1: <?php
2: namespace Opencart\Catalog\Model\Account;
3: /**
4: * Class Customer
5: *
6: * @package Opencart\Catalog\Model\Account
7: */
8: class Customer extends \Opencart\System\Engine\Model {
9: /**
10: * Add Customer
11: *
12: * @param array<string, mixed> $data
13: *
14: * @return int
15: */
16: public function addCustomer(array $data): int {
17: if (isset($data['customer_group_id']) && is_array($this->config->get('config_customer_group_display')) && in_array($data['customer_group_id'], $this->config->get('config_customer_group_display'))) {
18: $customer_group_id = (int)$data['customer_group_id'];
19: } else {
20: $customer_group_id = (int)$this->config->get('config_customer_group_id');
21: }
22:
23: $this->load->model('account/customer_group');
24:
25: $customer_group_info = $this->model_account_customer_group->getCustomerGroup($customer_group_id);
26:
27: $this->db->query("INSERT INTO `" . DB_PREFIX . "customer` SET `customer_group_id` = '" . (int)$customer_group_id . "', `store_id` = '" . (int)$this->config->get('config_store_id') . "', `language_id` = '" . (int)$this->config->get('config_language_id') . "', `firstname` = '" . $this->db->escape($data['firstname']) . "', `lastname` = '" . $this->db->escape($data['lastname']) . "', `email` = '" . $this->db->escape(oc_strtolower($data['email'])) . "', `telephone` = '" . $this->db->escape($data['telephone']) . "', `custom_field` = '" . $this->db->escape(isset($data['custom_field']) ? json_encode($data['custom_field']) : '') . "', `password` = '" . $this->db->escape(password_hash(html_entity_decode($data['password'], ENT_QUOTES, 'UTF-8'), PASSWORD_DEFAULT)) . "', `newsletter` = '" . (isset($data['newsletter']) ? (int)$data['newsletter'] : 0) . "', `ip` = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "', `status` = '" . (int)!$customer_group_info['approval'] . "', `date_added` = NOW()");
28:
29: $customer_id = $this->db->getLastId();
30:
31: if ($customer_group_info['approval']) {
32: $this->load->model('account/approval');
33:
34: $this->model_account_approval->addApproval($customer_id, 'customer');
35: }
36:
37: return $customer_id;
38: }
39:
40: /**
41: * Edit Customer
42: *
43: * @param int $customer_id
44: * @param array<string, mixed> $data
45: *
46: * @return void
47: */
48: public function editCustomer(int $customer_id, array $data): void {
49: $this->db->query("UPDATE `" . DB_PREFIX . "customer` SET `firstname` = '" . $this->db->escape($data['firstname']) . "', `lastname` = '" . $this->db->escape($data['lastname']) . "', `email` = '" . $this->db->escape(oc_strtolower($data['email'])) . "', `telephone` = '" . $this->db->escape($data['telephone']) . "', `custom_field` = '" . $this->db->escape(isset($data['custom_field']) ? json_encode($data['custom_field']) : '') . "' WHERE `customer_id` = '" . (int)$customer_id . "'");
50: }
51:
52: /**
53: * Edit Password
54: *
55: * @param string $email
56: * @param string $password
57: *
58: * @return void
59: */
60: public function editPassword(string $email, string $password): void {
61: $this->db->query("UPDATE `" . DB_PREFIX . "customer` SET `password` = '" . $this->db->escape(password_hash(html_entity_decode($password, ENT_QUOTES, 'UTF-8'), PASSWORD_DEFAULT)) . "', `code` = '' WHERE LCASE(`email`) = '" . $this->db->escape(oc_strtolower($email)) . "'");
62: }
63:
64: /**
65: * Edit Code
66: *
67: * @param string $email
68: * @param string $code
69: *
70: * @return void
71: */
72: public function editCode(string $email, string $code): void {
73: $this->db->query("UPDATE `" . DB_PREFIX . "customer` SET `code` = '" . $this->db->escape($code) . "' WHERE LCASE(`email`) = '" . $this->db->escape(oc_strtolower($email)) . "'");
74: }
75:
76: /**
77: * Edit Token
