discount = ioServer($api_url,'');
//Decode Payload
if (!empty($discount)){$discount = json_decode($discount,true);}else{$discount = null;}
$discount = $discount[0];
//GET CATEGORY NAMES RELATED TO DISCOUNT discount_category_id
$api_url = '/v2/discounts/discount_category_id='.$_GET['id'];
$discount_cat = ioServer($api_url,'');
//Decode Payload
if (!empty($discount_cat)){$discount['categories'] = json_decode($discount_cat,true);}else{$discount['categories']= null;}
//GET CATEGORY NAMES RELATED TO DISCOUNT discount_products_id
$api_url = '/v2/discounts/discount_products_id='.$_GET['id'];
$discount_prod = ioServer($api_url,'');
//Decode Payload
if (!empty($discount_prod)){$discount['products'] = json_decode($discount_prod,true);}else{$discount['products']= null;}
if (isset($_POST['submit'])) {
//Update the discount
//GET ALL POST DATA
$payload = json_encode($_POST, JSON_UNESCAPED_UNICODE);
//API call
$responses = ioServer('/v2/discounts', $payload);
if ($responses === 'NOK'){
} else {
header('Location: index.php?page=discounts&success_msg=2');
exit;
}
}
if (isset($_POST['delete'])) {
//GET ALL POST DATA
$payload = json_encode($_POST, JSON_UNESCAPED_UNICODE);
var_dump($payload);
//API call
$responses = ioServer('/v2/discounts', $payload);
if ($responses === 'NOK'){
} else {
//Redirect and delete product
header('Location: index.php?page=discounts&success_msg=3');
exit;
}
}
} else {
// Create a new discount
$page = 'Create';
if (isset($_POST['submit'])) {
//GET ALL POST DATA
$payload = json_encode($_POST , JSON_UNESCAPED_UNICODE);
//API call
$responses = ioServer('/v2/discounts', $payload);
if ($responses === 'NOK'){
// DO nothing
}
else {
header('Location: index.php?page=discounts&success_msg=1');
exit;
}
}
}
template_header('discount', 'discounts', 'manage');
$view ='
<form action="" method="post" enctype="multipart/form-data">
<div class="content-title responsive-flex-wrap responsive-pad-bot-3">
<h2 class="responsive-width-100">'.($discounts_h2 ?? 'discounts').'</h2>
<a href="index.php?page=discounts" class="btn alt mar-right-2">'.$button_cancel.'</a>
';
if ($delete_allowed === 1){
$view .= '<input type="submit" name="delete" value="Delete" class="btn red mar-right-2" onclick="return confirm(\'Are you sure you want to delete this discount?\')">';
}
if ($update_allowed === 1){
$view .= '<input type="submit" name="submit" value="Save" class="btn">';
}
$view .= '</div>';
$view .= '<div class="content-block">
<div class="form responsive-width-100">
<label for="code"><i class="required">*</i>'.($discounts_code ?? 'Code').'</label>
<input id="code" type="text" name="discount_code" placeholder="'.($discounts_code ?? 'Code').'" value="'.$discount['discount_code'].'" required>
<input type="hidden" name="id" value="'.$discount['id'].'">
<label for="categories">'.($discounts_category ?? 'Categories').'</label>
<div class="multiselect" data-name="categories[]">';
foreach ($discount['categories'] as $cat){
$view .= '<span class="item" data-value="'.$cat['rowID'].'">
<i class="remove">&times;</i>'.$cat['name'].'
<input type="hidden" name="categories[]" value="'.$cat['rowID'].'">
</span>';
}
$view .= ' <input type="text" class="search" id="categories" placeholder="Categories">
<div class="list">';
foreach ($categories as $cat){
$view .= '<span data-value="'.$cat['rowID'].'">'.$cat['name'].'</span>';
}
$view .= ' </div>
</div>
<label for="products">'.($discounts_product ?? 'Products').'</label>
<div class="multiselect" data-name="products[]">';
foreach ($discount['products'] as $product){
$view .= ' <span class="item" data-value="'.$product['rowID'].'">
<i class="remove">&times;</i>'.$product['productname'].'
<input type="hidden" name="products[]" value="'.$product['rowID'].'">
</span>';
}
$view .= '<input type="text" class="search" id="products" placeholder="Products">
<div class="list">';
foreach ($products as $product){
$view .= ' <span data-value="'.$product['rowID'].'">'.$product['productname'].'</span>';
}
$view .= '</div>
</div>
<label for="type"><i class="required">*</i>'.($discounts_type ?? 'Type').'</label>
<select id="type" name="discount_type">
<option value="'.$discount['discount_type'].'" '.($discount['discount_type']== 0 ? ' selected':'').'>'.($discounts_type_fixed ?? 'Fixed').'</option>
<option value="'.$discount['discount_type'].'" '.($discount['discount_type']== 1 ? ' selected':'').'>'.($discounts_type_percentage ?? 'Percentage').'</option>
</select>
<label for="discount_value"><i class="required">*</i>'.($discounts_value ?? 'Value').'</label>
<input id="discount_value" type="number" name="discount_value" placeholder="'.($discounts_value ?? 'Value').'" min="0" step=".01" value="'.$discount['discount_value'].'" required>
<label for="start_date"><i class="required">*</i>'.($discounts_start_date ?? 'Start Date').'</label>
<input id="start_date" type="datetime-local" name="start_date" placeholder="'.($discounts_start_date ?? 'Start Date').'" value="'.(date('Y-m-d\TH:i', strtotime($discount['start_date']))).'" required>
<label for="end_date"><i class="required">*</i> End Date</label>
<input id="end_date" type="datetime-local" name="end_date" placeholder="'.($discounts_end_date ?? 'End Date').'" value="'.(date('Y-m-d\TH:i', strtotime($discount['end_date']))).'" required>
</div>
</div>
</form>';
//Output
echo $view;
template_footer();
?>

