PluginProbe ʕ •ᴥ•ʔ
VikAppointments Services Booking Calendar / trunk
VikAppointments Services Booking Calendar vtrunk
trunk 1.2.17 1.2.18 1.2.19
vikappointments / admin / controllers / payment.php
vikappointments / admin / controllers Last commit date
analytics.php 4 years ago apiban.php 4 years ago apilog.php 4 years ago apiplugin.php 4 years ago apiuser.php 4 years ago backup.php 4 years ago calendar.php 4 years ago city.php 4 years ago closure.php 1 month ago configapp.php 4 years ago configcldays.php 2 years ago configcron.php 4 years ago configemp.php 4 years ago configsmsapi.php 4 years ago configuration.php 1 month ago conversion.php 1 year ago country.php 4 years ago coupon.php 4 years ago coupongroup.php 4 years ago cronjob.php 2 years ago cronjoblog.php 4 years ago customer.php 4 months ago customf.php 1 year ago dashboard.php 4 years ago emplocwdays.php 4 years ago employee.php 1 year ago emprates.php 4 years ago export.php 4 years ago exportres.php 4 years ago file.php 4 months ago findreservation.php 1 month ago group.php 4 years ago import.php 4 years ago index.html 4 years ago invoice.php 1 month ago langcustomf.php 4 years ago langemployee.php 4 years ago langgroup.php 4 years ago langmedia.php 4 years ago langoption.php 4 years ago langoptiongroup.php 4 years ago langpackage.php 4 years ago langpackgroup.php 4 years ago langpayment.php 4 years ago langservice.php 4 years ago langstatuscode.php 4 years ago langsubscr.php 4 years ago langtax.php 4 years ago location.php 4 years ago mailtext.php 2 years ago makerecurrence.php 1 month ago media.php 4 years ago multiorder.php 4 years ago option.php 4 months ago optiongroup.php 4 years ago package.php 2 years ago packgroup.php 4 years ago packorder.php 1 year ago payment.php 4 years ago rate.php 4 years ago reportsemp.php 4 years ago reportsser.php 4 years ago reservation.php 1 month ago restriction.php 4 years ago review.php 4 years ago service.php 1 year ago serworkday.php 4 months ago state.php 4 years ago statuscode.php 4 years ago subscription.php 4 years ago subscrorder.php 4 years ago tag.php 4 years ago tax.php 4 years ago usernote.php 4 years ago waitinglist.php 4 years ago webhook.php 4 years ago wizard.php 1 year ago
payment.php
459 lines
1 <?php
2 /**
3 * @package VikAppointments
4 * @subpackage core
5 * @author E4J s.r.l.
6 * @copyright Copyright (C) 2021 E4J s.r.l. All Rights Reserved.
7 * @license http://www.gnu.org/licenses/gpl-2.0.html GNU/GPL
8 * @link https://vikwp.com
9 */
10
11 // No direct access
12 defined('ABSPATH') or die('No script kiddies please!');
13
14 VAPLoader::import('libraries.mvc.controllers.admin');
15
16 /**
17 * VikAppointments payment controller.
18 *
19 * @since 1.7
20 */
21 class VikAppointmentsControllerPayment extends VAPControllerAdmin
22 {
23 /**
24 * Task used to access the creation page of a new record.
25 *
26 * @return boolean
27 */
28 public function add()
29 {
30 $app = JFactory::getApplication();
31 $user = JFactory::getUser();
32
33 $data = array();
34
35 $file = $app->input->getString('file', '');
36
37 if ($file)
38 {
39 $data['file'] = $file;
40 }
41
42 $id_employee = $app->input->getUint('id_employee', 0);
43
44 if ($id_employee > 0)
45 {
46 $data['id_employee'] = $id_employee;
47 }
48
49 // unset user state for being recovered again
50 $app->setUserState('vap.payment.data', $data);
51
52 // check user permissions
53 if (!$user->authorise('core.create', 'com_vikappointments') || !$user->authorise('core.access.payments', 'com_vikappointments'))
54 {
55 // back to main list, not authorised to create records
56 $app->enqueueMessage(JText::translate('JERROR_ALERTNOAUTHOR'), 'error');
57 $this->cancel();
58
59 return false;
60 }
61
62 $this->setRedirect('index.php?option=com_vikappointments&view=managepayment');
63
64 return true;
65 }
66
67 /**
68 * Task used to access the management page of an existing record.
69 *
70 * @return boolean
71 */
72 public function edit()
73 {
74 $app = JFactory::getApplication();
75 $user = JFactory::getUser();
76
77 // unset user state for being recovered again
78 $app->setUserState('vap.payment.data', array());
79
80 // check user permissions
81 if (!$user->authorise('core.edit', 'com_vikappointments') || !$user->authorise('core.access.payments', 'com_vikappointments'))
82 {
83 // back to main list, not authorised to edit records
84 $app->enqueueMessage(JText::translate('JERROR_ALERTNOAUTHOR'), 'error');
85 $this->cancel();
86
87 return false;
88 }
89
90 $cid = $app->input->getUint('cid', array(0));
91
92 $this->setRedirect('index.php?option=com_vikappointments&view=managepayment&cid[]=' . $cid[0]);
93
94 return true;
95 }
96
97 /**
98 * Task used to save the record data set in the request.
