3 use base 'BSE::UI::Dispatch';
5 use BSE::Util::SQL qw(now_sqldate now_sqldatetime);
6 use BSE::Shop::Util qw(need_logon shop_cart_tags payment_types nice_options
7 cart_item_opts basic_tags);
8 use BSE::CfgInfo qw(custom_class credit_card_class);
10 use BSE::TB::OrderItems;
12 use BSE::Util::Tags qw(tag_error_img tag_hash);
14 use BSE::TB::Seminars;
15 use DevHelp::Validate qw(dh_validate dh_validate_hash);
16 use Digest::MD5 'md5_hex';
18 use constant PAYMENT_CC => 0;
19 use constant PAYMENT_CHEQUE => 1;
20 use constant PAYMENT_CALLME => 2;
43 name1 => 'delivFirstName',
44 name2 => 'delivLastName',
45 address => 'delivStreet',
46 organization => 'delivOrganization',
47 city => 'delivSuburb',
48 postcode => 'delivPostCode',
49 state => 'delivState',
50 country => 'delivCountry',
51 email => 'emailAddress',
52 cardHolder => 'ccName',
56 my %rev_field_map = reverse %field_map;
58 sub actions { \%actions }
60 sub default_action { 'cart' }
63 my ($class, $cgi) = @_;
65 for my $key ($cgi->param()) {
66 if ($key =~ /^delete_(\d+)(?:\.x)?$/) {
67 return ( remove_item => $1 );
69 elsif ($key =~ /^(?:a_)?addsingle(\d+)(?:\.x)?$/) {
70 return ( addsingle => $1 );
78 my ($class, $req, $msg) = @_;
80 my @cart = @{$req->session->{cart} || []};
82 my @items = $class->_build_items($req, \@cart_prods);
87 $req->session->{custom} ||= {};
88 my %custom_state = %{$req->session->{custom}};
90 my $cust_class = custom_class($req->cfg);
91 $cust_class->enter_cart(\@cart, \@cart_prods, \%custom_state, $req->cfg);
92 $msg = '' unless defined $msg;
93 $msg = escape_html($msg);
98 $cust_class->cart_actions(\%acts, \@cart, \@cart_prods, \%custom_state,
100 shop_cart_tags(\%acts, \@items, \@cart_prods, $req, 'cart'),
104 $req->session->{custom} = \%custom_state;
105 $req->session->{order_info_confirmed} = 0;
107 # intended to ajax enable the shop cart with partial templates
108 my $template = 'cart';
109 my $embed = $req->cgi->param('embed');
110 if (defined $embed and $embed =~ /^\w+$/) {
111 $template = "include/cart_$embed";
113 return $req->response($template, \%acts);
117 my ($class, $req) = @_;
121 my $addid = $cgi->param('id');
123 my $quantity = $cgi->param('quantity');
128 my ($product, $options, $extras)
129 = $class->_validate_add($req, $addid, $quantity, \$error, \$refresh_logon);
130 if ($refresh_logon) {
131 return $class->_refresh_logon($req, @$refresh_logon);
134 return $class->req_cart($req, $error);
137 $req->session->{cart} ||= [];
138 my @cart = @{$req->session->{cart}};
139 my $started_empty = @cart == 0;
142 for my $item (@cart) {
143 $item->{productId} eq $addid && $item->{options} eq $options
147 $item->{units} += $quantity;
155 price=>$product->{retailPrice},
161 $req->session->{cart} = \@cart;
162 $req->session->{order_info_confirmed} = 0;
164 my $refresh = $cgi->param('r');
166 $refresh = $ENV{SCRIPT_NAME};
170 if ($refresh eq 'ajaxcart') {
171 return $class->req_cart($req);
174 return _add_refresh($refresh, $req, $started_empty);
178 my ($class, $req, $addid) = @_;
183 my $quantity = $cgi->param("qty$addid");
184 defined $quantity && $quantity =~ /\S/
189 my ($product, $options, $extras)
190 = $class->_validate_add($req, $addid, $quantity, \$error, \$refresh_logon);
191 if ($refresh_logon) {
192 return $class->_refresh_logon($req, @$refresh_logon);
195 return $class->req_cart($req, $error);
198 $req->session->{cart} ||= [];
199 my @cart = @{$req->session->{cart}};
200 my $started_empty = @cart == 0;
203 for my $item (@cart) {
204 $item->{productId} eq $addid && $item->{options} eq $options
208 $item->{units} += $quantity;
216 price=>$product->{retailPrice},
222 $req->session->{cart} = \@cart;
223 $req->session->{order_info_confirmed} = 0;
225 my $refresh = $cgi->param('r');
227 $refresh = $ENV{SCRIPT_NAME};
231 if ($refresh eq 'ajaxcart') {
232 return $class->req_cart($req);
235 return _add_refresh($refresh, $req, $started_empty);
238 sub req_addmultiple {
239 my ($class, $req) = @_;
242 my @qty_keys = map /^qty(\d+)/, $cgi->param;
246 for my $addid (@qty_keys) {
247 my $quantity = $cgi->param("qty$addid");
248 defined $quantity && $quantity =~ /^\s*\d+\s*$/
253 my ($product, $options, $extras) =
254 $class->_validate_add($req, $addid, $quantity, \$error, \$refresh_logon);
255 if ($refresh_logon) {
256 return $class->_refresh_logon($req, @$refresh_logon);
259 return $class->req_cart($req, $error);
261 if ($product->{options}) {
