update
This commit is contained in:
@@ -318,9 +318,7 @@ class ArticleRepository
|
|||||||
|
|
||||||
if (is_array($results)) {
|
if (is_array($results)) {
|
||||||
foreach ($results as $row) {
|
foreach ($results as $row) {
|
||||||
if (file_exists('../' . $row['src'])) {
|
$this->safeUnlink($row['src']);
|
||||||
unlink('../' . $row['src']);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -337,9 +335,7 @@ class ArticleRepository
|
|||||||
|
|
||||||
if (is_array($results)) {
|
if (is_array($results)) {
|
||||||
foreach ($results as $row) {
|
foreach ($results as $row) {
|
||||||
if (file_exists('../' . $row['src'])) {
|
$this->safeUnlink($row['src']);
|
||||||
unlink('../' . $row['src']);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -819,9 +815,7 @@ class ArticleRepository
|
|||||||
$results = $this->db->select('pp_articles_files', '*', ['article_id' => null]);
|
$results = $this->db->select('pp_articles_files', '*', ['article_id' => null]);
|
||||||
if (is_array($results)) {
|
if (is_array($results)) {
|
||||||
foreach ($results as $row) {
|
foreach ($results as $row) {
|
||||||
if (file_exists('../' . $row['src'])) {
|
$this->safeUnlink($row['src']);
|
||||||
unlink('../' . $row['src']);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -836,15 +830,31 @@ class ArticleRepository
|
|||||||
$results = $this->db->select('pp_articles_images', '*', ['article_id' => null]);
|
$results = $this->db->select('pp_articles_images', '*', ['article_id' => null]);
|
||||||
if (is_array($results)) {
|
if (is_array($results)) {
|
||||||
foreach ($results as $row) {
|
foreach ($results as $row) {
|
||||||
if (file_exists('../' . $row['src'])) {
|
$this->safeUnlink($row['src']);
|
||||||
unlink('../' . $row['src']);
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$this->db->delete('pp_articles_images', ['article_id' => null]);
|
$this->db->delete('pp_articles_images', ['article_id' => null]);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Usuwa plik z dysku tylko jeśli ścieżka pozostaje wewnątrz katalogu upload/.
|
||||||
|
* Zapobiega path traversal przy danych z bazy.
|
||||||
|
*/
|
||||||
|
private function safeUnlink(string $src): void
|
||||||
|
{
|
||||||
|
$base = realpath('../upload');
|
||||||
|
if (!$base) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
$full = realpath('../' . ltrim($src, '/'));
|
||||||
|
if ($full && strpos($full, $base . DIRECTORY_SEPARATOR) === 0 && is_file($full)) {
|
||||||
|
unlink($full);
|
||||||
|
} elseif ($full) {
|
||||||
|
error_log( '[shopPRO] safeUnlink: ścieżka poza upload/: ' . $src );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Pobiera artykuly opublikowane w podanym zakresie dat.
|
* Pobiera artykuly opublikowane w podanym zakresie dat.
|
||||||
*/
|
*/
|
||||||
|
|||||||
@@ -28,10 +28,9 @@ class IntegrationsRepository
|
|||||||
public function getSettings( string $provider ): array
|
public function getSettings( string $provider ): array
|
||||||
{
|
{
|
||||||
$table = $this->settingsTable( $provider );
|
$table = $this->settingsTable( $provider );
|
||||||
$stmt = $this->db->query( "SELECT * FROM $table" );
|
$rows = $this->db->select( $table, [ 'name', 'value' ] );
|
||||||
$results = $stmt ? $stmt->fetchAll( \PDO::FETCH_ASSOC ) : [];
|
|
||||||
$settings = [];
|
$settings = [];
|
||||||
foreach ( $results as $row )
|
foreach ( $rows ?: [] as $row )
|
||||||
$settings[$row['name']] = $row['value'];
|
$settings[$row['name']] = $row['value'];
|
||||||
|
|
||||||
return $settings;
|
return $settings;
|
||||||
@@ -160,10 +159,15 @@ class IntegrationsRepository
|
|||||||
if ( empty( $response['accessToken'] ) )
|
if ( empty( $response['accessToken'] ) )
|
||||||
return false;
