Project-Pro/marianek.pl
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

update

Browse Source
This commit is contained in:
Jacek Pyziak
2026-03-28 12:06:51 +01:00
parent 17a1efed77
commit d2e5b50ef1
33 changed files with 1255 additions and 648 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
autoload/Domain/Article/ArticleRepository.php
View File

@@ -850,6 +850,8 @@ class ArticleRepository
$full = realpath('../' . ltrim($src, '/'));
if ($full && strpos($full, $base . DIRECTORY_SEPARATOR) === 0 && is_file($full)) {
unlink($full);
} elseif ($full) {
error_log( '[shopPRO] safeUnlink: ścieżka poza upload/: ' . $src );
}
}

14
autoload/Domain/CronJob/CronJobRepository.php
View File

@@ -130,10 +130,22 @@ class CronJobRepository
*/
public function markFailed($jobId, $error, $attempt = 1)
{
$job = $this->db->get('pp_cron_jobs', ['max_attempts', 'attempts'], ['id' => $jobId]);
$job = $this->db->get('pp_cron_jobs', ['job_type', 'max_attempts', 'attempts'], ['id' => $jobId]);
$attempts = $job ? (int) $job['attempts'] : $attempt;
$maxAttempts = $job ? (int) $job['max_attempts'] : 10;
$jobType = $job ? $job['job_type'] : '';
// Order-related Apilo joby — infinite retry co 30 min
if (CronJobType::isOrderRelatedApiloJob($jobType)) {
$nextRun = date('Y-m-d H:i:s', time() + CronJobType::APILO_ORDER_BACKOFF_SECONDS);
$this->db->update('pp_cron_jobs', [
'status' => CronJobType::STATUS_PENDING,
'last_error' => mb_substr($error, 0, 500),
'scheduled_at' => $nextRun,
], ['id' => $jobId]);
return;
}
if ($attempts >= $maxAttempts) {
// Przekroczono limit prób — trwale failed

14
autoload/Domain/CronJob/CronJobType.php
View File

@@ -34,6 +34,7 @@ class CronJobType
// Backoff
const BASE_BACKOFF_SECONDS = 60;
const MAX_BACKOFF_SECONDS = 3600;
const APILO_ORDER_BACKOFF_SECONDS = 1800; // 30 min — stały interwał dla order jobów
/**
* @return string[]
@@ -69,6 +70,19 @@ class CronJobType
];
}
/**
* @param string $jobType
* @return bool
*/
public static function isOrderRelatedApiloJob($jobType)
{
return in_array($jobType, [
self::APILO_SEND_ORDER,
self::APILO_SYNC_PAYMENT,
self::APILO_SYNC_STATUS,
], true);
}
/**
* @param int $attempt
* @return int