262 push @messages, "$product->{title} has options, you need to use the product page to add this product";
267 id => $product->{id},
270 quantity => $quantity,
274 my $started_empty = 0;
275 if (keys %additions) {
276 $req->session->{cart} ||= [];
277 my @cart = @{$req->session->{cart}};
278 $started_empty = @cart == 0;
279 for my $item (@cart) {
280 $item->{options} eq '' or next;
282 my $addition = delete $additions{$item->{productId}}
285 $item->{units} += $addition->{quantity};
287 for my $addition (values %additions) {
288 $addition->{quantity} > 0 or next;
289 my $product = $addition->{product};
292 productId => $product->{id},
293 units => $addition->{quantity},
294 price=>$product->{retailPrice},
296 %{$addition->{extras}},
300 $req->session->{cart} = \@cart;
301 $req->session->{order_info_confirmed} = 0;
304 my $refresh = $cgi->param('r');
306 $refresh = $ENV{SCRIPT_NAME};
309 my $sep = $refresh =~ /\?/ ? '&' : '?';
311 for my $message (@messages) {
312 $refresh .= $sep . "m=" . escape_uri($message);
318 if ($refresh eq 'ajaxcart') {
319 return $class->req_cart($req);
322 return _add_refresh($refresh, $req, $started_empty);
326 my ($class, $req, $message, $olddata) = @_;
329 if (defined $message) {
332 $message = $req->message($errors);
341 $class->update_quantities($req);
342 my @cart = @{$req->session->{cart}};
344 @cart or return $class->req_cart($req);
347 my @items = $class->_build_items($req, \@cart_prods);
349 if (my ($msg, $id) = $class->_need_logon($req, \@cart, \@cart_prods)) {
350 return $class->_refresh_logon($req, $msg, $id);
354 my $user = $req->siteuser;
356 $req->session->{custom} ||= {};
357 my %custom_state = %{$req->session->{custom}};
359 my $cust_class = custom_class($cfg);
360 $cust_class->enter_cart(\@cart, \@cart_prods, \%custom_state, $cfg);
362 my $affiliate_code = $req->session->{affiliate_code};
363 defined $affiliate_code or $affiliate_code = '';
365 my $order_info = $req->session->{order_info};
373 shop_cart_tags(\%acts, \@items, \@cart_prods, $req, 'checkout'),
382 $value = $cgi->param($_[0]);
383 unless (defined $value) {
384 $value = $user->{$_[0]}
388 elsif ($order_info && defined $order_info->{$_[0]}) {
389 $value = $order_info->{$_[0]};
393 $rev_field_map{$field} and $field = $rev_field_map{$field};
394 $value = $user && defined $user->{$field} ? $user->{$field} : '';
397 defined $value or $value = '';
400 $cust_class->checkout_actions(\%acts, \@cart, \@cart_prods,
401 \%custom_state, $req->cgi, $cfg),
402 ifUser => defined $user,
403 user => $user ? [ \&tag_hash, $user ] : '',
404 affiliate_code => escape_html($affiliate_code),
405 error_img => [ \&tag_error_img, $cfg, $errors ],
407 $req->session->{custom} = \%custom_state;
409 return $req->response('checkoutnew', \%acts);
412 sub req_checkupdate {
413 my ($class, $req) = @_;
415 $req->session->{cart} ||= [];
416 my @cart = @{$req->session->{cart}};
417 my @cart_prods = map { Products->getByPkey($_->{productId}) } @cart;
418 $req->session->{custom} ||= {};
419 my %custom_state = %{$req->session->{custom}};
420 custom_class($req->cfg)
421 ->checkout_update($req->cgi, \@cart, \@cart_prods, \%custom_state, $req->cfg);
422 $req->session->{custom} = \%custom_state;
423 $req->session->{order_info_confirmed} = 0;
425 return $class->req_checkout($req, "", 1);
428 sub req_remove_item {
429 my ($class, $req, $index) = @_;
431 $req->session->{cart} ||= [];
432 my @cart = @{$req->session->{cart}};
433 if ($index >= 0 && $index < @cart) {
434 splice(@cart, $index, 1);
436 $req->session->{cart} = \@cart;
437 $req->session->{order_info_confirmed} = 0;
439 return BSE::Template->get_refresh($ENV{SCRIPT_NAME}, $req->cfg);
443 # saves order and refresh to payment page
445 my ($class, $req) = @_;
450 $req->session->{cart} && @{$req->session->{cart}}
451 or return $class->req_cart($req, "Your cart is empty");
454 $class->_validate_cfg($req, \$msg)
455 or return $class->req_cart($req, $msg);
458 my @items = $class->_build_items($req, \@products);
461 if (($msg, $id) = $class->_need_logon($req, \@items, \@products)) {
462 return $class->_refresh_logon($req, $msg, $id);
465 # some basic validation, in case the user switched off javascript
466 my $cust_class = custom_class($cfg);
468 my %fields = BSE::TB::Order->valid_fields($cfg);
469 my %rules = BSE::TB::Order->valid_rules($cfg);
473 for my $name (keys %fields) {
474 ($values{$name}) = $cgi->param($name);