|
return false;
|
||||||
|
|
||||||
$this->saveSetting( 'apilo', 'access-token', $response['accessToken'] );
|
try {
|
||||||
$this->saveSetting( 'apilo', 'refresh-token', $response['refreshToken'] );
|
$this->saveSetting( 'apilo', 'access-token', $response['accessToken'] );
|
||||||
$this->saveSetting( 'apilo', 'access-token-expire-at', $response['accessTokenExpireAt'] );
|
$this->saveSetting( 'apilo', 'refresh-token', $response['refreshToken'] );
|
||||||
$this->saveSetting( 'apilo', 'refresh-token-expire-at', $response['refreshTokenExpireAt'] );
|
$this->saveSetting( 'apilo', 'access-token-expire-at', $response['accessTokenExpireAt'] );
|
||||||
|
$this->saveSetting( 'apilo', 'refresh-token-expire-at', $response['refreshTokenExpireAt'] );
|
||||||
|
} catch ( \Exception $e ) {
|
||||||
|
error_log( '[shopPRO] Apilo: błąd zapisu tokenów: ' . $e->getMessage() );
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -814,7 +814,7 @@ class OrderRepository
|
|||||||
\Shared\Helpers\Helpers::send_email($settings['contact_email'], 'Nowe zamówienie / ' . $settings['firm_name'] . ' / ' . $order['number'] . ' - ' . $order['client_surname'] . ' ' . $order['client_name'], $mail_order);
|
\Shared\Helpers\Helpers::send_email($settings['contact_email'], 'Nowe zamówienie / ' . $settings['firm_name'] . ' / ' . $order['number'] . ' - ' . $order['client_surname'] . ' ' . $order['client_name'], $mail_order);
|
||||||
|
|
||||||
// zmiana statusu w realizacji jeżeli płatność przy odbiorze
|
// zmiana statusu w realizacji jeżeli płatność przy odbiorze
|
||||||
if ($payment_id == 3) {
|
if (!empty($payment_method['is_cod'])) {
|
||||||
$this->updateOrderStatus($order_id, 4);
|
$this->updateOrderStatus($order_id, 4);
|
||||||
$this->insertStatusHistory($order_id, 4, 1);
|
$this->insertStatusHistory($order_id, 4, 1);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -122,6 +122,7 @@ class PaymentMethodRepository
|
|||||||
'apilo_payment_type_id' => $this->normalizeApiloPaymentTypeId($data['apilo_payment_type_id'] ?? null),
|
'apilo_payment_type_id' => $this->normalizeApiloPaymentTypeId($data['apilo_payment_type_id'] ?? null),
|
||||||
'min_order_amount' => $this->normalizeDecimalOrNull($data['min_order_amount'] ?? null),
|
'min_order_amount' => $this->normalizeDecimalOrNull($data['min_order_amount'] ?? null),
|
||||||
'max_order_amount' => $this->normalizeDecimalOrNull($data['max_order_amount'] ?? null),
|
'max_order_amount' => $this->normalizeDecimalOrNull($data['max_order_amount'] ?? null),
|
||||||
|
'is_cod' => (int)(!empty($data['is_cod']) ? 1 : 0),
|
||||||
];
|
];
|
||||||
|
|
||||||
$this->db->update('pp_shop_payment_methods', $row, ['id' => $paymentMethodId]);
|
$this->db->update('pp_shop_payment_methods', $row, ['id' => $paymentMethodId]);
|
||||||
@@ -240,7 +241,8 @@ class PaymentMethodRepository
|
|||||||
spm.status,
|
spm.status,
|
||||||
spm.apilo_payment_type_id,
|
spm.apilo_payment_type_id,
|
||||||
spm.min_order_amount,
|
spm.min_order_amount,
|
||||||
spm.max_order_amount
|
spm.max_order_amount,
|
||||||
|
spm.is_cod
|
||||||
FROM pp_shop_payment_methods AS spm
|
FROM pp_shop_payment_methods AS spm
|
||||||
INNER JOIN pp_shop_transport_payment_methods AS stpm
|
INNER JOIN pp_shop_transport_payment_methods AS stpm
|
||||||
ON stpm.id_payment_method = spm.id
|
ON stpm.id_payment_method = spm.id
|
||||||
@@ -335,6 +337,7 @@ class PaymentMethodRepository
|
|||||||
$row['apilo_payment_type_id'] = $this->normalizeApiloPaymentTypeId($row['apilo_payment_type_id'] ?? null);
|
$row['apilo_payment_type_id'] = $this->normalizeApiloPaymentTypeId($row['apilo_payment_type_id'] ?? null);
|
||||||
$row['min_order_amount'] = $this->normalizeDecimalOrNull($row['min_order_amount'] ?? null);
