Project-Pro/shopPRO
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Compare commits

base: Project-Pro:v0.331
Branches Tags
Project-Pro:main
Project-Pro:v0.345 Project-Pro:v0.344 Project-Pro:v0.343 Project-Pro:v0.342 Project-Pro:v0.341 Project-Pro:v0.340 Project-Pro:v0.339 Project-Pro:v0.338 Project-Pro:v0.337 Project-Pro:v0.336 Project-Pro:v0.335 Project-Pro:v0.334 Project-Pro:v0.333 Project-Pro:v0.332 Project-Pro:v0.331 Project-Pro:v0.330 Project-Pro:v0.329 Project-Pro:v0.328 Project-Pro:v0.327 Project-Pro:v0.326 Project-Pro:v0.325 Project-Pro:v0.324 Project-Pro:v0.323 Project-Pro:v0.322 Project-Pro:v0.321 Project-Pro:v0.320 Project-Pro:v0.319 Project-Pro:v0.318 Project-Pro:v0.317 Project-Pro:v0.316 Project-Pro:v0.315 Project-Pro:v0.314 Project-Pro:v0.313 Project-Pro:v0.312 Project-Pro:v0.311 Project-Pro:v0.310 Project-Pro:v0.309 Project-Pro:v0.308 Project-Pro:v0.307 Project-Pro:v0.306 Project-Pro:v0.305 Project-Pro:v0.304 Project-Pro:v0.303 Project-Pro:v0.302 Project-Pro:v0.301 Project-Pro:v0.300 Project-Pro:v0.299
...
compare: Project-Pro:v0.333
Branches Tags
Project-Pro:main
Project-Pro:v0.345 Project-Pro:v0.344 Project-Pro:v0.343 Project-Pro:v0.342 Project-Pro:v0.341 Project-Pro:v0.340 Project-Pro:v0.339 Project-Pro:v0.338 Project-Pro:v0.337 Project-Pro:v0.336 Project-Pro:v0.335 Project-Pro:v0.334 Project-Pro:v0.333 Project-Pro:v0.332 Project-Pro:v0.331 Project-Pro:v0.330 Project-Pro:v0.329 Project-Pro:v0.328 Project-Pro:v0.327 Project-Pro:v0.326 Project-Pro:v0.325 Project-Pro:v0.324 Project-Pro:v0.323 Project-Pro:v0.322 Project-Pro:v0.321 Project-Pro:v0.320 Project-Pro:v0.319 Project-Pro:v0.318 Project-Pro:v0.317 Project-Pro:v0.316 Project-Pro:v0.315 Project-Pro:v0.314 Project-Pro:v0.313 Project-Pro:v0.312 Project-Pro:v0.311 Project-Pro:v0.310 Project-Pro:v0.309 Project-Pro:v0.308 Project-Pro:v0.307 Project-Pro:v0.306 Project-Pro:v0.305 Project-Pro:v0.304 Project-Pro:v0.303 Project-Pro:v0.302 Project-Pro:v0.301 Project-Pro:v0.300 Project-Pro:v0.299

7 Commits
v0.331 ... v0.333

Author SHA1 Message Date
Jacek
c7be154d57 feat: ochrona przed podwójnym składaniem zamówienia (order submit token) 
Token CSRF w sesji zapobiega duplikowaniu zamówień przy wielokrotnym
kliknięciu przycisku. Przy duplikacie przekierowanie do istniejącego
zamówienia. JS naprawiony — nasłuch na submit formularza zamiast click.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
 2026-03-10 21:50:21 +01:00
Jacek
e0a1847127 feat(api): Introduce shopPRO API documentation and endpoints 
- Added api-reference.json for API specifications including authentication, response formats, and available endpoints.
- Created index.html for public API documentation, dynamically loading endpoint details from api-reference.json.
- Removed htaccess.conf file and migrated routing logic to pp_routes for improved maintainability.
- Added new 'type' column in pp_routes to differentiate between entity and system routes.
 2026-03-08 10:29:06 +01:00
Jacek
b085c597ca build: ver_0.332 - nowy ZIP z plikami API i ProductRepository 
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-01 22:09:11 +01:00
Jacek
34916b2dad feat: API produktów - nowe pola new_to_date i additional_message (v0.332) 
- ProductRepository::getProductForApi() eksportuje new_to_date, additional_message,
  additional_message_required, additional_message_text
- ProductsApiController obsługuje te pola w PUT/PATCH
- Zaktualizowana dokumentacja API.md i CHANGELOG

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-01 22:08:12 +01:00
Jacek
6fa48129f8 update 2026-03-01 00:58:14 +01:00
Jacek
4b3208f824 build: ver_0.330 - nowy ZIP z index.php, zaktualizowany manifest 
Poprzedni ZIP był uszkodzony (brak end of central directory).
Nowy ZIP zawiera index.php (v0.330), SHA256 zaktualizowany w manifeście.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-01 00:57:31 +01:00
Jacek
7d0e4558ab build: paczki v0.330 manifest + v0.331; aktualizacja KONIEC PRACY w CLAUDE.md 
- Dodano ver_0.330_manifest.json (brakujący manifest pobrany z serwera)
- Nowa paczka ver_0.331.zip: fix getProductLayout fallback (LayoutsRepository)
- versions.php: current_ver=331
- CLAUDE.md: KONIEC PRACY rozszerzony o kroki 6-7 (build paczki + commit paczki)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
 2026-03-01 00:53:47 +01:00
29 changed files with 989 additions and 1525 deletions
Expand all files Collapse all files

6
.claude/settings.local.json
View File

@@ -70,7 +70,11 @@
"mcp__serena__find_referencing_symbols",
"Bash(cd C:\\\\visual studio code\\\\projekty\\\\shopPRO:*)",
"Bash(cd \"/c/visual studio code/projekty/shopPRO\" && rm -rf temp/temp_317 && powershell -ExecutionPolicy Bypass -File build-update.ps1 -FromTag v0.316 -ToTag v0.317 -ChangelogEntry \"FIX - klucz API: fix zapisu \\(brakowalo w whiteliście\\), przycisk Generuj losowy klucz, ulepszony routing API\" 2>&1)",
"Bash(./test.ps1)"
"Bash(./test.ps1)",
"mcp__serena__read_memory",
"Bash(mysql -h host117523.hostido.net.pl -u host117523_shoppro -pmhA9WCEXEnRfTtbN33hL host117523_shoppro -e \"SELECT pattern, destination FROM pp_routes WHERE destination LIKE ''%product%'' OR destination LIKE ''%category%'' LIMIT 20;\")",
"Bash(/c/xampp/php/php.exe -r \":*)",
"Bash(/c/xampp/php/php.exe phpunit.phar --configuration phpunit.xml)"
]
}
}

2
.phpunit.result.cache
View File

File diff suppressed because one or more lines are too long

4
.serena/project.yml
View File

@@ -123,3 +123,7 @@ symbol_info_budget:
# Note: the backend is fixed at startup. If a project with a different backend
# is activated post-init, an error will be returned.
language_backend:
# list of regex patterns which, when matched, mark a memory entry as readonly.
# Extends the list from the global configuration, merging the two lists.
read_only_memory_patterns: []

262
AGENTS.md
View File

@@ -1,30 +1,246 @@
# Workflow
# CLAUDE.md
## KONIEC PRACY
This file provides guidance to Claude Code (claude.ai/code) when working with code in this repository.
Gdy użytkownik napisze `KONIEC PRACY`, wykonaj kolejno:
## Project Overview
1. Przeprowadzenie testów.
2. Aktualizacja dokumentacji technicznej, jeśli zmiany tego wymagają:
- `docs/DATABASE_STRUCTURE.md`
- `docs/PROJECT_STRUCTURE.md`
- `docs/FORM_EDIT_SYSTEM.md`
- `docs/CHANGELOG.md`
- `docs/TESTING.md`
3. Migracje SQL (jeśli były zmiany w bazie danych):
- Plik: `migrations/{version}.sql` (np. `migrations/0.304.sql`)
- **NIE** w `updates/` — build script sam wczyta z `migrations/`
- Sprawdź czy plik istnieje i jest poprawnie nazwany przed commitem
4. Commit.
5. Push.
shopPRO is a PHP e-commerce platform with an admin panel and customer-facing storefront. It uses Medoo ORM (`$mdb`), Redis caching, and a Domain-Driven Design architecture with Dependency Injection (migration from legacy architecture complete).
## PRZED ROZPOCZĘCIEM PRACY
## Zasady pisania kodu
- Kod ma być czytelny „dla obcego”: jasne nazwy, mało magii
- Brak „skrótów na szybko” typu logika w widokach, copy-paste, losowe helpery bez spójności
- Każda funkcja/klasa ma mieć jedną odpowiedzialność, zwykle do 3050 linii (jeśli dłuższe dzielić)
- max 3 poziomy zagnieżdżeń (if/foreach), reszta do osobnych metod
- Nazewnictwo:
- klasy: PascalCase
- metody/zmienne: camelCase
- stałe: UPPER_SNAKE_CASE
- Zero „skrótologii” w nazwach (np. $d, $tmp, $x1) poza pętlami 23 linijki
- medoo + prepared statements bez wyjątków (żadnego sklejania SQL stringiem)
- XSS: escape w widokach (np. helper e())
- CSRF dla formularzy, sensowna obsługa sesji
- Kod ma mieć komentarze tylko tam, gdzie wyjaśniają „dlaczego”, nie „co”
Przed rozpoczęciem implementacji sprawdź aktualną zawartość:
## PHP Version Constraint
- `docs/DATABASE_STRUCTURE.md`
- `docs/PROJECT_STRUCTURE.md`
- `docs/CHANGELOG.md`
- `docs/TESTING.md`
**Production runs PHP < 8.0.** Do NOT use:
- `match` expressions (use ternary operators or if/else)
- Named arguments
- Union types (`int|string`)
- `str_contains()`, `str_starts_with()`, `str_ends_with()`
- Other PHP 8.0+ syntax
To ma pomóc zachować spójność zmian i dokumentacji.
`composer.json` requires `>=7.4`.
## Commands
### Running Tests
```bash
# Full suite (recommended — PowerShell, auto-finds php)
./test.ps1
# Specific file
./test.ps1 tests/Unit/Domain/Product/ProductRepositoryTest.php
# Specific test method
./test.ps1 --filter testGetQuantityReturnsCorrectValue
# Alternative
composer test
```
PHPUnit 9.6 via `phpunit.phar`. Bootstrap: `tests/bootstrap.php`. Config: `phpunit.xml`.
Current suite: **805 tests, 2253 assertions**.
### Creating Updates
See `docs/UPDATE_INSTRUCTIONS.md` for the full procedure. Updates are ZIP packages in `updates/0.XX/`. Never include `*.md` files, `updates/changelog.php`, or root `.htaccess` in update ZIPs.
## Architecture
### Directory Structure
```
shopPRO/
├── autoload/ # Autoloaded classes (core codebase)
│ ├── Domain/ # Business logic repositories (\Domain\)
│ ├── Shared/ # Shared utilities (\Shared\)
│ │ ├── Cache/ # CacheHandler, RedisConnection
│ │ ├── Email/ # Email (PHPMailer wrapper)
│ │ ├── Helpers/ # Helpers (formerly class.S.php)
│ │ ├── Html/ # Html utility
│ │ ├── Image/ # ImageManipulator
│ │ └── Tpl/ # Template engine
│ ├── api/ # REST API layer (\api\)
│ │ ├── ApiRouter.php # API router (\api\ApiRouter)
│ │ └── Controllers/ # API controllers (\api\Controllers\)
│ ├── admin/ # Admin panel layer
│ │ ├── App.php # Admin router (\admin\App)
│ │ ├── Controllers/ # DI controllers (\admin\Controllers\) — 28 controllers
│ │ ├── Support/ # TableListRequestFactory, Forms/FormRequestHandler, Forms/FormFieldRenderer
│ │ ├── Validation/ # FormValidator
│ │ └── ViewModels/ # Forms/ (FormEditViewModel, FormField, FormTab, FormAction, FormFieldType), Common/ (PaginatedTableViewModel)
│ └── front/ # Frontend layer
│ ├── App.php # Frontend router (\front\App)
│ ├── LayoutEngine.php # Layout engine (\front\LayoutEngine)
│ ├── Controllers/ # DI controllers (\front\Controllers\) — 8 controllers
│ └── Views/ # Static views (\front\Views\) — 11 view classes
├── admin/ # Admin panel
│ ├── templates/ # Admin view templates
│ └── layout/ # Admin CSS/JS/icons
├── templates/ # Frontend view templates
├── libraries/ # Third-party libraries (Medoo, RedBeanPHP, PHPMailer)
├── tests/ # PHPUnit tests
│ ├── bootstrap.php
│ ├── stubs/ # Test stubs (CacheHandler, Helpers, ShopProduct)
│ └── Unit/
│ ├── Domain/ # Repository tests
│ ├── admin/Controllers/ # Controller tests
│ └── api/ # API tests
├── updates/ # Update packages for clients
├── docs/ # Technical documentation
├── config.php # Database/Redis config (not in repo)
├── index.php # Frontend entry point
├── ajax.php # Frontend AJAX handler
├── admin/index.php # Admin entry point
├── admin/ajax.php # Admin AJAX handler
├── cron.php # CRON jobs (Apilo sync)
└── api.php # REST API (ordersPRO + Ekomi)
```
### Autoloader
Custom autoloader in each entry point (not Composer autoload at runtime). Tries two filename conventions:
1. `autoload/{namespace}/class.{ClassName}.php` (legacy)
2. `autoload/{namespace}/{ClassName}.php` (PSR-4 style, fallback)
### Namespace Conventions (case-sensitive on Linux!)
- `\Domain\``autoload/Domain/` (uppercase D)
- `\admin\Controllers\``autoload/admin/Controllers/` (lowercase a)
- `\Shared\``autoload/Shared/`
- `\api\``autoload/api/`
- Do NOT use `\Admin\` (uppercase A) — the server directory is `admin/` (lowercase)
- `\shop\` namespace is **deleted** — all 12 legacy classes migrated to `\Domain\`, `autoload/shop/` directory removed
### Domain-Driven Architecture (migration complete)
All legacy directories (`admin/controls/`, `admin/factory/`, `admin/view/`, `front/controls/`, `front/view/`, `front/factory/`, `shop/`) have been deleted. All modules now use this pattern:
**Domain Layer** (`autoload/Domain/{Module}/`):
- `{Module}Repository.php` — data access, business logic, Redis caching
- Constructor DI with `$db` (Medoo instance)
- Methods serve both admin and frontend (shared Domain, no separate services)
**Domain Modules**: Article, Attribute, Banner, Basket, Cache, Category, Client, Coupon, CronJob, Dashboard, Dictionaries, Integrations, Languages, Layouts, Newsletter, Order, Pages, PaymentMethod, Producer, Product, ProductSet, Promotion, Scontainers, Settings, ShopStatus, Transport, Update, User
**Admin Controllers** (`autoload/admin/Controllers/`):
- DI via constructor (repositories injected)
- Wired in `admin\App::getControllerFactories()`
**Frontend Controllers** (`autoload/front/Controllers/`):
- DI via constructor
- Wired in `front\App::getControllerFactories()`
**Frontend Views** (`autoload/front/Views/`):
- Static classes, no state, no DI — pure rendering
**API Controllers** (`autoload/api/Controllers/`):
- DI via constructor, stateless (no session)
- Wired in `api\ApiRouter::getControllerFactories()`
- Auth: `X-Api-Key` header vs `pp_settings.api_key`
### Key Classes
| Class | Purpose |
|-------|---------|
| `\admin\App` | Admin router — maps URL segments to controllers |
| `\front\App` | Frontend router — `route()`, `checkUrlParams()` |
| `\front\LayoutEngine` | Frontend layout engine — `show()`, tag replacement |
| `\Shared\Helpers\Helpers` | Utility methods (SEO, email, cache clearing) |
| `\Shared\Tpl\Tpl` | Template engine — `render()`, `set()` |
| `\Shared\Cache\CacheHandler` | Redis cache — `get()`, `set()`, `delete()`, `deletePattern()` |
| `\api\ApiRouter` | REST API router — auth, routing, response helpers |
### Database
- ORM: Medoo (`$mdb` global variable, injected via DI in new code)
- Table prefix: `pp_`
- Key tables: `pp_shop_products`, `pp_shop_orders`, `pp_shop_categories`, `pp_shop_clients`
- Full schema: `docs/DATABASE_STRUCTURE.md`
### Form Edit System
Universal form system for admin edit views. Docs: `docs/FORM_EDIT_SYSTEM.md`.
- **ViewModels** (`admin\ViewModels\Forms\`): `FormEditViewModel`, `FormField`, `FormTab`, `FormAction`, `FormFieldType`
- **Validation**: `admin\Validation\FormValidator`
- **Rendering**: `admin\Support\Forms\FormFieldRenderer`, `admin\Support\Forms\FormRequestHandler`
- **Template**: `admin/templates/components/form-edit.php`
- **Table lists**: `admin\Support\TableListRequestFactory` + `admin\ViewModels\Common\PaginatedTableViewModel`
### Caching
- Redis via `\Shared\Cache\CacheHandler` (singleton `RedisConnection`)
- Key pattern for products: `shop\product:{id}:{lang}:{permutation_hash}`
- Clear product cache: `\Shared\Helpers\Helpers::clear_product_cache($id)`
- Pattern delete: `CacheHandler::deletePattern("shop\\product:{$id}:*")`
- Default TTL: 86400 (24h)
- Data is serialized — requires `unserialize()` after `get()`
- Config: `config.php` (`$config['redis']`)
## Code Patterns
### New code should follow DI pattern
```php
// Repository with constructor DI
class ExampleRepository {
private $db;
public function __construct($db) {
$this->db = $db;
}
public function find(int $id): ?array {
return $this->db->get('pp_table', '*', ['id' => $id]);
}
}
// Controller wiring (in admin\App or front\App)
$repo = new \Domain\Example\ExampleRepository($mdb);
$controller = new \admin\Controllers\ExampleController($repo);
```
### Medoo ORM pitfalls
- `$mdb->delete($table, $where)` takes **2 arguments**, NOT 3 — has caused bugs
- `$mdb->get()` returns `null` when no record, NOT `false`
- After `$mdb->insert()`, check `$mdb->id()` to confirm success
### File naming
- New classes: `ClassName.php` (no `class.` prefix)
- Legacy classes: `class.ClassName.php` (leave until migrated)
### Test conventions
- Extend `PHPUnit\Framework\TestCase`
- Mock Medoo: `$this->createMock(\medoo::class)`
- AAA pattern: Arrange, Act, Assert
- Tests mirror source structure: `tests/Unit/Domain/{Module}/{Class}Test.php`
## Workflow (AGENTS.md)
When user says **"KONIEC PRACY"**, execute in order:
1. Run tests
2. Update documentation if needed: `docs/DATABASE_STRUCTURE.md`, `docs/PROJECT_STRUCTURE.md`, `docs/FORM_EDIT_SYSTEM.md`, `docs/CHANGELOG.md`, `docs/TESTING.md`
3. SQL migrations (if DB changes): place in `migrations/{version}.sql` (e.g. `migrations/0.304.sql`). **NOT** in `updates/` — build script reads from `migrations/` automatically
4. Commit
5. Push
6. Build update package: `git tag v0.XXX && powershell.exe -ExecutionPolicy Bypass -File build-update.ps1 -FromTag v0.PREV -ToTag v0.XXX -ChangelogEntry "opis"` — skrypt automatycznie aktualizuje `versions.php`
7. Commit i push plików paczki (`updates/0.30/ver_0.XXX.zip`, `ver_0.XXX_manifest.json`, `updates/versions.php`, `updates/changelog-data.html`)
Before starting implementation, review current state of docs (see AGENTS.md for full list).
## Key Documentation
- `docs/MEMORY.md` — project memory: known issues, confirmed patterns, ORM pitfalls, caching conventions
- `docs/PROJECT_STRUCTURE.md` — current architecture, layers, cache, entry points, integrations
- `docs/DATABASE_STRUCTURE.md` — full database schema
- `docs/TESTING.md` — test suite guide and structure
- `docs/FORM_EDIT_SYSTEM.md` — form system architecture
- `docs/CHANGELOG.md` — version history
- `api-docs/api-reference.json` — REST API documentation (ordersPRO)
- `api-docs/index.html` — REST API documentation (ordersPRO)
- `docs/UPDATE_INSTRUCTIONS.md` — how to build client update packages
## Za każdym razem jak próbujesz sprawdzić jakiś plik z logami spróbuj go najpierw pobrać z serwera FTP
## Wszystkie pliki które tworzysz jako pomocnicze, np build_0330.ps1 czy build-update.ps1 twórz w folderze temp

