ContactController.php

1. <?php
2. /*
3. * 2007-2015 PrestaShop
4. *
5. * NOTICE OF LICENSE
6. *
7. * This source file is subject to the Open Software License (OSL 3.0)
8. * that is bundled with this package in the file LICENSE.txt.
9. * It is also available through the world-wide-web at this URL:
10. * http://opensource.org/licenses/osl-3.0.php
11. * If you did not receive a copy of the license and are unable to
12. * obtain it through the world-wide-web, please send an email
13. * to license@prestashop.com so we can send you a copy immediately.
14. *
15. * DISCLAIMER
16. *
17. * Do not edit or add to this file if you wish to upgrade PrestaShop to newer
18. * versions in the future. If you wish to customize PrestaShop for your
19. * needs please refer to http://www.prestashop.com for more information.
20. *
21. *  @author PrestaShop SA <contact@prestashop.com>
22. *  @copyright  2007-2015 PrestaShop SA
23. *  @license    http://opensource.org/licenses/osl-3.0.php  Open Software License (OSL 3.0)
24. *  International Registered Trademark & Property of PrestaShop SA
25. */
26.  
27. class ContactControllerCore extends FrontController
28. {
29.     public $php_self = 'contact';
30.     public $ssl = true;
31.  
32.     /**
33.     * Start forms process
34.     * @see FrontController::postProcess()
35.     */
36.     public function postProcess()
37.     {
38.         if (Tools::isSubmit('submitMessage')) {
39.             $extension = array('.txt', '.rtf', '.doc', '.docx', '.pdf', '.zip', '.png', '.jpeg', '.gif', '.jpg');
40.             $file_attachment = Tools::fileAttachment('fileUpload');
41.             $message = Tools::getValue('message'); // Html entities is not usefull, iscleanHtml check there is no bad html tags.
42.             if (!($from = trim(Tools::getValue('from'))) || !Validate::isEmail($from)) {
43.                 $this->errors[] = Tools::displayError('Invalid email address.');
44.             } elseif (!$message) {
45.                 $this->errors[] = Tools::displayError('The message cannot be blank.');
46.             } elseif (!Validate::isCleanHtml($message)) {
47.                 $this->errors[] = Tools::displayError('Invalid message');
48.             } elseif (!($id_contact = (int)Tools::getValue('id_contact')) || !(Validate::isLoadedObject($contact = new Contact($id_contact, $this->context->language->id)))) {
49.                 $this->errors[] = Tools::displayError('Please select a subject from the list provided. ');
50.             } elseif (!empty($file_attachment['name']) && $file_attachment['error'] != 0) {
51.                 $this->errors[] = Tools::displayError('An error occurred during the file-upload process.');
52.             } elseif (!empty($file_attachment['name']) && !in_array(Tools::strtolower(substr($file_attachment['name'], -4)), $extension) && !in_array(Tools::strtolower(substr($file_attachment['name'], -5)), $extension)) {
53.                 $this->errors[] = Tools::displayError('Bad file extension');
54.             } else {
55.                 $customer = $this->context->customer;
56.                 if (!$customer->id) {
57.                     $customer->getByEmail($from);
58.                 }
59.  
60.                 $id_order = (int)$this->getOrder();
61.  
62.                 if (!((
63.                         ($id_customer_thread = (int)Tools::getValue('id_customer_thread'))
64.                         && (int)Db::getInstance()->getValue('
65.                         SELECT cm.id_customer_thread FROM '._DB_PREFIX_.'customer_thread cm
66.                         WHERE cm.id_customer_thread = '.(int)$id_customer_thread.' AND cm.id_shop = '.(int)$this->context->shop->id.' AND token = \''.pSQL(Tools::getValue('token')).'\'')
67.                     ) || (
68.                         $id_customer_thread = CustomerThread::getIdCustomerThreadByEmailAndIdOrder($from, $id_order)
69.                     ))) {
70.                     $fields = Db::getInstance()->executeS('
71.                     SELECT cm.id_customer_thread, cm.id_contact, cm.id_customer, cm.id_order, cm.id_product, cm.email
72.                     FROM '._DB_PREFIX_.'customer_thread cm
73.                     WHERE email = \''.pSQL($from).'\' AND cm.id_shop = '.(int)$this->context->shop->id.' AND ('.
74.                         ($customer->id ? 'id_customer = '.(int)$customer->id.' OR ' : '').'
75.                         id_order = '.(int)$id_order.')');
76.                     $score = 0;
77.                     foreach ($fields as $key => $row) {
78.                         $tmp = 0;
79.                         if ((int)$row['id_customer'] && $row['id_customer'] != $customer->id && $row['email'] != $from) {
80.                             continue;
81.                         }
82.                         if ($row['id_order'] != 0 && $id_order != $row['id_order']) {
83.                             continue;
84.                         }
85.                         if ($row['email'] == $from) {
86.                             $tmp += 4;
87.                         }
88.                         if ($row['id_contact'] == $id_contact) {
89.                             $tmp++;
90.                         }
91.                         if (Tools::getValue('id_product') != 0 && $row['id_product'] == Tools::getValue('id_product')) {
92.                             $tmp += 2;
93.                         }
94.                         if ($tmp >= 5 && $tmp >= $score) {
95.                             $score = $tmp;
96.                             $id_customer_thread = $row['id_customer_thread'];
97.                         }
98.                     }
99.                 }
100.                 $old_message = Db::getInstance()->getValue('
101.                     SELECT cm.message FROM '._DB_PREFIX_.'customer_message cm
102.                     LEFT JOIN '._DB_PREFIX_.'customer_thread cc on (cm.id_customer_thread = cc.id_customer_thread)
103.                     WHERE cc.id_customer_thread = '.(int)$id_customer_thread.' AND cc.id_shop = '.(int)$this->context->shop->id.'
104.                     ORDER BY cm.date_add DESC');
105.                 if ($old_message == $message) {
106.                     $this->context->smarty->assign('alreadySent', 1);
107.                     $contact->email = '';
108.                     $contact->customer_service = 0;
109.                 }
110.  
111.                 if ($contact->customer_service) {
112.                     if ((int)$id_customer_thread) {
113.                         $ct = new CustomerThread($id_customer_thread);
114.                         $ct->status = 'open';
115.                         $ct->id_lang = (int)$this->context->language->id;
116.                         $ct->id_contact = (int)$id_contact;
117.                         $ct->id_order = (int)$id_order;
118.                         if ($id_product = (int)Tools::getValue('id_product')) {
119.                             $ct->id_product = $id_product;
120.                         }
121.                         $ct->update();
122.                     } else {
123.                         $ct = new CustomerThread();
124.                         if (isset($customer->id)) {
125.                             $ct->id_customer = (int)$customer->id;
126.                         }
127.                         $ct->id_shop = (int)$this->context->shop->id;
128.                         $ct->id_order = (int)$id_order;
129.                         if ($id_product = (int)Tools::getValue('id_product')) {
130.                             $ct->id_product = $id_product;
131.                         }
132.                         $ct->id_contact = (int)$id_contact;
133.                         $ct->id_lang = (int)$this->context->language->id;
134.                         $ct->email = $from;
135.                         $ct->status = 'open';
136.                         $ct->token = Tools::passwdGen(12);
137.                         $ct->add();
138.                     }
139.  