99 * After saving, the user is redirected to the main list.
100 *
101 * @return void
102 */
103 public function saveclose()
104 {
105 if ($this->save())
106 {
107 $this->cancel();
108 }
109 }
110
111 /**
112 * Task used to save the record data set in the request.
113 * After saving, the user is redirected to the creation
114 * page of a new record.
115 *
116 * @return void
117 */
118 public function savenew()
119 {
120 if ($this->save())
121 {
122 $input = JFactory::getApplication()->input;
123
124 $url = 'index.php?option=com_vikappointments&task=payment.add';
125
126 $id_employee = $input->getUint('id_employee', 0);
127
128 if ($id_employee > 0)
129 {
130 $url .= '&id_employee=' . $id_employee;
131 }
132
133 $this->setRedirect($url);
134 }
135 }
136
137 /**
138 * Task used to save the record data set in the request.
139 * After saving, the user is redirected to the management
140 * page of the record that has been saved.
141 *
142 * @return boolean
143 */
144 public function save()
145 {
146 $app = JFactory::getApplication();
147 $input = $app->input;
148 $user = JFactory::getUser();
149
150 /**
151 * Added token validation.
152 *
153 * @since 1.7
154 */
155 if (!JSession::checkToken())
156 {
157 // back to main list, missing CSRF-proof token
158 $app->enqueueMessage(JText::translate('JINVALID_TOKEN'), 'error');
159 $this->cancel();
160
161 return false;
162 }
163
164 $args = array();
165 $args['name'] = $input->getString('name', '');
166 $args['file'] = $input->getString('file', null);
167 $args['charge'] = $input->getFloat('charge', 0);
168 $args['id_tax'] = $input->getUint('id_tax', 0);
169 $args['published'] = $input->getUint('published', 0);
170 $args['setconfirmed'] = $input->getUint('setconfirmed', 0);
171 $args['selfconfirm'] = $input->getUint('selfconfirm', 0);
172 $args['trust'] = $input->getUint('trust', 0);
173 $args['position'] = $input->getString('position', '');
174 $args['icontype'] = $input->getUint('icontype', 0);
175 $args['level'] = $input->getUint('level', 0);
176 $args['prenote'] = JComponentHelper::filterText($input->getRaw('prenote', ''));
177 $args['note'] = JComponentHelper::filterText($input->getRaw('note', ''));
178 $args['id_employee'] = $input->getUint('id_employee', 0);
179 $args['id'] = $input->getUint('id', 0);
180
181 switch ($args['icontype'])
182 {
183 case 1:
184 $args['icon'] = $input->getString('font_icon');
185 break;
186
187 case 2:
188 $args['icon'] = $input->getString('upload_icon');
189 break;
190
191 default:
192 $args['icon'] = '';
193 }
194
195 $allowedfor = $input->getUint('allowedfor', 1);
196 $args['appointments'] = $args['subscr'] = 0;
197
198 if ($allowedfor == 1 || $allowedfor == 3)
199 {
200 $args['appointments'] = 1;
201 }
202
203 if ($allowedfor == 2 || $allowedfor == 3)
204 {
205 $args['subscr'] = 1;
206 }
207
208 if ($args['selfconfirm'])
209 {
210 // always unset auto-confirmation in case of self-confirmation
211 // in order to avoid backward compatibility issues
212 $args['setconfirmed'] = 0;
213 }
214
215 // Check whether the file has been specified or not, which would mean that
216 // we are trying to edit the payment of an employee without being the author.
217 // This way we can prevent the update of the driver and its parameters.
218 if (!is_null($args['file']))
219 {
220 try
221 {
222 // get payment configuration
223 $config = VAPApplication::getInstance()->getPaymentConfig($args['file']);
224
225 $args['params'] = array();
226
227 // load configuration from request
228 foreach ($config as $k => $p)
229 {
230 $args['params'][$k] = $input->get('gp_' . $k, '', 'string');
231 }
232 }
233 catch (Exception $e)
234 {
235 // unset file to raise error before saving the payment
236 $args['file'] = false;
237 }
238 }
239
240 $rule = 'core.' . ($args['id'] > 0 ? 'edit' : 'create');
241
242 // check user permissions
243 if (!$user->authorise($rule, 'com_vikappointments') || !$user->authorise('core.access.payments', 'com_vikappointments'))
244 {
245 // back to main list, not authorised to create/edit records
246 $app->enqueueMessage(JText::translate('JERROR_ALERTNOAUTHOR'), 'error');
247 $this->cancel();
248
249 return false;
250 }
251
252 // get payment model
253 $payment = $this->getModel();
254
255 // try to save arguments
256 $id = $payment->save($args);
257
258 if (!$id)
259 {
260 // get string error
261 $error = $payment->getError(null, true);
262
263 // display error message
264 $app->enqueueMessage(JText::sprintf('JLIB_APPLICATION_ERROR_SAVE_FAILED', $error), 'error');
265
266 $url = 'index.php?option=com_vikappointments&view=managepayment';
267
268 if ($args['id'])
269 {
270 $url .= '&cid[]=' . $args['id'];
271 }
272
273 // redirect to new/edit page
274 $this->setRedirect($url);
275
276 return false;
277 }
278
279 // display generic successful message
280 $app->enqueueMessage(JText::translate('JLIB_APPLICATION_SAVE_SUCCESS'));
281
282 // redirect to edit page
283 $this->setRedirect('index.php?option=com_vikappointments&task=payment.edit&cid[]=' . $id);
284
285 return true;
286 }
287
288 /**
289 * Deletes a list of records set in the request.
290 *
291 * @return boolean
292 */
293 public function delete()
294 {
295 $app = JFactory::getApplication();
296 $user = JFactory::getUser();
297
298 /**
299 * Added token validation.
300 * Both GET and POST are supported.
301 *
302 * @since 1.7
303 */
304 if (!JSession::checkToken() && !JSession::checkToken('get'))
305 {
306 // back to main list, missing CSRF-proof token
307 $app->enqueueMessage(JText::translate('JINVALID_TOKEN'), 'error');
308 $this->cancel();
309
310 return false;
311 }
312
313 $cid = $app->input->get('cid', array(), 'uint');
314
315 // check user permissions
316 if (!$user->authorise('core.delete', 'com_vikappointments') || !$user->authorise('core.access.payments', 'com_vikappointments'))
317 {
318 // back to main list, not authorised to delete records
319 $app->enqueueMessage(JText::translate('JERROR_ALERTNOAUTHOR'), 'error');
320 $this->cancel();
321
322 return false;
323 }
324
325 // delete selected records
326 $this->getModel()->delete($cid);
327
328 // back to main list
329 $this->cancel();
330
331 return true;
332 }
333
334 /**
335 * Publishes the selected records.
336 *
337 * @return boolean
338 */
339 public function publish()
340 {
341 $app = JFactory::getApplication();
342 $user = JFactory::getUser();
343
344 /**
345 * Added token validation.
346 * Both GET and POST are supported.
347 *
348 * @since 1.7
349 */
350 if (!JSession::checkToken() && !JSession::checkToken('get'))
351 {
352 // back to main list, missing CSRF-proof token
353 $app->enqueueMessage(JText::translate('JINVALID_TOKEN'), 'error');
354 $this->cancel();
355
356 return false;
357 }
358
359 $cid = $app->input->get('cid', array(), 'uint');
360 $task = $app->input->get('task', null);
361
362 $state = $task == 'unpublish' ? 0 : 1;
363
364 // check user permissions
365 if (!$user->authorise('core.edit.state', 'com_vikappointments') || !$user->authorise('core.access.payments', 'com_vikappointments'))
366 {
367 // back to main list, not authorised to edit records
368 $app->enqueueMessage(JText::translate('JERROR_ALERTNOAUTHOR'), 'error');
369 $this->cancel();
370
371 return false;
372 }
373
374 // change state of selected records
375 $this->getModel()->publish($cid, $state);
376
377 // back to main list
378 $this->cancel();
379
380 return true;
381 }
382
383 /**
384 * Redirects the users to the main records list.
385 *
386 * @return void
387 */
388 public function cancel()
389 {
390 $input = JFactory::getApplication()->input;
391
392 $url = 'index.php?option=com_vikappointments&view=payments';
393
394 $id_employee = $input->getUint('id_employee', 0);
395
396 if ($id_employee > 0)
397 {
398 $url .= '&id_employee=' . $id_employee;
399 }
400
401 $this->setRedirect($url);
402 }
403
404 /**
405 * AJAX end-point used to retrieve the configuration
406 * of the selected driver.
407 *
408 * @return void
409 */
410 public function driverfields()
411 {
412 $input = JFactory::getApplication()->input;
413
414 /**
415 * Added token validation.
416 *
417 * @since 1.7
418 */
419 if (!JSession::checkToken())
420 {
421 // missing CSRF-proof token
422 UIErrorFactory::raiseError(403, JText::translate('JINVALID_TOKEN'));
423 }
424
425 $driver = $input->getString('driver');
426 $id = $input->getUint('id', 0);
427
428 // access payment config through platform handler
429 $form = VAPApplication::getInstance()->getPaymentConfig($driver);
430
431 $params = array();
432
433 if ($id)
434 {
435 // load payment details
436 $payment = $this->getModel()->getItem($id);
437
438 if ($payment)
439 {
440 // use found parameters
441 $params = $payment->params;
442 }
443 }
444
445 // build display data
446 $data = array(
447 'fields' => $form,
448 'params' => $params,
449 'prefix' => 'gp_',
450 );
451
452 // render payment form
453 $html = JLayoutHelper::render('form.fields', $data);
454
455 // send HTML form to caller
456 $this->sendJSON(json_encode($html));
457 }
458 }
459