403Webshell
Server IP : 80.87.202.40  /  Your IP : 216.73.216.169
Web Server : Apache
System : Linux rospirotorg.ru 5.14.0-539.el9.x86_64 #1 SMP PREEMPT_DYNAMIC Thu Dec 5 22:26:13 UTC 2024 x86_64
User : bitrix ( 600)
PHP Version : 8.2.27
Disable Function : NONE
MySQL : OFF |  cURL : ON |  WGET : ON |  Perl : ON |  Python : OFF |  Sudo : ON |  Pkexec : ON
Directory :  /home/bitrix/ext_www/rospirotorg.ru/bitrix/components/aspro/oneclickbuy.next/

Upload File :
current_dir [ Writeable] document_root [ Writeable]

 

Command :


[ Back ]     

Current File : /home/bitrix/ext_www/rospirotorg.ru/bitrix/components/aspro/oneclickbuy.next/_script.php.back
<?
use \Bitrix\Main\Loader;
use \Bitrix\Sale\DiscountCouponsManager;

if (isset($_REQUEST['SITE_ID']) && !empty($_REQUEST['SITE_ID']))
{
	if (!is_string($_REQUEST['SITE_ID']))
		die();
	if (preg_match('/^[a-z0-9_]{2}$/i', $_REQUEST['SITE_ID']) === 1)
		define('SITE_ID', $_REQUEST['SITE_ID']);
}

require($_SERVER["DOCUMENT_ROOT"]."/bitrix/modules/main/include/prolog_before.php");

if(isset($_GET['uploadfiles']) && isset($_GET['orderID']))
{
	\Bitrix\Main\Loader::includeModule('sale');
	$orderID = $_GET['orderID'];
	$arFilesID = array();

	foreach($_FILES as $key => $arFile)
	{
		$tmp_key = explode("_", $key);
		$arFile["MODULE_ID"] = "aspro_oneclickbuy";
		if($arFileBD = CFile::GetList(array(), array("ORIGINAL_NAME" => $arFile["name"]))->fetch())
		{
			$arFilesID[$tmp_key[1]][] = $arFileBD["ID"];
		}
		else
			$arFilesID[$tmp_key[1]][] = CFile::SaveFile($arFile, $arFile["MODULE_ID"]);
	}
	if($arFilesID)
	{
		$arOrderQuery=CSaleOrder::GetList(array(), array("ID"=>$orderID), false, false, array("ID", "PERSON_TYPE_ID"))->Fetch();
		$personTypeId = intval($arOrderQuery['PERSON_TYPE_ID']) > 0 ? $arOrderQuery['PERSON_TYPE_ID']: 1;

		// add order properties
		$res = CSaleOrderProps::GetList(array(), array('TYPE' => 'FILE', 'PERSON_TYPE_ID' => $personTypeId));
		while($prop = $res->Fetch())
		{
			if($arFilesID[$prop['CODE']])
			{
				// $strFiles = serialize($arFilesID[$prop['CODE']]);
				$strFiles = $arFilesID[$prop['CODE']];

				$dbP = CSaleOrderPropsValue::GetList(Array(),array('ORDER_ID' => $orderID, 'ORDER_PROPS_ID' => $prop['ID']));
				if($arP = $dbP->Fetch())
					CSaleOrderPropsValue::Update($arP['ID'], array( 'VALUE' => $strFiles));
				else
					CSaleOrderPropsValue::Add(array('ORDER_ID' => $orderID, 'NAME' => $prop['NAME'], 'ORDER_PROPS_ID' => $prop['ID'], 'CODE' => $prop['CODE'], 'VALUE' => $strFiles));
			}
		}
	}
	echo json_encode(array('STATUS' => 'OK'));
}
else
{
	header('Content-type: application/json; charset=utf-8');
	require(dirname(__FILE__)."/lang/" . LANGUAGE_ID . "/script.php");
	require(dirname(__FILE__)."/functions.php");

	ob_start();

	if(!CModule::IncludeModule('sale') || !CModule::IncludeModule('iblock') || !CModule::IncludeModule('catalog') || !CModule::IncludeModule('currency')){
		die(getJson(GetMessage('CANT_INCLUDE_MODULE')));
	}

	$bUseCaptcha = (\Bitrix\Main\Config\Option::get('aspro.next', 'ONE_CLICK_BUY_CAPTCHA', 'N') == 'Y');

	if($bUseCaptcha && (empty($_REQUEST["captcha_word"]) || !$APPLICATION->CaptchaCheckCode($_REQUEST["captcha_word"], $_REQUEST["captcha_sid"])))
	{
		die(getJson(GetMessage('CAPTCHA_ERROR_CODE')));
	}

	global $APPLICATION, $USER;
	$user_registered = $user_exists = false;
	$bAllBasketBuy = $_POST['BUY_TYPE'] == 'ALL';
	$SITE_ID = $_REQUEST['SITE_ID'];

