1c747af1b6
- Usunięty błędny guard w summaryView() blokujący kolejne zamówienia - Token zamówienia z jednorazowego na TTL 30 min (multi-tab safe) - Logowanie błędów zamówień do logs/logs-order-YYYY-MM-DD.log - Redirect przy złym tokenie na /koszyk-podsumowanie zamiast /koszyk - Double-submit guard przeniesiony przed sprawdzenie tokena Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
620 lines
23 KiB
PHP
620 lines
23 KiB
PHP
<?php
|
|
namespace front\Controllers;
|
|
|
|
class ShopBasketController
|
|
{
|
|
private const ORDER_SUBMIT_TOKEN_SESSION_KEY = 'order-submit-token';
|
|
private const ORDER_SUBMIT_LAST_ORDER_ID_SESSION_KEY = 'order-submit-last-order-id';
|
|
private const ORDER_SUBMIT_TOKEN_TTL = 1800;
|
|
|
|
public static $title = [
|
|
'mainView' => 'Koszyk'
|
|
];
|
|
|
|
private $orderRepository;
|
|
private $paymentMethodRepository;
|
|
|
|
public function __construct( \Domain\Order\OrderRepository $orderRepository, \Domain\PaymentMethod\PaymentMethodRepository $paymentMethodRepository )
|
|
{
|
|
$this->orderRepository = $orderRepository;
|
|
$this->paymentMethodRepository = $paymentMethodRepository;
|
|
}
|
|
|
|
public function basketMessageSave()
|
|
{
|
|
\Shared\Helpers\Helpers::set_session( 'basket_message', \Shared\Helpers\Helpers::get( 'basket_message' ) );
|
|
echo json_encode( [ 'result' => 'ok' ] );
|
|
exit;
|
|
}
|
|
|
|
public function basketRemoveProduct()
|
|
{
|
|
global $lang_id;
|
|
|
|
$basket = \Shared\Helpers\Helpers::get_session( 'basket' );
|
|
$coupon = \Shared\Helpers\Helpers::get_session( 'coupon' );
|
|
$product_hash = \Shared\Helpers\Helpers::get( 'product_hash' );
|
|
$basket_transport_method_id = \Shared\Helpers\Helpers::get_session( 'basket-transport-method-id' );
|
|
|
|
unset( $basket[ $product_hash ] );
|
|
|
|
$basket = (new \Domain\Promotion\PromotionRepository($GLOBALS['mdb']))->findPromotion( $basket );
|
|
|
|
\Shared\Helpers\Helpers::set_session( 'basket', $basket );
|
|
|
|
$this->jsonBasketResponse( $basket, $coupon, $lang_id, $basket_transport_method_id );
|
|
}
|
|
|
|
public function basketIncreaseQuantityProduct()
|
|
{
|
|
global $lang_id;
|
|
|
|
$basket = \Shared\Helpers\Helpers::get_session( 'basket' );
|
|
$coupon = \Shared\Helpers\Helpers::get_session( 'coupon' );
|
|
$product_hash = \Shared\Helpers\Helpers::get( 'product_hash' );
|
|
$basket_transport_method_id = \Shared\Helpers\Helpers::get_session( 'basket-transport-method-id' );
|
|
$basket[ $product_hash ][ 'quantity' ]++;
|
|
|
|
\Domain\Basket\BasketCalculator::checkProductQuantityInStock( $basket, false );
|
|
|
|
$basket = \Shared\Helpers\Helpers::get_session( 'basket' );
|
|
|
|
$basket = (new \Domain\Promotion\PromotionRepository($GLOBALS['mdb']))->findPromotion( $basket );
|
|
|
|
\Shared\Helpers\Helpers::set_session( 'basket', $basket );
|
|
|
|
$this->jsonBasketResponse( $basket, $coupon, $lang_id, $basket_transport_method_id );
|
|
}
|
|
|
|
public function basketDecreaseQuantityProduct()
