ModelCustomerCustomer   F
last analyzed

Complexity

Total Complexity 96

Size/Duplication

Total Lines 811
Duplicated Lines 0 %

Importance

Changes 0
Metric Value
eloc 386
c 0
b 0
f 0
dl 0
loc 811
rs 2
wmc 96

36 Methods

Rating   Name   Duplication   Size   Complexity  
A getAddresses() 0 19 3
A getCustomerByEmail() 0 9 1
A editToken() 0 6 1
A getTransactions() 0 17 3
A getTotalCustomersByIp() 0 9 1
A getTotalIps() 0 9 1
A getTotalHistories() 0 9 1
A approve() 0 50 3
F getTotalCustomers() 0 48 13
A deleteTransaction() 0 6 1
A getTotalRewards() 0 9 1
A deleteReward() 0 6 1
A getHistories() 0 20 3
A getRewards() 0 10 1
A getTotalCustomersByCustomerGroupId() 0 8 1
F getCustomers() 0 86 21
A addHistory() 0 6 1
A addReward() 0 36 2
A getTotalAddressesByCustomerId() 0 8 1
A getTotalAddressesByZoneId() 0 8 1
A getTotalTransactionsByOrderId() 0 9 1
A getIps() 0 18 3
A getTotalAddressesByCountryId() 0 8 1
A getTotalTransactions() 0 9 1
A getTransactionTotal() 0 9 1
A getRewardTotal() 0 9 1
A getTotalCustomerRewardsByOrderId() 0 10 1
A getCustomer() 0 9 1
B addCustomer() 0 52 6
A getAddress() 0 60 4
B editCustomer() 0 66 9
A deleteCustomer() 0 26 1
A getTotalLoginAttempts() 0 9 1
A deleteLoginAttempts() 0 6 1
A getTotalCustomersAwaitingApproval() 0 8 1
A addTransaction() 0 36 2

How to fix   Complexity   

Complex Class

Complex classes like ModelCustomerCustomer often do a lot of different things. To break such a class down, we need to identify a cohesive component within that class. A common approach to find such a component is to look for fields/methods that share the same prefixes, or suffixes.

Once you have determined the fields that belong together, you can apply the Extract Class refactoring. If the component makes sense as a sub-class, Extract Subclass is also a candidate, and is often faster.

While breaking up the class, it is a good idea to analyze how other classes use ModelCustomerCustomer, and based on these observations, apply Extract Interface, too.

1
<?php
2
3
/* 	Divine CMS - Open source CMS for widespread use.
4
    Copyright (c) 2019 Mykola Burakov ([email protected])
5
6
    See SOURCE.txt for other and additional information.
7
8
    This file is part of Divine CMS.
9
10
    This program is free software: you can redistribute it and/or modify
11
    it under the terms of the GNU General Public License as published by
12
    the Free Software Foundation, either version 3 of the License, or
13
    (at your option) any later version.
14
15
    This program is distributed in the hope that it will be useful,
16
    but WITHOUT ANY WARRANTY; without even the implied warranty of
17
    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
18
    GNU General Public License for more details.
19
20
    You should have received a copy of the GNU General Public License
21
    along with this program. If not, see <http://www.gnu.org/licenses/>. */
22
23
class ModelCustomerCustomer extends \Divine\Engine\Core\Model
0 ignored issues
show
Coding Style Compatibility introduced by
PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions.

You can fix this by adding a namespace to your class:

namespace YourVendor;

class YourClass { }

When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries.

