Current File : /var/www/prestashop/modules/mbeshipping/controllers/front/mbeaction.php |
<?php
/**
* 2017-2022 PrestaShop
*
* NOTICE OF LICENSE
*
* This source file is subject to the Academic Free License (AFL 3.0)
* that is bundled with this package in the file LICENSE.txt.
* It is also available through the world-wide-web at this URL:
* http://opensource.org/licenses/afl-3.0.php
* If you did not receive a copy of the license and are unable to
* obtain it through the world-wide-web, please send an email
* to license@prestashop.com so we can send you a copy immediately.
*
* DISCLAIMER
*
* Do not edit or add to this file if you wish to upgrade PrestaShop to newer
* versions in the future. If you wish to customize PrestaShop for your
* needs please refer to http://www.prestashop.com for more information.
*
* @author MBE Worldwide
* @copyright 2017-2024 MBE Worldwide
* @license http://opensource.org/licenses/afl-3.0.php Academic Free License (AFL 3.0)
* International Registered Trademark & Property of MBE Worldwide
*/
use PrestaShop\Module\Mbeshipping\Helper\DataHelper;
use PrestaShop\Module\Mbeshipping\Ws;
if (!defined('_PS_VERSION_')) {
exit;
}
class MbeshippingMbeactionModuleFrontController extends ModuleFrontController
{
public function __construct()
{
if (\Tools::getIsset('files')) {
$files = \Tools::getValue('files');
if (count($files) > 1) {
$values = [];
foreach ($files as $file) {
// retrieve file path infos
$pathInfo = pathinfo($file);
// check whether file path is allowed or not
if (strpos($pathInfo['dirname'] . DIRECTORY_SEPARATOR, (new DataHelper())->getMediaPath()) !== 0) {
http_response_code(403);
die('Forbidden');
}
// check whether file extension is allowed or not
if (!in_array($pathInfo['extension'], ['gif', 'html', 'pdf'])) {
http_response_code(403);
die('Forbidden');
}
// check whether file path is readable
if (!is_readable($file)) {
http_response_code(403);
die('Forbidden');
}
$values[] = $pathInfo['basename'];
}
$dir = (new DataHelper())->getMediaPath();
$path = $dir . 'compressed.zip';
if (file_exists($path)) {
unlink($path);
}
chdir($dir);
$archive = new PclZip($path);
$response = $archive->create($values);
if ($response == 0) {
die('[ERROR] PclZip : ' . $archive->errorInfo(true));
}
if (headers_sent()) {
die('HTTP header already sent');
}
if (!is_file($path)) {
http_response_code(404);
die('File not found');
}
if (!is_readable($path)) {
http_response_code(403);
die('File not readable');
}
http_response_code(200);
header("Content-Type: application/zip");
header("Content-Transfer-Encoding: Binary");
header("Content-Length: " . filesize($path));
header("Content-Disposition: attachment; filename=\"" . basename($path) . "\"");
if (ob_get_length() > 0) {
ob_clean();
}
flush();
readfile($path);
exit;
} else {
$file = $files[0];
// retrieve file path infos
$pathInfo = pathinfo($file);
// check whether file path is allowed or not
if (strpos($pathInfo['dirname'] . DIRECTORY_SEPARATOR, (new DataHelper())->getMediaPath()) !== 0) {
http_response_code(403);
die('Forbidden');
}
// check whether file extension is allowed or not
if (!in_array($pathInfo['extension'], ['gif', 'html', 'pdf'])) {
http_response_code(403);
die('Forbidden');
}
// check whether file path is readable
if (!is_readable($file)) {