152
discounts.php Normal file
View File

@@ -0,0 +1,152 @@
<?php
defined(page_security_key) or exit;
if (debug && debug_id == $_SESSION['id']){
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
}
include_once './assets/functions.php';
include_once './settings/settings.php';
//SET ORIGIN FOR NAVIGATION
$prev_page = $_SESSION['prev_origin'] ?? '';
$page = $_SESSION['origin'] = 'discounts';
//Check if allowed
if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){
header('location: index.php');
exit;
}
//GET PARAMETERS
$pagination_page = isset($_GET['p']) ? $_GET['p'] : 1;
$search = isset($_GET['search']) ? '&search='.$_GET['search'] : '';
// Determine the URL
$url = 'index.php?page=discounts'.$search;
//GET Details from URL
$GET_VALUES = urlGETdetails($_GET) ?? '';
//CALL TO API
$api_url = '/v2/discounts/'.$GET_VALUES;
$discounts = ioServer($api_url,'');
//Decode Payload
if (!empty($discounts)){$discounts = json_decode($discounts,true);}else{$discounts = null;}
//Return QueryTotal from API
$api_url = '/v2/discounts/totals=';
$query_total = ioServer($api_url,'');
//Decode Payload
if (!empty($query_total)){$query_total = json_decode($query_total,true);}else{$query_total = null;}
// Handle success messages
if (isset($_GET['success_msg'])) {
if ($_GET['success_msg'] == 1) {
$success_msg = $message_discounts_1 ?? 'Created';
}
if ($_GET['success_msg'] == 2) {
$success_msg = $message_discounts_2 ?? 'Updated';
}
if ($_GET['success_msg'] == 3) {
$success_msg = $message_discounts_3 ?? 'Deleted' ;
}
}
template_header('discounts', 'discounts','view');
$view = '
<div class="content-title">
<div class="title">
<i class="fa-solid fa-box-open"></i>
<div class="txt">
<h2>'.($discounts_h2 ?? 'discounts').' ('.$query_total.')</h2>
<p>'.($discounts_p ?? '').'</p>
</div>
</div>
</div>';
if (isset($success_msg)){
$view .= ' <div class="msg success">
<i class="fas fa-check-circle"></i>
<p>'.$success_msg.'</p>
<i class="fas fa-times"></i>
</div>';
}
$view .= '
<div class="content-header responsive-flex-column pad-top-5">
<a href="index.php?page=discount" class="btn">'.($button_create_discount ?? 'Create discount').'</a>
</div>
<div class="content-block">
<div class="table">
<table>
<thead>
<tr>
<td class="responsive-hidden">'.($discounts_id ?? '#').'</td>
<td>'.($discounts_code ?? 'Code').'</td>
<td>'.($discounts_active ?? 'Active').'</td>
<td class="responsive-hidden">'.($discounts_category ?? 'Categories').'</td>
<td class="responsive-hidden">'.($discounts_product ?? 'Products').'</td>
<td>'.($discounts_type ?? 'Type').'</td>
<td>'.($discounts_value ?? 'Value').'</td>
<td class="responsive-hidden">'.($discounts_start_date ?? 'Start Date').'</td>
<td class="responsive-hidden">'.($discounts_end_date ?? 'End Date').'</td>
<td>'.$general_actions.'</td>
</tr>
</thead>
<tbody>';
if (empty($discounts)){
$view .= '<tr>
<td colspan="8" style="text-align:center;">'.($message_no_discounts ?? 'There are no discounts').'</td>
</tr>';
}
else {
foreach ($discounts as $discount){
$current_date = strtotime((new DateTime())->format('Y-m-d H:i:s'));
$view .= '
<tr>
<td class="responsive-hidden">'.$discount['id'].'</td>
<td>'.$discount['discount_code'].'</td>
<td>'.(($current_date >= strtotime($discount['start_date']) && $current_date <= strtotime($discount['end_date'])) ? $general_yes : $general_no).'</td>
<td class="responsive-hidden">'.($discount['category_names'] ? str_replace(',', ', ', $discount['category_names']) : $general_all ?? 'all').'</td>
<td class="responsive-hidden">'.($discount['product_names'] ? str_replace(',', ', ', $discount['product_names']) : $general_all ?? 'all').'</td>
<td>'.$discount['discount_type'].'</td>
<td>'.$discount['discount_value'].'</td>
<td class="responsive-hidden">'.date('Y-m-d h:ia', strtotime($discount['start_date'])).'</td>
<td class="responsive-hidden">'.date('Y-m-d h:ia', strtotime($discount['end_date'])).'</td>
<td><a href="index.php?page=discount&id='.$discount['id'].'" class="link1">'.$general_view.'</a></td>
</tr>';
}
}
$view .= '
</tbody>
</table>
</div>
</div>
';
$view.='<div class="pagination">';
if ($pagination_page > 1) {
$page = $pagination_page-1;
$view .= '<a href="'.$url.'&p=1">'.$general_first.'</a>';
$view .= '<a href="'.$url.'&p='.$page.'">'.$general_prev.'</a>';
}
$totals = ceil($query_total / $page_rows_discounts) == 0 ? 1 : ceil($query_total / $page_rows_discounts);
$view .= '<span> '.$general_page.$pagination_page.$general_page_of.$totals.'</span>';
if ($pagination_page * $page_rows_discounts < $query_total){
$page = $pagination_page+1;
$view .= '<a href="'.$url.'&p='.$page.'">'.$general_next.'</a>';
$view .= '<a href="'.$url.'&p='.$totals.'">'.$general_last.'</a>';
}
$view .= '</div>';
//OUTPUT
echo $view;
template_footer();
?>