27
CLAUDE.md
View File

@@ -6,6 +6,21 @@ This file provides guidance to Claude Code (claude.ai/code) when working with co
shopPRO is a PHP e-commerce platform with an admin panel and customer-facing storefront. It uses Medoo ORM (`$mdb`), Redis caching, and a Domain-Driven Design architecture with Dependency Injection (migration from legacy architecture complete).
## Zasady pisania kodu
- Kod ma być czytelny „dla obcego”: jasne nazwy, mało magii
- Brak „skrótów na szybko” typu logika w widokach, copy-paste, losowe helpery bez spójności
- Każda funkcja/klasa ma mieć jedną odpowiedzialność, zwykle do 3050 linii (jeśli dłuższe dzielić)
- max 3 poziomy zagnieżdżeń (if/foreach), reszta do osobnych metod
- Nazewnictwo:
- klasy: PascalCase
- metody/zmienne: camelCase
- stałe: UPPER_SNAKE_CASE
- Zero „skrótologii” w nazwach (np. $d, $tmp, $x1) poza pętlami 23 linijki
- medoo + prepared statements bez wyjątków (żadnego sklejania SQL stringiem)
- XSS: escape w widokach (np. helper e())
- CSRF dla formularzy, sensowna obsługa sesji
- Kod ma mieć komentarze tylko tam, gdzie wyjaśniają „dlaczego”, nie „co”
## PHP Version Constraint
**Production runs PHP < 8.0.** Do NOT use:
@@ -36,7 +51,7 @@ composer test
PHPUnit 9.6 via `phpunit.phar`. Bootstrap: `tests/bootstrap.php`. Config: `phpunit.xml`.
Current suite: **805 tests, 2253 assertions**.
Current suite: **810 tests, 2264 assertions**.
### Creating Updates
See `docs/UPDATE_INSTRUCTIONS.md` for the full procedure. Updates are ZIP packages in `updates/0.XX/`. Never include `*.md` files, `updates/changelog.php`, or root `.htaccess` in update ZIPs.
@@ -102,7 +117,6 @@ Custom autoloader in each entry point (not Composer autoload at runtime). Tries
- `\Domain\``autoload/Domain/` (uppercase D)
- `\admin\Controllers\``autoload/admin/Controllers/` (lowercase a)
- `\Shared\``autoload/Shared/`
- `\front\``autoload/front/`
- `\api\``autoload/api/`
- Do NOT use `\Admin\` (uppercase A) — the server directory is `admin/` (lowercase)
- `\shop\` namespace is **deleted** — all 12 legacy classes migrated to `\Domain\`, `autoload/shop/` directory removed
@@ -211,6 +225,8 @@ When user says **"KONIEC PRACY"**, execute in order:
3. SQL migrations (if DB changes): place in `migrations/{version}.sql` (e.g. `migrations/0.304.sql`). **NOT** in `updates/` — build script reads from `migrations/` automatically
4. Commit
5. Push
6. Build update package: `git tag v0.XXX && powershell.exe -ExecutionPolicy Bypass -File build-update.ps1 -FromTag v0.PREV -ToTag v0.XXX -ChangelogEntry "opis"` — skrypt automatycznie aktualizuje `versions.php`
7. Commit i push plików paczki (`updates/0.30/ver_0.XXX.zip`, `ver_0.XXX_manifest.json`, `updates/versions.php`, `updates/changelog-data.html`)
Before starting implementation, review current state of docs (see AGENTS.md for full list).
@@ -221,7 +237,10 @@ Before starting implementation, review current state of docs (see AGENTS.md for
- `docs/TESTING.md` — test suite guide and structure
- `docs/FORM_EDIT_SYSTEM.md` — form system architecture
- `docs/CHANGELOG.md` — version history
- `docs/API.md` — REST API documentation (ordersPRO)
- `api-docs/api-reference.json` — REST API documentation (ordersPRO)
- `api-docs/index.html` — REST API documentation (ordersPRO)
- `docs/UPDATE_INSTRUCTIONS.md` — how to build client update packages
## Za każdym razem jak próbujesz sprawdzić jakiś plik z logami spróbuj go najpierw pobrać z serwera FTP
## Za każdym razem jak próbujesz sprawdzić jakiś plik z logami spróbuj go najpierw pobrać z serwera FTP
## Wszystkie pliki które tworzysz jako pomocnicze, np build_0330.ps1 czy build-update.ps1 twórz w folderze temp

