<?phpclass ModelCheckoutOrder extends Model { public function addOrder(

1. <?php
2.  
3. class ModelCheckoutOrder extends Model {
4.  
5. public function addOrder($data) {
6.  
7. $this->db->query("INSERT INTO `" . DB_PREFIX . "order` SET invoice_prefix = '" . $this->db->escape($data['invoice_prefix']) . "', store_id = '" . (int)$data['store_id'] . "', store_name = '" . $this->db->escape($data['store_name']) . "', store_url = '" . $this->db->escape($data['store_url']) . "', customer_id = '" . (int)$data['customer_id'] . "', customer_group_id = '" . (int)$data['customer_group_id'] . "', firstname = '" . $this->db->escape($data['firstname']) . "', lastname = '" . $this->db->escape($data['lastname']) . "', email = '" . $this->db->escape($data['email']) . "', telephone = '" . $this->db->escape($data['telephone']) . "', fax = '" . $this->db->escape($data['fax']) . "', shipping_firstname = '" . $this->db->escape($data['shipping_firstname']) . "', shipping_lastname = '" . $this->db->escape($data['shipping_lastname']) . "', shipping_company = '" . $this->db->escape($data['shipping_company']) . "', shipping_address_1 = '" . $this->db->escape($data['shipping_address_1']) . "', shipping_address_2 = '" . $this->db->escape($data['shipping_address_2']) . "', shipping_city = '" . $this->db->escape($data['shipping_city']) . "', shipping_postcode = '" . $this->db->escape($data['shipping_postcode']) . "', shipping_country = '" . $this->db->escape($data['shipping_country']) . "', shipping_country_id = '" . (int)$data['shipping_country_id'] . "', shipping_zone = '" . $this->db->escape($data['shipping_zone']) . "', shipping_zone_id = '" . (int)$data['shipping_zone_id'] . "', shipping_address_format = '" . $this->db->escape($data['shipping_address_format']) . "', shipping_method = '" . $this->db->escape($data['shipping_method']) . "', shipping_code = '" . $this->db->escape($data['shipping_code']) . "', payment_firstname = '" . $this->db->escape($data['payment_firstname']) . "', payment_lastname = '" . $this->db->escape($data['payment_lastname']) . "', payment_company = '" . $this->db->escape($data['payment_company']) . "', payment_address_1 = '" . $this->db->escape($data['payment_address_1']) . "', payment_address_2 = '" . $this->db->escape($data['payment_address_2']) . "', payment_city = '" . $this->db->escape($data['payment_city']) . "', payment_postcode = '" . $this->db->escape($data['payment_postcode']) . "', payment_country = '" . $this->db->escape($data['payment_country']) . "', payment_country_id = '" . (int)$data['payment_country_id'] . "', payment_zone = '" . $this->db->escape($data['payment_zone']) . "', payment_zone_id = '" . (int)$data['payment_zone_id'] . "', payment_address_format = '" . $this->db->escape($data['payment_address_format']) . "', payment_method = '" . $this->db->escape($data['payment_method']) . "', payment_code = '" . $this->db->escape($data['payment_code']) . "', comment = '" . $this->db->escape($data['comment']) . "', total = '" . (float)$data['total'] . "', affiliate_id = '" . (int)$data['affiliate_id'] . "', commission = '" . (float)$data['commission'] . "', language_id = '" . (int)$data['language_id'] . "', currency_id = '" . (int)$data['currency_id'] . "', currency_code = '" . $this->db->escape($data['currency_code']) . "', currency_value = '" . (float)$data['currency_value'] . "', ip = '" . $this->db->escape($data['ip']) . "', forwarded_ip = '" . $this->db->escape($data['forwarded_ip']) . "', user_agent = '" . $this->db->escape($data['user_agent']) . "', accept_language = '" . $this->db->escape($data['accept_language']) . "', date_added = NOW(), date_modified = NOW()");
8.  
9.  
10.  
11. $order_id = $this->db->getLastId();
12.  
13.  
14.  
15. foreach ($data['products'] as $product) {
16.  
17. $this->db->query("INSERT INTO " . DB_PREFIX . "order_product SET order_id = '" . (int)$order_id . "', product_id = '" . (int)$product['product_id'] . "', name = '" . $this->db->escape($product['name']) . "', model = '" . $this->db->escape($product['model']) . "', quantity = '" . (int)$product['quantity'] . "', price = '" . (float)$product['price'] . "', total = '" . (float)$product['total'] . "', tax = '" . (float)$product['tax'] . "', reward = '" . (int)$product['reward'] . "'");
18.  
19.  
20.  
21. $order_product_id = $this->db->getLastId();
22.  
23.  
24.  
25. foreach ($product['option'] as $option) {
26.  
27. $this->db->query("INSERT INTO " . DB_PREFIX . "order_option SET order_id = '" . (int)$order_id . "', order_product_id = '" . (int)$order_product_id . "', product_option_id = '" . (int)$option['product_option_id'] . "', product_option_value_id = '" . (int)$option['product_option_value_id'] . "', name = '" . $this->db->escape($option['name']) . "', `value` = '" . $this->db->escape($option['value']) . "', `type` = '" . $this->db->escape($option['type']) . "'");
28.  
29. }
30.  
31.  
32.  
33. foreach ($product['download'] as $download) {
34.  
35. $this->db->query("INSERT INTO " . DB_PREFIX . "order_download SET order_id = '" . (int)$order_id . "', order_product_id = '" . (int)$order_product_id . "', name = '" . $this->db->escape($download['name']) . "', filename = '" . $this->db->escape($download['filename']) . "', mask = '" . $this->db->escape($download['mask']) . "', remaining = '" . (int)($download['remaining'] * $product['quantity']) . "'");
36.  