	// conver charset
	if($_POST['ONE_CLICK_BUY'] && is_array($_POST['ONE_CLICK_BUY']))
	{
		foreach($_POST['ONE_CLICK_BUY'] as $key => $value)
		{
			$_POST['ONE_CLICK_BUY'][$key] = trim($APPLICATION->ConvertCharset($_POST['ONE_CLICK_BUY'][$key], 'utf-8', SITE_CHARSET));
		}
	}

	// check input data
	if(!empty($_POST['ONE_CLICK_BUY']['EMAIL']) && !preg_match('/^[0-9a-zA-Z\-_\.]+@[0-9a-zA-Z\-]+[\.]{1}[0-9a-zA-Z\-]+[\.]?[0-9a-zA-Z\-]+$/', $_POST['ONE_CLICK_BUY']['EMAIL'])) die(getJson(GetMessage('BAD_EMAIL_FORMAT')));

	$basketUserID = CSaleBasket::GetBasketUserID();

	$arBasketItemsAll=array();
	$resBasketItems = CSaleBasket::GetList(array('SORT' => 'DESC'), array('FUSER_ID' => $basketUserID, 'LID' => $SITE_ID, 'ORDER_ID' => NULL));
	while($arBasketItem = $resBasketItems->Fetch()){
		// get props
		$arProps = array();
		$dbRes = CSaleBasket::GetPropsList(array(), array('BASKET_ID' => $arBasketItem['ID']));
		while($arProp = $dbRes->Fetch()){
		   $arProps[] = $arProp;
		}
		if($arProps){
			$arBasketItem["BASKET_PROPS"]=$arProps;
		}
		$arBasketItemsAll[]=$arBasketItem;
	}

	//  if not registered, than register new user or find them by email/phone
	if(!$USER->IsAuthorized()){
		$user_registered = true;

		// get phone auth params
		list($bPhoneAuthSupported, $bPhoneAuthShow, $bPhoneAuthRequired, $bPhoneAuthUse) = Aspro\Next\PhoneAuth::getOptions();

		if(!isset($_POST['ONE_CLICK_BUY']['EMAIL']) || trim($_POST['ONE_CLICK_BUY']['EMAIL']) == ''){
			if($bPhoneAuthSupported)
			{
				if($_POST['ONE_CLICK_BUY']['PHONE'])
				{
					$login = NormalizePhone((string)$_POST['ONE_CLICK_BUY']['PHONE'], 3);

					if($bPhoneAuthShow)
					{
						$phoneNumber = \Bitrix\Main\UserPhoneAuthTable::normalizePhoneNumber($_POST['ONE_CLICK_BUY']['PHONE']);
						$rsUserByPhone = \Bitrix\Main\UserPhoneAuthTable::getList([
							'select' => array('USER_ID'),
							'filter' => array('=PHONE_NUMBER' => $phoneNumber),
						]);
						$nUserCount = (int)($rsUserByPhone->getSelectedRowsCount());

						if($nUserCount == 1)
						{
							$ar_user = $rsUserByPhone->Fetch();
							$registeredUserID = $ar_user['USER_ID'];

							$user_exists = true;

							if(!checkNewVersionExt('sale')){
								$USER->Authorize($registeredUserID);
							}
						}
						elseif($nUserCount > 1)
						{
							die(getJson(GetMessage('TOO_MANY_USERS_WITH_PHONE', array('#PHONE#' => $phoneNumber))));
						}
					}
					else
					{
						$rsUser = CUser::GetList($by = "ID", $order = "ASC", array("LOGIN_EQUAL" => $login));
						$nUserCount = (int)($rsUser->SelectedRowsCount());
						if($nUserCount == 1)
						{
							$ar_user = $rsUser->Fetch();
							$registeredUserID = $ar_user['ID'];

							$user_exists = true;
						}
						elseif($nUserCount > 1)
						{
							die(getJson(GetMessage('TOO_MANY_USERS_LOGIN')));
						}

					}
				}
				else
				{
					if($bPhoneAuthRequired)
					{
						die(getJson(GetMessage('NO_PHONE')));
					}
					else
					{
						$login = 'user_' . substr((microtime(true) * 10000), 0, 12);
						$_POST['ONE_CLICK_BUY']['EMAIL'] = genUserEmail($login);
					}
				}
			}
			else
			{
				$login = 'user_' . substr((microtime(true) * 10000), 0, 12);
				$_POST['ONE_CLICK_BUY']['EMAIL'] = genUserEmail($login);
			}
		}
		else{
			$dbUser = CUser::GetList(($by = 'ID'), ($order = 'ASC'), array('=EMAIL' => trim($_POST['ONE_CLICK_BUY']['EMAIL'])));
			if($dbUser->SelectedRowsCount() == 0){
				$login = 'user_'.substr((microtime(true) * 10000), 0, 12);
			}
			elseif($dbUser->SelectedRowsCount() == 1){
				$ar_user = $dbUser->Fetch();
				$registeredUserID = $ar_user['ID'];

