https://github.com/opencart/opencart/issues/12661

opencart · Apr 28, 2024 · ec0e773 · ec0e773
1 parent 37cd824
commit ec0e773
Show file tree

Hide file tree

Showing 5 changed files with 60 additions and 131 deletions.
diff --git a/upload/admin/controller/sale/order.php b/upload/admin/controller/sale/order.php
@@ -475,9 +475,9 @@ protected function getList(): string {
 	/**
 	 * Info
 	 *
+	 * @return void
 	 * @throws \Exception
 	 *
-	 * @return void
 	 */
 	public function info(): void {
 		$this->load->language('sale/order');
@@ -1246,23 +1246,44 @@ public function info(): void {
 	 *
 	 * @Example
 	 *
-	 * $url = 'https://www.yourdomain.com/index.php?route=api/account/login&language=en-gb&store_id=0';
+	 * We create a hash from the data in a similar method to how amazon does things.
+	 *
+	 * $route    = 'api/order.save';
+	 * $username = 'API username';
+	 * $key      = 'API Key';
+	 * $domain   = 'www.yourdomain.com';
+	 * $store_id = 0;
+	 * $language = 'en-gb';
+	 * $time     = time();
+	 *
+	 * $string  = $route . "\n";
+	 * $string .= $username . "\n";
+	 * $string .= $domain . "\n";
+	 * $string .= $store_id . "\n";
+	 * $string .= $language . "\n";
+	 * $string .= json_encode($_POST) . "\n";
+	 * $string .= $time . "\n";
+	 *
+	 * $signature = base64_encode(hash_hmac('sha1', $string, $key, true));
 	 *
-	 * $request_data = [
-	 * 		'username' => 'Default',
-	 *		'key'      => ''
-	 * ];
+	 * Use this for remote calls
+	 *
+	 * $url  = '&username=' . urlencode($username);
+	 * $url .= '&store_id=' . $store_id;
+	 * $url .= '&language=' . $language;
+	 * $url .= '&time=' . $time;
+	 * $url .= '&signature=' . rawurlencode($signature);
 	 *
 	 * $curl = curl_init();
 	 *
-	 * curl_setopt($curl, CURLOPT_URL, $url);
+	 * curl_setopt($curl, CURLOPT_URL, 'https://' . $domain . '/index.php?route=' . $route . $url);
 	 * curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
 	 * curl_setopt($curl, CURLOPT_HEADER, false);
 	 * curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
 	 * curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 30);
 	 * curl_setopt($curl, CURLOPT_TIMEOUT, 30);
 	 * curl_setopt($curl, CURLOPT_POST, 1);
-	 * curl_setopt($curl, CURLOPT_POSTFIELDS, $request_data);
+	 * curl_setopt($curl, CURLOPT_POSTFIELDS, $_POST);
 	 *
 	 * $response = curl_exec($curl);
 	 *
@@ -1271,13 +1292,9 @@ public function info(): void {
 	 * curl_close($curl);
 	 *
 	 * if ($status == 200) {
-	 *		$api_token = json_decode($response, true);
-	 *
-	 * 		if (isset($api_token['api_token'])) {
-	 *
-	 * 			// You can now store the session cookie as a var in the your current session or some of persistent storage
-	 * 			$session_id = $api_token['api_token'];
-	 * 		}
+	 *      $response_info = json_decode($response, true);
+	 * } else {
+	 *      $response_info = [];
 	 * }
 	 *
 	 * @return void
@@ -1326,59 +1343,39 @@ public function call(): void {
 		if (!$json) {
 			$time = time();
 
+			// 1. Create a store instance using loader class to call controllers, models, views, libraries
+			$this->load->model('setting/store');
+
+			$store = $this->model_setting_store->createStoreInstance($store_id, $language, $session_id);
+
+			$store->config->set('config_store_id', $store_id);
+
 			// We create a hash from the data in a similar method to how amazon does things.
-			$string  = 'api/' . $call . "\n";
+			$string = 'api/' . $call . "\n";
 			$string .= $api_info['username'] . "\n";
 			$string .= $this->request->server['HTTP_HOST'] . "\n";
 			$string .= $store_id . "\n";
 			$string .= $language . "\n";
-			$string .= json_encode($this->reqest->post) . "\n";
+			$string .= json_encode($this->request->post) . "\n";
 			$string .= $time . "\n";
 