292
api-docs/api-reference.json Normal file
View File

@@ -0,0 +1,292 @@
{
"name": "shopPRO API",
"version": "1.0.0",
"entrypoint": "/api.php",
"authentication": {
"type": "header",
"header": "X-Api-Key",
"required": true,
"description": "API key stored in pp_settings.param=api_key"
},
"response_format": {
"success": {
"status": "ok",
"data": {}
},
"error": {
"status": "error",
"code": "BAD_REQUEST",
"message": "Human-readable error message"
},
"error_codes": [
{ "code": "UNAUTHORIZED", "http": 401 },
{ "code": "BAD_REQUEST", "http": 400 },
{ "code": "NOT_FOUND", "http": 404 },
{ "code": "METHOD_NOT_ALLOWED", "http": 405 },
{ "code": "INTERNAL_ERROR", "http": 500 }
]
},
"endpoints": [
{
"group": "orders",
"action": "list",
"method": "GET",
"url_template": "/api.php?endpoint=orders&action=list",
"query_params": [
{ "name": "status", "type": "string", "required": false },
{ "name": "paid", "type": "string", "required": false },
{ "name": "date_from", "type": "string", "required": false, "format": "YYYY-MM-DD" },
{ "name": "date_to", "type": "string", "required": false, "format": "YYYY-MM-DD" },
{ "name": "updated_since", "type": "string", "required": false, "format": "YYYY-MM-DD HH:MM:SS" },
{ "name": "number", "type": "string", "required": false },
{ "name": "client", "type": "string", "required": false },
{ "name": "page", "type": "integer", "required": false, "default": 1, "min": 1 },
{ "name": "per_page", "type": "integer", "required": false, "default": 50, "min": 1, "max": 100 }
]
},
{
"group": "orders",
"action": "get",
"method": "GET",
"url_template": "/api.php?endpoint=orders&action=get&id={order_id}",
"query_params": [
{ "name": "id", "type": "integer", "required": true, "min": 1 }
]
},
{
"group": "orders",
"action": "change_status",
"method": "PUT",
"url_template": "/api.php?endpoint=orders&action=change_status&id={order_id}",
"query_params": [
{ "name": "id", "type": "integer", "required": true, "min": 1 }
],
"json_body": {
"required_fields": ["status_id"],
"fields": {
"status_id": { "type": "integer" },
"send_email": { "type": "boolean", "required": false }
}
}
},
{
"group": "orders",
"action": "set_paid",
"method": "PUT",
"url_template": "/api.php?endpoint=orders&action=set_paid&id={order_id}",
"query_params": [
{ "name": "id", "type": "integer", "required": true, "min": 1 }
],
"json_body": {
"required_fields": [],
"fields": {
"send_email": { "type": "boolean", "required": false }
}
}
},
{
"group": "orders",
"action": "set_unpaid",
"method": "PUT",
"url_template": "/api.php?endpoint=orders&action=set_unpaid&id={order_id}",
"query_params": [
{ "name": "id", "type": "integer", "required": true, "min": 1 }
]
},
{
"group": "products",
"action": "list",
"method": "GET",
"url_template": "/api.php?endpoint=products&action=list",
"query_params": [
{ "name": "search", "type": "string", "required": false },
{ "name": "status", "type": "string", "required": false },
{ "name": "promoted", "type": "string", "required": false },
{ "name": "attribute_{id}", "type": "integer", "required": false, "description": "e.g. attribute_5=12" },
{ "name": "sort", "type": "string", "required": false, "default": "id", "allowed": ["id", "name", "price_brutto", "status", "promoted", "quantity"] },
{ "name": "sort_dir", "type": "string", "required": false, "default": "DESC", "allowed": ["ASC", "DESC"] },
{ "name": "page", "type": "integer", "required": false, "default": 1, "min": 1 },
{ "name": "per_page", "type": "integer", "required": false, "default": 50, "min": 1, "max": 100 }
]
},
{
"group": "products",
"action": "get",
"method": "GET",
"url_template": "/api.php?endpoint=products&action=get&id={product_id}",
"query_params": [
{ "name": "id", "type": "integer", "required": true, "min": 1 }
]
},
{
"group": "products",
"action": "create",
"method": "POST",
"url_template": "/api.php?endpoint=products&action=create",
"json_body": {
"required_fields": ["languages", "price_brutto"],
"rules": [
"languages must be an object with at least one language entry containing name",
"price_brutto must be numeric and >= 0"
]
}
},
{
"group": "products",
"action": "update",
"method": "PUT",
"url_template": "/api.php?endpoint=products&action=update&id={product_id}",
"query_params": [
{ "name": "id", "type": "integer", "required": true, "min": 1 }
],
"json_body": {
"required_fields": [],
"rules": ["partial update; only changed fields are needed"]
}
},
{
"group": "products",
"action": "variants",
"method": "GET",
"url_template": "/api.php?endpoint=products&action=variants&id={product_id}",
"query_params": [
{ "name": "id", "type": "integer", "required": true, "min": 1 }
]
},
{
"group": "products",
"action": "create_variant",
"method": "POST",
"url_template": "/api.php?endpoint=products&action=create_variant&id={product_id}",
"query_params": [
{ "name": "id", "type": "integer", "required": true, "min": 1 }
],
"json_body": {
"required_fields": ["attributes"],
"fields": {
"attributes": { "type": "object", "description": "Map attribute_id -> value_id" }
}
}
},
{
"group": "products",
"action": "update_variant",
"method": "PUT",
"url_template": "/api.php?endpoint=products&action=update_variant&id={variant_id}",
"query_params": [
{ "name": "id", "type": "integer", "required": true, "min": 1 }
],
"json_body": {
"required_fields": [],
"rules": ["partial update of variant fields"]
}
},
{
"group": "products",
"action": "delete_variant",
"method": "DELETE",
"url_template": "/api.php?endpoint=products&action=delete_variant&id={variant_id}",
"query_params": [
{ "name": "id", "type": "integer", "required": true, "min": 1 }
]
},
{
"group": "products",
"action": "upload_image",
"method": "POST",
"url_template": "/api.php?endpoint=products&action=upload_image",
"json_body": {
"required_fields": ["id", "file_name", "content_base64"],
"fields": {
"id": { "type": "integer", "description": "product id" },
"file_name": { "type": "string" },
"content_base64": { "type": "string", "description": "base64 payload" },
"alt": { "type": "string", "required": false },
"o": { "type": "integer", "required": false, "description": "image position" }
}
}
},
{
"group": "dictionaries",
"action": "statuses",
"method": "GET",
"url_template": "/api.php?endpoint=dictionaries&action=statuses"
},
{
"group": "dictionaries",
"action": "transports",
"method": "GET",
"url_template": "/api.php?endpoint=dictionaries&action=transports"
},
{
"group": "dictionaries",
"action": "payment_methods",
"method": "GET",
"url_template": "/api.php?endpoint=dictionaries&action=payment_methods"
},
{
"group": "dictionaries",
"action": "attributes",
"method": "GET",
"url_template": "/api.php?endpoint=dictionaries&action=attributes"
},
{
"group": "dictionaries",
"action": "ensure_attribute",
"method": "POST",
"url_template": "/api.php?endpoint=dictionaries&action=ensure_attribute",
"json_body": {
"required_fields": ["name"],
"fields": {
"name": { "type": "string" },
"type": { "type": "integer", "required": false, "default": 0 },
"lang": { "type": "string", "required": false, "default": "pl" }
}
}
},
{
"group": "dictionaries",
"action": "ensure_attribute_value",
"method": "POST",
"url_template": "/api.php?endpoint=dictionaries&action=ensure_attribute_value",
"json_body": {
"required_fields": ["attribute_id", "name"],
"fields": {
"attribute_id": { "type": "integer" },
"name": { "type": "string" },
"lang": { "type": "string", "required": false, "default": "pl" }
}
}
},
{
"group": "dictionaries",
"action": "ensure_producer",
"method": "POST",
"url_template": "/api.php?endpoint=dictionaries&action=ensure_producer",
"json_body": {
"required_fields": ["name"],
"fields": {
"name": { "type": "string" }
}
}
},
{
"group": "categories",
"action": "list",
"method": "GET",
"url_template": "/api.php?endpoint=categories&action=list"
}
],
"examples": {
"curl_list_products": "curl -X GET \"https://twoja-domena.pl/api.php?endpoint=products&action=list&page=1&per_page=20\" -H \"X-Api-Key: TWOJ_KLUCZ\"",
"curl_get_order": "curl -X GET \"https://twoja-domena.pl/api.php?endpoint=orders&action=get&id=42\" -H \"X-Api-Key: TWOJ_KLUCZ\"",
"curl_create_product": "curl -X POST \"https://twoja-domena.pl/api.php?endpoint=products&action=create\" -H \"X-Api-Key: TWOJ_KLUCZ\" -H \"Content-Type: application/json\" -d \"{\\\"price_brutto\\\":99.99,\\\"languages\\\":{\\\"pl\\\":{\\\"name\\\":\\\"Nowy produkt\\\"}}}\""
},
"source_of_truth": [
"autoload/api/ApiRouter.php",
"autoload/api/Controllers/OrdersApiController.php",
"autoload/api/Controllers/ProductsApiController.php",
"autoload/api/Controllers/DictionariesApiController.php",
"autoload/api/Controllers/CategoriesApiController.php"
]
}

60
api-docs/index.html Normal file
View File

@@ -0,0 +1,60 @@
<!doctype html>
<html lang="pl">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1">
<title>shopPRO API docs</title>
<style>
:root { color-scheme: light; }
body { font-family: Arial, sans-serif; margin: 24px; line-height: 1.4; }
h1, h2 { margin-bottom: 8px; }
.meta { color: #444; margin-bottom: 16px; }
table { width: 100%; border-collapse: collapse; margin-top: 10px; }
th, td { border: 1px solid #ddd; padding: 8px; text-align: left; vertical-align: top; }
th { background: #f4f4f4; }
code { background: #f7f7f7; padding: 2px 4px; border-radius: 3px; }
</style>
</head>
<body>
<h1>shopPRO API - public docs</h1>
<div class="meta" id="meta">Ladowanie...</div>
<p>Machine-readable JSON: <a href="./api-reference.json">api-reference.json</a></p>
<h2>Endpointy</h2>
<table>
<thead>
<tr>
<th>Group</th>
<th>Action</th>
<th>Method</th>
<th>URL template</th>
</tr>
</thead>
<tbody id="rows"></tbody>
</table>
<script>
fetch("./api-reference.json")
.then(function (res) { return res.json(); })
.then(function (spec) {
var meta = document.getElementById("meta");
meta.textContent = spec.name + " v" + spec.version + " | entrypoint: " + spec.entrypoint;
var rows = document.getElementById("rows");
spec.endpoints.forEach(function (ep) {
var tr = document.createElement("tr");
tr.innerHTML =
"<td>" + ep.group + "</td>" +
"<td>" + ep.action + "</td>" +
"<td><code>" + ep.method + "</code></td>" +
"<td><code>" + ep.url_template + "</code></td>";
rows.appendChild(tr);
});
})
.catch(function () {
var meta = document.getElementById("meta");
meta.textContent = "Nie udalo sie wczytac api-reference.json";
});
</script>
</body>
</html>

BIN
autoload/.DS_Store vendored
View File

Binary file not shown.

4
autoload/Domain/Product/ProductRepository.php
View File

@@ -654,6 +654,10 @@ class ProductRepository
'custom_label_2' => $product['custom_label_2'],
'custom_label_3' => $product['custom_label_3'],
'custom_label_4' => $product['custom_label_4'],
'new_to_date' => $product['new_to_date'],
'additional_message' => (int)($product['additional_message'] ?? 0),
'additional_message_required' => (int)($product['additional_message_required'] ?? 0),
'additional_message_text' => $product['additional_message_text'],
'set_id' => $product['set_id'] !== null ? (int)$product['set_id'] : null,
'product_unit_id' => $product['product_unit_id'] !== null ? (int)$product['product_unit_id'] : null,
'producer_id' => $product['producer_id'] !== null ? (int)$product['producer_id'] : null,

14
autoload/api/Controllers/ProductsApiController.php
View File

@@ -437,7 +437,7 @@ class ProductsApiController
// String fields — direct mapping
$stringFields = [
'sku', 'ean', 'custom_label_0', 'custom_label_1', 'custom_label_2',
'custom_label_3', 'custom_label_4', 'wp',
'custom_label_3', 'custom_label_4', 'wp', 'new_to_date', 'additional_message_text',
];
foreach ($stringFields as $field) {
if (isset($body[$field])) {
@@ -447,6 +447,18 @@ class ProductsApiController
}
}
if (isset($body['additional_message'])) {
$d['additional_message'] = !empty($body['additional_message']) ? 'on' : '';
} elseif ($existing !== null) {
$d['additional_message'] = !empty($existing['additional_message']) ? 'on' : '';
}
if (isset($body['additional_message_required'])) {
$d['additional_message_required'] = !empty($body['additional_message_required']) ? 'on' : '';
} elseif ($existing !== null) {
$d['additional_message_required'] = !empty($existing['additional_message_required']) ? 'on' : '';
}
// Foreign keys
if (isset($body['set_id'])) {
$d['set'] = $body['set_id'];

BIN
autoload/front/.DS_Store vendored
View File

Binary file not shown.

71
autoload/front/Controllers/ShopBasketController.php
View File

@@ -3,6 +3,9 @@ namespace front\Controllers;
class ShopBasketController
{
private const ORDER_SUBMIT_TOKEN_SESSION_KEY = 'order-submit-token';
private const ORDER_SUBMIT_LAST_ORDER_ID_SESSION_KEY = 'order-submit-last-order-id';
public static $title = [
'mainView' => 'Koszyk'
];
@@ -274,6 +277,7 @@ class ShopBasketController
}
$client = \Shared\Helpers\Helpers::get_session( 'client' );
$orderSubmitToken = $this->createOrderSubmitToken();
return \Shared\Tpl\Tpl::view( 'shop-basket/summary-view', [
'lang_id' => $lang_id,
@@ -284,12 +288,35 @@ class ShopBasketController
'addresses' => ( new \Domain\Client\ClientRepository( $GLOBALS['mdb'] ) )->clientAddresses( (int)$client['id'] ),
'settings' => $settings,
'coupon' => \Shared\Helpers\Helpers::get_session( 'coupon' ),
'basket_message' => \Shared\Helpers\Helpers::get_session( 'basket_message' )
'basket_message' => \Shared\Helpers\Helpers::get_session( 'basket_message' ),
'order_submit_token' => $orderSubmitToken
] );
}
public function basketSave()
{
$orderSubmitToken = (string)\Shared\Helpers\Helpers::get( 'order_submit_token', true );
$existingOrderId = isset( $_SESSION[ self::ORDER_SUBMIT_LAST_ORDER_ID_SESSION_KEY ] ) ? (int)$_SESSION[ self::ORDER_SUBMIT_LAST_ORDER_ID_SESSION_KEY ] : 0;
if ( !$this->isValidOrderSubmitToken( $orderSubmitToken ) )
{
if ( $existingOrderId > 0 )
{
$existingOrderHash = $this->orderRepository->findHashById( $existingOrderId );
if ( $existingOrderHash )
{
header( 'Location: /zamowienie/' . $existingOrderHash );
exit;
}
}
\Shared\Helpers\Helpers::error( \Shared\Helpers\Helpers::lang( 'zamowienie-zostalo-zlozone-komunikat-blad' ) );
header( 'Location: /koszyk' );
exit;
}
$this->consumeOrderSubmitToken();
$client = \Shared\Helpers\Helpers::get_session( 'client' );
if ( \Domain\Basket\BasketCalculator::checkProductQuantityInStock( \Shared\Helpers\Helpers::get_session( 'basket' ) ) )
@@ -322,6 +349,7 @@ class ShopBasketController
\Shared\Helpers\Helpers::get_session( 'basket_message' )
) )
{
\Shared\Helpers\Helpers::set_session( self::ORDER_SUBMIT_LAST_ORDER_ID_SESSION_KEY, (int)$order_id );
\Shared\Helpers\Helpers::alert( \Shared\Helpers\Helpers::lang( 'zamowienie-zostalo-zlozone-komunikat' ) );
\Shared\Helpers\Helpers::delete_session( 'basket' );
\Shared\Helpers\Helpers::delete_session( 'basket-transport-method-id' );
@@ -414,4 +442,45 @@ class ShopBasketController
] );
exit;
}
private function createOrderSubmitToken()
{
$token = $this->generateOrderSubmitToken();
\Shared\Helpers\Helpers::set_session( self::ORDER_SUBMIT_TOKEN_SESSION_KEY, $token );
\Shared\Helpers\Helpers::delete_session( self::ORDER_SUBMIT_LAST_ORDER_ID_SESSION_KEY );
return $token;
}
private function generateOrderSubmitToken()
{
try
{
return bin2hex( random_bytes( 16 ) );
}
catch ( \Exception $exception )
{
return md5( uniqid( (string)mt_rand(), true ) );
}
}
private function isValidOrderSubmitToken( $token )
{
if ( !$token )
return false;
$sessionToken = isset( $_SESSION[ self::ORDER_SUBMIT_TOKEN_SESSION_KEY ] ) ? (string)$_SESSION[ self::ORDER_SUBMIT_TOKEN_SESSION_KEY ] : '';
if ( !$sessionToken )
return false;
if ( function_exists( 'hash_equals' ) )
return hash_equals( $sessionToken, $token );
return $sessionToken === $token;
}
private function consumeOrderSubmitToken()
{
\Shared\Helpers\Helpers::delete_session( self::ORDER_SUBMIT_TOKEN_SESSION_KEY );
}
}