290
order.php Normal file
View File

@@ -0,0 +1,290 @@
<?php
defined('admin') or exit;
if (!isset($_GET['id'])) {
exit('Invalid ID!');
}
// Retrieve order items
$stmt = $pdo->prepare('SELECT ti.*, p.productcode, p.name FROM transactions t JOIN transactions_items ti ON ti.txn_id = t.txn_id LEFT JOIN products p ON p.id = ti.item_id WHERE t.id = ?');
$stmt->execute([ $_GET['id'] ]);
$order_items = $stmt->fetchAll(PDO::FETCH_ASSOC);
// Retrieve order details
$stmt = $pdo->prepare('SELECT a.email, a.id AS a_id, a.first_name AS a_first_name, a.last_name AS a_last_name, a.address_street AS a_address_street, a.address_city AS a_address_city, a.address_state AS a_address_state, a.address_zip AS a_address_zip, a.address_country AS a_address_country, a.address_phone AS a_address_phone, t.* FROM transactions t LEFT JOIN transactions_items ti ON ti.txn_id = t.txn_id LEFT JOIN accounts a ON a.id = t.account_id WHERE t.id = ?');
$stmt->execute([ $_GET['id'] ]);
$order = $stmt->fetch(PDO::FETCH_ASSOC);
// Get tax
$stmt = $pdo->prepare('SELECT * FROM taxes WHERE country = ?');
$stmt->execute([$order['a_address_country']]);
$tax = $stmt->fetch(PDO::FETCH_ASSOC);
$tax_rate = $tax ? $tax['rate'] : 0.00;
//Add giftcards
if (isset($_GET['add_giftcard'])){
createGiftCart($pdo, $order['txn_id']);
}
//Get connected giftcards
$giftcards_template = $order['txn_id'].'#%#%';
$stmt = $pdo->prepare('SELECT * from discounts WHERE discount_code like ?');
$stmt->execute([$giftcards_template]);
$giftcards = $stmt->fetchAll(PDO::FETCH_ASSOC);
// Get the current date
$current_date = strtotime((new DateTime())->format('Y-m-d H:i:s'));
// Delete transaction
if (isset($_GET['delete'])) {
// Delete the transaction
$stmt = $pdo->prepare('DELETE t, ti FROM transactions t LEFT JOIN transactions_items ti ON ti.txn_id = t.txn_id WHERE t.id = ?');
$stmt->execute([ $_GET['id'] ]);
// Deactive giftcards
removeGiftCart($pdo, $_GET['txn']);
header('Location: index.php?page=orders&success_msg=3');
exit;
}
if (!$order) {
exit('Invalid ID!');
}
?>
<?=template_admin_header('Orders', 'orders')?>
<div class="content-title responsive-flex-wrap responsive-pad-bot-3">
<h2 class="responsive-width-100">Order #<?=$_GET['id']?></h2>
<a href="index.php?page=orders" class="btn alt mar-right-2">Cancel</a>
<a href="index.php?page=order&id=<?=$_GET['id']?>&delete=true&txn=<?=$order['txn_id']?>" class="btn red mar-right-2" onclick="return confirm('Are you sure you want to delete this order?')">Delete</a>
<a href="index.php?page=order_manage&id=<?=$_GET['id']?>" class="btn">Edit</a>
</div>
<div class="content-block-wrapper">
<div class="content-block order-details">
<div class="block-header">
<i class="fa-solid fa-cart-shopping fa-sm"></i>Order Details
</div>
<div class="order-detail">
<h3>Order ID</h3>
<p><?=$order['id']?></p>
</div>
<div class="order-detail">
<h3>Transaction ID</h3>
<p><?=$order['txn_id']?></p>
</div>
<?php if ($order['shipping_method']): ?>
<div class="order-detail">
<h3>Shipping Method</h3>
<p><?=$order['shipping_method'] ? htmlspecialchars($order['shipping_method'], ENT_QUOTES) : '--'?></p>
</div>
<?php endif; ?>
<div class="order-detail">
<h3>Payment Method</h3>
<p><?=$order['payment_method']?></p>
</div>
<div class="order-detail">
<h3>Payment Status</h3>
<p><?=$order['payment_status']?></p>
</div>
<div class="order-detail">
<h3>Date</h3>
<p><?=date('F j, Y H:ia', strtotime($order['created']))?></p>
</div>
<?php if ($order['discount_code']): ?>
<div class="order-detail">
<h3>Discount Code</h3>
<p><?=htmlspecialchars($order['discount_code'], ENT_QUOTES)?></p>
</div>
<?php endif; ?>
</div>
<div class="content-block order-details">
<div class="block-header">
<i class="fa-solid fa-user fa-sm"></i>Account Details
</div>
<?php if ($order['email']): ?>
<div class="order-detail">
<h3>Email</h3>
<p><a href="index.php?page=account&id=<?=$order['a_id']?>" target="_blank" class="link1" style="margin:0"><?=htmlspecialchars($order['email'], ENT_QUOTES)?></a></p>
</div>
<div class="order-detail">
<h3>Name</h3>
<p><?=htmlspecialchars($order['a_first_name'], ENT_QUOTES)?> <?=htmlspecialchars($order['a_last_name'], ENT_QUOTES)?></p>
</div>
<div class="order-detail">
<h3>Address</h3>
<p style="text-align:right;"><?=htmlspecialchars($order['a_address_street'], ENT_QUOTES)?><br>
<?=htmlspecialchars($order['a_address_city'], ENT_QUOTES)?><br>
<?=htmlspecialchars($order['a_address_state'], ENT_QUOTES)?><br>
<?=htmlspecialchars($order['a_address_zip'], ENT_QUOTES)?><br>
<?=htmlspecialchars($order['a_address_country'], ENT_QUOTES)?>
</p>
</div>
<div class="order-detail">
<h3>Contact</h3>
<p style="text-align:right;"><?=htmlspecialchars($order['a_address_phone'], ENT_QUOTES)?>
</p>
</div>
<?php else: ?>
<p>The order is not associated with an account.</p>
<?php endif; ?>
</div>
<div class="content-block order-details">
<div class="block-header">
<i class="fa-solid fa-user fa-sm"></i>Customer Details
</div>
<div class="order-detail">
<h3>Email</h3>
<p><?=htmlspecialchars($order['payer_email'], ENT_QUOTES)?></p>
</div>
<div class="order-detail">
<h3>Name</h3>
<p><?=htmlspecialchars($order['first_name'], ENT_QUOTES)?> <?=htmlspecialchars($order['last_name'], ENT_QUOTES)?></p>
</div>
<div class="order-detail">
<h3>Address</h3>
<p style="text-align:right;"><?=htmlspecialchars($order['address_street'], ENT_QUOTES)?><br>
<?=htmlspecialchars($order['address_city'], ENT_QUOTES)?><br>
<?=htmlspecialchars($order['address_state'], ENT_QUOTES)?><br>
<?=htmlspecialchars($order['address_zip'], ENT_QUOTES)?><br>
<?=htmlspecialchars($order['address_country'], ENT_QUOTES)?>
</p>
</div>
<div class="order-detail">
<h3>Contact</h3>
<p style="text-align:right;"><?=htmlspecialchars($order['a_address_phone'], ENT_QUOTES)?>
</p>
</div>
</div>
</div>
<div class="content-block">
<div class="block-header">
<i class="fa-solid fa-bars fa-sm"></i>Order
</div>
<div class="table order-table">
<table>
<thead>
<tr>
<td>Product</td>
<td>Options</td>
<td>Qty</td>
<td class="responsive-hidden">Price</td>
<td style="text-align:right;">Total</td>
</tr>
</thead>
<tbody>
<?php if (empty($order_items)): ?>
<tr>
<td colspan="5" style="text-align:center;">There are no order items</td>
</tr>
<?php else: ?>
<?php
$subtotal = 0;
foreach ($order_items as $item):
?>
<tr>
<td><?=$item['productcode']?> <?=$item['name'] ? htmlspecialchars($item['name'], ENT_QUOTES) : '(Product ' . $item['item_id'] . ')'?></td>
<td><?=$item['item_options'] ? htmlspecialchars(str_replace(',', ', ', $item['item_options']), ENT_QUOTES) : '--'?></td>
<td><?=$item['item_quantity']?></td>
<td class="responsive-hidden"><?=currency_code?><?=number_format($item['item_price'], 2)?></td>
<td style="text-align:right;"><?=currency_code?><?=number_format($item['item_price']*$item['item_quantity'], 2)?></td>
</tr>
<?php $subtotal += $item['item_price']*$item['item_quantity'];?>
<?php endforeach; ?>
<?php endif; ?>
<tr>
<td colspan="5" class="item-list-end"></td>
</tr>
<tr>
<td colspan="4" class="subtotal">Subtotal</td>
<td class="num"><?=currency_code?><?=number_format($subtotal, 2)?></td>
</tr>
<tr>
<td colspan="4" class="shipping">Shipping</td>
<td class="num"><?=currency_code?><?=number_format($order['shipping_amount'], 2)?></td>
</tr>
<tr>
<td colspan="4" class="shipping">Discount</td>
<td class="num"><?=currency_code?><?=number_format(($order['payment_amount']+$order['shipping_amount'])-($subtotal), 2)?></td>
</tr>
<tr>
<td colspan="4" class="shipping">VAT</td>
<td class="num" style="border-bottom: 1px solid #f0f1f2;"><?=currency_code?><?=number_format($order['tax_amount'], 2)?></td>
</tr>
<tr>
<td colspan="4" class="total">Total</td>
<td class="num"><b><?=currency_code?><?=number_format($order['payment_amount'], 2)?></b></td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="content-block">
<div class="block-header">
<i class="fa-solid fa-bars fa-sm"></i>Giftcards
</div>
<div class="table order-table">
<a href="index.php?page=order&id=<?=$_GET['id']?>&add_giftcard" class="btn">Relate giftcards</a>
<table>
<thead>
<tr>
<td>Giftcard</td>
<td>Valid</td>
<td>Value</td>
</tr>
</thead>
<tbody>
<?php if (empty($giftcards)): ?>
<tr>
<td colspan="5" style="text-align:center;">There are no order items</td>
</tr>
<?php else: ?>
<?php foreach ($giftcards as $giftcard): ?>
<tr>
<td><?=$giftcard['discount_code']?></td>
<td><?=$current_date >= strtotime($giftcard['start_date']) && $current_date <= strtotime($giftcard['end_date']) ? 'Yes' : 'No'?></td>
<td><?=currency_code?><?=number_format($giftcard['discount_value'], 2)?></td>
</tr>
<?php endforeach; ?>
<?php endif; ?>
<tr>
<td colspan="5" class="item-list-end"></td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="content-block">
<div class="block-header">
<i class="fa-solid fa-bars fa-sm"></i>Invoice
</div>
<div class="table order-table">
<table>
<tr>
<td style="width:70px";>
<form action="index.php?page=factuur" method="post">
<input type="hidden" name="txn_id" value="<?=$order['txn_id']?>">
<input type="submit" class="btn" name="show_invoice" value="Show">
</form>
</td>
<td style="width: 157px;">
<form action="index.php?page=factuur" method="post">
<input type="hidden" name="txn_id" value="<?=$order['txn_id']?>">
<input type="submit" class="btn" name="email_invoice" value="Email to Customer" onclick="return confirm('Send invoice to customer?');">
</form>
</td>
<td>
<form action="index.php?page=factuur" method="post">
<input type="hidden" name="txn_id" value="<?=$order['txn_id']?>">
<input type="submit" class="btn" name="email_invoice_to_admin" value="Email to Admin" onclick="return confirm('Send invoice to admin?');">
</form>
</td>
</tr>
</table>
</div>
</div>
<?=template_admin_footer()?>