|
|
{
|
|
global $lang_id;
|
|
|
|
$basket = \Shared\Helpers\Helpers::get_session( 'basket' );
|
|
$coupon = \Shared\Helpers\Helpers::get_session( 'coupon' );
|
|
$product_hash = \Shared\Helpers\Helpers::get( 'product_hash' );
|
|
$basket_transport_method_id = \Shared\Helpers\Helpers::get_session( 'basket-transport-method-id' );
|
|
|
|
$basket[ $product_hash ][ 'quantity' ]--;
|
|
|
|
if ( $basket[ $product_hash ][ 'quantity' ] < 1 )
|
|
unset( $basket[ $product_hash ] );
|
|
|
|
$basket = (new \Domain\Promotion\PromotionRepository($GLOBALS['mdb']))->findPromotion( $basket );
|
|
|
|
\Shared\Helpers\Helpers::set_session( 'basket', $basket );
|
|
|
|
$this->jsonBasketResponse( $basket, $coupon, $lang_id, $basket_transport_method_id );
|
|
}
|
|
|
|
public function basketChangeQuantityProduct()
|
|
{
|
|
global $lang_id;
|
|
|
|
$basket = \Shared\Helpers\Helpers::get_session( 'basket' );
|
|
$coupon = \Shared\Helpers\Helpers::get_session( 'coupon' );
|
|
$product_hash = \Shared\Helpers\Helpers::get( 'product_hash' );
|
|
$basket_transport_method_id = \Shared\Helpers\Helpers::get_session( 'basket-transport-method-id' );
|
|
|
|
$basket[ $product_hash ][ 'quantity' ] = (int)\Shared\Helpers\Helpers::get( 'quantity' );
|
|
|
|
if ( $basket[ $product_hash ][ 'quantity' ] < 1 )
|
|
unset( $basket[ $product_hash ] );
|
|
|
|
$basket = (new \Domain\Promotion\PromotionRepository($GLOBALS['mdb']))->findPromotion( $basket );
|
|
|
|
\Domain\Basket\BasketCalculator::checkProductQuantityInStock( $basket, false );
|
|
|
|
$basket = \Shared\Helpers\Helpers::get_session( 'basket' );
|
|
|
|
$this->jsonBasketResponse( $basket, $coupon, $lang_id, $basket_transport_method_id );
|
|
}
|
|
|
|
public function productMessageChange()
|
|
{
|
|
$basket = \Shared\Helpers\Helpers::get_session( 'basket' );
|
|
$basket[ \Shared\Helpers\Helpers::get( 'position_code' ) ]['message'] = \Shared\Helpers\Helpers::get( 'product_message' );
|
|
\Shared\Helpers\Helpers::set_session( 'basket', $basket );
|
|
exit;
|
|
}
|
|
|
|
public function basketAddProduct()
|
|
{
|
|
global $lang_id;
|
|
$basket = \Domain\Basket\BasketCalculator::validateBasket( \Shared\Helpers\Helpers::get_session( 'basket' ) );
|
|
$values_tmp = json_decode( \Shared\Helpers\Helpers::get( 'values' ), true );
|
|
$values = [];
|
|
$attributes = [];
|
|
$custom_fields = [];
|
|
|
|
foreach( $values_tmp as $key => $val )
|
|
$values[ $val['name'] ] = $val['value'];
|
|
|
|
foreach( $values as $key => $val )
|
|
{
|
|
if ( $key != 'product-id' and $key != 'quantity' and $key != 'product-message' and strpos( $key, 'custom_field' ) === false )
|
|
$attributes[] = $val;
|
|
}
|
|
|
|
// Sort by attribute ID to match permutation_hash order (generated with ksort)
|
|
usort( $attributes, function ( $a, $b ) {
|
|
return (int) explode( '-', $a )[0] - (int) explode( '-', $b )[0];
|
|
} );
|
|
|
|
foreach( $values as $key => $val )
|
|
{
|
|
if ( strpos( $key, 'custom_field' ) !== false )
|
|
{
|
|