567
autoload/Domain/Integrations/ApiloRepository.php Normal file
View File

@@ -0,0 +1,567 @@
<?php
namespace Domain\Integrations;
class ApiloRepository
{
private $db;
private const SETTINGS_TABLE = 'pp_shop_apilo_settings';
private const APILO_ENDPOINTS = [
'platform' => 'https://projectpro.apilo.com/rest/api/orders/platform/map/',
'status' => 'https://projectpro.apilo.com/rest/api/orders/status/map/',
'carrier' => 'https://projectpro.apilo.com/rest/api/orders/carrier-account/map/',
'payment' => 'https://projectpro.apilo.com/rest/api/orders/payment/map/',
];
private const APILO_SETTINGS_KEYS = [
'platform' => 'platform-list',
'status' => 'status-types-list',
'carrier' => 'carrier-account-list',
'payment' => 'payment-types-list',
];
public function __construct( $db )
{
$this->db = $db;
}
// ── Settings access (Apilo-specific) ────────────────────────
private function getApiloSettings(): array
{
$rows = $this->db->select( self::SETTINGS_TABLE, [ 'name', 'value' ] );
$settings = [];
foreach ( $rows ?: [] as $row )
$settings[$row['name']] = $row['value'];
return $settings;
}
private function saveApiloSetting( string $name, $value ): void
{
if ( $this->db->count( self::SETTINGS_TABLE, [ 'name' => $name ] ) ) {
$this->db->update( self::SETTINGS_TABLE, [ 'value' => $value ], [ 'name' => $name ] );
} else {
$this->db->insert( self::SETTINGS_TABLE, [ 'name' => $name, 'value' => $value ] );
}
\Shared\Helpers\Helpers::delete_dir( '../temp/' );
}
// ── Apilo OAuth ─────────────────────────────────────────────
public function apiloAuthorize( string $clientId, string $clientSecret, string $authCode ): bool
{
$postData = [
'grantType' => 'authorization_code',
'token' => $authCode,
];
$ch = curl_init( "https://projectpro.apilo.com/rest/auth/token/" );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
curl_setopt( $ch, CURLOPT_CUSTOMREQUEST, "POST" );
curl_setopt( $ch, CURLOPT_POSTFIELDS, json_encode( $postData ) );
curl_setopt( $ch, CURLOPT_HTTPHEADER, [
"Authorization: Basic " . base64_encode( $clientId . ":" . $clientSecret ),
"Accept: application/json"
] );
$response = curl_exec( $ch );
if ( curl_errno( $ch ) ) {
curl_close( $ch );
return false;
}
curl_close( $ch );
$response = json_decode( $response, true );
if ( empty( $response['accessToken'] ) )
return false;
try {
$this->saveApiloSetting( 'access-token', $response['accessToken'] );
$this->saveApiloSetting( 'refresh-token', $response['refreshToken'] );
$this->saveApiloSetting( 'access-token-expire-at', $response['accessTokenExpireAt'] );
$this->saveApiloSetting( 'refresh-token-expire-at', $response['refreshTokenExpireAt'] );
} catch ( \Exception $e ) {
error_log( '[shopPRO] Apilo: błąd zapisu tokenów: ' . $e->getMessage() );
return false;
}
return true;
}
public function apiloGetAccessToken( int $refreshLeadSeconds = 300 ): ?string
{
$settings = $this->getApiloSettings();
$hasRefreshCredentials = !empty( $settings['refresh-token'] )
&& !empty( $settings['client-id'] )
&& !empty( $settings['client-secret'] );
$accessToken = trim( (string)($settings['access-token'] ?? '') );
$accessTokenExpireAt = trim( (string)($settings['access-token-expire-at'] ?? '') );
if ( $accessToken !== '' && $accessTokenExpireAt !== '' ) {
if ( !$this->shouldRefreshAccessToken( $accessTokenExpireAt, $refreshLeadSeconds ) ) {
return $accessToken;
}
}
if ( !$hasRefreshCredentials ) {
return null;
}
if (
!empty( $settings['refresh-token-expire-at'] ) &&
!$this->isFutureDate( (string)$settings['refresh-token-expire-at'] )
) {
return null;
}
return $this->refreshApiloAccessToken( $settings );
}
/**
* Keepalive tokenu Apilo do uzycia w CRON.
* Odswieza token, gdy wygasa lub jest bliski wygasniecia.
*
* @return array{success:bool,skipped:bool,message:string}
*/
public function apiloKeepalive( int $refreshLeadSeconds = 300 ): array
{
$settings = $this->getApiloSettings();
if ( (int)($settings['enabled'] ?? 0) !== 1 ) {
return [
'success' => false,
'skipped' => true,
'message' => 'Apilo disabled.',
];
}
if ( empty( $settings['client-id'] ) || empty( $settings['client-secret'] ) ) {
return [
'success' => false,
'skipped' => true,
'message' => 'Missing Apilo credentials.',
];
}
$token = $this->apiloGetAccessToken( $refreshLeadSeconds );
if ( !$token ) {
return [
'success' => false,
'skipped' => false,
'message' => 'Unable to refresh Apilo token.',
];
}
$this->saveApiloSetting( 'token-keepalive-at', date( 'Y-m-d H:i:s' ) );
return [
'success' => true,
'skipped' => false,
'message' => 'Apilo token keepalive OK.',
];
}
private function refreshApiloAccessToken( array $settings ): ?string
{
$postData = [
'grantType' => 'refresh_token',
'token' => $settings['refresh-token'],
];
$ch = curl_init( "https://projectpro.apilo.com/rest/auth/token/" );
curl_setopt( $ch, CURLOPT_HTTPHEADER, [
"Authorization: Basic " . base64_encode( $settings['client-id'] . ":" . $settings['client-secret'] ),
"Accept: application/json"
] );
curl_setopt( $ch, CURLOPT_POST, true );
curl_setopt( $ch, CURLOPT_POSTFIELDS, json_encode( $postData ) );
curl_setopt( $ch, CURLOPT_CUSTOMREQUEST, "POST" );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
$response = curl_exec( $ch );
if ( curl_errno( $ch ) ) {
curl_close( $ch );
return null;
}
curl_close( $ch );
$response = json_decode( $response, true );
if ( empty( $response['accessToken'] ) ) {
return null;
}
$this->saveApiloSetting( 'access-token', $response['accessToken'] );
$this->saveApiloSetting( 'refresh-token', $response['refreshToken'] ?? ( $settings['refresh-token'] ?? '' ) );
$this->saveApiloSetting( 'access-token-expire-at', $response['accessTokenExpireAt'] ?? null );
$this->saveApiloSetting( 'refresh-token-expire-at', $response['refreshTokenExpireAt'] ?? null );
return $response['accessToken'];
}
private function shouldRefreshAccessToken( string $expiresAtRaw, int $leadSeconds = 300 ): bool
{
try {
$expiresAt = new \DateTime( $expiresAtRaw );
} catch ( \Exception $e ) {
return true;
}
$threshold = new \DateTime( date( 'Y-m-d H:i:s', time() + max( 0, $leadSeconds ) ) );
return $expiresAt <= $threshold;
}
private function isFutureDate( string $dateRaw ): bool
{
try {
$date = new \DateTime( $dateRaw );
} catch ( \Exception $e ) {
return false;
}
return $date > new \DateTime( date( 'Y-m-d H:i:s' ) );
}
/**
* Sprawdza aktualny stan integracji Apilo i zwraca komunikat dla UI.
*
* @return array{is_valid:bool,severity:string,message:string}
*/
public function apiloIntegrationStatus(): array
{
$settings = $this->getApiloSettings();
$missing = [];
foreach ( [ 'client-id', 'client-secret' ] as $field ) {
if ( trim( (string)($settings[$field] ?? '') ) === '' )
$missing[] = $field;
}
if ( !empty( $missing ) ) {
return [
'is_valid' => false,
'severity' => 'danger',
'message' => 'Brakuje konfiguracji Apilo: ' . implode( ', ', $missing ) . '.',
];
}
$accessToken = trim( (string)($settings['access-token'] ?? '') );
$authorizationCode = trim( (string)($settings['authorization-code'] ?? '') );
if ( $accessToken === '' ) {
if ( $authorizationCode === '' ) {
return [
'is_valid' => false,
'severity' => 'warning',
'message' => 'Brak authorization-code i access-token. Wpisz kod autoryzacji i uruchom autoryzacje.',
];
}
return [
'is_valid' => false,
'severity' => 'warning',
'message' => 'Brak access-token. Uruchom autoryzacje Apilo.',
];
}
$token = $this->apiloGetAccessToken();
if ( !$token ) {
return [
'is_valid' => false,
'severity' => 'danger',
'message' => 'Token Apilo jest niewazny lub wygasl i nie udal sie refresh. Wykonaj ponowna autoryzacje.',
];
}
$expiresAt = trim( (string)($settings['access-token-expire-at'] ?? '') );
$suffix = $expiresAt !== '' ? ( ' Token wazny do: ' . $expiresAt . '.' ) : '';
return [
'is_valid' => true,
'severity' => 'success',