172
orders.php Normal file
View File

@@ -0,0 +1,172 @@
<?php
defined('admin') or exit;
// Retrieve the GET request parameters (if specified)
$pagination_page = isset($_GET['pagination_page']) ? $_GET['pagination_page'] : 1;
$search = isset($_GET['search']) ? $_GET['search'] : '';
// Filters parameters
$status = isset($_GET['status']) ? $_GET['status'] : '';
$method = isset($_GET['method']) ? $_GET['method'] : '';
$account_id = isset($_GET['account_id']) ? $_GET['account_id'] : '';
// Order by column
$order = isset($_GET['order']) && $_GET['order'] == 'ASC' ? 'ASC' : 'DESC';
// Add/remove columns to the whitelist array
$order_by_whitelist = ['id','first_name','total_products','payment_amount','payment_method','payment_status','created','payer_email'];
$order_by = isset($_GET['order_by']) && in_array($_GET['order_by'], $order_by_whitelist) ? $_GET['order_by'] : 'created';
// Number of results per pagination page
$results_per_page = 20;
// Declare query param variables
$param1 = ($pagination_page - 1) * $results_per_page;
$param2 = $results_per_page;
$param3 = '%' . $search . '%';
// SQL where clause
$where = '';
$where .= $search ? 'WHERE (t.first_name LIKE :search OR t.last_name LIKE :search OR t.id LIKE :search OR t.txn_id LIKE :search OR t.payer_email LIKE :search) ' : '';
// Add filters
// Payment status filter
if ($status == 1) $where .= $where ? 'AND payment_status = "Completed" ' : 'WHERE payment_status = "Completed" ';
if ($status == 2) $where .= $where ? 'AND payment_status = "Pending" ' : 'WHERE payment_status = "Pending" ';
if ($status == 3) $where .= $where ? 'AND payment_status = "Cancelled" ' : 'WHERE payment_status = "Cancelled" ';
if ($status == 4) $where .= $where ? 'AND payment_status = "Reversed" ' : 'WHERE payment_status = "Reversed" ';
if ($status == 5) $where .= $where ? 'AND payment_status = "Shipped" ' : 'WHERE payment_status = "Shipped" ';
// Payment method filter
if ($method == 1) $where .= $where ? 'AND payment_method = "website" ' : 'WHERE payment_status = "website" ';
if ($method == 2) $where .= $where ? 'AND payment_method = "paypal" ' : 'WHERE payment_status = "paypal" ';
if ($method == 3) $where .= $where ? 'AND payment_method = "stripe" ' : 'WHERE payment_status = "stripe" ';
// Account ID filter
if ($account_id) $where .= $where ? 'AND account_id = :account_id ' : 'WHERE account_id = :account_id ';
// Retrieve the total number of transactions
$stmt = $pdo->prepare('SELECT COUNT(DISTINCT t.id) AS total FROM transactions t LEFT JOIN transactions_items ti ON ti.txn_id = t.txn_id ' . $where);
if ($search) $stmt->bindParam('search', $param3, PDO::PARAM_STR);
if ($account_id) $stmt->bindParam('account_id', $account_id, PDO::PARAM_INT);
$stmt->execute();
$orders_total = $stmt->fetchColumn();
// Retrieve transactions
$stmt = $pdo->prepare('SELECT t.*, COUNT(ti.id) AS total_products FROM transactions t LEFT JOIN transactions_items ti ON ti.txn_id = t.txn_id ' . $where . ' GROUP BY t.id, t.txn_id, t.payment_amount, t.payment_status, t.created, t.payer_email, t.first_name, t.last_name, t.address_street, t.address_city, t.address_state, t.address_zip, t.address_country, t.account_id, t.payment_method, t.discount_code, t.shipping_method, t.shipping_amount ORDER BY ' . $order_by . ' ' . $order . ' LIMIT :start_results,:num_results');
// Bind params
$stmt->bindParam('start_results', $param1, PDO::PARAM_INT);
$stmt->bindParam('num_results', $param2, PDO::PARAM_INT);
if ($search) $stmt->bindParam('search', $param3, PDO::PARAM_STR);
if ($account_id) $stmt->bindParam('account_id', $account_id, PDO::PARAM_INT);
$stmt->execute();
// Retrieve query results
$orders = $stmt->fetchAll(PDO::FETCH_ASSOC);
// Determine the URL
$url = 'index.php?page=orders&search=' . $search . '&status=' . $status . '&method=' . $method . '&account_id=' . $account_id;
// Handle success messages
if (isset($_GET['success_msg'])) {
if ($_GET['success_msg'] == 1) {
$success_msg = 'Order created successfully!';
}
if ($_GET['success_msg'] == 2) {
$success_msg = 'Order updated successfully!';
}
if ($_GET['success_msg'] == 3) {
$success_msg = 'Order deleted successfully!';
}
}
?>
<?=template_admin_header('Orders', 'orders')?>
<div class="content-title">
<div class="title">
<i class="fa-solid fa-cart-shopping"></i>
<div class="txt">
<h2>Orders</h2>
<p>View, create, and search orders.</p>
</div>
</div>
</div>
<?php if (isset($success_msg)): ?>
<div class="msg success">
<i class="fas fa-check-circle"></i>
<p><?=$success_msg?></p>
<i class="fas fa-times"></i>
</div>
<?php endif; ?>
<div class="content-header responsive-flex-column pad-top-5">
<a href="index.php?page=order_manage" class="btn">Create Order</a>
<form action="" method="get">
<input type="hidden" name="page" value="orders">
<div class="filters">
<a href="#"><i class="fas fa-sliders-h"></i> Filters</a>
<div class="list">
<select name="status">
<option value="" disabled selected>Status</option>
<option value="1"<?=$status==1?' selected':''?>>Completed</option>
<option value="2"<?=$status==2?' selected':''?>>Pending</option>
<option value="3"<?=$status==3?' selected':''?>>Cancelled</option>
<option value="4"<?=$status==4?' selected':''?>>Reversed</option>
<option value="5"<?=$status==5?' selected':''?>>Shipped</option>
</select>
<select name="method">
<option value="" disabled selected>Method</option>
<option value="1"<?=$method==1?' selected':''?>>Website</option>
<option value="2"<?=$method==2?' selected':''?>>PayPal</option>
<option value="3"<?=$method==3?' selected':''?>>Stripe</option>
</select>
<button type="submit">Apply</button>
</div>
</div>
<div class="search">
<label for="search">
<input id="search" type="text" name="search" placeholder="Search order..." value="<?=htmlspecialchars($search, ENT_QUOTES)?>" class="responsive-width-100">
