fannie/modules/plugins2.0/UnfiInvoiceGrabber/UIGDownload.php
<?php
/*******************************************************************************
Copyright 2013 Whole Foods Co-op
This file is part of CORE-POS.
IT CORE is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 2 of the License, or
(at your option) any later version.
IT CORE is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
in the file license.txt along with IT CORE; if not, write to the Free Software
Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
*********************************************************************************/
class UIGDownload {} // plugin format compliance
if (php_sapi_name() === 'cli' && basename($_SERVER['PHP_SELF']) == basename(__FILE__)) {
include(dirname(__FILE__).'/../../../config.php');
if (!class_exists('FannieAPI')) {
include(__DIR__ . '/../../../classlib2.0/FannieAPI.php');
}
if (!class_exists('UIGLib')) {
include('UIGLib.php');
}
$dbc = FannieDB::get($FANNIE_OP_DB);
$UNFI_USERNAME = $FANNIE_PLUGIN_SETTINGS['UnfiInvoiceUser'];
$UNFI_PASSWORD = $FANNIE_PLUGIN_SETTINGS['UnfiInvoicePass'];
$LOGIN_URL = 'https://customers.unfi.com/_login/LoginPage/Login.aspx';
$IFRAME_DOMAIN = 'https://stsuser.unfi.com';
$HOME_URL = 'https://customers.unfi.com/_trust/pages/home.aspx';
$SESSION_URL = 'https://stsuser.unfi.com/default.aspx/GetSessionValue';
$INVOICE_URL = 'https://customers.unfi.com/Pages/ReportDetail.aspx?ReportID=41&ReportName=Invoices%20Download';
$REPORT_GEN_URL = 'https://customers.unfi.com/_layouts/15/UNFI.UPO.WP.DynamicReportParams/AjaxBridge.aspx/SaveReportParams';
$cookies = tempnam(sys_get_temp_dir(), 'cj_');
/**
Step 1:
Download the login page
*/
$ch = curl_init($LOGIN_URL);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_AUTOREFERER, true);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookies);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookies);
$login_page = curl_exec($ch);
curl_close($ch);
echo "Login (1/4)\n";
/**
Get hidden fields from login page
*/
$inputs_regex = '/<input .*?name="(.+?)" .*?value="(.*?)"/';
preg_match_all($inputs_regex, $login_page, $matches);
$login_post = '';
for($i=0; $i<count($matches[1]); $i++) {
$login_post .= $matches[1][$i] . '=' . urlencode($matches[2][$i]) . '&';
}
/**
add username and password
*/
$login_post .= 'userName='.urlencode($UNFI_USERNAME);
$login_post .= '&Password='.urlencode($UNFI_PASSWORD);
/**
POST login info back to login page
*/
$ch = curl_init($LOGIN_URL);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_AUTOREFERER, true);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookies);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookies);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $login_post);
curl_setopt($ch, CURLOPT_HEADER, true);
$body = curl_exec($ch);
$httpcode = curl_getinfo($ch, CURLINFO_HTTP_CODE);
$referer = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
curl_close($ch);
echo "Login (2/4)\n";
/**
Find iframes in the resulting page
Need to download the iframe which contains
a big XML token, the POST that token to
the home URL
Note:
The Referer header field is required when downloading
the iframe. If that header isn't set, you won't get a valid
result.
Posting the token to the home URL return an HTTP 403
and a page saying you need to login first. This is not
accurate. Subsequent requests will be logged in.
*/
$iframe_regex = '/<iframe .*src="(.*?)"/';
preg_match_all($iframe_regex, $body, $matches);
foreach($matches[1] as $url) {
$full_url = $IFRAME_DOMAIN . '/' . $url;
$ch = curl_init($full_url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_AUTOREFERER, true);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookies);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookies);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_REFERER, $referer);
$iframe = curl_exec($ch);
curl_close($ch);
echo "Login (3/4)\n";
preg_match_all($inputs_regex, $iframe, $matches);
$post_data = '';
for($i=0;$i<count($matches[1]);$i++) {
// complication; convert undo html encoding in the xml
// e.g., < and then reencode for url
// e.g., %3C
$post_data .= $matches[1][$i] . '=' . urlencode(htmlspecialchars_decode(($matches[2][$i])));
if ($i < count($matches[1])-1) {
$post_data .= '&';
}
}
$ch = curl_init($HOME_URL);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_AUTOREFERER, true);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookies);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookies);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, $post_data);
curl_setopt($ch, CURLOPT_REFERER, $full_url);
$body = curl_exec($ch);
$referer = curl_getinfo($ch, CURLINFO_EFFECTIVE_URL);
curl_close($ch);
echo "Login (4/4)\n";
}
/**
Requesting session value isn't necessary
Using a browser does this but I never get
a valid result when using the script and it
doesn't seem to matter.