'message' => 'Integracja Apilo jest aktywna.' . $suffix,
];
}
// ── Apilo API fetch lists ───────────────────────────────────
/**
* Fetch list from Apilo API and save to settings.
* @param string $type platform|status|carrier|payment
*/
public function apiloFetchList( string $type ): bool
{
$result = $this->apiloFetchListResult( $type );
return !empty( $result['success'] );
}
/**
* Fetch list from Apilo API and return detailed status for UI.
*
* @param string $type platform|status|carrier|payment
* @return array{success:bool,count:int,message:string}
*/
public function apiloFetchListResult( string $type ): array
{
if ( !isset( self::APILO_ENDPOINTS[$type] ) )
throw new \InvalidArgumentException( "Unknown apilo list type: $type" );
$settings = $this->getApiloSettings();
$missingFields = [];
foreach ( [ 'client-id', 'client-secret' ] as $requiredField ) {
if ( trim( (string)($settings[$requiredField] ?? '') ) === '' )
$missingFields[] = $requiredField;
}
if ( !empty( $missingFields ) ) {
return [
'success' => false,
'count' => 0,
'message' => 'Brakuje konfiguracji Apilo: ' . implode( ', ', $missingFields ) . '. Uzupelnij pola i zapisz ustawienia.',
];
}
$accessToken = $this->apiloGetAccessToken();
if ( !$accessToken ) {
return [
'success' => false,
'count' => 0,
'message' => 'Brak aktywnego tokenu Apilo. Wykonaj autoryzacje Apilo i sprobuj ponownie.',
];
}
$ch = curl_init( self::APILO_ENDPOINTS[$type] );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
curl_setopt( $ch, CURLOPT_HTTPHEADER, [
"Authorization: Bearer " . $accessToken,
"Accept: application/json"
] );
$response = curl_exec( $ch );
if ( curl_errno( $ch ) ) {
$error = curl_error( $ch );
curl_close( $ch );
return [
'success' => false,
'count' => 0,
'message' => 'Blad polaczenia z Apilo: ' . $error . '. Sprawdz polaczenie serwera i sprobuj ponownie.',
];
}
$httpCode = (int) curl_getinfo( $ch, CURLINFO_HTTP_CODE );
curl_close( $ch );
$data = json_decode( $response, true );
if ( !is_array( $data ) ) {
$responsePreview = substr( trim( (string)$response ), 0, 180 );
if ( $responsePreview === '' )
$responsePreview = '[pusta odpowiedz]';
return [
'success' => false,
'count' => 0,
'message' => 'Apilo zwrocilo niepoprawny format odpowiedzi (HTTP ' . $httpCode . '). Odpowiedz: ' . $responsePreview,
];
}
if ( $httpCode >= 400 ) {
return [
'success' => false,
'count' => 0,
'message' => 'Apilo zwrocilo blad HTTP ' . $httpCode . ': ' . $this->extractApiloErrorMessage( $data ),
];
}
$normalizedList = $this->normalizeApiloMapList( $data );
if ( $normalizedList === null ) {
return [
'success' => false,
'count' => 0,
'message' => 'Apilo zwrocilo dane w nieoczekiwanym formacie. Odswiez token i sproboj ponownie.',
];
}
$this->saveApiloSetting( self::APILO_SETTINGS_KEYS[$type], $normalizedList );
return [
'success' => true,
'count' => count( $normalizedList ),
'message' => 'OK',
];
}
/**
* Normalizuje odpowiedz API mapowania do listy rekordow ['id' => ..., 'name' => ...].
* Zwraca null dla payloadu bledow lub nieoczekiwanego formatu.
*
* @return array<int, array{id:mixed,name:mixed}>|null
*/
private function normalizeApiloMapList( array $data ): ?array
{
if ( isset( $data['message'] ) && isset( $data['code'] ) )
return null;
if ( $this->isMapListShape( $data ) )
return $data;
if ( isset( $data['items'] ) && is_array( $data['items'] ) && $this->isMapListShape( $data['items'] ) )
return $data['items'];
if ( isset( $data['data'] ) && is_array( $data['data'] ) && $this->isMapListShape( $data['data'] ) )
return $data['data'];
// Dopuszczamy rowniez format asocjacyjny: [id => name, ...], ale tylko dla kluczy liczbowych.
if ( !empty( $data ) ) {
$normalized = [];
foreach ( $data as $key => $value ) {
if ( !( is_int( $key ) || ( is_string( $key ) && preg_match('/^-?\d+$/', $key) === 1 ) ) )
return null;
if ( !is_scalar( $value ) )
return null;
$normalized[] = [
'id' => $key,
'name' => (string) $value,
];
}
return !empty( $normalized ) ? $normalized : null;
}
return null;
}
private function isMapListShape( array $list ): bool
{
if ( empty( $list ) )
return false;
foreach ( $list as $row ) {
if ( !is_array( $row ) || !array_key_exists( 'id', $row ) || !array_key_exists( 'name', $row ) )
return false;
}
return true;
}
private function extractApiloErrorMessage( array $data ): string
{
foreach ( [ 'message', 'error', 'detail', 'title' ] as $key ) {
if ( isset( $data[$key] ) && is_scalar( $data[$key] ) ) {
$message = trim( (string)$data[$key] );
if ( $message !== '' )
return $message;
}
}
if ( isset( $data['errors'] ) ) {
if ( is_array( $data['errors'] ) ) {
$flat = [];
foreach ( $data['errors'] as $errorItem ) {
if ( is_scalar( $errorItem ) )
$flat[] = (string)$errorItem;
elseif ( is_array( $errorItem ) )
$flat[] = json_encode( $errorItem, JSON_UNESCAPED_UNICODE );
}
if ( !empty( $flat ) )
return implode( '; ', $flat );
} elseif ( is_scalar( $data['errors'] ) ) {
return (string)$data['errors'];
}
}
return 'Nieznany blad odpowiedzi API.';
}
// ── Apilo product operations ────────────────────────────────
public function apiloProductSearch( string $sku ): array
{
$accessToken = $this->apiloGetAccessToken();
if ( !$accessToken )
return [ 'status' => 'error', 'msg' => 'Brak tokenu Apilo.' ];
$url = "https://projectpro.apilo.com/rest/api/warehouse/product/?" . http_build_query( [ 'sku' => $sku ] );
$ch = curl_init( $url );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
curl_setopt( $ch, CURLOPT_HTTPHEADER, [
"Authorization: Bearer " . $accessToken,
"Accept: application/json"
] );
$response = curl_exec( $ch );
if ( curl_errno( $ch ) ) {
$error = curl_error( $ch );
curl_close( $ch );
return [ 'status' => 'error', 'msg' => 'Błąd cURL: ' . $error ];
}
curl_close( $ch );
$data = json_decode( $response, true );
if ( $data && isset( $data['products'] ) ) {
$data['status'] = 'SUCCESS';
return $data;
}
return [ 'status' => 'SUCCESS', 'msg' => 'Brak wyników dla podanego SKU.', 'products' => '' ];
}
public function apiloCreateProduct( int $productId ): array
{
$accessToken = $this->apiloGetAccessToken();
if ( !$accessToken )
return [ 'success' => false, 'message' => 'Brak tokenu Apilo.' ];
$product = ( new \Domain\Product\ProductRepository( $this->db ) )->findCached( $productId );
$params = [
'sku' => $product['sku'],
'ean' => $product['ean'],
'name' => $product['language']['name'],
'tax' => (int) $product['vat'],
'status' => 1,
'quantity' => (int) $product['quantity'],
'priceWithTax' => $product['price_brutto'],
'description' => $product['language']['description'] . '<br>' . $product['language']['short_description'],
'shortDescription' => '',
'images' => [],
];
foreach ( $product['images'] as $image )
$params['images'][] = "https://" . $_SERVER['HTTP_HOST'] . $image['src'];
$ch = curl_init( "https://projectpro.apilo.com/rest/api/warehouse/product/" );
curl_setopt( $ch, CURLOPT_POSTFIELDS, json_encode( [ $params ] ) );
curl_setopt( $ch, CURLOPT_CUSTOMREQUEST, "POST" );
curl_setopt( $ch, CURLOPT_HTTPHEADER, [
"Authorization: Bearer " . $accessToken,
"Content-Type: application/json",
"Accept: application/json"
] );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
$response = curl_exec( $ch );
$responseData = json_decode( $response, true );
if ( curl_errno( $ch ) ) {
$error = curl_error( $ch );
curl_close( $ch );
return [ 'success' => false, 'message' => 'Błąd cURL: ' . $error ];
}
curl_close( $ch );
if ( !empty( $responseData['products'] ) ) {
$this->db->update( 'pp_shop_products', [
'apilo_product_id' => reset( $responseData['products'] ),
'apilo_product_name' => $product['language']['name'],
], [ 'id' => $product['id'] ] );
return [ 'success' => true, 'message' => 'Produkt został dodany do magazynu APILO.' ];
}
return [ 'success' => false, 'message' => 'Podczas dodawania produktu wystąpił błąd.' ];
}
}

