From 598924d3de5aba9ec7d54ef11e18da3c1ee98924 Mon Sep 17 00:00:00 2001 From: konrad Date: Sun, 6 Feb 2011 21:50:22 +0000 Subject: [PATCH] separate index from ticket shop; implement customer login, checkout and address selection git-svn-id: https://silmor.de/svn/softmagic/smoke/trunk@720 6e3c4bff-ac9f-4ac1-96c5-d2ea494d3e33 --- www/config.php.template | 18 ++-- www/inc/classes/basevars.php | 16 +++- www/inc/machine/session.php | 51 +++++---- www/inc/rendering/cart_listing.php | 169 ++++++++++++++++------------ www/inc/rendering/event_listing.php | 2 +- www/inc/rendering/twig_extensions.php | 16 +++- www/inc/wext/customer.php | 195 +++++++++++++++++++++++++++++++++ www/index.php | 33 +++++- www/template/en/changeaddress.html | 43 +++++++ www/template/en/checkout.html | 96 ++++++++++++++++ www/template/en/index.html | 58 ++-------- www/template/en/layout.html | 3 +- www/template/en/login.html | 89 +++++++++++++++ www/template/en/orderlogin.html | 89 --------------- www/template/en/reseterror.html | 10 ++ www/template/en/resetlogin.html | 30 +++++ www/template/en/tickets.html | 60 ++++++++++ 17 files changed, 729 insertions(+), 249 deletions(-) create mode 100644 www/template/en/changeaddress.html create mode 100644 www/template/en/checkout.html create mode 100644 www/template/en/login.html delete mode 100644 www/template/en/orderlogin.html create mode 100644 www/template/en/reseterror.html create mode 100644 www/template/en/resetlogin.html create mode 100644 www/template/en/tickets.html diff --git a/www/config.php.template b/www/config.php.template index 80c17bc..a9f6a21 100644 --- a/www/config.php.template +++ b/www/config.php.template @@ -27,9 +27,8 @@ $db->setCharacterSet("utf8"); */ //// -//PGSQL +//PostgreSQL -/* //create engine: connection string, the sub-parameters are: // dbname - name of the database // user - DB user that is used to log in to the DB server @@ -44,23 +43,23 @@ $db = new PGsqlEngine("dbname='smoke' user='smoke'"); $db->setPrefix("smoke2_"); //set this only if you want debug messages on error (developers only): //$db->setDebugMode(); -*/ + //////////// // DB Administration -//use this for DB creation and upgrading, comment it out otherwise. +//use this for DB creation and upgrading, comment it out otherwise //change the passcode before using this on a production system!!! $db->setAdminPassCode("Admin","SmokeInMyEye"); //use this if you want to upgrade data from an old (MagicSmoke 1.x) DB instance -/* +// /* $olddb = new MysqlEngine("localhost","smoke",""); $olddb->setDbName("smoke"); $olddb->setPrefix("smoke_"); $olddb->setStorageEngine("InnoDB"); $olddb->setCharacterSet("utf8"); -*/ +// */ //////////// @@ -128,9 +127,12 @@ $WebDefaultShipping=1; $WebCustomerFlags="newsletter reminder"; //order flags -// you can add arbitrary input fields to the checkout pagem this array defines +// you can add arbitrary input fields to the checkout page, this array defines // what values they must have, this can be used for acknowledging standard -// form contract (German: AGB) clauses +// form contract (German: AGB) clauses or other formalities that you need to +// present at EVERY check out +$WebOrderFields=array(); +//example: standard form contract $WebOrderFields['sfc_ack']='on'; //customer password reset diff --git a/www/inc/classes/basevars.php b/www/inc/classes/basevars.php index 3c4155b..8ee5014 100644 --- a/www/inc/classes/basevars.php +++ b/www/inc/classes/basevars.php @@ -85,6 +85,7 @@ public static function initPriv(){ $basevars['script']['index']=$BaseUrl."?mode=index"; $basevars['script']['eventDetails']=$BaseUrl."?mode=eventDetails&event="; $basevars['script']['eventOrder']=$BaseUrl."?mode=eventOrder"; + $basevars['script']['tickets']=$BaseUrl."?mode=tickets"; $basevars['script']['vouchers']=$BaseUrl."?mode=vouchers"; $basevars['script']['voucherOrder']=$BaseUrl."?mode=voucherOrder"; $basevars['script']['shop']=$BaseUrl."?mode=shop"; @@ -93,8 +94,11 @@ public static function initPriv(){ $basevars['script']['checkout']=$BaseUrl."?mode=checkout"; $basevars['script']['removeItem']=$BaseUrl."?mode=removeItem"; $basevars['script']['orderLogin']=$BaseUrl."?mode=orderLogin"; - $basevars['script']['customerLogin']=$BaseUrl."?mode=customerLogin"; - $basevars['script']['customerRegistration']=$BaseUrl."?mode=customerRegistration"; + $basevars['script']['placeOrder']=$BaseUrl."?mode=placeOrder"; + $basevars['script']['customerLoginOrder']=$BaseUrl."?mode=customerLoginOrder"; + $basevars['script']['customerRegistrationOrder']=$BaseUrl."?mode=customerRegistrationOrder"; + $basevars['script']['changeInvoiceAddress']=$BaseUrl."?mode=changeInvoiceAddress"; + $basevars['script']['changeDeliveryAddress']=$BaseUrl."?mode=changeDeliveryAddress"; $basevars['script']['customerResetLogin']=$BaseUrl."?mode=customerResetLogin"; //$basevars['script']['orderOverview']=$BaseUrl."?mode=orderOverview"; //$basevars['script']['editShippingAddress']=$BaseUrl."?mode=editShippingAddress"; @@ -112,6 +116,14 @@ public static function initPriv(){ $basevars['inputnames']['login']['name']='customer_name'; $basevars['inputnames']['login']['firstname']='customer_firstname'; $basevars['inputnames']['login']['title']='customer_title'; + $basevars['inputnames']['address']['setaddress']='setaddr'; + $basevars['inputnames']['address']['createaddress']='createaddr'; + $basevars['inputnames']['address']['name']='name'; + $basevars['inputnames']['address']['addr1']='addr1'; + $basevars['inputnames']['address']['addr2']='addr2'; + $basevars['inputnames']['address']['city']='city'; + $basevars['inputnames']['address']['state']='state'; + $basevars['inputnames']['address']['country']='country'; //end of basevars } diff --git a/www/inc/machine/session.php b/www/inc/machine/session.php index d1215e5..11480b1 100644 --- a/www/inc/machine/session.php +++ b/www/inc/machine/session.php @@ -118,12 +118,7 @@ class Session } //validate host - $splt=explode(" ",$hres[0]["hostkey"]); - if(count($splt)!=2){ - $trans->abortWithError(translate("Session","Host authentication failed"),"auth"); - } - $cmp=strtolower(sha1($splt[0].$trans->gethostkey())); - if($cmp != strtolower($splt[1])){ + if(!self::passwdVerify($trans->gethostkey(),$hres[0]["hostkey"])){ $trans->abortWithError(translate("Session","Host authentication failed"),"auth"); } @@ -133,12 +128,7 @@ class Session $trans->abortWithError(translate("Session","User Authentication failed"),"auth"); } //validate user - $splt=explode(" ",$ures[0]["passwd"]); - if(count($splt)!=2){ - $trans->abortWithError(translate("Session","User Authentication failed"),"auth"); - } - $cmp=strtolower(sha1($splt[0].$trans->getpassword())); - if($cmp!=strtolower($splt[1])){ + if(!self::passwdVerify($trans->getpassword(),$ures[0]["passwd"])){ $trans->abortWithError(translate("Session","User Authentication failed"),"auth"); } @@ -200,17 +190,12 @@ class Session $res=$db->select("user","passwd","uname=".$db->escapeString($this->user)); if(count($res)!=1) $trans->abortWithError(tr("Ooops. Unable to find user. You have been deleted.")); - $splt=explode(" ",$res[0]["passwd"]); - if(count($splt)!=2) - $trans->abortWithError(tr("Ooops. Internal storage error - cannot verify old password.")); - $vrfy=sha1($splt[0].$old); - if($vrfy!=$splt[1]){ + if(!self::passwdVerify($old,$res[0]["passwd"])){ $trans->abortWithError(tr("Wrong password. Request denied.")); } //set new password - $salt=getSalt(); - $pwh=sha1($salt.$nwp); - $db->update("user",array("passwd"=>($salt." ".$pwh)),"uname=".$db->escapeString($this->user)); + $pwh=self::passwdHash($nwp); + $db->update("user",array("passwd"=>($pwh)),"uname=".$db->escapeString($this->user)); } /**checks whether user can execute this transaction, returns true on success; it always returns true for admins*/ @@ -249,6 +234,32 @@ class Session //no matches, must be ok then return true; } + + ///helper function to generate salted user or customer password hash + /// \param $passwd unhashed password + /// \returns the salted password hash + public static function passwdHash($passwd) + { + $salt=getSalt(); + return $salt." ".sha1($salt.$passwd); + } + + ///helper function to verify user or customer login + /// \param $passwd unhashed password + /// \param $hash salted password hash + /// \returns true on success, false on error or if the password does not match + public static function passwdVerify($passwd,$hash) + { + //separate salt and hash + $splt=explode(" ",$hash); + if(count($splt)!=2){ + return false; + } + //redo calculation + $cmp=sha1($splt[0].$passwd); + //compare (tolower since we use string compare on a hex number) + return strtolower($cmp)==strtolower($splt[1]); + } }; /**dummy class used by browsed pages to represent the virtual web user*/ diff --git a/www/inc/rendering/cart_listing.php b/www/inc/rendering/cart_listing.php index f319c71..74b5784 100644 --- a/www/inc/rendering/cart_listing.php +++ b/www/inc/rendering/cart_listing.php @@ -51,7 +51,7 @@ static public function addVoucher() //get the cart $cartid=self::getOrCreateCart(); //find event - echo "checking"; +// echo "checking"; $vi=$basevars['inputnames']['voucher']; if(!isset($HTTPARGS[$vi])){ redirectHome(); @@ -60,7 +60,7 @@ static public function addVoucher() //price $prc=$HTTPARGS[$vi]; //add - echo "adding"; +// echo "adding"; WTrWebCartAddVoucher::execute($cartid,$prc); //go to the cart redirectHome(array("mode"=>"cart","cartid"=>$cartid)); @@ -276,15 +276,23 @@ static public function createVoucherOverview() return $p->render($list); } -/** creates an overview of known good voucher types +/** \page templates Templates +\section tpl_cout Checkout Variables -For templating info see \ref tpl_cart Cart Variables -and \ref tpl_base Base Variables -, however only the 'cart' variable itself is available from the Cart Variables. +The checkout.html template is used to render the current cart of the customer. + +\param cart an object of the web type WebCart (PHP: WOWebCart) that represents the entire cart of the user. */ -static public function orderLoginPage() + +/**renders the checkout page + +see the \ref tpl_cout Checkout Template +page for details */ +static public function checkout() { - global $twig,$basevars,$HTTPARGS; + global $twig,$basevars,$db; + //populate list + $list=$basevars; //get cart id and check it $cartid=self::getCart(); if($cartid==""){ @@ -299,81 +307,98 @@ static public function orderLoginPage() $p=$twig->loadTemplate("carterror.html"); return $p->render($basevars); } - $list=$basevars; - $list["cart"]=$cart; - $list["customer_name"]=""; - if(isset($HTTPARGS["customer_name"])) - $list["customer_name"]=$HTTPARGS["customer_name"]; - else{ - $cust=$cart->getcustomer(); - if(is_a($cust,"WOCustomer")) - $list["customer_name"]=$cust->getemail(); + //if empty: abort + if($cart->getisempty()){ + redirectHome(array("mode"=>"cart")); + return; } - //display - $p=$twig->loadTemplate("orderlogin.html"); - return $p->render($list); + //add cart object + $list["cart"]=$cart; + //render + return $twig->loadTemplate("checkout.html")->render($list); } - -/** \page templates Templates -\section tpl_logerr Login Error - -The loginerror.html template is used to render customer login and registering errors. - -\param errorType the type of error: "login" - the login failed (wrong mail or password), "exist" - an account with the same mail already exists, "mismatch" - the new passwords do no match -\param backUrl the URL to call back to the login page -*/ - -///renders a login error page, see \ref tpl_logerr Login Error Template -static private function loginError($errorType) +static public function changeAddressPage($mode) { - global $basevars,$HTTPARGS,$SERVER,$twig; - //find some basics - $vars=$basevars; - $vars["errorType"]=$errorType; - //construct URL back to login page - if(isset($_SERVER["HTTP_REFERER"])){ - $vars["backUrl"]=$_SERVER["HTTP_REFERER"]; - }else{ - $vars["backUrl"]=$basevars['script']['orderLogin']; + global $twig,$HTTPARGS,$db,$basevars; + //get customer + $cartid=self::getCart(); + if($cartid==""){ + redirectHome(); + return; } - if(strstr($vars["backUrl"],"?")===false) - $vars["backUrl"].="?"; - else - $vars["backUrl"].="&"; - $idx=$basevars['inputnames']['login']['name']; - $vars["backUrl"].=$idx."="; - if(isset($HTTPARGS[$idx]))$vars["backUrl"].=$HTTPARGS[$idx]; - //render page - $p=$twig->loadTemplate("loginerror.html"); - return $p->render($vars); -} - -///check the login of the customer, either forwards to the checkout page or shows the loginerror page -static public function checkOrderLogin() -{ - global $HTTPARGS,$db,$basevars; - //find customer - $nameidx=$basevars['inputnames']['login']['name']; - $passidx=$basevars['inputnames']['login']['passwd']; - if(!isset($HTTPARGS[$nameidx]) || !isset($HTTPARGS[$passidx])){ - return self::loginError("param"); + $ct=WTcart::getFromDB($cartid); + $cart=WOWebCart::fromTablecart($ct); + $cust=$cart->getcustomer(); + if(!is_a($cust,"WOCustomer")){ + //no customer: return to cart, something is very wrong + redirectHome(array("mode"=>"cart")); + return; } - $ct=WTcustomer::selectFromDB("email=".$db->escapeString($HTTPARGS[$nameidx])); - if(count($ct)<1){ - return self::loginError("login"); + //check whether we have arguments for setting + $setaddr=$basevars['inputnames']['address']['setaddress']; + if(isset($HTTPARGS[$setaddr])){ + $at=WTaddress::getFromDB($HTTPARGS['setaddr']); + if(!is_a($at,"WTaddress")){ + redirectHome(); + return; + } + //check it is part of the customer + $found=false; + foreach($cust->getaddresses() as $adr){ + if($adr->getaddressid() == $at->addressid){ + $found=true; + break; + } + } + if(!$found){ + redirectHome(); + return; + } + //set it + if($mode=='changeInvoiceAddress'){ + $ct->invoiceaddress=$at->addressid; + }else{ + $ct->deliveryaddress=$at->addressid; + } + $ct->update(); + redirectHome(array("mode"=>"checkout")); + return; } - //check password - $cust=WOCustomer::fromTablecustomer($ct[0]); - if(!$cust->checkPassword($HTTPARGS[$passidx])){ - return self::loginError("login"); + //check whether we have arguments for creating + $creat=$basevars['inputnames']['address']['createaddress']; + if(isset($HTTPARGS[$creat])){ + //create address + $at=WTaddress::newrow(); + $at->customerid=$cust->getid(); + $at->name=getHttpArg($basevars['inputnames']['address']['name']); + $at->addr1=getHttpArg($basevars['inputnames']['address']['addr1']); + $at->addr2=getHttpArg($basevars['inputnames']['address']['addr2']); + $at->city=getHttpArg($basevars['inputnames']['address']['city']); + $at->state=getHttpArg($basevars['inputnames']['address']['state']); + $at->countryid=getHttpArg($basevars['inputnames']['address']['country']); + $at->insert(); + //set it + if($mode=='changeInvoiceAddress'){ + $ct->invoiceaddress=$at->addressid; + }else{ + $ct->deliveryaddress=$at->addressid; + } + $ct->update(); + redirectHome(array("mode"=>"checkout")); + return; } + //render addresses + $list=$basevars; + $list['customer']=$cust; + $list['cart']=$cart; + $list['countries']=WOCountry::fromTableArraycountry(WTcountry::selectFromDB("")); + return $twig->loadTemplate('changeaddress.html')->render($list); } -static public function registerCustomer() +static public function placeOrder() { - global $HTTPARGS; - + die ("not implemented"); } //end of WebCart diff --git a/www/inc/rendering/event_listing.php b/www/inc/rendering/event_listing.php index 91dc774..64122b4 100644 --- a/www/inc/rendering/event_listing.php +++ b/www/inc/rendering/event_listing.php @@ -29,7 +29,7 @@ public static function createEventList() global $twig,$basevars,$session; //pass 1: get layout of single event - $p=$twig->loadTemplate("index.html"); + $p=$twig->loadTemplate("tickets.html"); $list=$basevars; $trn=WTrGetAllEvents::execute(); $events = $trn->resultevents(); diff --git a/www/inc/rendering/twig_extensions.php b/www/inc/rendering/twig_extensions.php index 3133d04..5bc9a66 100644 --- a/www/inc/rendering/twig_extensions.php +++ b/www/inc/rendering/twig_extensions.php @@ -47,13 +47,25 @@ class SmokeFilterExtension extends Twig_Extension public function getFilters() { return array( - 'isObject' => new Twig_Filter_Method($this, 'isObject'), + 'isObject' => new Twig_Filter_Method($this, 'isObjectTest'), 'isFalse' => new Twig_Filter_Method($this, 'isFalse'), + 'getClass' => new Twig_Filter_Method($this, 'getClass'), ); } - public function isObject($i){return is_a($i,"WObject");} + public function isObjectTest($i) + { + if(!is_object($i))return false; + return is_subclass_of($i,"WObject"); + } public function isFalse($i){return $i===false || $i === null;} + public function getClass($o) + { + if(is_object($o)) + return get_class($o); + else + return "basic:".gettype($o); + } public function getName() { diff --git a/www/inc/wext/customer.php b/www/inc/wext/customer.php index 8ac2d02..48e7cda 100644 --- a/www/inc/wext/customer.php +++ b/www/inc/wext/customer.php @@ -291,5 +291,200 @@ class WOCustomer extends WOCustomerAbstract //send mail mb_send_mail($ct->email,$subject,$mailtext,$mailheader); } + + /**page shown to the customer after clicking the password reset link above*/ + static public function resetLoginPage() + { + global $HTTPARGS,$twig,$basevars,$db; + $vars=$basevars; + //get customer and reset code + if(!isset($HTTPARGS['customer']) || !isset($HTTPARGS['passcode'])){ + $p=$twig->loadTemplate('reseterror.html'); + $vars['errorText']=tr("There is a problem with your mail client or your browser: please copy the URL into the browser manually and try again."); + return $p->render($vars); + } + //get customer + $cts=WTcustomer::selectFromDB("email=".$db->escapeString($HTTPARGS['customer'])); + if(count($cts)<1){ + $p=$twig->loadTemplate('reseterror.html'); + $vars['errorText']=tr("This user does not exist."); + return $p->render($vars); + } + $ct=$cts[0]; + //check passcode validity + if($db->isNull($ct->rsttill) || $db->isNull($ct->rstcode) || + $ct->rstcode!=$HTTPARGS['passcode'] || $ct->rsttill < time()){ + $p=$twig->loadTemplate('reseterror.html'); + $vars['errorText']=tr("The passcode supplied by your browser is either invalid or expired."); + return $p->render($vars); + } + //check for change request + $p1=$basevars['inputnames']['login']['passwd']; + $p2=$basevars['inputnames']['login']['passwdrepeat']; + if(isset($HTTPARGS[$p1]) && isset($HTTPARGS[$p2])){ + if($HTTPARGS[$p1] != $HTTPARGS[$p2] || $HTTPARGS[$p1] == ""){ + $p=$twig->loadTemplate('reseterror.html'); + $vars['errorText']=tr("The password does not match or is empty, please use the back button of your browser and try again."); + return $p->render($vars); + } + //set password + $ct->passwd=Session::passwdHash($HTTPARGS[$p1]); + $ct->rsttill=null; + $ct->rstcode=null; + $ct->update(); + $vars['passwdchanged']=true; + }else $vars['passwdchanged']=false; + //render page + $p=$twig->loadTemplate('resetlogin.html'); + $vars['customer']=WOCustomer::fromTablecustomer($ct); + $vars['customer_name']=$HTTPARGS['customer']; + $vars['passcode']=$HTTPARGS['passcode']; + return $p->render($vars); + } + + /** \page templates Templates + \section tpl_login Login Page + + The login.html template is used to render the customer login and registration page. + + \param script.customerLogin the page to call for logging in + \param script.customerRegistration the page to call for registering a new customer + \param customer_name the name of the customer (or an empty string if unknown) + */ + + /** creates a login page + + For templating info see \ref tpl_login Login Variables + and \ref tpl_base Base Variables. + */ + static public function loginPage($extension) + { + global $twig,$basevars,$HTTPARGS,$db; + //get cart id and check it + $cartid=WebCart::getCart(); + if($cartid==""){ + $p=$twig->loadTemplate("carterror.html"); + return $p->render($basevars); + } + + //cart is ok, now get the object + $cart = WOWebCart::fromTablecart(WTcart::getFromDB($cartid)); + if(!is_a($cart,"WOWebCart")){ + //ooops. internal problem + $p=$twig->loadTemplate("carterror.html"); + return $p->render($basevars); + } + $list=$basevars; + $list["cart"]=$cart; + $list["customer_name"]=""; + $list['script']['customerLogin']=$basevars['script']['customerLogin'.$extension]; + $list['script']['customerRegistration']=$basevars['script']['customerRegistration'.$extension]; + $list["customer_name"]=""; + if(isset($HTTPARGS["customer_name"])) + $list["customer_name"]=$HTTPARGS["customer_name"]; + else{ + //get cart id and check it + $cartid=WebCart::getCart(); + if($cartid!=""){ + //cart is ok, now get the object + $cart = WTcart::getFromDB($cartid); + $custid=$cart->customerid; + if(!$db->isNull($custid)){ + $cust=WTcustomer::getFromDB($custid); + $list["customer_name"]=$cust->email; + } + }else{ + //get session and check it + $sess=WOWebSession::getOrCreateWebSession(); + $cust=$sess->getcustomer(); + if(is_a("WOCustomer",$cust)) + $list["customer_name"]=$cust->getemail(); + } + } + //display + $p=$twig->loadTemplate("login.html"); + return $p->render($list); + } + + + /** \page templates Templates + \section tpl_logerr Login Error + + The loginerror.html template is used to render customer login and registering errors. + + \param errorType the type of error: "login" - the login failed (wrong mail or password), "exist" - an account with the same mail already exists, "mismatch" - the new passwords do no match + \param backUrl the URL to call back to the login page + */ + + ///renders a login error page, see \ref tpl_logerr Login Error Template + static private function loginError($errorType) + { + global $basevars,$HTTPARGS,$SERVER,$twig; + //find some basics + $vars=$basevars; + $vars["errorType"]=$errorType; + //construct URL back to login page + if(isset($_SERVER["HTTP_REFERER"])){ + $vars["backUrl"]=$_SERVER["HTTP_REFERER"]; + }else{ + //not really helpful, but nice for a fallback + $vars["backUrl"]=$basevars['script']['root']; + } + if(strstr($vars["backUrl"],"?")===false) + $vars["backUrl"].="?"; + else + $vars["backUrl"].="&"; + $idx=$basevars['inputnames']['login']['name']; + $vars["backUrl"].=$idx."="; + if(isset($HTTPARGS[$idx]))$vars["backUrl"].=$HTTPARGS[$idx]; + //render page + $p=$twig->loadTemplate("loginerror.html"); + return $p->render($vars); + } + + ///check the login of the customer, either forwards to the checkout page or shows the loginerror page + static public function checkLogin($next,$storeincart) + { + global $HTTPARGS,$db,$basevars; + //find customer + $nameidx=$basevars['inputnames']['login']['name']; + $passidx=$basevars['inputnames']['login']['passwd']; + if(!isset($HTTPARGS[$nameidx]) || !isset($HTTPARGS[$passidx])){ + return self::loginError("param"); + } + $ct=WTcustomer::selectFromDB("email=".$db->escapeString($HTTPARGS[$nameidx])); + if(count($ct)<1){ + return self::loginError("login"); + } + //check password + $ct=$ct[0]; + if(!Session::passwdVerify($HTTPARGS[$passidx],$ct->passwd)){ + return self::loginError("login"); + } + //store in cart + if($storeincart){ + $cartid=WebCart::getCart(); + if($cartid==""){ + $p=$twig->loadTemplate("carterror.html"); + return $p->render($basevars); + } + $cart=WTcart::getFromDB($cartid); + $cart->customerid=$ct->customerid; + $cart->update(); + } + //store in session + $sess=WOWebSession::getOrCreateWebSession(); + $st=WTwebsession::getFromDB($sess->getsessionid()); + $st->customerid=$ct->customerid; + $st->update(); + //go to checkout page + redirectHome(array("mode"=>$next)); + } + + static public function registerCustomer() + { + global $HTTPARGS,$db,$basevars; + die ("not implemented"); + } }; ?> \ No newline at end of file diff --git a/www/index.php b/www/index.php index 61b84c3..5a76b70 100644 --- a/www/index.php +++ b/www/index.php @@ -12,6 +12,13 @@ include('inc/loader_nonadmin.php'); $HTTPARGS=$_GET; foreach($_POST as $a=>$p)$HTTPARGS[$a]=$p; +function getHttpArg($name,$default=null) +{ + global $HTTPARGS; + if(isset($HTTPARGS[$name]))return $HTTPARGS[$name]; + return $default; +} + //set common basics $mode="index"; if(isset($_GET["mode"])){ @@ -68,13 +75,23 @@ try{ $page=WebCart::checkout(); break; case "orderLogin": - $page=WebCart::orderLoginPage(); + $page=WOCustomer::loginPage("Order"); + break; + case "customerLoginOrder": + $page=WOCustomer::checkLogin("checkout",true); break; - case "customerLogin": - $page=WebCart::checkOrderLogin(); + case "customerRegistrationOrder": + $page=WOCustomer::registerCustomer("checkout",true); break; - case "customerRegistration": - $page=WebCart::registerCustomer(); + case "changeDeliveryAddress": + case "changeInvoiceAddress": + $page=WebCart::changeAddressPage($mode); + break; + case 'placeOrder': + $page=WebCart::placeOrder(); + break; + case "customerResetLogin": + $page=WOCustomer::resetLoginPage(); break; /* case "orderOverview": orderTickets(); @@ -94,18 +111,24 @@ try{ case "compile": TemplateCompiler::execute(); break; + case "index": + $page=$twig->loadTemplate("index.html")->render($basevars); + break; default: $page=EventRender::createEventList(); break; } }catch(Exception $ex){ + //log to (Apache) log file error_log($ex->getMessage()); + //get error template (or fallback for it) try{ $p=$twig->loadTemplate("error.html"); }catch(Exception $ex2){ $twig->setLoader(new Twig_Loader_String); $p=$twig->loadTemplate("{{ErrorText}}

\n{{ErrorTrace}}\n
"); } + //show error or some excuse for not showing one $e=$basevars; if($WebShowErrors){ $e["ErrorText"]=$ex->getMessage(); diff --git a/www/template/en/changeaddress.html b/www/template/en/changeaddress.html new file mode 100644 index 0000000..9747ecb --- /dev/null +++ b/www/template/en/changeaddress.html @@ -0,0 +1,43 @@ +{# Example Template for MagicSmoke + ================================ + this one is called to select an address +#} +{% extends 'layout.html' %} + +{% block title %}Address Selection{% endblock %} + +{% block page %} +Cancel Address Selection + +

Select Existing Address

+ +
+{% for addr in customer.addresses %} + {{addr.name}}
+ {{addr.addr1}}
+ {{addr.addr2}}
+ {{addr.zipcode}} {{addr.city}}, {{addr.state}}
+ {{addr.country.name}}
+

+{% endfor %} +

+ +

Create New Address

+ +
+ + + + + + + +
Name:
Address Line 1:
Address Line 2:
City:
State:
Country:
+ +
+ +{% endblock page %} diff --git a/www/template/en/checkout.html b/www/template/en/checkout.html new file mode 100644 index 0000000..7653a60 --- /dev/null +++ b/www/template/en/checkout.html @@ -0,0 +1,96 @@ +{# Example Template for MagicSmoke + ================================ + this one is called to show the cart of a customer +#} +{% extends 'layout.html' %} + +{% block title %}Cart{% endblock %} + +{% block page %} + {# this just shows what is possible, we do not actually need to tell the user how secury it is...#} +

This is cart {{cart.cartid}}. It will expire {{cart.timeout|asDateTime}}.

+ +

Customer

+ + {{cart.customer.title}} {{cart.customer.name}}, {{cart.customer.firstname}} + +

Invoice Address

+ + {% if cart.invoiceaddress|isObject %} + {{cart.invoiceaddress.name}}
+ {{cart.invoiceaddress.addr1}}
+ {{cart.invoiceaddress.addr2}}
+ {{cart.invoiceaddress.zipcode}} {{cart.invoiceaddress.city}}, {{cart.invoiceaddress.state}}
+ {{cart.invoiceaddress.country.name}} + {% else %} + No invoice address. + {% endif %} + + Change Address + +

Delivery Address

+ + {% if cart.deliveryaddress|isObject %} + {{cart.deliveryaddress.name}}
+ {{cart.deliveryaddress.addr1}}
+ {{cart.deliveryaddress.addr2}}
+ {{cart.deliveryaddress.zipcode}} {{cart.deliveryaddress.city}}, {{cart.deliveryaddress.state}}
+ {{cart.deliveryaddress.country.name}} + {% else %} + Same as invoice address. + {% endif %} + + Change Address + +

Cart Items

+ {# build a table with all the items of this shopping cart: + this is the headline: #} + + + + {# go through tickets and render them #} + {% for ticket in cart.tickets %} + {% set pricesum=ticket.price * ticket.amount %} + + + + + + + {% endfor %} + + {# now go through vouchers #} + {% for voucher in cart.vouchers %} + + + + + + + {% endfor %} + + {# TODO: go through product items #} + + {# render the shipping option #} + {% if cart.shipping|isObject %} + + + + + {% else %} + + {% endif %} + + {# the overall sum of the above items... #} + + + {# end of the table #} +
ItemItem PriceAmountSum
Ticket: {{ticket.event.title}} ({{ticket.eventprice.pricecategory.name}}){{ticket.price|asMoney}}{{ticket.amount}}{{pricesum|asMoney}}
Voucher{{voucher.value|asMoney}}1{{voucher.value|asMoney}}
Shipping: {{cart.shipping.description}}{{cart.shipping.cost|asMoney}}1{{cart.shipping.cost|asMoney}}
No Shipping{{0|asMoney}}
Sum:{{cart.totalsum|asMoney}}
+ + {# actions the user may want to take #} +

Place Order

+ + {# in any case: allow the user to shop some more... #} +

Continue Shopping

+ +{% endblock page %} diff --git a/www/template/en/index.html b/www/template/en/index.html index 1b32945..95a058f 100644 --- a/www/template/en/index.html +++ b/www/template/en/index.html @@ -1,60 +1,20 @@ {# Example Template for MagicSmoke ================================ - this one is called to create the event list + this one is called to create the main index #} {% extends 'layout.html' %} -{% block title %}Overview{% endblock %} +{% block title %}Index{% endblock %} {% block page %} - {# we use this to show monthly date lines #} - {% set olddate = '00' %} - - {# go through all events that MagicSmoke gave us #} - {% for event in events %} - {# check whether it actually makes sense to show this event, we do not show any events that the user cannot get tickets for (however, we do show those which are sold out) #} - {% if event.canuse %} - {# show the monthly date line #} - {% set newdate = event.start|date('Y.m') %} - {% if newdate != olddate %} - - -

{{ event.start|date('F - Y') }}
- {% endif %} - {% set olddate = newdate %} - - {# show basic data about the event #} -

{{event.title}}

- {{event.start|asDateTime}}, {{event.room}}
- Artist: {{event.artist.name}}
- {# uncomment to show the full description - {{event.description}}
- #} - - {# show pricing options #} - Price: - {% for price in event.price %} - {% if price.canuse %} - {% if loop.index > 1 %},{% endif %} - {{price.price|asMoney}} ({{price.pricecategory.name}}) - {% endif %} - {% endfor %}
- - {# is it sold out? #} - {% if event.amountFree == 0 %} - Event sold out.
- {% else %} - {# only very few tickets left? #} - {% if event.amountFree <= 5 %} - Event almost sold out.
- {% endif %} - details/order tickets - {% endif %} - - {# end of event... #} - {% endif %} - {% endfor %} + {% endblock page %} diff --git a/www/template/en/layout.html b/www/template/en/layout.html index 28e3839..0c59936 100644 --- a/www/template/en/layout.html +++ b/www/template/en/layout.html @@ -8,7 +8,8 @@

-Ticket Shop | +Main Page | +Ticket Shop | Voucher Shop | Merchandising | My Shoping Cart diff --git a/www/template/en/login.html b/www/template/en/login.html new file mode 100644 index 0000000..8d2e21c --- /dev/null +++ b/www/template/en/login.html @@ -0,0 +1,89 @@ +{# Example Template for MagicSmoke + ================================ + this one is called to show the login page for a customer +#} +{% extends 'layout.html' %} + +{% block title %}Login{% endblock %} + +{% block page %} +I already have an account:

+ +{# the login dialog #} +

+
+ + + +
E-mail address:
Password:

+ +

+

+ +I do not have have an account yet:

+ +{# the create account dialog #} +

+
+ + + + +
E-mail address:
Select a Password:
Repeat Password:

+ + + + +
Title: + + +
+ Mr.
+ Mrs.
+ Herr
+ Frau +
+
Name:
First Name:

+ +

+
+ +


+{# in any case: allow the user to shop some more... #} +

Abort and Continue Shopping

+ +{# helper JavaScript: makes one or the other dialog visible #} + + +{% endblock page %} diff --git a/www/template/en/orderlogin.html b/www/template/en/orderlogin.html deleted file mode 100644 index 33c126f..0000000 --- a/www/template/en/orderlogin.html +++ /dev/null @@ -1,89 +0,0 @@ -{# Example Template for MagicSmoke - ================================ - this one is called to show the login page for a customer -#} -{% extends 'layout.html' %} - -{% block title %}Login{% endblock %} - -{% block page %} -I already have an account:

- -{# the login dialog #} -

-
- - - -
E-mail address:
Password:

- -

-

- -I do not have have an account yet:

- -{# the create account dialog #} -

-
- - - - -
E-mail address:
Select a Password:
Repeat Password:

- - - - -
Title: - - -
- Mr.
- Mrs.
- Herr
- Frau -
-
Name:
First Name:

- -

-
- -


-{# in any case: allow the user to shop some more... #} -

Abort and Continue Shopping

- -{# helper JavaScript: makes one or the other dialog visible #} - - -{% endblock page %} diff --git a/www/template/en/reseterror.html b/www/template/en/reseterror.html new file mode 100644 index 0000000..5b51263 --- /dev/null +++ b/www/template/en/reseterror.html @@ -0,0 +1,10 @@ + +Password Reset Error + +

Password Reset Error

+ +{{errorText}}

+ +


+Back to Index + \ No newline at end of file diff --git a/www/template/en/resetlogin.html b/www/template/en/resetlogin.html new file mode 100644 index 0000000..eff7543 --- /dev/null +++ b/www/template/en/resetlogin.html @@ -0,0 +1,30 @@ +{# Example Template for MagicSmoke + ================================ + this one is called to show the reset password page for a customer +#} +{% extends 'layout.html' %} + +{% block title %}Reset Password{% endblock %} + +{% block page %} +Hello {{customer.firstname}} {{customer.name}},
+ +{% if passwdchanged %} +you have successfully changed your password.

+ +Continue shopping +{% else %} +please enter a new password for yourself below:

+

+ + + + + + +
E-mail address:{{customer_name}}
New Password:
Repeat Password:

+ +

+{% endif %} + +{% endblock page %} diff --git a/www/template/en/tickets.html b/www/template/en/tickets.html new file mode 100644 index 0000000..1b32945 --- /dev/null +++ b/www/template/en/tickets.html @@ -0,0 +1,60 @@ +{# Example Template for MagicSmoke + ================================ + this one is called to create the event list +#} + +{% extends 'layout.html' %} + +{% block title %}Overview{% endblock %} + +{% block page %} + + {# we use this to show monthly date lines #} + {% set olddate = '00' %} + + {# go through all events that MagicSmoke gave us #} + {% for event in events %} + {# check whether it actually makes sense to show this event, we do not show any events that the user cannot get tickets for (however, we do show those which are sold out) #} + {% if event.canuse %} + {# show the monthly date line #} + {% set newdate = event.start|date('Y.m') %} + {% if newdate != olddate %} + + +

{{ event.start|date('F - Y') }}
+ {% endif %} + {% set olddate = newdate %} + + {# show basic data about the event #} +

{{event.title}}

+ {{event.start|asDateTime}}, {{event.room}}
+ Artist: {{event.artist.name}}
+ {# uncomment to show the full description + {{event.description}}
+ #} + + {# show pricing options #} + Price: + {% for price in event.price %} + {% if price.canuse %} + {% if loop.index > 1 %},{% endif %} + {{price.price|asMoney}} ({{price.pricecategory.name}}) + {% endif %} + {% endfor %}
+ + {# is it sold out? #} + {% if event.amountFree == 0 %} + Event sold out.
+ {% else %} + {# only very few tickets left? #} + {% if event.amountFree <= 5 %} + Event almost sold out.
+ {% endif %} + details/order tickets + {% endif %} + + {# end of event... #} + {% endif %} + {% endfor %} + +{% endblock page %} -- 1.7.2.5