diff --git a/upload/admin/controller/sale/order.php b/upload/admin/controller/sale/order.php
index bfb793e35ea..7f907df35e7 100644
--- a/upload/admin/controller/sale/order.php
+++ b/upload/admin/controller/sale/order.php
@@ -475,9 +475,9 @@ protected function getList(): string {
/**
* Info
*
+ * @return void
* @throws \Exception
*
- * @return void
*/
public function info(): void {
$this->load->language('sale/order');
@@ -1246,23 +1246,44 @@ public function info(): void {
*
* @Example
*
- * $url = 'https://www.yourdomain.com/index.php?route=api/account/login&language=en-gb&store_id=0';
+ * We create a hash from the data in a similar method to how amazon does things.
+ *
+ * $route = 'api/order.save';
+ * $username = 'API username';
+ * $key = 'API Key';
+ * $domain = 'www.yourdomain.com';
+ * $store_id = 0;
+ * $language = 'en-gb';
+ * $time = time();
+ *
+ * $string = $route . "\n";
+ * $string .= $username . "\n";
+ * $string .= $domain . "\n";
+ * $string .= $store_id . "\n";
+ * $string .= $language . "\n";
+ * $string .= json_encode($_POST) . "\n";
+ * $string .= $time . "\n";
+ *
+ * $signature = base64_encode(hash_hmac('sha1', $string, $key, true));
*
- * $request_data = [
- * 'username' => 'Default',
- * 'key' => ''
- * ];
+ * Use this for remote calls
+ *
+ * $url = '&username=' . urlencode($username);
+ * $url .= '&store_id=' . $store_id;
+ * $url .= '&language=' . $language;
+ * $url .= '&time=' . $time;
+ * $url .= '&signature=' . rawurlencode($signature);
*
* $curl = curl_init();
*
- * curl_setopt($curl, CURLOPT_URL, $url);
+ * curl_setopt($curl, CURLOPT_URL, 'https://' . $domain . '/index.php?route=' . $route . $url);
* curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
* curl_setopt($curl, CURLOPT_HEADER, false);
* curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, 0);
* curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 30);
* curl_setopt($curl, CURLOPT_TIMEOUT, 30);
* curl_setopt($curl, CURLOPT_POST, 1);
- * curl_setopt($curl, CURLOPT_POSTFIELDS, $request_data);
+ * curl_setopt($curl, CURLOPT_POSTFIELDS, $_POST);
*
* $response = curl_exec($curl);
*
@@ -1271,13 +1292,9 @@ public function info(): void {
* curl_close($curl);
*
* if ($status == 200) {
- * $api_token = json_decode($response, true);
- *
- * if (isset($api_token['api_token'])) {
- *
- * // You can now store the session cookie as a var in the your current session or some of persistent storage
- * $session_id = $api_token['api_token'];
- * }
+ * $response_info = json_decode($response, true);
+ * } else {
+ * $response_info = [];
* }
*
* @return void
@@ -1326,59 +1343,39 @@ public function call(): void {
if (!$json) {
$time = time();
+ // 1. Create a store instance using loader class to call controllers, models, views, libraries
+ $this->load->model('setting/store');
+
+ $store = $this->model_setting_store->createStoreInstance($store_id, $language, $session_id);
+
+ $store->config->set('config_store_id', $store_id);
+
// We create a hash from the data in a similar method to how amazon does things.
- $string = 'api/' . $call . "\n";
+ $string = 'api/' . $call . "\n";
$string .= $api_info['username'] . "\n";
$string .= $this->request->server['HTTP_HOST'] . "\n";
$string .= $store_id . "\n";
$string .= $language . "\n";
- $string .= json_encode($this->reqest->post) . "\n";
+ $string .= json_encode($this->request->post) . "\n";
$string .= $time . "\n";
$signature = base64_encode(hash_hmac('sha1', $string, $api_info['key'], true));
- $url = '?route=api/' . $call;
- $url .= '&username=' . urlencode($api_info['username']);
- $url .= '&store_id=' . $store_id . "\n";
- $url .= '&language=' . $language . "\n";
- $url .= '&time=' . $time;
- $url .= '&signature=' . rawurlencode($signature);
-
- /*
- $curl = curl_init(OPENCART_SERVER . 'index.php' . $url);
-
- curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);
- curl_setopt($curl, CURLOPT_FORBID_REUSE, 1);
- curl_setopt($curl, CURLOPT_FRESH_CONNECT, 1);
- curl_setopt($curl, CURLOPT_FOLLOWLOCATION, 1);
+ // 2. Remove the unneeded keys
+ $request_data = $this->request->get;
- $response = curl_exec($curl);
+ unset($request_data['call']);
+ unset($request_data['user_token']);
- $status = curl_getinfo($curl, CURLINFO_HTTP_CODE);
-
- curl_close($curl);
- */
-
- // 1. Create a store instance using loader class to call controllers, models, views, libraries
- $this->load->model('setting/store');
-
- $store = $this->model_setting_store->createStoreInstance($store_id, $language, $session_id);
-
- $store->config->set('config_store_id', $store_id);
-
- // 2. Add the request vars and remove the unneeded ones
- $store->request->get = $this->request->get;
- $store->request->post = $this->request->post;
+ $store->request->get = $request_data;
+ // 3. Add the request vars
$store->request->get['route'] = 'api/' . $call;
-
-
- $store->request->get = string;
-
-
- // 3. Remove the unneeded keys
- unset($store->request->get['call']);
- unset($store->request->get['user_token']);
+ $store->request->get['username'] = $api_info['username'];
+ $store->request->get['store_id'] = $store_id;