526
autoload/Domain/Integrations/IntegrationsRepository.php
View File

@@ -130,444 +130,7 @@ class IntegrationsRepository
], [ 'id' => $productId ] );
}
// ── Apilo OAuth ─────────────────────────────────────────────
public function apiloAuthorize( string $clientId, string $clientSecret, string $authCode ): bool
{
$postData = [
'grantType' => 'authorization_code',
'token' => $authCode,
];
$ch = curl_init( "https://projectpro.apilo.com/rest/auth/token/" );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
curl_setopt( $ch, CURLOPT_CUSTOMREQUEST, "POST" );
curl_setopt( $ch, CURLOPT_POSTFIELDS, json_encode( $postData ) );
curl_setopt( $ch, CURLOPT_HTTPHEADER, [
"Authorization: Basic " . base64_encode( $clientId . ":" . $clientSecret ),
"Accept: application/json"
] );
$response = curl_exec( $ch );
if ( curl_errno( $ch ) ) {
curl_close( $ch );
return false;
}
curl_close( $ch );
$response = json_decode( $response, true );
if ( empty( $response['accessToken'] ) )
return false;
$this->saveSetting( 'apilo', 'access-token', $response['accessToken'] );
$this->saveSetting( 'apilo', 'refresh-token', $response['refreshToken'] );
$this->saveSetting( 'apilo', 'access-token-expire-at', $response['accessTokenExpireAt'] );
$this->saveSetting( 'apilo', 'refresh-token-expire-at', $response['refreshTokenExpireAt'] );
return true;
}
public function apiloGetAccessToken( int $refreshLeadSeconds = 300 ): ?string
{
$settings = $this->getSettings( 'apilo' );
$hasRefreshCredentials = !empty( $settings['refresh-token'] )
&& !empty( $settings['client-id'] )
&& !empty( $settings['client-secret'] );
$accessToken = trim( (string)($settings['access-token'] ?? '') );
$accessTokenExpireAt = trim( (string)($settings['access-token-expire-at'] ?? '') );
if ( $accessToken !== '' && $accessTokenExpireAt !== '' ) {
if ( !$this->shouldRefreshAccessToken( $accessTokenExpireAt, $refreshLeadSeconds ) ) {
return $accessToken;
}
}
if ( !$hasRefreshCredentials ) {
return null;
}
if (
!empty( $settings['refresh-token-expire-at'] ) &&
!$this->isFutureDate( (string)$settings['refresh-token-expire-at'] )
) {
return null;
}
return $this->refreshApiloAccessToken( $settings );
}
/**
* Keepalive tokenu Apilo do uzycia w CRON.
* Odswieza token, gdy wygasa lub jest bliski wygasniecia.
*
* @return array{success:bool,skipped:bool,message:string}
*/
public function apiloKeepalive( int $refreshLeadSeconds = 300 ): array
{
$settings = $this->getSettings( 'apilo' );
if ( (int)($settings['enabled'] ?? 0) !== 1 ) {
return [
'success' => false,
'skipped' => true,
'message' => 'Apilo disabled.',
];
}
if ( empty( $settings['client-id'] ) || empty( $settings['client-secret'] ) ) {
return [
'success' => false,
'skipped' => true,
'message' => 'Missing Apilo credentials.',
];
}
$token = $this->apiloGetAccessToken( $refreshLeadSeconds );
if ( !$token ) {
return [
'success' => false,
'skipped' => false,
'message' => 'Unable to refresh Apilo token.',
];
}
$this->saveSetting( 'apilo', 'token-keepalive-at', date( 'Y-m-d H:i:s' ) );
return [
'success' => true,
'skipped' => false,
'message' => 'Apilo token keepalive OK.',
];
}
private function refreshApiloAccessToken( array $settings ): ?string
{
$postData = [
'grantType' => 'refresh_token',
'token' => $settings['refresh-token'],
];
$ch = curl_init( "https://projectpro.apilo.com/rest/auth/token/" );
curl_setopt( $ch, CURLOPT_HTTPHEADER, [
"Authorization: Basic " . base64_encode( $settings['client-id'] . ":" . $settings['client-secret'] ),
"Accept: application/json"
] );
curl_setopt( $ch, CURLOPT_POST, true );
curl_setopt( $ch, CURLOPT_POSTFIELDS, json_encode( $postData ) );
curl_setopt( $ch, CURLOPT_CUSTOMREQUEST, "POST" );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
$response = curl_exec( $ch );
if ( curl_errno( $ch ) ) {
curl_close( $ch );
return null;
}
curl_close( $ch );
$response = json_decode( $response, true );
if ( empty( $response['accessToken'] ) ) {
return null;
}
$this->saveSetting( 'apilo', 'access-token', $response['accessToken'] );
$this->saveSetting( 'apilo', 'refresh-token', $response['refreshToken'] ?? ( $settings['refresh-token'] ?? '' ) );
$this->saveSetting( 'apilo', 'access-token-expire-at', $response['accessTokenExpireAt'] ?? null );
$this->saveSetting( 'apilo', 'refresh-token-expire-at', $response['refreshTokenExpireAt'] ?? null );
return $response['accessToken'];
}
private function shouldRefreshAccessToken( string $expiresAtRaw, int $leadSeconds = 300 ): bool
{
try {
$expiresAt = new \DateTime( $expiresAtRaw );
} catch ( \Exception $e ) {
return true;
}
$threshold = new \DateTime( date( 'Y-m-d H:i:s', time() + max( 0, $leadSeconds ) ) );
return $expiresAt <= $threshold;
}
private function isFutureDate( string $dateRaw ): bool
{
try {
$date = new \DateTime( $dateRaw );
} catch ( \Exception $e ) {
return false;
}
return $date > new \DateTime( date( 'Y-m-d H:i:s' ) );
}
/**
* Sprawdza aktualny stan integracji Apilo i zwraca komunikat dla UI.
*
* @return array{is_valid:bool,severity:string,message:string}
*/
public function apiloIntegrationStatus(): array
{
$settings = $this->getSettings( 'apilo' );
$missing = [];
foreach ( [ 'client-id', 'client-secret' ] as $field ) {
if ( trim( (string)($settings[$field] ?? '') ) === '' )
$missing[] = $field;
}
if ( !empty( $missing ) ) {
return [
'is_valid' => false,
'severity' => 'danger',
'message' => 'Brakuje konfiguracji Apilo: ' . implode( ', ', $missing ) . '.',
];
}
$accessToken = trim( (string)($settings['access-token'] ?? '') );
$authorizationCode = trim( (string)($settings['authorization-code'] ?? '') );
if ( $accessToken === '' ) {
if ( $authorizationCode === '' ) {
return [
'is_valid' => false,
'severity' => 'warning',
'message' => 'Brak authorization-code i access-token. Wpisz kod autoryzacji i uruchom autoryzacje.',
];
}
return [
'is_valid' => false,
'severity' => 'warning',
'message' => 'Brak access-token. Uruchom autoryzacje Apilo.',
];
}
$token = $this->apiloGetAccessToken();
if ( !$token ) {
return [
'is_valid' => false,
'severity' => 'danger',
'message' => 'Token Apilo jest niewazny lub wygasl i nie udal sie refresh. Wykonaj ponowna autoryzacje.',
];
}
$expiresAt = trim( (string)($settings['access-token-expire-at'] ?? '') );
$suffix = $expiresAt !== '' ? ( ' Token wazny do: ' . $expiresAt . '.' ) : '';
return [
'is_valid' => true,
'severity' => 'success',
'message' => 'Integracja Apilo jest aktywna.' . $suffix,
];
}
// ── Apilo API fetch lists ───────────────────────────────────
private const APILO_ENDPOINTS = [
'platform' => 'https://projectpro.apilo.com/rest/api/orders/platform/map/',
'status' => 'https://projectpro.apilo.com/rest/api/orders/status/map/',
'carrier' => 'https://projectpro.apilo.com/rest/api/orders/carrier-account/map/',
'payment' => 'https://projectpro.apilo.com/rest/api/orders/payment/map/',
];
private const APILO_SETTINGS_KEYS = [
'platform' => 'platform-list',
'status' => 'status-types-list',
'carrier' => 'carrier-account-list',
'payment' => 'payment-types-list',
];
/**
* Fetch list from Apilo API and save to settings.
* @param string $type platform|status|carrier|payment
*/
public function apiloFetchList( string $type ): bool
{
$result = $this->apiloFetchListResult( $type );
return !empty( $result['success'] );
}
/**
* Fetch list from Apilo API and return detailed status for UI.
*
* @param string $type platform|status|carrier|payment
* @return array{success:bool,count:int,message:string}
*/
public function apiloFetchListResult( string $type ): array
{