|
$row['min_order_amount'] = $this->normalizeDecimalOrNull($row['min_order_amount'] ?? null);
|
||||||
$row['max_order_amount'] = $this->normalizeDecimalOrNull($row['max_order_amount'] ?? null);
|
$row['max_order_amount'] = $this->normalizeDecimalOrNull($row['max_order_amount'] ?? null);
|
||||||
|
$row['is_cod'] = (int)($row['is_cod'] ?? 0);
|
||||||
|
|
||||||
return $row;
|
return $row;
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -1601,9 +1601,7 @@ class ProductRepository
|
|||||||
$results = $this->db->select( 'pp_shop_products_files', '*', [ 'AND' => [ 'product_id' => $productId, 'to_delete' => 1 ] ] );
|
$results = $this->db->select( 'pp_shop_products_files', '*', [ 'AND' => [ 'product_id' => $productId, 'to_delete' => 1 ] ] );
|
||||||
if ( is_array( $results ) ) {
|
if ( is_array( $results ) ) {
|
||||||
foreach ( $results as $row ) {
|
foreach ( $results as $row ) {
|
||||||
if ( file_exists( '../' . $row['src'] ) ) {
|
$this->safeUnlink( $row['src'] );
|
||||||
unlink( '../' . $row['src'] );
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$this->db->delete( 'pp_shop_products_files', [ 'AND' => [ 'product_id' => $productId, 'to_delete' => 1 ] ] );
|
$this->db->delete( 'pp_shop_products_files', [ 'AND' => [ 'product_id' => $productId, 'to_delete' => 1 ] ] );
|
||||||
@@ -1614,9 +1612,7 @@ class ProductRepository
|
|||||||
$results = $this->db->select( 'pp_shop_products_images', '*', [ 'AND' => [ 'product_id' => $productId, 'to_delete' => 1 ] ] );
|
$results = $this->db->select( 'pp_shop_products_images', '*', [ 'AND' => [ 'product_id' => $productId, 'to_delete' => 1 ] ] );
|
||||||
if ( is_array( $results ) ) {
|
if ( is_array( $results ) ) {
|
||||||
foreach ( $results as $row ) {
|
foreach ( $results as $row ) {
|
||||||
if ( file_exists( '../' . $row['src'] ) ) {
|
$this->safeUnlink( $row['src'] );
|
||||||
unlink( '../' . $row['src'] );
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$this->db->delete( 'pp_shop_products_images', [ 'AND' => [ 'product_id' => $productId, 'to_delete' => 1 ] ] );
|
$this->db->delete( 'pp_shop_products_images', [ 'AND' => [ 'product_id' => $productId, 'to_delete' => 1 ] ] );
|
||||||
@@ -2125,14 +2121,30 @@ class ProductRepository
|
|||||||
$results = $this->db->select( 'pp_shop_products_images', '*', [ 'product_id' => null ] );
|
$results = $this->db->select( 'pp_shop_products_images', '*', [ 'product_id' => null ] );
|
||||||
if ( is_array( $results ) ) {
|
if ( is_array( $results ) ) {
|
||||||
foreach ( $results as $row ) {
|
foreach ( $results as $row ) {
|
||||||
if ( file_exists( '../' . $row['src'] ) ) {
|
$this->safeUnlink( $row['src'] );
|
||||||
unlink( '../' . $row['src'] );
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$this->db->delete( 'pp_shop_products_images', [ 'product_id' => null ] );
|
$this->db->delete( 'pp_shop_products_images', [ 'product_id' => null ] );
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Usuwa plik z dysku tylko jeśli ścieżka pozostaje wewnątrz katalogu upload/.
|
||||||
|
* Zapobiega path traversal przy danych z bazy.
|
||||||
|
*/
|
||||||
|
private function safeUnlink(string $src): void
|
||||||
|
{
|
||||||
|
$base = realpath('../upload');
|
||||||
|
if (!$base) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
$full = realpath('../' . ltrim($src, '/'));
|
||||||
|
if ($full && strpos($full, $base . DIRECTORY_SEPARATOR) === 0 && is_file($full)) {
|
||||||
|
unlink($full);
|
||||||
|
} elseif ($full) {
|
||||||
|
error_log( '[shopPRO] safeUnlink: ścieżka poza upload/: ' . $src );
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Oznacza plik do usunięcia.
|
* Oznacza plik do usunięcia.