preg_match( '/\d+/', $key, $matches );
|
|
$custom_field_id = $matches[0];
|
|
$custom_fields[ $custom_field_id ] = $val;
|
|
}
|
|
}
|
|
|
|
if ( \Shared\Helpers\Helpers::is_array_fix( $attributes ) )
|
|
{
|
|
$values['parent_id'] = $values[ 'product-id' ];
|
|
$values['product-id'] = ( new \Domain\Product\ProductRepository( $GLOBALS['mdb'] ) )->getProductIdByAttributes( $values[ 'product-id' ], $attributes );
|
|
$values['attributes'] = $attributes;
|
|
}
|
|
|
|
$values['wp'] = ( new \Domain\Product\ProductRepository( $GLOBALS['mdb'] ) )->getWeightCached( (int)$values[ 'product-id' ] );
|
|
|
|
$attributes_implode = '';
|
|
if ( is_array( $attributes ) and count( $attributes ) > 0 )
|
|
$attributes_implode = implode( '|', $attributes );
|
|
|
|
$product_code = md5( $values['product-id'] . $attributes_implode . $values['product-message'] . json_encode( $custom_fields ) );
|
|
|
|
if ( isset( $basket[ $product_code ] ) )
|
|
$basket[ $product_code ][ 'quantity' ] += $values[ 'quantity' ];
|
|
else
|
|
$basket[ $product_code ] = $values;
|
|
|
|
$basket[ $product_code ]['message'] = $values['product-message'];
|
|
$basket[ $product_code ]['custom_fields'] = $custom_fields;
|
|
|
|
$basket = (new \Domain\Promotion\PromotionRepository($GLOBALS['mdb']))->findPromotion( $basket );
|
|
|
|
\Shared\Helpers\Helpers::set_session( 'basket', $basket );
|
|
|
|
$coupon = \Shared\Helpers\Helpers::get_session( 'coupon' );
|
|
|
|
echo json_encode( [
|
|
'result' => 'ok',
|
|
'basket_mini_count' => \Domain\Basket\BasketCalculator::countProductsText( \Domain\Basket\BasketCalculator::countProducts( $basket ) ),
|
|
'basket_mini_value' => \Domain\Basket\BasketCalculator::summaryPrice( $basket, $coupon, $lang_id ),
|
|
'product_sets' => ( new \Domain\Product\ProductRepository( $GLOBALS['mdb'] ) )->productSetsWhenAddToBasket( (int)$values['product-id'] )
|
|
] );
|
|
exit;
|
|
}
|
|
|
|
public function transportMethodInpostCheck()
|
|
{
|
|
$transport_id = \Shared\Helpers\Helpers::get_session( 'basket-transport-method-id' );
|
|
|
|
if ( $transport_id === '2' or $transport_id === '1' )
|
|
{
|
|
if ( !\Shared\Helpers\Helpers::get_session( 'basket-inpost-info' ) )
|
|
{
|
|
echo json_encode( [ 'result' => 'bad' ] );
|
|
exit;
|
|
}
|
|
}
|
|
|
|
if ( $transport_id === '9' )
|
|
{
|
|
if ( !\Shared\Helpers\Helpers::get_session( 'basket_orlen_point_id' ) )
|
|
{
|
|
echo json_encode( [ 'result' => 'bad' ] );
|
|
exit;
|
|
}
|
|
}
|
|
|
|
echo json_encode( [ 'result' => 'ok' ] );
|
|
exit;
|
|
}
|
|
|
|
public function inpostCheck()
|
|
{
|
|
if ( !\Shared\Helpers\Helpers::get_session( 'basket-inpost-info' ) )
|
|
echo json_encode( [ 'result' => 'bad' ] );
|
|
else
|
|
echo json_encode( [ 'result' => 'ok' ] );
|
|
exit;
|
|
}
|
|
|
|
public function orlenSave()
|
|
{
|
|
\Shared\Helpers\Helpers::set_session( 'basket_orlen_point_id', \Shared\Helpers\Helpers::get( 'orlen_point_id' ) );
|
|