if ( !isset( self::APILO_ENDPOINTS[$type] ) )
throw new \InvalidArgumentException( "Unknown apilo list type: $type" );
$settings = $this->getSettings( 'apilo' );
$missingFields = [];
foreach ( [ 'client-id', 'client-secret' ] as $requiredField ) {
if ( trim( (string)($settings[$requiredField] ?? '') ) === '' )
$missingFields[] = $requiredField;
}
if ( !empty( $missingFields ) ) {
return [
'success' => false,
'count' => 0,
'message' => 'Brakuje konfiguracji Apilo: ' . implode( ', ', $missingFields ) . '. Uzupelnij pola i zapisz ustawienia.',
];
}
$accessToken = $this->apiloGetAccessToken();
if ( !$accessToken ) {
return [
'success' => false,
'count' => 0,
'message' => 'Brak aktywnego tokenu Apilo. Wykonaj autoryzacje Apilo i sprobuj ponownie.',
];
}
$ch = curl_init( self::APILO_ENDPOINTS[$type] );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
curl_setopt( $ch, CURLOPT_HTTPHEADER, [
"Authorization: Bearer " . $accessToken,
"Accept: application/json"
] );
$response = curl_exec( $ch );
if ( curl_errno( $ch ) ) {
$error = curl_error( $ch );
curl_close( $ch );
return [
'success' => false,
'count' => 0,
'message' => 'Blad polaczenia z Apilo: ' . $error . '. Sprawdz polaczenie serwera i sprobuj ponownie.',
];
}
$httpCode = (int) curl_getinfo( $ch, CURLINFO_HTTP_CODE );
curl_close( $ch );
$data = json_decode( $response, true );
if ( !is_array( $data ) ) {
$responsePreview = substr( trim( (string)$response ), 0, 180 );
if ( $responsePreview === '' )
$responsePreview = '[pusta odpowiedz]';
return [
'success' => false,
'count' => 0,
'message' => 'Apilo zwrocilo niepoprawny format odpowiedzi (HTTP ' . $httpCode . '). Odpowiedz: ' . $responsePreview,
];
}
if ( $httpCode >= 400 ) {
return [
'success' => false,
'count' => 0,
'message' => 'Apilo zwrocilo blad HTTP ' . $httpCode . ': ' . $this->extractApiloErrorMessage( $data ),
];
}
$normalizedList = $this->normalizeApiloMapList( $data );
if ( $normalizedList === null ) {
return [
'success' => false,
'count' => 0,
'message' => 'Apilo zwrocilo dane w nieoczekiwanym formacie. Odswiez token i sproboj ponownie.',
];
}
$this->saveSetting( 'apilo', self::APILO_SETTINGS_KEYS[$type], $normalizedList );
return [
'success' => true,
'count' => count( $normalizedList ),
'message' => 'OK',
];
}
/**
* Normalizuje odpowiedz API mapowania do listy rekordow ['id' => ..., 'name' => ...].
* Zwraca null dla payloadu bledow lub nieoczekiwanego formatu.
*
* @return array<int, array{id:mixed,name:mixed}>|null
*/
private function normalizeApiloMapList( array $data ): ?array
{
if ( isset( $data['message'] ) && isset( $data['code'] ) )
return null;
if ( $this->isMapListShape( $data ) )
return $data;
if ( isset( $data['items'] ) && is_array( $data['items'] ) && $this->isMapListShape( $data['items'] ) )
return $data['items'];
if ( isset( $data['data'] ) && is_array( $data['data'] ) && $this->isMapListShape( $data['data'] ) )
return $data['data'];
// Dopuszczamy rowniez format asocjacyjny: [id => name, ...], ale tylko dla kluczy liczbowych.
if ( !empty( $data ) ) {
$normalized = [];
foreach ( $data as $key => $value ) {
if ( !( is_int( $key ) || ( is_string( $key ) && preg_match('/^-?\d+$/', $key) === 1 ) ) )
return null;
if ( !is_scalar( $value ) )
return null;
$normalized[] = [
'id' => $key,
'name' => (string) $value,
];
}
return !empty( $normalized ) ? $normalized : null;
}
return null;
}
private function isMapListShape( array $list ): bool
{
if ( empty( $list ) )
return false;
foreach ( $list as $row ) {
if ( !is_array( $row ) || !array_key_exists( 'id', $row ) || !array_key_exists( 'name', $row ) )
return false;
}
return true;
}
private function extractApiloErrorMessage( array $data ): string
{
foreach ( [ 'message', 'error', 'detail', 'title' ] as $key ) {
if ( isset( $data[$key] ) && is_scalar( $data[$key] ) ) {
$message = trim( (string)$data[$key] );
if ( $message !== '' )
return $message;
}
}
if ( isset( $data['errors'] ) ) {
if ( is_array( $data['errors'] ) ) {
$flat = [];
foreach ( $data['errors'] as $errorItem ) {
if ( is_scalar( $errorItem ) )
$flat[] = (string)$errorItem;
elseif ( is_array( $errorItem ) )
$flat[] = json_encode( $errorItem, JSON_UNESCAPED_UNICODE );
}
if ( !empty( $flat ) )
return implode( '; ', $flat );
} elseif ( is_scalar( $data['errors'] ) ) {
return (string)$data['errors'];
}
}
return 'Nieznany blad odpowiedzi API.';
}
// ── Apilo product operations ────────────────────────────────
// ── Product data ─────────────────────────────────────────────
public function getProductSku( int $productId ): ?string
{
@@ -575,93 +138,6 @@ class IntegrationsRepository
return $sku ?: null;
}
public function apiloProductSearch( string $sku ): array
{
$accessToken = $this->apiloGetAccessToken();
if ( !$accessToken )
return [ 'status' => 'error', 'msg' => 'Brak tokenu Apilo.' ];
$url = "https://projectpro.apilo.com/rest/api/warehouse/product/?" . http_build_query( [ 'sku' => $sku ] );
$ch = curl_init( $url );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
curl_setopt( $ch, CURLOPT_HTTPHEADER, [
"Authorization: Bearer " . $accessToken,
"Accept: application/json"
] );
$response = curl_exec( $ch );
if ( curl_errno( $ch ) ) {
$error = curl_error( $ch );
curl_close( $ch );
return [ 'status' => 'error', 'msg' => 'Błąd cURL: ' . $error ];
}
curl_close( $ch );
$data = json_decode( $response, true );
if ( $data && isset( $data['products'] ) ) {
$data['status'] = 'SUCCESS';
return $data;
}
return [ 'status' => 'SUCCESS', 'msg' => 'Brak wyników dla podanego SKU.', 'products' => '' ];
}
public function apiloCreateProduct( int $productId ): array
{
$accessToken = $this->apiloGetAccessToken();
if ( !$accessToken )
return [ 'success' => false, 'message' => 'Brak tokenu Apilo.' ];
$product = ( new \Domain\Product\ProductRepository( $this->db ) )->findCached( $productId );
$params = [
'sku' => $product['sku'],
'ean' => $product['ean'],
'name' => $product['language']['name'],
'tax' => (int) $product['vat'],
'status' => 1,
'quantity' => (int) $product['quantity'],
'priceWithTax' => $product['price_brutto'],
'description' => $product['language']['description'] . '<br>' . $product['language']['short_description'],
'shortDescription' => '',
'images' => [],
];
foreach ( $product['images'] as $image )
$params['images'][] = "https://" . $_SERVER['HTTP_HOST'] . $image['src'];
$ch = curl_init( "https://projectpro.apilo.com/rest/api/warehouse/product/" );
curl_setopt( $ch, CURLOPT_POSTFIELDS, json_encode( [ $params ] ) );
curl_setopt( $ch, CURLOPT_CUSTOMREQUEST, "POST" );
curl_setopt( $ch, CURLOPT_HTTPHEADER, [
"Authorization: Bearer " . $accessToken,
"Content-Type: application/json",
"Accept: application/json"
] );
curl_setopt( $ch, CURLOPT_RETURNTRANSFER, true );
$response = curl_exec( $ch );
$responseData = json_decode( $response, true );
if ( curl_errno( $ch ) ) {
$error = curl_error( $ch );
curl_close( $ch );
return [ 'success' => false, 'message' => 'Błąd cURL: ' . $error ];
}
curl_close( $ch );
if ( !empty( $responseData['products'] ) ) {
$this->db->update( 'pp_shop_products', [
'apilo_product_id' => reset( $responseData['products'] ),
'apilo_product_name' => $product['language']['name'],
], [ 'id' => $product['id'] ] );
return [ 'success' => true, 'message' => 'Produkt został dodany do magazynu APILO.' ];
}
return [ 'success' => false, 'message' => 'Podczas dodawania produktu wystąpił błąd.' ];
}
// ── ShopPRO import ──────────────────────────────────────────
public function shopproImportProduct( int $productId ): array