37. }
38.  
39. }
40.  
41.  
42.  
43. foreach ($data['vouchers'] as $voucher) {
44.  
45. $this->db->query("INSERT INTO " . DB_PREFIX . "order_voucher SET order_id = '" . (int)$order_id . "', description = '" . $this->db->escape($voucher['description']) . "', code = '" . $this->db->escape($voucher['code']) . "', from_name = '" . $this->db->escape($voucher['from_name']) . "', from_email = '" . $this->db->escape($voucher['from_email']) . "', to_name = '" . $this->db->escape($voucher['to_name']) . "', to_email = '" . $this->db->escape($voucher['to_email']) . "', voucher_theme_id = '" . (int)$voucher['voucher_theme_id'] . "', message = '" . $this->db->escape($voucher['message']) . "', amount = '" . (float)$voucher['amount'] . "'");
46.  
47. }
48.  
49.  
50.  
51. foreach ($data['totals'] as $total) {
52.  
53. $this->db->query("INSERT INTO " . DB_PREFIX . "order_total SET order_id = '" . (int)$order_id . "', code = '" . $this->db->escape($total['code']) . "', title = '" . $this->db->escape($total['title']) . "', text = '" . $this->db->escape($total['text']) . "', `value` = '" . (float)$total['value'] . "', sort_order = '" . (int)$total['sort_order'] . "'");
54.  
55. }
56.  
57.  
58.  
59. return $order_id;
60.  
61. }
62.  
63.  
64.  
65. public function getOrder($order_id) {
66.  
67. $order_query = $this->db->query("SELECT *, (SELECT os.name FROM `" . DB_PREFIX . "order_status` os WHERE os.order_status_id = o.order_status_id AND os.language_id = o.language_id) AS order_status FROM `" . DB_PREFIX . "order` o WHERE o.order_id = '" . (int)$order_id . "'");
68.  
69.  
70.  
71. if ($order_query->num_rows) {
72.  
73. $country_query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "country` WHERE country_id = '" . (int)$order_query->row['shipping_country_id'] . "'");
74.  
75.  
76.  
77. if ($country_query->num_rows) {
78.  
79. $shipping_iso_code_2 = $country_query->row['iso_code_2'];
80.  
81. $shipping_iso_code_3 = $country_query->row['iso_code_3'];
82.  
83. } else {
84.  
85. $shipping_iso_code_2 = '';
86.  
87. $shipping_iso_code_3 = '';
88.  
89. }
90.  
91.  
92.  
93. $zone_query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "zone` WHERE zone_id = '" . (int)$order_query->row['shipping_zone_id'] . "'");
94.  
95.  
96.  
97. if ($zone_query->num_rows) {
98.  
99. $shipping_zone_code = $zone_query->row['code'];
100.  
101. } else {
102.  
103. $shipping_zone_code = '';
104.  
105. }
106.  
107.  
108.  
109. $country_query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "country` WHERE country_id = '" . (int)$order_query->row['payment_country_id'] . "'");
110.  
111.  
112.  
113. if ($country_query->num_rows) {
114.  
115. $payment_iso_code_2 = $country_query->row['iso_code_2'];
116.  
117. $payment_iso_code_3 = $country_query->row['iso_code_3'];
118.  
119. } else {
120.  
121. $payment_iso_code_2 = '';
122.  
123. $payment_iso_code_3 = '';
124.  
125. }
126.  
127.  
128.  
129. $zone_query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "zone` WHERE zone_id = '" . (int)$order_query->row['payment_zone_id'] . "'");
130.  
131.  
132.  
133. if ($zone_query->num_rows) {
134.  
135. $payment_zone_code = $zone_query->row['code'];
136.  
137. } else {
138.  
139. $payment_zone_code = '';
140.  
141. }
142.  
143.  
144.  
145. $this->load->model('localisation/language');
146.  
147.  
148.  
149. $language_info = $this->model_localisation_language->getLanguage($order_query->row['language_id']);
150.  
151.  
152.  
153. if ($language_info) {
154.  
155. $language_code = $language_info['code'];
156.  
157. $language_filename = $language_info['filename'];
158.  
159. $language_directory = $language_info['directory'];
160.  
161. } else {
162.  
163. $language_code = '';
164.  
165. $language_filename = '';
166.  
167. $language_directory = '';
168.  
169. }
170.  
171.  
172.  
173. return array(
174.  
175. 'order_id' => $order_query->row['order_id'],
176.  
177. 'invoice_no' => $order_query->row['invoice_no'],
178.  
179. 'invoice_prefix' => $order_query->row['invoice_prefix'],
180.  
181. 'store_id' => $order_query->row['store_id'],
182.  
183. 'store_name' => $order_query->row['store_name'],
184.  
185. 'store_url' => $order_query->row['store_url'],
186.  
187. 'customer_id' => $order_query->row['customer_id'],
188.  
189. 'firstname' => $order_query->row['firstname'],
190.  
191. 'lastname' => $order_query->row['lastname'],
192.  
193. 'telephone' => $order_query->row['telephone'],
194.  
195. 'fax' => $order_query->row['fax'],
196.  
197. 'email' => $order_query->row['email'],
198.  
199. 'shipping_firstname' => $order_query->row['shipping_firstname'],
200.  
201. 'shipping_lastname' => $order_query->row['shipping_lastname'],
202.  
203. 'shipping_company' => $order_query->row['shipping_company'],
204.  
205. 'shipping_address_1' => $order_query->row['shipping_address_1'],
206.  
207. 'shipping_address_2' => $order_query->row['shipping_address_2'],
208.  
209. 'shipping_postcode' => $order_query->row['shipping_postcode'],
210.  
211. 'shipping_city' => $order_query->row['shipping_city'],
212.  
213. 'shipping_zone_id' => $order_query->row['shipping_zone_id'],
214.  
215. 'shipping_zone' => $order_query->row['shipping_zone'],
216.  
217. 'shipping_zone_code' => $shipping_zone_code,
218.  
219. 'shipping_country_id' => $order_query->row['shipping_country_id'],
220.  
221. 'shipping_country' => $order_query->row['shipping_country'],
222.  
223. 'shipping_iso_code_2' => $shipping_iso_code_2,
224.  
225. 'shipping_iso_code_3' => $shipping_iso_code_3,
226.  
227. 'shipping_address_format' => $order_query->row['shipping_address_format'],
228.  
229. 'shipping_method' => $order_query->row['shipping_method'],
230.  
231. 'payment_firstname' => $order_query->row['payment_firstname'],
232.  
233. 'payment_lastname' => $order_query->row['payment_lastname'],
234.  
235. 'payment_company' => $order_query->row['payment_company'],
236.  
237. 'payment_address_1' => $order_query->row['payment_address_1'],
238.  
239. 'payment_address_2' => $order_query->row['payment_address_2'],
240.  
241. 'payment_postcode' => $order_query->row['payment_postcode'],
242.  
243. 'payment_city' => $order_query->row['payment_city'],
244.  
245. 'payment_zone_id' => $order_query->row['payment_zone_id'],
246.  
247. 'payment_zone' => $order_query->row['payment_zone'],
248.  
249. 'payment_zone_code' => $payment_zone_code,
250.  
251. 'payment_country_id' => $order_query->row['payment_country_id'],
252.  
253. 'payment_country' => $order_query->row['payment_country'],
254.  
255. 'payment_iso_code_2' => $payment_iso_code_2,
256.  
257. 'payment_iso_code_3' => $payment_iso_code_3,
258.  
259. 'payment_address_format' => $order_query->row['payment_address_format'],
260.  
261. 'payment_method' => $order_query->row['payment_method'],
262.  
263. 'comment' => $order_query->row['comment'],
264.  
265. 'total' => $order_query->row['total'],
266.  
267. 'order_status_id' => $order_query->row['order_status_id'],
268.  
269. 'order_status' => $order_query->row['order_status'],
270.  
271. 'language_id' => $order_query->row['language_id'],
272.  
273. 'language_code' => $language_code,
274.  
275. 'language_filename' => $language_filename,
276.  
277. 'language_directory' => $language_directory,
278.  
279. 'currency_id' => $order_query->row['currency_id'],
280.  
281. 'currency_code' => $order_query->row['currency_code'],
282.  
283. 'currency_value' => $order_query->row['currency_value'],
284.  
285. 'ip' => $order_query->row['ip'],
286.  
287. 'forwarded_ip' => $order_query->row['forwarded_ip'],
288.  
289. 'user_agent' => $order_query->row['user_agent'],
290.  
291. 'accept_language' => $order_query->row['accept_language'],
292.  
293. 'date_modified' => $order_query->row['date_modified'],
294.  
295. 'date_added' => $order_query->row['date_added']
296.  
297. );
298.  
299. } else {
300.  
301. return false;
302.  
303. }
304.  
305. }
306.  
307.  
308.  
309. public function confirm($order_id, $order_status_id, $comment = '', $notify = false) {
310.  
311. $order_info = $this->getOrder($order_id);
312.  
313.  
314.  
315. if ($order_info && !$order_info['order_status_id']) {
316.  
317. // Fraud Detection
318.  
319. if ($this->config->get('config_fraud_detection')) {
320.  
321. $this->load->model('checkout/fraud');
322.  
323.  
324.  
325. $risk_score = $this->model_checkout_fraud->getFraudScore($order_info);
326.  
327.  
328.  
329. if ($risk_score > $this->config->get('config_fraud_score')) {
330.  
331. $order_status_id = $this->config->get('config_fraud_status_id');
332.  
333. }
334.  
335. }
336.  
337.  
338.  
339. // Blacklist
340.  
341. $status = false;
342.  
343.  
344.  
345. $this->load->model('account/customer');
346.  
347.  
348.  
349. if ($order_info['customer_id']) {
350.  
351. $results = $this->model_account_customer->getIps($order_info['customer_id']);
352.  
353.  
354.  
355. foreach ($results as $result) {
356.  
357. if ($this->model_account_customer->isBlacklisted($result['ip'])) {
358.  
359. $status = true;
360.  
361.  
362.  
363. break;
364.  
365. }
366.  
367. }
368.  
369. } else {
370.  
371. $status = $this->model_account_customer->isBlacklisted($order_info['ip']);
372.  
373. }
374.  
375.  
376.  
377. if ($status) {
378.  
379. $order_status_id = $this->config->get('config_order_status_id');
380.  
381. }
382.  
383.  
384.  
385. $this->db->query("UPDATE `" . DB_PREFIX . "order` SET order_status_id = '" . (int)$order_status_id . "', date_modified = NOW() WHERE order_id = '" . (int)$order_id . "'");
386.  
387.  
388.  
389. $this->db->query("INSERT INTO " . DB_PREFIX . "order_history SET order_id = '" . (int)$order_id . "', order_status_id = '" . (int)$order_status_id . "', notify = '1', comment = '" . $this->db->escape(($comment && $notify) ? $comment : '') . "', date_added = NOW()");
390.  
391.  
392.  
393. $order_product_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "order_product WHERE order_id = '" . (int)$order_id . "'");
394.  
395.  
396.  
397. foreach ($order_product_query->rows as $order_product) {
398.  
399. $this->db->query("UPDATE " . DB_PREFIX . "product SET quantity = (quantity - " . (int)$order_product['quantity'] . ") WHERE product_id = '" . (int)$order_product['product_id'] . "' AND subtract = '1'");
400.  
401.  
402.  
403. $order_option_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "order_option WHERE order_id = '" . (int)$order_id . "' AND order_product_id = '" . (int)$order_product['order_product_id'] . "'");
404.  
405.  
406.  
407. foreach ($order_option_query->rows as $option) {
408.  
409. $this->db->query("UPDATE " . DB_PREFIX . "product_option_value SET quantity = (quantity - " . (int)$order_product['quantity'] . ") WHERE product_option_value_id = '" . (int)$option['product_option_value_id'] . "' AND subtract = '1'");
410.  
411. }
412.  
413. }
414.  
415.  
416.  
417. $this->cache->delete('product');
418.  
419.  
420.  
421. // Downloads
422.  
423. $order_download_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "order_download WHERE order_id = '" . (int)$order_id . "'");
424.  
425.  
426.  
427. // Gift Voucher
428.  
429. $this->load->model('checkout/voucher');
430.  
431.  
432.  
433. $order_voucher_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "order_voucher WHERE order_id = '" . (int)$order_id . "'");
434.  
435.  
436.  
437. foreach ($order_voucher_query->rows as $order_voucher) {
438.  
439. $voucher_id = $this->model_checkout_voucher->addVoucher($order_id, $order_voucher);
440.  
441.  
442.  
443. $this->db->query("UPDATE " . DB_PREFIX . "order_voucher SET voucher_id = '" . (int)$voucher_id . "' WHERE order_voucher_id = '" . (int)$order_voucher['order_voucher_id'] . "'");
444.  
445. }
446.  
447.  
448.  
449. // Send out any gift voucher mails
450.  
451. if ($this->config->get('config_complete_status_id') == $order_status_id) {
452.  
453. $this->model_checkout_voucher->confirm($order_id);
454.  
455. }
456.  
457.  
458.  
459. // Order Totals
460.  
461. $order_total_query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "order_total` WHERE order_id = '" . (int)$order_id . "' ORDER BY sort_order ASC");
462.  
463.  
464.  
465. foreach ($order_total_query->rows as $order_total) {
466.  
467. $this->load->model('total/' . $order_total['code']);
468.  
469.  
470.  
471. if (method_exists($this->{'model_total_' . $order_total['code']}, 'confirm')) {
472.  
473. $this->{'model_total_' . $order_total['code']}->confirm($order_info, $order_total);
474.  
475. }
476.  
477. }
478.  
479.  
480.  
481. // Send out order confirmation mail
482.  
483. $language = new Language($order_info['language_directory']);
484.  
485. $language->load($order_info['language_filename']);
486.  
487. $language->load('mail/order');
488.  
489.  
490.  
491. $order_status_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "order_status WHERE order_status_id = '" . (int)$order_status_id . "' AND language_id = '" . (int)$order_info['language_id'] . "'");
492.  
493.  
494.  
495. if ($order_status_query->num_rows) {
496.  
497. $order_status = $order_status_query->row['name'];
498.  
499. } else {
500.  
501. $order_status = '';
502.  
503. }
504.  
505.  
506.  
507. $subject = sprintf($language->get('text_new_subject'), $order_info['store_name'], $order_id);
508.  
509.  
510.  
511. // HTML Mail
512.  
513. $template = new Template();
514.  
515.  
516.  
517. $template->data['title'] = sprintf($language->get('text_new_subject'), html_entity_decode($order_info['store_name'], ENT_QUOTES, 'UTF-8'), $order_id);
518.  
519.  
520.  
521. $template->data['text_greeting'] = sprintf($language->get('text_new_greeting'), html_entity_decode($order_info['store_name'], ENT_QUOTES, 'UTF-8'));
522.  
523. $template->data['text_link'] = $language->get('text_new_link');
524.  
525. $template->data['text_download'] = $language->get('text_new_download');
526.  
527. $template->data['text_order_detail'] = $language->get('text_new_order_detail');
528.  
529. $template->data['text_instruction'] = $language->get('text_new_instruction');
530.  
531. $template->data['text_order_id'] = $language->get('text_new_order_id');
532.  
533. $template->data['text_date_added'] = $language->get('text_new_date_added');
534.  
535. $template->data['text_payment_method'] = $language->get('text_new_payment_method');
536.  
537. $template->data['text_shipping_method'] = $language->get('text_new_shipping_method');
538.  
539. $template->data['text_email'] = $language->get('text_new_email');
540.  
541. $template->data['text_telephone'] = $language->get('text_new_telephone');
542.  
543. $template->data['text_ip'] = $language->get('text_new_ip');
544.  
545. $template->data['text_payment_address'] = $language->get('text_new_payment_address');
546.  
547. $template->data['text_shipping_address'] = $language->get('text_new_shipping_address');
548.  
549. $template->data['text_product'] = $language->get('text_new_product');
550.  
551. $template->data['text_model'] = $language->get('text_new_model');
552.  
553. $template->data['text_quantity'] = $language->get('text_new_quantity');
554.  
555. $template->data['text_price'] = $language->get('text_new_price');
556.  
557. $template->data['text_total'] = $language->get('text_new_total');
558.  
559. $template->data['text_footer'] = $language->get('text_new_footer');
560.  
561. $template->data['text_powered'] = $language->get('text_new_powered');
562.  
563.  
564.  
565. $template->data['logo'] = HTTP_IMAGE . $this->config->get('config_logo');
566.  
567. $template->data['store_name'] = $order_info['store_name'];
568.  
569. $template->data['store_url'] = $order_info['store_url'];
570.  
571. $template->data['customer_id'] = $order_info['customer_id'];
572.  
573. $template->data['link'] = $order_info['store_url'] . 'index.php?route=account/order/info&order_id=' . $order_id;
574.  
575.  
576.  
577. if ($order_download_query->num_rows) {
578.  
579. $template->data['download'] = $order_info['store_url'] . 'index.php?route=account/download';
580.  
581. } else {
582.  
583. $template->data['download'] = '';
584.  
585. }
586.  
587.  
588.  
589. $template->data['order_id'] = $order_id;
590.  
591. $template->data['date_added'] = date($language->get('date_format_short'), strtotime($order_info['date_added']));
592.  
593. $template->data['payment_method'] = $order_info['payment_method'];
594.  
595. $template->data['shipping_method'] = $order_info['shipping_method'];
596.  
597. $template->data['email'] = $order_info['email'];
598.  
599. $template->data['telephone'] = $order_info['telephone'];
600.  
601. $template->data['ip'] = $order_info['ip'];
602.  
603.  
604.  
605. if ($comment && $notify) {
606.  
607. $template->data['comment'] = nl2br($comment);
608.  
609. } else {
610.  
611. $template->data['comment'] = '';
612.  
613. }
614.  
615.  
616.  
617. if ($order_info['shipping_address_format']) {
618.  
619. $format = $order_info['shipping_address_format'];
620.  
621. } else {
622.  
623. $format = '{firstname} {lastname}' . "\n" . '{company}' . "\n" . '{address_1}' . "\n" . '{address_2}' . "\n" . '{city} {postcode}' . "\n" . '{zone}' . "\n" . '{country}';
624.  
625. }
626.  
627.  
628.  
629. $find = array(
630.  
631. '{firstname}',
632.  
633. '{lastname}',
634.  
635. '{company}',
636.  
637. '{address_1}',
638.  
639. '{address_2}',
640.  
641. '{city}',
642.  
643. '{postcode}',
644.  
645. '{zone}',
646.  
647. '{zone_code}',
648.  
649. '{country}'
650.  
651. );
652.  
653.  
654.  
655. $replace = array(
656.  
657. 'firstname' => $order_info['shipping_firstname'],
658.  
659. 'lastname' => $order_info['shipping_lastname'],
660.  
661. 'company' => $order_info['shipping_company'],
662.  
663. 'address_1' => $order_info['shipping_address_1'],
664.  
665. 'address_2' => $order_info['shipping_address_2'],
666.  
667. 'city' => $order_info['shipping_city'],
668.  
669. 'postcode' => $order_info['shipping_postcode'],
670.  
671. 'zone' => $order_info['shipping_zone'],
672.  
673. 'zone_code' => $order_info['shipping_zone_code'],
674.  
675. 'country' => $order_info['shipping_country']
676.  
677. );
678.  
679.  
680.  
681. $template->data['shipping_address'] = str_replace(array("\r\n", "\r", "\n"), '<br />', preg_replace(array("/\s\s+/", "/\r\r+/", "/\n\n+/"), '<br />', trim(str_replace($find, $replace, $format))));
682.  
683.  
684.  
685. if ($order_info['payment_address_format']) {
686.  
687. $format = $order_info['payment_address_format'];
688.  
689. } else {
690.  
691. $format = '{firstname} {lastname}' . "\n" . '{company}' . "\n" . '{address_1}' . "\n" . '{address_2}' . "\n" . '{city} {postcode}' . "\n" . '{zone}' . "\n" . '{country}';
692.  
693. }
694.  
695.  
696.  
697. $find = array(
698.  
699. '{firstname}',
700.  
701. '{lastname}',
702.  
703. '{company}',
704.  
705. '{address_1}',
706.  
707. '{address_2}',
708.  
709. '{city}',
710.  
711. '{postcode}',
712.  
713. '{zone}',
714.  
715. '{zone_code}',
716.  
717. '{country}'
718.  
719. );
720.  
721.  
722.  
723. $replace = array(
724.  
725. 'firstname' => $order_info['payment_firstname'],
726.  
727. 'lastname' => $order_info['payment_lastname'],
728.  
729. 'company' => $order_info['payment_company'],
730.  
731. 'address_1' => $order_info['payment_address_1'],
732.  
733. 'address_2' => $order_info['payment_address_2'],
734.  
735. 'city' => $order_info['payment_city'],
736.  
737. 'postcode' => $order_info['payment_postcode'],
738.  
739. 'zone' => $order_info['payment_zone'],
740.  
741. 'zone_code' => $order_info['payment_zone_code'],
742.  
743. 'country' => $order_info['payment_country']
744.  
745. );
746.  
747.  
748.  
749. $template->data['payment_address'] = str_replace(array("\r\n", "\r", "\n"), '<br />', preg_replace(array("/\s\s+/", "/\r\r+/", "/\n\n+/"), '<br />', trim(str_replace($find, $replace, $format))));
750.  
751.  
752.  
753. // Products
754.  
755. $template->data['products'] = array();
756.  
757.  
758.  
759. foreach ($order_product_query->rows as $product) {
760.  
761. $option_data = array();
762.  
763.  
764.  
765. $order_option_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "order_option WHERE order_id = '" . (int)$order_id . "' AND order_product_id = '" . (int)$product['order_product_id'] . "'");
766.  
767.  
768.  
769. foreach ($order_option_query->rows as $option) {
770.  
771. if ($option['type'] != 'file') {
772.  
773. $value = $option['value'];
774.  
775. } else {
776.  
777. $value = utf8_substr($option['value'], 0, utf8_strrpos($option['value'], '.'));
778.  
