https://github.com/opencart/opencart/issues/12661

upload/admin/controller/sale/order.php

@@ -1182,6 +1182,58 @@ public function info(): void {
 			$data['date_modified'] = date($this->language->get('date_format_short'), time());
 		}
 
+
+		/*
+		// Delete any old session
+		if (isset($this->session->data['api_session'])) {
+			$session = new \Opencart\System\Library\Session($this->config->get('session_engine'), $this->registry);
+			$session->start($this->session->data['api_session']);
+			$session->destroy();
+		}
+
+		// 3. To use the order API it requires an API ID.
+		$store->session->data['api_id'] = (int)$this->config->get('config_api_id');
+		*/
+
+		if (isset($this->session->data['api_session'])) {
+			$session_id = (string)$this->session->data['api_session'];
+		} else {
+			$session_id = '';
+		}
+
+		$this->load->model('setting/store');
+
+		// 1. Create a store instance using loader class to call controllers, models, views, libraries
+		$store = $this->model_setting_store->createStoreInstance($store_id, $language, $session_id);
+
+		// Set the store ID
+		$store->config->set('config_store_id', $store_id);
+
+		// 2. Store the new session ID so we are not creating new session on every page load
+		if (!$session_id) {
+			$this->session->data['api_session'] = $store->session->getId();
+		}
+
+		// 2. Remove the unneeded keys
+		$request_data = $this->request->get;
+
+		unset($request_data['call']);
+		unset($request_data['user_token']);
+
+		$store->request->get = $request_data;
+
+		// 3. Add the request GET vars
+		$store->request->get['route'] = 'api/order.load';
+		$store->request->get['language'] = $language;
+
+		// 4. Add the request POST var
+		$store->request->post = $this->request->post;
+
+		// Call the required API controller
+		$store->load->controller($store->request->get['route']);
+
+		$output = $store->response->getOutput();
+
 		// Histories
 		$data['history'] = $this->getHistory();
 
@@ -1221,7 +1273,7 @@ public function info(): void {
 	 *
 	 * $signature = base64_encode(hash_hmac('sha1', $string, $key, true));
 	 *
-	 * Use this for remote calls
+	 * // Use this for remote calls
 	 *
 	 * $url  = '&username=' . urlencode($username);
 	 * $url .= '&store_id=' . $store_id;
@@ -1302,8 +1354,6 @@ public function call(): void {
 			// 3. To use the order API it requires an API ID.
 			$store->session->data['api_id'] = (int)$this->config->get('config_api_id');
 			*/
-			$time = time();
-
 
 			if (isset($this->session->data['api_session'])) {
 				$session_id = (string)$this->session->data['api_session'];

upload/admin/model/user/api.php

@@ -40,7 +40,7 @@ public function addApi(array $data): int {
 	public function editApi(int $api_id, array $data): void {
 		$this->db->query("UPDATE `" . DB_PREFIX . "api` SET `username` = '" . $this->db->escape((string)$data['username']) . "', `key` = '" . $this->db->escape((string)$data['key']) . "', `status` = '" . (bool)($data['status'] ?? 0) . "', `date_modified` = NOW() WHERE `api_id` = '" . (int)$api_id . "'");
 
-		$this->deleteIp($api_id);
+		$this->deleteIps($api_id);
 
 		if (isset($data['api_ip'])) {
 			foreach ($data['api_ip'] as $ip) {
@@ -60,6 +60,8 @@ public function editApi(int $api_id, array $data): void {
 	 */
 	public function deleteApi(int $api_id): void {
 		$this->db->query("DELETE FROM `" . DB_PREFIX . "api` WHERE `api_id` = '" . (int)$api_id . "'");
+
+		$this->deleteIps($api_id);
 	}
 
 	/**

upload/admin/view/template/sale/order_info.twig

@@ -1056,7 +1056,8 @@
           </div>
 
           <div class="mb-3 required">
-            <label for="input-shipping-zone" class="form-label">{{ entry_zone }}</label> <select name="zone_id" id="input-shipping-zone" class="form-select"></select>
+            <label for="input-shipping-zone" class="form-label">{{ entry_zone }}</label>
+            <select name="zone_id" id="input-shipping-zone" class="form-select"></select>
             <div id="error-shipping-zone" class="invalid-feedback"></div>
           </div>
 

upload/system/library/cart/cart.php

@@ -53,17 +53,10 @@ public function __construct(\Opencart\System\Engine\Registry $registry) {
 
 		if ($this->customer->isLogged()) {
 			// We want to change the session ID on all the old items in the customers cart
-			//$this->db->query("UPDATE `" . DB_PREFIX . "cart` SET `session_id` = '" . $this->db->escape($this->session->getId()) . "' WHERE `customer_id` = '" . (int)$this->customer->getId() . "'");
+			$this->db->query("UPDATE `" . DB_PREFIX . "cart` SET `session_id` = '" . $this->db->escape($this->session->getId()) . "' AND `date_added` = NOW() WHERE `store_id` = '" . (int)$this->config->get('config_store_id') . "' AND `customer_id` = '" . (int)$this->customer->getId() . "'");
 
 			// Once the customer is logged in we want to update the customers cart
-			$cart_query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "cart` WHERE `store_id` = '" . (int)$this->config->get('config_store_id') . "' AND `customer_id` = '0' AND `session_id` = '" . $this->db->escape($this->session->getId()) . "'");
-
-			foreach ($cart_query->rows as $cart) {
-				$this->db->query("DELETE FROM `" . DB_PREFIX . "cart` WHERE `cart_id` = '" . (int)$cart['cart_id'] . "' AND `store_id` = '" . (int)$this->config->get('config_store_id') . "'");
-
-				// The advantage of using $this->add is that it will check if the products already exist and increase the quantity if necessary.
-				$this->add($cart['product_id'], $cart['quantity'], json_decode($cart['option'], true), $cart['subscription_plan_id'], $cart['override'], $cart['price']);
-			}
+			$this->db->query("UPDATE `" . DB_PREFIX . "cart` SET `customer_id` = '" . (int)$this->customer->getId() . "' AND `date_added` = NOW() WHERE `store_id` = '" . (int)$this->config->get('config_store_id') . "' AND `customer_id` = '0' AND `session_id` = '" . $this->db->escape($this->session->getId()) . "'");
 		}
 
 		// Populate the cart data