478 $cust_class->required_fields($cgi, $req->session->{custom}, $cfg);
480 for my $name (@required) {
481 $field_map{$name} and $name = $field_map{$name};
483 $fields{$name}{required} = 1;
486 dh_validate_hash(\%values, \%errors, { rules=>\%rules, fields=>\%fields },
487 $cfg, 'Shop Order Validation');
489 and return $class->req_checkout($req, \%errors, 1);
491 $class->_fillout_order($req, \%values, \@items, \$msg, 'payment')
492 or return $class->req_checkout($req, $msg, 1);
494 $req->session->{order_info} = \%values;
495 $req->session->{order_info_confirmed} = 1;
497 # skip payment page if nothing to pay
498 if ($values{total} == 0) {
499 return $class->req_payment($req);
502 return BSE::Template->get_refresh("$ENV{SCRIPT_NAME}?a_show_payment=1", $req->cfg);
506 sub req_show_payment {
507 my ($class, $req, $errors) = @_;
509 $req->session->{order_info_confirmed}
510 or return $class->req_checkout($req, 'Please proceed via the checkout page');
512 $req->session->{cart} && @{$req->session->{cart}}
513 or return $class->req_cart($req, "Your cart is empty");
519 my $msg = $req->message($errors);
521 my $order_values = $req->session->{order_info}
522 or return $class->req_checkout($req, "You need to enter order information first");
524 my @pay_types = payment_types($cfg);
525 my @payment_types = map $_->{id}, grep $_->{enabled}, @pay_types;
526 my %types_by_name = map { $_->{name} => $_->{id} } @pay_types;
527 @payment_types or @payment_types = ( PAYMENT_CALLME );
528 @payment_types = sort { $a <=> $b } @payment_types;
529 my %payment_types = map { $_=> 1 } @payment_types;
531 $errors and $payment = $cgi->param('paymentType');
532 defined $payment or $payment = $payment_types[0];
535 my @items = $class->_build_items($req, \@products);
543 order => [ \&tag_hash, $order_values ],
544 shop_cart_tags(\%acts, \@items, \@products, $req, 'payment'),
545 ifMultPaymentTypes => @payment_types > 1,
546 checkedPayment => [ \&tag_checkedPayment, $payment, \%types_by_name ],
547 ifPayments => [ \&tag_ifPayments, \@payment_types, \%types_by_name ],
548 error_img => [ \&tag_error_img, $cfg, $errors ],
549 total => $order_values->{total},
551 for my $type (@pay_types) {
552 my $id = $type->{id};
553 my $name = $type->{name};
554 $acts{"if${name}Payments"} = exists $payment_types{$id};
555 $acts{"if${name}FirstPayment"} = $payment_types[0] == $id;
556 $acts{"checkedIfFirst$name"} = $payment_types[0] == $id ? "checked " : "";
557 $acts{"checkedPayment$name"} = $payment == $id ? 'checked="checked" ' : "";
560 return $req->response('checkoutpay', \%acts);
570 my ($class, $req, $errors) = @_;
572 $req->session->{order_info_confirmed}
573 or return $class->req_checkout($req, 'Please proceed via the checkout page');
575 my $order_values = $req->session->{order_info}
576 or return $class->req_checkout($req, "You need to enter order information first");
580 my $session = $req->session;
583 if ($order_values->{total} != 0) {
584 my @pay_types = payment_types($cfg);
585 my @payment_types = map $_->{id}, grep $_->{enabled}, @pay_types;
586 my %pay_types = map { $_->{id} => $_ } @pay_types;
587 my %types_by_name = map { $_->{name} => $_->{id} } @pay_types;
588 @payment_types or @payment_types = ( PAYMENT_CALLME );
589 @payment_types = sort { $a <=> $b } @payment_types;
590 my %payment_types = map { $_=> 1 } @payment_types;
592 $paymentType = $cgi->param('paymentType');
593 defined $paymentType or $paymentType = $payment_types[0];
594 $payment_types{$paymentType}
595 or return $class->req_show_payment($req, { paymentType => "Invalid payment type" } , 1);
598 push @required, @{$pay_types{$paymentType}{require}};
600 my %fields = BSE::TB::Order->valid_payment_fields($cfg);
601 my %rules = BSE::TB::Order->valid_payment_rules($cfg);
602 for my $field (@required) {
603 if (exists $fields{$field}) {
604 $fields{$field}{required} = 1;
607 $fields{$field} = { description => $field, required=> 1 };
612 dh_validate($cgi, \%errors, { rules => \%rules, fields=>\%fields },
613 $cfg, 'Shop Order Validation');
615 and return $class->req_show_payment($req, \%errors);
617 for my $field (keys %fields) {
618 unless ($nostore{$field}) {
619 my $target = $field_map{$field} || $field;
620 ($order_values->{$target}) = $cgi->param($field);
629 $order_values->{paymentType} = $paymentType;
631 $order_values->{filled} = 0;
632 $order_values->{paidFor} = 0;
635 my @items = $class->_build_items($req, \@products);