|
||||||
*/
|
*/
|
||||||
|
|||||||
26
autoload/Shared/Security/CsrfToken.php
Normal file
26
autoload/Shared/Security/CsrfToken.php
Normal file
@@ -0,0 +1,26 @@
|
|||||||
|
<?php
|
||||||
|
namespace Shared\Security;
|
||||||
|
|
||||||
|
class CsrfToken
|
||||||
|
{
|
||||||
|
const SESSION_KEY = 'csrf_token';
|
||||||
|
|
||||||
|
public static function getToken(): string
|
||||||
|
{
|
||||||
|
if (empty($_SESSION[self::SESSION_KEY])) {
|
||||||
|
$_SESSION[self::SESSION_KEY] = bin2hex(random_bytes(32));
|
||||||
|
}
|
||||||
|
return (string) $_SESSION[self::SESSION_KEY];
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function validate(string $token): bool
|
||||||
|
{
|
||||||
|
$sessionToken = isset($_SESSION[self::SESSION_KEY]) ? (string) $_SESSION[self::SESSION_KEY] : '';
|
||||||
|
return $sessionToken !== '' && hash_equals($sessionToken, $token);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static function regenerate(): void
|
||||||
|
{
|
||||||
|
$_SESSION[self::SESSION_KEY] = bin2hex(random_bytes(32));
|
||||||
|
}
|
||||||
|
}
|
||||||
@@ -43,6 +43,15 @@ class App
|
|||||||
$sa = \Shared\Helpers\Helpers::get( 's-action' );
|
$sa = \Shared\Helpers\Helpers::get( 's-action' );
|
||||||
if ( !$sa ) return;
|
if ( !$sa ) return;
|
||||||
|
|
||||||
|
if ( $_SERVER['REQUEST_METHOD'] === 'POST' ) {
|
||||||
|
$csrfToken = isset( $_POST['_csrf_token'] ) ? (string) $_POST['_csrf_token'] : '';
|
||||||
|
if ( !\Shared\Security\CsrfToken::validate( $csrfToken ) ) {
|
||||||
|
\Shared\Helpers\Helpers::alert( 'Nieprawidłowy token bezpieczeństwa. Spróbuj ponownie.' );
|
||||||
|
header( 'Location: /admin/' );
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$domain = preg_replace( '/^www\./', '', $_SERVER['SERVER_NAME'] );
|
$domain = preg_replace( '/^www\./', '', $_SERVER['SERVER_NAME'] );
|
||||||
$cookie_name = 'admin_remember_' . str_replace( '.', '-', $domain );
|
$cookie_name = 'admin_remember_' . str_replace( '.', '-', $domain );
|
||||||
$users = new \Domain\User\UserRepository( $mdb );
|
$users = new \Domain\User\UserRepository( $mdb );
|
||||||
@@ -84,6 +93,7 @@ class App
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
\Shared\Security\CsrfToken::regenerate();
|
||||||
self::finalize_admin_login( $user, $domain, $cookie_name, (bool) \Shared\Helpers\Helpers::get( 'remember' ) );
|
self::finalize_admin_login( $user, $domain, $cookie_name, (bool) \Shared\Helpers\Helpers::get( 'remember' ) );
|
||||||
header( 'Location: /admin/articles/list/' );
|
header( 'Location: /admin/articles/list/' );
|
||||||
exit;
|
exit;
|
||||||
@@ -127,6 +137,7 @@ class App
|
|||||||
header( 'Location: /admin/' );
|
header( 'Location: /admin/' );
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
\Shared\Security\CsrfToken::regenerate();
|
||||||
self::finalize_admin_login( $user, $domain, $cookie_name, !empty( $pending['remember'] ) );
|
self::finalize_admin_login( $user, $domain, $cookie_name, !empty( $pending['remember'] ) );
|
||||||
header( 'Location: /admin/articles/list/' );
|
header( 'Location: /admin/articles/list/' );
|
||||||
exit;
|
exit;
|
||||||
|
|||||||
@@ -184,6 +184,7 @@ class ShopPaymentMethodController
|
|||||||
'apilo_payment_type_id' => $paymentMethod['apilo_payment_type_id'] ?? '',
|
'apilo_payment_type_id' => $paymentMethod['apilo_payment_type_id'] ?? '',
|
||||||
'min_order_amount' => $paymentMethod['min_order_amount'] ?? '',
|
'min_order_amount' => $paymentMethod['min_order_amount'] ?? '',
|
||||||
'max_order_amount' => $paymentMethod['max_order_amount'] ?? '',
|
'max_order_amount' => $paymentMethod['max_order_amount'] ?? '',
|
||||||
|
'is_cod' => (int)($paymentMethod['is_cod'] ?? 0),
|
||||||
];
|
];
|
||||||
|
|
||||||
$fields = [
|
$fields = [
|
||||||
@@ -220,6 +221,10 @@ class ShopPaymentMethodController