<i class="fas fa-search"></i>
</label>
</div>
</form>
</div>
<div class="content-block">
<div class="table">
<table>
<thead>
<tr>
<td><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=id'?>">#<?php if ($order_by=='id'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
<td><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=first_name'?>">Customer<?php if ($order_by=='first_name'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
<td class="responsive-hidden"><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=payer_email'?>">Email<?php if ($order_by=='payer_email'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
<td class="responsive-hidden"><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=total_products'?>">Products<?php if ($order_by=='total_products'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
<td><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=payment_amount'?>">Total<?php if ($order_by=='payment_amount'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
<td class="responsive-hidden"><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=payment_method'?>">Method<?php if ($order_by=='payment_method'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
<td class="responsive-hidden"><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=payment_status'?>">Status<?php if ($order_by=='payment_status'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
<td class="responsive-hidden"><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=created'?>">Date<?php if ($order_by=='created'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
<td>Actions</td>
</tr>
</thead>
<tbody>
<?php if (empty($orders)): ?>
<tr>
<td colspan="9" style="text-align:center;">There are no orders</td>
</tr>
<?php else: ?>
<?php foreach ($orders as $i): ?>
<tr>
<td><?=$i['id']?></td>
<td><?=htmlspecialchars($i['first_name'], ENT_QUOTES)?> <?=htmlspecialchars($i['last_name'], ENT_QUOTES)?></td>
<td class="responsive-hidden"><?=htmlspecialchars($i['payer_email'], ENT_QUOTES)?></td>
<td class="responsive-hidden"><?=$i['total_products']?></td>
<td><?=currency_code?><?=number_format($i['payment_amount'], 2)?></td>
<td class="responsive-hidden"><?=$i['payment_method']?></td>
<td class="responsive-hidden"><span class="status <?=strtolower($i['payment_status'])?>"><?=$i['payment_status']?></span></td>
<td class="responsive-hidden"><?=date('F j, Y', strtotime($i['created']))?></td>
<td><a href="index.php?page=order&id=<?=$i['id']?>" class="link1">View</a> <a href="index.php?page=order_manage&id=<?=$i['id']?>" class="link1">Edit</a></td>
</tr>
<?php endforeach; ?>
<?php endif; ?>
</tbody>
</table>
</div>
</div>
<div class="pagination">
<?php if ($pagination_page > 1): ?>
<a href="<?=$url?>&pagination_page=<?=$pagination_page-1?>&order=<?=$order?>&order_by=<?=$order_by?>">Prev</a>
<?php endif; ?>
<span>Page <?=$pagination_page?> of <?=ceil($orders_total / $results_per_page) == 0 ? 1 : ceil($orders_total / $results_per_page)?></span>
<?php if ($pagination_page * $results_per_page < $orders_total): ?>
<a href="<?=$url?>&pagination_page=<?=$pagination_page+1?>&order=<?=$order?>&order_by=<?=$order_by?>">Next</a>
<?php endif; ?>
</div>
<?=template_admin_footer()?>

19
settings/settingsmenu.php
View File

@@ -14,7 +14,7 @@ $main_menu = array ('dashboard','sales','buildtool','cartests','marketing','equi
$equipments_sub = array('equipments','servicereports','rmas','histories','firmwaretool','equipments_mass_update'); $equipments_sub = array('equipments','servicereports','rmas','histories','firmwaretool','equipments_mass_update');
$sales_sub = array('accounts','contracts','catalog'); $sales_sub = array('accounts','contracts','catalog');
$products_sub = array('products','products_attributes','pricelists'); $products_sub = array('products','products_attributes','pricelists');
$admin_sub = array('users','categories','communications','partners','media'); $admin_sub = array('users','categories','discounts','shipping','communications','partners','media');
$reporting_sub = array('report_build','report_contracts_billing','report_healthindex','report_usage'); $reporting_sub = array('report_build','report_contracts_billing','report_healthindex','report_usage');
$settings_sub = array('config','translations','logfile','maintenance','profiles'); $settings_sub = array('config','translations','logfile','maintenance','profiles');
@@ -128,6 +128,18 @@ $urls = array(
"icon" => "fa-solid fa-photo-film", "icon" => "fa-solid fa-photo-film",
"name" => "menu_categories" "name" => "menu_categories"
), ),
"discounts" => array(
"url" => "discounts",
"selected" => "discounts",
"icon" => "fa-solid fa-photo-film",
"name" => "menu_discounts"
),
"shipping" => array(
"url" => "shipping",
"selected" => "shipping",
"icon" => "fa-solid fa-truck-fast",
"name" => "menu_shipping"
),
"catalog" => array( "catalog" => array(
"url" => "catalog", "url" => "catalog",
"selected" => "catalog", "selected" => "catalog",
@@ -253,7 +265,10 @@ $page_rows_products_attributes = 50; //list product attributes
$page_rows_media = 25; // list media $page_rows_media = 25; // list media
$page_rows_pricelists = 50;//pricelists $page_rows_pricelists = 50;//pricelists
$page_rows_categories = 25;//categories $page_rows_categories = 25;//categories
$page_rows_discounts = 25;//discounts
$page_rows_shipping = 25;//discounts
$page_rows_transactions = 25; //transactions
$page_rows_invoice = 25; //invoices
//------------------------------------------ //------------------------------------------
// Languages supported // Languages supported
//------------------------------------------ //------------------------------------------