				$user_exists = true;

				if(!checkNewVersionExt('sale')){
					$USER->Authorize($registeredUserID);
				}
			}
			else die(getJson(GetMessage('TOO_MANY_USERS')));
		}

		// register new user
		if(!$user_exists){
			$userPassword = randString(10);
			$username = explode(' ', trim($_POST['ONE_CLICK_BUY']['FIO']));

			$captcha = COption::GetOptionString('main', 'captcha_registration', 'N');
			if($captcha == 'Y'){
				COption::SetOptionString('main', 'captcha_registration', 'N');
			}

			if($bPhoneAuthSupported && $bPhoneAuthShow){
				/*if(empty($_POST['ONE_CLICK_BUY']['PHONE']) && $bPhoneAuthRequired){
					die(getJson(GetMessage('NO_PHONE')));
				}

				$phoneNumber = \Bitrix\Main\UserPhoneAuthTable::normalizePhoneNumber($_POST['ONE_CLICK_BUY']['PHONE']);
				$arUserByPhone = \Bitrix\Main\UserPhoneAuthTable::getList([
					'select' => array('USER_ID'),
					'filter' => array('=PHONE_NUMBER' => $phoneNumber),
				])->fetch();
				if($arUserByPhone){
					die(getJson(GetMessage('TOO_MANY_USERS_WITH_PHONE', array('#PHONE#' => $phoneNumber))));
				}
				$newUser = $USER->Register($login, $username[1], $username[0], $userPassword, $userPassword, $_POST['ONE_CLICK_BUY']['EMAIL'], $SITE_ID, '', 0, false, $_POST['ONE_CLICK_BUY']['PHONE']);*/

				$arFields = [
					"LOGIN"=>$login,
					"NAME"=>$username[1],
					"LAST_NAME"=>$username[0],
					"PASSWORD"=>$userPassword,
					"CONFIRM_PASSWORD"=>$userPassword,
					"EMAIL"=>$_POST['ONE_CLICK_BUY']['EMAIL'],
					"PHONE_NUMBER"=>$_POST['ONE_CLICK_BUY']['PHONE'],
				];

				$userByPhone = new CUser;
				$addResult = $userByPhone->Add($arFields);

				if (intval($addResult) <= 0)
				{
					die(getJson(GetMessage('USER_REGISTER_FAIL'), 'N', $userByPhone->LAST_ERROR));
				}
				else
				{
					global $USER;

					$newUser = array('ID' => intval($addResult));
					$USER->Authorize($addResult);
				}
			}
			else{
				$newUser = $USER->Register($login, $username[1], $username[0], $userPassword,  $userPassword, $_POST['ONE_CLICK_BUY']['EMAIL']);
			}
			if(is_array($newUser) && $newUser['TYPE'] == 'ERROR')
			{
				die(getJson(GetMessage('USER_REGISTER_FAIL'), 'N', $newUser['MESSAGE']));
			}


			// $newUser = $USER->Add(array("LOGIN"=>$login, "NAME"=>$username[1], "LAST_NAME"=>$username[0], "PASSWORD"=>$userPassword,  "CONFIRM_PASSWORD"=>$userPassword, "EMAIL"=>$_POST['ONE_CLICK_BUY']['EMAIL']));
			if($captcha == 'Y'){
				COption::SetOptionString('main', 'captcha_registration', 'Y');
			}
			if($newUser['TYPE'] == 'ERROR') {
				die(getJson(GetMessage('USER_REGISTER_FAIL'), 'N', $newUser['MESSAGE']));
			}
			else{
				$registeredUserID = $newUser['ID'];
				// $registeredUserID = $newUser;

				if (!empty($_POST['ONE_CLICK_BUY']['PHONE']) && ($arParams["AUTO_LOGOUT"]=="Y")) {
					$USER->Update($registeredUserID,  array('PERSONAL_PHONE' => $_POST['ONE_CLICK_BUY']['PHONE']));
				}
				if (!empty($username[2])) {
					$USER->Update($registeredUserID,  array('SECOND_NAME' => $username[2]));
				}

				//$USER->Logout();

				/*if($bPhoneAuthSupported && $bPhoneAuthShow){
					die(getJson(GetMessage('ONE_CLICK_SMS_SENDED'), 'Y', '', array('CODE' => 'SHOW_SMS_FIELD', 'SIGNED_DATA' => $newUser['SIGNED_DATA'], 'RESEND_INTERVAL' => CUser::PHONE_CODE_RESEND_INTERVAL)));
				}*/
			}
		}
	}
	else{
		$registeredUserID = $USER->GetID();
	}

	if(!$_POST['ONE_CLICK_BUY']['EMAIL']){
		$_POST['ONE_CLICK_BUY']['EMAIL'] = $USER->GetEmail();
	}

	$personTypeId = intval($_POST['PERSON_TYPE_ID']) > 0 ? intval($_POST['PERSON_TYPE_ID']) : 1;

	if(!$_POST['ONE_CLICK_BUY']['LOCATION']){
		$arLocation = CSaleOrderProps::GetList(array("SORT" => "ASC"), array("PERSON_TYPE_ID" => $personTypeId, "CODE" => "LOCATION"), false, false, array())->Fetch();
	   	$_POST['ONE_CLICK_BUY']['LOCATION'] = $arLocation["DEFAULT_VALUE"];
	}