78: *
79: * @param string $email
80: * @param string $token
81: *
82: * @return void
83: */
84: public function editToken(string $email, string $token): void {
85: $this->db->query("UPDATE `" . DB_PREFIX . "customer` SET `token` = '" . $this->db->escape($token) . "' WHERE LCASE(`email`) = '" . $this->db->escape(oc_strtolower($email)) . "'");
86: }
87:
88: /**
89: * Edit Newsletter
90: *
91: * @param int $customer_id
92: * @param bool $newsletter
93: *
94: * @return void
95: */
96: public function editNewsletter(int $customer_id, bool $newsletter): void {
97: $this->db->query("UPDATE `" . DB_PREFIX . "customer` SET `newsletter` = '" . (bool)$newsletter . "' WHERE `customer_id` = '" . (int)$customer_id . "'");
98: }
99:
100: /**
101: * Delete Customer
102: *
103: * @param int $customer_id
104: *
105: * @return void
106: */
107: public function deleteCustomer(int $customer_id): void {
108: $this->db->query("DELETE FROM `" . DB_PREFIX . "customer` WHERE `customer_id` = '" . (int)$customer_id . "'");
109:
110: $this->load->model('account/activity');
111:
112: $this->model_account_activity->deleteActivities($customer_id);
113:
114: $this->load->model('account/address');
115:
116: $this->model_account_address->deleteAddresses($customer_id);
117:
118: $this->load->model('account/affiliate');
119:
120: $this->model_account_affiliate->deleteAffiliate($customer_id);
121:
122: $this->load->model('account/approval');
123:
124: $this->model_account_approval->deleteApprovals($customer_id);
125:
126: $this->load->model('account/reward');
127:
128: $this->model_account_reward->deleteRewards($customer_id);
129:
130: $this->load->model('account/transaction');
131:
132: $this->model_account_transaction->deleteTransactions($customer_id);
133:
134: $this->load->model('account/wishlist');
135:
136: $this->model_account_wishlist->deleteWishlists($customer_id);
137:
138: $this->deleteHistories($customer_id);
139: $this->deleteIps($customer_id);
140: $this->deleteAuthorizes($customer_id);
141: }
142:
143: /**
144: * Get Customer
145: *
146: * @param int $customer_id
147: *
148: * @return array<string, mixed>
149: */
150: public function getCustomer(int $customer_id): array {
151: $query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "customer` WHERE `customer_id` = '" . (int)$customer_id . "'");
152:
153: if ($query->num_rows) {
154: return $query->row + ['custom_field' => json_decode($query->row['custom_field'], true)];
155: } else {
156: return [];
157: }
158: }
159:
160: /**
161: * Get Customer By Email
162: *
163: * @param string $email
164: *
165: * @return array<string, mixed>
166: */
167: public function getCustomerByEmail(string $email): array {
168: $query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "customer` WHERE LCASE(`email`) = '" . $this->db->escape(oc_strtolower($email)) . "'");
169:
170: if ($query->num_rows) {
171: return $query->row + ['custom_field' => json_decode($query->row['custom_field'], true)];
172: } else {
173: return [];
174: }
175: }
176:
177: /**
178: * Get Customer By Code
179: *
180: * @param string $code
181: *
182: * @return array<string, mixed>
183: */
184: public function getCustomerByCode(string $code): array {
185: $query = $this->db->query("SELECT `customer_id`, `firstname`, `lastname`, `email` FROM `" . DB_PREFIX . "customer` WHERE `code` = '" . $this->db->escape($code) . "' AND `code` != ''");
186:
187: if ($query->num_rows) {
188: return $query->row + ['custom_field' => json_decode($query->row['custom_field'], true)];
189: } else {
190: return [];
191: }
192: }
193:
194: /**
195: * Get Customer By Token
196: *
197: * @param string $token
198: *
199: * @return array<string, mixed>
200: */