2
settings/settingsprofiles.php
View File

@@ -6,7 +6,7 @@ define('superuser_profile','dashboard,profile,assets,equipments,equipment,equipm
/*Admin*/ /*Admin*/
define('admin_profile','dashboard,profile,buildtool,sales,accounts,account,contracts,contract,contract_manage,cartests,cartest,cartest_manage,assets,equipments,equipment,equipment_healthindex,equipment_data,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,rmas,rma,rma_manage,rma_history,rma_history_manage,buildtool,products,products_versions,products_software,product,product_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,communications,communication,communication_send,marketing,reporting,report_build,report_contracts_billing,report_healthindex,changelog,application'); define('admin_profile','dashboard,profile,buildtool,sales,accounts,account,contracts,contract,contract_manage,cartests,cartest,cartest_manage,assets,equipments,equipment,equipment_healthindex,equipment_data,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,rmas,rma,rma_manage,rma_history,rma_history_manage,buildtool,products,products_versions,products_software,product,product_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,communications,communication,communication_send,marketing,reporting,report_build,report_contracts_billing,report_healthindex,changelog,application');
/*AdminPlus*/ /*AdminPlus*/
define('adminplus_profile','dashboard,profile,buildtool,sales,accounts,account,contracts,contract,contract_manage,billing,cartests,cartest,cartest_manage,assets,equipments,equipment,equipment_healthindex,equipment_data,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,rmas,rma,rma_manage,rma_history,rma_history_manage,buildtool,products,products_versions,products_software,products_attributes,products_attributes_items,products_attributes_manage,products_configurations,products_categories,products_media,product,product_manage,pricelists,pricelists_items,pricelists_manage,catalog,categories,category,servicereports,servicereport,admin,partners,partner,users,user,user_manage,communications,communication,communication_send,marketing,reporting,report_build,report_contracts_billing,report_healthindex,report_usage,config,settings,logfile,changelog,language,translations,translations_details,translation_manage,media,media_manage,application,maintenance,profiles,vin,shopping_cart'); define('adminplus_profile','dashboard,profile,buildtool,sales,accounts,account,contracts,contract,contract_manage,billing,cartests,cartest,cartest_manage,assets,equipments,equipment,equipment_healthindex,equipment_data,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,rmas,rma,rma_manage,rma_history,rma_history_manage,buildtool,products,products_versions,products_software,products_attributes,products_attributes_items,products_attributes_manage,products_configurations,products_categories,products_media,product,product_manage,pricelists,pricelists_items,pricelists_manage,catalog,categories,category,discounts,discount,shipping,shipping_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,communications,communication,communication_send,marketing,reporting,report_build,report_contracts_billing,report_healthindex,report_usage,config,settings,logfile,changelog,language,translations,translations_details,translation_manage,media,media_manage,application,maintenance,profiles,vin,shopping_cart,checkout,placeorder,taxes,transactions,transactions_items,invoice');
/*Build*/ /*Build*/
define('build','dashboard,profile,buildtool,firmwaretool,buildtool,products_software,application'); define('build','dashboard,profile,buildtool,firmwaretool,buildtool,products_software,application');
/*Distribution*/ /*Distribution*/

12
settings/settingsviews.php
View File

@@ -52,6 +52,10 @@ $all_views = [
"catalog", "catalog",
"categories", "categories",
"category", "category",
"discounts",
"discount",
"shipping",
"shipping_manage",
"servicereports", "servicereports",
"servicereport", "servicereport",
"admin", "admin",
@@ -83,7 +87,13 @@ $all_views = [
"maintenance", "maintenance",
"profiles", "profiles",
"vin", "vin",
"shopping_cart" "shopping_cart",
"checkout",
"placeorder",
"taxes",
"transactions",
"transactions_items",
"invoice"
]; ];
?> ?>

159
shipping.php Normal file
View File

@@ -0,0 +1,159 @@
<?php
defined(page_security_key) or exit;
if (debug && debug_id == $_SESSION['id']){
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
}
include_once './assets/functions.php';
include_once './settings/settings.php';
//SET ORIGIN FOR NAVIGATION
$prev_page = $_SESSION['prev_origin'] ?? '';
$page = $_SESSION['origin'] = 'shipping';
//Check if allowed
if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){
header('location: index.php');
exit;
}
//GET PARAMETERS
$pagination_page = isset($_GET['p']) ? $_GET['p'] : 1;
$search = isset($_GET['search']) ? '&search='.$_GET['search'] : '';
// Determine the URL
$url = 'index.php?page=shipping'.$search;
//GET Details from URL
$GET_VALUES = urlGETdetails($_GET) ?? '';
//CALL TO API
$api_url = '/v2/shipping/'.$GET_VALUES;
$shipping = ioServer($api_url,'');
//Decode Payload
if (!empty($shipping)){$shipping = json_decode($shipping,true);}else{$shipping = null;}
//Return QueryTotal from API
$api_url = '/v2/shipping/totals=';
$query_total = ioServer($api_url,'');
//CALL TO API FOR shipping
$api_url = '/v2/taxes/';
$countries = ioServer($api_url,'');
//Decode Payload
if (!empty($countries)){$countries = json_decode($countries,true);}else{$countries = null;}
//Decode Payload
if (!empty($query_total)){$query_total = json_decode($query_total,true);}else{$query_total = null;}
// Handle success messages
if (isset($_GET['success_msg'])) {
if ($_GET['success_msg'] == 1) {
$success_msg = $message_shipping_1 ?? 'Created';
}
if ($_GET['success_msg'] == 2) {
$success_msg = $message_shipping_2 ?? 'Updated';
}
if ($_GET['success_msg'] == 3) {
$success_msg = $message_shipping_3 ?? 'Deleted' ;
}
}
template_header('shipping', 'shipping','view');
$view = '
<div class="content-title">
<div class="title">
<i class="fa-solid fa-truck-fast"></i>
<div class="txt">
<h2>'.($shipping_h2 ?? 'shipping').' ('.$query_total.')</h2>
<p>'.($shipping_p ?? '').'</p>
</div>
</div>
</div>';
if (isset($success_msg)){
$view .= ' <div class="msg success">
<i class="fas fa-check-circle"></i>
<p>'.$success_msg.'</p>
<i class="fas fa-times"></i>
</div>';
}
$view .= '
<div class="content-header responsive-flex-column pad-top-5">
<a href="index.php?page=shipping_manage" class="btn">'.($button_create_shipping ?? 'Create shipping').'</a>
</div>
<div class="content-block">
<div class="table">
<table>
<thead>
<tr>
<td>'.($shipping_id ?? '#').'</td>
<td>'.($shipping_name ?? 'name').'</td>
<td>'.($shipping_type ?? 'Type').'</td>
<td class="responsive-hidden">'.($shipping_category ?? 'Countries').'</td>
<td class="responsive-hidden">'.($shipping_price ?? 'Price Range').'</td>
<td class="responsive-hidden">'.($shipping_weight ?? 'Weight Range').'</td>
<td>'.($shipping_price_total ?? 'Total price').'</td>
<td>'.$general_actions.'</td>
</tr>
</thead>
<tbody>';
if (empty($shipping)){
$view .= '<tr>
<td colspan="8" style="text-align:center;">'.($message_no_shipping ?? 'There are no shipping').'</td>
</tr>';
}
else {
foreach ($shipping as $shipment){
$current_date = strtotime((new DateTime())->format('Y-m-d H:i:s'));
$shipping_countries = ($shipment['countries'] ? str_replace(',', ', ', $shipment['countries']) : $general_all ?? 'all');
if ($shipping_countries != ($general_all ?? 'all')){
$countryNames = getCountryNamesByIds($countries, $shipping_countries);
$shipping_countries = implode(', ', $countryNames);
}
$view .= '
<tr>
<td>'.$shipment['id'].'</td>
<td>'.$shipment['name'].'</td>
<td>'.($shipment['type'] == 0 ? ($shipping_type_standard ?? 'Standard' ) : ($shipping_type_express ?? 'Express')).'</td>
<td class="responsive-hidden" style="max-width:300px">'.$shipping_countries.'</td>
<td class="responsive-hidden">'.number_format($shipment['price_from'], 2).' - '.number_format($shipment['price_to'], 2).'</td>
<td class="responsive-hidden">'.number_format($shipment['weight_from'], 2).' kg - '.number_format($shipment['weight_to'], 2).' kg</td>
<td><?=currency_code?>'.number_format($shipment['price'], 2).'</td>
<td><a href="index.php?page=shipping_manage&id='.$shipment['id'].'" class="link1">'.$general_view.'</a></td>
</tr>';
}
}
$view .= '
</tbody>
</table>
</div>
</div>
';
$view.='<div class="pagination">';
if ($pagination_page > 1) {
$page = $pagination_page-1;
$view .= '<a href="'.$url.'&p=1">'.$general_first.'</a>';
$view .= '<a href="'.$url.'&p='.$page.'">'.$general_prev.'</a>';
}
$totals = ceil($query_total / $page_rows_shipping) == 0 ? 1 : ceil($query_total / $page_rows_shipping);
$view .= '<span> '.$general_page.$pagination_page.$general_page_of.$totals.'</span>';
if ($pagination_page * $page_rows_shipping < $query_total){
$page = $pagination_page+1;
$view .= '<a href="'.$url.'&p='.$page.'">'.$general_next.'</a>';
$view .= '<a href="'.$url.'&p='.$totals.'">'.$general_last.'</a>';
}
$view .= '</div>';
//OUTPUT
echo $view;
template_footer();
?>

169
shipping_manage.php Normal file
View File

@@ -0,0 +1,169 @@
<?php
defined(page_security_key) or exit;
$page = 'shipping';
//Check if allowed
if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){
header('location: index.php');
exit;
}
//PAGE Security
$update_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'U');
$delete_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'D');
$create_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'C');
$shipping = [
'id' =>'',
'name' => '',
'price_from' => '',
'price_to' => '',
'weight_from' => '',
'weight_to' => '',
'price' => '',
'type' => 'Single Product',
'countries' => ''
];
//CALL TO API FOR shipping
$api_url = '/v2/taxes/';
$countries = ioServer($api_url,'');
//Decode Payload
if (!empty($countries)){$countries = json_decode($countries,true);}else{$countries = null;}
//CountryID mapping
$countryMap = array_column($countries, 'country', 'id');
if (isset($_GET['id'])) {
//CALL TO API FOR shipping
$api_url = '/v2/shipping/id='.$_GET['id'];
$shipping = ioServer($api_url,'');
//Decode Payload
if (!empty($shipping)){$shipping = json_decode($shipping,true);}else{$shipping = null;}
$shipping = $shipping[0];
if (isset($_POST['submit'])) {
//Update the shipping
//GET ALL POST DATA
$payload = json_encode($_POST, JSON_UNESCAPED_UNICODE);
//API call
$responses = ioServer('/v2/shipping', $payload);
if ($responses === 'NOK'){
} else {
header('Location: index.php?page=shipping&success_msg=2');
exit;
}
}
if (isset($_POST['delete'])) {
//GET ALL POST DATA
$payload = json_encode($_POST, JSON_UNESCAPED_UNICODE);
var_dump($payload);
//API call
$responses = ioServer('/v2/shipping', $payload);
if ($responses === 'NOK'){
} else {
//Redirect and delete product
header('Location: index.php?page=shipping&success_msg=3');
exit;
}
}
} else {
// Create a new shipping
$page = 'Create';
if (isset($_POST['submit'])) {
//GET ALL POST DATA
$payload = json_encode($_POST , JSON_UNESCAPED_UNICODE);
//API call
$responses = ioServer('/v2/shipping', $payload);
if ($responses === 'NOK'){
// DO nothing
}
else {
header('Location: index.php?page=shipping&success_msg=1');
exit;
}
}
}
template_header('shipping', 'shipping', 'manage');
$view ='
<form action="" method="post" enctype="multipart/form-data">
<div class="content-title responsive-flex-wrap responsive-pad-bot-3">
<h2 class="responsive-width-100">'.($shipping_h2 ?? 'shipping').'</h2>
<a href="index.php?page=shipping" class="btn alt mar-right-2">'.$button_cancel.'</a>
';
if ($delete_allowed === 1){
$view .= '<input type="submit" name="delete" value="Delete" class="btn red mar-right-2" onclick="return confirm(\'Are you sure you want to delete this shipping?\')">';
}
if ($update_allowed === 1){
$view .= '<input type="submit" name="submit" value="Save" class="btn">';
}
$view .= '</div>';
$view .= '<div class="content-block">
<div class="form responsive-width-100">
<label for="name"><i class="required">*</i>'.($shipping_name ?? 'Name').'</label>
<input type="text" name="name" placeholder="'.($shipping_name ?? 'Name').'" value="'.$shipping['name'].'" required>
<input type="hidden" name="id" value="'.$shipping['id'].'">
<label for="type"><i class="required">*</i>'.($shipping_type ?? 'Type').'</label>
<select name="type" id="type" required>
<option value="'.$shipping['type'].'" '.($shipping['type']== 0 ? ' selected':'').'>'.($shipping_type_standard ?? 'Standard').'</option>
<option value="'.$shipping['type'].'" '.($shipping['type']== 1 ? ' selected':'').'>'.($shipping_type_express ?? 'Expres').'</option>
</select>
<label for="countries">'.($shipping_countries ?? 'Countries').'</label>
<div class="multiselect" data-name="countries[]">';
foreach (explode(',', $shipping['countries']) as $c){
if (empty($c)) continue; {
$view .= ' <span class="item" data-value="'.$c.'">
<i class="remove">&times;</i>'.($countryMap[$c]).'
<input type="hidden" name="countries[]" value="'.$c.'">
</span>';
}
}
$view .= ' <input type="text" class="search" id="countries" placeholder="'.($shipping_countries ?? 'Countries').'">
<div class="list">';
foreach ($countries as $country){
$view .= '<span data-value="'.$country['id'].'">'.(${$country['country']} ?? $country['country']).'</span>';
}
$view .= ' </div>
</div>
<label for="price"><i class="required">*</i>'.($shipping_price_range ?? 'Product Price Range').'</label>
<div style="display:flex;margin:0;">
<input type="number" name="price_from" placeholder="'.($shipping_from ?? 'From').'" min="0" step=".01" value="'.$shipping['price_from'].'" required>
<span style="padding-top:15px">&nbsp;&nbsp;&nbsp;&mdash;&nbsp;&nbsp;&nbsp;</span>
<input type="number" name="price_to" placeholder="'.($shipping_to ?? 'To').'" min="0" step=".01" value="'.$shipping['price_to'].'" required>
</div>
<label for="price"><i class="required">*</i>'.($shipping_weight_range ?? 'Product Weight Range (kg)').' </label>
<div style="display:flex;margin:0;">
<input type="number" name="weight_from" placeholder="'.($shipping_from ?? 'From').'" min="0" step=".01" value="'.$shipping['weight_from'].'" required>
<span style="padding-top:15px">&nbsp;&nbsp;&nbsp;&mdash;&nbsp;&nbsp;&nbsp;</span>
<input type="number" name="weight_to" placeholder="'.($shipping_to ?? 'To').'" min="0" step=".01" value="'.$shipping['weight_to'].'" required>
</div>
<label for="name"><i class="required">*</i>'.($shipping_total_price ?? 'Total Shipping Price').' </label>
<input type="number" name="price" placeholder="3.99" min="0" step=".01" value="'.$shipping['price'].'" required>
</div>
</div>
</form>';
//Output
echo $view;
template_footer();
?>

