work on checkout system

app/controller/checkout.php

@@ -22,7 +22,11 @@ class Checkout {
         if (is_object($folder)) {
             $folder = $f3->get('POST.datapath');
         }
+        if (!is_string($folder)) {
+            $folder = $f3->get('SESSION.checkout_folder');
+        }
         if (is_string($folder)) {
+            $f3->set('SESSION.checkout_folder', $folder);
             $this->DB = new \DB\SQL(sprintf("sqlite:%sdatabase.sqlite",$folder));
         }
         
@@ -72,7 +76,7 @@ class Checkout {
             $sak->id = $this->saksnummer;
             $sak->save();
         }
-        
+
         if ($sak->kContact === null) {
             $f3->reroute('/checkout/contact');
         }
@@ -106,6 +110,7 @@ class Checkout {
     }
     
     function place_order() {
+        // fails silently, producing potentially weird untrackable faults if more than 10000 orders happen on one day
         $info = new \DB\SQL\Mapper($this->DB,'info');
         for ($i=0;$i<9999;$i++) {
             $candidate = strval(sprintf('%s%04d',date('Ymd'),$i));
@@ -197,21 +202,29 @@ class Checkout {
         }
     }
     
+    /**
+     * buyer has approved all details and decided which payment method to use
+     */
     function buy() {
+        // set up environment
         $f3 = \Base::instance();
         $sak = new \DB\SQL\Mapper($this->DB,'saklist');
         $info = new \DB\SQL\Mapper($this->DB,'info');
         $contact = new \DB\SQL\Mapper($this->DB,'contacts');
         $sak->load(['id=?',$this->saksnummer]);
-        $datapath = $f3->get('POST.datapath');
+        //$datapath = $f3->get('POST.datapath');
         
+        // generate an order number 
         $sak->kInfo = $this->place_order();
         $sak->status = 1; // 1 := ordernumber is generated
         $sak->save();
         
+        // load data needed o finish transaction
         $info->load(['id=?',$sak->kInfo]);
         $contact->load(['id=?', $sak->kContact]);
-
+        
+        
+        // finish transaction
         switch ($f3->get('POST.payment')) {
         case 'transfer':
             $email = new Email();
@@ -227,12 +240,36 @@ class Checkout {
                 }
             break;
         case 'paypal':
+            $f3->set('SESSION.xss-token',$f3->get('POST.xss-token'));
+            $f3->reroute('/checkout/paypal');
+            break;
+        case 'approve':
+            $email = new Email();
+            $email->load_form_config($f3->get('SESSION.xss-token'));
+
+            if ($this->email_to_merchant() &&
+                $this->email_to_client($contact->email)) {
+                    $f3->set('SESSION',[]);
+                    header('Content-Type: application/json; charset=utf-8');
+                    echo json_encode(['redirect' => '/checkout/success']);
+                    die;
+                } else {
+                    header('Content-Type: application/json; charset=utf-8');
+                    echo json_encode(['redirect' => '/checkout/failure']);
+                    die;
+                }
+            break;
+        default:
+            $f3->set('POST.tesst',"asdasd");
+            header('Content-Type: application/json; charset=utf-8');
+            echo json_encode($_POST);
+            die;
             break;
         }
+        
     }
     
     function api(\Base $f3, $params) {
-
         $sak = new \DB\SQL\Mapper($this->DB,'saklist');
         if ($sak->load(['id=?',$this->saksnummer]) !== false) {
             switch ($params['method']) {
@@ -255,9 +292,21 @@ class Checkout {
                     $sak->status = $this->buy();
 //                     $sak->save();
 //                     $f3->reroute('/checkout/success');
+                    break;
+                case "paypalapprove":
+                    //$f3->set('POST.payment', 'approve');
+                    $sak->status = $this->buy();
+                    break;
                 default:
+                    header('Content-Type: application/json; charset=utf-8');
+                    echo json_encode(['test' => 2]);
+                    die;
                     break;
             }
+        } else {
+            header('Content-Type: application/json; charset=utf-8');
+            echo json_encode(['error' => "no saksnummer"]);
+            die;
         }
     }
     

app/modules/filesinfolders.php

@@ -10,7 +10,7 @@ class FilesInFolders {
     private $domains = array('default'=>'default');
     private $keyfiles = array();
     public $structs = array();
-    private $EXT=array(
+    public $EXT=array(
             'txt'=>array( 'txt', 'text', 'md' ),
             'pic'=>array( 'jpg', 'jpeg', 'png', 'svg' ),
             'tpl'=>array( 'html', 'htm' ),
@@ -765,7 +765,19 @@ class FilesInFolders {
                 break;
                 
             case 'checkout':
-                $checkout = new \Controller\Checkout($this->folder);
+                //first argument, if present, is a path to folder containing order database
+                $path = '';
+                if (count($request) > 1) {
+                    $add_path = $request[1];
+                    if (strncmp($add_path,"/",1)) {
+                        $path = $this->folder.$add_path;
+                    } else {
+                        $path = $add_path;
+                    }
+                } else {
+                    $path = $this->folder;
+                }
+                $checkout = new \Controller\Checkout($path);
                 $new = $checkout->index();
                 break;
             case 'only_cart':