Loading history...
24
{
25
    public function addCustomer($data)
0 ignored issues
show
Coding Style introduced by
Expected 2 blank lines before function; 0 found
Loading history...
26
    {
27
        $this->db->query("
28
            INSERT INTO customer 
29
            SET customer_group_id = '" . (int)$data['customer_group_id'] . "', 
30
                firstname = '" . $this->db->escape($data['firstname']) . "', 
31
                lastname = '" . $this->db->escape($data['lastname']) . "', 
32
                email = '" . $this->db->escape($data['email']) . "', 
33
                telephone = '" . $this->db->escape($data['telephone']) . "', 
34
                fax = '" . $this->db->escape($data['fax']) . "', 
35
                custom_field = '" . $this->db->escape(isset($data['custom_field']) ? json_encode($data['custom_field']) : '') . "', 
36
                newsletter = '" . (int)$data['newsletter'] . "', 
37
                salt = '" . $this->db->escape($salt = (new \Tokenly\TokenGenerator\TokenGenerator())->generateToken(9, 'SR')) . "', 
38
                password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($data['password'])))) . "', 
39
                status = '" . (int)$data['status'] . "', 
40
                approved = '" . (int)$data['approved'] . "', 
41
                safe = '" . (int)$data['safe'] . "', 
42
                date_added = NOW()
43
        ");
44
45
        $customer_id = $this->db->getLastId();
46
47
        if (isset($data['address'])) {
48
            foreach ($data['address'] as $address) {
49
                $this->db->query("
50
                    INSERT INTO address 
51
                    SET customer_id = '" . (int)$customer_id . "', 
52
                        firstname = '" . $this->db->escape($address['firstname']) . "', 
53
                        lastname = '" . $this->db->escape($address['lastname']) . "', 
54
                        company = '" . $this->db->escape($address['company']) . "', 
55
                        address_1 = '" . $this->db->escape($address['address_1']) . "', 
56
                        address_2 = '" . $this->db->escape($address['address_2']) . "', 
57
                        city = '" . $this->db->escape($address['city']) . "', 
58
                        postcode = '" . $this->db->escape($address['postcode']) . "', 
59
                        country_id = '" . (int)$address['country_id'] . "', 
60
                        zone_id = '" . (int)$address['zone_id'] . "', 
61
                        custom_field = '" . $this->db->escape(isset($address['custom_field']) ? json_encode($address['custom_field']) : '') . "'
62
                ");
63
64
                if (isset($address['default'])) {
65
                    $address_id = $this->db->getLastId();
66
67
                    $this->db->query("
68
                        UPDATE customer 
69
                        SET address_id = '" . (int)$address_id . "' 
70
                        WHERE customer_id = '" . (int)$customer_id . "'
71
                    ");
72
                }
73
            }
74
        }
75
76
        return $customer_id;
77
    }
78
79
    public function editCustomer($customer_id, $data)
80
    {
81
        if (!isset($data['custom_field'])) {
82
            $data['custom_field'] = array();
83
        }
84
85
        $this->db->query("
86
            UPDATE customer 
87
            SET customer_group_id = '" . (int)$data['customer_group_id'] . "', 
88
                firstname = '" . $this->db->escape($data['firstname']) . "', 
89
                lastname = '" . $this->db->escape($data['lastname']) . "', 
90
                email = '" . $this->db->escape($data['email']) . "', 
91
                telephone = '" . $this->db->escape($data['telephone']) . "', 
92
                fax = '" . $this->db->escape($data['fax']) . "', 
93
                custom_field = '" . $this->db->escape(isset($data['custom_field']) ? json_encode($data['custom_field']) : '') . "', 
94
                newsletter = '" . (int)$data['newsletter'] . "', 
95
                status = '" . (int)$data['status'] . "', 
96
                approved = '" . (int)$data['approved'] . "', 
97
                safe = '" . (int)$data['safe'] . "' 
98
            WHERE customer_id = '" . (int)$customer_id . "'
99
        ");
100
101
        if ($data['password']) {
102
            $this->db->query("
103
                UPDATE customer 
104
                SET salt = '" . $this->db->escape($salt = (new \Tokenly\TokenGenerator\TokenGenerator())->generateToken(9, 'SR')) . "', 
105
                    password = '" . $this->db->escape(sha1($salt . sha1($salt . sha1($data['password'])))) . "' 
106
                WHERE customer_id = '" . (int)$customer_id . "'
107
            ");
108
        }
109
110
        $this->db->query("
111
            DELETE 
112
			FROM address 
113
            WHERE customer_id = '" . (int)$customer_id . "'
114
        ");
115
116
        if (isset($data['address'])) {
117
            foreach ($data['address'] as $address) {
118
                if (!isset($address['custom_field'])) {
119
                    $address['custom_field'] = array();
120
                }
121
122
                $this->db->query("
123
                    INSERT INTO address 
124
                    SET address_id = '" . (int)$address['address_id'] . "', 
125
                        customer_id = '" . (int)$customer_id . "', 
126
                        firstname = '" . $this->db->escape($address['firstname']) . "', 
127
                        lastname = '" . $this->db->escape($address['lastname']) . "', 
128
                        company = '" . $this->db->escape($address['company']) . "', 
129
                        address_1 = '" . $this->db->escape($address['address_1']) . "', 
130
                        address_2 = '" . $this->db->escape($address['address_2']) . "', 
131
                        city = '" . $this->db->escape($address['city']) . "', 
132
                        postcode = '" . $this->db->escape($address['postcode']) . "', 
133
                        country_id = '" . (int)$address['country_id'] . "', 
134
                        zone_id = '" . (int)$address['zone_id'] . "', 
135
                        custom_field = '" . $this->db->escape(isset($address['custom_field']) ? json_encode($address['custom_field']) : '') . "'
136
                ");
137
138
                if (isset($address['default'])) {
139
                    $address_id = $this->db->getLastId();
140
141
                    $this->db->query("
142
                        UPDATE customer 
143
                        SET address_id = '" . (int)$address_id . "' 
144
                        WHERE customer_id = '" . (int)$customer_id . "'
145
                    ");
146
                }
147
            }
148
        }
149
    }
150
151
    public function editToken($customer_id, $token)
152
    {
153
        $this->db->query("
154
            UPDATE customer 
155
            SET token = '" . $this->db->escape($token) . "' 
156
            WHERE customer_id = '" . (int)$customer_id . "'
157
        ");
158
    }
159
160
    public function deleteCustomer($customer_id)
161
    {
162
        $this->db->query("
163
        	DELETE 
164
			FROM customer 
165
        	WHERE customer_id = '" . (int)$customer_id . "'
166
        ");
167
        $this->db->query("
168
        	DELETE 
169
			FROM customer_reward 
170
        	WHERE customer_id = '" . (int)$customer_id . "'
171
        ");
172
        $this->db->query("
173
        	DELETE 
174
			FROM customer_transaction 
175
        	WHERE customer_id = '" . (int)$customer_id . "'
176
        ");
177
        $this->db->query("
178
        	DELETE 
179
			FROM customer_ip 
180
        	WHERE customer_id = '" . (int)$customer_id . "'
181
        ");
182
        $this->db->query("
183
        	DELETE 
184
			FROM address 
185
        	WHERE customer_id = '" . (int)$customer_id . "'
186
        ");
187
    }
188
189
    public function getCustomer($customer_id)
190
    {
191
        $query = $this->db->query("
192
            SELECT DISTINCT * 
193
            FROM customer 
194
            WHERE customer_id = '" . (int)$customer_id . "'
195
        ");
196
197
        return $query->row;
198
    }
199
200
    public function getCustomerByEmail($email)
201
    {
202
        $query = $this->db->query("
203
            SELECT DISTINCT * 
204
            FROM customer 
205
            WHERE LCASE(email) = '" . $this->db->escape(\voku\helper\UTF8::strtolower($email)) . "'
206
        ");
207
208
        return $query->row;
209
    }
210
211
    public function getCustomers($data = array())
212
    {
213
        $sql = "
214
            SELECT *, 
215
                CONCAT(c.firstname, ' ', c.lastname) AS name, 
216
                cgd.name AS customer_group 
217
            FROM customer c 
218
            LEFT JOIN customer_group_description cgd ON (c.customer_group_id = cgd.customer_group_id) 
219
            WHERE cgd.language_id = '" . (int)$this->config->get('config_language_id') . "'
220
        ";
221
222
        $implode = array();
223
224
        if (!empty($data['filter_name'])) {
225
            $implode[] = "CONCAT(c.firstname, ' ', c.lastname) LIKE '%" . $this->db->escape($data['filter_name']) . "%'";
226
        }
227
228
        if (!empty($data['filter_email'])) {
229
            $implode[] = "c.email LIKE '" . $this->db->escape($data['filter_email']) . "%'";
230
        }
231
232
        if (isset($data['filter_newsletter']) && !is_null($data['filter_newsletter'])) {
233
            $implode[] = "c.newsletter = '" . (int)$data['filter_newsletter'] . "'";
234
        }
235
236
        if (!empty($data['filter_customer_group_id'])) {
237
            $implode[] = "c.customer_group_id = '" . (int)$data['filter_customer_group_id'] . "'";
238
        }
239
240
        if (!empty($data['filter_ip'])) {
241
            $implode[] = "c.customer_id IN (SELECT customer_id FROM customer_ip WHERE ip = '" . $this->db->escape($data['filter_ip']) . "')";
242
        }
243
244
        if (isset($data['filter_status']) && !is_null($data['filter_status'])) {
245
            $implode[] = "c.status = '" . (int)$data['filter_status'] . "'";
246
        }
247
248
        if (isset($data['filter_approved']) && !is_null($data['filter_approved'])) {
249
            $implode[] = "c.approved = '" . (int)$data['filter_approved'] . "'";
250
        }
251
252
        if (!empty($data['filter_date_added'])) {
253
            $implode[] = "DATE(c.date_added) = DATE('" . $this->db->escape($data['filter_date_added']) . "')";
254
        }
255
256
        if ($implode) {
257
            $sql .= " AND " . implode(" AND ", $implode);
0 ignored issues
show
Coding Style Comprehensibility introduced by
The string literal AND does not require double quotes, as per coding-style, please use single quotes.