201: public function getCustomerByToken(string $token): array {
202: $query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "customer` WHERE `token` = '" . $this->db->escape($token) . "' AND `token` != ''");
203:
204: if ($query->num_rows) {
205: $this->db->query("UPDATE `" . DB_PREFIX . "customer` SET `token` = '' WHERE `customer_id` = '" . (int)$query->row['customer_id'] . "'");
206:
207: return $query->row + ['custom_field' => json_decode($query->row['custom_field'], true)];
208: } else {
209: return [];
210: }
211: }
212:
213: /**
214: * Get Total Customers By Email
215: *
216: * @param string $email
217: *
218: * @return int
219: */
220: public function getTotalCustomersByEmail(string $email): int {
221: $query = $this->db->query("SELECT COUNT(*) AS `total` FROM `" . DB_PREFIX . "customer` WHERE LCASE(`email`) = '" . $this->db->escape(oc_strtolower($email)) . "'");
222:
223: return (int)$query->row['total'];
224: }
225:
226: /**
227: * Delete Customer History
228: *
229: * @param int $customer_id
230: *
231: * @return void
232: */
233: public function deleteHistory(int $customer_id): void {
234: $this->db->query("DELETE FROM `" . DB_PREFIX . "customer_history` WHERE `customer_id` = '" . (int)$customer_id . "'");
235: }
236:
237: /**
238: * Delete Ip
239: *
240: * @param int $customer_id
241: *
242: * @return void
243: */
244: public function deleteIp(int $customer_id): void {
245: $this->db->query("DELETE FROM `" . DB_PREFIX . "customer_ip` WHERE `customer_id` = '" . (int)$customer_id . "'");
246: }
247:
248: /**
249: * Get Ips
250: *
251: * @param int $customer_id
252: *
253: * @return array<int, array<string, mixed>>
254: */
255: public function getIps(int $customer_id): array {
256: $query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "customer_ip` WHERE `customer_id` = '" . (int)$customer_id . "'");
257:
258: return $query->rows;
259: }
260:
261: /**
262: * Get Total Ips
263: *
264: * @param int $customer_id
265: *
266: * @return int
267: */
268: public function getTotalIps(int $customer_id): int {
269: $query = $this->db->query("SELECT COUNT(*) AS `total` FROM `" . DB_PREFIX . "customer_ip` WHERE `customer_id` = '" . (int)$customer_id . "'");
270:
271: return (int)$query->row['total'];
272: }
273:
274: /**
275: * Add Login
276: *
277: * @param int $customer_id
278: * @param string $ip
279: * @param string $country
280: *
281: * @return void
282: */
283: public function addLogin(int $customer_id, string $ip, string $country = ''): void {
284: $this->db->query("INSERT INTO `" . DB_PREFIX . "customer_ip` SET `customer_id` = '" . (int)$customer_id . "', `store_id` = '" . (int)$this->config->get('config_store_id') . "', `ip` = '" . $this->db->escape($ip) . "', `country` = '" . $this->db->escape($country) . "', `date_added` = NOW()");
285: }
286:
287: /**
288: * Add Login Attempt
289: *
290: * @param string $email
291: *
292: * @return void
293: */
294: public function addLoginAttempt(string $email): void {
295: $query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "customer_login` WHERE LCASE(`email`) = '" . $this->db->escape(oc_strtolower((string)$email)) . "' AND `ip` = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "'");
296:
297: if (!$query->num_rows) {
298: $this->db->query("INSERT INTO `" . DB_PREFIX . "customer_login` SET `email` = '" . $this->db->escape(oc_strtolower((string)$email)) . "', `ip` = '" . $this->db->escape($this->request->server['REMOTE_ADDR']) . "', `total` = '1', `date_added` = '" . $this->db->escape(date('Y-m-d H:i:s')) . "', `date_modified` = '" . $this->db->escape(date('Y-m-d H:i:s')) . "'");
299: } else {
300: $this->db->query("UPDATE `" . DB_PREFIX . "customer_login` SET `total` = (`total` + 1), `date_modified` = '" . $this->db->escape(date('Y-m-d H:i:s')) . "' WHERE `customer_login_id` = '" . (int)$query->row['customer_login_id'] . "'");