	$deliveryId = intval($_POST['DELIVERY_ID']) > 0 ? intval($_POST['DELIVERY_ID']) : "";

	if(class_exists('\Bitrix\Sale\Delivery\Services\Table')){
		$deliveryId = intval($deliveryId) > 0 ? \Bitrix\Sale\Delivery\Services\Table::getCodeById($deliveryId) : "";
	}

	$isOrderConverted = \Bitrix\Main\Config\Option::get("main", "~sale_converted_15", 'N');

	/* New discount */
	DiscountCouponsManager::init();

	$newOrder = array(
		'LID' => $SITE_ID,
		'PAYED' => 'N',
		"CANCELED" => "N",
		"STATUS_ID" => "N",
		'USER_ID' => $registeredUserID,
		'PERSON_TYPE_ID' => $personTypeId,
		'DELIVERY_ID' => $deliveryId,
		'PAY_SYSTEM_ID' => intval($_POST['PAY_SYSTEM_ID']) > 0 ? $_POST['PAY_SYSTEM_ID'] : 1,
		'USER_DESCRIPTION' => $_POST['ONE_CLICK_BUY']['COMMENT'],
		'COMMENTS' => GetMessage('FAST_ORDER_COMMENT'),
	);

	if($bAllBasketBuy){
		$arBasketItems = array();
		if($user_registered){
			if($arBasketItemsAll){
				$arProductIDs=array();
				foreach($arBasketItemsAll as $arItem){
					if (CSaleBasketHelper::isSetItem($arItem) || $arItem["CAN_BUY"]=="N" || $arItem["DELAY"]=="Y" || $arItem["SUBSCRIBE"]=="Y") // set item
					continue;
					$arBasketItems[] = $arItem;
					$arProductIDs[]=$arItem["PRODUCT_ID"];
				}
			}
		}else{
			$arSelFields = array("ID", "CALLBACK_FUNC", "MODULE", "PRODUCT_ID", "QUANTITY", "DELAY", "CAN_BUY", "PRICE", "WEIGHT", "NAME", "CURRENCY", "CATALOG_XML_ID", "VAT_RATE", "NOTES", "DISCOUNT_PRICE", "PRODUCT_PROVIDER_CLASS", "DIMENSIONS", "TYPE", "SET_PARENT_ID", "DETAIL_PAGE_URL");
			$resBasketItems = CSaleBasket::GetList(array('SORT' => 'DESC'), array('FUSER_ID' => $basketUserID, 'LID' => $SITE_ID, 'ORDER_ID' => 'NULL', 'DELAY' => 'N', 'CAN_BUY' => 'Y'), false, false, $arSelFields);
			while($arBasketItem = $resBasketItems->Fetch()){
				if (CSaleBasketHelper::isSetItem($arBasketItem)) // set item
					continue;
				$arBasketItems[] = $arBasketItem;
			}
		}

		if($arBasketItems){
			// update basket items prices
			CSaleBasket::UpdateBasketPrices($basketUserID, $SITE_ID);

			// calculate order prices
			$arOrderDat = CSaleOrder::DoCalculateOrder($SITE_ID, $registeredUserID, $arBasketItems, $newOrder['PERSON_TYPE_ID'], array(), $deliveryId, $newOrder['PAY_SYSTEM_ID'], array(), $arErrors, $arWarnings);

			// set delivery price to 0
			$newOrder['PRICE_DELIVERY_DIFF'] = $arOrderDat["PRICE_DELIVERY"];
			$newOrder["PRICE_DELIVERY"] = $newOrder["DELIVERY_PRICE"] = $arOrderDat["DELIVERY_PRICE"] = $arOrderDat["PRICE_DELIVERY"] = 0;

			$newOrder['CURRENCY'] = $arOrderDat["CURRENCY"];
			$newOrder['PRICE'] = $arOrderDat["PRICE"] = $arOrderDat["ORDER_PRICE"] + $arOrderDat["DELIVERY_PRICE"] + $arOrderDat["TAX_PRICE"] - $arOrderDat["DISCOUNT_PRICE"];
			$newOrder["DISCOUNT_VALUE"] = $arOrderDat["DISCOUNT_PRICE"];
			$newOrder["TAX_VALUE"] = $arOrderDat["bUsingVat"] == "Y" ? $arOrderDat["VAT_SUM"] : $arOrderDat["TAX_PRICE"];
			$arOrderDat['USER_ID'] = $registeredUserID;

			// create order
			if(!checkNewVersionExt('sale')){
				$orderID = $arResult["ORDER_ID"] = (int)CSaleOrder::DoSaveOrder($arOrderDat, $newOrder, 0, $arErrors);
			}else{
				$order = placeOrder($registeredUserID, $basketUserID, $newOrder, $arOrderDat, $_POST);
				$orderID = $order->GetId();
			}
			if($orderID == false){
				$strError = '';
				if($ex = $APPLICATION->GetException()) $strError = $ex->GetString();

				if($user_registered)
					$USER->Logout();

				die(getJson(GetMessage('ORDER_CREATE_FAIL'), 'N', $strError));
			}

			if($orderID){
				// add basket to order
				if($user_registered){
					foreach($arProductIDs as $id)
						CSaleBasket::Update($id, array('ORDER_ID' => $orderID));
				}else{
					CSaleBasket::OrderBasket($orderID, $basketUserID, $SITE_ID, false);
				}

				if($user_registered){
					// if latest sale version with converted module sale, than check items

					$resBasketItems = CSaleBasket::GetList(array('SORT' => 'DESC'), array(/*'FUSER_ID' => $basketUserID,*/ 'LID' => $SITE_ID, 'ORDER_ID' => $orderID, '!PRODUCT_ID' => $arProductIDs), false, false, array('ID', 'QUANTITY', 'PRODUCT_ID', 'TYPE', 'SET_PARENT_ID'));
					while($arBasketItem = $resBasketItems->Fetch()){
						$bSetItem = CSaleBasketHelper::isSetItem($arBasketItem);
						if($bSetItem) // set item
							continue;
						// get props
						$arProps = array();
						$dbRes = CSaleBasket::GetPropsList(array(), array('BASKET_ID' => $arBasketItem['ID']));
						while($arProp = $dbRes->Fetch()){
							if(isset($arProp['BASKET_ID']))
								unset($arProp['BASKET_ID']);
							$arProps[] = $arProp;
						}

						// delete from order
						CSaleBasket::Delete($arBasketItem['ID']);

						// add to basket again
						if(!$bSetItem){
							Add2BasketByProductID($arBasketItem['PRODUCT_ID'], $arBasketItem['QUANTITY'], array(), $arProps);
						}
					}
				}

				if(!checkNewVersionExt('sale')){
					// fix bug with DELIVERY_PRICE, when count of products more than one (bitrix bug with delivery price)
					$arUpdateFields = array('PRICE' => $newOrder['PRICE'], 'PRICE_DELIVERY' => 0);
					if(class_exists('\Bitrix\Sale\Internals\OrderTable')){
						\Bitrix\Sale\Internals\OrderTable::update($orderID, $arUpdateFields);

						// fix bug with payment SUM, when buy set
						if(class_exists('\Bitrix\Sale\Internals\PaymentTable')){
							$res = \Bitrix\Sale\Internals\PaymentTable::getList(array('order' => array('ID' => 'ASC'), 'filter' => array('ORDER_ID' => $orderID)));
							if($payment = $res->fetch()){
								\Bitrix\Sale\Internals\PaymentTable::update($payment['ID'], array('SUM' => $newOrder['PRICE']));
							}
						}
					}
					else{
						CSaleOrder::Update($orderID, $arUpdateFields);
					}
				}else{
					if(class_exists('\Bitrix\Sale\Internals\OrderTable')){
						$arOrder = \Bitrix\Sale\Internals\OrderTable::getList(array('order' => array('ID' => 'ASC'), 'filter' => array('ID' => $orderID)))->Fetch();
					}
					else{
						$arOrder = CSaleOrder::GetList(array(), array('ID' => $orderID))->Fetch();
					}
					// add payment SUM
					if(class_exists('\Bitrix\Sale\Internals\PaymentTable')){
						$res = \Bitrix\Sale\Internals\PaymentTable::getList(array('order' => array('ID' => 'ASC'), 'filter' => array('ORDER_ID' => $orderID)));
						if($payment = $res->fetch()){
							\Bitrix\Sale\Internals\PaymentTable::update($payment['ID'], array('SUM' => $arOrder['PRICE']));
						}
					}
				}
			}
		}
	}
	else{
		$arProps = array();
		$productID = intval($_POST['ELEMENT_ID']);
		$iblockID = intval($_POST['IBLOCK_ID']);
		$productQuantity = ((float)$_POST['ELEMENT_QUANTITY'] > 0 ? (float)$_POST['ELEMENT_QUANTITY'] : 1);

		$resProduct = CIBlockElement::GetByID($productID);
		$arProduct = $resProduct->GetNext();

		if(strlen($_REQUEST['OFFER_PROPERTIES']) && $iblockID > 0){
			$arOfferProperties=json_decode($_REQUEST["OFFER_PROPERTIES"]);
			if($arOfferProperties){
				$intProductIBlockID = (int)CIBlockElement::GetIBlockByID($productID);
				if($intProductIBlockID == $iblockID){
					$arProps = getFiledPropsFasView($iblockID, $productID, $arOfferProperties);
				}else{
					$arProps = CIBlockPriceTools::GetOfferProperties($productID, $iblockID, $arOfferProperties, $skuAddProps);
				}
			}
		}

		if ($arBasketItemsAll) {
			// print_r($arBasketItemsAll);
			foreach ($arBasketItemsAll as $arBasketItem) {
				CSaleBasket::Delete($arBasketItem['ID']);
			}
		}