http_response_code(403);
die('Forbidden');
}
switch ($pathInfo['extension']) {
case 'html':
header("Content-Disposition:inline;filename=\"" . $pathInfo['basename'] . "\"");
header("Content-length: " . filesize($file));
if (ob_get_length() > 0) {
ob_clean();
}
flush();
readfile($file);
exit;
case 'gif':
header("Content-type:image/gif");
header("Content-Disposition:inline;filename=\"" . $pathInfo['basename'] . "\"");
header("Content-length: " . filesize($file));
if (ob_get_length() > 0) {
ob_clean();
}
flush();
readfile($file);
exit;
default:
header("Content-type:application/pdf");
header("Content-Disposition:inline;filename=\"" . $pathInfo['basename'] . "\"");
header("Content-length: " . filesize($file));
if (ob_get_length() > 0) {
ob_clean();
}
flush();
readfile($file);
exit;
}
}
}
if (\Tools::getIsset('close')) {
if (\Configuration::get('shipments_closure_mode') == DataHelper::MBE_CLOSURE_MODE_AUTOMATICALLY) {
$ws = new Ws();
if ($ws->mustCloseShipments()) {
define('PS_MBE_SCRIPT', true);
$toClosedIds = array();
$alreadyClosedIds = array();
$withoutTracking = array();
$helper = new DataHelper();
if ($helper->isEnabledCustomMapping()) {
$customMapping = $helper->getCustomMappingCarriers();
$sql = 'SELECT o.`id_order` FROM ' . _DB_PREFIX_ . 'orders as a LEFT JOIN `' . _DB_PREFIX_ . 'customer` c ON (c.`id_customer` = a.`id_customer`) LEFT JOIN `' . _DB_PREFIX_ . 'orders` o ON (o.`id_order` = a.`id_order`) INNER JOIN `' . _DB_PREFIX_ . 'order_carrier` oc ON (o.`id_order` = oc.`id_order`) AND (oc.`id_carrier` IN (' . implode(array_map('pSQL', $customMapping), ',') . ') OR oc.`id_carrier` IN (SELECT `id_carrier` from `' . _DB_PREFIX_ . 'carrier` where `external_module_name` = "mbeshipping")) INNER JOIN `' . _DB_PREFIX_ . 'carrier` ca ON (ca.`id_carrier` = oc.`id_carrier`)';
} else {
$sql = 'SELECT o.`id_order` FROM ' . _DB_PREFIX_ . 'orders as a LEFT JOIN `' . _DB_PREFIX_ . 'customer` c ON (c.`id_customer` = a.`id_customer`) LEFT JOIN `' . _DB_PREFIX_ . 'orders` o ON (o.`id_order` = a.`id_order`) INNER JOIN `' . _DB_PREFIX_ . 'order_carrier` oc ON (o.`id_order` = oc.`id_order`) AND oc.`id_carrier` IN (SELECT `id_carrier` from `' . _DB_PREFIX_ . 'carrier` where `external_module_name` = "mbeshipping") INNER JOIN `' . _DB_PREFIX_ . 'carrier` ca ON (ca.`id_carrier` = oc.`id_carrier`)';
}
$results = \Db::getInstance()->executeS($sql);
$boxes = array();
foreach ($results as $r) {
$boxes[] = $r['id_order'];
}
foreach ($boxes as $shipmentId) {
if (!$helper->hasTracking($shipmentId)) {
$withoutTracking[] = $shipmentId;
} elseif ($helper->isShippingOpen($shipmentId)) {
$toClosedIds[] = $shipmentId;
} else {
$alreadyClosedIds[] = $shipmentId;
}
}
$ws->closeShipping($toClosedIds);
if (count($withoutTracking) > 0) {
echo sprintf(('%s - Total of %d order(s) without tracking number yet.'), date('Y-m-d H:i:s'), count($withoutTracking)) . "\n";
}
if (count($toClosedIds) > 0) {
echo sprintf(('%s - Total of %d order(s) have been closed.'), date('Y-m-d H:i:s'), count($toClosedIds)) . "\n";
}
if (count($alreadyClosedIds) > 0) {
echo sprintf(('%s - Total of %d order(s) was already closed'), date('Y-m-d H:i:s'), count($alreadyClosedIds)) . "\n";
}
}
} else {
echo 'You selected manually mode in the configuration';
}
}
}
}