PHP provides two ways to mark string literals. Either with single quotes 'literal' or with double quotes "literal". The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences.

String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (\') and the backslash (\\). Every other character is displayed as is.

Double quoted string literals may contain other variables or more complex escape sequences.

<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;

will print an indented: Single is Value

If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear.

For more information on PHP string literals and available escape sequences see the PHP core documentation.

Loading history...
258
        }
259
260
        $sort_data = array(
261
            'name',
262
            'c.email',
263
            'customer_group',
264
            'c.status',
265
            'c.approved',
266
            'c.ip',
267
            'c.date_added'
268
        );
269
270
        if (isset($data['sort']) && in_array($data['sort'], $sort_data)) {
271
            $sql .= " ORDER BY " . $data['sort'];
0 ignored issues
show
Coding Style Comprehensibility introduced by
The string literal ORDER BY does not require double quotes, as per coding-style, please use single quotes.

PHP provides two ways to mark string literals. Either with single quotes 'literal' or with double quotes "literal". The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences.

String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (\') and the backslash (\\). Every other character is displayed as is.

Double quoted string literals may contain other variables or more complex escape sequences.

<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;

will print an indented: Single is Value

If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear.

For more information on PHP string literals and available escape sequences see the PHP core documentation.

Loading history...
272
        } else {
273
            $sql .= " ORDER BY name";
0 ignored issues
show
Coding Style Comprehensibility introduced by
The string literal ORDER BY name does not require double quotes, as per coding-style, please use single quotes.

PHP provides two ways to mark string literals. Either with single quotes 'literal' or with double quotes "literal". The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences.

String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (\') and the backslash (\\). Every other character is displayed as is.

Double quoted string literals may contain other variables or more complex escape sequences.

<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;

will print an indented: Single is Value

If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear.

For more information on PHP string literals and available escape sequences see the PHP core documentation.