\Shared\Helpers\Helpers::set_session( 'basket_orlen_point_info', \Shared\Helpers\Helpers::get( 'orlen_point_name' ) );
|
|
echo json_encode( [ 'result' => 'ok' ] );
|
|
exit;
|
|
}
|
|
|
|
public function inpostSave()
|
|
{
|
|
\Shared\Helpers\Helpers::set_session( 'basket-inpost-info', \Shared\Helpers\Helpers::get( 'paczkomat' ) );
|
|
echo json_encode( [ 'result' => 'ok' ] );
|
|
exit;
|
|
}
|
|
|
|
public function basketPaymentMethodSet()
|
|
{
|
|
\Shared\Helpers\Helpers::set_session( 'basket-payment-method-id', \Shared\Helpers\Helpers::get( 'payment_method_id' ) );
|
|
echo json_encode( [ 'result' => 'ok' ] );
|
|
exit;
|
|
}
|
|
|
|
public function basketTransportMethodSet()
|
|
{
|
|
\Shared\Helpers\Helpers::set_session( 'basket-transport-method-id', \Shared\Helpers\Helpers::get( 'transport_method_id' ) );
|
|
echo json_encode( [ 'result' => 'ok' ] );
|
|
exit;
|
|
}
|
|
|
|
public function basketPaymentsMethods()
|
|
{
|
|
\Shared\Helpers\Helpers::set_session( 'basket-transport-method-id', \Shared\Helpers\Helpers::get( 'transport_method_id' ) );
|
|
|
|
echo json_encode( [
|
|
'result' => 'ok',
|
|
'payment_methods' => \front\Views\ShopPaymentMethod::basketPaymentMethods(
|
|
$this->paymentMethodRepository->paymentMethodsByTransport( (int)\Shared\Helpers\Helpers::get( 'transport_method_id' ) ),
|
|
\Shared\Helpers\Helpers::get( 'payment_method_id' )
|
|
)
|
|
] );
|
|
exit;
|
|
}
|
|
|
|
public function summaryView()
|
|
{
|
|
global $lang_id, $settings;
|
|
|
|
if ( \Domain\Basket\BasketCalculator::checkProductQuantityInStock( \Shared\Helpers\Helpers::get_session( 'basket' ) ) )
|
|
{
|
|
header( 'Location: /koszyk' );
|
|
exit;
|
|
}
|
|
|
|
$client = \Shared\Helpers\Helpers::get_session( 'client' );
|
|
$orderSubmitToken = $this->createOrderSubmitToken();
|
|
|
|
return \Shared\Tpl\Tpl::view( 'shop-basket/summary-view', [
|
|
'lang_id' => $lang_id,
|
|
'client' => \Shared\Helpers\Helpers::get_session( 'client' ),
|
|
'basket' => \Shared\Helpers\Helpers::get_session( 'basket' ),
|
|
'transport' => ( new \Domain\Transport\TransportRepository( $GLOBALS['mdb'] ) )->findActiveByIdCached( \Shared\Helpers\Helpers::get_session( 'basket-transport-method-id' ) ),
|
|
'payment_method' => $this->paymentMethodRepository->paymentMethodCached( (int)\Shared\Helpers\Helpers::get_session( 'basket-payment-method-id' ) ),
|
|
'addresses' => ( new \Domain\Client\ClientRepository( $GLOBALS['mdb'] ) )->clientAddresses( (int)$client['id'] ),
|
|
'settings' => $settings,
|
|
'coupon' => \Shared\Helpers\Helpers::get_session( 'coupon' ),
|
|
'basket_message' => \Shared\Helpers\Helpers::get_session( 'basket_message' ),
|
|
'order_submit_token' => $orderSubmitToken
|
|
] );
|
|
}
|
|
|
|
public function basketSave()
|
|
{
|
|
$orderSubmitToken = (string)\Shared\Helpers\Helpers::get( 'order_submit_token', true );
|
|
$existingOrderId = isset( $_SESSION[ self::ORDER_SUBMIT_LAST_ORDER_ID_SESSION_KEY ] ) ? (int)$_SESSION[ self::ORDER_SUBMIT_LAST_ORDER_ID_SESSION_KEY ] : 0;
|
|
|
|