 			$signature = base64_encode(hash_hmac('sha1', $string, $api_info['key'], true));
 
-			$url  = '?route=api/' . $call;
-			$url .= '&username=' . urlencode($api_info['username']);
-			$url .= '&store_id=' . $store_id . "\n";
-			$url .= '&language=' . $language . "\n";
-			$url .= '&time=' . $time;
-			$url .= '&signature=' . rawurlencode($signature);
-
-			/*
-			$curl = curl_init(OPENCART_SERVER . 'index.php' . $url);
-
-			curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
-			curl_setopt($curl, CURLOPT_FORBID_REUSE, 1);
-			curl_setopt($curl, CURLOPT_FRESH_CONNECT, 1);
-			curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
+			// 2. Remove the unneeded keys
+			$request_data = $this->request->get;
 
-			$response = curl_exec($curl);
+			unset($request_data['call']);
+			unset($request_data['user_token']);
 
-			$status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
-
-			curl_close($curl);
-			*/
-
-			// 1. Create a store instance using loader class to call controllers, models, views, libraries
-			$this->load->model('setting/store');
-
-			$store = $this->model_setting_store->createStoreInstance($store_id, $language, $session_id);
-
-			$store->config->set('config_store_id', $store_id);
-
-			// 2. Add the request vars and remove the unneeded ones
-			$store->request->get = $this->request->get;
-			$store->request->post = $this->request->post;
+			$store->request->get = $request_data;
 
+			// 3. Add the request vars
 			$store->request->get['route'] = 'api/' . $call;
-
-
-			$store->request->get = string;
-
-
-			// 3. Remove the unneeded keys
-			unset($store->request->get['call']);
-			unset($store->request->get['user_token']);
+			$store->request->get['username'] = $api_info['username'];
+			$store->request->get['store_id'] = $store_id;
+			$store->request->get['language'] = $language;
+			$store->request->get['time'] = $time;
+			$store->request->get['signature'] = rawurlencode($signature);
 
 			// Call the required API controller
 			$store->load->controller($store->request->get['route']);

diff --git a/upload/admin/model/setting/store.php b/upload/admin/model/setting/store.php
@@ -258,7 +258,8 @@ public function createStoreInstance(int $store_id = 0, string $language = '', st
 			'startup/currency',
 			'startup/application',
 			'startup/startup',
-			'startup/event'
+			'startup/event',
+			'startup/api'
 		];
 
 		// Pre Actions

diff --git a/upload/admin/view/template/sale/order_info.twig b/upload/admin/view/template/sale/order_info.twig
@@ -1854,67 +1854,11 @@ $('#input-store').on('change', function(e) {
 $('#input-language').on('change', function(e) {
     e.preventDefault();
 
-    $.ajax({
-        url: 'index.php?route=sale/order.call&user_token={{ user_token }}&call=language&store_id=' + $('#input-store').val() + '&language=' + $('#input-language').val(),
-        type: 'post',
-        data: $('#form-language').serialize(),
-        dataType: 'json',
-        beforeSend: function() {
-            $('#input-language').prop('disabled', true);
-        },
-        complete: function() {
-            $('#input-language').prop('disabled', false);
-        },
-        success: function(json) {
-            $('.alert-dismissible').remove();
-
-            if (json['error']) {
-                $('#alert').prepend('<div class="alert alert-danger alert-dismissible"><i class="fa-solid fa-circle-exclamation"></i> ' + json['error'] + ' <button type="button" class="btn-close" data-bs-dismiss="alert"></button></div>');
-            }
-
-            if (json['success']) {
-                $('#alert').prepend('<div class="alert alert-success alert-dismissible"><i class="fa-solid fa-check-circle"></i> ' + json['success'] + ' <button type="button" class="btn-close" data-bs-dismiss="alert"></button></div>');
-
-                $('#button-refresh').trigger('click');
-            }
-        },
-        error: function(xhr, ajaxOptions, thrownError) {
-            console.log(thrownError + "\r\n" + xhr.statusText + "\r\n" + xhr.responseText);
-        }
-    });
 });
 
 $('#input-currency').on('change', function(e) {
     e.preventDefault();
 
-    $.ajax({
-        url: 'index.php?route=sale/order.call&user_token={{ user_token }}&call=currency&store_id=' + $('#input-store').val() + '&language=' + $('#input-language').val(),
-        type: 'post',
-        data: $('#form-currency').serialize(),
-        dataType: 'json',
-        beforeSend: function() {
-            $('#input-currency').prop('disabled', true);
-        },
-        complete: function() {
-            $('#input-currency').prop('disabled', false);
-        },
-        success: function(json) {
-            $('.alert-dismissible').remove();
-
-            if (json['error']) {
-                $('#alert').prepend('<div class="alert alert-danger alert-dismissible"><i class="fa-solid fa-circle-exclamation"></i> ' + json['error'] + ' <button type="button" class="btn-close" data-bs-dismiss="alert"></button></div>');
-            }
-
-            if (json['success']) {
-                $('#alert').prepend('<div class="alert alert-success alert-dismissible"><i class="fa-solid fa-check-circle"></i> ' + json['success'] + ' <button type="button" class="btn-close" data-bs-dismiss="alert"></button></div>');
-
-                $('#button-refresh').trigger('click');
-            }
-        },
-        error: function(xhr, ajaxOptions, thrownError) {
-            console.log(thrownError + "\r\n" + xhr.statusText + "\r\n" + xhr.responseText);
-        }
-    });
 });
 
 // Coupon
@@ -2247,6 +2191,8 @@ $('#form-payment-address').on('submit', function(e) {
             $('#button-payment-address').button('reset');
         },
         success: function(json) {
+            console.log(json);
+
             $('.alert-dismissible').remove();
             $('.is-invalid').removeClass('is-invalid');
             $('.invalid-feedback').removeClass('d-block');

diff --git a/upload/catalog/controller/startup/api.php b/upload/catalog/controller/startup/api.php
@@ -37,9 +37,9 @@ public function index(): ?\Opencart\System\Engine\Action {
 			if ($status) {
 				$this->load->model('user/api');
 
-				$api_info = $this->model_user_api->getApiByUSername((string)$this->request->get['username']);
+				$api_info = $this->model_user_api->getApiByUsername((string)$this->request->get['username']);
 
-				if ($api_info && $api_info['status']) {
+				if ($api_info) {
 					// Check if IP is allowed
 					$ip_data = [];
 

diff --git a/upload/catalog/model/account/api.php b/upload/catalog/model/account/api.php
@@ -14,27 +14,12 @@ class Api extends \Opencart\System\Engine\Model {
 	 *
 	 * @return array<string, mixed>
 	 */
-	public function login(string $username, string $key): array {
-		$query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "api` WHERE `username` = '" . $this->db->escape($username) . "' AND `key` = '" . $this->db->escape($key) . "' AND `status` = '1'");
+	public function getApiByUsername(string $username): array {
+		$query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "api` WHERE `username` = '" . $this->db->escape($username) . "' AND `status` = '1'");
 
 		return $query->row;
 	}
 
-	/**
-	 * Add Session
-	 *
-	 * @param int    $api_id
-	 * @param string $session_id
-	 * @param string $ip
-	 *
-	 * @return int
-	 */
-	public function addSession(int $api_id, string $session_id, string $ip): int {
-		$this->db->query("INSERT INTO `" . DB_PREFIX . "api_session` SET `api_id` = '" . (int)$api_id . "', `session_id` = '" . $this->db->escape($session_id) . "', `ip` = '" . $this->db->escape($ip) . "', `date_added` = NOW(), `date_modified` = NOW()");
-
-		return $this->db->getLastId();
-	}
-
 	/**
 	 * Get Ips
 	 *