|
|||||||
'tab' => 'settings',
|
'tab' => 'settings',
|
||||||
'options' => $apiloOptions,
|
'options' => $apiloOptions,
|
||||||
]),
|
]),
|
||||||
|
FormField::switch('is_cod', [
|
||||||
|
'label' => 'Platnosc przy odbiorze',
|
||||||
|
'tab' => 'settings',
|
||||||
|
]),
|
||||||
FormField::switch('status', [
|
FormField::switch('status', [
|
||||||
'label' => 'Aktywny',
|
'label' => 'Aktywny',
|
||||||
'tab' => 'settings',
|
'tab' => 'settings',
|
||||||
|
|||||||
@@ -32,6 +32,13 @@ class FormRequestHandler
|
|||||||
'data' => []
|
'data' => []
|
||||||
];
|
];
|
||||||
|
|
||||||
|
// Walidacja CSRF
|
||||||
|
$csrfToken = isset($postData['_csrf_token']) ? (string) $postData['_csrf_token'] : '';
|
||||||
|
if (!\Shared\Security\CsrfToken::validate($csrfToken)) {
|
||||||
|
$result['errors'] = ['csrf' => 'Nieprawidłowy token bezpieczeństwa. Odśwież stronę i spróbuj ponownie.'];
|
||||||
|
return $result;
|
||||||
|
}
|
||||||
|
|
||||||
// Walidacja
|
// Walidacja
|
||||||
$errors = $this->validator->validate($postData, $formViewModel->fields, $formViewModel->languages);
|
$errors = $this->validator->validate($postData, $formViewModel->fields, $formViewModel->languages);
|
||||||
|
|
||||||
|
|||||||
@@ -276,6 +276,19 @@ class ShopBasketController
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$existingOrderId = isset( $_SESSION[ self::ORDER_SUBMIT_LAST_ORDER_ID_SESSION_KEY ] )
|
||||||
|
? (int)$_SESSION[ self::ORDER_SUBMIT_LAST_ORDER_ID_SESSION_KEY ]
|
||||||
|
: 0;
|
||||||
|
if ( $existingOrderId > 0 )
|
||||||
|
{
|
||||||
|
$existingOrderHash = $this->orderRepository->findHashById( $existingOrderId );
|
||||||
|
if ( $existingOrderHash )
|
||||||
|
{
|
||||||
|
header( 'Location: /zamowienie/' . $existingOrderHash );
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
$client = \Shared\Helpers\Helpers::get_session( 'client' );
|
$client = \Shared\Helpers\Helpers::get_session( 'client' );
|
||||||
$orderSubmitToken = $this->createOrderSubmitToken();
|
$orderSubmitToken = $this->createOrderSubmitToken();
|
||||||
|
|
||||||
@@ -325,7 +338,10 @@ class ShopBasketController
|
|||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ( $order_id = $this->orderRepository->createFromBasket(
|
$order_id = null;
|
||||||
|
try
|
||||||
|
{
|
||||||
|
$order_id = $this->orderRepository->createFromBasket(
|
||||||
$client[ 'id' ],
|
$client[ 'id' ],
|
||||||
\Shared\Helpers\Helpers::get_session( 'basket' ),
|
\Shared\Helpers\Helpers::get_session( 'basket' ),
|
||||||
\Shared\Helpers\Helpers::get_session( 'basket-transport-method-id' ),
|
\Shared\Helpers\Helpers::get_session( 'basket-transport-method-id' ),
|
||||||
@@ -347,7 +363,17 @@ class ShopBasketController
|
|||||||
\Shared\Helpers\Helpers::get_session( 'basket_orlen_point_info' ),
|
\Shared\Helpers\Helpers::get_session( 'basket_orlen_point_info' ),
|
||||||
\Shared\Helpers\Helpers::get_session( 'coupon' ),
|
\Shared\Helpers\Helpers::get_session( 'coupon' ),
|
||||||
\Shared\Helpers\Helpers::get_session( 'basket_message' )
|
\Shared\Helpers\Helpers::get_session( 'basket_message' )
|
||||||
) )
|
);
|
||||||
|
}
|
||||||
|
catch ( \Exception $e )
|
||||||
|
{
|
||||||
|
error_log( '[basketSave] createFromBasket exception: ' . $e->getMessage() );
|
||||||
|
\Shared\Helpers\Helpers::error( \Shared\Helpers\Helpers::lang( 'zamowienie-zostalo-zlozone-komunikat-blad' ) );
|
||||||
|
header( 'Location: /koszyk' );
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
if ( $order_id )
|
||||||
{
|
{
|
||||||
\Shared\Helpers\Helpers::set_session( self::ORDER_SUBMIT_LAST_ORDER_ID_SESSION_KEY, (int)$order_id );
|
\Shared\Helpers\Helpers::set_session( self::ORDER_SUBMIT_LAST_ORDER_ID_SESSION_KEY, (int)$order_id );
|
||||||
\Shared\Helpers\Helpers::alert( \Shared\Helpers\Helpers::lang( 'zamowienie-zostalo-zlozone-komunikat' ) );