$basket = \Shared\Helpers\Helpers::get_session( 'basket' );
|
|
if ( empty( $basket ) && $existingOrderId > 0 )
|
|
{
|
|
$existingOrderHash = $this->orderRepository->findHashById( $existingOrderId );
|
|
if ( $existingOrderHash )
|
|
{
|
|
$this->logOrder( 'Double-submit detected, redirecting to existing order id=' . $existingOrderId );
|
|
header( 'Location: /zamowienie/' . $existingOrderHash );
|
|
exit;
|
|
}
|
|
}
|
|
|
|
if ( !$this->isValidOrderSubmitToken( $orderSubmitToken ) )
|
|
{
|
|
$this->logOrder( 'Token validation failed. formToken=' . $orderSubmitToken . ' existingOrderId=' . $existingOrderId );
|
|
\Shared\Helpers\Helpers::error( \Shared\Helpers\Helpers::lang( 'zamowienie-zostalo-zlozone-komunikat-blad' ) );
|
|
header( 'Location: /koszyk-podsumowanie' );
|
|
exit;
|
|
}
|
|
|
|
$this->consumeOrderSubmitToken();
|
|
|
|
$client = \Shared\Helpers\Helpers::get_session( 'client' );
|
|
|
|
if ( \Domain\Basket\BasketCalculator::checkProductQuantityInStock( \Shared\Helpers\Helpers::get_session( 'basket' ) ) )
|
|
{
|
|
header( 'Location: /koszyk' );
|
|
exit;
|
|
}
|
|
|
|
$order_id = null;
|
|
try
|
|
{
|
|
$order_id = $this->orderRepository->createFromBasket(
|
|
$client[ 'id' ],
|
|
\Shared\Helpers\Helpers::get_session( 'basket' ),
|
|
\Shared\Helpers\Helpers::get_session( 'basket-transport-method-id' ),
|
|
\Shared\Helpers\Helpers::get_session( 'basket-payment-method-id' ),
|
|
\Shared\Helpers\Helpers::get( 'email', true ),
|
|
\Shared\Helpers\Helpers::get( 'phone', true ),
|
|
\Shared\Helpers\Helpers::get( 'name', true ),
|
|
\Shared\Helpers\Helpers::get( 'surname', true ),
|
|
\Shared\Helpers\Helpers::get( 'street' ),
|
|
\Shared\Helpers\Helpers::get( 'postal_code', true ),
|
|
\Shared\Helpers\Helpers::get( 'city', true ),
|
|
\Shared\Helpers\Helpers::get( 'firm_name', true ),
|
|
\Shared\Helpers\Helpers::get( 'firm_street', true ),
|
|
\Shared\Helpers\Helpers::get( 'firm_postal_code', true ),
|
|
\Shared\Helpers\Helpers::get( 'firm_city', true ),
|
|
\Shared\Helpers\Helpers::get( 'firm_nip', true ),
|
|
\Shared\Helpers\Helpers::get_session( 'basket-inpost-info' ),
|
|
\Shared\Helpers\Helpers::get_session( 'basket_orlen_point_id' ),
|
|
\Shared\Helpers\Helpers::get_session( 'basket_orlen_point_info' ),
|
|
\Shared\Helpers\Helpers::get_session( 'coupon' ),
|
|
\Shared\Helpers\Helpers::get_session( 'basket_message' )
|
|
);
|
|
}
|
|
catch ( \Exception $e )
|
|
{
|
|
$this->logOrder( 'createFromBasket exception: ' . $e->getMessage() );
|
|
error_log( '[basketSave] createFromBasket exception: ' . $e->getMessage() );
|
|
\Shared\Helpers\Helpers::error( \Shared\Helpers\Helpers::lang( 'zamowienie-zostalo-zlozone-komunikat-blad' ) );
|
|
header( 'Location: /koszyk' );
|
|
exit;
|
|
}
|
|
|
|
if ( $order_id )
|
|
{
|
|
\Shared\Helpers\Helpers::set_session( self::ORDER_SUBMIT_LAST_ORDER_ID_SESSION_KEY, (int)$order_id );
|
|
\Shared\Helpers\Helpers::alert( \Shared\Helpers\Helpers::lang( 'zamowienie-zostalo-zlozone-komunikat' ) );
|
|
\Shared\Helpers\Helpers::delete_session( 'basket' );
|
|
\Shared\Helpers\Helpers::delete_session( 'basket-transport-method-id' );
|
|
\Shared\Helpers\Helpers::delete_session( 'basket-payment-method-id' );
|
|
\Shared\Helpers\Helpers::delete_session( 'basket-inpost-info' );
|
|
\Shared\Helpers\Helpers::delete_session( 'basket_orlen_point_id' );
|
|
\Shared\Helpers\Helpers::delete_session( 'basket_orlen_point_info' );
|
|
\Shared\Helpers\Helpers::delete_session( 'coupon' );
|
|
\Shared\Helpers\Helpers::delete_session( 'basket_message' );
|
|
|
|
\Shared\Helpers\Helpers::set_session( 'piksel_purchase', true );
|
|
\Shared\Helpers\Helpers::set_session( 'google-adwords-purchase', true );
|
|
\Shared\Helpers\Helpers::set_session( 'google-analytics-purchase', true );
|
|
\Shared\Helpers\Helpers::set_session( 'ekomi-purchase', true );
|
|
|
|
$redis = \Shared\Cache\RedisConnection::getInstance() -> getConnection();
|
|
if ( $redis )
|
|
$redis -> flushAll();
|
|
|
|
header( 'Location: /zamowienie/' . $this->orderRepository->findHashById( $order_id ) );
|
|
exit;
|
|
}
|
|
else
|
|
{
|
|
$this->logOrder( 'createFromBasket returned falsy order_id. client_id=' . ( $client['id'] ?? '?' ) . ' email=' . ( \Shared\Helpers\Helpers::get( 'email', true ) ?: '?' ) );
|
|
\Shared\Helpers\Helpers::error( \Shared\Helpers\Helpers::lang( 'zamowienie-zostalo-zlozone-komunikat-blad' ) );
|
|
header( 'Location: /koszyk' );
|
|
exit;
|
|
}
|
|
}
|
|
|
|
public function mainView()
|
|
{
|
|
global $lang_id, $page, $settings;
|
|
|
|
$page[ 'language' ][ 'meta_title' ] = 'Koszyk';
|
|
|
|
$basket = \Shared\Helpers\Helpers::get_session( 'basket' );
|
|
$coupon = \Shared\Helpers\Helpers::get_session( 'coupon' );
|
|
$payment_method_id = \Shared\Helpers\Helpers::get_session( 'payment_method_id' );
|
|
$basket_transport_method_id = \Shared\Helpers\Helpers::get_session( 'basket-transport-method-id' );
|
|
|
|
if ( \Domain\Basket\BasketCalculator::checkProductQuantityInStock( $basket ) )
|
|
{
|
|
header( 'Location: /koszyk' );
|
|
exit;
|
|
}
|
|
|
|
$basket = (new \Domain\Promotion\PromotionRepository($GLOBALS['mdb']))->findPromotion( $basket );
|
|
|
|
return \Shared\Tpl\Tpl::view( 'shop-basket/basket', [
|
|
'basket' => $basket,
|
|
'coupon' => $coupon,
|
|
'transport_id' => \Shared\Helpers\Helpers::get_session( 'basket-transport-method-id' ),
|
|
'transport_methods' => \Shared\Tpl\Tpl::view( 'shop-basket/basket-transport-methods', [
|
|
'transports_methods' => ( new \Domain\Transport\TransportRepository( $GLOBALS['mdb'] ) )->transportMethodsFront( $basket, $coupon ),
|
|
'transport_id' => $basket_transport_method_id,
|
|
'free_delivery' => (float)($settings['free_delivery'] ?? 0),
|
|
'basket_summary' => (float)\Domain\Basket\BasketCalculator::summaryPrice( $basket, $coupon )
|
|
] ),
|
|
'payment_method_id' => $payment_method_id,
|
|
'basket_details' => \Shared\Tpl\Tpl::view( 'shop-basket/basket-details', [
|
|
'basket' => $basket,
|
|