12
autoload/Domain/Order/OrderAdminService.php
View File

@@ -419,8 +419,8 @@ class OrderAdminService
return false;
}
$integrationsRepository = new \Domain\Integrations\IntegrationsRepository( $mdb );
$accessToken = $integrationsRepository -> apiloGetAccessToken();
$apiloRepository = new \Domain\Integrations\ApiloRepository( $mdb );
$accessToken = $apiloRepository->apiloGetAccessToken();
if (!$accessToken) {
\Domain\Integrations\ApiloLogger::log(
$mdb,
@@ -675,7 +675,7 @@ class OrderAdminService
global $config;
$db = $this->orders->getDb();
$integrationsRepository = new \Domain\Integrations\IntegrationsRepository($db);
$apiloRepository = new \Domain\Integrations\ApiloRepository($db);
if (empty($order['apilo_order_id'])) {
return true;
@@ -687,7 +687,7 @@ class OrderAdminService
}
$payment_date = new \DateTime($order['date_order']);
$access_token = $integrationsRepository->apiloGetAccessToken();
$access_token = $apiloRepository->apiloGetAccessToken();
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://projectpro.apilo.com/rest/api/orders/" . $order['apilo_order_id'] . '/payment/');
@@ -742,13 +742,13 @@ class OrderAdminService
global $config;
$db = $this->orders->getDb();
$integrationsRepository = new \Domain\Integrations\IntegrationsRepository($db);
$apiloRepository = new \Domain\Integrations\ApiloRepository($db);
if (empty($order['apilo_order_id'])) {
return true;
}
$access_token = $integrationsRepository->apiloGetAccessToken();
$access_token = $apiloRepository->apiloGetAccessToken();
$ch = curl_init();
curl_setopt($ch, CURLOPT_URL, "https://projectpro.apilo.com/rest/api/orders/" . $order['apilo_order_id'] . '/status/');

6
autoload/Domain/Order/OrderRepository.php
View File

@@ -790,8 +790,8 @@ class OrderRepository
}
}
if ($coupon && $coupon->is_one_time()) {
$coupon->set_as_used();
if ($coupon && (int)$coupon->one_time === 1) {
(new \Domain\Coupon\CouponRepository($this->db))->markAsUsed((int)$coupon->id);
}
$order = $this->orderDetailsFrontend($order_id);
@@ -814,7 +814,7 @@ class OrderRepository
\Shared\Helpers\Helpers::send_email($settings['contact_email'], 'Nowe zamówienie / ' . $settings['firm_name'] . ' / ' . $order['number'] . ' - ' . $order['client_surname'] . ' ' . $order['client_name'], $mail_order);
// zmiana statusu w realizacji jeżeli płatność przy odbiorze
if ($payment_id == 3) {
if (!empty($payment_method['is_cod'])) {
$this->updateOrderStatus($order_id, 4);
$this->insertStatusHistory($order_id, 4, 1);
}

5
autoload/Domain/PaymentMethod/PaymentMethodRepository.php
View File

@@ -122,6 +122,7 @@ class PaymentMethodRepository
'apilo_payment_type_id' => $this->normalizeApiloPaymentTypeId($data['apilo_payment_type_id'] ?? null),
'min_order_amount' => $this->normalizeDecimalOrNull($data['min_order_amount'] ?? null),
'max_order_amount' => $this->normalizeDecimalOrNull($data['max_order_amount'] ?? null),
'is_cod' => (int)(!empty($data['is_cod']) ? 1 : 0),
];
$this->db->update('pp_shop_payment_methods', $row, ['id' => $paymentMethodId]);
@@ -240,7 +241,8 @@ class PaymentMethodRepository
spm.status,
spm.apilo_payment_type_id,
spm.min_order_amount,
spm.max_order_amount
spm.max_order_amount,
spm.is_cod
FROM pp_shop_payment_methods AS spm
INNER JOIN pp_shop_transport_payment_methods AS stpm
ON stpm.id_payment_method = spm.id
@@ -335,6 +337,7 @@ class PaymentMethodRepository
$row['apilo_payment_type_id'] = $this->normalizeApiloPaymentTypeId($row['apilo_payment_type_id'] ?? null);
$row['min_order_amount'] = $this->normalizeDecimalOrNull($row['min_order_amount'] ?? null);
$row['max_order_amount'] = $this->normalizeDecimalOrNull($row['max_order_amount'] ?? null);
$row['is_cod'] = (int)($row['is_cod'] ?? 0);
return $row;
}

8
autoload/Domain/Product/ProductRepository.php
View File

@@ -1751,8 +1751,10 @@ class ProductRepository
if ( \Shared\Helpers\Helpers::is_array_fix( $customFields ) ) {
foreach ( $customFields as $row ) {
$this->db->insert( 'pp_shop_products_custom_fields', [
'id_product' => $newProductId,
'name' => $row['name'],
'id_product' => $newProductId,
'name' => $row['name'],
'type' => $row['type'] ?? 'text',
'is_required' => $row['is_required'] ?? 0,
] );
}
}
@@ -2140,6 +2142,8 @@ class ProductRepository
$full = realpath('../' . ltrim($src, '/'));
if ($full && strpos($full, $base . DIRECTORY_SEPARATOR) === 0 && is_file($full)) {
unlink($full);
} elseif ($full) {
error_log( '[shopPRO] safeUnlink: ścieżka poza upload/: ' . $src );
}
}

26
autoload/Shared/Security/CsrfToken.php Normal file
View File

@@ -0,0 +1,26 @@
<?php
namespace Shared\Security;
class CsrfToken
{
const SESSION_KEY = 'csrf_token';
public static function getToken(): string
{
if (empty($_SESSION[self::SESSION_KEY])) {
$_SESSION[self::SESSION_KEY] = bin2hex(random_bytes(32));
}
return (string) $_SESSION[self::SESSION_KEY];
}
public static function validate(string $token): bool
{
$sessionToken = isset($_SESSION[self::SESSION_KEY]) ? (string) $_SESSION[self::SESSION_KEY] : '';
return $sessionToken !== '' && hash_equals($sessionToken, $token);
}
public static function regenerate(): void
{
$_SESSION[self::SESSION_KEY] = bin2hex(random_bytes(32));
}
}