$ch = curl_init($SESSION_URL);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookies);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookies);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_POST, true);
curl_setopt($ch, CURLOPT_POSTFIELDS, '');
$session_page = curl_exec($ch);
curl_close($ch);
*/
/**
Get invoice download page
*/
$ch = curl_init($INVOICE_URL);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookies);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookies);
$invoice_page = curl_exec($ch);
curl_close($ch);
echo "Getting available dates\n";
/**
Extract available dates
They're now embedded in javascript as JSON list
of objects instead of being in a <select> field
*/
$dates = array();
$json_regex = '/dataSource: (\[.*?\])/';
preg_match_all($json_regex, $invoice_page, $matches);
foreach($matches[1] as $match) {
$data = json_decode($match);
if (strtotime($data[0]->Text)) {
$dates = $data;
break;
}
}
/**
Extract inputs by id
They contain some useful information for the
actual downloads.
*/
$id_regex = '/<input .*?id="(.+?)" .*?value="(.*?)"/';
preg_match_all($id_regex, $invoice_page, $matches);
$inputs = array();
for($i=0; $i<count($matches[1]); $i++) {
$inputs[$matches[1][$i]] = $matches[2][$i];
}
// I think only this one needs to be decoded
$inputs['claims'] = json_decode(htmlspecialchars_decode($inputs['claims']));
$check = $dbc->prepare('SELECT orderID FROM PurchaseOrder WHERE vendorID=? and userID=0
AND creationDate=? AND placedDate=?');
foreach($dates as $date) {
$good_date = date('Y-m-d', strtotime($date->Text));
$doCheck = $dbc->execute($check, array(1, $good_date, $good_date));
$diff = time() - strtotime($date->Text);
$repeat = false;
if ($dbc->num_rows($doCheck) > 0 && $diff > (7 * 24 * 60 * 60)) {
echo "Skipping " . $date->Text . " (already imported)\n";
continue;
} else if ($dbc->num_rows($doCheck) > 0) {
echo "Redownloading " . $date->Text . "\n";
$repeat = true;
}
/**
POST a JSON value to request a particular report
The response will be a simple JSON object containing
the actual file URL.
{ "d" : "http://customer.unfi.com/path/to/file.zip" }
*/
$cv = 'CustomerNumber->>' . $inputs['hdnCustomerNumber'];
$cv .= '||InvoiceDate->>' . $date->Value;
$cv .= '||SelectedChain->>' . $inputs['hdnCustomerNumber'];
$cv .= '||Delimiter->>csv||Hyphen->>0';
$cv .= '||ReportPath->>' . $inputs['hdnReportPath'];
$json_request = array(
'ControlsAndValues' => $cv,
'ReportOptions' => 'zip',
'userID' => $inputs['claims']->UserId,
'reportID' => 41,
'customerNumber' => $inputs['hdnCustomerNumber'],
'emailAddress' => $inputs['claims']->EmailAddress,
'chainAccounts' => '',
'actionType' => 'Save',
);
// not sure if this is actually needed
// browser ends up with this cookie
$fp = fopen($cookies, 'a');
fwrite($fp, "customers.unfi.com\tFALSE\t/\tFALSE\t0]\tWSS_FullScreenMode\tfalse\n");
fclose($fp);
$ch = curl_init($REPORT_GEN_URL);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookies);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookies);
curl_setopt($ch, CURLOPT_REFERER, $INVOICE_URL);
curl_setopt($ch, CURLOPT_POST, true);
$json = json_encode($json_request);
$json = str_replace("\\", '', $json);
$json = str_replace('"reportID":41', '"reportID":"41"', $json);
curl_setopt($ch, CURLOPT_POSTFIELDS, $json);
// authorization is definitely needed; the rest may
// or may not be. Debugging took awhile
curl_setopt($ch, CURLOPT_HTTPHEADER,
array(
"Content-Type: application/json; charset=utf-8",
'Authorization: ' . $inputs['hfTokValidator'],
'X-Requested-With: XMLHttpRequest',
'Accept: application/json, text/javascript, */*; q=0.01',
'Accept-Language: en-US,en;q=0.5',
'User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:28.0) Gecko/20100101 Firefox/28.0',
'Pragma: no-cache',
'Cache-Control: no-cache',
)
);
$gen_report = curl_exec($ch);
curl_close($ch);
$response = json_decode($gen_report);
if ($response) {
echo "Downloading " . $date->Text . "...\n";
$filename = str_replace('/','-',$date->Text).'.zip';
$fp = fopen($filename, 'w');
$ch = curl_init($response->d);
curl_setopt($ch, CURLOPT_FILE, $fp);
curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, false);
curl_setopt($ch, CURLOPT_FOLLOWLOCATION, true);
curl_setopt($ch, CURLOPT_COOKIEFILE, $cookies);
curl_setopt($ch, CURLOPT_COOKIEJAR, $cookies);
$invoice_file = curl_exec($ch);
curl_close($ch);
fclose($fp);
echo "Importing invoices for " . $date->Text . "\n";
if (UIGLib::import($filename, $repeat) === true) {
unlink($filename);
} else {
echo "ERROR: IMPORT FAILED!\n";
}
}
// only download one day for now
// remove when done testing
//break;
// politeness; pause between requests
sleep(15);
}
/**
Cleanup: delete cookie file
*/
unlink($cookies);
}