584
docs/API.md
View File

@@ -1,584 +0,0 @@
# shopPRO REST API
REST API do integracji z ordersPRO i innymi systemami zewnetrznymi.
## Autentykacja
Kazde zapytanie wymaga headera `X-Api-Key` z kluczem API.
```
X-Api-Key: {klucz_api}
```
Klucz przechowywany jest w `pp_settings` jako parametr `api_key`. API jest stateless (bez sesji).
## Format odpowiedzi
### Sukces (HTTP 200)
```json
{
"status": "ok",
"data": { ... }
}
```
### Blad
```json
{
"status": "error",
"code": "UNAUTHORIZED",
"message": "Invalid or missing API key"
}
```
Kody bledow:
| Kod | HTTP | Opis |
|-----|------|------|
| `UNAUTHORIZED` | 401 | Brak lub nieprawidlowy klucz API |
| `BAD_REQUEST` | 400 | Brakujace lub niepoprawne parametry |
| `NOT_FOUND` | 404 | Nie znaleziono zasobu/endpointu/akcji |
| `METHOD_NOT_ALLOWED` | 405 | Nieprawidlowa metoda HTTP |
| `INTERNAL_ERROR` | 500 | Blad wewnetrzny serwera |
## Endpointy
### Zamowienia
#### Lista zamowien
```
GET api.php?endpoint=orders&action=list
```
Parametry filtrowania (opcjonalne):
| Parametr | Typ | Opis |
|----------|-----|------|
| `status` | int | Filtruj po statusie zamowienia |
| `paid` | int (0/1) | Filtruj po statusie platnosci |
| `date_from` | date (YYYY-MM-DD) | Zamowienia od daty |
| `date_to` | date (YYYY-MM-DD) | Zamowienia do daty |
| `updated_since` | datetime (YYYY-MM-DD HH:MM:SS) | Zamowienia zmodyfikowane od podanej daty (klucz do pollingu) |
| `number` | string | Szukaj po numerze zamowienia |
| `client` | string | Szukaj po imieniu, nazwisku lub emailu klienta |
| `page` | int | Numer strony (domyslnie 1) |
| `per_page` | int | Wynikow na strone (domyslnie 50, max 100) |
Odpowiedz:
```json
{
"status": "ok",
"data": {
"items": [
{
"id": 42,
"number": "2026/02/001",
"date_order": "2026-02-19 10:30:00",
"updated_at": "2026-02-19 12:00:00",
"status": 4,
"paid": 1,
"client_name": "Jan",
"client_surname": "Kowalski",
"client_email": "jan@example.com",
"client_phone": "111222333",
"client_street": "Testowa 1",
"client_postal_code": "00-000",
"client_city": "Warszawa",
"firm_name": null,
"firm_nip": null,
"transport": "Kurier DPD",
"transport_cost": 15.00,
"payment_method": "Przelew bankowy",
"summary": 150.00
}
],
"total": 1,
"page": 1,
"per_page": 50
}
}
```
#### Szczegoly zamowienia
```
GET api.php?endpoint=orders&action=get&id={order_id}
```
Zwraca pelne dane zamowienia z produktami i historia statusow.
#### Zmiana statusu zamowienia
```
PUT api.php?endpoint=orders&action=change_status&id={order_id}
Content-Type: application/json
{
"status_id": 5,
"send_email": true
}
```
Odpowiedz:
```json
{
"status": "ok",
"data": {
"order_id": 42,
"status_id": 5,
"changed": true
}
}
```
#### Oznacz jako oplacone
```
PUT api.php?endpoint=orders&action=set_paid&id={order_id}
```
Opcjonalnie w body: `{"send_email": true}`
#### Oznacz jako nieoplacone
```
PUT api.php?endpoint=orders&action=set_unpaid&id={order_id}
```
### Produkty
#### Lista produktow
```
GET api.php?endpoint=products&action=list
```
Parametry filtrowania (opcjonalne):
| Parametr | Typ | Opis |
|----------|-----|------|
| `search` | string | Szukaj po nazwie, EAN lub SKU |
| `status` | int (0/1) | Filtruj po statusie (1 = aktywny, 0 = nieaktywny) |
| `promoted` | int (0/1) | Filtruj po promocji |
| `attribute_{id}` | int | Filtruj po atrybucie — `attribute_1=3` oznacza atrybut 1 = wartosc 3 (wiele filtrow AND) |
| `sort` | string | Sortuj po: id, name, price_brutto, status, promoted, quantity (domyslnie id) |
| `sort_dir` | string | Kierunek: ASC lub DESC (domyslnie DESC) |
| `page` | int | Numer strony (domyslnie 1) |
| `per_page` | int | Wynikow na strone (domyslnie 50, max 100) |
Odpowiedz:
```json
{
"status": "ok",
"data": {
"items": [
{
"id": 1,
"sku": "PROD-001",
"ean": "5901234123457",
"name": "Produkt testowy",
"price_brutto": 99.99,
"price_brutto_promo": null,
"price_netto": 81.29,
"price_netto_promo": null,
"quantity": 10,
"status": 1,
"promoted": 0,
"vat": 23,
"weight": 0.5,
"main_image": "product1.jpg",
"date_add": "2026-01-15 10:00:00",
"date_modify": "2026-02-19 12:00:00"
}
],
"total": 1,
"page": 1,
"per_page": 50
}
}
```
#### Szczegoly produktu
```
GET api.php?endpoint=products&action=get&id={product_id}
```
Zwraca pelne dane produktu z jezykami, zdjeciami, kategoriami i atrybutami.
Odpowiedz:
```json
{
"status": "ok",
"data": {
"id": 1,
"sku": "PROD-001",
"ean": "5901234123457",
"price_brutto": 99.99,
"price_brutto_promo": null,
"price_netto": 81.29,
"price_netto_promo": null,
"quantity": 10,
"status": 1,
"promoted": 0,
"vat": 23,
"weight": 0.5,
"stock_0_buy": 0,
"custom_label_0": null,
"set_id": null,
"product_unit_id": 1,
"producer_id": 3,
"producer_name": "Nike",
"date_add": "2026-01-15 10:00:00",
"date_modify": "2026-02-19 12:00:00",
"languages": {
"pl": {
"name": "Produkt testowy",
"short_description": "Krotki opis",
"description": "<p>Pelny opis produktu</p>",
"meta_description": null,
"meta_keywords": null,
"meta_title": null,
"seo_link": "produkt-testowy",
"copy_from": null,
"warehouse_message_zero": null,
"warehouse_message_nonzero": null,
"tab_name_1": null,
"tab_description_1": null,
"tab_name_2": null,
"tab_description_2": null,
"canonical": null,
"security_information": null
}
},
"images": [
{"id": 1, "src": "product1.jpg", "alt": "Zdjecie produktu"}
],
"categories": [1, 5],
"attributes": [
{
"attribute_id": 1,
"attribute_type": 1,
"attribute_names": {"pl": "Kolor", "en": "Color"},
"value_id": 3,
"value_names": {"pl": "Czerwony", "en": "Red"}
}
],
"custom_fields": [
{"name": "Napis na koszulce", "type": "text", "is_required": 1}
],
"variants": [
{
"id": 101,
"permutation_hash": "1-3|2-5",
"sku": "PROD-001-RED-L",
"ean": null,
"price_brutto": 109.99,
"price_brutto_promo": null,
"price_netto": 89.42,
"price_netto_promo": null,
"quantity": 5,
"stock_0_buy": 0,
"weight": 0.5,
"status": 1,
"attributes": [
{"attribute_id": 1, "attribute_names": {"pl": "Kolor"}, "value_id": 3, "value_names": {"pl": "Czerwony"}},
{"attribute_id": 2, "attribute_names": {"pl": "Rozmiar"}, "value_id": 5, "value_names": {"pl": "L"}}
]
}
]
}
}
```
#### Tworzenie produktu
```
POST api.php?endpoint=products&action=create
Content-Type: application/json
{
"price_brutto": 99.99,
"vat": 23,
"quantity": 10,
"status": 1,
"sku": "PROD-001",
"ean": "5901234123457",
"weight": 0.5,
"languages": {
"pl": {
"name": "Nowy produkt",
"description": "<p>Opis produktu</p>"
}
},
"categories": [1, 5],
"products_related": [10, 20],
"custom_fields": [
{"name": "Napis na koszulce", "type": "text", "is_required": 1}
]
}
```
Wymagane: `languages` (min. 1 jezyk z `name`) oraz `price_brutto`.
`custom_fields` — opcjonalne; kazdy element wymaga `name`, `type` (domyslnie `text`), `is_required` (0/1).
Odpowiedz (HTTP 201):
```json
{
"status": "ok",
"data": {
"id": 42
}
}
```
#### Aktualizacja produktu
```
PUT api.php?endpoint=products&action=update&id={product_id}
Content-Type: application/json
{
"price_brutto": 129.99,
"status": 1,
"languages": {
"pl": {
"name": "Zaktualizowana nazwa"
}
}
}
```
Partial update — wystarczy przeslac tylko zmienione pola. Pola nieprzeslane zachowuja aktualna wartosc.
Odpowiedz: pelne dane produktu (jak w `get`).
### Warianty produktow
#### Lista wariantow produktu
```
GET api.php?endpoint=products&action=variants&id={product_id}
```
Zwraca warianty produktu nadrzednego wraz z dostepnymi atrybutami.
Odpowiedz:
```json
{
"status": "ok",
"data": {
"product_id": 1,
"available_attributes": [
{
"id": 1,
"type": 1,
"status": 1,
"names": {"pl": "Kolor", "en": "Color"},
"values": [
{"id": 3, "names": {"pl": "Czerwony", "en": "Red"}, "is_default": 0, "impact_on_the_price": null},
{"id": 4, "names": {"pl": "Niebieski", "en": "Blue"}, "is_default": 0, "impact_on_the_price": 10.0}
]
}
],
"variants": [
{
"id": 101,
"permutation_hash": "1-3",
"sku": "PROD-001-RED",
"ean": null,
"price_brutto": 109.99,
"price_brutto_promo": null,
"price_netto": 89.42,
"price_netto_promo": null,
"quantity": 5,
"stock_0_buy": 0,
"weight": 0.5,
"status": 1,
"attributes": [
{"attribute_id": 1, "attribute_names": {"pl": "Kolor"}, "value_id": 3, "value_names": {"pl": "Czerwony"}}
]
}
]
}
}
```
#### Tworzenie wariantu
```
POST api.php?endpoint=products&action=create_variant&id={product_id}
Content-Type: application/json
{
"attributes": {"1": 3, "2": 5},
"sku": "PROD-001-RED-L",
"ean": "5901234123458",
"price_brutto": 109.99,
"quantity": 5,
"weight": 0.5
}
```
Wymagane: `attributes` (mapa attribute_id -> value_id, min. 1). Kombinacja atrybutow musi byc unikalna.
Odpowiedz (HTTP 201): pelne dane wariantu.
#### Aktualizacja wariantu
```
PUT api.php?endpoint=products&action=update_variant&id={variant_id}
Content-Type: application/json
{
"sku": "PROD-001-RED-XL",
"price_brutto": 119.99,
"quantity": 3
}
```
Partial update — mozna zmienic: sku, ean, price_brutto, price_netto, price_brutto_promo, price_netto_promo, quantity, stock_0_buy, weight, status.
Odpowiedz: pelne dane wariantu.
#### Usuwanie wariantu
```
DELETE api.php?endpoint=products&action=delete_variant&id={variant_id}
```
Odpowiedz:
```json
{
"status": "ok",
"data": {"id": 101, "deleted": true}
}
```
### Kategorie
#### Lista kategorii
```
GET api.php?endpoint=categories&action=list
```
Zwraca plaska liste wszystkich aktywnych kategorii w domyslnym jezyku sklepu.
Odpowiedz:
```json
{
"status": "ok",
"data": {
"categories": [
{"id": 1, "parent_id": null, "title": "Kategoria glowna"},
{"id": 3, "parent_id": 1, "title": "Podkategoria A"},
{"id": 5, "parent_id": 1, "title": "Podkategoria B"}
]
}
}
```
Pola odpowiedzi:
| Pole | Typ | Opis |
|------|-----|------|
| `id` | int | ID kategorii |
| `parent_id` | int\|null | ID kategorii nadrzednej (null = kategoria glowna) |
| `title` | string | Nazwa w domyslnym jezyku; fallback na inny jezyk jesli brak tlumaczenia |
---
### Slowniki
#### Lista statusow zamowien
```
GET api.php?endpoint=dictionaries&action=statuses
```
Odpowiedz:
```json
{
"status": "ok",
"data": [
{"id": 0, "name": "Nowe"},
{"id": 1, "name": "Oplacone"},
{"id": 4, "name": "W realizacji"},
{"id": 6, "name": "Wyslane"}
]
}
```
#### Lista metod transportu
```
GET api.php?endpoint=dictionaries&action=transports
```
#### Lista metod platnosci
```
GET api.php?endpoint=dictionaries&action=payment_methods
```
#### Lista atrybutow
```
GET api.php?endpoint=dictionaries&action=attributes
```
Zwraca aktywne atrybuty z wartosciami i wielojezycznymi nazwami.
#### Znajdz lub utworz producenta
```
POST api.php?endpoint=dictionaries&action=ensure_producer
Content-Type: application/json
{
"name": "Nike"
}
```
Zwraca istniejacego producenta po nazwie lub tworzy nowego. Uzyc przed tworzeniem produktu, jesli producent moze nie istniec.
Odpowiedz:
```json
{
"status": "ok",
"data": {
"id": 5,
"created": false
}
}
```
`created: true` gdy producent zostal nowo dodany, `false` gdy juz istnial.
Odpowiedz:
```json
{
"status": "ok",
"data": [
{
"id": 1,
"type": 1,
"status": 1,
"names": {"pl": "Kolor", "en": "Color"},
"values": [
{"id": 3, "names": {"pl": "Czerwony"}, "is_default": 0, "impact_on_the_price": null},
{"id": 4, "names": {"pl": "Niebieski"}, "is_default": 1, "impact_on_the_price": 10.0}
]
}
]
}
```
## Polling
Aby pobierac tylko nowe/zmienione zamowienia, uzyj parametru `updated_since`:
```
GET api.php?endpoint=orders&action=list&updated_since=2026-02-19 12:00:00
```
Kolumna `updated_at` w `pp_shop_orders` jest aktualizowana automatycznie przy kazdej modyfikacji zamowienia (zmiana statusu, platnosci, edycja danych, tworzenie zamowienia).
## Konfiguracja
Klucz API ustawia sie w panelu admina w ustawieniach sklepu lub bezposrednio w bazie:
```sql
INSERT INTO pp_settings (param, value) VALUES ('api_key', 'twoj-klucz-api');
-- lub
UPDATE pp_settings SET value = 'twoj-klucz-api' WHERE param = 'api_key';
```
## Architektura
- Entry point: `api.php`
- Router: `\api\ApiRouter` (`autoload/api/ApiRouter.php`)
- Kontrolery: `autoload/api/Controllers/`
- `OrdersApiController` — zamowienia (5 akcji)
- `ProductsApiController` — produkty (8 akcji: list, get, create, update, variants, create_variant, update_variant, delete_variant)
- `DictionariesApiController` — slowniki (5 akcji: statuses, transports, payment_methods, attributes, ensure_producer)
- `CategoriesApiController` — kategorie (1 akcja: list)