14
autoload/admin/App.php
View File

@@ -43,6 +43,15 @@ class App
$sa = \Shared\Helpers\Helpers::get( 's-action' );
if ( !$sa ) return;
if ( $_SERVER['REQUEST_METHOD'] === 'POST' ) {
$csrfToken = isset( $_POST['_csrf_token'] ) ? (string) $_POST['_csrf_token'] : '';
if ( !\Shared\Security\CsrfToken::validate( $csrfToken ) ) {
\Shared\Helpers\Helpers::alert( 'Nieprawidłowy token bezpieczeństwa. Spróbuj ponownie.' );
header( 'Location: /admin/' );
exit;
}
}
$domain = preg_replace( '/^www\./', '', $_SERVER['SERVER_NAME'] );
$cookie_name = 'admin_remember_' . str_replace( '.', '-', $domain );
$users = new \Domain\User\UserRepository( $mdb );
@@ -84,6 +93,7 @@ class App
exit;
}
\Shared\Security\CsrfToken::regenerate();
self::finalize_admin_login( $user, $domain, $cookie_name, (bool) \Shared\Helpers\Helpers::get( 'remember' ) );
header( 'Location: /admin/articles/list/' );
exit;
@@ -127,6 +137,7 @@ class App
header( 'Location: /admin/' );
exit;
}
\Shared\Security\CsrfToken::regenerate();
self::finalize_admin_login( $user, $domain, $cookie_name, !empty( $pending['remember'] ) );
header( 'Location: /admin/articles/list/' );
exit;
@@ -372,7 +383,8 @@ class App
'Integrations' => function() {
global $mdb;
return new \admin\Controllers\IntegrationsController(
new \Domain\Integrations\IntegrationsRepository( $mdb )
new \Domain\Integrations\IntegrationsRepository( $mdb ),
new \Domain\Integrations\ApiloRepository( $mdb )
);
},
'ShopStatuses' => function() {

17
autoload/admin/Controllers/IntegrationsController.php
View File

@@ -2,15 +2,18 @@
namespace admin\Controllers;
use Domain\Integrations\IntegrationsRepository;
use Domain\Integrations\ApiloRepository;
use admin\ViewModels\Common\PaginatedTableViewModel;
class IntegrationsController
{
private IntegrationsRepository $repository;
private ApiloRepository $apiloRepository;
public function __construct( IntegrationsRepository $repository )
public function __construct( IntegrationsRepository $repository, ApiloRepository $apiloRepository )
{
$this->repository = $repository;
$this->apiloRepository = $apiloRepository;
}
public function logs(): string
@@ -125,7 +128,7 @@ class IntegrationsController
{
return \Shared\Tpl\Tpl::view( 'integrations/apilo-settings', [
'settings' => $this->repository->getSettings( 'apilo' ),
'apilo_status' => $this->repository->apiloIntegrationStatus(),
'apilo_status' => $this->apiloRepository->apiloIntegrationStatus(),
] );
}
@@ -147,7 +150,7 @@ class IntegrationsController
{
$settings = $this->repository->getSettings( 'apilo' );
if ( $this->repository->apiloAuthorize(
if ( $this->apiloRepository->apiloAuthorize(
(string)($settings['client-id'] ?? ''),
(string)($settings['client-secret'] ?? ''),
(string)($settings['authorization-code'] ?? '')
@@ -156,7 +159,7 @@ class IntegrationsController
exit;
}
$status = $this->repository->apiloIntegrationStatus();
$status = $this->apiloRepository->apiloIntegrationStatus();
$message = trim( (string)($status['message'] ?? '') );
if ( $message === '' ) {
$message = 'Podczas autoryzacji wystapil blad. Prosze sprawdzic dane i sprobowac ponownie.';
@@ -191,7 +194,7 @@ class IntegrationsController
public function apilo_create_product(): void
{
$productId = (int) \Shared\Helpers\Helpers::get( 'product_id' );
$result = $this->repository->apiloCreateProduct( $productId );
$result = $this->apiloRepository->apiloCreateProduct( $productId );
\Shared\Helpers\Helpers::alert( (string)($result['message'] ?? 'Wystapil blad podczas tworzenia produktu w Apilo.') );
header( 'Location: /admin/shop_product/view_list/' );
@@ -208,7 +211,7 @@ class IntegrationsController
exit;
}
echo json_encode( $this->repository->apiloProductSearch( $sku ) );
echo json_encode( $this->apiloRepository->apiloProductSearch( $sku ) );
exit;
}
@@ -267,7 +270,7 @@ class IntegrationsController
private function fetchApiloListWithFeedback( string $type, string $label ): void
{
$result = $this->repository->apiloFetchListResult( $type );
$result = $this->apiloRepository->apiloFetchListResult( $type );
if ( !empty( $result['success'] ) ) {
$count = (int)($result['count'] ?? 0);

5
autoload/admin/Controllers/ShopPaymentMethodController.php
View File

@@ -184,6 +184,7 @@ class ShopPaymentMethodController
'apilo_payment_type_id' => $paymentMethod['apilo_payment_type_id'] ?? '',
'min_order_amount' => $paymentMethod['min_order_amount'] ?? '',
'max_order_amount' => $paymentMethod['max_order_amount'] ?? '',
'is_cod' => (int)($paymentMethod['is_cod'] ?? 0),
];
$fields = [
@@ -220,6 +221,10 @@ class ShopPaymentMethodController
'tab' => 'settings',
'options' => $apiloOptions,
]),
FormField::switch('is_cod', [
'label' => 'Platnosc przy odbiorze',
'tab' => 'settings',
]),
FormField::switch('status', [
'label' => 'Aktywny',
'tab' => 'settings',

7
autoload/admin/Support/Forms/FormRequestHandler.php
View File

@@ -32,6 +32,13 @@ class FormRequestHandler
'data' => []
];
// Walidacja CSRF
$csrfToken = isset($postData['_csrf_token']) ? (string) $postData['_csrf_token'] : '';
if (!\Shared\Security\CsrfToken::validate($csrfToken)) {
$result['errors'] = ['csrf' => 'Nieprawidłowy token bezpieczeństwa. Odśwież stronę i spróbuj ponownie.'];
return $result;
}
// Walidacja
$errors = $this->validator->validate($postData, $formViewModel->fields, $formViewModel->languages);

165
autoload/front/Controllers/ShopBasketController.php
View File

@@ -5,6 +5,7 @@ class ShopBasketController
{
private const ORDER_SUBMIT_TOKEN_SESSION_KEY = 'order-submit-token';
private const ORDER_SUBMIT_LAST_ORDER_ID_SESSION_KEY = 'order-submit-last-order-id';
private const ORDER_SUBMIT_TOKEN_TTL = 1800;
public static $title = [
'mainView' => 'Koszyk'
@@ -298,20 +299,23 @@ class ShopBasketController
$orderSubmitToken = (string)\Shared\Helpers\Helpers::get( 'order_submit_token', true );
$existingOrderId = isset( $_SESSION[ self::ORDER_SUBMIT_LAST_ORDER_ID_SESSION_KEY ] ) ? (int)$_SESSION[ self::ORDER_SUBMIT_LAST_ORDER_ID_SESSION_KEY ] : 0;
$basket = \Shared\Helpers\Helpers::get_session( 'basket' );
if ( empty( $basket ) && $existingOrderId > 0 )
{
$existingOrderHash = $this->orderRepository->findHashById( $existingOrderId );
if ( $existingOrderHash )
{
$this->logOrder( 'Double-submit detected, redirecting to existing order id=' . $existingOrderId );
header( 'Location: /zamowienie/' . $existingOrderHash );
exit;
}
}
if ( !$this->isValidOrderSubmitToken( $orderSubmitToken ) )
{
if ( $existingOrderId > 0 )
{
$existingOrderHash = $this->orderRepository->findHashById( $existingOrderId );
if ( $existingOrderHash )
{
header( 'Location: /zamowienie/' . $existingOrderHash );
exit;
}
}
$this->logOrder( 'Token validation failed. formToken=' . $orderSubmitToken . ' existingOrderId=' . $existingOrderId );
\Shared\Helpers\Helpers::error( \Shared\Helpers\Helpers::lang( 'zamowienie-zostalo-zlozone-komunikat-blad' ) );
header( 'Location: /koszyk' );
header( 'Location: /koszyk-podsumowanie' );
exit;
}
@@ -325,7 +329,10 @@ class ShopBasketController
exit;
}
if ( $order_id = $this->orderRepository->createFromBasket(
$order_id = null;
try
{
$order_id = $this->orderRepository->createFromBasket(
$client[ 'id' ],
\Shared\Helpers\Helpers::get_session( 'basket' ),
\Shared\Helpers\Helpers::get_session( 'basket-transport-method-id' ),
@@ -347,7 +354,18 @@ class ShopBasketController
\Shared\Helpers\Helpers::get_session( 'basket_orlen_point_info' ),
\Shared\Helpers\Helpers::get_session( 'coupon' ),
\Shared\Helpers\Helpers::get_session( 'basket_message' )
) )
);
}
catch ( \Exception $e )
{
$this->logOrder( 'createFromBasket exception: ' . $e->getMessage() );
error_log( '[basketSave] createFromBasket exception: ' . $e->getMessage() );
\Shared\Helpers\Helpers::error( \Shared\Helpers\Helpers::lang( 'zamowienie-zostalo-zlozone-komunikat-blad' ) );
header( 'Location: /koszyk' );
exit;
}
if ( $order_id )
{
\Shared\Helpers\Helpers::set_session( self::ORDER_SUBMIT_LAST_ORDER_ID_SESSION_KEY, (int)$order_id );
\Shared\Helpers\Helpers::alert( \Shared\Helpers\Helpers::lang( 'zamowienie-zostalo-zlozone-komunikat' ) );
@@ -374,6 +392,7 @@ class ShopBasketController
}
else
{
$this->logOrder( 'createFromBasket returned falsy order_id. client_id=' . ( $client['id'] ?? '?' ) . ' email=' . ( \Shared\Helpers\Helpers::get( 'email', true ) ?: '?' ) );
\Shared\Helpers\Helpers::error( \Shared\Helpers\Helpers::lang( 'zamowienie-zostalo-zlozone-komunikat-blad' ) );
header( 'Location: /koszyk' );
exit;
@@ -420,6 +439,79 @@ class ShopBasketController
] );
}
public function basketUpdateCustomFields()
{
$basket = \Shared\Helpers\Helpers::get_session( 'basket' );
$product_code = \Shared\Helpers\Helpers::get( 'product_code' );
if ( !isset( $basket[ $product_code ] ) )
{
echo json_encode( [ 'result' => 'error', 'message' => 'Pozycja nie istnieje w koszyku' ] );
exit;
}
$position = $basket[ $product_code ];
$new_custom_fields = [];
$custom_fields_raw = \Shared\Helpers\Helpers::get( 'custom_field' );
if ( is_array( $custom_fields_raw ) )
{
foreach ( $custom_fields_raw as $field_id => $value )
{
$new_custom_fields[ (int)$field_id ] = $value;
}
}
$productRepo = new \Domain\Product\ProductRepository( $GLOBALS['mdb'] );
$missing_fields = [];
foreach ( $new_custom_fields as $field_id => $value )
{
$field_meta = $productRepo->findCustomFieldCached( $field_id );
if ( $field_meta && (int)$field_meta['is_required'] === 1 && trim( $value ) === '' )
{
$missing_fields[] = $field_meta['name'];
}
}
if ( count( $missing_fields ) > 0 )
{
echo json_encode( [ 'result' => 'error', 'message' => 'Wypełnij wymagane pola: ' . implode( ', ', $missing_fields ) ] );
exit;
}
$attributes_implode = '';
if ( isset( $position['attributes'] ) && is_array( $position['attributes'] ) && count( $position['attributes'] ) > 0 )
{
$attributes_implode = implode( '|', $position['attributes'] );
}
$message = isset( $position['message'] ) ? $position['message'] : '';
$new_product_code = md5( $position['product-id'] . $attributes_implode . $message . json_encode( $new_custom_fields ) );
if ( $new_product_code === $product_code )
{
$basket[ $product_code ]['custom_fields'] = $new_custom_fields;
}
elseif ( isset( $basket[ $new_product_code ] ) )
{
$basket[ $new_product_code ]['quantity'] += $position['quantity'];
unset( $basket[ $product_code ] );
}
else
{
$position['custom_fields'] = $new_custom_fields;
$basket[ $new_product_code ] = $position;
unset( $basket[ $product_code ] );
}
$basket = ( new \Domain\Promotion\PromotionRepository( $GLOBALS['mdb'] ) )->findPromotion( $basket );
\Shared\Helpers\Helpers::set_session( 'basket', $basket );
echo json_encode( [ 'result' => 'ok' ] );
exit;
}
private function jsonBasketResponse( $basket, $coupon, $lang_id, $basket_transport_method_id )
{
global $settings;
@@ -445,8 +537,23 @@ class ShopBasketController
private function createOrderSubmitToken()
{
$sessionData = isset( $_SESSION[ self::ORDER_SUBMIT_TOKEN_SESSION_KEY ] )
? $_SESSION[ self::ORDER_SUBMIT_TOKEN_SESSION_KEY ]
: null;
if ( is_array( $sessionData ) && isset( $sessionData['token'], $sessionData['created_at'] ) )
{
if ( ( time() - $sessionData['created_at'] ) < self::ORDER_SUBMIT_TOKEN_TTL )
{
return $sessionData['token'];
}
}
$token = $this->generateOrderSubmitToken();
\Shared\Helpers\Helpers::set_session( self::ORDER_SUBMIT_TOKEN_SESSION_KEY, $token );
\Shared\Helpers\Helpers::set_session( self::ORDER_SUBMIT_TOKEN_SESSION_KEY, [
'token' => $token,
'created_at' => time()
] );
\Shared\Helpers\Helpers::delete_session( self::ORDER_SUBMIT_LAST_ORDER_ID_SESSION_KEY );
return $token;
@@ -469,10 +576,29 @@ class ShopBasketController
if ( !$token )
return false;
$sessionToken = isset( $_SESSION[ self::ORDER_SUBMIT_TOKEN_SESSION_KEY ] ) ? (string)$_SESSION[ self::ORDER_SUBMIT_TOKEN_SESSION_KEY ] : '';
if ( !$sessionToken )
$sessionData = isset( $_SESSION[ self::ORDER_SUBMIT_TOKEN_SESSION_KEY ] )
? $_SESSION[ self::ORDER_SUBMIT_TOKEN_SESSION_KEY ]
: null;
if ( !$sessionData )
return false;
// Backward compatibility: stary format (plain string)
if ( is_string( $sessionData ) )
{
$sessionToken = $sessionData;
}
elseif ( is_array( $sessionData ) && isset( $sessionData['token'], $sessionData['created_at'] ) )
{
if ( ( time() - $sessionData['created_at'] ) >= self::ORDER_SUBMIT_TOKEN_TTL )
return false;
$sessionToken = $sessionData['token'];
}
else
{
return false;
}
if ( function_exists( 'hash_equals' ) )
return hash_equals( $sessionToken, $token );
@@ -483,4 +609,11 @@ class ShopBasketController
{
\Shared\Helpers\Helpers::delete_session( self::ORDER_SUBMIT_TOKEN_SESSION_KEY );
}
private function logOrder( $message )
{
$logFile = __DIR__ . '/../../../logs/logs-order-' . date( 'Y-m-d' ) . '.log';
$line = '[' . date( 'Y-m-d H:i:s' ) . '] ' . $message . "\n";
@file_put_contents( $logFile, $line, FILE_APPEND );
}
}