|
\Shared\Helpers\Helpers::alert( \Shared\Helpers\Helpers::lang( 'zamowienie-zostalo-zlozone-komunikat' ) );
|
||||||
|
|||||||
@@ -6,6 +6,8 @@ use Domain\Order\OrderAdminService;
|
|||||||
|
|
||||||
class ShopOrderController
|
class ShopOrderController
|
||||||
{
|
{
|
||||||
|
private const HOTPAY_HASH_SEED = 'ProjectPro1916;';
|
||||||
|
|
||||||
private $repository;
|
private $repository;
|
||||||
private $adminService;
|
private $adminService;
|
||||||
|
|
||||||
@@ -29,8 +31,6 @@ class ShopOrderController
|
|||||||
|
|
||||||
public function paymentStatusTpay()
|
public function paymentStatusTpay()
|
||||||
{
|
{
|
||||||
file_put_contents( 'tpay.txt', print_r( $_POST, true ) . print_r( $_GET, true ), FILE_APPEND );
|
|
||||||
|
|
||||||
if ( \Shared\Helpers\Helpers::get( 'tr_status' ) == 'TRUE' && \Shared\Helpers\Helpers::get( 'tr_crc' ) )
|
if ( \Shared\Helpers\Helpers::get( 'tr_status' ) == 'TRUE' && \Shared\Helpers\Helpers::get( 'tr_crc' ) )
|
||||||
{
|
{
|
||||||
$order = $this->repository->findRawByHash( \Shared\Helpers\Helpers::get( 'tr_crc' ) );
|
$order = $this->repository->findRawByHash( \Shared\Helpers\Helpers::get( 'tr_crc' ) );
|
||||||
@@ -102,7 +102,7 @@ class ShopOrderController
|
|||||||
$summary_tmp += $order['transport_cost'];
|
$summary_tmp += $order['transport_cost'];
|
||||||
endif;
|
endif;
|
||||||
|
|
||||||
if ( hash( "sha256", "ProjectPro1916;" . round( $summary_tmp, 2 ) . ";" . $_POST["ID_PLATNOSCI"] . ";" . $_POST["ID_ZAMOWIENIA"] . ";" . $_POST["STATUS"] . ";" . $_POST["SEKRET"] ) == $_POST["HASH"] )
|
if ( hash( "sha256", self::HOTPAY_HASH_SEED . round( $summary_tmp, 2 ) . ";" . $_POST["ID_PLATNOSCI"] . ";" . $_POST["ID_ZAMOWIENIA"] . ";" . $_POST["STATUS"] . ";" . $_POST["SEKRET"] ) == $_POST["HASH"] )
|
||||||
{
|
{
|
||||||
if ( $_POST["STATUS"] == "SUCCESS" )
|
if ( $_POST["STATUS"] == "SUCCESS" )
|
||||||
{
|
{
|
||||||
|
|||||||
@@ -2,11 +2,12 @@
|
|||||||
<div class="col-12 col-md-6 ">
|
<div class="col-12 col-md-6 ">
|
||||||
<div class="article-entry">
|
<div class="article-entry">
|
||||||
<? $this -> article['language']['seo_link'] ? $url = $this -> article['language']['seo_link'] : $url = 'a-' . $this -> article['id'] . '-' . \Shared\Helpers\Helpers::seo( $this -> article['language']['title'] );?>
|
<? $this -> article['language']['seo_link'] ? $url = $this -> article['language']['seo_link'] : $url = 'a-' . $this -> article['id'] . '-' . \Shared\Helpers\Helpers::seo( $this -> article['language']['title'] );?>
|
||||||
|
<? $safeTitle = htmlspecialchars( $this -> article['language']['title'], ENT_QUOTES, 'UTF-8' ); $safeUrl = htmlspecialchars( $url, ENT_QUOTES, 'UTF-8' );?>
|
||||||
<div class="blog-image">
|
<div class="blog-image">
|
||||||
<a href="/<?= $url;?>" title="<?= $this -> article['language']['title'];?>" <? if ( $this -> article['language']['noindex'] ):?>rel="nofollow"<? endif;?>> <img src="<?= \front\Views\Articles::getImage( $this -> article );?>" alt="<?= $this -> article['language']['title'];?>"></a>
|
<a href="/<?= $safeUrl;?>" title="<?= $safeTitle;?>" <? if ( $this -> article['language']['noindex'] ):?>rel="nofollow"<? endif;?>> <img src="<?= \front\Views\Articles::getImage( $this -> article );?>" alt="<?= $safeTitle;?>"></a>
|
||||||
</div>
|
</div>
|
||||||
<h3 class="article-title">
|
<h3 class="article-title">
|
||||||
<a href="/<? if ( \Shared\Helpers\Helpers::get_session( 'current-lang' ) != ( new \Domain\Languages\LanguagesRepository( $GLOBALS['mdb'] ) )->defaultLanguage() ) echo \Shared\Helpers\Helpers::get_session( 'current-lang' ) . '/';?><?= $url;?>" title="<?= $this -> article['language']['title'];?>" <? if ( $this -> article['language']['noindex'] ):?>rel="nofollow"<? endif;?>><?= $this -> article['language']['title'];?></a>
