ajax = true; } public function displayAjax() { if ($this->validate() === true) { try { $db = Db::getInstance(); $idShop = (int) Context::getContext()->shop->id; $sql = ' INSERT INTO `' . _DB_PREFIX_ . 'dpdshipping_cart_pickup` (`id_shop`, `id_cart`, `pudo_code`) VALUES (' . $idShop . ', ' . $this->getIdCart() . ', "' . pSQL($this->getPudoCode()) . '")'; $db->execute($sql); $response = ['success' => true, 'message' => $this->getPudoCode(), 'cart' => $this->getIdCart()]; } catch (Exception $e) { $response = ['success' => false, 'message' => $e->getMessage()]; } die(json_encode($response)); } else { die(json_encode(['success' => false, 'message' => 'Undefined error'])); } } private function validate(): bool { if ($_SERVER['REQUEST_METHOD'] !== 'POST') { die(json_encode(['success' => false, 'message' => 'Method not allowed'])); } if ($this->getCsrf() != Tools::getToken(false)) { die(json_encode(['success' => false, 'message' => 'Invalid token.'])); } if ($this->getToken() != sha1(_COOKIE_KEY_ . 'dpdshipping')) { die(json_encode(['success' => false, 'message' => 'Invalid token'])); } if (empty($this->getPudoCode()) || empty($this->getIdCart())) { die(json_encode(['success' => false, 'message' => 'Invalid params'])); } $cart = new Cart($this->getIdCart()); if (!Validate::isLoadedObject($cart)) { die(json_encode(['success' => false, 'message' => 'Cart error'])); } if ($cart->orderExists()) { die(json_encode(['success' => false, 'message' => 'Order exist'])); } if (Validate::isLoadedObject($this->context->customer) && $cart->id_customer != $this->context->customer->id) { die(json_encode(['success' => false, 'message' => 'Invalid customer'])); } return true; } /** * @return false|mixed */ public function getCsrf() { return Tools::getValue('dpdshipping_csrf'); } /** * @return false|mixed */ public function getToken() { return Tools::getValue('dpdshipping_token'); } /** * @return false|mixed */ public function getPudoCode() { return Tools::getValue('dpdshipping_pudo_code'); } /** * @return int */ public function getIdCart(): int { return Tools::getValue('dpdshipping_id_cart'); } }