779. }
780.  
781.  
782.  
783. $option_data[] = array(
784.  
785. 'name' => $option['name'],
786.  
787. 'value' => (utf8_strlen($value) > 20 ? utf8_substr($value, 0, 20) . '..' : $value)
788.  
789. );
790.  
791. }
792.  
793.  
794.  
795. $template->data['products'][] = array(
796.  
797. 'name' => $product['name'],
798.  
799. 'model' => $product['model'],
800.  
801. 'option' => $option_data,
802.  
803. 'quantity' => $product['quantity'],
804.  
805. 'price' => $this->currency->format($product['price'], $order_info['currency_code'], $order_info['currency_value']),
806.  
807. 'total' => $this->currency->format($product['total'], $order_info['currency_code'], $order_info['currency_value'])
808.  
809. );
810.  
811. }
812.  
813.  
814.  
815. // Vouchers
816.  
817. $template->data['vouchers'] = array();
818.  
819.  
820.  
821. foreach ($order_voucher_query->rows as $voucher) {
822.  
823. $template->data['vouchers'][] = array(
824.  
825. 'description' => $voucher['description'],
826.  
827. 'amount' => $this->currency->format($voucher['amount'], $order_info['currency_code'], $order_info['currency_value']),
828.  
829. );
830.  
831. }
832.  
833.  
834.  
835. $template->data['totals'] = $order_total_query->rows;
836.  
837.  
838.  
839. if (file_exists(DIR_TEMPLATE . $this->config->get('config_template') . '/template/mail/order.tpl')) {
840.  
841. $html = $template->fetch($this->config->get('config_template') . '/template/mail/order.tpl');
842.  
843. } else {
844.  
845. $html = $template->fetch('default/template/mail/order.tpl');
846.  
847. }
848.  
849.  
850.  
851. // Text Mail
852.  
853. $text = sprintf($language->get('text_new_greeting'), html_entity_decode($order_info['store_name'], ENT_QUOTES, 'UTF-8')) . "\n\n";
854.  
855. $text .= $language->get('text_new_order_id') . ' ' . $order_id . "\n";
856.  
857. $text .= $language->get('text_new_date_added') . ' ' . date($language->get('date_format_short'), strtotime($order_info['date_added'])) . "\n";
858.  
859. $text .= $language->get('text_new_order_status') . ' ' . $order_status . "\n\n";
860.  
861.  
862.  
863. if ($comment && $notify) {
864.  
865. $text .= $language->get('text_new_instruction') . "\n\n";
866.  
867. $text .= $comment . "\n\n";
868.  
869. }
870.  
871.  
872.  
873. // Products
874.  
875. $text .= $language->get('text_new_products') . "\n";
876.  
877.  
878.  
879. foreach ($order_product_query->rows as $result) {
880.  
881. $text .= $result['quantity'] . 'x ' . $result['name'] . ' (' . $result['model'] . ') ' . html_entity_decode($this->currency->format($result['total'], $order_info['currency_code'], $order_info['currency_value']), ENT_NOQUOTES, 'UTF-8') . "\n";
882.  
883.  
884.  
885. $order_option_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "order_option WHERE order_id = '" . (int)$order_id . "' AND order_product_id = '" . $result['order_product_id'] . "'");
886.  
887.  
888.  
889. foreach ($order_option_query->rows as $option) {
890.  
891. $text .= chr(9) . '-' . $option['name'] . ' ' . (utf8_strlen($option['value']) > 20 ? utf8_substr($option['value'], 0, 20) . '..' : $option['value']) . "\n";
892.  
893. }
894.  
895. }
896.  
897.  
898.  
899. foreach ($order_voucher_query->rows as $voucher) {
900.  
901. $text .= '1x ' . $voucher['description'] . ' ' . $this->currency->format($voucher['amount'], $order_info['currency_code'], $order_info['currency_value']);
902.  
903. }
904.  
905.  
906.  
907. $text .= "\n";
908.  
909.  
910.  
911. $text .= $language->get('text_new_order_total') . "\n";
912.  
913.  
914.  
915. foreach ($order_total_query->rows as $result) {
916.  
917. $text .= $result['title'] . ': ' . html_entity_decode($result['text'], ENT_NOQUOTES, 'UTF-8') . "\n";
918.  
919. }
920.  
921.  
922.  
923. $text .= "\n";
924.  
925.  
926.  
927. if ($order_info['customer_id']) {
928.  
929. $text .= $language->get('text_new_link') . "\n";
930.  
931. $text .= $order_info['store_url'] . 'index.php?route=account/order/info&order_id=' . $order_id . "\n\n";
932.  
933. }
934.  
935.  
936.  
937. if ($order_download_query->num_rows) {
938.  
939. $text .= $language->get('text_new_download') . "\n";
940.  
941. $text .= $order_info['store_url'] . 'index.php?route=account/download' . "\n\n";
942.  
943. }
944.  
945.  
946.  
947. if ($order_info['comment']) {
948.  
949. $text .= $language->get('text_new_comment') . "\n\n";
950.  
951. $text .= $order_info['comment'] . "\n\n";
952.  
953. }
954.  
955.  
956.  
957. $text .= $language->get('text_new_footer') . "\n\n";
958.  
959.  
960.  
961. $mail = new Mail();
962.  
963. $mail->protocol = $this->config->get('config_mail_protocol');
964.  
965. $mail->parameter = $this->config->get('config_mail_parameter');
966.  
967. $mail->hostname = $this->config->get('config_smtp_host');
968.  
969. $mail->username = $this->config->get('config_smtp_username');
970.  
971. $mail->password = $this->config->get('config_smtp_password');
972.  