637 my @columns = BSE::TB::Order->columns;
639 @columns{@columns} = @columns;
641 for my $col (@columns) {
642 defined $order_values->{$col} or $order_values->{$col} = '';
645 my @data = @{$order_values}{@columns};
649 if ($session->{order_work}) {
650 $order = BSE::TB::Orders->getByPkey($session->{order_work});
652 if ($order && !$order->{complete}) {
653 print STDERR "Recycling order $order->{id}\n";
655 my @allbutid = @columns;
657 @{$order}{@allbutid} = @data;
660 delete $session->{order_work};
662 tied(%$session)->save;
666 $order = BSE::TB::Orders->add(@data)
667 or die "Cannot add order";
672 my @item_cols = BSE::TB::OrderItem->columns;
673 for my $row_num (0..$#items) {
674 my $item = $items[$row_num];
675 my $product = $products[$row_num];
676 $item->{orderId} = $order->{id};
677 $item->{max_lapsed} = 0;
678 if ($product->{subscription_id} != -1) {
679 my $sub = $product->subscription;
680 $item->{max_lapsed} = $sub->{max_lapsed} if $sub;
682 defined $item->{session_id} or $item->{session_id} = 0;
683 my @data = @{$item}{@item_cols};
686 push(@dbitems, BSE::TB::OrderItems->add(@data));
688 my $sub = $product->subscription;
690 $subscribing_to{$sub->{text_id}} = $sub;
693 if ($item->{session_id}) {
694 my $user = $req->siteuser;
695 require BSE::TB::SeminarSessions;
696 my $session = BSE::TB::SeminarSessions->getByPkey($item->{session_id});
698 $session->add_attendee($user,
699 instructions => $order->{instructions},
700 options => $item->{options});
705 $order->{ccOnline} = 0;
707 my $ccprocessor = $cfg->entry('shop', 'cardprocessor');
708 if ($paymentType == PAYMENT_CC) {
709 my $ccNumber = $cgi->param('cardNumber');
710 my $ccExpiry = $cgi->param('cardExpiry');
713 my $cc_class = credit_card_class($cfg);
715 $order->{ccOnline} = 1;
717 $ccExpiry =~ m!^(\d+)\D(\d+)$! or die;
718 my ($month, $year) = ($1, $2);
719 $year > 2000 or $year += 2000;
720 my $expiry = sprintf("%04d%02d", $year, $month);
721 my $verify = $cgi->param('cardVerify');
722 defined $verify or $verify = '';
723 my $result = $cc_class->payment(orderno=>$order->{id},
724 amount => $order->{total},
725 cardnumber => $ccNumber,
726 expirydate => $expiry,
728 ipaddress => $ENV{REMOTE_ADDR});
729 unless ($result->{success}) {
731 print STDERR Dumper($result);
732 # failed, back to payments
733 $order->{ccSuccess} = 0;
734 $order->{ccStatus} = $result->{statuscode};
735 $order->{ccStatus2} = 0;
736 $order->{ccStatusText} = $result->{error};
737 $order->{ccTranId} = '';
740 $errors{cardNumber} = $result->{error};
741 $session->{order_work} = $order->{id};
742 return $class->req_show_payment($req, \%errors);
745 $order->{ccSuccess} = 1;
746 $order->{ccReceipt} = $result->{receipt};
747 $order->{ccStatus} = 0;
748 $order->{ccStatus2} = 0;
749 $order->{ccStatusText} = '';
750 $order->{ccTranId} = $result->{transactionid};
751 defined $order->{ccTranId} or $order->{ccTranId} = '';
752 $order->{paidFor} = 1;
755 $ccNumber =~ tr/0-9//cd;
756 $order->{ccNumberHash} = md5_hex($ccNumber);
757 $order->{ccExpiryHash} = md5_hex($ccExpiry);
762 $order->{complete} = 1;
765 # set the order displayed by orderdone
766 $session->{order_completed} = $order->{id};
767 $session->{order_completed_at} = time;
769 my $noencrypt = $cfg->entryBool('shop', 'noencrypt', 0);
770 $class->_send_order($req, $order, \@dbitems, \@products, $noencrypt,
773 # empty the cart ready for the next order
774 delete @{$session}{qw/order_info order_info_confirmed cart order_work/};
776 return BSE::Template->get_refresh("$ENV{SCRIPT_NAME}?a_orderdone=1", $req->cfg);
780 my ($class, $req) = @_;
782 my $session = $req->session;
785 my $id = $session->{order_completed};
786 my $when = $session->{order_completed_at};
787 $id && defined $when && time < $when + 500
788 or return $class->req_cart($req);
790 my $order = BSE::TB::Orders->getByPkey($id)
791 or return $class->req_cart($req);
792 my @items = $order->items;
793 my @products = map { Products->getByPkey($_->{productId}) } @items;
795 my @item_cols = BSE::TB::OrderItem->columns;
796 my %copy_cols = map { $_ => 1 } Product->columns;
797 delete @copy_cols{@item_cols};
798 my @copy_cols = keys %copy_cols;
800 for my $item_index (0..$#items) {
801 my $item = $items[$item_index];
802 my $product = $products[$item_index];
804 @entry{@item_cols} = @{$item}{@item_cols};
805 @entry{@copy_cols} = @{$product}{@copy_cols};
807 push @showitems, \%entry;