18
docs/CHANGELOG.md
View File

@@ -4,6 +4,24 @@ Logi zmian z migracji na Domain-Driven Architecture. Najnowsze na gorze.
---
## ver. 0.333 (2026-03-10) - Ochrona przed podwójnym składaniem zamówienia (order submit token)
- **NEW**: `ShopBasketController` — mechanizm tokenu CSRF chroniący przed podwójnym składaniem zamówienia (generowanie, walidacja, konsumpcja tokenu w sesji)
- **NEW**: `ShopBasketController::basketSave()` — przy duplikacie przekierowanie do istniejącego zamówienia zamiast tworzenia kolejnego
- **FIX**: `templates/shop-basket/summary-view.php` — JS nasłuchuje na `submit` formularza zamiast `click` przycisku (poprawna obsługa walidacji HTML5)
- **FIX**: `templates/shop-basket/address-form.php` — ukryte pole `order_submit_token` z escape XSS
- **TESTS**: `ShopBasketControllerTest` — testy konstruktora i zależności (5 testów)
---
## ver. 0.332 (2026-03-01) - API produktów: nowe pola new_to_date i additional_message
- **NEW**: `ProductRepository::getProductForApi()` — eksportuje 4 nowe pola: `new_to_date`, `additional_message` (int 0/1), `additional_message_required` (int 0/1), `additional_message_text`
- **NEW**: `ProductsApiController` — obsługa nowych pól w PUT/PATCH (aktualizacja `new_to_date`, `additional_message`, `additional_message_required`, `additional_message_text`)
- **DOCS**: `docs/API.md` — zaktualizowane przykłady GET/PUT dla nowych pól produktu
---
## ver. 0.331 (2026-03-01) - Bugfix: strona produktu używała layoutu kategorii zamiast domyślnego
- **FIX**: `LayoutsRepository::getProductLayout()` — fallback gdy produkt i jego kategorie nie mają przypisanego layoutu zmieniany z `categories_default = 1` na `status = 1`; wcześniej produkty bez layoutu pobierały szablon "Podstrony - kategorie" zamiast właściwego domyślnego

6
docs/TESTING.md
View File

@@ -23,10 +23,10 @@ composer test # standard
## Aktualny stan
```text
OK (805 tests, 2253 assertions)
OK (810 tests, 2264 assertions)
```
Zweryfikowano: 2026-02-24 (ver. 0.318)
Zweryfikowano: 2026-03-10 (ver. 0.333)
## Konfiguracja
@@ -89,6 +89,8 @@ tests/
| |-- ShopStatusesControllerTest.php
| |-- ShopTransportControllerTest.php
| `-- UsersControllerTest.php
| |-- front/Controllers/
| | `-- ShopBasketControllerTest.php
| `-- api/
| |-- ApiRouterTest.php
| `-- Controllers/

1
docs/TODO.md
View File

@@ -4,3 +4,4 @@ naprawić działanie newslettera i zapis do bazy newslettera
program lojalnościowy
proponowane produkty w koszyku
Do zamówień w statusie: realizowane lub oczekuje na wpłatę. Opcja tylko dla zarejestrowanych klientów. https://royal-stone.pl/pl/order1.html
Dodać możliwość ustawienia limitu znaków w wiadomościach do produktu