		// if this product is already in basket, then fix quantity
		$arBasketItems = CSaleBasket::GetList(array(), array("PRODUCT_ID" => $productID, "FUSER_ID" => $basketUserID, "LID" => $SITE_ID, "ORDER_ID" => NULL), false, false, array("ID"))->Fetch();
		if($arBasketItems){
			$productBasketID = $arBasketItems['ID'];
			$arFields = array("DELAY" => "N", "SUBSCRIBE" => "N", "QUANTITY" => $productQuantity);
			CSaleBasket::Update($productBasketID, $arFields);
		}
		else{
			// add product to basket
			$productBasketID = Add2BasketByProductID($productID, $productQuantity, array(), $arProps);
			if(!$productBasketID){
				$strError = '';
				if($ex = $APPLICATION->GetException()) {$strError = $ex->GetString();}

				if($user_registered)
					$USER->Logout();

				//add products to basket, removed before
				AddProducts2Basket($arBasketItemsAll);

				die(getJson(GetMessage('ITEM_ADD_FAIL'), 'N', $strError));
			}
		}

		$arBasketItems = array(CSaleBasket::GetByID($productBasketID));

		// update basket items prices
		CSaleBasket::UpdateBasketPrices($basketUserID, $SITE_ID);

		// calculate order prices
		$arOrderDat = CSaleOrder::DoCalculateOrder($SITE_ID, $registeredUserID, $arBasketItems, $newOrder['PERSON_TYPE_ID'], array(), $deliveryId, $newOrder['PAY_SYSTEM_ID'], array(), $arErrors, $arWarnings);
		if($arErrors){
			if($user_registered)
				$USER->Logout();
			if(is_array($arErrors))
			{
				$arErrorsTmp = array();
				foreach($arErrors as $arError)
				{
					$arErrorsTmp[] = $arError["TEXT"];
				}
				$arErrors = $arErrorsTmp;
			}

			//add products to basket, removed before
			AddProducts2Basket($arBasketItemsAll);

			die(getJson(GetMessage('ORDER_CREATE_FAIL'), 'N', implode('<br />', (array)$arErrors)));
		}
		if(is_array($arOrderDat) && array_key_exists("ORDER_PRICE", $arOrderDat)){
			\Bitrix\Main\Loader::IncludeModule('aspro.next');
			$arError = CNext::checkAllowDelivery($arOrderDat["ORDER_PRICE"], $arOrderDat["CURRENCY"]);

			if($arError["ERROR"]){
				CSaleBasket::Delete($productBasketID);
				if($user_registered){
					$USER->Logout();
					/*if(!$USER->IsAuthorized() && $arBasketItemsAll && !$bAllBasketBuy){
						foreach($arBasketItemsAll as $arItem){
							// get props
							$arProps = array();
							if($arItem['BASKET_PROPS']){
								foreach($arItem['BASKET_PROPS'] as $keyProp => $arBasketProp)
								{
									if(isset($arBasketProp['BASKET_ID']))
										unset($arItem['BASKET_PROPS'][$keyProp]['BASKET_ID']);
								}
								$arProps=$arItem['BASKET_PROPS'];
							}
							Add2BasketByProductID($arItem['PRODUCT_ID'], $arItem['QUANTITY'], array(), $arProps);
						}
					}*/
				}

				//add products to basket, removed before
				AddProducts2Basket($arBasketItemsAll);

				CNextCache::ClearCacheByTag('sale_basket');
				die(getJson($arError["TEXT"]));
			}
		}

		// set delivery price to 0
		$newOrder["PRICE_DELIVERY"] = $arOrderDat["DELIVERY_PRICE"] = $arOrderDat["PRICE_DELIVERY"] = 0;

		$newOrder['CURRENCY'] = $arOrderDat["CURRENCY"];
		$newOrder['PRICE'] = $arOrderDat["PRICE"] = $arOrderDat["ORDER_PRICE"] + $arOrderDat["DELIVERY_PRICE"] + $arOrderDat["TAX_PRICE"] - $arOrderDat["DISCOUNT_PRICE"];
		$newOrder["DISCOUNT_VALUE"] = $arOrderDat["DISCOUNT_PRICE"];
		$newOrder["TAX_VALUE"] = $arOrderDat["bUsingVat"] == "Y" ? $arOrderDat["VAT_SUM"] : $arOrderDat["TAX_PRICE"];
		$arOrderDat['USER_ID'] = $registeredUserID;