810 my $cust_class = custom_class($req->cfg);
812 my @pay_types = payment_types($cfg);
813 my @payment_types = map $_->{id}, grep $_->{enabled}, @pay_types;
814 my %pay_types = map { $_->{id} => $_ } @pay_types;
815 my %types_by_name = map { $_->{name} => $_->{id} } @pay_types;
827 $req->dyn_user_tags(),
828 $cust_class->purchase_actions(\%acts, \@items, \@products,
829 $session->{custom}, $cfg),
830 BSE::Util::Tags->static(\%acts, $cfg),
831 iterate_items_reset => sub { $item_index = -1; },
834 if (++$item_index < @items) {
836 @options = cart_item_opts($req,
838 $products[$item_index]);
841 $item = $items[$item_index];
842 $product = $products[$item_index];
851 item=> sub { escape_html($showitems[$item_index]{$_[0]}); },
854 my $value = $products[$item_index]{$_[0]};
855 defined $value or $value = '';
861 my $what = $_[0] || 'retailPrice';
862 $items[$item_index]{units} * $items[$item_index]{$what};
864 order => sub { escape_html($order->{$_[0]}) },
867 my ($value, $fmt) = @_;
868 if ($fmt =~ /^m(\d+)/) {
869 return sprintf("%$1s", sprintf("%.2f", $value/100));
871 elsif ($fmt =~ /%/) {
872 return sprintf($fmt, $value);
875 iterate_options_reset => sub { $option_index = -1 },
876 iterate_options => sub { ++$option_index < @options },
877 option => sub { escape_html($options[$option_index]{$_[0]}) },
878 ifOptions => sub { @options },
879 options => sub { nice_options(@options) },
880 ifPayment => [ \&tag_ifPayment, $order->{paymentType}, \%types_by_name ],
881 #ifSubscribingTo => [ \&tag_ifSubscribingTo, \%subscribing_to ],
882 session => [ \&tag_session, \$item, \$sem_session ],
883 location => [ \&tag_location, \$item, \$location ],
886 for my $type (@pay_types) {
887 my $id = $type->{id};
888 my $name = $type->{name};
889 $acts{"if${name}Payment"} = $order->{paymentType} == $id;
892 return $req->response('checkoutfinal', \%acts);
896 my ($ritem, $rsession, $arg) = @_;
898 $$ritem or return '';
900 $$ritem->{session_id} or return '';
902 unless ($$rsession) {
903 require BSE::TB::SeminarSessions;
904 $$rsession = BSE::TB::SeminarSessions->getByPkey($$ritem->{session_id})
908 my $value = $$rsession->{$arg};
909 defined $value or return '';
915 my ($ritem, $rlocation, $arg) = @_;
917 $$ritem or return '';
919 $$ritem->{session_id} or return '';
921 unless ($$rlocation) {
922 require BSE::TB::Locations;
923 ($$rlocation) = BSE::TB::Locations->getSpecial(session_id => $$ritem->{session_id})
927 my $value = $$rlocation->{$arg};
928 defined $value or return '';
934 my ($payment, $types_by_name, $args) = @_;
937 if ($type !~ /^\d+$/) {
938 return '' unless exists $types_by_name->{$type};
939 $type = $types_by_name->{$type};
942 return $payment == $type;
947 my ($class, $req, $rmsg) = @_;
950 my $from = $cfg->entry('shop', 'from', $Constants::SHOP_FROM);
951 unless ($from && $from =~ /.\@./) {
952 $$rmsg = "Configuration error: shop from address not set";
955 my $toEmail = $cfg->entry('shop', 'to_email', $Constants::SHOP_TO_EMAIL);
956 unless ($toEmail && $toEmail =~ /.\@./) {
957 $$rmsg = "Configuration error: shop to_email address not set";
965 my ($class, $req) = @_;
967 $class->update_quantities($req);
968 $req->session->{order_info_confirmed} = 0;
969 return $class->req_cart($req);
972 sub req_recalculate {
973 my ($class, $req) = @_;
975 return $class->req_recalc($req);
979 my ($class, $req, $order, $items, $products, $noencrypt,
980 $subscribing_to) = @_;
985 my $crypto_class = $cfg->entry('shop', 'crypt_module',
986 $Constants::SHOP_CRYPTO);
987 my $signing_id = $cfg->entry('shop', 'crypt_signing_id',
988 $Constants::SHOP_SIGNING_ID);
989 my $pgp = $cfg->entry('shop', 'crypt_pgp', $Constants::SHOP_PGP);
990 my $pgpe = $cfg->entry('shop', 'crypt_pgpe', $Constants::SHOP_PGPE);
991 my $gpg = $cfg->entry('shop', 'crypt_gpg', $Constants::SHOP_GPG);
992 my $passphrase = $cfg->entry('shop', 'crypt_passphrase',
993 $Constants::SHOP_PASSPHRASE);
994 my $from = $cfg->entry('shop', 'from', $Constants::SHOP_FROM);
995 my $toName = $cfg->entry('shop', 'to_name', $Constants::SHOP_TO_NAME);
996 my $toEmail = $cfg->entry('shop', 'to_email', $Constants::SHOP_TO_EMAIL);
997 my $subject = $cfg->entry('shop', 'subject', $Constants::SHOP_MAIL_SUBJECT);
999 my $session = $req->session;
1000 my %extras = $cfg->entriesCS('extra tags');
1001 for my $key (keys %extras) {
1003 my $data = $cfg->entryVar('extra tags', $key);
1004 $extras{$key} = sub { $data };
1007 my $item_index = -1;