'lang_id' => $lang_id,
|
|
'coupon' => $coupon,
|
|
'basket_message' => \Shared\Helpers\Helpers::get_session( 'basket_message' ),
|
|
'settings' => $settings
|
|
] )
|
|
] );
|
|
}
|
|
|
|
public function basketUpdateCustomFields()
|
|
{
|
|
$basket = \Shared\Helpers\Helpers::get_session( 'basket' );
|
|
$product_code = \Shared\Helpers\Helpers::get( 'product_code' );
|
|
|
|
if ( !isset( $basket[ $product_code ] ) )
|
|
{
|
|
echo json_encode( [ 'result' => 'error', 'message' => 'Pozycja nie istnieje w koszyku' ] );
|
|
exit;
|
|
}
|
|
|
|
$position = $basket[ $product_code ];
|
|
$new_custom_fields = [];
|
|
$custom_fields_raw = \Shared\Helpers\Helpers::get( 'custom_field' );
|
|
|
|
if ( is_array( $custom_fields_raw ) )
|
|
{
|
|
foreach ( $custom_fields_raw as $field_id => $value )
|
|
{
|
|
$new_custom_fields[ (int)$field_id ] = $value;
|
|
}
|
|
}
|
|
|
|
$productRepo = new \Domain\Product\ProductRepository( $GLOBALS['mdb'] );
|
|
$missing_fields = [];
|
|
|
|
foreach ( $new_custom_fields as $field_id => $value )
|
|
{
|
|
$field_meta = $productRepo->findCustomFieldCached( $field_id );
|
|
if ( $field_meta && (int)$field_meta['is_required'] === 1 && trim( $value ) === '' )
|
|
{
|
|
$missing_fields[] = $field_meta['name'];
|
|
}
|
|
}
|
|
|
|
if ( count( $missing_fields ) > 0 )
|
|
{
|
|
echo json_encode( [ 'result' => 'error', 'message' => 'Wypełnij wymagane pola: ' . implode( ', ', $missing_fields ) ] );
|
|
exit;
|
|
}
|
|
|
|
$attributes_implode = '';
|
|
if ( isset( $position['attributes'] ) && is_array( $position['attributes'] ) && count( $position['attributes'] ) > 0 )
|
|
{
|
|
$attributes_implode = implode( '|', $position['attributes'] );
|
|
}
|
|
|
|
$message = isset( $position['message'] ) ? $position['message'] : '';
|
|
$new_product_code = md5( $position['product-id'] . $attributes_implode . $message . json_encode( $new_custom_fields ) );
|
|
|
|
if ( $new_product_code === $product_code )
|
|
{
|
|
$basket[ $product_code ]['custom_fields'] = $new_custom_fields;
|
|
}
|
|
elseif ( isset( $basket[ $new_product_code ] ) )
|
|
{
|
|
$basket[ $new_product_code ]['quantity'] += $position['quantity'];
|
|
unset( $basket[ $product_code ] );
|
|
}
|
|
else
|
|
{
|
|
$position['custom_fields'] = $new_custom_fields;
|
|
$basket[ $new_product_code ] = $position;
|
|
unset( $basket[ $product_code ] );
|
|
}
|
|
|
|
$basket = ( new \Domain\Promotion\PromotionRepository( $GLOBALS['mdb'] ) )->findPromotion( $basket );
|
|
\Shared\Helpers\Helpers::set_session( 'basket', $basket );
|
|
|
|
echo json_encode( [ 'result' => 'ok' ] );
|
|
exit;
|
|
}
|
|
|
|
private function jsonBasketResponse( $basket, $coupon, $lang_id, $basket_transport_method_id )
|
|
{
|
|
global $settings;
|
|
|
|
echo json_encode( [
|
|
'basket' => \Shared\Tpl\Tpl::view( 'shop-basket/basket-details', [
|
|
'basket' => $basket,
|
|
'lang_id' => $lang_id,
|
|
'coupon' => $coupon
|
|
] ),
|
|
'basket_mini_count' => \Domain\Basket\BasketCalculator::countProductsText( \Domain\Basket\BasketCalculator::countProducts( $basket ) ),