Loading history...
274
        }
275
276
        if (isset($data['order']) && ($data['order'] == 'DESC')) {
277
            $sql .= " DESC";
0 ignored issues
show
Coding Style Comprehensibility introduced by
The string literal DESC does not require double quotes, as per coding-style, please use single quotes.

PHP provides two ways to mark string literals. Either with single quotes 'literal' or with double quotes "literal". The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences.

String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (\') and the backslash (\\). Every other character is displayed as is.

Double quoted string literals may contain other variables or more complex escape sequences.

<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;

will print an indented: Single is Value

If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear.

For more information on PHP string literals and available escape sequences see the PHP core documentation.

Loading history...
278
        } else {
279
            $sql .= " ASC";
0 ignored issues
show
Coding Style Comprehensibility introduced by
The string literal ASC does not require double quotes, as per coding-style, please use single quotes.

PHP provides two ways to mark string literals. Either with single quotes 'literal' or with double quotes "literal". The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences.

String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (\') and the backslash (\\). Every other character is displayed as is.

Double quoted string literals may contain other variables or more complex escape sequences.

<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;

will print an indented: Single is Value

If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear.

For more information on PHP string literals and available escape sequences see the PHP core documentation.

Loading history...
280
        }
281
282
        if (isset($data['start']) || isset($data['limit'])) {
283
            if ($data['start'] < 0) {
284
                $data['start'] = 0;
285
            }
286
287
            if ($data['limit'] < 1) {
288
                $data['limit'] = 20;
289
            }
290
291
            $sql .= " LIMIT " . (int)$data['start'] . "," . (int)$data['limit'];
0 ignored issues
show
Coding Style Comprehensibility introduced by
The string literal LIMIT does not require double quotes, as per coding-style, please use single quotes.

PHP provides two ways to mark string literals. Either with single quotes 'literal' or with double quotes "literal". The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences.

String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (\') and the backslash (\\). Every other character is displayed as is.

Double quoted string literals may contain other variables or more complex escape sequences.

<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;

will print an indented: Single is Value

If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear.

For more information on PHP string literals and available escape sequences see the PHP core documentation.

Loading history...
Coding Style Comprehensibility introduced by
The string literal , does not require double quotes, as per coding-style, please use single quotes.

PHP provides two ways to mark string literals. Either with single quotes 'literal' or with double quotes "literal". The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences.

String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (\') and the backslash (\\). Every other character is displayed as is.

Double quoted string literals may contain other variables or more complex escape sequences.

<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;

will print an indented: Single is Value

If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear.

For more information on PHP string literals and available escape sequences see the PHP core documentation.

Loading history...
292
        }
293
294
        $query = $this->db->query($sql);
295
296
        return $query->rows;
297
    }
298
299
    public function approve($customer_id)
300
    {
301
        $customer_info = $this->getCustomer($customer_id);
302
303
        if ($customer_info) {
304
            $this->db->query("
305
                UPDATE customer 
306
                SET approved = '1' 
307
                WHERE customer_id = '" . (int)$customer_id . "'
308
            ");
309
310
            $store_name = $this->config->get('config_name');
311
            $store_url = '/index.php?route=account/login';
312
313
            $this->load->model('localisation/language');
314
315
            $language_info = $this->model_localisation_language->getLanguage($customer_info['language_id']);
316
317
            if ($language_info) {
318
                $language_code = $language_info['code'];
319
            } else {
320
                $language_code = $this->config->get('config_language');
321
            }
322
323
            $language = new \Divine\Engine\Library\Language($language_code);
324
            $language->load($language_code);
325
            $language->load('mail/customer');
326
327
            $message  = sprintf($language->get('text_approve_welcome'), html_entity_decode($store_name, ENT_QUOTES, 'UTF-8')) . "\n\n";
328
            $message .= $language->get('text_approve_login') . "\n";
329
            $message .= $store_url . "\n\n";
330
            $message .= $language->get('text_approve_services') . "\n\n";
331
            $message .= $language->get('text_approve_thanks') . "\n";
332
            $message .= html_entity_decode($store_name, ENT_QUOTES, 'UTF-8');
333
334
            $mail = new \Divine\Engine\Library\Mail();
335
            $mail->protocol = $this->config->get('config_mail_protocol');
336
            $mail->parameter = $this->config->get('config_mail_parameter');
337
            $mail->smtp_hostname = $this->config->get('config_mail_smtp_hostname');
338
            $mail->smtp_username = $this->config->get('config_mail_smtp_username');
339
            $mail->smtp_password = html_entity_decode($this->config->get('config_mail_smtp_password'), ENT_QUOTES, 'UTF-8');
340
            $mail->smtp_port = $this->config->get('config_mail_smtp_port');
341
            $mail->smtp_timeout = $this->config->get('config_mail_smtp_timeout');
342
343
            $mail->setTo($customer_info['email']);
344
            $mail->setFrom($this->config->get('config_email'));
345
            $mail->setSender(html_entity_decode($store_name, ENT_QUOTES, 'UTF-8'));
346
            $mail->setSubject(sprintf($language->get('text_approve_subject'), html_entity_decode($store_name, ENT_QUOTES, 'UTF-8')));
347
            $mail->setText($message);
348
            $mail->send();
349
        }
350
    }
351
352
    public function getAddress($address_id)
353
    {
354
        $address_query = $this->db->query("
355
            SELECT * 
356
            FROM address 
357
            WHERE address_id = '" . (int)$address_id . "'
358
        ");
359
360
        if ($address_query->num_rows) {
361
            $country_query = $this->db->query("
362
                SELECT * 
363
                FROM `country` 
364
                WHERE country_id = '" . (int)$address_query->row['country_id'] . "'
365
            ");
366
367
            if ($country_query->num_rows) {
368
                $country = $country_query->row['name'];
369
                $iso_code_2 = $country_query->row['iso_code_2'];
370
                $iso_code_3 = $country_query->row['iso_code_3'];
371
                $address_format = $country_query->row['address_format'];
372
            } else {
373
                $country = '';
374
                $iso_code_2 = '';
375
                $iso_code_3 = '';
376
                $address_format = '';
377
            }
378
379
            $zone_query = $this->db->query("
380
                SELECT * 
381
                FROM `zone` 
382
                WHERE zone_id = '" . (int)$address_query->row['zone_id'] . "'
383
            ");
384
385
            if ($zone_query->num_rows) {
386
                $zone = $zone_query->row['name'];
387
                $zone_code = $zone_query->row['code'];
388
            } else {
389
                $zone = '';
390
                $zone_code = '';
391
            }
392
393
            return array(
394
                'address_id'     => $address_query->row['address_id'],
395
                'customer_id'    => $address_query->row['customer_id'],
396
                'firstname'      => $address_query->row['firstname'],
397
                'lastname'       => $address_query->row['lastname'],
398
                'company'        => $address_query->row['company'],
399
                'address_1'      => $address_query->row['address_1'],
400
                'address_2'      => $address_query->row['address_2'],
401
                'postcode'       => $address_query->row['postcode'],
402
                'city'           => $address_query->row['city'],
403
                'zone_id'        => $address_query->row['zone_id'],
404
                'zone'           => $zone,
405
                'zone_code'      => $zone_code,
406
                'country_id'     => $address_query->row['country_id'],
407
                'country'        => $country,
408
                'iso_code_2'     => $iso_code_2,
409
                'iso_code_3'     => $iso_code_3,
410
                'address_format' => $address_format,
411
                'custom_field'   => json_decode($address_query->row['custom_field'], true)
412
            );
413
        }
414
    }
415
416
    public function getAddresses($customer_id)
417
    {
418
        $address_data = array();
419
420
        $query = $this->db->query("
421
            SELECT address_id 
422
            FROM address 
423
            WHERE customer_id = '" . (int)$customer_id . "'
424
        ");
425
426
        foreach ($query->rows as $result) {
427
            $address_info = $this->getAddress($result['address_id']);
428
429
            if ($address_info) {
430
                $address_data[$result['address_id']] = $address_info;
431
            }
432
        }
433
434
        return $address_data;
435
    }
436
437
    public function getTotalCustomers($data = array())
438
    {
439
        $sql = "
0 ignored issues
show
Coding Style Comprehensibility introduced by
The string literal \n SELECT COU...FROM customer\n does not require double quotes, as per coding-style, please use single quotes.

PHP provides two ways to mark string literals. Either with single quotes 'literal' or with double quotes "literal". The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences.

String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (\') and the backslash (\\). Every other character is displayed as is.

Double quoted string literals may contain other variables or more complex escape sequences.

<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;

will print an indented: Single is Value

If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear.

For more information on PHP string literals and available escape sequences see the PHP core documentation.

Loading history...
440
            SELECT COUNT(*) AS total 
441
            FROM customer
442
        ";
443
444
        $implode = array();
445
446
        if (!empty($data['filter_name'])) {
447
            $implode[] = "CONCAT(firstname, ' ', lastname) LIKE '%" . $this->db->escape($data['filter_name']) . "%'";
448
        }
449
450
        if (!empty($data['filter_email'])) {
451
            $implode[] = "email LIKE '" . $this->db->escape($data['filter_email']) . "%'";
452
        }
453
454
        if (isset($data['filter_newsletter']) && !is_null($data['filter_newsletter'])) {
455
            $implode[] = "newsletter = '" . (int)$data['filter_newsletter'] . "'";
456
        }
457
458
        if (!empty($data['filter_customer_group_id'])) {
459
            $implode[] = "customer_group_id = '" . (int)$data['filter_customer_group_id'] . "'";
460
        }
461
462
        if (!empty($data['filter_ip'])) {
463
            $implode[] = "customer_id IN (SELECT customer_id FROM customer_ip WHERE ip = '" . $this->db->escape($data['filter_ip']) . "')";
464
        }
465
466
        if (isset($data['filter_status']) && !is_null($data['filter_status'])) {
467
            $implode[] = "status = '" . (int)$data['filter_status'] . "'";
468
        }
469
470
        if (isset($data['filter_approved']) && !is_null($data['filter_approved'])) {
471
            $implode[] = "approved = '" . (int)$data['filter_approved'] . "'";
472
        }
473
474
        if (!empty($data['filter_date_added'])) {
475
            $implode[] = "DATE(date_added) = DATE('" . $this->db->escape($data['filter_date_added']) . "')";
476
        }
477
478
        if ($implode) {
479
            $sql .= " WHERE " . implode(" AND ", $implode);
0 ignored issues
show
Coding Style Comprehensibility introduced by
The string literal WHERE does not require double quotes, as per coding-style, please use single quotes.

PHP provides two ways to mark string literals. Either with single quotes 'literal' or with double quotes "literal". The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences.

String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (\') and the backslash (\\). Every other character is displayed as is.

Double quoted string literals may contain other variables or more complex escape sequences.

<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;

will print an indented: Single is Value

If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear.

For more information on PHP string literals and available escape sequences see the PHP core documentation.

Loading history...
Coding Style Comprehensibility introduced by
The string literal AND does not require double quotes, as per coding-style, please use single quotes.

PHP provides two ways to mark string literals. Either with single quotes 'literal' or with double quotes "literal". The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences.

String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (\') and the backslash (\\). Every other character is displayed as is.

Double quoted string literals may contain other variables or more complex escape sequences.

<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;

will print an indented: Single is Value

If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear.

For more information on PHP string literals and available escape sequences see the PHP core documentation.

Loading history...
480
        }
481
482
        $query = $this->db->query($sql);
483
484
        return $query->row['total'];
485
    }
486
487
    public function getTotalCustomersAwaitingApproval()
488
    {
489
        $query = $this->db->query("
490
            SELECT COUNT(*) AS total 
491
            FROM customer WHERE status = '0' OR approved = '0'
492
        ");
493
494
        return $query->row['total'];
495
    }
496
497
    public function getTotalAddressesByCustomerId($customer_id)
498
    {
499
        $query = $this->db->query("
500
            SELECT COUNT(*) AS total 
501
            FROM address WHERE customer_id = '" . (int)$customer_id . "'
502
        ");
503
504
        return $query->row['total'];
505
    }
506
507
    public function getTotalAddressesByCountryId($country_id)
508
    {
509
        $query = $this->db->query("
510
            SELECT COUNT(*) AS total 
511
            FROM address WHERE country_id = '" . (int)$country_id . "'
512
        ");
513
514
        return $query->row['total'];
515
    }
516
517
    public function getTotalAddressesByZoneId($zone_id)
518
    {
519
        $query = $this->db->query("
520
            SELECT COUNT(*) AS total 
521
            FROM address WHERE zone_id = '" . (int)$zone_id . "'
522
        ");
523
524
        return $query->row['total'];
525
    }
526
527
    public function getTotalCustomersByCustomerGroupId($customer_group_id)
528
    {
529
        $query = $this->db->query("
530
            SELECT COUNT(*) AS total 
531
            FROM customer WHERE customer_group_id = '" . (int)$customer_group_id . "'
532
        ");
533
534
        return $query->row['total'];
535
    }
536
537
    public function addHistory($customer_id, $comment)
538
    {
539
        $this->db->query("
540
            INSERT INTO customer_history 
541
            SET customer_id = '" . (int)$customer_id . "', 
542
                comment = '" . $this->db->escape(strip_tags($comment)) . "', 
543
                date_added = NOW()
544
        ");
545
    }
546
547
    public function getHistories($customer_id, $start = 0, $limit = 10)
548
    {
549
        if ($start < 0) {
550
            $start = 0;
551
        }
552
553
        if ($limit < 1) {
554
            $limit = 10;
555
        }
556
557
        $query = $this->db->query("
558
            SELECT comment, 
559
                date_added 
560
            FROM customer_history 
561
            WHERE customer_id = '" . (int)$customer_id . "' 
562
            ORDER BY date_added DESC 
563
            LIMIT " . (int)$start . ",
0 ignored issues
show
Coding Style Comprehensibility introduced by
The string literal ,\n does not require double quotes, as per coding-style, please use single quotes.

PHP provides two ways to mark string literals. Either with single quotes 'literal' or with double quotes "literal". The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences.

String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (\') and the backslash (\\). Every other character is displayed as is.

Double quoted string literals may contain other variables or more complex escape sequences.

<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;

will print an indented: Single is Value

If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear.

For more information on PHP string literals and available escape sequences see the PHP core documentation.

Loading history...
564
        " . (int)$limit);
565
566
        return $query->rows;
567
    }
568
569
    public function getTotalHistories($customer_id)
570
    {
571
        $query = $this->db->query("
572
            SELECT COUNT(*) AS total 
573
            FROM customer_history 
574
            WHERE customer_id = '" . (int)$customer_id . "'
575
        ");
576
577
        return $query->row['total'];
578
    }
579
580
    public function addTransaction($customer_id, $description = '', $amount = '', $order_id = 0)
581
    {
582
        $customer_info = $this->getCustomer($customer_id);
583
584
        if ($customer_info) {
585
            $this->db->query("
586
                INSERT INTO customer_transaction 
587
                SET customer_id = '" . (int)$customer_id . "', 
588
                    order_id = '" . (int)$order_id . "', 
589
                    description = '" . $this->db->escape($description) . "', 
590
                    amount = '" . (float)$amount . "', 
591
                    date_added = NOW()
592
            ");
593
594
            $this->load->language('mail/customer');
595
596
            $store_name = $this->config->get('config_name');
597
598
            $message  = sprintf($this->language->get('text_transaction_received'), $this->currency->format($amount, $this->config->get('config_currency'))) . "\n\n";
599
            $message .= sprintf($this->language->get('text_transaction_total'), $this->currency->format($this->getTransactionTotal($customer_id), $this->session->data['currency']));
600
601
            $mail = new \Divine\Engine\Library\Mail();
602
            $mail->protocol = $this->config->get('config_mail_protocol');
603
            $mail->parameter = $this->config->get('config_mail_parameter');
604
            $mail->smtp_hostname = $this->config->get('config_mail_smtp_hostname');
605
            $mail->smtp_username = $this->config->get('config_mail_smtp_username');
606
            $mail->smtp_password = html_entity_decode($this->config->get('config_mail_smtp_password'), ENT_QUOTES, 'UTF-8');
607
            $mail->smtp_port = $this->config->get('config_mail_smtp_port');
608
            $mail->smtp_timeout = $this->config->get('config_mail_smtp_timeout');
609
610
            $mail->setTo($customer_info['email']);
611
            $mail->setFrom($this->config->get('config_email'));
612
            $mail->setSender(html_entity_decode($store_name, ENT_QUOTES, 'UTF-8'));
613
            $mail->setSubject(sprintf($this->language->get('text_transaction_subject'), html_entity_decode($this->config->get('config_name'), ENT_QUOTES, 'UTF-8')));
614
            $mail->setText($message);
615
            $mail->send();
616
        }
617
    }
618
619
    public function deleteTransaction($order_id)
620
    {
621
        $this->db->query("
622
            DELETE 
623
			FROM customer_transaction 
624
            WHERE order_id = '" . (int)$order_id . "'
625
        ");
626
    }
627
628
    public function getTransactions($customer_id, $start = 0, $limit = 10)
629
    {
630
        if ($start < 0) {
631
            $start = 0;
632
        }
633
634
        if ($limit < 1) {
635
            $limit = 10;
636
        }
637
638
        $query = $this->db->query("
639
            SELECT * FROM customer_transaction 
640
            WHERE customer_id = '" . (int)$customer_id . "' 
641
            ORDER BY date_added DESC LIMIT " . (int)$start . ",
0 ignored issues
show
Coding Style Comprehensibility introduced by
The string literal ,\n does not require double quotes, as per coding-style, please use single quotes.

PHP provides two ways to mark string literals. Either with single quotes 'literal' or with double quotes "literal". The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences.

String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (\') and the backslash (\\). Every other character is displayed as is.

Double quoted string literals may contain other variables or more complex escape sequences.

<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;

will print an indented: Single is Value

If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear.

For more information on PHP string literals and available escape sequences see the PHP core documentation.

Loading history...
642
        " . (int)$limit);
643
644
        return $query->rows;
645
    }
646
647
    public function getTotalTransactions($customer_id)
648
    {
649
        $query = $this->db->query("
650
            SELECT COUNT(*) AS total 
651
            FROM customer_transaction 
652
            WHERE customer_id = '" . (int)$customer_id . "'
653
        ");
654
655
        return $query->row['total'];
656
    }
657
658
    public function getTransactionTotal($customer_id)
659
    {
660
        $query = $this->db->query("
661
            SELECT SUM(amount) AS total 
662
            FROM customer_transaction 
663
            WHERE customer_id = '" . (int)$customer_id . "'
664
        ");
665
666
        return $query->row['total'];
667
    }
668
669
    public function getTotalTransactionsByOrderId($order_id)
670
    {
671
        $query = $this->db->query("
672
            SELECT COUNT(*) AS total 
673
            FROM customer_transaction 
674
            WHERE order_id = '" . (int)$order_id . "'
675
        ");
676
677
        return $query->row['total'];
678
    }
679
680
    public function addReward($customer_id, $description = '', $points = '', $order_id = 0)
681
    {
682
        $customer_info = $this->getCustomer($customer_id);
683
684
        if ($customer_info) {
685
            $this->db->query("
686
                INSERT INTO customer_reward 
687
                SET customer_id = '" . (int)$customer_id . "', 
688
                    order_id = '" . (int)$order_id . "', 
689
                    points = '" . (int)$points . "', 
690
                    description = '" . $this->db->escape($description) . "', 
691
                    date_added = NOW()
692
            ");
693
694
            $this->load->language('mail/customer');
695
696
            $store_name = $this->config->get('config_name');
697
698
            $message  = sprintf($this->language->get('text_reward_received'), $points) . "\n\n";
699
            $message .= sprintf($this->language->get('text_reward_total'), $this->getRewardTotal($customer_id));
700
701
            $mail = new \Divine\Engine\Library\Mail();
702
            $mail->protocol = $this->config->get('config_mail_protocol');
703
            $mail->parameter = $this->config->get('config_mail_parameter');
704
            $mail->smtp_hostname = $this->config->get('config_mail_smtp_hostname');
705
            $mail->smtp_username = $this->config->get('config_mail_smtp_username');
706
            $mail->smtp_password = html_entity_decode($this->config->get('config_mail_smtp_password'), ENT_QUOTES, 'UTF-8');
707
            $mail->smtp_port = $this->config->get('config_mail_smtp_port');
708
            $mail->smtp_timeout = $this->config->get('config_mail_smtp_timeout');
709
710
            $mail->setTo($customer_info['email']);
711
            $mail->setFrom($this->config->get('config_email'));
712
            $mail->setSender(html_entity_decode($store_name, ENT_QUOTES, 'UTF-8'));
713
            $mail->setSubject(sprintf($this->language->get('text_reward_subject'), html_entity_decode($store_name, ENT_QUOTES, 'UTF-8')));
714
            $mail->setText($message);
715
            $mail->send();
716
        }
717
    }
718
719
    public function deleteReward($order_id)
720
    {
721
        $this->db->query("
722
            DELETE 
723
			FROM customer_reward 
724
            WHERE order_id = '" . (int)$order_id . "' 
725
                AND points > 0
726
        ");
727
    }
728
729
    public function getRewards($customer_id, $start = 0, $limit = 10)
730
    {
731
        $query = $this->db->query("
732
            SELECT * 
733
            FROM customer_reward 
734
            WHERE customer_id = '" . (int)$customer_id . "' 
735
            ORDER BY date_added DESC LIMIT " . (int)$start . ",
0 ignored issues
show
Coding Style Comprehensibility introduced by
The string literal ,\n does not require double quotes, as per coding-style, please use single quotes.

PHP provides two ways to mark string literals. Either with single quotes 'literal' or with double quotes "literal". The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences.

String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (\') and the backslash (\\). Every other character is displayed as is.

Double quoted string literals may contain other variables or more complex escape sequences.

<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;

will print an indented: Single is Value

If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear.

For more information on PHP string literals and available escape sequences see the PHP core documentation.

Loading history...
736
        " . (int)$limit);
737
738
        return $query->rows;
739
    }
740
741
    public function getTotalRewards($customer_id)
742
    {
743
        $query = $this->db->query("
744
            SELECT COUNT(*) AS total 
745
            FROM customer_reward 
746
            WHERE customer_id = '" . (int)$customer_id . "'
747
        ");
748
749
        return $query->row['total'];
750
    }
751
752
    public function getRewardTotal($customer_id)
753
    {
754
        $query = $this->db->query("
755
            SELECT SUM(points) AS total 
756
            FROM customer_reward 
757
            WHERE customer_id = '" . (int)$customer_id . "'
758
        ");
759
760
        return $query->row['total'];
761
    }
762
763
    public function getTotalCustomerRewardsByOrderId($order_id)
764
    {
765
        $query = $this->db->query("
766
            SELECT COUNT(*) AS total 
767
            FROM customer_reward 
768
            WHERE order_id = '" . (int)$order_id . "' 
769
                AND points > 0
770
        ");
771
772
        return $query->row['total'];
773
    }
774
775
    public function getIps($customer_id, $start = 0, $limit = 10)
776
    {
777
        if ($start < 0) {
778
            $start = 0;
779
        }
780
        if ($limit < 1) {
781
            $limit = 10;
782
        }
783
784
        $query = $this->db->query("
785
            SELECT * 
786
            FROM customer_ip 
787
            WHERE customer_id = '" . (int)$customer_id . "' 
788
            ORDER BY date_added DESC 
789
            LIMIT " . (int)$start . ",
0 ignored issues
show
Coding Style Comprehensibility introduced by
The string literal ,\n does not require double quotes, as per coding-style, please use single quotes.

PHP provides two ways to mark string literals. Either with single quotes 'literal' or with double quotes "literal". The difference between these is that string literals in double quotes may contain variables with are evaluated at run-time as well as escape sequences.

String literals in single quotes on the other hand are evaluated very literally and the only two characters that needs escaping in the literal are the single quote itself (\') and the backslash (\\). Every other character is displayed as is.

Double quoted string literals may contain other variables or more complex escape sequences.

<?php

$singleQuoted = 'Value';
$doubleQuoted = "\tSingle is $singleQuoted";

print $doubleQuoted;

will print an indented: Single is Value

If your string literal does not contain variables or escape sequences, it should be defined using single quotes to make that fact clear.

For more information on PHP string literals and available escape sequences see the PHP core documentation.

Loading history...
790
        " . (int)$limit);
791
792
        return $query->rows;
793
    }
794
795
    public function getTotalIps($customer_id)
796
    {
797
        $query = $this->db->query("
798
            SELECT COUNT(*) AS total 
799
            FROM customer_ip 
800
            WHERE customer_id = '" . (int)$customer_id . "'
801
        ");
802
803
        return $query->row['total'];
804
    }
805
806
    public function getTotalCustomersByIp($ip)
807
    {
808
        $query = $this->db->query("
809
            SELECT COUNT(*) AS total 
810
            FROM customer_ip 
811
            WHERE ip = '" . $this->db->escape($ip) . "'
812
        ");
813
814
        return $query->row['total'];
815
    }
816
817
    public function getTotalLoginAttempts($email)
818
    {
819
        $query = $this->db->query("
820
            SELECT * 
821
            FROM `customer_login` 
822
            WHERE `email` = '" . $this->db->escape($email) . "'
823
        ");
824
825
        return $query->row;
826
    }
827
828
    public function deleteLoginAttempts($email)
829
    {
830
        $this->db->query("
831
            DELETE 
832
			FROM `customer_login` 
833
            WHERE `email` = '" . $this->db->escape($email) . "'
834
        ");
835
    }
836
}
837