140.                     if ($ct->id) {
141.                         $cm = new CustomerMessage();
142.                         $cm->id_customer_thread = $ct->id;
143.                         $cm->message = $message;
144.                         if (isset($file_attachment['rename']) && !empty($file_attachment['rename']) && rename($file_attachment['tmp_name'], _PS_UPLOAD_DIR_.basename($file_attachment['rename']))) {
145.                             $cm->file_name = $file_attachment['rename'];
146.                             @chmod(_PS_UPLOAD_DIR_.basename($file_attachment['rename']), 0664);
147.                         }
148.                         $cm->ip_address = (int)ip2long(Tools::getRemoteAddr());
149.                         $cm->user_agent = $_SERVER['HTTP_USER_AGENT'];
150.                         if (!$cm->add()) {
151.                             $this->errors[] = Tools::displayError('An error occurred while sending the message.');
152.                         }
153.                     } else {
154.                         $this->errors[] = Tools::displayError('An error occurred while sending the message.');
155.                     }
156.                 }
157.  
158.                 if (!count($this->errors)) {
159.                     $var_list = array(
160.                                     '{order_name}' => '-',
161.                                     '{attached_file}' => '-',
162.                                     '{message}' => Tools::nl2br(stripslashes($message)),
163.                                     '{email}' =>  $from,
164.                                     '{product_name}' => '',
165.                                 );
166.  
167.                     if (isset($file_attachment['name'])) {
168.                         $var_list['{attached_file}'] = $file_attachment['name'];
169.                     }
170.  
171.                     $id_product = (int)Tools::getValue('id_product');
172.  
173.                     if (isset($ct) && Validate::isLoadedObject($ct) && $ct->id_order) {
174.                         $order = new Order((int)$ct->id_order);
175.                         $var_list['{order_name}'] = $order->getUniqReference();
176.                         $var_list['{id_order}'] = (int)$order->id;
177.                     }
178.  
179.                     if ($id_product) {
180.                         $product = new Product((int)$id_product);
181.                         if (Validate::isLoadedObject($product) && isset($product->name[Context::getContext()->language->id])) {
182.                             $var_list['{product_name}'] = $product->name[Context::getContext()->language->id];
183.                         }
184.                     }
185.  
186.                     if (empty($contact->email)) {
187.                         Mail::Send($this->context->language->id, 'contact_form', ((isset($ct) && Validate::isLoadedObject($ct)) ? sprintf(Mail::l('Your message has been correctly sent #ct%1$s #tc%2$s'), $ct->id, $ct->token) : Mail::l('Your message has been correctly sent')), $var_list, $from, null, null, null, $file_attachment);
188.                     } else {
189.                         if (!Mail::Send($this->context->language->id, 'contact', Mail::l('Message from contact form').($customer->id ? $customer->firstname.' '.$customer->lastname.' - '.(empty($customer->email)?$contact->email:$customer->email) : ''),
190.                             $var_list, $contact->email, $contact->name, null, null,
191.                                     $file_attachment, null,    _PS_MAIL_DIR_, false, null, null, $from) ||
192.                                 !Mail::Send($this->context->language->id, 'contact_form', ((isset($ct) && Validate::isLoadedObject($ct)) ? sprintf(Mail::l('Your message has been correctly sent #ct%1$s #tc%2$s'), $ct->id, $ct->token) : Mail::l('Your message has been correctly sent')), $var_list, $from, null, null, null, $file_attachment, null, _PS_MAIL_DIR_, false, null, null, $contact->email)) {
193.                             $this->errors[] = Tools::displayError('An error occurred while sending the message.');
194.                         }
195.                     }
196.                 }
197.  
198.                 if (count($this->errors) > 1) {
199.                     array_unique($this->errors);
200.                 } elseif (!count($this->errors)) {
201.                     $this->context->smarty->assign('confirmation', 1);
202.                 }
203.             }
204.         }
205.     }
206.  
207.     public function setMedia()
208.     {
209.         parent::setMedia();
210.         $this->addCSS(_THEME_CSS_DIR_.'contact-form.css');
211.         $this->addJS(_THEME_JS_DIR_.'contact-form.js');
212.         $this->addJS(_PS_JS_DIR_.'validate.js');
213.     }
214.  