|
<a href="/<? if ( \Shared\Helpers\Helpers::get_session( 'current-lang' ) != ( new \Domain\Languages\LanguagesRepository( $GLOBALS['mdb'] ) )->defaultLanguage() ) echo \Shared\Helpers\Helpers::get_session( 'current-lang' ) . '/';?><?= $safeUrl;?>" title="<?= $safeTitle;?>" <? if ( $this -> article['language']['noindex'] ):?>rel="nofollow"<? endif;?>><?= $safeTitle;?></a>
|
||||||
</h3>
|
</h3>
|
||||||
<div class="date-add"><?= date( 'd.m.Y', strtotime( $this -> article['date_add'] ) );?></div>
|
<div class="date-add"><?= date( 'd.m.Y', strtotime( $this -> article['date_add'] ) );?></div>
|
||||||
<div class="entry">
|
<div class="entry">
|
||||||
@@ -32,6 +33,6 @@
|
|||||||
}
|
}
|
||||||
?>
|
?>
|
||||||
</div>
|
</div>
|
||||||
<a href="/<?= $url;?>" class="btn btn-success" title="<?= $this -> article['language']['title'];?>" <? if ( $this -> article['language']['noindex'] ):?>rel="nofollow"<? endif;?>><span class="text"><?= $lang['wiecej'];?></span></a>
|
<a href="/<?= $safeUrl;?>" class="btn btn-success" title="<?= $safeTitle;?>" <? if ( $this -> article['language']['noindex'] ):?>rel="nofollow"<? endif;?>><span class="text"><?= $lang['wiecej'];?></span></a>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
@@ -8,24 +8,26 @@ $text = \front\Views\Articles::generateHeadersIds( $text );
|
|||||||
$this -> article['language']['seo_link'] ? $url = $this -> article['language']['seo_link'] : $url = 'a-' . $this -> article['id'] . '-' . \Shared\Helpers\Helpers::seo( $this -> article['language']['title'] );
|
$this -> article['language']['seo_link'] ? $url = $this -> article['language']['seo_link'] : $url = 'a-' . $this -> article['id'] . '-' . \Shared\Helpers\Helpers::seo( $this -> article['language']['title'] );
|
||||||
|
|
||||||
if ( $this -> article['show_title'] )
|
if ( $this -> article['show_title'] )
|
||||||
echo '<h3 class="article-title">' . $this -> article['language']['title'] . '</h3>';
|
echo '<h3 class="article-title">' . htmlspecialchars( $this -> article['language']['title'], ENT_QUOTES, 'UTF-8' ) . '</h3>';
|
||||||
|
|
||||||
if ( $this -> article['social_icons'] ):
|
if ( $this -> article['social_icons'] ):
|
||||||
|
$safeHost = htmlspecialchars( $_SERVER['SERVER_NAME'], ENT_QUOTES, 'UTF-8' );
|
||||||
|
$safeUrl = htmlspecialchars( $url, ENT_QUOTES, 'UTF-8' );
|
||||||
?>
|
?>
|
||||||
<div class="social-icons">
|
<div class="social-icons">
|
||||||
<a class="fb" href="http://www.facebook.com/sharer.php?u=http://www.<?= $_SERVER['SERVER_NAME'];?>/<?= $url;?>" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;" title="facebook" target="_blank" rel="nofollow">
|
<a class="fb" href="http://www.facebook.com/sharer.php?u=http://www.<?= $safeHost;?>/<?= $safeUrl;?>" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;" title="facebook" target="_blank" rel="nofollow">
|
||||||
<img src="/images/system/logo-facebook.jpg" alt="facebook">
|
<img src="/images/system/logo-facebook.jpg" alt="facebook">
|
||||||
</a>
|
</a>
|
||||||
<a class="pinterest" href="http://pinterest.com/pin/create/button/?url=http://www.<?= $_SERVER['SERVER_NAME'];?>/<?= $url;?>" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;" title="pinterest" target="_blank" rel="nofollow">
|
<a class="pinterest" href="http://pinterest.com/pin/create/button/?url=http://www.<?= $safeHost;?>/<?= $safeUrl;?>" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;" title="pinterest" target="_blank" rel="nofollow">
|
||||||
<img src="/images/system/logo-pinterest.jpg" alt="pinterest">
|
<img src="/images/system/logo-pinterest.jpg" alt="pinterest">
|
||||||
</a>
|
</a>
|
||||||
<a class="twitter" href="http://twitter.com/share?url=http://www.<?= $_SERVER['SERVER_NAME'];?>/<?= $url;?>" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=450,width=600');return false;" title="twitter" target="_blank" rel="nofollow">
|
<a class="twitter" href="http://twitter.com/share?url=http://www.<?= $safeHost;?>/<?= $safeUrl;?>" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=450,width=600');return false;" title="twitter" target="_blank" rel="nofollow">
|
||||||
<img src="/images/system/logo-twitter.jpg" alt="twitter">
|
<img src="/images/system/logo-twitter.jpg" alt="twitter">
|
||||||
</a>
|
</a>
|
||||||
<a class="linkedin" href="http://www.linkedin.com/shareArticle?mini=true&url=http://www.<?= $_SERVER['SERVER_NAME'];?>/<?= $url;?>" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=500,width=850');return false;" title="linked in" target="_blank" rel="nofollow">
|
<a class="linkedin" href="http://www.linkedin.com/shareArticle?mini=true&url=http://www.<?= $safeHost;?>/<?= $safeUrl;?>" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=500,width=850');return false;" title="linked in" target="_blank" rel="nofollow">
|
||||||
<img src="/images/system/logo-linkedin.jpg" alt="linkedin">
|
<img src="/images/system/logo-linkedin.jpg" alt="linkedin">
|
||||||
</a>
|
</a>
|
||||||
<a class="gp" href="https://plus.google.com/share?url=http://www.<?= $_SERVER['SERVER_NAME'];?>/<?= $url;?>" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;" title="google+" target="_blank" rel="nofollow">
|
<a class="gp" href="https://plus.google.com/share?url=http://www.<?= $safeHost;?>/<?= $safeUrl;?>" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;" title="google+" target="_blank" rel="nofollow">
|
||||||
<img src="/images/system/logo-google.jpg" alt="google+">
|
<img src="/images/system/logo-google.jpg" alt="google+">
|
||||||
</a>
|
</a>
|
||||||
</div>
|
</div>
|
||||||
|
|||||||
@@ -82,7 +82,7 @@
|
|||||||
<? endforeach;?>
|
<? endforeach;?>
|
||||||
<div class="hr"></div>
|
<div class="hr"></div>
|
||||||
<div class="basket-summary">
|
<div class="basket-summary">
|
||||||
Wartość koszyka: 1
|
Wartość koszyka:
|
||||||
<span>
|
<span>
|
||||||
<?= \Shared\Helpers\Helpers::decimal( $summary );?> zł
|
<?= \Shared\Helpers\Helpers::decimal( $summary );?> zł
|
||||||
</span>
|
</span>
|
||||||
|
|||||||
@@ -95,17 +95,23 @@
|
|||||||
<? endif;?>
|
<? endif;?>
|
||||||
<div class="basket-summary">
|
<div class="basket-summary">
|
||||||
<?= $this -> transport[ 'name_visible' ];?>:
|
<?= $this -> transport[ 'name_visible' ];?>:
|
||||||
<span>
|
|
||||||
<?= $summary >= $this -> settings[ 'free_delivery' ] ? '0,00' : \Shared\Helpers\Helpers::decimal( $this -> transport[ 'cost' ] );?> zł
|
<? if ( $this -> transport[ 'delivery_free' ] == 1 ):?>
|
||||||
</span>
|
<span>0,00 zł</span>
|
||||||
|
<? else:?>
|
||||||
|
<span>
|
||||||
|
<?= \Shared\Helpers\Helpers::decimal( $this -> transport[ 'cost' ] );?> zł
|
||||||
|
</span>
|
||||||
|
<? endif;?>
|
||||||
</div>
|
</div>
|
||||||
<div class="basket-summary big">
|
<div class="basket-summary big">
|
||||||
Razem:
|
|
||||||
<?
|
<?
|
||||||
if ( $discount )
|
if ( $discount )
|
||||||
$summary -= $discount;
|
$summary -= $discount;
|
||||||
?>
|
?>
|
||||||
<span id="order-summary"><?= $summary >= $this -> settings[ 'free_delivery' ] ? \Shared\Helpers\Helpers::decimal( $summary ) : \Shared\Helpers\Helpers::decimal( $summary + $this -> transport[ 'cost' ] );?> zł</span>
|
<span id="order-summary">
|
||||||
|
<?= $this -> transport[ 'delivery_free' ] == 1 ? \Shared\Helpers\Helpers::decimal( $summary ) : \Shared\Helpers\Helpers::decimal( $summary + $this -> transport[ 'cost' ] );?> zł
|
||||||
|
</span>
|
||||||
</div>
|
</div>
|
||||||
<div class="basket-summary">
|
<div class="basket-summary">
|
||||||
<?= $this -> payment_method[ 'name' ];?>
|
<?= $this -> payment_method[ 'name' ];?>
|
||||||
|
|||||||
Reference in New Issue
Block a user