973. $mail->port = $this->config->get('config_smtp_port');
974.  
975. $mail->timeout = $this->config->get('config_smtp_timeout');
976.  
977. $mail->setTo($order_info['email']);
978.  
979. $mail->setFrom($this->config->get('config_email'));
980.  
981. $mail->setSender($order_info['store_name']);
982.  
983. $mail->setSubject(html_entity_decode($subject, ENT_QUOTES, 'UTF-8'));
984.  
985. $mail->setHtml($html);
986.  
987. $mail->setText(html_entity_decode($text, ENT_QUOTES, 'UTF-8'));
988.  
989. $mail->send();
990.  
991.  
992.  
993. // Admin Alert Mail
994.  
995. if ($this->config->get('config_alert_mail')) {
996.  
997. $subject = sprintf($language->get('text_new_subject'), html_entity_decode($this->config->get('config_name'), ENT_QUOTES, 'UTF-8'), $order_id);
998.  
999.  
1000.  
1001. // Text
1002.  
1003. $text = $language->get('text_new_received') . "\n\n";
1004.  
1005. $text .= $language->get('text_new_order_id') . ' ' . $order_id . "\n";
1006.  
1007. $text .= $language->get('text_new_date_added') . ' ' . date($language->get('date_format_short'), strtotime($order_info['date_added'])) . "\n";
1008.  
1009. $text .= $language->get('text_new_order_status') . ' ' . $order_status . "\n\n";
1010.  
1011. $text .= $language->get('text_new_products') . "\n";
1012.  
1013.  
1014.  
1015. foreach ($order_product_query->rows as $result) {
1016.  
1017. $text .= $result['quantity'] . 'x ' . $result['name'] . ' (' . $result['model'] . ') ' . html_entity_decode($this->currency->format($result['total'], $order_info['currency_code'], $order_info['currency_value']), ENT_NOQUOTES, 'UTF-8') . "\n";
1018.  
1019.  
1020.  
1021. $order_option_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "order_option WHERE order_id = '" . (int)$order_id . "' AND order_product_id = '" . $result['order_product_id'] . "'");
1022.  
1023.  
1024.  
1025. foreach ($order_option_query->rows as $option) {
1026.  
1027. if ($option['type'] != 'file') {
1028.  
1029. $value = $option['value'];
1030.  
1031. } else {
1032.  
1033. $value = utf8_substr($option['value'], 0, utf8_strrpos($option['value'], '.'));
1034.  
1035. }
1036.  
1037.  
1038.  
1039. $text .= chr(9) . '-' . $option['name'] . ' ' . (utf8_strlen($value) > 20 ? utf8_substr($value, 0, 20) . '..' : $value) . "\n";
1040.  
1041. }
1042.  
1043. }
1044.  
1045.  
1046.  
1047. foreach ($order_voucher_query->rows as $voucher) {
1048.  
1049. $text .= '1x ' . $voucher['description'] . ' ' . $this->currency->format($voucher['amount'], $order_info['currency_code'], $order_info['currency_value']);
1050.  
1051. }
1052.  
1053.  
1054.  
1055. $text .= "\n";
1056.  
1057.  
1058.  
1059. $text .= $language->get('text_new_order_total') . "\n";
1060.  
1061.  
1062.  
1063. foreach ($order_total_query->rows as $result) {
1064.  
1065. $text .= $result['title'] . ': ' . html_entity_decode($result['text'], ENT_NOQUOTES, 'UTF-8') . "\n";
1066.  
1067. }
1068.  
1069.  
1070.  
1071. $text .= "\n";
1072.  
1073.  
1074.  
1075. if ($order_info['comment']) {
1076.  
1077. $text .= $language->get('text_new_comment') . "\n\n";
1078.  
1079. $text .= $order_info['comment'] . "\n\n";
1080.  
1081. }
1082.  
1083.  
1084.  
1085. $mail = new Mail();
1086.  
1087. $mail->protocol = $this->config->get('config_mail_protocol');
1088.  
1089. $mail->parameter = $this->config->get('config_mail_parameter');
1090.  
1091. $mail->hostname = $this->config->get('config_smtp_host');
1092.  
1093. $mail->username = $this->config->get('config_smtp_username');
1094.  
1095. $mail->password = $this->config->get('config_smtp_password');
1096.  
1097. $mail->port = $this->config->get('config_smtp_port');
1098.  
1099. $mail->timeout = $this->config->get('config_smtp_timeout');
1100.  
1101. $mail->setTo($this->config->get('config_email'));
1102.  
1103. $mail->setFrom($this->config->get('config_email'));
1104.  
1105. $mail->setSender($order_info['store_name']);
1106.  
1107. $mail->setSubject(html_entity_decode($subject, ENT_QUOTES, 'UTF-8'));
1108.  
1109. $mail->setText(html_entity_decode($text, ENT_QUOTES, 'UTF-8'));
1110.  
1111. $mail->send();
1112.  
1113.  
1114.  
1115. // Send to additional alert emails
1116.  
1117. $emails = explode(',', $this->config->get('config_alert_emails'));
1118.  
1119.  
1120.  
1121. foreach ($emails as $email) {
1122.  
1123. if ($email && preg_match('/^[^\@]+@.*\.[a-z]{2,6}$/i', $email)) {
1124.  
1125. $mail->setTo($email);
1126.  
1127. $mail->send();
1128.  
1129. }
1130.  
1131. }
1132.  
1133. }
1134.  
1135. }
1136.  
1137. }
1138.  
1139.  
1140.  
1141. public function update($order_id, $order_status_id, $comment = '', $notify = false) {
1142.  
1143. $order_info = $this->getOrder($order_id);
1144.  