		// create order
		if(!checkNewVersionExt('sale')){
			$orderID = $arResult['ORDER_ID'] = (int)CSaleOrder::DoSaveOrder($arOrderDat, $newOrder, 0, $arErrors);
		}else{
			$order = placeOrder($registeredUserID, $basketUserID, $newOrder, $arOrderDat, $_POST);
			$orderID = $order->GetId();
		}

		if($orderID == false){
			$strError = '';
			if($ex = $APPLICATION->GetException()) $strError = $ex->GetString();

			if($user_registered)
				$USER->Logout();

			//add products to basket, removed before
			AddProducts2Basket($arBasketItemsAll);

			die(getJson(GetMessage('ORDER_CREATE_FAIL'), 'N', $strError));
		}
		if($orderID){
			// add product to order
			CSaleBasket::Update($productBasketID, array('ORDER_ID' => $orderID));
			// if latest sale version with converted module sale, than check items
			$resBasketItems = CSaleBasket::GetList(array('SORT' => 'DESC'), array(/*'FUSER_ID' => $basketUserID,*/ 'LID' => $SITE_ID, 'ORDER_ID' => $orderID), false, false, array('ID', 'QUANTITY', 'PRODUCT_ID', 'TYPE', 'SET_PARENT_ID'));
			while($arBasketItem = $resBasketItems->Fetch()){
				if($arBasketItem['ID'] == $productBasketID){
					$product_id=$arBasketItem['PRODUCT_ID'];
				}
				if($arBasketItem['ID'] != $productBasketID){
					$bSetItem = CSaleBasketHelper::isSetItem($arBasketItem);
					if($bSetItem && $arBasketItem['SET_PARENT_ID'] == $productBasketID) // set item
						continue;

					// get props
					$arProps = array();
					$dbRes = CSaleBasket::GetPropsList(array(), array('BASKET_ID' => $arBasketItem['ID']));
					while($arProp = $dbRes->Fetch()){
						if(isset($arProp['BASKET_ID']))
							unset($arProp['BASKET_ID']);
						$arProps[] = $arProp;
					}

					// delete from order
					CSaleBasket::Delete($arBasketItem['ID']);

					// add to basket again
					if(!$bSetItem  && $product_id!=$arBasketItem['PRODUCT_ID'] && !$user_registered){
						Add2BasketByProductID($arBasketItem['PRODUCT_ID'], $arBasketItem['QUANTITY'], array(), $arProps);
					}
				}

			}

			if(!checkNewVersionExt('sale')){
				// fix bug with DELIVERY_PRICE, when count of products more than one (bitrix bug with delivery price)
				$arUpdateFields = array('PRICE' => $newOrder['PRICE'], 'PRICE_DELIVERY' => 0);
				if(class_exists('\Bitrix\Sale\Internals\OrderTable')){
					\Bitrix\Sale\Internals\OrderTable::update($orderID, $arUpdateFields);

					// fix bug with payment SUM, when buy set
					if(class_exists('\Bitrix\Sale\Internals\PaymentTable')){
						$res = \Bitrix\Sale\Internals\PaymentTable::getList(array('order' => array('ID' => 'ASC'), 'filter' => array('ORDER_ID' => $orderID)));
						if($payment = $res->fetch()){
							\Bitrix\Sale\Internals\PaymentTable::update($payment['ID'], array('SUM' => $newOrder['PRICE']));
						}
					}
				}
				else{
					CSaleOrder::Update($orderID, $arUpdateFields);
				}
			}else{
				if(class_exists('\Bitrix\Sale\Internals\OrderTable')){
					$arOrder = \Bitrix\Sale\Internals\OrderTable::getList(array('order' => array('ID' => 'ASC'), 'filter' => array('ID' => $orderID)))->Fetch();
				}
				else{
					$arOrder = CSaleOrder::GetList(array(), array('ID' => $orderID))->Fetch();
				}
				// add payment SUM
				if(class_exists('\Bitrix\Sale\Internals\PaymentTable')){
					$res = \Bitrix\Sale\Internals\PaymentTable::getList(array('order' => array('ID' => 'ASC'), 'filter' => array('ORDER_ID' => $orderID)));
					if($payment = $res->fetch()){
						\Bitrix\Sale\Internals\PaymentTable::update($payment['ID'], array('SUM' => $arOrder['PRICE']));
					}
				}
			}
		}
	}

	if($user_registered){
		$USER->Logout();
	}

	// if(!$USER->IsAuthorized() && $arBasketItemsAll && !$bAllBasketBuy){
	if(!$bAllBasketBuy){
		//add products to basket, removed before
		AddProducts2Basket($arBasketItemsAll);
	}

	\Bitrix\Main\Loader::IncludeModule('aspro.next');
	CNext::clearBasketCounters();
	CNextCache::ClearCacheByTag('sale_basket');