1015 ->order_mail_actions(\%acts, $order, $items, $products,
1016 $session->{custom}, $cfg),
1017 BSE::Util::Tags->static(\%acts, $cfg),
1018 iterate_items_reset => sub { $item_index = -1; },
1021 if (++$item_index < @$items) {
1023 @options = cart_item_opts($req,
1024 $items->[$item_index],
1025 $products->[$item_index]);
1030 item=> sub { $items->[$item_index]{$_[0]}; },
1033 my $value = $products->[$item_index]{$_[0]};
1034 defined($value) or $value = '';
1037 order => sub { $order->{$_[0]} },
1040 $items->[$item_index]{units} * $items->[$item_index]{$_[0]};
1044 my ($value, $fmt) = @_;
1045 if ($fmt =~ /^m(\d+)/) {
1046 return sprintf("%$1s", sprintf("%.2f", $value/100));
1048 elsif ($fmt =~ /%/) {
1049 return sprintf($fmt, $value);
1051 elsif ($fmt =~ /^\d+$/) {
1052 return substr($value . (" " x $fmt), 0, $fmt);
1058 iterate_options_reset => sub { $option_index = -1 },
1059 iterate_options => sub { ++$option_index < @options },
1060 option => sub { escape_html($options[$option_index]{$_[0]}) },
1061 ifOptions => sub { @options },
1062 options => sub { nice_options(@options) },
1063 with_wrap => \&tag_with_wrap,
1064 ifSubscribingTo => [ \&tag_ifSubscribingTo, $subscribing_to ],
1067 my $mailer = BSE::Mail->new(cfg=>$cfg);
1068 # ok, send some email
1069 my $confirm = BSE::Template->get_page('mailconfirm', $cfg, \%acts);
1070 my $email_order = $cfg->entryBool('shop', 'email_order', $Constants::SHOP_EMAIL_ORDER);
1072 unless ($noencrypt) {
1073 $acts{cardNumber} = $cgi->param('cardNumber');
1074 $acts{cardExpiry} = $cgi->param('cardExpiry');
1075 $acts{cardVerify} = $cgi->param('cardVerify');
1077 my $ordertext = BSE::Template->get_page('mailorder', $cfg, \%acts);
1081 $send_text = $ordertext;
1084 eval "use $crypto_class";
1086 my $encrypter = $crypto_class->new;
1088 my $debug = $cfg->entryBool('debug', 'mail_encryption', 0);
1089 my $sign = $cfg->entryBool('basic', 'sign', 1);
1095 passphrase=> $passphrase,
1097 fastcgi => $req->is_fastcgi,
1101 $opts{secretkeyid} = $signing_id if $signing_id;
1102 $opts{pgp} = $pgp if $pgp;
1103 $opts{gpg} = $gpg if $gpg;
1104 $opts{pgpe} = $pgpe if $pgpe;
1105 my $recip = "$toName <$toEmail>";
1107 unless ($send_text = $encrypter->encrypt($recip, $ordertext, %opts )) {
1108 print STDERR "Cannot encrypt email: ", $encrypter->error;
1112 $mailer->send(to=>$toEmail, from=>$from, subject=>'New Order '.$order->{id},
1114 or print STDERR "Error sending order to admin: ",$mailer->errstr,"\n";
1116 $mailer->send(to=>$order->{emailAddress}, from=>$from,
1117 subject=>$subject . " " . localtime,
1119 or print STDERR "Error sending order to customer: ",$mailer->errstr,"\n";
1123 my ($args, $text) = @_;
1125 my $margin = $args =~ /^\d+$/ && $args > 30 ? $args : 70;
1128 # do it twice to prevent a warning
1129 $Text::Wrap::columns = $margin;
1130 $Text::Wrap::columns = $margin;
1132 return Text::Wrap::fill('', '', split /\n/, $text);
1135 sub _refresh_logon {
1136 my ($class, $req, $msg, $msgid, $r) = @_;
1138 my $securlbase = $req->cfg->entryVar('site', 'secureurl');
1139 my $url = $securlbase."/cgi-bin/user.pl";
1141 $r ||= $securlbase."/cgi-bin/shop.pl?checkout=1";
1145 $parms{message} = $msg if $msg;
1146 $parms{mid} = $msgid if $msgid;
1147 $url .= "?" . join("&", map "$_=".escape_uri($parms{$_}), keys %parms);
1149 return BSE::Template->get_refresh($url, $req->cfg);
1153 my ($class, $req, $cart, $cart_prods) = @_;
1155 return need_logon($req->cfg, $cart, $cart_prods, $req->session, $req->cgi);
1158 sub tag_checkedPayment {
1159 my ($payment, $types_by_name, $args) = @_;
1162 if ($type !~ /^\d+$/) {
1163 return '' unless exists $types_by_name->{$type};
1164 $type = $types_by_name->{$type};
1167 return $payment == $type ? 'checked="checked"' : '';
1170 sub tag_ifPayments {
1171 my ($enabled, $types_by_name, $args) = @_;
1174 if ($type !~ /^\d+$/) {
1175 return '' unless exists $types_by_name->{$type};
1176 $type = $types_by_name->{$type};
1179 my @found = grep $_ == $type, @$enabled;
1181 return scalar @found;
1184 sub update_quantities {
1185 my ($class, $req) = @_;
1187 my $session = $req->session;
1188 my $cgi = $req->cgi;
1189 my $cfg = $req->cfg;
1190 my @cart = @{$session->{cart} || []};
1191 for my $index (0..$#cart) {
1192 my $new_quantity = $cgi->param("quantity_$index");
1193 if (defined $new_quantity) {
1194 if ($new_quantity =~ /^\s*(\d+)/) {
1195 $cart[$index]{units} = $1;