+ $store->request->get['language'] = $language;
+ $store->request->get['time'] = $time;
+ $store->request->get['signature'] = rawurlencode($signature);
// Call the required API controller
$store->load->controller($store->request->get['route']);
diff --git a/upload/admin/model/setting/store.php b/upload/admin/model/setting/store.php
index fd726e4e8fc..65d1a1307aa 100644
--- a/upload/admin/model/setting/store.php
+++ b/upload/admin/model/setting/store.php
@@ -258,7 +258,8 @@ public function createStoreInstance(int $store_id = 0, string $language = '', st
'startup/currency',
'startup/application',
'startup/startup',
- 'startup/event'
+ 'startup/event',
+ 'startup/api'
];
// Pre Actions
diff --git a/upload/admin/view/template/sale/order_info.twig b/upload/admin/view/template/sale/order_info.twig
index b02c84f9fb5..448647cfe39 100644
--- a/upload/admin/view/template/sale/order_info.twig
+++ b/upload/admin/view/template/sale/order_info.twig
@@ -1854,67 +1854,11 @@ $('#input-store').on('change', function(e) {
$('#input-language').on('change', function(e) {
e.preventDefault();
- $.ajax({
- url: 'index.php?route=sale/order.call&user_token={{ user_token }}&call=language&store_id=' + $('#input-store').val() + '&language=' + $('#input-language').val(),
- type: 'post',
- data: $('#form-language').serialize(),
- dataType: 'json',
- beforeSend: function() {
- $('#input-language').prop('disabled', true);
- },
- complete: function() {
- $('#input-language').prop('disabled', false);
- },
- success: function(json) {
- $('.alert-dismissible').remove();
-
- if (json['error']) {
- $('#alert').prepend(' ' + json['error'] + '
');
- }
-
- if (json['success']) {
- $('#alert').prepend(' ' + json['success'] + '
');
-
- $('#button-refresh').trigger('click');
- }
- },
- error: function(xhr, ajaxOptions, thrownError) {
- console.log(thrownError + "\r\n" + xhr.statusText + "\r\n" + xhr.responseText);
- }
- });
});
$('#input-currency').on('change', function(e) {
e.preventDefault();
- $.ajax({
- url: 'index.php?route=sale/order.call&user_token={{ user_token }}&call=currency&store_id=' + $('#input-store').val() + '&language=' + $('#input-language').val(),
- type: 'post',
- data: $('#form-currency').serialize(),
- dataType: 'json',
- beforeSend: function() {
- $('#input-currency').prop('disabled', true);
- },
- complete: function() {
- $('#input-currency').prop('disabled', false);
- },
- success: function(json) {
- $('.alert-dismissible').remove();
-
- if (json['error']) {
- $('#alert').prepend(' ' + json['error'] + '
');
- }
-
- if (json['success']) {
- $('#alert').prepend(' ' + json['success'] + '
');
-
- $('#button-refresh').trigger('click');
- }
- },
- error: function(xhr, ajaxOptions, thrownError) {
- console.log(thrownError + "\r\n" + xhr.statusText + "\r\n" + xhr.responseText);
- }
- });
});
// Coupon
@@ -2247,6 +2191,8 @@ $('#form-payment-address').on('submit', function(e) {
$('#button-payment-address').button('reset');
},
success: function(json) {
+ console.log(json);
+
$('.alert-dismissible').remove();
$('.is-invalid').removeClass('is-invalid');
$('.invalid-feedback').removeClass('d-block');
diff --git a/upload/catalog/controller/startup/api.php b/upload/catalog/controller/startup/api.php
index 7bf41b359b7..0d90b2d06bd 100644
--- a/upload/catalog/controller/startup/api.php
+++ b/upload/catalog/controller/startup/api.php
@@ -37,9 +37,9 @@ public function index(): ?\Opencart\System\Engine\Action {
if ($status) {
$this->load->model('user/api');
- $api_info = $this->model_user_api->getApiByUSername((string)$this->request->get['username']);
+ $api_info = $this->model_user_api->getApiByUsername((string)$this->request->get['username']);
- if ($api_info && $api_info['status']) {
+ if ($api_info) {
// Check if IP is allowed
$ip_data = [];
diff --git a/upload/catalog/model/account/api.php b/upload/catalog/model/account/api.php
index c68b0576ce1..84a32f0277a 100644
--- a/upload/catalog/model/account/api.php
+++ b/upload/catalog/model/account/api.php
@@ -14,27 +14,12 @@ class Api extends \Opencart\System\Engine\Model {
*
* @return array
*/
- public function login(string $username, string $key): array {
- $query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "api` WHERE `username` = '" . $this->db->escape($username) . "' AND `key` = '" . $this->db->escape($key) . "' AND `status` = '1'");
+ public function getApiByUsername(string $username): array {
+ $query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "api` WHERE `username` = '" . $this->db->escape($username) . "' AND `status` = '1'");
return $query->row;
}
- /**
- * Add Session
- *
- * @param int $api_id
- * @param string $session_id
- * @param string $ip
- *
- * @return int
- */
- public function addSession(int $api_id, string $session_id, string $ip): int {
- $this->db->query("INSERT INTO `" . DB_PREFIX . "api_session` SET `api_id` = '" . (int)$api_id . "', `session_id` = '" . $this->db->escape($session_id) . "', `ip` = '" . $this->db->escape($ip) . "', `date_added` = NOW(), `date_modified` = NOW()");
-
- return $this->db->getLastId();
- }
-
/**
* Get Ips
*