1145.  
1146.  
1147. if ($order_info && $order_info['order_status_id']) {
1148.  
1149. // Fraud Detection
1150.  
1151. if ($this->config->get('config_fraud_detection')) {
1152.  
1153. $this->load->model('checkout/fraud');
1154.  
1155.  
1156.  
1157. $risk_score = $this->model_checkout_fraud->getFraudScore($order_info);
1158.  
1159.  
1160.  
1161. if ($risk_score > $this->config->get('config_fraud_score')) {
1162.  
1163. $order_status_id = $this->config->get('config_fraud_status_id');
1164.  
1165. }
1166.  
1167. }
1168.  
1169.  
1170.  
1171. // Blacklist
1172.  
1173. $status = false;
1174.  
1175.  
1176.  
1177. if ($order_info['customer_id']) {
1178.  
1179. $this->load->model('account/customer');
1180.  
1181.  
1182.  
1183. $results = $this->model_account_customer->getIps($order_info['customer_id']);
1184.  
1185.  
1186.  
1187. foreach ($results as $result) {
1188.  
1189. if ($this->model_account_customer->isBlacklisted($result['ip'])) {
1190.  
1191. $status = true;
1192.  
1193.  
1194.  
1195. break;
1196.  
1197. }
1198.  
1199. }
1200.  
1201. } else {
1202.  
1203. $status = $this->model_account_customer->isBlacklisted($order_info['ip']);
1204.  
1205. }
1206.  
1207.  
1208.  
1209. if ($status) {
1210.  
1211. $order_status_id = $this->config->get('config_order_status_id');
1212.  
1213. }
1214.  
1215.  
1216.  
1217. $this->db->query("UPDATE `" . DB_PREFIX . "order` SET order_status_id = '" . (int)$order_status_id . "', date_modified = NOW() WHERE order_id = '" . (int)$order_id . "'");
1218.  
1219.  
1220.  
1221. $this->db->query("INSERT INTO " . DB_PREFIX . "order_history SET order_id = '" . (int)$order_id . "', order_status_id = '" . (int)$order_status_id . "', notify = '" . (int)$notify . "', comment = '" . $this->db->escape($comment) . "', date_added = NOW()");
1222.  
1223.  
1224.  
1225. // Send out any gift voucher mails
1226.  
1227. if ($this->config->get('config_complete_status_id') == $order_status_id) {
1228.  
1229. $this->load->model('checkout/voucher');
1230.  
1231.  
1232.  
1233. $this->model_checkout_voucher->confirm($order_id);
1234.  
1235. }
1236.  
1237.  
1238.  
1239. if ($notify) {
1240.  
1241. $language = new Language($order_info['language_directory']);
1242.  
1243. $language->load($order_info['language_filename']);
1244.  
1245. $language->load('mail/order');
1246.  
1247.  
1248.  
1249. $subject = sprintf($language->get('text_update_subject'), html_entity_decode($order_info['store_name'], ENT_QUOTES, 'UTF-8'), $order_id);
1250.  
1251.  
1252.  
1253. $message = $language->get('text_update_order') . ' ' . $order_id . "\n";
1254.  
1255. $message .= $language->get('text_update_date_added') . ' ' . date($language->get('date_format_short'), strtotime($order_info['date_added'])) . "\n\n";
1256.  
1257.  
1258.  
1259. $order_status_query = $this->db->query("SELECT * FROM " . DB_PREFIX . "order_status WHERE order_status_id = '" . (int)$order_status_id . "' AND language_id = '" . (int)$order_info['language_id'] . "'");
1260.  
1261.  
1262.  
1263. if ($order_status_query->num_rows) {
1264.  
1265. $message .= $language->get('text_update_order_status') . "\n\n";
1266.  
1267. $message .= $order_status_query->row['name'] . "\n\n";
1268.  
1269. }
1270.  
1271.  
1272.  
1273. if ($order_info['customer_id']) {
1274.  
1275. $message .= $language->get('text_update_link') . "\n";
1276.  
1277. $message .= $order_info['store_url'] . 'index.php?route=account/order/info&order_id=' . $order_id . "\n\n";
1278.  
1279. }
1280.  
1281.  
1282.  
1283. if ($comment) {
1284.  
1285. $message .= $language->get('text_update_comment') . "\n\n";
1286.  
1287. $message .= $comment . "\n\n";
1288.  
1289. }
1290.  
1291.  
1292.  
1293. $message .= $language->get('text_update_footer');
1294.  
1295.  
1296.  
1297. $mail = new Mail();
1298.  
1299. $mail->protocol = $this->config->get('config_mail_protocol');
1300.  
1301. $mail->parameter = $this->config->get('config_mail_parameter');
1302.  
1303. $mail->hostname = $this->config->get('config_smtp_host');
1304.  
1305. $mail->username = $this->config->get('config_smtp_username');
1306.  
1307. $mail->password = $this->config->get('config_smtp_password');
1308.  
1309. $mail->port = $this->config->get('config_smtp_port');
1310.  
1311. $mail->timeout = $this->config->get('config_smtp_timeout');
1312.  
1313. $mail->setTo($order_info['email']);
1314.  
1315. $mail->setFrom($this->config->get('config_email'));
1316.  
1317. $mail->setSender($order_info['store_name']);
1318.  
1319. $mail->setSubject(html_entity_decode($subject, ENT_QUOTES, 'UTF-8'));
1320.  
1321. $mail->setText(html_entity_decode($message, ENT_QUOTES, 'UTF-8'));
1322.  
1323. $mail->send();
1324.  
1325. }
1326.  
1327. }
1328.  
1329. }
1330.  
1331. }
1332.  
1333. ?>