1197 elsif ($new_quantity =~ /^\s*$/) {
1198 $cart[$index]{units} = 0;
1202 @cart = grep { $_->{units} != 0 } @cart;
1203 $session->{cart} = \@cart;
1204 $session->{custom} ||= {};
1205 my %custom_state = %{$session->{custom}};
1206 custom_class($cfg)->recalc($cgi, \@cart, [], \%custom_state, $cfg);
1207 $session->{custom} = \%custom_state;
1211 my ($class, $req, $products) = @_;
1213 my $session = $req->session;
1217 my @cart = @{$req->session->{cart}}
1220 my @prodcols = Product->columns;
1222 my $today = now_sqldate();
1223 for my $item (@cart) {
1225 my $product = Products->getByPkey($item->{productId});
1227 (my $comp_release = $product->{release}) =~ s/ .*//;
1228 (my $comp_expire = $product->{expire}) =~ s/ .*//;
1229 $comp_release le $today
1230 or do { push @msgs, "'$product->{title}' has not been released yet";
1232 $today le $comp_expire
1233 or do { push @msgs, "'$product->{title}' has expired"; next; };
1235 or do { push @msgs, "'$product->{title}' not available"; next; };
1237 for my $col (@prodcols) {
1238 $work{$col} = $product->{$col} unless exists $work{$col};
1240 $work{extended_retailPrice} = $work{units} * $work{retailPrice};
1241 $work{extended_gst} = $work{units} * $work{gst};
1242 $work{extended_wholesale} = $work{units} * $work{wholesalePrice};
1244 push @newcart, \%work;
1245 push @$products, $product;
1249 # we don't use these for anything for now
1257 sub _fillout_order {
1258 my ($class, $req, $values, $items, $rmsg, $how) = @_;
1260 my $session = $req->session;
1261 my $cfg = $req->cfg;
1262 my $cgi = $req->cgi;
1266 my $total_wholesale = 0;
1267 for my $item (@$items) {
1268 $total += $item->{extended_retailPrice};
1269 $total_gst += $item->{extended_gst};
1270 $total_wholesale += $item->{extended_wholesale};
1272 $values->{total} = $total;
1273 $values->{gst} = $total_gst;
1274 $values->{wholesale} = $total_wholesale;
1275 $values->{shipping_cost} = 0;
1277 my $cust_class = custom_class($cfg);
1279 # if it sets shipping cost it must also update the total
1281 local $SIG{__DIE__};
1282 my %custom = %{$session->{custom}};
1283 $cust_class->order_save($cgi, $values, $items, $items,
1285 $session->{custom} = \%custom;
1293 $cust_class->total_extras($items, $items,
1294 $session->{custom}, $cfg, $how);
1296 my $affiliate_code = $session->{affiliate_code};
1297 defined $affiliate_code && length $affiliate_code
1298 or $affiliate_code = $cgi->param('affiliate_code');
1299 defined $affiliate_code or $affiliate_code = '';
1300 $values->{affiliate_code} = $affiliate_code;
1302 my $user = $req->siteuser;
1304 $values->{userId} = $user->{userId};
1305 $values->{siteuser_id} = $user->{id};
1308 $values->{userId} = '';
1309 $values->{siteuser_id} = -1;
1312 $values->{orderDate} = now_sqldatetime;
1314 # this should be hard to guess
1315 $values->{randomId} ||= md5_hex(time().rand().{}.$$);
1320 sub action_prefix { '' }
1323 my ($class, $req) = @_;
1325 require BSE::TB::Locations;
1326 my $cgi = $req->cgi;
1327 my $location_id = $cgi->param('location_id');
1329 if (defined $location_id && $location_id =~ /^\d+$/) {
1330 $location = BSE::TB::Locations->getByPkey($location_id);
1334 BSE::Util::Tags->static(\%acts, $req->cfg),
1335 location => [ \&tag_hash, $location ],
1338 return $req->response('location', \%acts);
1343 type=>BSE::Template->get_type($req->cfg, 'error'),
1344 content=>"Missing or invalid location_id",
1350 my ($class, $req, $addid, $quantity, $error, $refresh_logon) = @_;
1354 $product = BSE::TB::Seminars->getByPkey($addid);
1355 $product ||= Products->getByPkey($addid);
1358 $$error = "Cannot find product $addid";
1362 # collect the product options
1364 my @opt_names = split /,/, $product->{options};
1366 my $cgi = $req->cgi;
1367 for my $name (@opt_names) {
1368 my $value = $cgi->param($name);
1369 push @options, $value;
1370 unless (defined $value) {
1371 push @not_def, $name;
1375 $$error = "Some product options (@not_def) not supplied";
1378 my $options = join(",", @options);
1380 # the product must be non-expired and listed
1381 (my $comp_release = $product->{release}) =~ s/ .*//;
1382 (my $comp_expire = $product->{expire}) =~ s/ .*//;
1383 my $today = now_sqldate();
1384 unless ($comp_release le $today) {
1385 $$error = "Product $product->{title} has not been released yet";
1388 unless ($today le $comp_expire) {
1389 $$error = "Product $product->{title} has expired";
1392 unless ($product->{listed}) {