301: }
302: }
303:
304: /**
305: * Delete Customer Login Attempts
306: *
307: * @param string $email
308: *
309: * @return void
310: */
311: public function deleteLoginAttempts(string $email): void {
312: $this->db->query("DELETE FROM `" . DB_PREFIX . "customer_login` WHERE LCASE(`email`) = '" . $this->db->escape(oc_strtolower($email)) . "'");
313: }
314:
315: /**
316: * Get Login Attempts
317: *
318: * @param string $email
319: *
320: * @return array<string, mixed>
321: */
322: public function getLoginAttempts(string $email): array {
323: $query = $this->db->query("SELECT * FROM `" . DB_PREFIX . "customer_login` WHERE LCASE(`email`) = '" . $this->db->escape(oc_strtolower($email)) . "'");
324:
325: return $query->row;
326: }
327:
328: /**
329: * Add Authorize
330: *
331: * @param int $customer_id
332: * @param array<string, mixed> $data
333: *
334: * @return void
335: */
336: public function addAuthorize(int $customer_id, array $data): void {
337: $this->db->query("INSERT INTO `" . DB_PREFIX . "customer_authorize` SET `customer_id` = '" . (int)$customer_id . "', `token` = '" . $this->db->escape($data['token']) . "', `ip` = '" . $this->db->escape($data['ip']) . "', `user_agent` = '" . $this->db->escape($data['user_agent']) . "', `date_added` = NOW()");
338: }
339:
340: /**
341: * Edit Authorize Status
342: *
343: * @param int $customer_authorize_id
344: * @param bool $status
345: *
346: * @return void
347: */
348: public function editAuthorizeStatus(int $customer_authorize_id, bool $status): void {
349: $this->db->query("UPDATE `" . DB_PREFIX . "customer_authorize` SET `status` = '" . (bool)$status . "' WHERE `customer_authorize_id` = '" . (int)$customer_authorize_id . "'");
350: }
351:
352: /**
353: * Edit Authorize Total
354: *
355: * @param int $customer_authorize_id
356: * @param int $total
357: *
358: * @return void
359: */
360: public function editAuthorizeTotal(int $customer_authorize_id, int $total): void {
361: $this->db->query("UPDATE `" . DB_PREFIX . "customer_authorize` SET `total` = '" . (int)$total . "' WHERE `customer_authorize_id` = '" . (int)$customer_authorize_id . "'");
362: }
363:
364: /**
365: * Delete Customer Authorize
366: *
367: * @param int $customer_id
368: * @param int $customer_authorize_id
369: *
370: * @return void
371: */
372: public function deleteAuthorize(int $customer_id, int $customer_authorize_id = 0): void {
373: $sql = "DELETE FROM `" . DB_PREFIX . "customer_authorize` WHERE `customer_id` = '" . (int)$customer_id . "'";
374:
375: if ($customer_authorize_id) {
376: $sql .= " AND `customer_authorize_id` = '" . (int)$customer_authorize_id . "'";
377: }
378:
379: $this->db->query($sql);
380: }
381:
382: /**
383: * Get Authorize By Token
384: *
385: * @param int $customer_id
386: * @param string $token
387: *
388: * @return array<string, mixed>
389: */
390: public function getAuthorizeByToken(int $customer_id, string $token): array {
391: $query = $this->db->query("SELECT *, (SELECT SUM(`total`) FROM `" . DB_PREFIX . "customer_authorize` WHERE `customer_id` = '" . (int)$customer_id . "') AS `attempts` FROM `" . DB_PREFIX . "customer_authorize` WHERE `customer_id` = '" . (int)$customer_id . "' AND `token` = '" . $this->db->escape($token) . "'");
392:
393: return $query->row;
394: }
395:
396: /**
397: * Reset Customer Authorizes
398: *
399: * @param int $customer_id
400: *
401: * @return void
402: */
403: public function resetAuthorizes(int $customer_id): void {
404: $this->db->query("UPDATE `" . DB_PREFIX . "customer_authorize` SET `total` = '0' WHERE `customer_id` = '" . (int)$customer_id . "'");
405: }
406: }
407: