Project-Pro/shopPRO
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Project-Pro:v0.330
Branches Tags
Project-Pro:main
Project-Pro:v0.345 Project-Pro:v0.344 Project-Pro:v0.343 Project-Pro:v0.342 Project-Pro:v0.341 Project-Pro:v0.340 Project-Pro:v0.339 Project-Pro:v0.338 Project-Pro:v0.337 Project-Pro:v0.336 Project-Pro:v0.335 Project-Pro:v0.334 Project-Pro:v0.333 Project-Pro:v0.332 Project-Pro:v0.331 Project-Pro:v0.330 Project-Pro:v0.329 Project-Pro:v0.328 Project-Pro:v0.327 Project-Pro:v0.326 Project-Pro:v0.325 Project-Pro:v0.324 Project-Pro:v0.323 Project-Pro:v0.322 Project-Pro:v0.321 Project-Pro:v0.320 Project-Pro:v0.319 Project-Pro:v0.318 Project-Pro:v0.317 Project-Pro:v0.316 Project-Pro:v0.315 Project-Pro:v0.314 Project-Pro:v0.313 Project-Pro:v0.312 Project-Pro:v0.311 Project-Pro:v0.310 Project-Pro:v0.309 Project-Pro:v0.308 Project-Pro:v0.307 Project-Pro:v0.306 Project-Pro:v0.305 Project-Pro:v0.304 Project-Pro:v0.303 Project-Pro:v0.302 Project-Pro:v0.301 Project-Pro:v0.300 Project-Pro:v0.299
...
compare: Project-Pro:v0.336
Branches Tags
Project-Pro:main
Project-Pro:v0.345 Project-Pro:v0.344 Project-Pro:v0.343 Project-Pro:v0.342 Project-Pro:v0.341 Project-Pro:v0.340 Project-Pro:v0.339 Project-Pro:v0.338 Project-Pro:v0.337 Project-Pro:v0.336 Project-Pro:v0.335 Project-Pro:v0.334 Project-Pro:v0.333 Project-Pro:v0.332 Project-Pro:v0.331 Project-Pro:v0.330 Project-Pro:v0.329 Project-Pro:v0.328 Project-Pro:v0.327 Project-Pro:v0.326 Project-Pro:v0.325 Project-Pro:v0.324 Project-Pro:v0.323 Project-Pro:v0.322 Project-Pro:v0.321 Project-Pro:v0.320 Project-Pro:v0.319 Project-Pro:v0.318 Project-Pro:v0.317 Project-Pro:v0.316 Project-Pro:v0.315 Project-Pro:v0.314 Project-Pro:v0.313 Project-Pro:v0.312 Project-Pro:v0.311 Project-Pro:v0.310 Project-Pro:v0.309 Project-Pro:v0.308 Project-Pro:v0.307 Project-Pro:v0.306 Project-Pro:v0.305 Project-Pro:v0.304 Project-Pro:v0.303 Project-Pro:v0.302 Project-Pro:v0.301 Project-Pro:v0.300 Project-Pro:v0.299

21 Commits
v0.330 ... v0.336

Author SHA1 Message Date
Jacek
35aa00a457 docs: changelog ver_0.336 2026-03-12 09:30:56 +01:00
Jacek
31426d763e security: faza 3 - error handling w krytycznych sciezkach 
- cron.php: przywrocono E_WARNING i E_DEPRECATED (wyciszono tylko E_NOTICE i E_STRICT)
- IntegrationsRepository: try-catch po zapisie tokenow Apilo - blad DB nie sklada false po cichu
- ProductRepository/ArticleRepository: error_log gdy safeUnlink wykryje sciezke poza upload/

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-12 09:30:23 +01:00
Jacek
c4ce330d01 build: ver_0.335 - safeUnlink path traversal, XSS escaping szablony artykulow 2026-03-12 09:23:29 +01:00
Jacek
e92c14c9ab docs: changelog ver_0.335 2026-03-12 09:23:02 +01:00
Jacek
394d09d3e1 security: faza 2 - safeUnlink() i escaping XSS w szablonach artykulow 
- ProductRepository: dodano safeUnlink() z walidacja realpath() - zapobiega path traversal
- ArticleRepository: to samo, 4 metody usuwania plikow zaktualizowane
- templates/articles/article-full.php: htmlspecialchars() na tytule, SERVER_NAME i $url
- templates/articles/article-entry.php: htmlspecialchars() na tytule i $url (3 miejsca)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-12 09:22:32 +01:00
Jacek
564b4eab40 build: ver_0.334 - poprawki bezpieczenstwa, usunieto RedBeanPHP 2026-03-12 09:19:33 +01:00
Jacek
b1a15b4895 docs: changelog ver_0.334 - poprawki bezpieczenstwa 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-12 09:19:15 +01:00
Jacek
167b11679d security: faza 1 - usuniecie debug logu tpay, naprawa SQL i usun rb.php 
- ShopOrderController: usunieto file_put_contents do tpay.txt (ujawnial dane platnicze)
- ShopOrderController: hardcoded sekret HotPay przeniesiony do stałej HOTPAY_HASH_SEED
- IntegrationsRepository: zastapiono raw SQL query('SELECT * FROM $table') metodą Medoo select()
- index.php + admin/index.php: usunieto RedBeanPHP (rb.php) - biblioteka byla ladowana ale nieuzywana
- libraries/rb.php: usunieto plik (536 KB, zero uzyc w kodzie aplikacji)
- Testy IntegrationsRepository zaktualizowane do nowego API (select zamiast query)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-12 09:18:37 +01:00
Jacek
f268e3b5d4 feat: update workflow documentation and add release process steps 2026-03-10 23:33:52 +01:00
Jacek
3e073d2719 build: ver_0.333 - ochrona przed podwójnym składaniem zamówienia 
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-10 21:50:58 +01:00
Jacek
c7be154d57 feat: ochrona przed podwójnym składaniem zamówienia (order submit token) 
Token CSRF w sesji zapobiega duplikowaniu zamówień przy wielokrotnym
kliknięciu przycisku. Przy duplikacie przekierowanie do istniejącego
zamówienia. JS naprawiony — nasłuch na submit formularza zamiast click.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-10 21:50:21 +01:00
Jacek
e0a1847127 feat(api): Introduce shopPRO API documentation and endpoints 
- Added api-reference.json for API specifications including authentication, response formats, and available endpoints.
- Created index.html for public API documentation, dynamically loading endpoint details from api-reference.json.
- Removed htaccess.conf file and migrated routing logic to pp_routes for improved maintainability.
- Added new 'type' column in pp_routes to differentiate between entity and system routes.
 2026-03-08 10:29:06 +01:00
Jacek
b085c597ca build: ver_0.332 - nowy ZIP z plikami API i ProductRepository 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-01 22:09:11 +01:00
Jacek
34916b2dad feat: API produktów - nowe pola new_to_date i additional_message (v0.332) 
- ProductRepository::getProductForApi() eksportuje new_to_date, additional_message,
  additional_message_required, additional_message_text
- ProductsApiController obsługuje te pola w PUT/PATCH
- Zaktualizowana dokumentacja API.md i CHANGELOG

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-01 22:08:12 +01:00
Jacek
6fa48129f8 update 2026-03-01 00:58:14 +01:00
Jacek
4b3208f824 build: ver_0.330 - nowy ZIP z index.php, zaktualizowany manifest 
Poprzedni ZIP był uszkodzony (brak end of central directory).
Nowy ZIP zawiera index.php (v0.330), SHA256 zaktualizowany w manifeście.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-01 00:57:31 +01:00
Jacek
7d0e4558ab build: paczki v0.330 manifest + v0.331; aktualizacja KONIEC PRACY w CLAUDE.md 
- Dodano ver_0.330_manifest.json (brakujący manifest pobrany z serwera)
- Nowa paczka ver_0.331.zip: fix getProductLayout fallback (LayoutsRepository)
- versions.php: current_ver=331
- CLAUDE.md: KONIEC PRACY rozszerzony o kroki 6-7 (build paczki + commit paczki)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-01 00:53:47 +01:00
Jacek
9bbcc032c2 fix: getProductLayout używał layoutu kategorii zamiast domyślnego (v0.331) 
Fallback w LayoutsRepository::getProductLayout() zmieniony z
categories_default=1 na status=1 — produkty bez przypisanego layoutu
pobierają teraz właściwy domyślny szablon zamiast szablonu kategorii.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-01 00:42:41 +01:00
Jacek Pyziak
c9cb10950f update 2026-02-28 12:08:31 +01:00
Jacek Pyziak
1cd18c052f update 2026-02-27 23:42:35 +01:00
Jacek Pyziak
d60e335ca6 build: update package v0.329 — routing przez pp_routes + eliminacja htaccess.conf 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-02-27 23:05:24 +01:00
53 changed files with 1336 additions and 19318 deletions
Expand all files Collapse all files

86
.claude/commands/koniec-pracy.md Normal file
View File

@@ -0,0 +1,86 @@
# shopPRO — Koniec Pracy (release workflow)
Execute the full release workflow for shopPRO. This is a sequential pipeline — each step depends on the previous one succeeding. Stop and report if any step fails.
## Step 1: Run tests
Run the full PHPUnit test suite:
```bash
php phpunit.phar
```
All tests must pass. If any test fails, stop here — do not proceed to commit. Report the failures and wait for instructions.
## Step 2: Determine version
Read the latest git tag to determine the current version number:
```bash
git tag --sort=-v:refname | head -1
```
The new version is the previous version incremented by 1 (e.g., v0.333 → v0.334). Use this version number throughout the remaining steps.
## Step 3: Update documentation
Update these docs files **only if** changes in this session affect them:
| File | When to update |
|------|---------------|
| `docs/CHANGELOG.md` | Always — add a new version entry at the top describing what changed |
| `docs/TESTING.md` | If tests were added/removed — update test count and structure |
| `CLAUDE.md` | If test count changed — update the "Current suite" line |
| `docs/DATABASE_STRUCTURE.md` | If database schema changed |
| `docs/PROJECT_STRUCTURE.md` | If architecture/files changed significantly |
| `docs/FORM_EDIT_SYSTEM.md` | If form system was modified |
## Step 4: SQL migrations
If database schema changes were made, create a migration file at `migrations/{version}.sql` (e.g., `migrations/0.334.sql`). Do NOT put SQL files in `updates/` — the build script reads from `migrations/` automatically.
If no DB changes were made, skip this step.
## Step 5: Commit
Stage all relevant changed files (source code, templates, tests, docs, migrations) and commit with a descriptive message. Do NOT stage `.serena/`, `.env`, or credentials files.
Use this commit message format:
```
feat/fix/refactor: concise description of what changed
Longer explanation if needed.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
```
## Step 6: Push
```bash
git push
```
## Step 7: Build update package
Tag the new version and run the build script:
```bash
git tag v0.{VERSION}
powershell.exe -ExecutionPolicy Bypass -File build-update.ps1 -FromTag v0.{PREV_VERSION} -ToTag v0.{VERSION} -ChangelogEntry "{changelog_description}"
```
The `{changelog_description}` should be a short Polish description of the changes (matching the CHANGELOG entry).
## Step 8: Commit and push the package
Stage the generated update files and commit:
```bash
git add updates/0.30/ver_0.{VERSION}.zip updates/0.30/ver_0.{VERSION}_manifest.json updates/versions.php updates/changelog-data.html
git commit -m "build: ver_0.{VERSION} - {short_description}"
git push
git push origin v0.{VERSION}
```
## Step 9: Report summary
Print a summary:
- Version number
- Test results (count, assertions)
- Files changed
- Commit hashes
- Update package path
- Tag name

6
.claude/settings.local.json
View File

@@ -70,7 +70,11 @@
"mcp__serena__find_referencing_symbols",
"Bash(cd C:\\\\visual studio code\\\\projekty\\\\shopPRO:*)",
"Bash(cd \"/c/visual studio code/projekty/shopPRO\" && rm -rf temp/temp_317 && powershell -ExecutionPolicy Bypass -File build-update.ps1 -FromTag v0.316 -ToTag v0.317 -ChangelogEntry \"FIX - klucz API: fix zapisu \\(brakowalo w whiteliście\\), przycisk Generuj losowy klucz, ulepszony routing API\" 2>&1)",
"Bash(./test.ps1)"
"Bash(./test.ps1)",
"mcp__serena__read_memory",
"Bash(mysql -h host117523.hostido.net.pl -u host117523_shoppro -pmhA9WCEXEnRfTtbN33hL host117523_shoppro -e \"SELECT pattern, destination FROM pp_routes WHERE destination LIKE ''%product%'' OR destination LIKE ''%category%'' LIMIT 20;\")",
"Bash(/c/xampp/php/php.exe -r \":*)",
"Bash(/c/xampp/php/php.exe phpunit.phar --configuration phpunit.xml)"
]
}
}

205
.htaccess
View File

@@ -7,67 +7,25 @@ Options -Indexes
RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]
RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]
# Przekierowanie z http na https, jeśli nie zawiera www
# Przekierowanie z http na https, jesli nie zawiera www
RewriteCond %{HTTPS} off
RewriteCond %{REQUEST_URI} !^/(tpay-status|platnosc-status|przelewy24-status)$ [NC]
RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]
# Usuwanie końcowego slash'a dla niekatalogów
# Usuwanie koncowego slasha dla niekatalogów
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_URI} !^/admin/.*$ [NC] # Wyklucza ścieżki rozpoczynające się od "admin/"
RewriteCond %{REQUEST_URI} !^/admin/.*$ [NC]
RewriteCond %{REQUEST_URI} (.+)/$
RewriteRule ^ %1 [R=301,L]
ErrorDocument 404 /index.php
RewriteCond %{REQUEST_URI} !^(.*)/libraries/(.*) [NC]
RewriteCond %{REQUEST_URI} !^(.*)/layout/(.*) [NC]
RewriteRule ^admin/([^/]*)/([^/]*)/(.*)$ admin/index.php?module=$1&action=$2&$3 [QSA,L]
RewriteRule ^admin/([^/]*)/([^/]*)/(.*)$ admin/index.php?module=$1&action=$2&$3 [L]
RewriteRule ^admin/$ admin/index.php [L]
RewriteRule ^wyszukiwarka/(.*)/([0-9]*)$ index.php?module=search&action=search_results&query=$1&bs=$2 [L]
RewriteRule ^wyszukiwarka/(.*)$ index.php?module=search&action=search_results&query=$1&bs=1 [L]
RewriteRule ^zamowienie/([a-zA-Z0-9-]*)$ index.php?module=shop_order&action=order_details&order_hash=$1 [L]
RewriteRule ^potwierdzenie-platnosci/([a-zA-Z0-9-]*)$ index.php?module=shop_order&action=payment_confirmation&order_hash=$1 [L]
RewriteRule ^tpay-status$ index.php?module=shop_order&action=payment_status_tpay%{QUERY_STRING} [L]
RewriteRule ^platnosc-status$ index.php?module=shop_order&action=payment_status_hotpay%{QUERY_STRING} [L]
RewriteRule ^przelewy24-status$ index.php?module=shop_order&action=payment_status_przelewy24pl%{QUERY_STRING} [L]
RewriteRule ^koszyk$ index.php?module=shop_basket&action=main_view [L]
RewriteRule ^koszyk-podsumowanie$ index.php?module=shop_basket&action=summary_view [L]
RewriteRule ^zloz-zamowienie$ index.php?module=shop_basket&action=basket_save [L]
RewriteRule ^rejestracja$ index.php?module=shop_client&action=register_form [L]
RewriteRule ^logowanie$ index.php?module=shop_client&action=login_form [L]
RewriteRule ^wylogowanie$ index.php?module=shop_client&action=logout [L]
RewriteRule ^odzyskiwanie-hasla$ index.php?module=shop_client&action=recover_password [L]
RewriteRule ^panel-klienta/zamowienia$ index.php?module=shop_client&action=client_orders [L]
RewriteRule ^panel-klienta/adresy$ index.php?module=shop_client&action=client_addresses [L]
RewriteRule ^panel-klienta/nowy-adres$ index.php?module=shop_client&action=address_edit [L]
RewriteRule ^panel-klienta/edytuj-adres/([0-9]*)$ index.php?module=shop_client&action=address_edit&id=$1 [L]
RewriteRule ^panel-klienta/usun-adres/([0-9]*)$ index.php?module=shop_client&action=address_delete&id=$1 [L]
RewriteRule ^thumb/([0-9]*)/([0-9]*)/(.*)$ /libraries/thumb.php?img=$3&w=$1&h=$2 [L]
RewriteCond %{REQUEST_URI} ^/shopBasket/(.*)/(.*) [NC]
RewriteRule ^([^/]*)/([^/]*)/(.*)$ index.php?module=$1&action=$2&$3 [L]
RewriteCond %{REQUEST_URI} ^/shopClient/(.*)/(.*) [NC]
RewriteRule ^([^/]*)/([^/]*)/(.*)$ index.php?module=$1&action=$2&$3 [L]
RewriteCond %{REQUEST_URI} ^/shopProduct/(.*)/(.*) [NC]
RewriteRule ^([^/]*)/([^/]*)/(.*)$ index.php?module=$1&action=$2&$3 [L]
RewriteCond %{REQUEST_URI} ^/shopCoupon/(.*)/(.*) [NC]
RewriteRule ^([^/]*)/([^/]*)/(.*)$ index.php?module=$1&action=$2&$3 [L]
RewriteCond %{REQUEST_URI} ^/search/(.*)/(.*) [NC]
RewriteRule ^([^/]*)/([^/]*)/(.*)$ index.php?module=$1&action=$2&$3 [L]
RewriteCond %{REQUEST_URI} ^/shopBasket/(.*) [NC]
RewriteRule ^([^/]*)/([^/]*)$ index.php?module=$1&action=$2 [L]
RewriteCond %{REQUEST_URI} ^/shopClient/(.*) [NC]
RewriteRule ^([^/]*)/([^/]*)$ index.php?module=$1&action=$2 [L]
RewriteCond %{REQUEST_URI} ^/shopProduct/(.*) [NC]
RewriteRule ^([^/]*)/([^/]*)$ index.php?module=$1&action=$2 [L]
RewriteCond %{REQUEST_URI} ^/shopCoupon/(.*) [NC]
RewriteRule ^([^/]*)/([^/]*)$ index.php?module=$1&action=$2 [L]
RewriteCond %{REQUEST_URI} ^/search/(.*) [NC]
RewriteRule ^([^/]*)/([^/]*)$ index.php?module=$1&action=$2 [L]
RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index.php
RewriteRule ^ /%1 [R=301,L]
<IfModule mod_deflate.c>
@@ -116,168 +74,17 @@ ExpiresByType image/svg+xml "access plus 1 month"
Order Deny,Allow
Deny from all
</Files>
RewriteRule ^pl/$ index.php?a=change_language&id=pl [L]
RewriteRule ^en/$ index.php?a=change_language&id=en [L]
RewriteRule ^newsletter/signin/$ index.php?module=newsletter&action=signin [L]
RewriteRule ^newsletter/confirm/hash=(.*)$ index.php?module=newsletter&action=confirm&hash=$1 [L]
RewriteRule ^newsletter/unsubscribe/hash=(.*)$ index.php?module=newsletter&action=unsubscribe&hash=$1 [L]
RewriteRule ^producenci$ index.php?module=shop_producer&action=list&layout_id=2&%{QUERY_STRING} [L]
RewriteRule ^producent/bibs$ index.php?module=shop_producer&action=products&producer_id=3&layout_id=2&%{QUERY_STRING} [L]
RewriteRule ^producent/bibs/([0-9]+)$ index.php?module=shop_producer&action=products&producer_id=3&layout_id=2&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^sen-i-otulenie$ index.php?category=10&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^sen-i-otulenie/([0-9]+)$ index.php?category=10&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^sen-i-otulenie/1$ sen-i-otulenie [R=301,L]
RewriteRule ^kocyki-minky$ index.php?category=5&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^kocyki-minky/([0-9]+)$ index.php?category=5&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^kocyki-minky/1$ kocyki-minky [R=301,L]
RewriteRule ^kocyki-niemowlece-minky-50x70$ index.php?category=6&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^kocyki-niemowlece-minky-50x70/([0-9]+)$ index.php?category=6&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^kocyki-niemowlece-minky-50x70/1$ kocyki-niemowlece-minky-50x70 [R=301,L]
RewriteRule ^kocyki-sredniaka-minky-75x100$ index.php?category=7&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^kocyki-sredniaka-minky-75x100/([0-9]+)$ index.php?category=7&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^kocyki-sredniaka-minky-75x100/1$ kocyki-sredniaka-minky-75x100 [R=301,L]
RewriteRule ^kocyki-przedszkolaka-minky-100x130$ index.php?category=8&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^kocyki-przedszkolaka-minky-100x130/([0-9]+)$ index.php?category=8&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^kocyki-przedszkolaka-minky-100x130/1$ kocyki-przedszkolaka-minky-100x130 [R=301,L]
RewriteRule ^poduszki$ index.php?category=2&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^poduszki/([0-9]+)$ index.php?category=2&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^poduszki/1$ poduszki [R=301,L]
RewriteRule ^poduszki-niemowlaka-minky-25x35$ index.php?category=18&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^poduszki-niemowlaka-minky-25x35/([0-9]+)$ index.php?category=18&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^poduszki-niemowlaka-minky-25x35/1$ poduszki-niemowlaka-minky-25x35 [R=301,L]
RewriteRule ^poduszki/gwiazdki-40x40$ index.php?category=9&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^poduszki/gwiazdki-40x40/([0-9]+)$ index.php?category=9&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^poduszki/gwiazdki-40x40/1$ poduszki/gwiazdki-40x40 [R=301,L]
RewriteRule ^rozki$ index.php?category=1&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^rozki/([0-9]+)$ index.php?category=1&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^rozki/1$ rozki [R=301,L]
RewriteRule ^akcesoria$ index.php?category=4&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^akcesoria/([0-9]+)$ index.php?category=4&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^akcesoria/1$ akcesoria [R=301,L]
RewriteRule ^metryczki-dzieciece$ index.php?category=11&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^metryczki-dzieciece/([0-9]+)$ index.php?category=11&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^metryczki-dzieciece/1$ metryczki-dzieciece [R=301,L]
RewriteRule ^metryczki-ze-zdjeciem$ index.php?category=39&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^metryczki-ze-zdjeciem/([0-9]+)$ index.php?category=39&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^metryczki-ze-zdjeciem/1$ metryczki-ze-zdjeciem [R=301,L]
RewriteRule ^metryczki-dla-dziewczynki$ index.php?category=40&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^metryczki-dla-dziewczynki/([0-9]+)$ index.php?category=40&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^metryczki-dla-dziewczynki/1$ metryczki-dla-dziewczynki [R=301,L]
RewriteRule ^metryczki-dla-chlopca$ index.php?category=41&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^metryczki-dla-chlopca/([0-9]+)$ index.php?category=41&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^metryczki-dla-chlopca/1$ metryczki-dla-chlopca [R=301,L]
RewriteRule ^termofory-dla-dzieci$ index.php?category=17&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^termofory-dla-dzieci/([0-9]+)$ index.php?category=17&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^termofory-dla-dzieci/1$ termofory-dla-dzieci [R=301,L]
RewriteRule ^zawieszki$ index.php?category=43&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^zawieszki/([0-9]+)$ index.php?category=43&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^zawieszki/1$ zawieszki [R=301,L]
RewriteRule ^zawieszki-dekoracyjne$ index.php?category=32&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^zawieszki-dekoracyjne/([0-9]+)$ index.php?category=32&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^zawieszki-dekoracyjne/1$ zawieszki-dekoracyjne [R=301,L]
RewriteRule ^zawieszki-do-smoczkow-i-gryzakow$ index.php?category=44&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^zawieszki-do-smoczkow-i-gryzakow/([0-9]+)$ index.php?category=44&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^zawieszki-do-smoczkow-i-gryzakow/1$ zawieszki-do-smoczkow-i-gryzakow [R=301,L]
RewriteRule ^zawieszki-do-wozka$ index.php?category=45&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^zawieszki-do-wozka/([0-9]+)$ index.php?category=45&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^zawieszki-do-wozka/1$ zawieszki-do-wozka [R=301,L]
RewriteRule ^odziez-dziecieca$ index.php?category=12&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^odziez-dziecieca/([0-9]+)$ index.php?category=12&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^odziez-dziecieca/1$ odziez-dziecieca [R=301,L]
RewriteRule ^apaszki$ index.php?category=35&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^apaszki/([0-9]+)$ index.php?category=35&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^apaszki/1$ apaszki [R=301,L]
RewriteRule ^kominy-dzieciece$ index.php?category=15&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^kominy-dzieciece/([0-9]+)$ index.php?category=15&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^kominy-dzieciece/1$ kominy-dzieciece [R=301,L]
RewriteRule ^opaski$ index.php?category=37&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^opaski/([0-9]+)$ index.php?category=37&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^opaski/1$ opaski [R=301,L]
RewriteRule ^opaski-pin-up$ index.php?category=38&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^opaski-pin-up/([0-9]+)$ index.php?category=38&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^opaski-pin-up/1$ opaski-pin-up [R=301,L]
RewriteRule ^turbany$ index.php?category=14&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^turbany/([0-9]+)$ index.php?category=14&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^turbany/1$ turbany [R=301,L]
RewriteRule ^ubrania-dla-dziewczynek$ index.php?category=13&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^ubrania-dla-dziewczynek/([0-9]+)$ index.php?category=13&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^ubrania-dla-dziewczynek/1$ ubrania-dla-dziewczynek [R=301,L]
RewriteRule ^zestawy-i-kolekcje$ index.php?category=16&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^zestawy-i-kolekcje/([0-9]+)$ index.php?category=16&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^zestawy-i-kolekcje/1$ zestawy-i-kolekcje [R=301,L]
RewriteRule ^zestawy$ index.php?category=20&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^zestawy/([0-9]+)$ index.php?category=20&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^zestawy/1$ zestawy [R=301,L]
RewriteRule ^komplet-niemowlaka$ index.php?category=24&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^komplet-niemowlaka/([0-9]+)$ index.php?category=24&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^komplet-niemowlaka/1$ komplet-niemowlaka [R=301,L]
RewriteRule ^komplet-sredniaka$ index.php?category=28&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^komplet-sredniaka/([0-9]+)$ index.php?category=28&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^komplet-sredniaka/1$ komplet-sredniaka [R=301,L]
RewriteRule ^kolekcje$ index.php?category=29&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^kolekcje/([0-9]+)$ index.php?category=29&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^kolekcje/1$ kolekcje [R=301,L]
RewriteRule ^mama-bear-chmurki-mietowe$ index.php?category=36&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^mama-bear-chmurki-mietowe/([0-9]+)$ index.php?category=36&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^mama-bear-chmurki-mietowe/1$ mama-bear-chmurki-mietowe [R=301,L]
RewriteRule ^koniki-na-biegunach$ index.php?category=31&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^koniki-na-biegunach/([0-9]+)$ index.php?category=31&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^koniki-na-biegunach/1$ koniki-na-biegunach [R=301,L]
RewriteRule ^kroliki-na-hustawkach$ index.php?category=30&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^kroliki-na-hustawkach/([0-9]+)$ index.php?category=30&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^kroliki-na-hustawkach/1$ kroliki-na-hustawkach [R=301,L]
RewriteRule ^wyprzedaz$ index.php?category=27&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^wyprzedaz/([0-9]+)$ index.php?category=27&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^wyprzedaz/1$ wyprzedaz [R=301,L]
RewriteRule ^en/kocyk-minky-niemowlaka-50x70-en$ index.php?category=6&lang=en&%{QUERY_STRING} [L]
RewriteRule ^en/kocyk-minky-niemowlaka-50x70-en/([0-9]+)$ index.php?category=6&lang=en&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^en/kocyk-minky-niemowlaka-50x70-en/1$ en/kocyk-minky-niemowlaka-50x70-en [R=301,L]
RewriteCond %{REQUEST_URI} ^/home$
RewriteRule ^(.*)$ http://www.shoppro.project-dc.pl/ [R=permanent,L]
RewriteCond %{REQUEST_URI} ^/home-1$
RewriteRule ^(.*)$ http://www.shoppro.project-dc.pl/ [R=permanent,L]
RewriteRule ^$ index.php?a=page&id=6&lang=pl [L]
RewriteRule ^home$ index.php?a=page&id=6&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^home/([0-9]+)$ index.php?a=page&id=6&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^home/1$ home [R=301,L]
RewriteRule ^regulamin$ index.php?a=page&id=12&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^regulamin/([0-9]+)$ index.php?a=page&id=12&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^regulamin/1$ regulamin [R=301,L]
RewriteRule ^formy-platnosci$ index.php?a=page&id=13&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^formy-platnosci/([0-9]+)$ index.php?a=page&id=13&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^formy-platnosci/1$ formy-platnosci [R=301,L]
RewriteRule ^koszty-dostawy$ index.php?a=page&id=14&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^koszty-dostawy/([0-9]+)$ index.php?a=page&id=14&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^koszty-dostawy/1$ koszty-dostawy [R=301,L]
RewriteRule ^zwroty-i-reklamacje$ index.php?a=page&id=15&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^zwroty-i-reklamacje/([0-9]+)$ index.php?a=page&id=15&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^zwroty-i-reklamacje/1$ zwroty-i-reklamacje [R=301,L]
RewriteRule ^o-nas$ index.php?a=page&id=4&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^o-nas/([0-9]+)$ index.php?a=page&id=4&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^o-nas/1$ o-nas [R=301,L]
RewriteRule ^blog$ index.php?a=page&id=9&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^blog/([0-9]+)$ index.php?a=page&id=9&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^blog/1$ blog [R=301,L]
RewriteRule ^kontakt$ index.php?a=page&id=5&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^kontakt/([0-9]+)$ index.php?a=page&id=5&lang=pl&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^kontakt/1$ kontakt [R=301,L]
RewriteRule ^kolka-u-niemowlat-przyczyny-objawy-leczenie$ index.php?article=11&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^spacery-z-niemowlakiem-jak-sie-do-nich-przygotowac$ index.php?article=12&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^jak-wybrac-kocyk-i-poduszke-niemowlaka$ index.php?article=10&lang=pl&%{QUERY_STRING} [L]
RewriteRule ^jak-wzmocnic-odpornosc-dziecka-w-trakcie-zimy-sprawdzone-sposoby-na-odpornosc$ index.php?article=13&lang=pl&%{QUERY_STRING} [L]
RewriteCond %{REQUEST_URI} ^/home-en$
RewriteRule ^(.*)$ http://www.shoppro.project-dc.pl/en/ [R=permanent,L]
RewriteCond %{REQUEST_URI} ^/home-en-1$
RewriteRule ^(.*)$ http://www.shoppro.project-dc.pl/en/ [R=permanent,L]
RewriteRule ^$ index.php?a=page&id=6&lang=en [L]
RewriteRule ^en/home-en$ index.php?a=page&id=6&lang=en&%{QUERY_STRING} [L]
RewriteRule ^en/home-en/([0-9]+)$ index.php?a=page&id=6&lang=en&bs=$1&%{QUERY_STRING} [L]
RewriteRule ^en/home-en/1$ en/home-en [R=301,L]
RewriteRule ^en/tytul-en$ index.php?article=13&lang=en&%{QUERY_STRING} [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^ index.php [L]
# <FilesMatch "\.(php4|php5|php3|php2|php|phtml)$">
# SetHandler application/x-lsphp83 /opt/alt/php83 usr/bin/lsphp
# </FilesMatch>
RewriteRule ^ index.php [L]

2
.phpunit.result.cache
View File

File diff suppressed because one or more lines are too long

9
.serena/project.yml
View File

@@ -123,3 +123,12 @@ symbol_info_budget:
# Note: the backend is fixed at startup. If a project with a different backend
# is activated post-init, an error will be returned.
language_backend:
# list of regex patterns which, when matched, mark a memory entry as readonly.
# Extends the list from the global configuration, merging the two lists.
read_only_memory_patterns: []
# line ending convention to use when writing source files.
# Possible values: unset (use global setting), "lf", "crlf", or "native" (platform default)
# This does not affect Serena's own files (e.g. memories and configuration files), which always use native line endings.
line_ending:

255
AGENTS.md
View File

@@ -1,30 +1,239 @@
# Workflow
# CLAUDE.md
## KONIEC PRACY
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
Gdy użytkownik napisze `KONIEC PRACY`, wykonaj kolejno:
## Project Overview
1. Przeprowadzenie testów.
2. Aktualizacja dokumentacji technicznej, jeśli zmiany tego wymagają:
- `docs/DATABASE_STRUCTURE.md`
- `docs/PROJECT_STRUCTURE.md`
- `docs/FORM_EDIT_SYSTEM.md`
- `docs/CHANGELOG.md`
- `docs/TESTING.md`
3. Migracje SQL (jeśli były zmiany w bazie danych):
- Plik: `migrations/{version}.sql` (np. `migrations/0.304.sql`)
- **NIE** w `updates/` — build script sam wczyta z `migrations/`
- Sprawdź czy plik istnieje i jest poprawnie nazwany przed commitem
4. Commit.
5. Push.
shopPRO is a PHP e-commerce platform with an admin panel and customer-facing storefront. It uses Medoo ORM (`$mdb`), Redis caching, and a Domain-Driven Design architecture with Dependency Injection (migration from legacy architecture complete).
## PRZED ROZPOCZĘCIEM PRACY
## Zasady pisania kodu
- Kod ma być czytelny „dla obcego”: jasne nazwy, mało magii
- Brak „skrótów na szybko” typu logika w widokach, copy-paste, losowe helpery bez spójności
- Każda funkcja/klasa ma mieć jedną odpowiedzialność, zwykle do 3050 linii (jeśli dłuższe dzielić)
- max 3 poziomy zagnieżdżeń (if/foreach), reszta do osobnych metod
- Nazewnictwo:
- klasy: PascalCase
- metody/zmienne: camelCase
- stałe: UPPER_SNAKE_CASE
- Zero „skrótologii” w nazwach (np. $d, $tmp, $x1) poza pętlami 23 linijki
- medoo + prepared statements bez wyjątków (żadnego sklejania SQL stringiem)
- XSS: escape w widokach (np. helper e())
- CSRF dla formularzy, sensowna obsługa sesji
- Kod ma mieć komentarze tylko tam, gdzie wyjaśniają „dlaczego”, nie „co”
Przed rozpoczęciem implementacji sprawdź aktualną zawartość:
## PHP Version Constraint
- `docs/DATABASE_STRUCTURE.md`
- `docs/PROJECT_STRUCTURE.md`
- `docs/CHANGELOG.md`
- `docs/TESTING.md`
**Production runs PHP < 8.0.** Do NOT use:
- `match` expressions (use ternary operators or if/else)
- Named arguments
- Union types (`int|string`)
- `str_contains()`, `str_starts_with()`, `str_ends_with()`
- Other PHP 8.0+ syntax
To ma pomóc zachować spójność zmian i dokumentacji.
`composer.json` requires `>=7.4`.
## Commands
### Running Tests
```bash
# Full suite (recommended — PowerShell, auto-finds php)
./test.ps1
# Specific file
./test.ps1 tests/Unit/Domain/Product/ProductRepositoryTest.php
# Specific test method
./test.ps1 --filter testGetQuantityReturnsCorrectValue
# Alternative
composer test
```
PHPUnit 9.6 via `phpunit.phar`. Bootstrap: `tests/bootstrap.php`. Config: `phpunit.xml`.
Current suite: **805 tests, 2253 assertions**.
### Creating Updates
See `docs/UPDATE_INSTRUCTIONS.md` for the full procedure. Updates are ZIP packages in `updates/0.XX/`. Never include `*.md` files, `updates/changelog.php`, or root `.htaccess` in update ZIPs.
## Architecture
### Directory Structure
```
shopPRO/
├── autoload/ # Autoloaded classes (core codebase)
│ ├── Domain/ # Business logic repositories (\Domain\)
│ ├── Shared/ # Shared utilities (\Shared\)
│ │ ├── Cache/ # CacheHandler, RedisConnection
│ │ ├── Email/ # Email (PHPMailer wrapper)
│ │ ├── Helpers/ # Helpers (formerly class.S.php)
│ │ ├── Html/ # Html utility
│ │ ├── Image/ # ImageManipulator
│ │ └── Tpl/ # Template engine
│ ├── api/ # REST API layer (\api\)
│ │ ├── ApiRouter.php # API router (\api\ApiRouter)
│ │ └── Controllers/ # API controllers (\api\Controllers\)
│ ├── admin/ # Admin panel layer
│ │ ├── App.php # Admin router (\admin\App)
│ │ ├── Controllers/ # DI controllers (\admin\Controllers\) — 28 controllers
│ │ ├── Support/ # TableListRequestFactory, Forms/FormRequestHandler, Forms/FormFieldRenderer
│ │ ├── Validation/ # FormValidator
│ │ └── ViewModels/ # Forms/ (FormEditViewModel, FormField, FormTab, FormAction, FormFieldType), Common/ (PaginatedTableViewModel)
│ └── front/ # Frontend layer
│ ├── App.php # Frontend router (\front\App)
│ ├── LayoutEngine.php # Layout engine (\front\LayoutEngine)
│ ├── Controllers/ # DI controllers (\front\Controllers\) — 8 controllers
│ └── Views/ # Static views (\front\Views\) — 11 view classes
├── admin/ # Admin panel
│ ├── templates/ # Admin view templates
│ └── layout/ # Admin CSS/JS/icons
├── templates/ # Frontend view templates
├── libraries/ # Third-party libraries (Medoo, RedBeanPHP, PHPMailer)
├── tests/ # PHPUnit tests
│ ├── bootstrap.php
│ ├── stubs/ # Test stubs (CacheHandler, Helpers, ShopProduct)
│ └── Unit/
│ ├── Domain/ # Repository tests
│ ├── admin/Controllers/ # Controller tests
│ └── api/ # API tests
├── updates/ # Update packages for clients
├── docs/ # Technical documentation
├── config.php # Database/Redis config (not in repo)
├── index.php # Frontend entry point
├── ajax.php # Frontend AJAX handler
├── admin/index.php # Admin entry point
├── admin/ajax.php # Admin AJAX handler
├── cron.php # CRON jobs (Apilo sync)
└── api.php # REST API (ordersPRO + Ekomi)
```
### Autoloader
Custom autoloader in each entry point (not Composer autoload at runtime). Tries two filename conventions:
1. `autoload/{namespace}/class.{ClassName}.php` (legacy)
2. `autoload/{namespace}/{ClassName}.php` (PSR-4 style, fallback)
### Namespace Conventions (case-sensitive on Linux!)
- `\Domain\``autoload/Domain/` (uppercase D)
- `\admin\Controllers\``autoload/admin/Controllers/` (lowercase a)
- `\Shared\``autoload/Shared/`
- `\api\``autoload/api/`
- Do NOT use `\Admin\` (uppercase A) — the server directory is `admin/` (lowercase)
- `\shop\` namespace is **deleted** — all 12 legacy classes migrated to `\Domain\`, `autoload/shop/` directory removed
### Domain-Driven Architecture (migration complete)
All legacy directories (`admin/controls/`, `admin/factory/`, `admin/view/`, `front/controls/`, `front/view/`, `front/factory/`, `shop/`) have been deleted. All modules now use this pattern:
**Domain Layer** (`autoload/Domain/{Module}/`):
- `{Module}Repository.php` — data access, business logic, Redis caching
- Constructor DI with `$db` (Medoo instance)
- Methods serve both admin and frontend (shared Domain, no separate services)
**Domain Modules**: Article, Attribute, Banner, Basket, Cache, Category, Client, Coupon, CronJob, Dashboard, Dictionaries, Integrations, Languages, Layouts, Newsletter, Order, Pages, PaymentMethod, Producer, Product, ProductSet, Promotion, Scontainers, Settings, ShopStatus, Transport, Update, User
**Admin Controllers** (`autoload/admin/Controllers/`):
- DI via constructor (repositories injected)
- Wired in `admin\App::getControllerFactories()`
**Frontend Controllers** (`autoload/front/Controllers/`):
- DI via constructor
- Wired in `front\App::getControllerFactories()`
**Frontend Views** (`autoload/front/Views/`):
- Static classes, no state, no DI — pure rendering
**API Controllers** (`autoload/api/Controllers/`):
- DI via constructor, stateless (no session)
- Wired in `api\ApiRouter::getControllerFactories()`
- Auth: `X-Api-Key` header vs `pp_settings.api_key`
### Key Classes
| Class | Purpose |
|-------|---------|
| `\admin\App` | Admin router — maps URL segments to controllers |
| `\front\App` | Frontend router — `route()`, `checkUrlParams()` |
| `\front\LayoutEngine` | Frontend layout engine — `show()`, tag replacement |
| `\Shared\Helpers\Helpers` | Utility methods (SEO, email, cache clearing) |
| `\Shared\Tpl\Tpl` | Template engine — `render()`, `set()` |
| `\Shared\Cache\CacheHandler` | Redis cache — `get()`, `set()`, `delete()`, `deletePattern()` |
| `\api\ApiRouter` | REST API router — auth, routing, response helpers |
### Database
- ORM: Medoo (`$mdb` global variable, injected via DI in new code)
- Table prefix: `pp_`
- Key tables: `pp_shop_products`, `pp_shop_orders`, `pp_shop_categories`, `pp_shop_clients`
- Full schema: `docs/DATABASE_STRUCTURE.md`
### Form Edit System
Universal form system for admin edit views. Docs: `docs/FORM_EDIT_SYSTEM.md`.
- **ViewModels** (`admin\ViewModels\Forms\`): `FormEditViewModel`, `FormField`, `FormTab`, `FormAction`, `FormFieldType`
- **Validation**: `admin\Validation\FormValidator`
- **Rendering**: `admin\Support\Forms\FormFieldRenderer`, `admin\Support\Forms\FormRequestHandler`
- **Template**: `admin/templates/components/form-edit.php`
- **Table lists**: `admin\Support\TableListRequestFactory` + `admin\ViewModels\Common\PaginatedTableViewModel`
### Caching
- Redis via `\Shared\Cache\CacheHandler` (singleton `RedisConnection`)
- Key pattern for products: `shop\product:{id}:{lang}:{permutation_hash}`
- Clear product cache: `\Shared\Helpers\Helpers::clear_product_cache($id)`
- Pattern delete: `CacheHandler::deletePattern("shop\\product:{$id}:*")`
- Default TTL: 86400 (24h)
- Data is serialized — requires `unserialize()` after `get()`
- Config: `config.php` (`$config['redis']`)
## Code Patterns
### New code should follow DI pattern
```php
// Repository with constructor DI
class ExampleRepository {
private $db;
public function __construct($db) {
$this->db = $db;
}
public function find(int $id): ?array {
return $this->db->get('pp_table', '*', ['id' => $id]);
}
}
// Controller wiring (in admin\App or front\App)
$repo = new \Domain\Example\ExampleRepository($mdb);
$controller = new \admin\Controllers\ExampleController($repo);
```
### Medoo ORM pitfalls
- `$mdb->delete($table, $where)` takes **2 arguments**, NOT 3 — has caused bugs
- `$mdb->get()` returns `null` when no record, NOT `false`
- After `$mdb->insert()`, check `$mdb->id()` to confirm success
### File naming
- New classes: `ClassName.php` (no `class.` prefix)
- Legacy classes: `class.ClassName.php` (leave until migrated)
### Test conventions
- Extend `PHPUnit\Framework\TestCase`
- Mock Medoo: `$this->createMock(\medoo::class)`
- AAA pattern: Arrange, Act, Assert
- Tests mirror source structure: `tests/Unit/Domain/{Module}/{Class}Test.php`
## Workflow
When user says **"KONIEC PRACY"**, run `/koniec-pracy` (see `.claude/commands/koniec-pracy.md`).
Before starting implementation, review current state of docs.
## Key Documentation
- `docs/MEMORY.md` — project memory: known issues, confirmed patterns, ORM pitfalls, caching conventions
- `docs/PROJECT_STRUCTURE.md` — current architecture, layers, cache, entry points, integrations
- `docs/DATABASE_STRUCTURE.md` — full database schema
- `docs/TESTING.md` — test suite guide and structure
- `docs/FORM_EDIT_SYSTEM.md` — form system architecture
- `docs/CHANGELOG.md` — version history
- `api-docs/api-reference.json` — REST API documentation (ordersPRO)
- `api-docs/index.html` — REST API documentation (ordersPRO)
- `docs/UPDATE_INSTRUCTIONS.md` — how to build client update packages
## Za każdym razem jak próbujesz sprawdzić jakiś plik z logami spróbuj go najpierw pobrać z serwera FTP
## Wszystkie pliki które tworzysz jako pomocnicze, np build_0330.ps1 czy build-update.ps1 twórz w folderze temp

36
CLAUDE.md
View File

@@ -6,6 +6,21 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co
shopPRO is a PHP e-commerce platform with an admin panel and customer-facing storefront. It uses Medoo ORM (`$mdb`), Redis caching, and a Domain-Driven Design architecture with Dependency Injection (migration from legacy architecture complete).
## Zasady pisania kodu
- Kod ma być czytelny „dla obcego”: jasne nazwy, mało magii
- Brak „skrótów na szybko” typu logika w widokach, copy-paste, losowe helpery bez spójności
- Każda funkcja/klasa ma mieć jedną odpowiedzialność, zwykle do 3050 linii (jeśli dłuższe dzielić)
- max 3 poziomy zagnieżdżeń (if/foreach), reszta do osobnych metod
- Nazewnictwo:
- klasy: PascalCase
- metody/zmienne: camelCase
- stałe: UPPER_SNAKE_CASE
- Zero „skrótologii” w nazwach (np. $d, $tmp, $x1) poza pętlami 23 linijki
- medoo + prepared statements bez wyjątków (żadnego sklejania SQL stringiem)
- XSS: escape w widokach (np. helper e())
- CSRF dla formularzy, sensowna obsługa sesji
- Kod ma mieć komentarze tylko tam, gdzie wyjaśniają „dlaczego”, nie „co”
## PHP Version Constraint
**Production runs PHP < 8.0.** Do NOT use:
@@ -36,7 +51,7 @@ composer test
PHPUnit 9.6 via `phpunit.phar`. Bootstrap: `tests/bootstrap.php`. Config: `phpunit.xml`.
Current suite: **805 tests, 2253 assertions**.
Current suite: **810 tests, 2264 assertions**.
### Creating Updates
See `docs/UPDATE_INSTRUCTIONS.md` for the full procedure. Updates are ZIP packages in `updates/0.XX/`. Never include `*.md` files, `updates/changelog.php`, or root `.htaccess` in update ZIPs.
@@ -102,7 +117,6 @@ Custom autoloader in each entry point (not Composer autoload at runtime). Tries
- `\Domain\``autoload/Domain/` (uppercase D)
- `\admin\Controllers\``autoload/admin/Controllers/` (lowercase a)
- `\Shared\``autoload/Shared/`
- `\front\``autoload/front/`
- `\api\``autoload/api/`
- Do NOT use `\Admin\` (uppercase A) — the server directory is `admin/` (lowercase)
- `\shop\` namespace is **deleted** — all 12 legacy classes migrated to `\Domain\`, `autoload/shop/` directory removed
@@ -203,16 +217,11 @@ $controller = new \admin\Controllers\ExampleController($repo);
- AAA pattern: Arrange, Act, Assert
- Tests mirror source structure: `tests/Unit/Domain/{Module}/{Class}Test.php`
## Workflow (AGENTS.md)
## Workflow
When user says **"KONIEC PRACY"**, execute in order:
1. Run tests
2. Update documentation if needed: `docs/DATABASE_STRUCTURE.md`, `docs/PROJECT_STRUCTURE.md`, `docs/FORM_EDIT_SYSTEM.md`, `docs/CHANGELOG.md`, `docs/TESTING.md`
3. SQL migrations (if DB changes): place in `migrations/{version}.sql` (e.g. `migrations/0.304.sql`). **NOT** in `updates/` — build script reads from `migrations/` automatically
4. Commit
5. Push
When user says **"KONIEC PRACY"**, run `/koniec-pracy` (see `.claude/commands/koniec-pracy.md`).
Before starting implementation, review current state of docs (see AGENTS.md for full list).
Before starting implementation, review current state of docs.
## Key Documentation
- `docs/MEMORY.md` — project memory: known issues, confirmed patterns, ORM pitfalls, caching conventions
@@ -221,7 +230,10 @@ Before starting implementation, review current state of docs (see AGENTS.md for
- `docs/TESTING.md` — test suite guide and structure
- `docs/FORM_EDIT_SYSTEM.md` — form system architecture
- `docs/CHANGELOG.md` — version history
- `docs/API.md` — REST API documentation (ordersPRO)
- `api-docs/api-reference.json` — REST API documentation (ordersPRO)
- `api-docs/index.html` — REST API documentation (ordersPRO)
- `docs/UPDATE_INSTRUCTIONS.md` — how to build client update packages
## Za każdym razem jak próbujesz sprawdzić jakiś plik z logami spróbuj go najpierw pobrać z serwera FTP
## Za każdym razem jak próbujesz sprawdzić jakiś plik z logami spróbuj go najpierw pobrać z serwera FTP
## Wszystkie pliki które tworzysz jako pomocnicze, np build_0330.ps1 czy build-update.ps1 twórz w folderze temp

8
admin/index.php
View File

@@ -31,17 +31,9 @@ function __autoload_my_classes( $classname )
spl_autoload_register( '__autoload_my_classes' );
require_once '../config.php';
require_once '../libraries/medoo/medoo.php';
require_once '../libraries/rb.php';
require_once '../libraries/phpmailer/class.phpmailer.php';
require_once '../libraries/phpmailer/class.smtp.php';
define( 'REDBEAN_MODEL_PREFIX', '' );
\R::setup( 'mysql:host=' . $database['host'] . ';dbname=' . $database['name'], $database['user'], $database['password'] );
\R::ext( 'xdispense', function ( $type )
{
return R::getRedBean() -> dispense( $type );
} );
date_default_timezone_set( 'Europe/Warsaw' );
$mdb = new medoo( [

292
api-docs/api-reference.json Normal file
View File

@@ -0,0 +1,292 @@
{
"name": "shopPRO API",
"version": "1.0.0",
"entrypoint": "/api.php",
"authentication": {
"type": "header",
"header": "X-Api-Key",
"required": true,
"description": "API key stored in pp_settings.param=api_key"
},
"response_format": {
"success": {
"status": "ok",
"data": {}
},
"error": {
"status": "error",
"code": "BAD_REQUEST",
"message": "Human-readable error message"
},
"error_codes": [
{ "code": "UNAUTHORIZED", "http": 401 },
{ "code": "BAD_REQUEST", "http": 400 },
{ "code": "NOT_FOUND", "http": 404 },
{ "code": "METHOD_NOT_ALLOWED", "http": 405 },
{ "code": "INTERNAL_ERROR", "http": 500 }
]
},
"endpoints": [
{
"group": "orders",
"action": "list",
"method": "GET",
"url_template": "/api.php?endpoint=orders&action=list",
"query_params": [
{ "name": "status", "type": "string", "required": false },
{ "name": "paid", "type": "string", "required": false },
{ "name": "date_from", "type": "string", "required": false, "format": "YYYY-MM-DD" },
{ "name": "date_to", "type": "string", "required": false, "format": "YYYY-MM-DD" },
{ "name": "updated_since", "type": "string", "required": false, "format": "YYYY-MM-DD HH:MM:SS" },
{ "name": "number", "type": "string", "required": false },
{ "name": "client", "type": "string", "required": false },
{ "name": "page", "type": "integer", "required": false, "default": 1, "min": 1 },
{ "name": "per_page", "type": "integer", "required": false, "default": 50, "min": 1, "max": 100 }
]
},
{
"group": "orders",
"action": "get",
"method": "GET",
"url_template": "/api.php?endpoint=orders&action=get&id={order_id}",
"query_params": [
{ "name": "id", "type": "integer", "required": true, "min": 1 }
]
},
{
"group": "orders",
"action": "change_status",
"method": "PUT",
"url_template": "/api.php?endpoint=orders&action=change_status&id={order_id}",
"query_params": [
{ "name": "id", "type": "integer", "required": true, "min": 1 }
],
"json_body": {
"required_fields": ["status_id"],
"fields": {
"status_id": { "type": "integer" },
"send_email": { "type": "boolean", "required": false }
}
}
},
{
"group": "orders",
"action": "set_paid",
"method": "PUT",
"url_template": "/api.php?endpoint=orders&action=set_paid&id={order_id}",
"query_params": [
{ "name": "id", "type": "integer", "required": true, "min": 1 }
],
"json_body": {
"required_fields": [],
"fields": {
"send_email": { "type": "boolean", "required": false }
}
}
},
{
"group": "orders",
"action": "set_unpaid",
"method": "PUT",
"url_template": "/api.php?endpoint=orders&action=set_unpaid&id={order_id}",
"query_params": [
{ "name": "id", "type": "integer", "required": true, "min": 1 }
]
},
{
"group": "products",
"action": "list",
"method": "GET",
"url_template": "/api.php?endpoint=products&action=list",
"query_params": [
{ "name": "search", "type": "string", "required": false },
{ "name": "status", "type": "string", "required": false },
{ "name": "promoted", "type": "string", "required": false },
{ "name": "attribute_{id}", "type": "integer", "required": false, "description": "e.g. attribute_5=12" },
{ "name": "sort", "type": "string", "required": false, "default": "id", "allowed": ["id", "name", "price_brutto", "status", "promoted", "quantity"] },
{ "name": "sort_dir", "type": "string", "required": false, "default": "DESC", "allowed": ["ASC", "DESC"] },
{ "name": "page", "type": "integer", "required": false, "default": 1, "min": 1 },
{ "name": "per_page", "type": "integer", "required": false, "default": 50, "min": 1, "max": 100 }
]
},
{
"group": "products",
"action": "get",
"method": "GET",
"url_template": "/api.php?endpoint=products&action=get&id={product_id}",
"query_params": [
{ "name": "id", "type": "integer", "required": true, "min": 1 }
]
},
{
"group": "products",
"action": "create",
"method": "POST",
"url_template": "/api.php?endpoint=products&action=create",
"json_body": {
"required_fields": ["languages", "price_brutto"],
"rules": [
"languages must be an object with at least one language entry containing name",
"price_brutto must be numeric and >= 0"
]
}
},
{
"group": "products",
"action": "update",
"method": "PUT",
"url_template": "/api.php?endpoint=products&action=update&id={product_id}",
"query_params": [
{ "name": "id", "type": "integer", "required": true, "min": 1 }
],
"json_body": {
"required_fields": [],
"rules": ["partial update; only changed fields are needed"]
}
},
{
"group": "products",
"action": "variants",
"method": "GET",
"url_template": "/api.php?endpoint=products&action=variants&id={product_id}",
"query_params": [
{ "name": "id", "type": "integer", "required": true, "min": 1 }
]
},
{
"group": "products",
"action": "create_variant",
"method": "POST",
"url_template": "/api.php?endpoint=products&action=create_variant&id={product_id}",
"query_params": [
{ "name": "id", "type": "integer", "required": true, "min": 1 }
],
"json_body": {
"required_fields": ["attributes"],
"fields": {
"attributes": { "type": "object", "description": "Map attribute_id -> value_id" }
}
}
},
{
"group": "products",
"action": "update_variant",
"method": "PUT",
"url_template": "/api.php?endpoint=products&action=update_variant&id={variant_id}",
"query_params": [
{ "name": "id", "type": "integer", "required": true, "min": 1 }
],
"json_body": {
"required_fields": [],
"rules": ["partial update of variant fields"]
}
},
{
"group": "products",
"action": "delete_variant",
"method": "DELETE",
"url_template": "/api.php?endpoint=products&action=delete_variant&id={variant_id}",
"query_params": [
{ "name": "id", "type": "integer", "required": true, "min": 1 }
]
},
{
"group": "products",
"action": "upload_image",
"method": "POST",
"url_template": "/api.php?endpoint=products&action=upload_image",
"json_body": {
"required_fields": ["id", "file_name", "content_base64"],
"fields": {
"id": { "type": "integer", "description": "product id" },
"file_name": { "type": "string" },
"content_base64": { "type": "string", "description": "base64 payload" },
"alt": { "type": "string", "required": false },
"o": { "type": "integer", "required": false, "description": "image position" }
}
}
},
{
"group": "dictionaries",
"action": "statuses",
"method": "GET",
"url_template": "/api.php?endpoint=dictionaries&action=statuses"
},
{
"group": "dictionaries",
"action": "transports",
"method": "GET",
"url_template": "/api.php?endpoint=dictionaries&action=transports"
},
{
"group": "dictionaries",
"action": "payment_methods",
"method": "GET",
"url_template": "/api.php?endpoint=dictionaries&action=payment_methods"
},
{
"group": "dictionaries",
"action": "attributes",
"method": "GET",
"url_template": "/api.php?endpoint=dictionaries&action=attributes"
},
{
"group": "dictionaries",
"action": "ensure_attribute",
"method": "POST",
"url_template": "/api.php?endpoint=dictionaries&action=ensure_attribute",
"json_body": {
"required_fields": ["name"],
"fields": {
"name": { "type": "string" },
"type": { "type": "integer", "required": false, "default": 0 },
"lang": { "type": "string", "required": false, "default": "pl" }
}
}
},
{
"group": "dictionaries",
"action": "ensure_attribute_value",
"method": "POST",
"url_template": "/api.php?endpoint=dictionaries&action=ensure_attribute_value",
"json_body": {
"required_fields": ["attribute_id", "name"],
"fields": {
"attribute_id": { "type": "integer" },
"name": { "type": "string" },
"lang": { "type": "string", "required": false, "default": "pl" }
}
}
},
{
"group": "dictionaries",
"action": "ensure_producer",
"method": "POST",
"url_template": "/api.php?endpoint=dictionaries&action=ensure_producer",
"json_body": {
"required_fields": ["name"],
"fields": {
"name": { "type": "string" }
}
}
},
{
"group": "categories",
"action": "list",
"method": "GET",
"url_template": "/api.php?endpoint=categories&action=list"
}
],
"examples": {
"curl_list_products": "curl -X GET \"https://twoja-domena.pl/api.php?endpoint=products&action=list&page=1&per_page=20\" -H \"X-Api-Key: TWOJ_KLUCZ\"",
"curl_get_order": "curl -X GET \"https://twoja-domena.pl/api.php?endpoint=orders&action=get&id=42\" -H \"X-Api-Key: TWOJ_KLUCZ\"",
"curl_create_product": "curl -X POST \"https://twoja-domena.pl/api.php?endpoint=products&action=create\" -H \"X-Api-Key: TWOJ_KLUCZ\" -H \"Content-Type: application/json\" -d \"{\\\"price_brutto\\\":99.99,\\\"languages\\\":{\\\"pl\\\":{\\\"name\\\":\\\"Nowy produkt\\\"}}}\""
},
"source_of_truth": [
"autoload/api/ApiRouter.php",
"autoload/api/Controllers/OrdersApiController.php",
"autoload/api/Controllers/ProductsApiController.php",
"autoload/api/Controllers/DictionariesApiController.php",
"autoload/api/Controllers/CategoriesApiController.php"
]
}

60
api-docs/index.html Normal file
View File

@@ -0,0 +1,60 @@
<!doctype html>
<html lang="pl">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>shopPRO API docs</title>
<style>
:root { color-scheme: light; }
body { font-family: Arial, sans-serif; margin: 24px; line-height: 1.4; }
h1, h2 { margin-bottom: 8px; }
.meta { color: #444; margin-bottom: 16px; }
table { width: 100%; border-collapse: collapse; margin-top: 10px; }
th, td { border: 1px solid #ddd; padding: 8px; text-align: left; vertical-align: top; }
th { background: #f4f4f4; }
code { background: #f7f7f7; padding: 2px 4px; border-radius: 3px; }
</style>
</head>
<body>
<h1>shopPRO API - public docs</h1>
<div class="meta" id="meta">Ladowanie...</div>
<p>Machine-readable JSON: <a href="./api-reference.json">api-reference.json</a></p>
<h2>Endpointy</h2>
<table>
<thead>
<tr>
<th>Group</th>
<th>Action</th>
<th>Method</th>
<th>URL template</th>
</tr>
</thead>
<tbody id="rows"></tbody>
</table>
<script>
fetch("./api-reference.json")
.then(function (res) { return res.json(); })
.then(function (spec) {
var meta = document.getElementById("meta");
meta.textContent = spec.name + " v" + spec.version + " | entrypoint: " + spec.entrypoint;
var rows = document.getElementById("rows");
spec.endpoints.forEach(function (ep) {
var tr = document.createElement("tr");
tr.innerHTML =
"<td>" + ep.group + "</td>" +
"<td>" + ep.action + "</td>" +
"<td><code>" + ep.method + "</code></td>" +
"<td><code>" + ep.url_template + "</code></td>";
rows.appendChild(tr);
});
})
.catch(function () {
var meta = document.getElementById("meta");
meta.textContent = "Nie udalo sie wczytac api-reference.json";
});
</script>
</body>
</html>

BIN
autoload/.DS_Store vendored
View File

Binary file not shown.

34
autoload/Domain/Article/ArticleRepository.php
View File

@@ -318,9 +318,7 @@ class ArticleRepository
if (is_array($results)) {
foreach ($results as $row) {
if (file_exists('../' . $row['src'])) {
unlink('../' . $row['src']);
}
$this->safeUnlink($row['src']);
}
}
@@ -337,9 +335,7 @@ class ArticleRepository
if (is_array($results)) {
foreach ($results as $row) {
if (file_exists('../' . $row['src'])) {
unlink('../' . $row['src']);
}
$this->safeUnlink($row['src']);
}
}
@@ -819,9 +815,7 @@ class ArticleRepository
$results = $this->db->select('pp_articles_files', '*', ['article_id' => null]);
if (is_array($results)) {
foreach ($results as $row) {
if (file_exists('../' . $row['src'])) {
unlink('../' . $row['src']);
}
$this->safeUnlink($row['src']);
}
}
@@ -836,15 +830,31 @@ class ArticleRepository
$results = $this->db->select('pp_articles_images', '*', ['article_id' => null]);
if (is_array($results)) {
foreach ($results as $row) {
if (file_exists('../' . $row['src'])) {
unlink('../' . $row['src']);
}
$this->safeUnlink($row['src']);
}
}
$this->db->delete('pp_articles_images', ['article_id' => null]);
}
/**
* Usuwa plik z dysku tylko jeśli ścieżka pozostaje wewnątrz katalogu upload/.
* Zapobiega path traversal przy danych z bazy.
*/
private function safeUnlink(string $src): void
{
$base = realpath('../upload');
if (!$base) {
return;
}
$full = realpath('../' . ltrim($src, '/'));
if ($full && strpos($full, $base . DIRECTORY_SEPARATOR) === 0 && is_file($full)) {
unlink($full);
} elseif ($full) {
error_log( '[shopPRO] safeUnlink: ścieżka poza upload/: ' . $src );
}
}
/**
* Pobiera artykuly opublikowane w podanym zakresie dat.
*/

18
autoload/Domain/Integrations/IntegrationsRepository.php
View File

@@ -28,10 +28,9 @@ class IntegrationsRepository
public function getSettings( string $provider ): array
{
$table = $this->settingsTable( $provider );
$stmt = $this->db->query( "SELECT * FROM $table" );
$results = $stmt ? $stmt->fetchAll( \PDO::FETCH_ASSOC ) : [];
$rows = $this->db->select( $table, [ 'name', 'value' ] );
$settings = [];
foreach ( $results as $row )
foreach ( $rows ?: [] as $row )
$settings[$row['name']] = $row['value'];
return $settings;
@@ -160,10 +159,15 @@ class IntegrationsRepository
if ( empty( $response['accessToken'] ) )
return false;
$this->saveSetting( 'apilo', 'access-token', $response['accessToken'] );
$this->saveSetting( 'apilo', 'refresh-token', $response['refreshToken'] );
$this->saveSetting( 'apilo', 'access-token-expire-at', $response['accessTokenExpireAt'] );
$this->saveSetting( 'apilo', 'refresh-token-expire-at', $response['refreshTokenExpireAt'] );
try {
$this->saveSetting( 'apilo', 'access-token', $response['accessToken'] );
$this->saveSetting( 'apilo', 'refresh-token', $response['refreshToken'] );
$this->saveSetting( 'apilo', 'access-token-expire-at', $response['accessTokenExpireAt'] );
$this->saveSetting( 'apilo', 'refresh-token-expire-at', $response['refreshTokenExpireAt'] );
} catch ( \Exception $e ) {
error_log( '[shopPRO] Apilo: błąd zapisu tokenów: ' . $e->getMessage() );
return false;
}
return true;
}

2
autoload/Domain/Layouts/LayoutsRepository.php
View File

@@ -296,7 +296,7 @@ class LayoutsRepository
if (is_array($layoutRows) && isset($layoutRows[0])) {
$layout = $layoutRows[0];
} else {
$layout = $this->db->get('pp_layouts', '*', ['categories_default' => 1]);
$layout = $this->db->get('pp_layouts', '*', ['status' => 1]);
}
}

34
autoload/Domain/Product/ProductRepository.php
View File

@@ -654,6 +654,10 @@ class ProductRepository
'custom_label_2' => $product['custom_label_2'],
'custom_label_3' => $product['custom_label_3'],
'custom_label_4' => $product['custom_label_4'],
'new_to_date' => $product['new_to_date'],
'additional_message' => (int)($product['additional_message'] ?? 0),
'additional_message_required' => (int)($product['additional_message_required'] ?? 0),
'additional_message_text' => $product['additional_message_text'],
'set_id' => $product['set_id'] !== null ? (int)$product['set_id'] : null,
'product_unit_id' => $product['product_unit_id'] !== null ? (int)$product['product_unit_id'] : null,
'producer_id' => $product['producer_id'] !== null ? (int)$product['producer_id'] : null,
@@ -1597,9 +1601,7 @@ class ProductRepository
$results = $this->db->select( 'pp_shop_products_files', '*', [ 'AND' => [ 'product_id' => $productId, 'to_delete' => 1 ] ] );
if ( is_array( $results ) ) {
foreach ( $results as $row ) {
if ( file_exists( '../' . $row['src'] ) ) {
unlink( '../' . $row['src'] );
}
$this->safeUnlink( $row['src'] );
}
}
$this->db->delete( 'pp_shop_products_files', [ 'AND' => [ 'product_id' => $productId, 'to_delete' => 1 ] ] );
@@ -1610,9 +1612,7 @@ class ProductRepository
$results = $this->db->select( 'pp_shop_products_images', '*', [ 'AND' => [ 'product_id' => $productId, 'to_delete' => 1 ] ] );
if ( is_array( $results ) ) {
foreach ( $results as $row ) {
if ( file_exists( '../' . $row['src'] ) ) {
unlink( '../' . $row['src'] );
}
$this->safeUnlink( $row['src'] );
}
}
$this->db->delete( 'pp_shop_products_images', [ 'AND' => [ 'product_id' => $productId, 'to_delete' => 1 ] ] );
@@ -2121,14 +2121,30 @@ class ProductRepository
$results = $this->db->select( 'pp_shop_products_images', '*', [ 'product_id' => null ] );
if ( is_array( $results ) ) {
foreach ( $results as $row ) {
if ( file_exists( '../' . $row['src'] ) ) {
unlink( '../' . $row['src'] );
}
$this->safeUnlink( $row['src'] );
}
}
$this->db->delete( 'pp_shop_products_images', [ 'product_id' => null ] );
}
/**
* Usuwa plik z dysku tylko jeśli ścieżka pozostaje wewnątrz katalogu upload/.
* Zapobiega path traversal przy danych z bazy.
*/
private function safeUnlink(string $src): void
{
$base = realpath('../upload');
if (!$base) {
return;
}
$full = realpath('../' . ltrim($src, '/'));
if ($full && strpos($full, $base . DIRECTORY_SEPARATOR) === 0 && is_file($full)) {
unlink($full);
} elseif ($full) {
error_log( '[shopPRO] safeUnlink: ścieżka poza upload/: ' . $src );
}
}
/**
* Oznacza plik do usunięcia.
*/

14
autoload/api/Controllers/ProductsApiController.php
View File

@@ -437,7 +437,7 @@ class ProductsApiController
// String fields — direct mapping
$stringFields = [
'sku', 'ean', 'custom_label_0', 'custom_label_1', 'custom_label_2',
'custom_label_3', 'custom_label_4', 'wp',
'custom_label_3', 'custom_label_4', 'wp', 'new_to_date', 'additional_message_text',
];
foreach ($stringFields as $field) {
if (isset($body[$field])) {
@@ -447,6 +447,18 @@ class ProductsApiController
}
}
if (isset($body['additional_message'])) {
$d['additional_message'] = !empty($body['additional_message']) ? 'on' : '';
} elseif ($existing !== null) {
$d['additional_message'] = !empty($existing['additional_message']) ? 'on' : '';
}
if (isset($body['additional_message_required'])) {
$d['additional_message_required'] = !empty($body['additional_message_required']) ? 'on' : '';
} elseif ($existing !== null) {
$d['additional_message_required'] = !empty($existing['additional_message_required']) ? 'on' : '';
}
// Foreign keys
if (isset($body['set_id'])) {
$d['set'] = $body['set_id'];

BIN
autoload/front/.DS_Store vendored
View File

Binary file not shown.

71
autoload/front/Controllers/ShopBasketController.php
View File

@@ -3,6 +3,9 @@ namespace front\Controllers;
class ShopBasketController
{
private const ORDER_SUBMIT_TOKEN_SESSION_KEY = 'order-submit-token';
private const ORDER_SUBMIT_LAST_ORDER_ID_SESSION_KEY = 'order-submit-last-order-id';
public static $title = [
'mainView' => 'Koszyk'
];
@@ -274,6 +277,7 @@ class ShopBasketController
}
$client = \Shared\Helpers\Helpers::get_session( 'client' );
$orderSubmitToken = $this->createOrderSubmitToken();
return \Shared\Tpl\Tpl::view( 'shop-basket/summary-view', [
'lang_id' => $lang_id,
@@ -284,12 +288,35 @@ class ShopBasketController
'addresses' => ( new \Domain\Client\ClientRepository( $GLOBALS['mdb'] ) )->clientAddresses( (int)$client['id'] ),
'settings' => $settings,
'coupon' => \Shared\Helpers\Helpers::get_session( 'coupon' ),
'basket_message' => \Shared\Helpers\Helpers::get_session( 'basket_message' )
'basket_message' => \Shared\Helpers\Helpers::get_session( 'basket_message' ),
'order_submit_token' => $orderSubmitToken
] );
}
public function basketSave()
{
$orderSubmitToken = (string)\Shared\Helpers\Helpers::get( 'order_submit_token', true );
$existingOrderId = isset( $_SESSION[ self::ORDER_SUBMIT_LAST_ORDER_ID_SESSION_KEY ] ) ? (int)$_SESSION[ self::ORDER_SUBMIT_LAST_ORDER_ID_SESSION_KEY ] : 0;
if ( !$this->isValidOrderSubmitToken( $orderSubmitToken ) )
{
if ( $existingOrderId > 0 )
{
$existingOrderHash = $this->orderRepository->findHashById( $existingOrderId );
if ( $existingOrderHash )
{
header( 'Location: /zamowienie/' . $existingOrderHash );
exit;
}
}
\Shared\Helpers\Helpers::error( \Shared\Helpers\Helpers::lang( 'zamowienie-zostalo-zlozone-komunikat-blad' ) );
header( 'Location: /koszyk' );
exit;
}
$this->consumeOrderSubmitToken();
$client = \Shared\Helpers\Helpers::get_session( 'client' );
if ( \Domain\Basket\BasketCalculator::checkProductQuantityInStock( \Shared\Helpers\Helpers::get_session( 'basket' ) ) )
@@ -322,6 +349,7 @@ class ShopBasketController
\Shared\Helpers\Helpers::get_session( 'basket_message' )
) )
{
\Shared\Helpers\Helpers::set_session( self::ORDER_SUBMIT_LAST_ORDER_ID_SESSION_KEY, (int)$order_id );
\Shared\Helpers\Helpers::alert( \Shared\Helpers\Helpers::lang( 'zamowienie-zostalo-zlozone-komunikat' ) );
\Shared\Helpers\Helpers::delete_session( 'basket' );
\Shared\Helpers\Helpers::delete_session( 'basket-transport-method-id' );
@@ -414,4 +442,45 @@ class ShopBasketController
] );
exit;
}
private function createOrderSubmitToken()
{
$token = $this->generateOrderSubmitToken();
\Shared\Helpers\Helpers::set_session( self::ORDER_SUBMIT_TOKEN_SESSION_KEY, $token );
\Shared\Helpers\Helpers::delete_session( self::ORDER_SUBMIT_LAST_ORDER_ID_SESSION_KEY );
return $token;
}
private function generateOrderSubmitToken()
{
try
{
return bin2hex( random_bytes( 16 ) );
}
catch ( \Exception $exception )
{
return md5( uniqid( (string)mt_rand(), true ) );
}
}
private function isValidOrderSubmitToken( $token )
{
if ( !$token )
return false;
$sessionToken = isset( $_SESSION[ self::ORDER_SUBMIT_TOKEN_SESSION_KEY ] ) ? (string)$_SESSION[ self::ORDER_SUBMIT_TOKEN_SESSION_KEY ] : '';
if ( !$sessionToken )
return false;
if ( function_exists( 'hash_equals' ) )
return hash_equals( $sessionToken, $token );
return $sessionToken === $token;
}
private function consumeOrderSubmitToken()
{
\Shared\Helpers\Helpers::delete_session( self::ORDER_SUBMIT_TOKEN_SESSION_KEY );
}
}

6
autoload/front/Controllers/ShopOrderController.php
View File

@@ -6,6 +6,8 @@ use Domain\Order\OrderAdminService;
class ShopOrderController
{
private const HOTPAY_HASH_SEED = 'ProjectPro1916;';
private $repository;
private $adminService;
@@ -29,8 +31,6 @@ class ShopOrderController
public function paymentStatusTpay()
{
file_put_contents( 'tpay.txt', print_r( $_POST, true ) . print_r( $_GET, true ), FILE_APPEND );
if ( \Shared\Helpers\Helpers::get( 'tr_status' ) == 'TRUE' && \Shared\Helpers\Helpers::get( 'tr_crc' ) )
{
$order = $this->repository->findRawByHash( \Shared\Helpers\Helpers::get( 'tr_crc' ) );
@@ -102,7 +102,7 @@ class ShopOrderController
$summary_tmp += $order['transport_cost'];
endif;
if ( hash( "sha256", "ProjectPro1916;" . round( $summary_tmp, 2 ) . ";" . $_POST["ID_PLATNOSCI"] . ";" . $_POST["ID_ZAMOWIENIA"] . ";" . $_POST["STATUS"] . ";" . $_POST["SEKRET"] ) == $_POST["HASH"] )
if ( hash( "sha256", self::HOTPAY_HASH_SEED . round( $summary_tmp, 2 ) . ";" . $_POST["ID_PLATNOSCI"] . ";" . $_POST["ID_ZAMOWIENIA"] . ";" . $_POST["STATUS"] . ";" . $_POST["SEKRET"] ) == $_POST["HASH"] )
{
if ( $_POST["STATUS"] == "SUCCESS" )
{

2
cron.php
View File

@@ -1,5 +1,5 @@
<?php
error_reporting( E_ALL ^ E_NOTICE ^ E_STRICT ^ E_WARNING ^ E_DEPRECATED );
error_reporting( E_ALL ^ E_NOTICE ^ E_STRICT );
function __autoload_my_classes( $classname )
{

584
docs/API.md
View File

@@ -1,584 +0,0 @@
# shopPRO REST API
REST API do integracji z ordersPRO i innymi systemami zewnetrznymi.
## Autentykacja
Kazde zapytanie wymaga headera `X-Api-Key` z kluczem API.
```
X-Api-Key: {klucz_api}
```
Klucz przechowywany jest w `pp_settings` jako parametr `api_key`. API jest stateless (bez sesji).
## Format odpowiedzi
### Sukces (HTTP 200)
```json
{
"status": "ok",
"data": { ... }
}
```
### Blad
```json
{
"status": "error",
"code": "UNAUTHORIZED",
"message": "Invalid or missing API key"
}
```
Kody bledow:
| Kod | HTTP | Opis |
|-----|------|------|
| `UNAUTHORIZED` | 401 | Brak lub nieprawidlowy klucz API |
| `BAD_REQUEST` | 400 | Brakujace lub niepoprawne parametry |
| `NOT_FOUND` | 404 | Nie znaleziono zasobu/endpointu/akcji |
| `METHOD_NOT_ALLOWED` | 405 | Nieprawidlowa metoda HTTP |
| `INTERNAL_ERROR` | 500 | Blad wewnetrzny serwera |
## Endpointy
### Zamowienia
#### Lista zamowien
```
GET api.php?endpoint=orders&action=list
```
Parametry filtrowania (opcjonalne):
| Parametr | Typ | Opis |
|----------|-----|------|
| `status` | int | Filtruj po statusie zamowienia |
| `paid` | int (0/1) | Filtruj po statusie platnosci |
| `date_from` | date (YYYY-MM-DD) | Zamowienia od daty |
| `date_to` | date (YYYY-MM-DD) | Zamowienia do daty |
| `updated_since` | datetime (YYYY-MM-DD HH:MM:SS) | Zamowienia zmodyfikowane od podanej daty (klucz do pollingu) |
| `number` | string | Szukaj po numerze zamowienia |
| `client` | string | Szukaj po imieniu, nazwisku lub emailu klienta |
| `page` | int | Numer strony (domyslnie 1) |
| `per_page` | int | Wynikow na strone (domyslnie 50, max 100) |
Odpowiedz:
```json
{
"status": "ok",
"data": {
"items": [
{
"id": 42,
"number": "2026/02/001",
"date_order": "2026-02-19 10:30:00",
"updated_at": "2026-02-19 12:00:00",
"status": 4,
"paid": 1,
"client_name": "Jan",
"client_surname": "Kowalski",
"client_email": "jan@example.com",
"client_phone": "111222333",
"client_street": "Testowa 1",
"client_postal_code": "00-000",
"client_city": "Warszawa",
"firm_name": null,
"firm_nip": null,
"transport": "Kurier DPD",
"transport_cost": 15.00,
"payment_method": "Przelew bankowy",
"summary": 150.00
}
],
"total": 1,
"page": 1,
"per_page": 50
}
}
```
#### Szczegoly zamowienia
```
GET api.php?endpoint=orders&action=get&id={order_id}
```
Zwraca pelne dane zamowienia z produktami i historia statusow.
#### Zmiana statusu zamowienia
```
PUT api.php?endpoint=orders&action=change_status&id={order_id}
Content-Type: application/json
{
"status_id": 5,
"send_email": true
}
```
Odpowiedz:
```json
{
"status": "ok",
"data": {
"order_id": 42,
"status_id": 5,
"changed": true
}
}
```
#### Oznacz jako oplacone
```
PUT api.php?endpoint=orders&action=set_paid&id={order_id}
```
Opcjonalnie w body: `{"send_email": true}`
#### Oznacz jako nieoplacone
```
PUT api.php?endpoint=orders&action=set_unpaid&id={order_id}
```
### Produkty
#### Lista produktow
```
GET api.php?endpoint=products&action=list
```
Parametry filtrowania (opcjonalne):
| Parametr | Typ | Opis |
|----------|-----|------|
| `search` | string | Szukaj po nazwie, EAN lub SKU |
| `status` | int (0/1) | Filtruj po statusie (1 = aktywny, 0 = nieaktywny) |
| `promoted` | int (0/1) | Filtruj po promocji |
| `attribute_{id}` | int | Filtruj po atrybucie — `attribute_1=3` oznacza atrybut 1 = wartosc 3 (wiele filtrow AND) |
| `sort` | string | Sortuj po: id, name, price_brutto, status, promoted, quantity (domyslnie id) |
| `sort_dir` | string | Kierunek: ASC lub DESC (domyslnie DESC) |
| `page` | int | Numer strony (domyslnie 1) |
| `per_page` | int | Wynikow na strone (domyslnie 50, max 100) |
Odpowiedz:
```json
{
"status": "ok",
"data": {
"items": [
{
"id": 1,
"sku": "PROD-001",
"ean": "5901234123457",
"name": "Produkt testowy",
"price_brutto": 99.99,
"price_brutto_promo": null,
"price_netto": 81.29,
"price_netto_promo": null,
"quantity": 10,
"status": 1,
"promoted": 0,
"vat": 23,
"weight": 0.5,
"main_image": "product1.jpg",
"date_add": "2026-01-15 10:00:00",
"date_modify": "2026-02-19 12:00:00"
}
],
"total": 1,
"page": 1,
"per_page": 50
}
}
```
#### Szczegoly produktu
```
GET api.php?endpoint=products&action=get&id={product_id}
```
Zwraca pelne dane produktu z jezykami, zdjeciami, kategoriami i atrybutami.
Odpowiedz:
```json
{
"status": "ok",
"data": {
"id": 1,
"sku": "PROD-001",
"ean": "5901234123457",
"price_brutto": 99.99,
"price_brutto_promo": null,
"price_netto": 81.29,
"price_netto_promo": null,
"quantity": 10,
"status": 1,
"promoted": 0,
"vat": 23,
"weight": 0.5,
"stock_0_buy": 0,
"custom_label_0": null,
"set_id": null,
"product_unit_id": 1,
"producer_id": 3,
"producer_name": "Nike",
"date_add": "2026-01-15 10:00:00",
"date_modify": "2026-02-19 12:00:00",
"languages": {
"pl": {
"name": "Produkt testowy",
"short_description": "Krotki opis",
"description": "<p>Pelny opis produktu</p>",
"meta_description": null,
"meta_keywords": null,
"meta_title": null,
"seo_link": "produkt-testowy",
"copy_from": null,
"warehouse_message_zero": null,
"warehouse_message_nonzero": null,
"tab_name_1": null,
"tab_description_1": null,
"tab_name_2": null,
"tab_description_2": null,
"canonical": null,
"security_information": null
}
},
"images": [
{"id": 1, "src": "product1.jpg", "alt": "Zdjecie produktu"}
],
"categories": [1, 5],
"attributes": [
{
"attribute_id": 1,
"attribute_type": 1,
"attribute_names": {"pl": "Kolor", "en": "Color"},
"value_id": 3,
"value_names": {"pl": "Czerwony", "en": "Red"}
}
],
"custom_fields": [
{"name": "Napis na koszulce", "type": "text", "is_required": 1}
],
"variants": [
{
"id": 101,
"permutation_hash": "1-3|2-5",
"sku": "PROD-001-RED-L",
"ean": null,
"price_brutto": 109.99,
"price_brutto_promo": null,
"price_netto": 89.42,
"price_netto_promo": null,
"quantity": 5,
"stock_0_buy": 0,
"weight": 0.5,
"status": 1,
"attributes": [
{"attribute_id": 1, "attribute_names": {"pl": "Kolor"}, "value_id": 3, "value_names": {"pl": "Czerwony"}},
{"attribute_id": 2, "attribute_names": {"pl": "Rozmiar"}, "value_id": 5, "value_names": {"pl": "L"}}
]
}
]
}
}
```
#### Tworzenie produktu
```
POST api.php?endpoint=products&action=create
Content-Type: application/json
{
"price_brutto": 99.99,
"vat": 23,
"quantity": 10,
"status": 1,
"sku": "PROD-001",
"ean": "5901234123457",
"weight": 0.5,
"languages": {
"pl": {
"name": "Nowy produkt",
"description": "<p>Opis produktu</p>"
}
},
"categories": [1, 5],
"products_related": [10, 20],
"custom_fields": [
{"name": "Napis na koszulce", "type": "text", "is_required": 1}
]
}
```
Wymagane: `languages` (min. 1 jezyk z `name`) oraz `price_brutto`.
`custom_fields` — opcjonalne; kazdy element wymaga `name`, `type` (domyslnie `text`), `is_required` (0/1).
Odpowiedz (HTTP 201):
```json
{
"status": "ok",
"data": {
"id": 42
}
}
```
#### Aktualizacja produktu
```
PUT api.php?endpoint=products&action=update&id={product_id}
Content-Type: application/json
{
"price_brutto": 129.99,
"status": 1,
"languages": {
"pl": {
"name": "Zaktualizowana nazwa"
}
}
}
```
Partial update — wystarczy przeslac tylko zmienione pola. Pola nieprzeslane zachowuja aktualna wartosc.
Odpowiedz: pelne dane produktu (jak w `get`).
### Warianty produktow
#### Lista wariantow produktu
```
GET api.php?endpoint=products&action=variants&id={product_id}
```
Zwraca warianty produktu nadrzednego wraz z dostepnymi atrybutami.
Odpowiedz:
```json
{
"status": "ok",
"data": {
"product_id": 1,
"available_attributes": [
{
"id": 1,
"type": 1,
"status": 1,
"names": {"pl": "Kolor", "en": "Color"},
"values": [
{"id": 3, "names": {"pl": "Czerwony", "en": "Red"}, "is_default": 0, "impact_on_the_price": null},
{"id": 4, "names": {"pl": "Niebieski", "en": "Blue"}, "is_default": 0, "impact_on_the_price": 10.0}
]
}
],
"variants": [
{
"id": 101,
"permutation_hash": "1-3",
"sku": "PROD-001-RED",
"ean": null,
"price_brutto": 109.99,
"price_brutto_promo": null,
"price_netto": 89.42,
"price_netto_promo": null,
"quantity": 5,
"stock_0_buy": 0,
"weight": 0.5,
"status": 1,
"attributes": [
{"attribute_id": 1, "attribute_names": {"pl": "Kolor"}, "value_id": 3, "value_names": {"pl": "Czerwony"}}
]
}
]
}
}
```
#### Tworzenie wariantu
```
POST api.php?endpoint=products&action=create_variant&id={product_id}
Content-Type: application/json
{
"attributes": {"1": 3, "2": 5},
"sku": "PROD-001-RED-L",
"ean": "5901234123458",
"price_brutto": 109.99,
"quantity": 5,
"weight": 0.5
}
```
Wymagane: `attributes` (mapa attribute_id -> value_id, min. 1). Kombinacja atrybutow musi byc unikalna.
Odpowiedz (HTTP 201): pelne dane wariantu.
#### Aktualizacja wariantu
```
PUT api.php?endpoint=products&action=update_variant&id={variant_id}
Content-Type: application/json
{
"sku": "PROD-001-RED-XL",
"price_brutto": 119.99,
"quantity": 3
}
```
Partial update — mozna zmienic: sku, ean, price_brutto, price_netto, price_brutto_promo, price_netto_promo, quantity, stock_0_buy, weight, status.
Odpowiedz: pelne dane wariantu.
#### Usuwanie wariantu
```
DELETE api.php?endpoint=products&action=delete_variant&id={variant_id}
```
Odpowiedz:
```json
{
"status": "ok",
"data": {"id": 101, "deleted": true}
}
```
### Kategorie
#### Lista kategorii
```
GET api.php?endpoint=categories&action=list
```
Zwraca plaska liste wszystkich aktywnych kategorii w domyslnym jezyku sklepu.
Odpowiedz:
```json
{
"status": "ok",
"data": {
"categories": [
{"id": 1, "parent_id": null, "title": "Kategoria glowna"},
{"id": 3, "parent_id": 1, "title": "Podkategoria A"},
{"id": 5, "parent_id": 1, "title": "Podkategoria B"}
]
}
}
```
Pola odpowiedzi:
| Pole | Typ | Opis |
|------|-----|------|
| `id` | int | ID kategorii |
| `parent_id` | int\|null | ID kategorii nadrzednej (null = kategoria glowna) |
| `title` | string | Nazwa w domyslnym jezyku; fallback na inny jezyk jesli brak tlumaczenia |
---
### Slowniki
#### Lista statusow zamowien
```
GET api.php?endpoint=dictionaries&action=statuses
```
Odpowiedz:
```json
{
"status": "ok",
"data": [
{"id": 0, "name": "Nowe"},
{"id": 1, "name": "Oplacone"},
{"id": 4, "name": "W realizacji"},
{"id": 6, "name": "Wyslane"}
]
}
```
#### Lista metod transportu
```
GET api.php?endpoint=dictionaries&action=transports
```
#### Lista metod platnosci
```
GET api.php?endpoint=dictionaries&action=payment_methods
```
#### Lista atrybutow
```
GET api.php?endpoint=dictionaries&action=attributes
```
Zwraca aktywne atrybuty z wartosciami i wielojezycznymi nazwami.
#### Znajdz lub utworz producenta
```
POST api.php?endpoint=dictionaries&action=ensure_producer
Content-Type: application/json
{
"name": "Nike"
}
```
Zwraca istniejacego producenta po nazwie lub tworzy nowego. Uzyc przed tworzeniem produktu, jesli producent moze nie istniec.
Odpowiedz:
```json
{
"status": "ok",
"data": {
"id": 5,
"created": false
}
}
```
`created: true` gdy producent zostal nowo dodany, `false` gdy juz istnial.
Odpowiedz:
```json
{
"status": "ok",
"data": [
{
"id": 1,
"type": 1,
"status": 1,
"names": {"pl": "Kolor", "en": "Color"},
"values": [
{"id": 3, "names": {"pl": "Czerwony"}, "is_default": 0, "impact_on_the_price": null},
{"id": 4, "names": {"pl": "Niebieski"}, "is_default": 1, "impact_on_the_price": 10.0}
]
}
]
}
```
## Polling
Aby pobierac tylko nowe/zmienione zamowienia, uzyj parametru `updated_since`:
```
GET api.php?endpoint=orders&action=list&updated_since=2026-02-19 12:00:00
```
Kolumna `updated_at` w `pp_shop_orders` jest aktualizowana automatycznie przy kazdej modyfikacji zamowienia (zmiana statusu, platnosci, edycja danych, tworzenie zamowienia).
## Konfiguracja
Klucz API ustawia sie w panelu admina w ustawieniach sklepu lub bezposrednio w bazie:
```sql
INSERT INTO pp_settings (param, value) VALUES ('api_key', 'twoj-klucz-api');
-- lub
UPDATE pp_settings SET value = 'twoj-klucz-api' WHERE param = 'api_key';
```
## Architektura
- Entry point: `api.php`
- Router: `\api\ApiRouter` (`autoload/api/ApiRouter.php`)
- Kontrolery: `autoload/api/Controllers/`
- `OrdersApiController` — zamowienia (5 akcji)
- `ProductsApiController` — produkty (8 akcji: list, get, create, update, variants, create_variant, update_variant, delete_variant)
- `DictionariesApiController` — slowniki (5 akcji: statuses, transports, payment_methods, attributes, ensure_producer)
- `CategoriesApiController` — kategorie (1 akcja: list)

53
docs/CHANGELOG.md
View File

@@ -4,6 +4,59 @@ Logi zmian z migracji na Domain-Driven Architecture. Najnowsze na gorze.
---
## ver. 0.336 (2026-03-12) - Poprawki bezpieczeństwa: error handling w krytycznych ścieżkach
- **FIX**: `cron.php` — przywrócono `E_WARNING` i `E_DEPRECATED` (wyciszano je od zawsze, ukrywając potencjalne błędy)
- **FIX**: `IntegrationsRepository::apiloAuthorize()` — try-catch po zapisie tokenów Apilo; błąd DB logowany i zwraca `false` zamiast cicho kontynuować
- **FIX**: `ProductRepository::safeUnlink()``error_log()` gdy ścieżka istnieje ale jest poza `upload/`
- **FIX**: `ArticleRepository::safeUnlink()` — to samo
---
## ver. 0.335 (2026-03-12) - Poprawki bezpieczeństwa: path traversal i XSS w szablonach
- **SECURITY**: `ProductRepository` — dodano `safeUnlink()` z walidacją `realpath()` zapobiegającą path traversal; użyta w `cleanupDeletedFiles()`, `cleanupDeletedImages()`, `deleteNonassignedImages()`
- **SECURITY**: `ArticleRepository` — to samo; użyta w `deleteMarkedImages()`, `deleteMarkedFiles()`, `deleteNonassignedFiles()`, `deleteNonassignedImages()`
- **SECURITY**: `templates/articles/article-full.php``htmlspecialchars()` na tytule artykułu, `$_SERVER['SERVER_NAME']` i `$url` w linkach social media
- **SECURITY**: `templates/articles/article-entry.php``htmlspecialchars()` na tytule i `$url` (3 miejsca: href, title, alt)
---
## ver. 0.334 (2026-03-12) - Poprawki bezpieczeństwa: debug log, SQL, RedBeanPHP
- **SECURITY**: `ShopOrderController::paymentStatusTpay()` — usunięto `file_put_contents('tpay.txt', ...)` który logował pełne dane POST/GET płatności do publicznego pliku
- **SECURITY**: `ShopOrderController` — hardcoded sekret HotPay `"ProjectPro1916;"` przeniesiony do prywatnej stałej `HOTPAY_HASH_SEED`
- **SECURITY**: `IntegrationsRepository::getSettings()` — zastąpiono raw `query("SELECT * FROM $table")` metodą Medoo `select()` (spójne z zasadą braku string concatenation w SQL)
- **REFACTOR**: `index.php`, `admin/index.php` — usunięto RedBeanPHP (`rb.php`): biblioteka była ładowana i inicjalizowana, ale nigdy nie używana w żadnym zapytaniu
- **CLEANUP**: `libraries/rb.php` — usunięto plik (536 KB zbędnych zależności)
- **TESTS**: `IntegrationsRepositoryTest` — zaktualizowano 6 testów do nowego API (`select` zamiast `query` dla `getSettings`)
---
## ver. 0.333 (2026-03-10) - Ochrona przed podwójnym składaniem zamówienia (order submit token)
- **NEW**: `ShopBasketController` — mechanizm tokenu CSRF chroniący przed podwójnym składaniem zamówienia (generowanie, walidacja, konsumpcja tokenu w sesji)
- **NEW**: `ShopBasketController::basketSave()` — przy duplikacie przekierowanie do istniejącego zamówienia zamiast tworzenia kolejnego
- **FIX**: `templates/shop-basket/summary-view.php` — JS nasłuchuje na `submit` formularza zamiast `click` przycisku (poprawna obsługa walidacji HTML5)
- **FIX**: `templates/shop-basket/address-form.php` — ukryte pole `order_submit_token` z escape XSS
- **TESTS**: `ShopBasketControllerTest` — testy konstruktora i zależności (5 testów)
---
## ver. 0.332 (2026-03-01) - API produktów: nowe pola new_to_date i additional_message
- **NEW**: `ProductRepository::getProductForApi()` — eksportuje 4 nowe pola: `new_to_date`, `additional_message` (int 0/1), `additional_message_required` (int 0/1), `additional_message_text`
- **NEW**: `ProductsApiController` — obsługa nowych pól w PUT/PATCH (aktualizacja `new_to_date`, `additional_message`, `additional_message_required`, `additional_message_text`)
- **DOCS**: `docs/API.md` — zaktualizowane przykłady GET/PUT dla nowych pól produktu
---
## ver. 0.331 (2026-03-01) - Bugfix: strona produktu używała layoutu kategorii zamiast domyślnego
- **FIX**: `LayoutsRepository::getProductLayout()` — fallback gdy produkt i jego kategorie nie mają przypisanego layoutu zmieniany z `categories_default = 1` na `status = 1`; wcześniej produkty bez layoutu pobierały szablon "Podstrony - kategorie" zamiast właściwego domyślnego
---
## ver. 0.330 (2026-02-27) - Eliminacja htaccess.conf — wszystkie trasy URL w pp_routes
- **REFACTOR**: `Helpers::htacces()` — generowanie `.htaccess` w całości z PHP (usunięty `file_get_contents('htaccess.conf')` i placeholder `{HTACCESS_CACHE}`)

6
docs/TESTING.md
View File

@@ -23,10 +23,10 @@ composer test # standard
## Aktualny stan
```text
OK (805 tests, 2253 assertions)
OK (810 tests, 2264 assertions)
```
Zweryfikowano: 2026-02-24 (ver. 0.318)
Zweryfikowano: 2026-03-10 (ver. 0.333)
## Konfiguracja
@@ -89,6 +89,8 @@ tests/
| |-- ShopStatusesControllerTest.php
| |-- ShopTransportControllerTest.php
| `-- UsersControllerTest.php
| |-- front/Controllers/
| | `-- ShopBasketControllerTest.php
| `-- api/
| |-- ApiRouterTest.php
| `-- Controllers/

10
docs/TODO.md
View File

@@ -1,4 +1,8 @@
1. Dodać przycisk kopiowania przy atrybutach produktu w zamówieniu
2. Poprawić htaccess, żeby w nim nie było w ogóle adresów strona wszystko z bazy.
3. Dodać uwierzytelnienie dwuskładnikowe za pomocą aplikacji.
4. Dodać zarządzanie uprawnieniami na poziomie urzytkownika, na razie uprawnienia do poszczególnych modułów.
4. Dodać zarządzanie uprawnieniami na poziomie urzytkownika, na razie uprawnienia do poszczególnych modułów.
naprawić działanie newslettera i zapis do bazy newslettera
program lojalnościowy
proponowane produkty w koszyku
Do zamówień w statusie: realizowane lub oczekuje na wpłatę. Opcja tylko dla zarejestrowanych klientów. https://royal-stone.pl/pl/order1.html
Dodać możliwość ustawienia limitu znaków w wiadomościach do produktu
8. [] Przerobić analitykę Google Analytics i Google ADS

658
docs/plans/2026-02-27-htaccess-conf-elimination.md
View File

@@ -1,658 +0,0 @@
# htaccess.conf Elimination — Implementation Plan
> **For Claude:** REQUIRED SUB-SKILL: Use superpowers:executing-plans to implement this plan task-by-task.
**Goal:** Eliminate `libraries/htaccess.conf` as a template file and move all remaining hardcoded URL routes into `pp_routes`, leaving only true Apache-level directives in the generated `.htaccess`.
**Architecture:** `Helpers::htacces()` generates the full `.htaccess` content from PHP strings instead of loading a template. All URL→PHP mappings (static system routes + dynamic per language/producer) are inserted into `pp_routes` with `type='system'`, deleted and reinserted on every `htacces()` call. Apache-level rules (HTTPS redirect, admin routing, thumb.php) stay in `.htaccess` only.
**Tech Stack:** PHP 7.4, Medoo ORM (`$mdb`), Redis (CacheHandler), PHPUnit 9.6
---
## Context
### Current `Helpers::htacces()` structure (before this plan)
1. Loads `libraries/htaccess.conf` template (contains many hardcoded URL routes)
2. Appends language switch rules to `$htaccess_data`
3. Appends newsletter and producer rules to `$htaccess_data`
4. Inserts category/product/page/article routes into `pp_routes` (done in v0.329)
5. Replaces `{HTACCESS_CACHE}` placeholder
6. Appends catch-all, writes files
### What stays in `.htaccess` after this plan
- `RewriteEngine On`, `RewriteBase /`, `Options`
- www→https redirect
- http→https redirect (with tpay/przelewy24/hotpay exclusion)
- Trailing slash removal (excluding `/admin/`)
- Admin routing: `^admin/([^/]*)/([^/]*)/(.*)$`
- `^admin/$`
- Thumbnail: `^thumb/([0-9]*)/([0-9]*)/(.*)$``/libraries/thumb.php` (different PHP file, cannot use pp_routes)
- `THE_REQUEST` index.php redirect
- Cache headers block (gzip/expires or no-cache based on `$settings['htaccess_cache']`)
- File protection: `<Files *.conf>`, `<Files *.log>`, `<Files *.ini>`
- Start page 301 redirects (generated dynamically in pages loop)
- Custom htaccess from `pp_settings` (param=htaccess)
- Catch-all: `RewriteRule ^ index.php [L]`
### New `type` column in `pp_routes`
- `NULL` = entity route (product/category/page/article)
- `'system'` = system route (all routes in this plan)
- On every `htacces()` call: `DELETE WHERE type='system'`, then reinsert all
---
## Task 1: Update SQL migration — add `type` column
**Files:**
- Modify: `migrations/0.329.sql`
**Step 1: Add `type` column to the migration**
Open `migrations/0.329.sql` (currently has 4 lines). Append the `type` column:
```sql
ALTER TABLE pp_routes
ADD COLUMN category_id INT NULL AFTER product_id,
ADD COLUMN page_id INT NULL AFTER category_id,
ADD COLUMN article_id INT NULL AFTER page_id,
ADD COLUMN type VARCHAR(20) NULL AFTER article_id;
```
**Step 2: Apply migration on server**
Run on the production/staging database:
```sql
ALTER TABLE pp_routes ADD COLUMN type VARCHAR(20) NULL AFTER article_id;
```
(The other 3 columns from 0.329 should already be applied from the previous deployment.)
**Step 3: No test needed** — pure schema change, verified when routes are inserted in Task 2.
---
## Task 2: Refactor `Helpers::htacces()` — replace template + move all routes to pp_routes
**Files:**
- Modify: `autoload/Shared/Helpers/Helpers.php` (method `htacces()`, lines ~408773)
This is the core task. The entire method is refactored. Here is the complete new body:
**Step 1: Replace the method body**
Find the opening of `htacces()` at line ~408. Replace everything from the start of the method body through the end (line ~773) with the code below.
The key structural changes:
- Remove `file_get_contents(htaccess.conf)` and `str_replace('{PAGE}', ...)`
- Remove `str_replace('{HTACCESS_CACHE}', ...)` — cache block is now inline
- Build `$htaccess_data` directly as PHP string
- Delete all `type='system'` routes, then reinsert static + dynamic ones
- Language switch → `pp_routes` (remove from `$htaccess_data`)
- Newsletter → `pp_routes` (remove from `$htaccess_data`)
- Producenci/producent → `pp_routes` (remove from `$htaccess_data`)
**New `htacces()` method body** — replace lines 409773 with:
```php
{
global $mdb;
$settings = ( new \Domain\Settings\SettingsRepository( $mdb ) )->allSettings( true );
$url = preg_replace( '#^(http(s)?://)?w{3}\.#', '$1', $_SERVER['SERVER_NAME'] );
$robots = 'User-agent: *' . PHP_EOL;
$robots .= 'Allow: /' . PHP_EOL;
$site_map = '<?xml version="1.0" encoding="UTF-8"?>' . PHP_EOL;
$site_map .= '<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">' . PHP_EOL;
$site_map .= '<url>' . PHP_EOL;
$site_map .= '<loc>https://' . $url . '</loc>' . PHP_EOL;
$site_map .= '<lastmod>' . date( 'Y-m-d' ) . '</lastmod>' . PHP_EOL;
$site_map .= '<changefreq>daily</changefreq>' . PHP_EOL;
$site_map .= '<priority>1</priority>' . PHP_EOL;
$site_map .= '</url>' . PHP_EOL;
//
// SYSTEM ROUTES — delete all and reinsert
//
$mdb->delete( 'pp_routes', [ 'type' => 'system' ] );
// Static system routes (hardcoded, never change)
$systemRoutes = [
// Wyszukiwarka
[ 'pattern' => '^wyszukiwarka/([^/]+)/([0-9]+)$', 'destination' => 'index.php?module=search&action=search_results&query=$1&bs=$2' ],
[ 'pattern' => '^wyszukiwarka/([^/]+)$', 'destination' => 'index.php?module=search&action=search_results&query=$1&bs=1' ],
// Zamowienia
[ 'pattern' => '^zamowienie/([a-zA-Z0-9-]+)$', 'destination' => 'index.php?module=shop_order&action=order_details&order_hash=$1' ],
[ 'pattern' => '^potwierdzenie-platnosci/([a-zA-Z0-9-]+)$', 'destination' => 'index.php?module=shop_order&action=payment_confirmation&order_hash=$1' ],
// Platnosci
[ 'pattern' => '^tpay-status$', 'destination' => 'index.php?module=shop_order&action=payment_status_tpay' ],
[ 'pattern' => '^platnosc-status$', 'destination' => 'index.php?module=shop_order&action=payment_status_hotpay' ],
[ 'pattern' => '^przelewy24-status$', 'destination' => 'index.php?module=shop_order&action=payment_status_przelewy24pl' ],
// Koszyk
[ 'pattern' => '^koszyk$', 'destination' => 'index.php?module=shop_basket&action=main_view' ],
[ 'pattern' => '^koszyk-podsumowanie$', 'destination' => 'index.php?module=shop_basket&action=summary_view' ],
[ 'pattern' => '^zloz-zamowienie$', 'destination' => 'index.php?module=shop_basket&action=basket_save' ],
// Klient
[ 'pattern' => '^rejestracja$', 'destination' => 'index.php?module=shop_client&action=register_form' ],
[ 'pattern' => '^logowanie$', 'destination' => 'index.php?module=shop_client&action=login_form' ],
[ 'pattern' => '^wylogowanie$', 'destination' => 'index.php?module=shop_client&action=logout' ],
[ 'pattern' => '^odzyskiwanie-hasla$', 'destination' => 'index.php?module=shop_client&action=recover_password' ],
[ 'pattern' => '^panel-klienta/zamowienia$', 'destination' => 'index.php?module=shop_client&action=client_orders' ],
[ 'pattern' => '^panel-klienta/adresy$', 'destination' => 'index.php?module=shop_client&action=client_addresses' ],
[ 'pattern' => '^panel-klienta/nowy-adres$', 'destination' => 'index.php?module=shop_client&action=address_edit' ],
[ 'pattern' => '^panel-klienta/edytuj-adres/([0-9]+)$', 'destination' => 'index.php?module=shop_client&action=address_edit&id=$1' ],
[ 'pattern' => '^panel-klienta/usun-adres/([0-9]+)$', 'destination' => 'index.php?module=shop_client&action=address_delete&id=$1' ],
// Newsletter
[ 'pattern' => '^newsletter/signin$', 'destination' => 'index.php?module=newsletter&action=signin' ],
[ 'pattern' => '^newsletter/confirm/hash=(.+)$', 'destination' => 'index.php?module=newsletter&action=confirm&hash=$1' ],
[ 'pattern' => '^newsletter/unsubscribe/hash=(.+)$', 'destination' => 'index.php?module=newsletter&action=unsubscribe&hash=$1' ],
// Moduły AJAX (shopBasket, shopClient, shopProduct, shopCoupon, search)
[ 'pattern' => '^shopBasket/([^/]+)/(.+)$', 'destination' => 'index.php?module=shopBasket&action=$1&$2' ],
[ 'pattern' => '^shopBasket/([^/]+)$', 'destination' => 'index.php?module=shopBasket&action=$1' ],
[ 'pattern' => '^shopClient/([^/]+)/(.+)$', 'destination' => 'index.php?module=shopClient&action=$1&$2' ],
[ 'pattern' => '^shopClient/([^/]+)$', 'destination' => 'index.php?module=shopClient&action=$1' ],
[ 'pattern' => '^shopProduct/([^/]+)/(.+)$', 'destination' => 'index.php?module=shopProduct&action=$1&$2' ],
[ 'pattern' => '^shopProduct/([^/]+)$', 'destination' => 'index.php?module=shopProduct&action=$1' ],
[ 'pattern' => '^shopCoupon/([^/]+)/(.+)$', 'destination' => 'index.php?module=shopCoupon&action=$1&$2' ],
[ 'pattern' => '^shopCoupon/([^/]+)$', 'destination' => 'index.php?module=shopCoupon&action=$1' ],
[ 'pattern' => '^search/([^/]+)/(.+)$', 'destination' => 'index.php?module=search&action=$1&$2' ],
[ 'pattern' => '^search/([^/]+)$', 'destination' => 'index.php?module=search&action=$1' ],
];
foreach ( $systemRoutes as $route )
{
$mdb->insert( 'pp_routes', [
'type' => 'system',
'lang_id' => 0,
'pattern' => $route['pattern'],
'destination' => $route['destination'],
] );
}
// Dynamic system routes — languages
$results = $mdb->select( 'pp_langs', [ 'id' ], [ 'status' => 1, 'ORDER' => [ 'o' => 'ASC' ] ] );
if ( is_array( $results ) ) foreach ( $results as $row )
{
$mdb->insert( 'pp_routes', [
'type' => 'system',
'lang_id' => 0,
'pattern' => '^' . $row['id'] . '$',
'destination' => 'index.php?a=change_language&id=' . $row['id'],
] );
}
// Dynamic system routes — producenci
$categoryDefaultLayoutId = ( new \Domain\Layouts\LayoutsRepository( $mdb ) )->categoryDefaultLayoutId();
$mdb->insert( 'pp_routes', [
'type' => 'system',
'lang_id' => 0,
'pattern' => '^producenci$',
'destination' => 'index.php?module=shop_producer&action=list&layout_id=' . $categoryDefaultLayoutId,
] );
$rows = $mdb->select( 'pp_shop_producer', '*', [ 'status' => 1 ] );
if ( self::is_array_fix( $rows ) ) foreach ( $rows as $row )
{
$mdb->insert( 'pp_routes', [
'type' => 'system',
'lang_id' => 0,
'pattern' => '^producent/' . self::seo( $row['name'] ) . '$',
'destination' => 'index.php?module=shop_producer&action=products&producer_id=' . $row['id'] . '&layout_id=' . $categoryDefaultLayoutId,
] );
$mdb->insert( 'pp_routes', [
'type' => 'system',
'lang_id' => 0,
'pattern' => '^producent/' . self::seo( $row['name'] ) . '/([0-9]+)$',
'destination' => 'index.php?module=shop_producer&action=products&producer_id=' . $row['id'] . '&layout_id=' . $categoryDefaultLayoutId . '&bs=$1',
] );
}
//
// HTACCESS — generuj z PHP (bez szablonu htaccess.conf)
//
$htaccess_data = 'RewriteEngine On' . PHP_EOL;
$htaccess_data .= 'RewriteBase /' . PHP_EOL;
$htaccess_data .= 'Options +FollowSymlinks' . PHP_EOL;
$htaccess_data .= 'Options -Indexes' . PHP_EOL;
$htaccess_data .= PHP_EOL;
$htaccess_data .= '# Przekierowanie z www na bez www i z http na https w jednym kroku' . PHP_EOL;
$htaccess_data .= 'RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]' . PHP_EOL;
$htaccess_data .= 'RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]' . PHP_EOL;
$htaccess_data .= PHP_EOL;
$htaccess_data .= '# Przekierowanie z http na https, jesli nie zawiera www' . PHP_EOL;
$htaccess_data .= 'RewriteCond %{HTTPS} off' . PHP_EOL;
$htaccess_data .= 'RewriteCond %{REQUEST_URI} !^/(tpay-status|platnosc-status|przelewy24-status)$ [NC]' . PHP_EOL;
$htaccess_data .= 'RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]' . PHP_EOL;
$htaccess_data .= PHP_EOL;
$htaccess_data .= '# Usuwanie koncowego slasha dla niekatalogów' . PHP_EOL;
$htaccess_data .= 'RewriteCond %{REQUEST_FILENAME} !-d' . PHP_EOL;
$htaccess_data .= 'RewriteCond %{REQUEST_URI} !^/admin/.*$ [NC]' . PHP_EOL;
$htaccess_data .= 'RewriteCond %{REQUEST_URI} (.+)/$' . PHP_EOL;
$htaccess_data .= 'RewriteRule ^ %1 [R=301,L]' . PHP_EOL;
$htaccess_data .= PHP_EOL;
$htaccess_data .= 'RewriteCond %{REQUEST_URI} !^(.*)/libraries/(.*) [NC]' . PHP_EOL;
$htaccess_data .= 'RewriteCond %{REQUEST_URI} !^(.*)/layout/(.*) [NC]' . PHP_EOL;
$htaccess_data .= 'RewriteRule ^admin/([^/]*)/([^/]*)/(.*)$ admin/index.php?module=$1&action=$2&$3 [L]' . PHP_EOL;
$htaccess_data .= PHP_EOL;
$htaccess_data .= 'RewriteRule ^admin/$ admin/index.php [L]' . PHP_EOL;
$htaccess_data .= PHP_EOL;
$htaccess_data .= 'RewriteRule ^thumb/([0-9]*)/([0-9]*)/(.*)$ /libraries/thumb.php?img=$3&w=$1&h=$2 [L]' . PHP_EOL;
$htaccess_data .= PHP_EOL;
$htaccess_data .= 'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index.php' . PHP_EOL;
$htaccess_data .= 'RewriteRule ^ /%1 [R=301,L]' . PHP_EOL;
/* cache — zastąpienie placeholdera {HTACCESS_CACHE} */
if ( $settings['htaccess_cache'] )
{
$htaccess_data .= '<IfModule mod_deflate.c>' . PHP_EOL
. 'AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/css text/javascript application/javascript application/x-javascript' . PHP_EOL
. '</IfModule>' . PHP_EOL
. '<IfModule mod_headers.c>' . PHP_EOL
. 'Header set Access-Control-Allow-Origin "*"' . PHP_EOL
. '</IfModule>' . PHP_EOL
. '<IfModule mod_expires.c>' . PHP_EOL
. 'ExpiresActive on' . PHP_EOL
. 'ExpiresDefault "access plus 1 month"' . PHP_EOL
. 'ExpiresByType text/css "access plus 1 year"' . PHP_EOL
. 'ExpiresByType application/json "access plus 0 seconds"' . PHP_EOL
. 'ExpiresByType application/xml "access plus 0 seconds"' . PHP_EOL
. 'ExpiresByType text/xml "access plus 0 seconds"' . PHP_EOL
. 'ExpiresByType image/x-icon "access plus 1 week"' . PHP_EOL
. 'ExpiresByType text/x-component "access plus 1 month"' . PHP_EOL
. 'ExpiresByType text/html "access plus 0 seconds"' . PHP_EOL
. 'ExpiresByType application/javascript "access plus 1 year"' . PHP_EOL
. 'ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"' . PHP_EOL
. 'ExpiresByType text/cache-manifest "access plus 0 seconds"' . PHP_EOL
. 'ExpiresByType audio/ogg "access plus 1 month"' . PHP_EOL
. 'ExpiresByType image/gif "access plus 1 month"' . PHP_EOL
. 'ExpiresByType image/jpeg "access plus 1 month"' . PHP_EOL
. 'ExpiresByType image/png "access plus 1 month"' . PHP_EOL
. 'ExpiresByType video/mp4 "access plus 1 month"' . PHP_EOL
. 'ExpiresByType video/ogg "access plus 1 month"' . PHP_EOL
. 'ExpiresByType video/webm "access plus 1 month"' . PHP_EOL
. 'ExpiresByType application/atom+xml "access plus 1 hour"' . PHP_EOL
. 'ExpiresByType application/rss+xml "access plus 1 hour"' . PHP_EOL
. 'ExpiresByType application/font-woff "access plus 1 month"' . PHP_EOL
. 'ExpiresByType application/vnd.ms-fontobject "access plus 1 month"' . PHP_EOL
. 'ExpiresByType application/x-font-ttf "access plus 1 month"' . PHP_EOL
. 'ExpiresByType font/opentype "access plus 1 month"' . PHP_EOL
. 'ExpiresByType image/svg+xml "access plus 1 month"' . PHP_EOL
. '</IfModule>' . PHP_EOL;
}
else
{
$htaccess_data .= '<IfModule mod_headers.c>' . PHP_EOL
. 'Header set Cache-Control "no-cache, no-store, must-revalidate"' . PHP_EOL
. 'Header set Pragma "no-cache"' . PHP_EOL
. 'Header set Expires 0' . PHP_EOL
. '</IfModule>' . PHP_EOL;
}
$htaccess_data .= '<Files *.conf>' . PHP_EOL;
$htaccess_data .= ' Order Deny,Allow' . PHP_EOL;
$htaccess_data .= ' Deny from all' . PHP_EOL;
$htaccess_data .= '</Files>' . PHP_EOL;
$htaccess_data .= '<Files *.log>' . PHP_EOL;
$htaccess_data .= ' Order Deny,Allow' . PHP_EOL;
$htaccess_data .= ' Deny from all' . PHP_EOL;
$htaccess_data .= '</Files>' . PHP_EOL;
$htaccess_data .= '<Files *.ini>' . PHP_EOL;
$htaccess_data .= ' Order Deny,Allow' . PHP_EOL;
$htaccess_data .= ' Deny from all' . PHP_EOL;
$htaccess_data .= '</Files>' . PHP_EOL;
//
// KATEGORIE — sitemap + pp_routes (bez zmian)
//
$results = $mdb->select( 'pp_langs', [ 'id', 'start' ], [ 'status' => 1, 'ORDER' => [ 'o' => 'ASC' ] ] );
if ( is_array( $results ) ) foreach ( $results as $row )
{
!$row['start'] ? $language_link = $row['id'] . '/' : $language_link = '';
$results2 = $mdb->select( 'pp_shop_categories_langs', [ '[><]pp_shop_categories' => [ 'category_id' => 'id' ] ], [ 'seo_link', 'title', 'category_id' ], [ 'lang_id' => $row['id'], 'ORDER' => [ 'o' => 'ASC' ] ] );
if ( is_array( $results2 ) ) foreach ( $results2 as $row2 )
{
if ( $row2['title'] )
{
$site_map .= '<url>' . PHP_EOL;
if ( $row2['seo_link'] )
$site_map .= '<loc>https://' . $url . '/' . $language_link . self::seo( $row2['seo_link'] ) . '</loc>' . PHP_EOL;
else
$site_map .= '<loc>https://' . $url . '/' . $language_link . 'k-' . $row2['category_id'] . '-' . self::seo( $row2['title'] ) . '</loc>' . PHP_EOL;
$site_map .= '<lastmod>' . date( 'Y-m-d' ) . '</lastmod>' . PHP_EOL;
$site_map .= '<changefreq>daily</changefreq>' . PHP_EOL;
$site_map .= '<priority>1</priority>' . PHP_EOL;
$site_map .= '</url>' . PHP_EOL;
$seoSlug = $row2['seo_link'] ? self::seo( $row2['seo_link'] ) : 'k-' . $row2['category_id'] . '-' . self::seo( $row2['title'] );
$mdb->delete( 'pp_routes', [ 'AND' => [ 'category_id' => $row2['category_id'], 'lang_id' => $row['id'] ] ] );
$mdb->insert( 'pp_routes', [
'category_id' => $row2['category_id'],
'lang_id' => $row['id'],
'pattern' => '^' . $language_link . $seoSlug . '$',
'destination' => 'index.php?category=' . $row2['category_id'] . '&lang=' . $row['id'],
] );
$mdb->insert( 'pp_routes', [
'category_id' => $row2['category_id'],
'lang_id' => $row['id'],
'pattern' => '^' . $language_link . $seoSlug . '/([0-9]+)$',
'destination' => 'index.php?category=' . $row2['category_id'] . '&lang=' . $row['id'] . '&bs=$1',
] );
}
}
}
//
// PRODUKTY — sitemap + pp_routes (bez zmian)
//
$results = $mdb->select( 'pp_langs', [ 'id', 'start' ], [ 'status' => 1, 'ORDER' => [ 'o' => 'ASC' ] ] );
if ( is_array( $results ) )
{
foreach ( $results as $row )
{
!$row['start'] ? $language_link = $row['id'] . '/' : $language_link = '';
$results2 = $mdb->select( 'pp_shop_products_langs', [ '[><]pp_shop_products' => [ 'product_id' => 'id' ] ], [ 'seo_link', 'name', 'product_id' ], [ 'lang_id' => $row['id'], 'ORDER' => [ 'name' => 'ASC' ] ] );
if ( is_array( $results2 ) )
{
foreach ( $results2 as $row2 )
{
$mdb->delete( 'pp_routes', [ 'AND' => [ 'product_id' => $row2['product_id'], 'lang_id' => $row['id'] ] ] );
if ( $row2['name'] )
{
$site_map .= '<url>' . PHP_EOL;
if ( $row2['seo_link'] )
$site_map .= '<loc>https://' . $url . '/' . $language_link . self::seo( $row2['seo_link'] ) . '</loc>' . PHP_EOL;
else
$site_map .= '<loc>https://' . $url . '/' . $language_link . 'p-' . $row2['product_id'] . '-' . self::seo( $row2['name'] ) . '</loc>' . PHP_EOL;
$site_map .= '<lastmod>' . date( 'Y-m-d' ) . '</lastmod>' . PHP_EOL;
$site_map .= '<changefreq>daily</changefreq>' . PHP_EOL;
$site_map .= '<priority>1</priority>' . PHP_EOL;
$site_map .= '</url>' . PHP_EOL;
if ( $row2['seo_link'] )
{
$mdb->insert( 'pp_routes', [ 'product_id' => $row2['product_id'], 'lang_id' => $row['id'], 'pattern' => '^' . $language_link . self::seo( $row2['seo_link'] ) . '$', 'destination' => 'index.php?product=' . $row2['product_id'] ] );
$mdb->insert( 'pp_routes', [ 'product_id' => $row2['product_id'], 'lang_id' => $row['id'], 'pattern' => '^' . $language_link . self::seo( $row2['seo_link'] ) . '/([0-9-]+)$', 'destination' => 'index.php?product=' . $row2['product_id'] . '&permutation_hash=$1' ] );
}
else
{
$mdb->insert( 'pp_routes', [ 'product_id' => $row2['product_id'], 'lang_id' => $row['id'], 'pattern' => '^' . $language_link . 'p-' . $row2['product_id'] . '-' . self::seo( $row2['name'] ) . '$', 'destination' => 'index.php?product=' . $row2['product_id'] ] );
$mdb->insert( 'pp_routes', [ 'product_id' => $row2['product_id'], 'lang_id' => $row['id'], 'pattern' => '^' . $language_link . 'p-' . $row2['product_id'] . '-' . self::seo( $row2['name'] ) . '/([0-9-]+)$', 'destination' => 'index.php?product=' . $row2['product_id'] . '&permutation_hash=$1' ] );
}
}
}
}
}
}
//
// STRONY + ARTYKULY — sitemap + pp_routes (bez zmian)
//
$results = $mdb->select( 'pp_langs', [ 'id', 'start' ], [ 'status' => 1, 'ORDER' => [ 'o' => 'ASC' ] ] );
if ( is_array( $results ) )
foreach ( $results as $row )
{
( !$row['start'] and count( $results ) > 1 ) ? $language_link = $row['id'] . '/' : $language_link = '';
$results2 = $mdb->select( 'pp_pages_langs', [ '[><]pp_pages' => [ 'page_id' => 'id' ] ], [ 'seo_link', 'title', 'page_id', 'noindex', 'start', 'link', 'page_type' ], [ 'lang_id' => $row['id'], 'ORDER' => [ 'start' => 'DESC', 'o' => 'ASC' ] ] );
if ( is_array( $results2 ) )
foreach ( $results2 as $row2 )
{
if ( $row2['title'] and $row2['page_type'] != 3 and $row2['page_type'] != 5 )
{
if ( !$row2['noindex'] )
{
$site_map .= '<url>' . PHP_EOL;
if ( $row2['seo_link'] )
$site_map .= '<loc>https://' . $url . '/' . self::seo( $row2['seo_link'] ) . '</loc>' . PHP_EOL;
else
$site_map .= '<loc>https://' . $url . '/s-' . $row2['page_id'] . '-' . self::seo( $row2['title'] ) . '</loc>' . PHP_EOL;
$site_map .= '<lastmod>' . date( 'Y-m-d' ) . '</lastmod>' . PHP_EOL;
$site_map .= '<changefreq>daily</changefreq>' . PHP_EOL;
$site_map .= '<priority>1</priority>' . PHP_EOL;
$site_map .= '</url>' . PHP_EOL;
}
else if ( $row2['noindex'] and $row2['seo_link'] )
{
$robots .= 'User-agent: GoogleBot' . PHP_EOL;
$robots .= 'Disallow: /' . $row2['seo_link'] . PHP_EOL;
}
if ( $row2['start'] )
{
if ( $row2['seo_link'] )
{
$htaccess_data .= PHP_EOL . 'RewriteCond %{REQUEST_URI} ^/' . self::seo( $row2['seo_link'] ) . '$';
$htaccess_data .= PHP_EOL . 'RewriteRule ^(.*)$ http://www.' . $url . '/' . $language_link . ' [R=permanent,L]';
$htaccess_data .= PHP_EOL . 'RewriteCond %{REQUEST_URI} ^/' . self::seo( $row2['seo_link'] ) . '-1$';
$htaccess_data .= PHP_EOL . 'RewriteRule ^(.*)$ http://www.' . $url . '/' . $language_link . ' [R=permanent,L]';
}
else
{
$htaccess_data .= PHP_EOL . 'RewriteCond %{REQUEST_URI} ^/s-' . $row2['page_id'] . '-' . self::seo( $row2['title'] ) . '$';
$htaccess_data .= PHP_EOL . 'RewriteRule ^(.*)$ http://www.' . $url . '/' . $language_link . ' [R=permanent,L]';
$htaccess_data .= PHP_EOL . 'RewriteCond %{REQUEST_URI} ^/s-' . $row2['page_id'] . '-' . self::seo( $row2['title'] ) . '-1$';
$htaccess_data .= PHP_EOL . 'RewriteRule ^(.*)$ http://www.' . $url . '/' . $language_link . ' [R=permanent,L]';
}
$htaccess_data .= PHP_EOL . 'RewriteRule ^$ index.php?a=page&id=' . $row2['page_id'] . '&lang=' . $row['id'] . ' [L]';
}
$seoSlug = $row2['seo_link'] ? self::seo( $row2['seo_link'] ) : 's-' . $row2['page_id'] . '-' . self::seo( $row2['title'] );
$langPrefix = $row2['start'] ? '' : $language_link;
$mdb->delete( 'pp_routes', [ 'AND' => [ 'page_id' => $row2['page_id'], 'lang_id' => $row['id'] ] ] );
$mdb->insert( 'pp_routes', [
'page_id' => $row2['page_id'],
'lang_id' => $row['id'],
'pattern' => '^' . $langPrefix . $seoSlug . '$',
'destination' => 'index.php?a=page&id=' . $row2['page_id'] . '&lang=' . $row['id'],
] );
$mdb->insert( 'pp_routes', [
'page_id' => $row2['page_id'],
'lang_id' => $row['id'],
'pattern' => '^' . $langPrefix . $seoSlug . '/([0-9]+)$',
'destination' => 'index.php?a=page&id=' . $row2['page_id'] . '&lang=' . $row['id'] . '&bs=$1',
] );
}
}
$results2 = $mdb->select( 'pp_articles_langs', [ '[><]pp_articles' => [ 'article_id' => 'id' ] ], [ 'seo_link', 'title', 'article_id', 'noindex', 'copy_from' ], [ 'AND' => [ 'status' => 1, 'lang_id' => $row['id'], 'block_direct_access' => 0 ] ] );
if ( is_array( $results2 ) )
foreach ( $results2 as $row2 )
{
if ( $row2['copy_from'] != null )
{
$results_tmp = $mdb->get( 'pp_articles_langs', [ 'seo_link', 'title' ], [ 'AND' => [ 'article_id' => $row2['article_id'], 'lang_id' => $row2['copy_from'] ] ] );
$row2['seo_link'] = $results_tmp['seo_link'];
$row2['title'] = $results_tmp['title'];
}
if ( !$row2['noindex'] )
{
$site_map .= '<url>' . PHP_EOL;
if ( $row2['seo_link'] )
$site_map .= '<loc>https://' . $url . '/' . self::seo( $row2['seo_link'] ) . '</loc>' . PHP_EOL;
else
$site_map .= '<loc>https://' . $url . '/a-' . $row2['article_id'] . '-' . self::seo( $row2['title'] ) . '</loc>' . PHP_EOL;
$site_map .= '<lastmod>' . date( 'Y-m-d' ) . '</lastmod>' . PHP_EOL;
$site_map .= '<changefreq>daily</changefreq>' . PHP_EOL;
$site_map .= '<priority>1</priority>' . PHP_EOL;
$site_map .= '</url>' . PHP_EOL;
}
else if ( $row2['noindex'] and $row2['seo_link'] )
{
$robots .= 'User-agent: GoogleBot' . PHP_EOL;
$robots .= 'Disallow: /' . $row2['seo_link'] . PHP_EOL;
}
$mdb->delete( 'pp_routes', [ 'AND' => [ 'article_id' => $row2['article_id'], 'lang_id' => $row['id'] ] ] );
if ( $row2['seo_link'] )
{
$mdb->insert( 'pp_routes', [
'article_id' => $row2['article_id'],
'lang_id' => $row['id'],
'pattern' => '^' . $language_link . self::seo( $row2['seo_link'] ) . '$',
'destination' => 'index.php?article=' . $row2['article_id'] . '&lang=' . $row['id'],
] );
}
else if ( $row2['title'] != null )
{
$mdb->insert( 'pp_routes', [
'article_id' => $row2['article_id'],
'lang_id' => $row['id'],
'pattern' => '^' . $language_link . 'a-' . $row2['article_id'] . '-' . self::seo( $row2['title'] ) . '$',
'destination' => 'index.php?article=' . $row2['article_id'] . '&lang=' . $row['id'],
] );
}
}
}
// Invalidacja cache tras
try {
( new \Shared\Cache\CacheHandler() )->delete( 'pp_routes:all' );
} catch ( \Exception $e ) {
// Redis niedostepny — ignorujemy
}
$results = $mdb->get( 'pp_settings', 'value', [ 'param' => 'htaccess' ] );
if ( $results )
$htaccess_data .= PHP_EOL . $results;
$results = $mdb->get( 'pp_settings', 'value', [ 'param' => 'robots' ] );
if ( $results )
$robots .= PHP_EOL . $results;
$site_map .= '</urlset>';
$htaccess_data .= PHP_EOL;
$htaccess_data .= 'RewriteCond %{REQUEST_FILENAME} !-f' . PHP_EOL;
$htaccess_data .= 'RewriteCond %{REQUEST_FILENAME} !-d' . PHP_EOL;
$htaccess_data .= 'RewriteRule ^ index.php [L]';
// Niektore hostingi blokuja zmiane wersji PHP przez .htaccess.
$htaccess_data = preg_replace( '/^(\\s*)(AddHandler|SetHandler|ForceType)\\b/im', '$1# $2', $htaccess_data );
$fp = fopen( $dir . '.htaccess', 'w' );
fwrite( $fp, $htaccess_data );
fclose( $fp );
$fp = fopen( $dir . 'sitemap.xml', 'w' );
fwrite( $fp, $site_map );
fclose( $fp );
$fp = fopen( $dir . 'robots.txt', 'w' );
fwrite( $fp, $robots );
fclose( $fp );
}
```
**Step 2: Run tests**
```
php phpunit.phar --configuration phpunit.xml
```
Expected: all tests pass (htacces() has no unit tests, covered by integration).
---
## Task 3: Delete `libraries/htaccess.conf`
**Files:**
- Delete: `libraries/htaccess.conf`
**Step 1: Verify htacces() no longer references the file**
Search for any remaining `file_get_contents` referencing `htaccess.conf`:
```bash
grep -r "htaccess.conf" autoload/
```
Expected: no results.
**Step 2: Delete the file**
```bash
rm libraries/htaccess.conf
```
**Step 3: Run tests**
```
php phpunit.phar --configuration phpunit.xml
```
Expected: all tests still pass.
---
## Task 4: Update `docs/DATABASE_STRUCTURE.md`
**Files:**
- Modify: `docs/DATABASE_STRUCTURE.md` (section `## pp_routes`)
**Step 1: Add `type` column to the pp_routes table description**
Find the `## pp_routes` section and add the `type` row to the column table:
```markdown
| type | Typ trasy: NULL = encja (produkt/kategoria/strona/artykuł), 'system' = trasa systemowa |
```
Also update the description paragraph to mention that system routes are managed automatically.
---
## Task 5: Manual integration test on server
**Step 1: Apply migration**
```sql
ALTER TABLE pp_routes ADD COLUMN type VARCHAR(20) NULL AFTER article_id;
```
**Step 2: Trigger `htacces()` regeneration**
Log in to admin panel → save any product or category → this calls `htacces()`.
**Step 3: Verify pp_routes has system routes**
```sql
SELECT COUNT(*) FROM pp_routes WHERE type = 'system';
```
Expected: ~35+ rows (32 static + language rows + producer rows).
**Step 4: Verify .htaccess was generated correctly**
Open `.htaccess` — should NOT contain `RewriteRule ^koszyk$`, `^logowanie$`, etc. Should contain HTTPS redirect, admin routing, thumb routing, cache block.
**Step 5: Test URLs in browser**
- `/koszyk` → koszyk page ✓
- `/logowanie` → login page ✓
- `/wyszukiwarka/test` → search results ✓
- `/zamowienie/abc123` → order details ✓
- `/shopClient/confirm/hash=xyz` → client confirm action ✓
- Category URL → category page ✓
- Product URL → product page ✓
**Step 6: Run full test suite**
```
php phpunit.phar --configuration phpunit.xml
```
Expected: 807 tests, all pass.
---
## Task 6: Commit
**Step 1: Stage and commit**
```bash
git add migrations/0.329.sql
git add autoload/Shared/Helpers/Helpers.php
git add docs/DATABASE_STRUCTURE.md
git add docs/plans/2026-02-27-htaccess-conf-elimination.md
git add docs/plans/2026-02-27-htaccess-to-routes-design.md
git rm libraries/htaccess.conf
git commit -m "feat: eliminate htaccess.conf, move all routes to pp_routes (v0.330)"
```

121
docs/plans/2026-02-27-htaccess-to-routes-design.md
View File

@@ -1,121 +0,0 @@
# Design: Eliminacja htaccess.conf i przeniesienie wszystkich tras do pp_routes
**Data:** 2026-02-27
**Wersja docelowa:** 0.330
---
## Cel
Wyeliminowanie pliku `libraries/htaccess.conf` jako szablonu i przeniesienie wszystkich URL-i, które dotychczas były wpisane na sztywno w `.htaccess`, do tabeli `pp_routes`. Logika generowania `.htaccess` zostaje w całości w `Helpers::htacces()`.
---
## Co zostaje w `.htaccess` (reguły Apache-level)
Tylko dyrektywy, których PHP nie może obsłużyć:
- `RewriteEngine On`, `Options`
- Redirect HTTPS/www
- Redirect HTTP→HTTPS (z wyłączeniem tpay-status, platnosc-status, przelewy24-status)
- Usuwanie trailing slash (z wyłączeniem `/admin/`)
- Routing `/admin/``admin/index.php`
- `thumb/([0-9]*)/([0-9]*)/(.*)``/libraries/thumb.php` (inny plik PHP — niemożliwe przez pp_routes)
- `RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index.php` — redirect z index.php
- Blok cache headers (gzip, expires) — zależny od `$settings['htaccess_cache']`
- Ochrona plików: `<Files *.conf>`, `<Files *.log>`, `<Files *.ini>`
- Przekierowania 301 stron startowych (generowane dynamicznie w pętli pages)
- Niestandardowe reguły z `pp_settings` (param=htaccess)
- Catch-all: `RewriteCond !-f`, `!-d`, `RewriteRule ^ index.php [L]`
---
## Co przechodzi do `pp_routes`
### Statyczne trasy systemowe (hardcoded, niezmienne)
| Pattern | Destination |
|---------|-------------|
| `^wyszukiwarka/([^/]+)/([0-9]+)$` | `index.php?module=search&action=search_results&query=$1&bs=$2` |
| `^wyszukiwarka/([^/]+)$` | `index.php?module=search&action=search_results&query=$1&bs=1` |
| `^zamowienie/([a-zA-Z0-9-]+)$` | `index.php?module=shop_order&action=order_details&order_hash=$1` |
| `^potwierdzenie-platnosci/([a-zA-Z0-9-]+)$` | `index.php?module=shop_order&action=payment_confirmation&order_hash=$1` |
| `^tpay-status$` | `index.php?module=shop_order&action=payment_status_tpay` |
| `^platnosc-status$` | `index.php?module=shop_order&action=payment_status_hotpay` |
| `^przelewy24-status$` | `index.php?module=shop_order&action=payment_status_przelewy24pl` |
| `^koszyk$` | `index.php?module=shop_basket&action=main_view` |
| `^koszyk-podsumowanie$` | `index.php?module=shop_basket&action=summary_view` |
| `^zloz-zamowienie$` | `index.php?module=shop_basket&action=basket_save` |
| `^rejestracja$` | `index.php?module=shop_client&action=register_form` |
| `^logowanie$` | `index.php?module=shop_client&action=login_form` |
| `^wylogowanie$` | `index.php?module=shop_client&action=logout` |
| `^odzyskiwanie-hasla$` | `index.php?module=shop_client&action=recover_password` |
| `^panel-klienta/zamowienia$` | `index.php?module=shop_client&action=client_orders` |
| `^panel-klienta/adresy$` | `index.php?module=shop_client&action=client_addresses` |
| `^panel-klienta/nowy-adres$` | `index.php?module=shop_client&action=address_edit` |
| `^panel-klienta/edytuj-adres/([0-9]+)$` | `index.php?module=shop_client&action=address_edit&id=$1` |
| `^panel-klienta/usun-adres/([0-9]+)$` | `index.php?module=shop_client&action=address_delete&id=$1` |
| `^newsletter/signin$` | `index.php?module=newsletter&action=signin` |
| `^newsletter/confirm/hash=(.+)$` | `index.php?module=newsletter&action=confirm&hash=$1` |
| `^newsletter/unsubscribe/hash=(.+)$` | `index.php?module=newsletter&action=unsubscribe&hash=$1` |
### Trasy modułów AJAX (shopBasket, shopClient, shopProduct, shopCoupon, search)
Dwa wzorce na moduł — 3-segmentowy (z parametrami) i 2-segmentowy:
| Pattern | Destination |
|---------|-------------|
| `^shopBasket/([^/]+)/(.+)$` | `index.php?module=shopBasket&action=$1&$2` |
| `^shopBasket/([^/]+)$` | `index.php?module=shopBasket&action=$1` |
| `^shopClient/([^/]+)/(.+)$` | `index.php?module=shopClient&action=$1&$2` |
| `^shopClient/([^/]+)$` | `index.php?module=shopClient&action=$1` |
| `^shopProduct/([^/]+)/(.+)$` | `index.php?module=shopProduct&action=$1&$2` |
| `^shopProduct/([^/]+)$` | `index.php?module=shopProduct&action=$1` |
| `^shopCoupon/([^/]+)/(.+)$` | `index.php?module=shopCoupon&action=$1&$2` |
| `^shopCoupon/([^/]+)$` | `index.php?module=shopCoupon&action=$1` |
| `^search/([^/]+)/(.+)$` | `index.php?module=search&action=$1&$2` |
| `^search/([^/]+)$` | `index.php?module=search&action=$1` |
### Dynamiczne trasy systemowe (wstawiane przy każdym `htacces()`)
- **Języki:** `^{lang_id}$``index.php?a=change_language&id={lang_id}` (per każdy aktywny język)
- **Producenci lista:** `^producenci$``index.php?module=shop_producer&action=list&layout_id={id}`
- **Producent detail:** `^producent/{slug}$` i `^producent/{slug}/([0-9]+)$` (per producent z DB)
---
## Nowa kolumna `type` w `pp_routes`
```sql
ADD COLUMN type VARCHAR(20) NULL AFTER article_id
```
| Wartość | Znaczenie |
|---------|-----------|
| `NULL` | Trasa encji (produkt, kategoria, strona, artykuł) |
| `'system'` | Trasa systemowa (wszystkie powyższe) |
**Zarządzanie:** przy każdym `htacces()`:
```php
$mdb->delete('pp_routes', ['type' => 'system']); // usuń wszystkie
// ... wstaw na nowo (statyczne + dynamiczne)
```
---
## Eliminacja `htaccess.conf`
`file_get_contents($dir . 'libraries/htaccess.conf')` zastąpione PHP stringiem z tą samą treścią (tylko Apache-level reguły). Placeholder `{HTACCESS_CACHE}` zastąpiony bezpośrednim `if ($settings['htaccess_cache']) { ... } else { ... }` wbudowanym w odpowiednim miejscu.
Plik `libraries/htaccess.conf` zostaje usunięty.
---
## Pliki do modyfikacji
| Plik | Zmiana |
|------|--------|
| `migrations/0.329.sql` | Dodać `ADD COLUMN type VARCHAR(20) NULL` |
| `Helpers::htacces()` | Usunąć `file_get_contents`, wbudować statyczny header, dodać inserty system routes, usunąć htaccess rules dla języków/newsletter/producenci |
| `libraries/htaccess.conf` | Usunąć plik |
| `docs/DATABASE_STRUCTURE.md` | Dodać kolumnę `type` do opisu pp_routes |

8
index.php
View File

@@ -22,17 +22,9 @@ date_default_timezone_set( 'Europe/Warsaw' );
require_once 'config.php';
require_once 'libraries/medoo/medoo.php';
require_once 'libraries/rb.php';
require_once 'libraries/phpmailer/class.phpmailer.php';
require_once 'libraries/phpmailer/class.smtp.php';
\R::setup( 'mysql:host=' . $database[ 'host' ] . ';dbname=' . $database[ 'name' ], $database[ 'user' ], $database[ 'password' ] );
\R::ext( 'xdispense', function ( $type )
{
return R::getRedBean() -> dispense( $type );
} );
$pdo = \R::getPDO();
session_start();
if ( !isset( $_SESSION[ 'check' ] ) )

17480
libraries/rb.php
View File

File diff suppressed because it is too large Load Diff

7
templates/articles/article-entry.php
View File

@@ -2,11 +2,12 @@
<div class="col-12 col-md-6 ">
<div class="article-entry">
<? $this -> article['language']['seo_link'] ? $url = $this -> article['language']['seo_link'] : $url = 'a-' . $this -> article['id'] . '-' . \Shared\Helpers\Helpers::seo( $this -> article['language']['title'] );?>
<? $safeTitle = htmlspecialchars( $this -> article['language']['title'], ENT_QUOTES, 'UTF-8' ); $safeUrl = htmlspecialchars( $url, ENT_QUOTES, 'UTF-8' );?>
<div class="blog-image">
<a href="/<?= $url;?>" title="<?= $this -> article['language']['title'];?>" <? if ( $this -> article['language']['noindex'] ):?>rel="nofollow"<? endif;?>> <img src="<?= \front\Views\Articles::getImage( $this -> article );?>" alt="<?= $this -> article['language']['title'];?>"></a>
<a href="/<?= $safeUrl;?>" title="<?= $safeTitle;?>" <? if ( $this -> article['language']['noindex'] ):?>rel="nofollow"<? endif;?>> <img src="<?= \front\Views\Articles::getImage( $this -> article );?>" alt="<?= $safeTitle;?>"></a>
</div>
<h3 class="article-title">
<a href="/<? if ( \Shared\Helpers\Helpers::get_session( 'current-lang' ) != ( new \Domain\Languages\LanguagesRepository( $GLOBALS['mdb'] ) )->defaultLanguage() ) echo \Shared\Helpers\Helpers::get_session( 'current-lang' ) . '/';?><?= $url;?>" title="<?= $this -> article['language']['title'];?>" <? if ( $this -> article['language']['noindex'] ):?>rel="nofollow"<? endif;?>><?= $this -> article['language']['title'];?></a>
<a href="/<? if ( \Shared\Helpers\Helpers::get_session( 'current-lang' ) != ( new \Domain\Languages\LanguagesRepository( $GLOBALS['mdb'] ) )->defaultLanguage() ) echo \Shared\Helpers\Helpers::get_session( 'current-lang' ) . '/';?><?= $safeUrl;?>" title="<?= $safeTitle;?>" <? if ( $this -> article['language']['noindex'] ):?>rel="nofollow"<? endif;?>><?= $safeTitle;?></a>
</h3>
<div class="date-add"><?= date( 'd.m.Y', strtotime( $this -> article['date_add'] ) );?></div>
<div class="entry">
@@ -32,6 +33,6 @@
}
?>
</div>
<a href="/<?= $url;?>" class="btn btn-success" title="<?= $this -> article['language']['title'];?>" <? if ( $this -> article['language']['noindex'] ):?>rel="nofollow"<? endif;?>><span class="text"><?= $lang['wiecej'];?></span></a>
<a href="/<?= $safeUrl;?>" class="btn btn-success" title="<?= $safeTitle;?>" <? if ( $this -> article['language']['noindex'] ):?>rel="nofollow"<? endif;?>><span class="text"><?= $lang['wiecej'];?></span></a>
</div>
</div>

14
templates/articles/article-full.php
View File

@@ -8,24 +8,26 @@ $text = \front\Views\Articles::generateHeadersIds( $text );
$this -> article['language']['seo_link'] ? $url = $this -> article['language']['seo_link'] : $url = 'a-' . $this -> article['id'] . '-' . \Shared\Helpers\Helpers::seo( $this -> article['language']['title'] );
if ( $this -> article['show_title'] )
echo '<h3 class="article-title">' . $this -> article['language']['title'] . '</h3>';
echo '<h3 class="article-title">' . htmlspecialchars( $this -> article['language']['title'], ENT_QUOTES, 'UTF-8' ) . '</h3>';
if ( $this -> article['social_icons'] ):
$safeHost = htmlspecialchars( $_SERVER['SERVER_NAME'], ENT_QUOTES, 'UTF-8' );
$safeUrl = htmlspecialchars( $url, ENT_QUOTES, 'UTF-8' );
?>
<div class="social-icons">
<a class="fb" href="http://www.facebook.com/sharer.php?u=http://www.<?= $_SERVER['SERVER_NAME'];?>/<?= $url;?>" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;" title="facebook" target="_blank" rel="nofollow">
<a class="fb" href="http://www.facebook.com/sharer.php?u=http://www.<?= $safeHost;?>/<?= $safeUrl;?>" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;" title="facebook" target="_blank" rel="nofollow">
<img src="/images/system/logo-facebook.jpg" alt="facebook">
</a>
<a class="pinterest" href="http://pinterest.com/pin/create/button/?url=http://www.<?= $_SERVER['SERVER_NAME'];?>/<?= $url;?>" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;" title="pinterest" target="_blank" rel="nofollow">
<a class="pinterest" href="http://pinterest.com/pin/create/button/?url=http://www.<?= $safeHost;?>/<?= $safeUrl;?>" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;" title="pinterest" target="_blank" rel="nofollow">
<img src="/images/system/logo-pinterest.jpg" alt="pinterest">
</a>
<a class="twitter" href="http://twitter.com/share?url=http://www.<?= $_SERVER['SERVER_NAME'];?>/<?= $url;?>" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=450,width=600');return false;" title="twitter" target="_blank" rel="nofollow">
<a class="twitter" href="http://twitter.com/share?url=http://www.<?= $safeHost;?>/<?= $safeUrl;?>" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=450,width=600');return false;" title="twitter" target="_blank" rel="nofollow">
<img src="/images/system/logo-twitter.jpg" alt="twitter">
</a>
<a class="linkedin" href="http://www.linkedin.com/shareArticle?mini=true&amp;url=http://www.<?= $_SERVER['SERVER_NAME'];?>/<?= $url;?>" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=500,width=850');return false;" title="linked in" target="_blank" rel="nofollow">
<a class="linkedin" href="http://www.linkedin.com/shareArticle?mini=true&amp;url=http://www.<?= $safeHost;?>/<?= $safeUrl;?>" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=500,width=850');return false;" title="linked in" target="_blank" rel="nofollow">
<img src="/images/system/logo-linkedin.jpg" alt="linkedin">
</a>
<a class="gp" href="https://plus.google.com/share?url=http://www.<?= $_SERVER['SERVER_NAME'];?>/<?= $url;?>" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;" title="google+" target="_blank" rel="nofollow">
<a class="gp" href="https://plus.google.com/share?url=http://www.<?= $safeHost;?>/<?= $safeUrl;?>" onclick="javascript:window.open(this.href, '', 'menubar=no,toolbar=no,resizable=yes,scrollbars=yes,height=600,width=600');return false;" title="google+" target="_blank" rel="nofollow">
<img src="/images/system/logo-google.jpg" alt="google+">
</a>
</div>

3
templates/shop-basket/address-form.php
View File

@@ -34,6 +34,7 @@
<? endif;?>
<? if ( $this -> client ):?><div class="right"><? endif;?>
<form class="form-horizontal" action="/zloz-zamowienie" method="POST" id="form-order">
<input type="hidden" name="order_submit_token" value="<?= htmlspecialchars( (string)($this -> order_submit_token ?? ''), ENT_QUOTES, 'UTF-8' );?>">
<? if ( !$this -> client ):?>
<div class="form-group row">
<div class="col-12">
@@ -198,4 +199,4 @@
$( '#address-' + address_id ).addClass( 'active' );
});
});
</script>
</script>

35
templates/shop-basket/summary-view.php
View File

@@ -82,7 +82,7 @@
<? endforeach;?>
<div class="hr"></div>
<div class="basket-summary">
Wartość koszyka: 1
Wartość koszyka:
<span>
<?= \Shared\Helpers\Helpers::decimal( $summary );?> zł
</span>
@@ -140,14 +140,16 @@
</div>
<div class="right">
<?= \Shared\Tpl\Tpl::view( 'shop-basket/address-form', [
'transport_method' => $this -> transport
'transport_method' => $this -> transport,
'order_submit_token' => $this -> order_submit_token
] );?>
</div>
<? else:?>
<?= \Shared\Tpl\Tpl::view( 'shop-basket/address-form', [
'client' => $this -> client,
'addresses' => $this -> addresses,
'transport_method' => $this -> transport
'transport_method' => $this -> transport,
'order_submit_token' => $this -> order_submit_token
] );?>
<? endif;?>
</div>
@@ -156,17 +158,20 @@
<? endif;?>
</div>
<script class="footer" type="text/javascript">
document.getElementById('order-send').addEventListener('click', function() {
var form = document.getElementById('form-order'); // Zastąp 'form-id' rzeczywistym ID Twojego formularza
if (form.checkValidity()) {
this.classList.add('loading-button');
this.disabled = true;
form.submit();
} else {
// Opcjonalnie: wywołaj funkcję reportValidity(), aby wyświetlić komunikaty o błędach formularza
form.reportValidity();
}
});
var orderForm = document.getElementById('form-order');
var orderSendButton = document.getElementById('order-send');
if (orderForm && orderSendButton) {
orderForm.addEventListener('submit', function(event) {
if (orderSendButton.disabled) {
event.preventDefault();
return;
}
orderSendButton.classList.add('loading-button');
orderSendButton.disabled = true;
});
}
<? if ( $this -> settings['google_tag_manager_id'] ):?>
dataLayer.push({ ecommerce: null });
dataLayer.push({
@@ -180,4 +185,4 @@
}
});
<? endif;?>
</script>
</script>

62
tests/Unit/Domain/Integrations/IntegrationsRepositoryTest.php
View File

@@ -17,20 +17,14 @@ class IntegrationsRepositoryTest extends TestCase
public function testGetSettingsReturnsArray(): void
{
$stmt = $this->createMock(\PDOStatement::class);
$stmt->expects($this->once())
->method('fetchAll')
->with(\PDO::FETCH_ASSOC)
$this->mockDb->expects($this->once())
->method('select')
->with('pp_shop_apilo_settings', ['name', 'value'])
->willReturn([
['name' => 'client-id', 'value' => 'abc123'],
['name' => 'client-secret', 'value' => 'secret'],
]);
$this->mockDb->expects($this->once())
->method('query')
->with('SELECT * FROM pp_shop_apilo_settings')
->willReturn($stmt);
$settings = $this->repository->getSettings('apilo');
$this->assertIsArray($settings);
@@ -144,10 +138,7 @@ class IntegrationsRepositoryTest extends TestCase
public function testApiloGetAccessTokenReturnsNullWithoutSettings(): void
{
$stmt = $this->createMock(\PDOStatement::class);
$stmt->method('fetchAll')->willReturn([]);
$this->mockDb->method('query')->willReturn($stmt);
$this->mockDb->method('select')->willReturn([]);
$this->assertNull($this->repository->apiloGetAccessToken());
}
@@ -184,16 +175,10 @@ class IntegrationsRepositoryTest extends TestCase
public function testApiloFetchListResultReturnsDetailedErrorWhenConfigMissing(): void
{
$stmt = $this->createMock(\PDOStatement::class);
$stmt->expects($this->once())
->method('fetchAll')
->with(\PDO::FETCH_ASSOC)
->willReturn([]);
$this->mockDb->expects($this->once())
->method('query')
->with('SELECT * FROM pp_shop_apilo_settings')
->willReturn($stmt);
->method('select')
->with('pp_shop_apilo_settings', ['name', 'value'])
->willReturn([]);
$result = $this->repository->apiloFetchListResult('payment');
@@ -204,16 +189,10 @@ class IntegrationsRepositoryTest extends TestCase
public function testApiloIntegrationStatusReturnsMissingConfigMessage(): void
{
$stmt = $this->createMock(\PDOStatement::class);
$stmt->expects($this->once())
->method('fetchAll')
->with(\PDO::FETCH_ASSOC)
->willReturn([]);
$this->mockDb->expects($this->once())
->method('query')
->with('SELECT * FROM pp_shop_apilo_settings')
->willReturn($stmt);
->method('select')
->with('pp_shop_apilo_settings', ['name', 'value'])
->willReturn([]);
$status = $this->repository->apiloIntegrationStatus();
@@ -242,25 +221,20 @@ class IntegrationsRepositoryTest extends TestCase
public function testSettingsTableMapping(): void
{
// Verify apilo maps correctly
$stmt = $this->createMock(\PDOStatement::class);
$stmt->method('fetchAll')->willReturn([]);
$this->mockDb->method('query')
->with($this->stringContains('pp_shop_apilo_settings'))
->willReturn($stmt);
$this->mockDb->method('select')
->with('pp_shop_apilo_settings', ['name', 'value'])
->willReturn([]);
$this->assertIsArray($this->repository->getSettings('apilo'));
}
public function testShopproProviderWorks(): void
{
$stmt = $this->createMock(\PDOStatement::class);
$stmt->method('fetchAll')->willReturn([
['name' => 'domain', 'value' => 'test.com'],
]);
$this->mockDb->method('query')
->with($this->stringContains('pp_shop_shoppro_settings'))
->willReturn($stmt);
$this->mockDb->method('select')
->with('pp_shop_shoppro_settings', ['name', 'value'])
->willReturn([
['name' => 'domain', 'value' => 'test.com'],
]);
$settings = $this->repository->getSettings('shoppro');
$this->assertSame('test.com', $settings['domain']);

44
tests/Unit/front/Controllers/ShopBasketControllerTest.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
namespace Tests\Unit\front\Controllers;
use PHPUnit\Framework\TestCase;
use front\Controllers\ShopBasketController;
use Domain\Order\OrderRepository;
use Domain\PaymentMethod\PaymentMethodRepository;
class ShopBasketControllerTest extends TestCase
{
private $orderRepository;
private $paymentMethodRepository;
private $controller;
protected function setUp(): void
{
$this->orderRepository = $this->createMock(OrderRepository::class);
$this->paymentMethodRepository = $this->createMock(PaymentMethodRepository::class);
$this->controller = new ShopBasketController($this->orderRepository, $this->paymentMethodRepository);
}
public function testConstructorAcceptsRepositories(): void
{
$controller = new ShopBasketController($this->orderRepository, $this->paymentMethodRepository);
$this->assertInstanceOf(ShopBasketController::class, $controller);
}
public function testHasCheckoutMethods(): void
{
$this->assertTrue(method_exists($this->controller, 'summaryView'));
$this->assertTrue(method_exists($this->controller, 'basketSave'));
}
public function testConstructorRequiresDependencies(): void
{
$reflection = new \ReflectionClass(ShopBasketController::class);
$constructor = $reflection->getConstructor();
$params = $constructor->getParameters();
$this->assertCount(2, $params);
$this->assertEquals('Domain\Order\OrderRepository', $params[0]->getType()->getName());
$this->assertEquals('Domain\PaymentMethod\PaymentMethodRepository', $params[1]->getType()->getName());
}
}

BIN
updates/0.30/ver_0.329.zip Normal file
View File

Binary file not shown.

1
updates/0.30/ver_0.329_files.txt Normal file
View File

@@ -0,0 +1 @@
F: ../libraries/htaccess.conf

27
updates/0.30/ver_0.329_manifest.json Normal file
View File

@@ -0,0 +1,27 @@
{
"changelog": "REFACT - routing kategorii, stron i artykulow przez pp_routes; blok routingu w index.php przed checkUrlParams(); Redis cache tras; nowe kolumny category_id/page_id/article_id/type w pp_routes",
"version": "0.329",
"files": {
"added": [
],
"deleted": [
"libraries/htaccess.conf"
],
"modified": [
"autoload/Domain/Article/ArticleRepository.php",
"autoload/Domain/Category/CategoryRepository.php",
"autoload/Domain/Pages/PagesRepository.php",
"autoload/Shared/Helpers/Helpers.php",
"index.php"
]
},
"checksum_zip": "sha256:73b225b9d68d985ce44d79320350b6ef6fe602c30126a6bf322b8ab44eaab230",
"sql": [
"ALTER TABLE pp_routes\n ADD COLUMN category_id INT NULL AFTER product_id,\n ADD COLUMN page_id INT NULL AFTER category_id,\n ADD COLUMN article_id INT NULL AFTER page_id,\n ADD COLUMN type VARCHAR(20) NULL AFTER article_id"
],
"date": "2026-02-27",
"directories_deleted": [
]
}

5
updates/0.30/ver_0.329_sql.txt Normal file
View File

@@ -0,0 +1,5 @@
ALTER TABLE pp_routes
ADD COLUMN category_id INT NULL AFTER product_id,
ADD COLUMN page_id INT NULL AFTER category_id,
ADD COLUMN article_id INT NULL AFTER page_id,
ADD COLUMN type VARCHAR(20) NULL AFTER article_id

BIN
updates/0.30/ver_0.330.zip Normal file
View File

Binary file not shown.

23
updates/0.30/ver_0.330_manifest.json Normal file
View File

@@ -0,0 +1,23 @@
{
"changelog": "REFACT - eliminacja htaccess.conf; Helpers::htacces() generuje .htaccess w calosci z PHP; 32 statyczne trasy systemowe w pp_routes (type='system'); dynamiczne trasy jezykowe i producentow w pp_routes; invalidacja cache Redis pp_routes:all po htacces()",
"version": "0.330",
"files": {
"added": [
],
"deleted": [
],
"modified": [
"index.php"
]
},
"checksum_zip": "sha256:7e55f52c8d66a38231d3c19b65e70d1201af7a7fef0bfe69b1967fccae798bec",
"sql": [
],
"date": "2026-02-27",
"directories_deleted": [
]
}

BIN
updates/0.30/ver_0.331.zip Normal file
View File

Binary file not shown.

23
updates/0.30/ver_0.331_manifest.json Normal file
View File

@@ -0,0 +1,23 @@
{
"changelog": "FIX - getProductLayout: fallback categories_default zmieniony na status (produkty bez layoutu pobieraly szablon kategorii zamiast domyslnego)",
"version": "0.331",
"files": {
"added": [
],
"deleted": [
],
"modified": [
"autoload/Domain/Layouts/LayoutsRepository.php"
]
},
"checksum_zip": "sha256:c5246fe62ee19ccdc0424b2836cb18543ef20aa4449eda295a358c6022583ed5",
"sql": [
],
"date": "2026-03-01",
"directories_deleted": [
]
}

BIN
updates/0.30/ver_0.332.zip Normal file
View File

Binary file not shown.

24
updates/0.30/ver_0.332_manifest.json Normal file
View File

@@ -0,0 +1,24 @@
{
"changelog": "API produktow: nowe pola new_to_date i additional_message",
"version": "0.332",
"files": {
"added": [
],
"deleted": [
],
"modified": [
"autoload/Domain/Product/ProductRepository.php",
"autoload/api/Controllers/ProductsApiController.php"
]
},
"checksum_zip": "sha256:5405c0524ef3c2bdfb4039738299e8aac9c65a7b37d9bd4d21cdf566ce6701e7",
"sql": [
],
"date": "2026-03-01",
"directories_deleted": [
]
}

BIN
updates/0.30/ver_0.333.zip Normal file
View File

Binary file not shown.

26
updates/0.30/ver_0.333_manifest.json Normal file
View File

@@ -0,0 +1,26 @@
{
"changelog": "Ochrona przed podwójnym składaniem zamówienia (order submit token)",
"version": "0.333",
"files": {
"added": [
"api-docs/api-reference.json",
"api-docs/index.html"
],
"deleted": [
],
"modified": [
"autoload/front/Controllers/ShopBasketController.php",
"templates/shop-basket/address-form.php",
"templates/shop-basket/summary-view.php"
]
},
"checksum_zip": "sha256:1295fb94d7870c555e0108f5a925f6f995f46a26916e64bd63dee1b7db223457",
"sql": [
],
"date": "2026-03-10",
"directories_deleted": [
]
}

BIN
updates/0.30/ver_0.334.zip Normal file
View File

Binary file not shown.

1
updates/0.30/ver_0.334_files.txt Normal file
View File

@@ -0,0 +1 @@
F: ../libraries/rb.php

27
updates/0.30/ver_0.334_manifest.json Normal file
View File

@@ -0,0 +1,27 @@
{
"changelog": "Poprawki bezpieczenstwa: usunieto debug log tpay, naprawa SQL w IntegrationsRepository, usunieto RedBeanPHP",
"version": "0.334",
"files": {
"added": [
],
"deleted": [
"libraries/rb.php"
],
"modified": [
"admin/index.php",
"autoload/Domain/Integrations/IntegrationsRepository.php",
"autoload/front/Controllers/ShopOrderController.php",
"index.php",
"templates/shop-basket/summary-view.php"
]
},
"checksum_zip": "sha256:c009407c5b941d98b2777b6f7335f6587c93900d02df4441801e314b3deb7fb0",
"sql": [
],
"date": "2026-03-12",
"directories_deleted": [
]
}

BIN
updates/0.30/ver_0.335.zip Normal file
View File

Binary file not shown.

26
updates/0.30/ver_0.335_manifest.json Normal file
View File

@@ -0,0 +1,26 @@
{
"changelog": "Poprawki bezpieczenstwa: safeUnlink() z walidacja realpath(), escaping XSS w szablonach artykulow",
"version": "0.335",
"files": {
"added": [
],
"deleted": [
],
"modified": [
"autoload/Domain/Article/ArticleRepository.php",
"autoload/Domain/Product/ProductRepository.php",
"templates/articles/article-entry.php",
"templates/articles/article-full.php"
]
},
"checksum_zip": "sha256:2347ff654312f34e22b19cd89b229beabb039a3c253b047df07362d5c8393527",
"sql": [
],
"date": "2026-03-12",
"directories_deleted": [
]
}

244
updates/changelog-data.html
View File

File diff suppressed because one or more lines are too long

2
updates/versions.php
View File

@@ -1,5 +1,5 @@
<?
$current_ver = 328;
$current_ver = 335;
for ($i = 1; $i <= $current_ver; $i++)
{