215.     /**
216.     * Assign template vars related to page content
217.     * @see FrontController::initContent()
218.     */
219.     public function initContent()
220.     {
221.         parent::initContent();
222.  
223.         $this->assignOrderList();
224.  
225.         $email = Tools::safeOutput(Tools::getValue('from',
226.         ((isset($this->context->cookie) && isset($this->context->cookie->email) && Validate::isEmail($this->context->cookie->email)) ? $this->context->cookie->email : '')));
227.         $this->context->smarty->assign(array(
228.             'errors' => $this->errors,
229.             'email' => $email,
230.             'fileupload' => Configuration::get('PS_CUSTOMER_SERVICE_FILE_UPLOAD'),
231.             'max_upload_size' => (int)Tools::getMaxUploadSize()
232.         ));
233.  
234.         if (($id_customer_thread = (int)Tools::getValue('id_customer_thread')) && $token = Tools::getValue('token')) {
235.             $customer_thread = Db::getInstance()->getRow('
236.                 SELECT cm.*
237.                 FROM '._DB_PREFIX_.'customer_thread cm
238.                 WHERE cm.id_customer_thread = '.(int)$id_customer_thread.'
239.                 AND cm.id_shop = '.(int)$this->context->shop->id.'
240.                 AND token = \''.pSQL($token).'\'
241.             ');
242.  
243.             $order = new Order((int)$customer_thread['id_order']);
244.             if (Validate::isLoadedObject($order)) {
245.                 $customer_thread['reference'] = $order->getUniqReference();
246.             }
247.             $this->context->smarty->assign('customerThread', $customer_thread);
248.         }
249.  
250.         $this->context->smarty->assign(array(
251.             'contacts' => Contact::getContacts($this->context->language->id),
252.             'message' => html_entity_decode(Tools::getValue('message'))
253.         ));
254.  
255.         $this->setTemplate(_PS_THEME_DIR_.'contact-form.tpl');
256.     }
257.  
258.     /**
259.     * Assign template vars related to order list and product list ordered by the customer
260.     */
261.     protected function assignOrderList()
262.     {
263.         if ($this->context->customer->isLogged()) {
264.             $this->context->smarty->assign('isLogged', 1);
265.  
266.             $products = array();
267.             $result = Db::getInstance()->executeS('
268.             SELECT id_order
269.             FROM '._DB_PREFIX_.'orders
270.             WHERE id_customer = '.(int)$this->context->customer->id.Shop::addSqlRestriction(Shop::SHARE_ORDER).' ORDER BY date_add');
271.  
272.             $orders = array();
273.  
274.             foreach ($result as $row) {
275.                 $order = new Order($row['id_order']);
276.                 $date = explode(' ', $order->date_add);
277.                 $tmp = $order->getProducts();
278.                 foreach ($tmp as $key => $val) {
279.                     $products[$row['id_order']][$val['product_id']] = array('value' => $val['product_id'], 'label' => $val['product_name']);
280.                 }
281.  
282.                 $orders[] = array('value' => $order->id, 'label' => $order->getUniqReference().' - '.Tools::displayDate($date[0], null) , 'selected' => (int)$this->getOrder() == $order->id);
283.             }
284.  
285.             $this->context->smarty->assign('orderList', $orders);
286.             $this->context->smarty->assign('orderedProductList', $products);
287.         }
288.     }
289.  
290.     protected function getOrder()
291.     {
292.         $id_order = false;
293.         if (!is_numeric($reference = Tools::getValue('id_order'))) {
294.             $reference = ltrim($reference, '#');
295.             $orders = Order::getByReference($reference);
296.             if ($orders) {
297.                 foreach ($orders as $order) {
298.                     $id_order = (int)$order->id;
299.                     break;
300.                 }
301.             }
302.         } elseif (Order::getCartIdStatic((int)Tools::getValue('id_order'))) {
303.             $id_order = (int)Tools::getValue('id_order');
304.         }
305.         return (int)$id_order;
306.     }
307. }