1393 $$error = "Product $product->{title} not available";
1397 # used to refresh if a logon is needed
1398 my $securlbase = $req->cfg->entryVar('site', 'secureurl');
1399 my $r = $securlbase . $ENV{SCRIPT_NAME} . "?add=1&id=$addid";
1400 for my $opt_index (0..$#opt_names) {
1401 $r .= "&$opt_names[$opt_index]=".escape_uri($options[$opt_index]);
1404 my $user = $req->siteuser;
1405 # need to be logged on if it has any subs
1406 if ($product->{subscription_id} != -1) {
1408 my $sub = $product->subscription;
1409 if ($product->is_renew_sub_only) {
1410 unless ($user->subscribed_to_grace($sub)) {
1411 $$error = "The product $product->{title} can only be used to renew your subscription to $sub->{title} and you are not subscribed nor within the renewal grace period";
1415 elsif ($product->is_start_sub_only) {
1416 if ($user->subscribed_to_grace($sub)) {
1417 $$error = "The product $product->{title} can only be used to start your subscription to $sub->{title} and you are already subscribed or within the grace period";
1424 [ "You must be logged on to add this product to your cart",
1429 if ($product->{subscription_required} != -1) {
1430 my $sub = $product->subscription_required;
1432 unless ($user->subscribed_to($sub)) {
1433 $$error = "You must be subscribed to $sub->{title} to purchase this product";
1438 # we want to refresh back to adding the item to the cart if possible
1440 [ "You must be logged on and subscribed to $sub->{title} to add this product to your cart",
1441 'prodlogonsub', $r ];
1446 # we need a natural integer quantity
1447 unless ($quantity =~ /^\d+$/ && $quantity > 0) {
1448 $$error = "Invalid quantity";
1453 if ($product->isa('BSE::TB::Seminar')) {
1454 # you must be logged on to add a seminar
1457 [ "You must be logged on to add seminars to your cart",
1458 'seminarlogon', $r ];
1462 # get and validate the session
1463 my $session_id = $cgi->param('session_id');
1464 unless (defined $session_id) {
1465 $$error = "Please select a session when adding a seminar";
1469 unless ($session_id =~ /^\d+$/) {
1470 $$error = "Invalid session_id supplied";
1474 require BSE::TB::SeminarSessions;
1475 my $session = BSE::TB::SeminarSessions->getByPkey($session_id);
1477 $$error = "Unknown session id supplied";
1480 unless ($session->{seminar_id} == $addid) {
1481 $$error = "Session not for this seminar";
1485 # check if the user is already booked for this session
1486 if (grep($_ == $session_id, $user->seminar_sessions_booked($addid))) {
1487 $$error = "You are already booked for this session";
1491 $extras{session_id} = $session_id;
1494 return ( $product, $options, \%extras );
1498 my ($refresh, $req, $started_empty) = @_;
1500 my $cfg = $req->cfg;
1501 my $cookie_domain = $cfg->entry('basic', 'cookie_domain');
1502 if ($started_empty && !$cookie_domain) {
1503 my $base_url = $cfg->entryVar('site', 'url');
1504 my $secure_url = $cfg->entryVar('site', 'secureurl');
1505 if ($base_url ne $secure_url) {
1506 my $debug = $cfg->entryBool('debug', 'logon_cookies', 0);
1508 # magical refresh time
1509 # which host are we on?
1510 # first get info about the 2 possible hosts
1511 my ($baseprot, $basehost, $baseport) =
1512 $base_url =~ m!^(\w+)://([\w.-]+)(?::(\d+))?!;
1513 $baseport ||= $baseprot eq 'http' ? 80 : 443;
1514 print STDERR "Base: prot: $baseprot Host: $basehost Port: $baseport\n"
1517 #my ($secprot, $sechost, $secport) =
1518 # $securl =~ m!^(\w+)://([\w.-]+)(?::(\d+))?!;
1521 # get info about the current host
1522 my $port = $ENV{SERVER_PORT} || 80;
1523 my $ishttps = exists $ENV{HTTPS} || exists $ENV{SSL_CIPHER};
1524 print STDERR "\$ishttps: $ishttps\n" if $debug;
1525 my $protocol = $ishttps ? 'https' : 'http';
1527 if (lc $ENV{SERVER_NAME} ne lc $basehost
1528 || lc $protocol ne $baseprot
1529 || $baseport != $port) {
1530 print STDERR "not on base host ('$ENV{SERVER_NAME}' cmp '$basehost' '$protocol cmp '$baseprot' $baseport cmp $port\n" if $debug;
1533 my $url = $onbase ? $secure_url : $base_url;
1534 my $finalbase = $onbase ? $base_url : $secure_url;
1535 $refresh = $finalbase . $refresh unless $refresh =~ /^\w+:/;
1536 print STDERR "Heading to $url to setcookie\n" if $debug;
1537 $url .= "/cgi-bin/user.pl?setcookie=".$req->session->{_session_id};
1538 $url .= "&r=".CGI::escape($refresh);
1539 return BSE::Template->get_refresh($url, $cfg);
1543 return BSE::Template->get_refresh($refresh, $cfg);
projects / bse.git / blob