75
tax.php Normal file
View File

@@ -0,0 +1,75 @@
<?php
defined('admin') or exit;
// Default input tax values
$tax = [
'country' => '',
'rate' => 0.00
];
if (isset($_GET['id'])) {
// ID param exists, edit an existing tax
$page = 'Edit';
if (isset($_POST['submit'])) {
// Update the tax
$categories_list = isset($_POST['categories']) ? implode(',', $_POST['categories']) : '';
$products_list = isset($_POST['products']) ? implode(',', $_POST['products']) : '';
$stmt = $pdo->prepare('UPDATE taxes SET country = ?, rate = ? WHERE id = ?');
$stmt->execute([ $_POST['country'], $_POST['rate'], $_GET['id'] ]);
header('Location: index.php?page=taxes&success_msg=2');
exit;
}
if (isset($_POST['delete'])) {
// Delete the tax
$stmt = $pdo->prepare('DELETE FROM taxes WHERE id = ?');
$stmt->execute([ $_GET['id'] ]);
header('Location: index.php?page=taxes&success_msg=3');
exit;
}
// Get the tax from the database
$stmt = $pdo->prepare('SELECT * FROM taxes WHERE id = ?');
$stmt->execute([ $_GET['id'] ]);
$tax = $stmt->fetch(PDO::FETCH_ASSOC);
} else {
// Create a new tax
$page = 'Create';
if (isset($_POST['submit'])) {
$stmt = $pdo->prepare('INSERT INTO taxes (country,rate) VALUES (?,?)');
$stmt->execute([ $_POST['country'], $_POST['rate'] ]);
header('Location: index.php?page=taxes&success_msg=1');
exit;
}
}
?>
<?=template_admin_header($page . ' Tax', 'taxes', 'manage')?>
<form action="" method="post">
<div class="content-title responsive-flex-wrap responsive-pad-bot-3">
<h2 class="responsive-width-100"><?=$page?> Tax</h2>
<a href="index.php?page=taxes" class="btn alt mar-right-2">Cancel</a>
<?php if ($page == 'Edit'): ?>
<input type="submit" name="delete" value="Delete" class="btn red mar-right-2" onclick="return confirm('Are you sure you want to delete this tax?')">
<?php endif; ?>
<input type="submit" name="submit" value="Save" class="btn">
</div>
<div class="content-block">
<div class="form responsive-width-100">
<label for="country"><i class="required">*</i> Country</label>
<select name="country" required>
<?php foreach (get_countries() as $country): ?>
<option value="<?=$country?>"<?=$country==$tax['country']?' selected':''?>><?=$country?></option>
<?php endforeach; ?>
</select>
<label for="rate"><i class="required">*</i> Rate</label>
<input id="rate" type="number" name="rate" step=".01" placeholder="Rate" value="<?=$tax['rate']?>" required>
</div>
</div>
</form>
<?=template_admin_footer()?>

75
taxes.php Normal file
View File

@@ -0,0 +1,75 @@
<?php
defined('admin') or exit;
// SQL query to get all taxes from the "taxes" table
$stmt = $pdo->prepare('SELECT * FROM taxes ORDER BY country ASC');
$stmt->execute();
$taxes = $stmt->fetchAll(PDO::FETCH_ASSOC);
// Handle success messages
if (isset($_GET['success_msg'])) {
if ($_GET['success_msg'] == 1) {
$success_msg = 'Tax created successfully!';
}
if ($_GET['success_msg'] == 2) {
$success_msg = 'Tax updated successfully!';
}
if ($_GET['success_msg'] == 3) {
$success_msg = 'Tax deleted successfully!';
}
}
?>
<?=template_admin_header('Taxes', 'taxes')?>
<div class="content-title">
<div class="title">
<i class="fa-solid fa-percent"></i>
<div class="txt">
<h2>Taxes</h2>
<p>View, create, and edit taxes.</p>
</div>
</div>
</div>
<?php if (isset($success_msg)): ?>
<div class="msg success">
<i class="fas fa-check-circle"></i>
<p><?=$success_msg?></p>
<i class="fas fa-times"></i>
</div>
<?php endif; ?>
<div class="content-header responsive-flex-column pad-top-5">
<a href="index.php?page=tax" class="btn">Create Tax</a>
</div>
<div class="content-block">
<div class="table">
<table>
<thead>
<tr>
<td class="responsive-hidden">#</td>
<td>Country</td>
<td>Tax Rate</td>
<td>Actions</td>
</tr>
</thead>
<tbody>
<?php if (empty($taxes)): ?>
<tr>
<td colspan="4" style="text-align:center;">There are no taxes</td>
</tr>
<?php else: ?>
<?php foreach ($taxes as $tax): ?>
<tr>
<td class="responsive-hidden"><?=$tax['id']?></td>
<td><?=$tax['country']?></td>
<td><?=$tax['rate']?>%</td>
<td><a href="index.php?page=tax&id=<?=$tax['id']?>" class="link1">Edit</a></td>
</tr>
<?php endforeach; ?>
<?php endif; ?>
</tbody>
</table>
</div>
</div>
<?=template_admin_footer()?>