|
|
'basket_mini_value' => \Domain\Basket\BasketCalculator::summaryPrice( $basket, $coupon, $lang_id ),
|
|
'products_count' => count( $basket ),
|
|
'transport_methods' => \Shared\Tpl\Tpl::view( 'shop-basket/basket-transport-methods', [
|
|
'transports_methods' => ( new \Domain\Transport\TransportRepository( $GLOBALS['mdb'] ) )->transportMethodsFront( $basket, $coupon ),
|
|
'transport_id' => $basket_transport_method_id,
|
|
'free_delivery' => (float)($settings['free_delivery'] ?? 0),
|
|
'basket_summary' => (float)\Domain\Basket\BasketCalculator::summaryPrice( $basket, $coupon )
|
|
] )
|
|
] );
|
|
exit;
|
|
}
|
|
|
|
private function createOrderSubmitToken()
|
|
{
|
|
$sessionData = isset( $_SESSION[ self::ORDER_SUBMIT_TOKEN_SESSION_KEY ] )
|
|
? $_SESSION[ self::ORDER_SUBMIT_TOKEN_SESSION_KEY ]
|
|
: null;
|
|
|
|
if ( is_array( $sessionData ) && isset( $sessionData['token'], $sessionData['created_at'] ) )
|
|
{
|
|
if ( ( time() - $sessionData['created_at'] ) < self::ORDER_SUBMIT_TOKEN_TTL )
|
|
{
|
|
return $sessionData['token'];
|
|
}
|
|
}
|
|
|
|
$token = $this->generateOrderSubmitToken();
|
|
\Shared\Helpers\Helpers::set_session( self::ORDER_SUBMIT_TOKEN_SESSION_KEY, [
|
|
'token' => $token,
|
|
'created_at' => time()
|
|
] );
|
|
\Shared\Helpers\Helpers::delete_session( self::ORDER_SUBMIT_LAST_ORDER_ID_SESSION_KEY );
|
|
|
|
return $token;
|
|
}
|
|
|
|
private function generateOrderSubmitToken()
|
|
{
|
|
try
|
|
{
|
|
return bin2hex( random_bytes( 16 ) );
|
|
}
|
|
catch ( \Exception $exception )
|
|
{
|
|
return md5( uniqid( (string)mt_rand(), true ) );
|
|
}
|
|
}
|
|
|
|
private function isValidOrderSubmitToken( $token )
|
|
{
|
|
if ( !$token )
|
|
return false;
|
|
|
|
$sessionData = isset( $_SESSION[ self::ORDER_SUBMIT_TOKEN_SESSION_KEY ] )
|
|
? $_SESSION[ self::ORDER_SUBMIT_TOKEN_SESSION_KEY ]
|
|
: null;
|
|
|
|
if ( !$sessionData )
|
|
return false;
|
|
|
|
// Backward compatibility: stary format (plain string)
|
|
if ( is_string( $sessionData ) )
|
|
{
|
|
$sessionToken = $sessionData;
|
|
}
|
|
elseif ( is_array( $sessionData ) && isset( $sessionData['token'], $sessionData['created_at'] ) )
|
|
{
|
|
if ( ( time() - $sessionData['created_at'] ) >= self::ORDER_SUBMIT_TOKEN_TTL )
|
|
return false;
|
|
$sessionToken = $sessionData['token'];
|
|
}
|
|
else
|
|
{
|
|
return false;
|
|
}
|
|
|
|
if ( function_exists( 'hash_equals' ) )
|
|
return hash_equals( $sessionToken, $token );
|
|
|
|
return $sessionToken === $token;
|
|
}
|
|
|
|
private function consumeOrderSubmitToken()
|
|
{
|
|
\Shared\Helpers\Helpers::delete_session( self::ORDER_SUBMIT_TOKEN_SESSION_KEY );
|
|
}
|
|
|
|
private function logOrder( $message )
|
|
{
|
|
$logFile = __DIR__ . '/../../../logs/logs-order-' . date( 'Y-m-d' ) . '.log';
|
|
$line = '[' . date( 'Y-m-d H:i:s' ) . '] ' . $message . "\n";
|
|
@file_put_contents( $logFile, $line, FILE_APPEND );
|
|
}
|
|
}
|