658
docs/plans/2026-02-27-htaccess-conf-elimination.md
View File

@@ -1,658 +0,0 @@
# htaccess.conf Elimination — Implementation Plan
> **For Claude:** REQUIRED SUB-SKILL: Use superpowers:executing-plans to implement this plan task-by-task.
**Goal:** Eliminate `libraries/htaccess.conf` as a template file and move all remaining hardcoded URL routes into `pp_routes`, leaving only true Apache-level directives in the generated `.htaccess`.
**Architecture:** `Helpers::htacces()` generates the full `.htaccess` content from PHP strings instead of loading a template. All URL→PHP mappings (static system routes + dynamic per language/producer) are inserted into `pp_routes` with `type='system'`, deleted and reinserted on every `htacces()` call. Apache-level rules (HTTPS redirect, admin routing, thumb.php) stay in `.htaccess` only.
**Tech Stack:** PHP 7.4, Medoo ORM (`$mdb`), Redis (CacheHandler), PHPUnit 9.6
---
## Context
### Current `Helpers::htacces()` structure (before this plan)
1. Loads `libraries/htaccess.conf` template (contains many hardcoded URL routes)
2. Appends language switch rules to `$htaccess_data`
3. Appends newsletter and producer rules to `$htaccess_data`
4. Inserts category/product/page/article routes into `pp_routes` (done in v0.329)
5. Replaces `{HTACCESS_CACHE}` placeholder
6. Appends catch-all, writes files
### What stays in `.htaccess` after this plan
- `RewriteEngine On`, `RewriteBase /`, `Options`
- www→https redirect
- http→https redirect (with tpay/przelewy24/hotpay exclusion)
- Trailing slash removal (excluding `/admin/`)
- Admin routing: `^admin/([^/]*)/([^/]*)/(.*)$`
- `^admin/$`
- Thumbnail: `^thumb/([0-9]*)/([0-9]*)/(.*)$``/libraries/thumb.php` (different PHP file, cannot use pp_routes)
- `THE_REQUEST` index.php redirect
- Cache headers block (gzip/expires or no-cache based on `$settings['htaccess_cache']`)
- File protection: `<Files *.conf>`, `<Files *.log>`, `<Files *.ini>`
- Start page 301 redirects (generated dynamically in pages loop)
- Custom htaccess from `pp_settings` (param=htaccess)
- Catch-all: `RewriteRule ^ index.php [L]`
### New `type` column in `pp_routes`
- `NULL` = entity route (product/category/page/article)
- `'system'` = system route (all routes in this plan)
- On every `htacces()` call: `DELETE WHERE type='system'`, then reinsert all
---
## Task 1: Update SQL migration — add `type` column
**Files:**
- Modify: `migrations/0.329.sql`
**Step 1: Add `type` column to the migration**
Open `migrations/0.329.sql` (currently has 4 lines). Append the `type` column:
```sql
ALTER TABLE pp_routes
ADD COLUMN category_id INT NULL AFTER product_id,
ADD COLUMN page_id INT NULL AFTER category_id,
ADD COLUMN article_id INT NULL AFTER page_id,
ADD COLUMN type VARCHAR(20) NULL AFTER article_id;
```
**Step 2: Apply migration on server**
Run on the production/staging database:
```sql
ALTER TABLE pp_routes ADD COLUMN type VARCHAR(20) NULL AFTER article_id;
```
(The other 3 columns from 0.329 should already be applied from the previous deployment.)
**Step 3: No test needed** — pure schema change, verified when routes are inserted in Task 2.
---
## Task 2: Refactor `Helpers::htacces()` — replace template + move all routes to pp_routes
**Files:**
- Modify: `autoload/Shared/Helpers/Helpers.php` (method `htacces()`, lines ~408773)
This is the core task. The entire method is refactored. Here is the complete new body:
**Step 1: Replace the method body**
Find the opening of `htacces()` at line ~408. Replace everything from the start of the method body through the end (line ~773) with the code below.
The key structural changes:
- Remove `file_get_contents(htaccess.conf)` and `str_replace('{PAGE}', ...)`
- Remove `str_replace('{HTACCESS_CACHE}', ...)` — cache block is now inline
- Build `$htaccess_data` directly as PHP string
- Delete all `type='system'` routes, then reinsert static + dynamic ones
- Language switch → `pp_routes` (remove from `$htaccess_data`)
- Newsletter → `pp_routes` (remove from `$htaccess_data`)
- Producenci/producent → `pp_routes` (remove from `$htaccess_data`)
**New `htacces()` method body** — replace lines 409773 with:
```php
{
global $mdb;
$settings = ( new \Domain\Settings\SettingsRepository( $mdb ) )->allSettings( true );
$url = preg_replace( '#^(http(s)?://)?w{3}\.#', '$1', $_SERVER['SERVER_NAME'] );
$robots = 'User-agent: *' . PHP_EOL;
$robots .= 'Allow: /' . PHP_EOL;
$site_map = '<?xml version="1.0" encoding="UTF-8"?>' . PHP_EOL;
$site_map .= '<urlset xmlns="http://www.sitemaps.org/schemas/sitemap/0.9">' . PHP_EOL;
$site_map .= '<url>' . PHP_EOL;
$site_map .= '<loc>https://' . $url . '</loc>' . PHP_EOL;
$site_map .= '<lastmod>' . date( 'Y-m-d' ) . '</lastmod>' . PHP_EOL;
$site_map .= '<changefreq>daily</changefreq>' . PHP_EOL;
$site_map .= '<priority>1</priority>' . PHP_EOL;
$site_map .= '</url>' . PHP_EOL;
//
// SYSTEM ROUTES — delete all and reinsert
//
$mdb->delete( 'pp_routes', [ 'type' => 'system' ] );
// Static system routes (hardcoded, never change)
$systemRoutes = [
// Wyszukiwarka
[ 'pattern' => '^wyszukiwarka/([^/]+)/([0-9]+)$', 'destination' => 'index.php?module=search&action=search_results&query=$1&bs=$2' ],
[ 'pattern' => '^wyszukiwarka/([^/]+)$', 'destination' => 'index.php?module=search&action=search_results&query=$1&bs=1' ],
// Zamowienia
[ 'pattern' => '^zamowienie/([a-zA-Z0-9-]+)$', 'destination' => 'index.php?module=shop_order&action=order_details&order_hash=$1' ],
[ 'pattern' => '^potwierdzenie-platnosci/([a-zA-Z0-9-]+)$', 'destination' => 'index.php?module=shop_order&action=payment_confirmation&order_hash=$1' ],
// Platnosci
[ 'pattern' => '^tpay-status$', 'destination' => 'index.php?module=shop_order&action=payment_status_tpay' ],
[ 'pattern' => '^platnosc-status$', 'destination' => 'index.php?module=shop_order&action=payment_status_hotpay' ],
[ 'pattern' => '^przelewy24-status$', 'destination' => 'index.php?module=shop_order&action=payment_status_przelewy24pl' ],
// Koszyk
[ 'pattern' => '^koszyk$', 'destination' => 'index.php?module=shop_basket&action=main_view' ],
[ 'pattern' => '^koszyk-podsumowanie$', 'destination' => 'index.php?module=shop_basket&action=summary_view' ],
[ 'pattern' => '^zloz-zamowienie$', 'destination' => 'index.php?module=shop_basket&action=basket_save' ],
// Klient
[ 'pattern' => '^rejestracja$', 'destination' => 'index.php?module=shop_client&action=register_form' ],
[ 'pattern' => '^logowanie$', 'destination' => 'index.php?module=shop_client&action=login_form' ],
[ 'pattern' => '^wylogowanie$', 'destination' => 'index.php?module=shop_client&action=logout' ],
[ 'pattern' => '^odzyskiwanie-hasla$', 'destination' => 'index.php?module=shop_client&action=recover_password' ],
[ 'pattern' => '^panel-klienta/zamowienia$', 'destination' => 'index.php?module=shop_client&action=client_orders' ],
[ 'pattern' => '^panel-klienta/adresy$', 'destination' => 'index.php?module=shop_client&action=client_addresses' ],
[ 'pattern' => '^panel-klienta/nowy-adres$', 'destination' => 'index.php?module=shop_client&action=address_edit' ],
[ 'pattern' => '^panel-klienta/edytuj-adres/([0-9]+)$', 'destination' => 'index.php?module=shop_client&action=address_edit&id=$1' ],
[ 'pattern' => '^panel-klienta/usun-adres/([0-9]+)$', 'destination' => 'index.php?module=shop_client&action=address_delete&id=$1' ],
// Newsletter
[ 'pattern' => '^newsletter/signin$', 'destination' => 'index.php?module=newsletter&action=signin' ],
[ 'pattern' => '^newsletter/confirm/hash=(.+)$', 'destination' => 'index.php?module=newsletter&action=confirm&hash=$1' ],
[ 'pattern' => '^newsletter/unsubscribe/hash=(.+)$', 'destination' => 'index.php?module=newsletter&action=unsubscribe&hash=$1' ],
// Moduły AJAX (shopBasket, shopClient, shopProduct, shopCoupon, search)
[ 'pattern' => '^shopBasket/([^/]+)/(.+)$', 'destination' => 'index.php?module=shopBasket&action=$1&$2' ],
[ 'pattern' => '^shopBasket/([^/]+)$', 'destination' => 'index.php?module=shopBasket&action=$1' ],
[ 'pattern' => '^shopClient/([^/]+)/(.+)$', 'destination' => 'index.php?module=shopClient&action=$1&$2' ],
[ 'pattern' => '^shopClient/([^/]+)$', 'destination' => 'index.php?module=shopClient&action=$1' ],
[ 'pattern' => '^shopProduct/([^/]+)/(.+)$', 'destination' => 'index.php?module=shopProduct&action=$1&$2' ],
[ 'pattern' => '^shopProduct/([^/]+)$', 'destination' => 'index.php?module=shopProduct&action=$1' ],
[ 'pattern' => '^shopCoupon/([^/]+)/(.+)$', 'destination' => 'index.php?module=shopCoupon&action=$1&$2' ],
[ 'pattern' => '^shopCoupon/([^/]+)$', 'destination' => 'index.php?module=shopCoupon&action=$1' ],
[ 'pattern' => '^search/([^/]+)/(.+)$', 'destination' => 'index.php?module=search&action=$1&$2' ],
[ 'pattern' => '^search/([^/]+)$', 'destination' => 'index.php?module=search&action=$1' ],
];
foreach ( $systemRoutes as $route )
{
$mdb->insert( 'pp_routes', [
'type' => 'system',
'lang_id' => 0,
'pattern' => $route['pattern'],
'destination' => $route['destination'],
] );
}
// Dynamic system routes — languages
$results = $mdb->select( 'pp_langs', [ 'id' ], [ 'status' => 1, 'ORDER' => [ 'o' => 'ASC' ] ] );
if ( is_array( $results ) ) foreach ( $results as $row )
{
$mdb->insert( 'pp_routes', [
'type' => 'system',
'lang_id' => 0,
'pattern' => '^' . $row['id'] . '$',
'destination' => 'index.php?a=change_language&id=' . $row['id'],
] );
}
// Dynamic system routes — producenci
$categoryDefaultLayoutId = ( new \Domain\Layouts\LayoutsRepository( $mdb ) )->categoryDefaultLayoutId();
$mdb->insert( 'pp_routes', [
'type' => 'system',
'lang_id' => 0,
'pattern' => '^producenci$',
'destination' => 'index.php?module=shop_producer&action=list&layout_id=' . $categoryDefaultLayoutId,
] );
$rows = $mdb->select( 'pp_shop_producer', '*', [ 'status' => 1 ] );
if ( self::is_array_fix( $rows ) ) foreach ( $rows as $row )
{
$mdb->insert( 'pp_routes', [
'type' => 'system',
'lang_id' => 0,
'pattern' => '^producent/' . self::seo( $row['name'] ) . '$',
'destination' => 'index.php?module=shop_producer&action=products&producer_id=' . $row['id'] . '&layout_id=' . $categoryDefaultLayoutId,
] );
$mdb->insert( 'pp_routes', [
'type' => 'system',
'lang_id' => 0,
'pattern' => '^producent/' . self::seo( $row['name'] ) . '/([0-9]+)$',
'destination' => 'index.php?module=shop_producer&action=products&producer_id=' . $row['id'] . '&layout_id=' . $categoryDefaultLayoutId . '&bs=$1',
] );
}
//
// HTACCESS — generuj z PHP (bez szablonu htaccess.conf)
//
$htaccess_data = 'RewriteEngine On' . PHP_EOL;
$htaccess_data .= 'RewriteBase /' . PHP_EOL;
$htaccess_data .= 'Options +FollowSymlinks' . PHP_EOL;
$htaccess_data .= 'Options -Indexes' . PHP_EOL;
$htaccess_data .= PHP_EOL;
$htaccess_data .= '# Przekierowanie z www na bez www i z http na https w jednym kroku' . PHP_EOL;
$htaccess_data .= 'RewriteCond %{HTTP_HOST} ^www\.(.+)$ [NC]' . PHP_EOL;
$htaccess_data .= 'RewriteRule ^ https://%1%{REQUEST_URI} [R=301,L]' . PHP_EOL;
$htaccess_data .= PHP_EOL;
$htaccess_data .= '# Przekierowanie z http na https, jesli nie zawiera www' . PHP_EOL;
$htaccess_data .= 'RewriteCond %{HTTPS} off' . PHP_EOL;
$htaccess_data .= 'RewriteCond %{REQUEST_URI} !^/(tpay-status|platnosc-status|przelewy24-status)$ [NC]' . PHP_EOL;
$htaccess_data .= 'RewriteRule ^ https://%{HTTP_HOST}%{REQUEST_URI} [L,R=301]' . PHP_EOL;
$htaccess_data .= PHP_EOL;
$htaccess_data .= '# Usuwanie koncowego slasha dla niekatalogów' . PHP_EOL;
$htaccess_data .= 'RewriteCond %{REQUEST_FILENAME} !-d' . PHP_EOL;
$htaccess_data .= 'RewriteCond %{REQUEST_URI} !^/admin/.*$ [NC]' . PHP_EOL;
$htaccess_data .= 'RewriteCond %{REQUEST_URI} (.+)/$' . PHP_EOL;
$htaccess_data .= 'RewriteRule ^ %1 [R=301,L]' . PHP_EOL;
$htaccess_data .= PHP_EOL;
$htaccess_data .= 'RewriteCond %{REQUEST_URI} !^(.*)/libraries/(.*) [NC]' . PHP_EOL;
$htaccess_data .= 'RewriteCond %{REQUEST_URI} !^(.*)/layout/(.*) [NC]' . PHP_EOL;
$htaccess_data .= 'RewriteRule ^admin/([^/]*)/([^/]*)/(.*)$ admin/index.php?module=$1&action=$2&$3 [L]' . PHP_EOL;
$htaccess_data .= PHP_EOL;
$htaccess_data .= 'RewriteRule ^admin/$ admin/index.php [L]' . PHP_EOL;
$htaccess_data .= PHP_EOL;
$htaccess_data .= 'RewriteRule ^thumb/([0-9]*)/([0-9]*)/(.*)$ /libraries/thumb.php?img=$3&w=$1&h=$2 [L]' . PHP_EOL;
$htaccess_data .= PHP_EOL;
$htaccess_data .= 'RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index.php' . PHP_EOL;
$htaccess_data .= 'RewriteRule ^ /%1 [R=301,L]' . PHP_EOL;
/* cache — zastąpienie placeholdera {HTACCESS_CACHE} */
if ( $settings['htaccess_cache'] )
{
$htaccess_data .= '<IfModule mod_deflate.c>' . PHP_EOL
. 'AddOutputFilterByType DEFLATE text/html text/plain text/xml application/xml application/xhtml+xml text/css text/javascript application/javascript application/x-javascript' . PHP_EOL
. '</IfModule>' . PHP_EOL
. '<IfModule mod_headers.c>' . PHP_EOL
. 'Header set Access-Control-Allow-Origin "*"' . PHP_EOL
. '</IfModule>' . PHP_EOL
. '<IfModule mod_expires.c>' . PHP_EOL
. 'ExpiresActive on' . PHP_EOL
. 'ExpiresDefault "access plus 1 month"' . PHP_EOL
. 'ExpiresByType text/css "access plus 1 year"' . PHP_EOL
. 'ExpiresByType application/json "access plus 0 seconds"' . PHP_EOL
. 'ExpiresByType application/xml "access plus 0 seconds"' . PHP_EOL
. 'ExpiresByType text/xml "access plus 0 seconds"' . PHP_EOL
. 'ExpiresByType image/x-icon "access plus 1 week"' . PHP_EOL
. 'ExpiresByType text/x-component "access plus 1 month"' . PHP_EOL
. 'ExpiresByType text/html "access plus 0 seconds"' . PHP_EOL
. 'ExpiresByType application/javascript "access plus 1 year"' . PHP_EOL
. 'ExpiresByType application/x-web-app-manifest+json "access plus 0 seconds"' . PHP_EOL
. 'ExpiresByType text/cache-manifest "access plus 0 seconds"' . PHP_EOL
. 'ExpiresByType audio/ogg "access plus 1 month"' . PHP_EOL
. 'ExpiresByType image/gif "access plus 1 month"' . PHP_EOL
. 'ExpiresByType image/jpeg "access plus 1 month"' . PHP_EOL
. 'ExpiresByType image/png "access plus 1 month"' . PHP_EOL
. 'ExpiresByType video/mp4 "access plus 1 month"' . PHP_EOL
. 'ExpiresByType video/ogg "access plus 1 month"' . PHP_EOL
. 'ExpiresByType video/webm "access plus 1 month"' . PHP_EOL
. 'ExpiresByType application/atom+xml "access plus 1 hour"' . PHP_EOL
. 'ExpiresByType application/rss+xml "access plus 1 hour"' . PHP_EOL
. 'ExpiresByType application/font-woff "access plus 1 month"' . PHP_EOL
. 'ExpiresByType application/vnd.ms-fontobject "access plus 1 month"' . PHP_EOL
. 'ExpiresByType application/x-font-ttf "access plus 1 month"' . PHP_EOL
. 'ExpiresByType font/opentype "access plus 1 month"' . PHP_EOL
. 'ExpiresByType image/svg+xml "access plus 1 month"' . PHP_EOL
. '</IfModule>' . PHP_EOL;
}
else
{
$htaccess_data .= '<IfModule mod_headers.c>' . PHP_EOL
. 'Header set Cache-Control "no-cache, no-store, must-revalidate"' . PHP_EOL
. 'Header set Pragma "no-cache"' . PHP_EOL
. 'Header set Expires 0' . PHP_EOL
. '</IfModule>' . PHP_EOL;
}
$htaccess_data .= '<Files *.conf>' . PHP_EOL;
$htaccess_data .= ' Order Deny,Allow' . PHP_EOL;
$htaccess_data .= ' Deny from all' . PHP_EOL;
$htaccess_data .= '</Files>' . PHP_EOL;
$htaccess_data .= '<Files *.log>' . PHP_EOL;
$htaccess_data .= ' Order Deny,Allow' . PHP_EOL;
$htaccess_data .= ' Deny from all' . PHP_EOL;
$htaccess_data .= '</Files>' . PHP_EOL;
$htaccess_data .= '<Files *.ini>' . PHP_EOL;
$htaccess_data .= ' Order Deny,Allow' . PHP_EOL;
$htaccess_data .= ' Deny from all' . PHP_EOL;
$htaccess_data .= '</Files>' . PHP_EOL;
//
// KATEGORIE — sitemap + pp_routes (bez zmian)
//
$results = $mdb->select( 'pp_langs', [ 'id', 'start' ], [ 'status' => 1, 'ORDER' => [ 'o' => 'ASC' ] ] );
if ( is_array( $results ) ) foreach ( $results as $row )
{
!$row['start'] ? $language_link = $row['id'] . '/' : $language_link = '';
$results2 = $mdb->select( 'pp_shop_categories_langs', [ '[><]pp_shop_categories' => [ 'category_id' => 'id' ] ], [ 'seo_link', 'title', 'category_id' ], [ 'lang_id' => $row['id'], 'ORDER' => [ 'o' => 'ASC' ] ] );
if ( is_array( $results2 ) ) foreach ( $results2 as $row2 )
{
if ( $row2['title'] )
{
$site_map .= '<url>' . PHP_EOL;
if ( $row2['seo_link'] )
$site_map .= '<loc>https://' . $url . '/' . $language_link . self::seo( $row2['seo_link'] ) . '</loc>' . PHP_EOL;
else
$site_map .= '<loc>https://' . $url . '/' . $language_link . 'k-' . $row2['category_id'] . '-' . self::seo( $row2['title'] ) . '</loc>' . PHP_EOL;
$site_map .= '<lastmod>' . date( 'Y-m-d' ) . '</lastmod>' . PHP_EOL;
$site_map .= '<changefreq>daily</changefreq>' . PHP_EOL;
$site_map .= '<priority>1</priority>' . PHP_EOL;
$site_map .= '</url>' . PHP_EOL;
$seoSlug = $row2['seo_link'] ? self::seo( $row2['seo_link'] ) : 'k-' . $row2['category_id'] . '-' . self::seo( $row2['title'] );
$mdb->delete( 'pp_routes', [ 'AND' => [ 'category_id' => $row2['category_id'], 'lang_id' => $row['id'] ] ] );
$mdb->insert( 'pp_routes', [
'category_id' => $row2['category_id'],
'lang_id' => $row['id'],
'pattern' => '^' . $language_link . $seoSlug . '$',
'destination' => 'index.php?category=' . $row2['category_id'] . '&lang=' . $row['id'],
] );
$mdb->insert( 'pp_routes', [
'category_id' => $row2['category_id'],
'lang_id' => $row['id'],
'pattern' => '^' . $language_link . $seoSlug . '/([0-9]+)$',
'destination' => 'index.php?category=' . $row2['category_id'] . '&lang=' . $row['id'] . '&bs=$1',
] );
}
}
}
//
// PRODUKTY — sitemap + pp_routes (bez zmian)
//
$results = $mdb->select( 'pp_langs', [ 'id', 'start' ], [ 'status' => 1, 'ORDER' => [ 'o' => 'ASC' ] ] );
if ( is_array( $results ) )
{
foreach ( $results as $row )
{
!$row['start'] ? $language_link = $row['id'] . '/' : $language_link = '';
$results2 = $mdb->select( 'pp_shop_products_langs', [ '[><]pp_shop_products' => [ 'product_id' => 'id' ] ], [ 'seo_link', 'name', 'product_id' ], [ 'lang_id' => $row['id'], 'ORDER' => [ 'name' => 'ASC' ] ] );
if ( is_array( $results2 ) )
{
foreach ( $results2 as $row2 )
{
$mdb->delete( 'pp_routes', [ 'AND' => [ 'product_id' => $row2['product_id'], 'lang_id' => $row['id'] ] ] );
if ( $row2['name'] )
{
$site_map .= '<url>' . PHP_EOL;
if ( $row2['seo_link'] )
$site_map .= '<loc>https://' . $url . '/' . $language_link . self::seo( $row2['seo_link'] ) . '</loc>' . PHP_EOL;
else
$site_map .= '<loc>https://' . $url . '/' . $language_link . 'p-' . $row2['product_id'] . '-' . self::seo( $row2['name'] ) . '</loc>' . PHP_EOL;
$site_map .= '<lastmod>' . date( 'Y-m-d' ) . '</lastmod>' . PHP_EOL;
$site_map .= '<changefreq>daily</changefreq>' . PHP_EOL;
$site_map .= '<priority>1</priority>' . PHP_EOL;
$site_map .= '</url>' . PHP_EOL;
if ( $row2['seo_link'] )
{
$mdb->insert( 'pp_routes', [ 'product_id' => $row2['product_id'], 'lang_id' => $row['id'], 'pattern' => '^' . $language_link . self::seo( $row2['seo_link'] ) . '$', 'destination' => 'index.php?product=' . $row2['product_id'] ] );
$mdb->insert( 'pp_routes', [ 'product_id' => $row2['product_id'], 'lang_id' => $row['id'], 'pattern' => '^' . $language_link . self::seo( $row2['seo_link'] ) . '/([0-9-]+)$', 'destination' => 'index.php?product=' . $row2['product_id'] . '&permutation_hash=$1' ] );
}
else
{
$mdb->insert( 'pp_routes', [ 'product_id' => $row2['product_id'], 'lang_id' => $row['id'], 'pattern' => '^' . $language_link . 'p-' . $row2['product_id'] . '-' . self::seo( $row2['name'] ) . '$', 'destination' => 'index.php?product=' . $row2['product_id'] ] );
$mdb->insert( 'pp_routes', [ 'product_id' => $row2['product_id'], 'lang_id' => $row['id'], 'pattern' => '^' . $language_link . 'p-' . $row2['product_id'] . '-' . self::seo( $row2['name'] ) . '/([0-9-]+)$', 'destination' => 'index.php?product=' . $row2['product_id'] . '&permutation_hash=$1' ] );
}
}
}
}
}
}
//
// STRONY + ARTYKULY — sitemap + pp_routes (bez zmian)
//
$results = $mdb->select( 'pp_langs', [ 'id', 'start' ], [ 'status' => 1, 'ORDER' => [ 'o' => 'ASC' ] ] );
if ( is_array( $results ) )
foreach ( $results as $row )
{
( !$row['start'] and count( $results ) > 1 ) ? $language_link = $row['id'] . '/' : $language_link = '';
$results2 = $mdb->select( 'pp_pages_langs', [ '[><]pp_pages' => [ 'page_id' => 'id' ] ], [ 'seo_link', 'title', 'page_id', 'noindex', 'start', 'link', 'page_type' ], [ 'lang_id' => $row['id'], 'ORDER' => [ 'start' => 'DESC', 'o' => 'ASC' ] ] );
if ( is_array( $results2 ) )
foreach ( $results2 as $row2 )
{
if ( $row2['title'] and $row2['page_type'] != 3 and $row2['page_type'] != 5 )
{
if ( !$row2['noindex'] )
{
$site_map .= '<url>' . PHP_EOL;
if ( $row2['seo_link'] )
$site_map .= '<loc>https://' . $url . '/' . self::seo( $row2['seo_link'] ) . '</loc>' . PHP_EOL;
else
$site_map .= '<loc>https://' . $url . '/s-' . $row2['page_id'] . '-' . self::seo( $row2['title'] ) . '</loc>' . PHP_EOL;
$site_map .= '<lastmod>' . date( 'Y-m-d' ) . '</lastmod>' . PHP_EOL;
$site_map .= '<changefreq>daily</changefreq>' . PHP_EOL;
$site_map .= '<priority>1</priority>' . PHP_EOL;
$site_map .= '</url>' . PHP_EOL;
}
else if ( $row2['noindex'] and $row2['seo_link'] )
{
$robots .= 'User-agent: GoogleBot' . PHP_EOL;
$robots .= 'Disallow: /' . $row2['seo_link'] . PHP_EOL;
}
if ( $row2['start'] )
{
if ( $row2['seo_link'] )
{
$htaccess_data .= PHP_EOL . 'RewriteCond %{REQUEST_URI} ^/' . self::seo( $row2['seo_link'] ) . '$';
$htaccess_data .= PHP_EOL . 'RewriteRule ^(.*)$ http://www.' . $url . '/' . $language_link . ' [R=permanent,L]';
$htaccess_data .= PHP_EOL . 'RewriteCond %{REQUEST_URI} ^/' . self::seo( $row2['seo_link'] ) . '-1$';
$htaccess_data .= PHP_EOL . 'RewriteRule ^(.*)$ http://www.' . $url . '/' . $language_link . ' [R=permanent,L]';
}
else
{
$htaccess_data .= PHP_EOL . 'RewriteCond %{REQUEST_URI} ^/s-' . $row2['page_id'] . '-' . self::seo( $row2['title'] ) . '$';
$htaccess_data .= PHP_EOL . 'RewriteRule ^(.*)$ http://www.' . $url . '/' . $language_link . ' [R=permanent,L]';
$htaccess_data .= PHP_EOL . 'RewriteCond %{REQUEST_URI} ^/s-' . $row2['page_id'] . '-' . self::seo( $row2['title'] ) . '-1$';
$htaccess_data .= PHP_EOL . 'RewriteRule ^(.*)$ http://www.' . $url . '/' . $language_link . ' [R=permanent,L]';
}
$htaccess_data .= PHP_EOL . 'RewriteRule ^$ index.php?a=page&id=' . $row2['page_id'] . '&lang=' . $row['id'] . ' [L]';
}
$seoSlug = $row2['seo_link'] ? self::seo( $row2['seo_link'] ) : 's-' . $row2['page_id'] . '-' . self::seo( $row2['title'] );
$langPrefix = $row2['start'] ? '' : $language_link;
$mdb->delete( 'pp_routes', [ 'AND' => [ 'page_id' => $row2['page_id'], 'lang_id' => $row['id'] ] ] );
$mdb->insert( 'pp_routes', [
'page_id' => $row2['page_id'],
'lang_id' => $row['id'],
'pattern' => '^' . $langPrefix . $seoSlug . '$',
'destination' => 'index.php?a=page&id=' . $row2['page_id'] . '&lang=' . $row['id'],
] );
$mdb->insert( 'pp_routes', [
'page_id' => $row2['page_id'],
'lang_id' => $row['id'],
'pattern' => '^' . $langPrefix . $seoSlug . '/([0-9]+)$',
'destination' => 'index.php?a=page&id=' . $row2['page_id'] . '&lang=' . $row['id'] . '&bs=$1',
] );
}
}
$results2 = $mdb->select( 'pp_articles_langs', [ '[><]pp_articles' => [ 'article_id' => 'id' ] ], [ 'seo_link', 'title', 'article_id', 'noindex', 'copy_from' ], [ 'AND' => [ 'status' => 1, 'lang_id' => $row['id'], 'block_direct_access' => 0 ] ] );
if ( is_array( $results2 ) )
foreach ( $results2 as $row2 )
{
if ( $row2['copy_from'] != null )
{
$results_tmp = $mdb->get( 'pp_articles_langs', [ 'seo_link', 'title' ], [ 'AND' => [ 'article_id' => $row2['article_id'], 'lang_id' => $row2['copy_from'] ] ] );
$row2['seo_link'] = $results_tmp['seo_link'];
$row2['title'] = $results_tmp['title'];
}
if ( !$row2['noindex'] )
{
$site_map .= '<url>' . PHP_EOL;
if ( $row2['seo_link'] )
$site_map .= '<loc>https://' . $url . '/' . self::seo( $row2['seo_link'] ) . '</loc>' . PHP_EOL;
else
$site_map .= '<loc>https://' . $url . '/a-' . $row2['article_id'] . '-' . self::seo( $row2['title'] ) . '</loc>' . PHP_EOL;
$site_map .= '<lastmod>' . date( 'Y-m-d' ) . '</lastmod>' . PHP_EOL;
$site_map .= '<changefreq>daily</changefreq>' . PHP_EOL;
$site_map .= '<priority>1</priority>' . PHP_EOL;
$site_map .= '</url>' . PHP_EOL;
}
else if ( $row2['noindex'] and $row2['seo_link'] )
{
$robots .= 'User-agent: GoogleBot' . PHP_EOL;
$robots .= 'Disallow: /' . $row2['seo_link'] . PHP_EOL;
}
$mdb->delete( 'pp_routes', [ 'AND' => [ 'article_id' => $row2['article_id'], 'lang_id' => $row['id'] ] ] );
if ( $row2['seo_link'] )
{
$mdb->insert( 'pp_routes', [
'article_id' => $row2['article_id'],
'lang_id' => $row['id'],
'pattern' => '^' . $language_link . self::seo( $row2['seo_link'] ) . '$',
'destination' => 'index.php?article=' . $row2['article_id'] . '&lang=' . $row['id'],
] );
}
else if ( $row2['title'] != null )
{
$mdb->insert( 'pp_routes', [
'article_id' => $row2['article_id'],
'lang_id' => $row['id'],
'pattern' => '^' . $language_link . 'a-' . $row2['article_id'] . '-' . self::seo( $row2['title'] ) . '$',
'destination' => 'index.php?article=' . $row2['article_id'] . '&lang=' . $row['id'],
] );
}
}
}
// Invalidacja cache tras
try {
( new \Shared\Cache\CacheHandler() )->delete( 'pp_routes:all' );
} catch ( \Exception $e ) {
// Redis niedostepny — ignorujemy
}
$results = $mdb->get( 'pp_settings', 'value', [ 'param' => 'htaccess' ] );
if ( $results )
$htaccess_data .= PHP_EOL . $results;
$results = $mdb->get( 'pp_settings', 'value', [ 'param' => 'robots' ] );
if ( $results )
$robots .= PHP_EOL . $results;
$site_map .= '</urlset>';
$htaccess_data .= PHP_EOL;
$htaccess_data .= 'RewriteCond %{REQUEST_FILENAME} !-f' . PHP_EOL;
$htaccess_data .= 'RewriteCond %{REQUEST_FILENAME} !-d' . PHP_EOL;
$htaccess_data .= 'RewriteRule ^ index.php [L]';
// Niektore hostingi blokuja zmiane wersji PHP przez .htaccess.
$htaccess_data = preg_replace( '/^(\\s*)(AddHandler|SetHandler|ForceType)\\b/im', '$1# $2', $htaccess_data );
$fp = fopen( $dir . '.htaccess', 'w' );
fwrite( $fp, $htaccess_data );
fclose( $fp );
$fp = fopen( $dir . 'sitemap.xml', 'w' );
fwrite( $fp, $site_map );
fclose( $fp );
$fp = fopen( $dir . 'robots.txt', 'w' );
fwrite( $fp, $robots );
fclose( $fp );
}
```
**Step 2: Run tests**
```
php phpunit.phar --configuration phpunit.xml
```
Expected: all tests pass (htacces() has no unit tests, covered by integration).
---
## Task 3: Delete `libraries/htaccess.conf`
**Files:**
- Delete: `libraries/htaccess.conf`
**Step 1: Verify htacces() no longer references the file**
Search for any remaining `file_get_contents` referencing `htaccess.conf`:
```bash
grep -r "htaccess.conf" autoload/
```
Expected: no results.
**Step 2: Delete the file**
```bash
rm libraries/htaccess.conf
```
**Step 3: Run tests**
```
php phpunit.phar --configuration phpunit.xml
```
Expected: all tests still pass.
---
## Task 4: Update `docs/DATABASE_STRUCTURE.md`
**Files:**
- Modify: `docs/DATABASE_STRUCTURE.md` (section `## pp_routes`)
**Step 1: Add `type` column to the pp_routes table description**
Find the `## pp_routes` section and add the `type` row to the column table:
```markdown
| type | Typ trasy: NULL = encja (produkt/kategoria/strona/artykuł), 'system' = trasa systemowa |
```
Also update the description paragraph to mention that system routes are managed automatically.
---
## Task 5: Manual integration test on server
**Step 1: Apply migration**
```sql
ALTER TABLE pp_routes ADD COLUMN type VARCHAR(20) NULL AFTER article_id;
```
**Step 2: Trigger `htacces()` regeneration**
Log in to admin panel → save any product or category → this calls `htacces()`.
**Step 3: Verify pp_routes has system routes**
```sql
SELECT COUNT(*) FROM pp_routes WHERE type = 'system';
```
Expected: ~35+ rows (32 static + language rows + producer rows).
**Step 4: Verify .htaccess was generated correctly**
Open `.htaccess` — should NOT contain `RewriteRule ^koszyk$`, `^logowanie$`, etc. Should contain HTTPS redirect, admin routing, thumb routing, cache block.
**Step 5: Test URLs in browser**
- `/koszyk` → koszyk page ✓
- `/logowanie` → login page ✓
- `/wyszukiwarka/test` → search results ✓
- `/zamowienie/abc123` → order details ✓
- `/shopClient/confirm/hash=xyz` → client confirm action ✓
- Category URL → category page ✓
- Product URL → product page ✓
**Step 6: Run full test suite**
```
php phpunit.phar --configuration phpunit.xml
```
Expected: 807 tests, all pass.
---
## Task 6: Commit
**Step 1: Stage and commit**
```bash
git add migrations/0.329.sql
git add autoload/Shared/Helpers/Helpers.php
git add docs/DATABASE_STRUCTURE.md
git add docs/plans/2026-02-27-htaccess-conf-elimination.md
git add docs/plans/2026-02-27-htaccess-to-routes-design.md
git rm libraries/htaccess.conf
git commit -m "feat: eliminate htaccess.conf, move all routes to pp_routes (v0.330)"
```

121
docs/plans/2026-02-27-htaccess-to-routes-design.md
View File

@@ -1,121 +0,0 @@
# Design: Eliminacja htaccess.conf i przeniesienie wszystkich tras do pp_routes
**Data:** 2026-02-27
**Wersja docelowa:** 0.330
---
## Cel
Wyeliminowanie pliku `libraries/htaccess.conf` jako szablonu i przeniesienie wszystkich URL-i, które dotychczas były wpisane na sztywno w `.htaccess`, do tabeli `pp_routes`. Logika generowania `.htaccess` zostaje w całości w `Helpers::htacces()`.
---
## Co zostaje w `.htaccess` (reguły Apache-level)
Tylko dyrektywy, których PHP nie może obsłużyć:
- `RewriteEngine On`, `Options`
- Redirect HTTPS/www
- Redirect HTTP→HTTPS (z wyłączeniem tpay-status, platnosc-status, przelewy24-status)
- Usuwanie trailing slash (z wyłączeniem `/admin/`)
- Routing `/admin/``admin/index.php`
- `thumb/([0-9]*)/([0-9]*)/(.*)``/libraries/thumb.php` (inny plik PHP — niemożliwe przez pp_routes)
- `RewriteCond %{THE_REQUEST} ^[A-Z]{3,9}\ /index.php` — redirect z index.php
- Blok cache headers (gzip, expires) — zależny od `$settings['htaccess_cache']`
- Ochrona plików: `<Files *.conf>`, `<Files *.log>`, `<Files *.ini>`
- Przekierowania 301 stron startowych (generowane dynamicznie w pętli pages)
- Niestandardowe reguły z `pp_settings` (param=htaccess)
- Catch-all: `RewriteCond !-f`, `!-d`, `RewriteRule ^ index.php [L]`
---
## Co przechodzi do `pp_routes`
### Statyczne trasy systemowe (hardcoded, niezmienne)
| Pattern | Destination |
|---------|-------------|
| `^wyszukiwarka/([^/]+)/([0-9]+)$` | `index.php?module=search&action=search_results&query=$1&bs=$2` |
| `^wyszukiwarka/([^/]+)$` | `index.php?module=search&action=search_results&query=$1&bs=1` |
| `^zamowienie/([a-zA-Z0-9-]+)$` | `index.php?module=shop_order&action=order_details&order_hash=$1` |
| `^potwierdzenie-platnosci/([a-zA-Z0-9-]+)$` | `index.php?module=shop_order&action=payment_confirmation&order_hash=$1` |
| `^tpay-status$` | `index.php?module=shop_order&action=payment_status_tpay` |
| `^platnosc-status$` | `index.php?module=shop_order&action=payment_status_hotpay` |
| `^przelewy24-status$` | `index.php?module=shop_order&action=payment_status_przelewy24pl` |
| `^koszyk$` | `index.php?module=shop_basket&action=main_view` |
| `^koszyk-podsumowanie$` | `index.php?module=shop_basket&action=summary_view` |
| `^zloz-zamowienie$` | `index.php?module=shop_basket&action=basket_save` |
| `^rejestracja$` | `index.php?module=shop_client&action=register_form` |
| `^logowanie$` | `index.php?module=shop_client&action=login_form` |
| `^wylogowanie$` | `index.php?module=shop_client&action=logout` |
| `^odzyskiwanie-hasla$` | `index.php?module=shop_client&action=recover_password` |
| `^panel-klienta/zamowienia$` | `index.php?module=shop_client&action=client_orders` |
| `^panel-klienta/adresy$` | `index.php?module=shop_client&action=client_addresses` |
| `^panel-klienta/nowy-adres$` | `index.php?module=shop_client&action=address_edit` |
| `^panel-klienta/edytuj-adres/([0-9]+)$` | `index.php?module=shop_client&action=address_edit&id=$1` |
| `^panel-klienta/usun-adres/([0-9]+)$` | `index.php?module=shop_client&action=address_delete&id=$1` |
| `^newsletter/signin$` | `index.php?module=newsletter&action=signin` |
| `^newsletter/confirm/hash=(.+)$` | `index.php?module=newsletter&action=confirm&hash=$1` |
| `^newsletter/unsubscribe/hash=(.+)$` | `index.php?module=newsletter&action=unsubscribe&hash=$1` |
### Trasy modułów AJAX (shopBasket, shopClient, shopProduct, shopCoupon, search)
Dwa wzorce na moduł — 3-segmentowy (z parametrami) i 2-segmentowy:
| Pattern | Destination |
|---------|-------------|
| `^shopBasket/([^/]+)/(.+)$` | `index.php?module=shopBasket&action=$1&$2` |
| `^shopBasket/([^/]+)$` | `index.php?module=shopBasket&action=$1` |
| `^shopClient/([^/]+)/(.+)$` | `index.php?module=shopClient&action=$1&$2` |
| `^shopClient/([^/]+)$` | `index.php?module=shopClient&action=$1` |
| `^shopProduct/([^/]+)/(.+)$` | `index.php?module=shopProduct&action=$1&$2` |
| `^shopProduct/([^/]+)$` | `index.php?module=shopProduct&action=$1` |
| `^shopCoupon/([^/]+)/(.+)$` | `index.php?module=shopCoupon&action=$1&$2` |
| `^shopCoupon/([^/]+)$` | `index.php?module=shopCoupon&action=$1` |
| `^search/([^/]+)/(.+)$` | `index.php?module=search&action=$1&$2` |
| `^search/([^/]+)$` | `index.php?module=search&action=$1` |
### Dynamiczne trasy systemowe (wstawiane przy każdym `htacces()`)
- **Języki:** `^{lang_id}$``index.php?a=change_language&id={lang_id}` (per każdy aktywny język)
- **Producenci lista:** `^producenci$``index.php?module=shop_producer&action=list&layout_id={id}`
- **Producent detail:** `^producent/{slug}$` i `^producent/{slug}/([0-9]+)$` (per producent z DB)
---
## Nowa kolumna `type` w `pp_routes`
```sql
ADD COLUMN type VARCHAR(20) NULL AFTER article_id
```
| Wartość | Znaczenie |
|---------|-----------|
| `NULL` | Trasa encji (produkt, kategoria, strona, artykuł) |
| `'system'` | Trasa systemowa (wszystkie powyższe) |
**Zarządzanie:** przy każdym `htacces()`:
```php
$mdb->delete('pp_routes', ['type' => 'system']); // usuń wszystkie
// ... wstaw na nowo (statyczne + dynamiczne)
```
---
## Eliminacja `htaccess.conf`
`file_get_contents($dir . 'libraries/htaccess.conf')` zastąpione PHP stringiem z tą samą treścią (tylko Apache-level reguły). Placeholder `{HTACCESS_CACHE}` zastąpiony bezpośrednim `if ($settings['htaccess_cache']) { ... } else { ... }` wbudowanym w odpowiednim miejscu.
Plik `libraries/htaccess.conf` zostaje usunięty.
---
## Pliki do modyfikacji
| Plik | Zmiana |
|------|--------|
| `migrations/0.329.sql` | Dodać `ADD COLUMN type VARCHAR(20) NULL` |
| `Helpers::htacces()` | Usunąć `file_get_contents`, wbudować statyczny header, dodać inserty system routes, usunąć htaccess rules dla języków/newsletter/producenci |
| `libraries/htaccess.conf` | Usunąć plik |
| `docs/DATABASE_STRUCTURE.md` | Dodać kolumnę `type` do opisu pp_routes |

3
templates/shop-basket/address-form.php
View File

@@ -34,6 +34,7 @@
<? endif;?>
<? if ( $this -> client ):?><div class="right"><? endif;?>
<form class="form-horizontal" action="/zloz-zamowienie" method="POST" id="form-order">
<input type="hidden" name="order_submit_token" value="<?= htmlspecialchars( (string)($this -> order_submit_token ?? ''), ENT_QUOTES, 'UTF-8' );?>">
<? if ( !$this -> client ):?>
<div class="form-group row">
<div class="col-12">
@@ -198,4 +199,4 @@
$( '#address-' + address_id ).addClass( 'active' );
});
});
</script>
</script>

33
templates/shop-basket/summary-view.php
View File

@@ -140,14 +140,16 @@
</div>
<div class="right">
<?= \Shared\Tpl\Tpl::view( 'shop-basket/address-form', [
'transport_method' => $this -> transport
'transport_method' => $this -> transport,
'order_submit_token' => $this -> order_submit_token
] );?>
</div>
<? else:?>
<?= \Shared\Tpl\Tpl::view( 'shop-basket/address-form', [
'client' => $this -> client,
'addresses' => $this -> addresses,
'transport_method' => $this -> transport
'transport_method' => $this -> transport,
'order_submit_token' => $this -> order_submit_token
] );?>
<? endif;?>
</div>
@@ -156,17 +158,20 @@
<? endif;?>
</div>
<script class="footer" type="text/javascript">
document.getElementById('order-send').addEventListener('click', function() {
var form = document.getElementById('form-order'); // Zastąp 'form-id' rzeczywistym ID Twojego formularza
if (form.checkValidity()) {
this.classList.add('loading-button');
this.disabled = true;
form.submit();
} else {
// Opcjonalnie: wywołaj funkcję reportValidity(), aby wyświetlić komunikaty o błędach formularza
form.reportValidity();
}
});
var orderForm = document.getElementById('form-order');
var orderSendButton = document.getElementById('order-send');
if (orderForm && orderSendButton) {
orderForm.addEventListener('submit', function(event) {
if (orderSendButton.disabled) {
event.preventDefault();
return;
}
orderSendButton.classList.add('loading-button');
orderSendButton.disabled = true;
});
}
<? if ( $this -> settings['google_tag_manager_id'] ):?>
dataLayer.push({ ecommerce: null });
dataLayer.push({
@@ -180,4 +185,4 @@
}
});
<? endif;?>
</script>
</script>

44
tests/Unit/front/Controllers/ShopBasketControllerTest.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
namespace Tests\Unit\front\Controllers;
use PHPUnit\Framework\TestCase;
use front\Controllers\ShopBasketController;
use Domain\Order\OrderRepository;
use Domain\PaymentMethod\PaymentMethodRepository;
class ShopBasketControllerTest extends TestCase
{
private $orderRepository;
private $paymentMethodRepository;
private $controller;
protected function setUp(): void
{
$this->orderRepository = $this->createMock(OrderRepository::class);
$this->paymentMethodRepository = $this->createMock(PaymentMethodRepository::class);
$this->controller = new ShopBasketController($this->orderRepository, $this->paymentMethodRepository);
}
public function testConstructorAcceptsRepositories(): void
{
$controller = new ShopBasketController($this->orderRepository, $this->paymentMethodRepository);
$this->assertInstanceOf(ShopBasketController::class, $controller);
}
public function testHasCheckoutMethods(): void
{
$this->assertTrue(method_exists($this->controller, 'summaryView'));
$this->assertTrue(method_exists($this->controller, 'basketSave'));
}
public function testConstructorRequiresDependencies(): void
{
$reflection = new \ReflectionClass(ShopBasketController::class);
$constructor = $reflection->getConstructor();
$params = $constructor->getParameters();
$this->assertCount(2, $params);
$this->assertEquals('Domain\Order\OrderRepository', $params[0]->getType()->getName());
$this->assertEquals('Domain\PaymentMethod\PaymentMethodRepository', $params[1]->getType()->getName());
}
}

BIN
updates/0.30/ver_0.330.zip Normal file
View File

Binary file not shown.

23
updates/0.30/ver_0.330_manifest.json Normal file
View File

@@ -0,0 +1,23 @@
{
"changelog": "REFACT - eliminacja htaccess.conf; Helpers::htacces() generuje .htaccess w calosci z PHP; 32 statyczne trasy systemowe w pp_routes (type='system'); dynamiczne trasy jezykowe i producentow w pp_routes; invalidacja cache Redis pp_routes:all po htacces()",
"version": "0.330",
"files": {
"added": [
],
"deleted": [
],
"modified": [
"index.php"
]
},
"checksum_zip": "sha256:7e55f52c8d66a38231d3c19b65e70d1201af7a7fef0bfe69b1967fccae798bec",
"sql": [
],
"date": "2026-02-27",
"directories_deleted": [
]
}

BIN
updates/0.30/ver_0.331.zip Normal file
View File

Binary file not shown.

23
updates/0.30/ver_0.331_manifest.json Normal file
View File

@@ -0,0 +1,23 @@
{
"changelog": "FIX - getProductLayout: fallback categories_default zmieniony na status (produkty bez layoutu pobieraly szablon kategorii zamiast domyslnego)",
"version": "0.331",
"files": {
"added": [
],
"deleted": [
],
"modified": [
"autoload/Domain/Layouts/LayoutsRepository.php"
]
},
"checksum_zip": "sha256:c5246fe62ee19ccdc0424b2836cb18543ef20aa4449eda295a358c6022583ed5",
"sql": [
],
"date": "2026-03-01",
"directories_deleted": [
]
}

BIN
updates/0.30/ver_0.332.zip Normal file
View File

Binary file not shown.

24
updates/0.30/ver_0.332_manifest.json Normal file
View File

@@ -0,0 +1,24 @@
{
"changelog": "API produktow: nowe pola new_to_date i additional_message",
"version": "0.332",
"files": {
"added": [
],
"deleted": [
],
"modified": [
"autoload/Domain/Product/ProductRepository.php",
"autoload/api/Controllers/ProductsApiController.php"
]
},
"checksum_zip": "sha256:5405c0524ef3c2bdfb4039738299e8aac9c65a7b37d9bd4d21cdf566ce6701e7",
"sql": [
],
"date": "2026-03-01",
"directories_deleted": [
]
}

232
updates/changelog-data.html
View File

File diff suppressed because one or more lines are too long

2
updates/versions.php
View File

@@ -1,5 +1,5 @@
<?
$current_ver = 329;
$current_ver = 332;
for ($i = 1; $i <= $current_ver; $i++)
{