	// add order properties
	$res = CSaleOrderProps::GetList(array(), array('@CODE' => unserialize($_POST["PROPERTIES"]), 'PERSON_TYPE_ID' => $personTypeId));

	while($prop = $res->Fetch()){
		if($_POST['ONE_CLICK_BUY'][$prop['CODE']]){
			$dbP = CSaleOrderPropsValue::GetList(Array(),array('ORDER_ID' => $orderID, 'ORDER_PROPS_ID' => $prop['ID']));
			if($arP = $dbP->Fetch()){
				CSaleOrderPropsValue::Update($arP['ID'], array( 'VALUE' => $_POST['ONE_CLICK_BUY'][$prop['CODE']]));
			}else{
				CSaleOrderPropsValue::Add(array('ORDER_ID' => $orderID, 'NAME' => $prop['NAME'], 'ORDER_PROPS_ID' => $prop['ID'], 'CODE' => $prop['CODE'], 'VALUE' => $_POST['ONE_CLICK_BUY'][$prop['CODE']]));
			}
		}
	}

	// send mail
	if($orderID){
		$orderPrice = 0;
		$orderList = '';
		$arCurrency = CCurrencyLang::GetByID($newOrder['CURRENCY'], LANGUAGE_ID);
		$currencyThousandsSep = (!$arCurrency["THOUSANDS_VARIANT"] ? $arCurrency["THOUSANDS_SEP"] : ($arCurrency["THOUSANDS_VARIANT"] == "S" ? " " : ($arCurrency["THOUSANDS_VARIANT"] == "D" ? "." : ($arCurrency["THOUSANDS_VARIANT"] == "C" ? "," : ($arCurrency["THOUSANDS_VARIANT"] == "B" ? "\xA0" : "")))));

		$arSelFields = array("ID", "PRODUCT_ID", "QUANTITY", "CAN_BUY", "PRICE", "WEIGHT", "NAME", "CURRENCY", "DISCOUNT_PRICE", "TYPE", "SET_PARENT_ID", "DETAIL_PAGE_URL");
		$resBasketItems = CSaleBasket::GetList(array('SORT' => 'DESC'), array(/*'FUSER_ID' => $basketUserID,*/ 'LID' => $SITE_ID, 'ORDER_ID' => $orderID), false, false, $arSelFields);
		while($arBasketItem = $resBasketItems->Fetch()){
			if(CSaleBasketHelper::isSetItem($arBasketItem)) // set item
				continue;

			if($arBasketItem['CAN_BUY'] === 'Y'){
				$curPrice = roundEx($arBasketItem['PRICE'], SALE_VALUE_PRECISION) * DoubleVal($arBasketItem['QUANTITY']);
				$orderPrice += $curPrice;
				$orderList .= GetMessage('ITEM_NAME') . $arBasketItem['NAME']
					. GetMessage('ITEM_PRICE') . CCurrencyLang::CurrencyFormat($arBasketItem['PRICE'], $newOrder['CURRENCY'], true)
					. GetMessage('ITEM_QTY') . intval($arBasketItem['QUANTITY'])
					. GetMessage('ITEM_TOTAL') . CCurrencyLang::CurrencyFormat($curPrice, $newOrder['CURRENCY'], true) . "\n";
			}
		}


		$arOrderQuery=CSaleOrder::GetList(array(), array("ID"=>$orderID), false, false, array("ID", "ACCOUNT_NUMBER", "PRICE"))->Fetch();

		$arMessageFields = array(
			"RS_ORDER_ID" => $orderID,
			"CLIENT_NAME" => ($_POST['ONE_CLICK_BUY']['FIO'] ? $_POST['ONE_CLICK_BUY']['FIO'] : $_POST['ONE_CLICK_BUY']['CONTACT_PERSON']),
			"ACCOUNT_NUMBER" => $arOrderQuery["ACCOUNT_NUMBER"],
			"PHONE" => $_POST["ONE_CLICK_BUY"]["PHONE"],
			"ORDER_ITEMS" => $orderList,
			"ORDER_PRICE" => CCurrencyLang::CurrencyFormat($arOrderQuery["PRICE"], $newOrder['CURRENCY'], true),
			"COMMENT" => $_POST['ONE_CLICK_BUY']['COMMENT'],
			"RS_DATE_CREATE" => ConvertTimeStamp(false, "FULL"),
		);
		if($_POST['ONE_CLICK_BUY']['EMAIL']){
			$arMessageFields["EMAIL_BUYER"]=$_POST['ONE_CLICK_BUY']['EMAIL'];
		}

		CEvent::Send("NEW_ONE_CLICK_BUY", $SITE_ID, $arMessageFields);
	}

	$_SESSION['SALE_BASKET_NUM_PRODUCTS'][$SITE_ID] = 0;

	/*bind sale events*/
	foreach(GetModuleEvents("sale", "OnSaleComponentOrderOneStepComplete", true) as $arEvent)
		ExecuteModuleEventEx($arEvent, Array($orderID, $arOrder, $arParams));

	ob_clean();

	die(getJson($orderID, 'Y'));
}
?>

Youez - 2016 - github.com/yon3zu
LinuXploit