Diff -- /var/www/vhosts/3dshawn.com/abforge.3dshawn.com/MODS/ABForge/Wrapper.pm
Diff

/var/www/vhosts/3dshawn.com/abforge.3dshawn.com/MODS/ABForge/Wrapper.pm

added on local at 2026-07-01 17:31:41

Added
+647
lines
Removed
-0
lines
Context
0
unchanged
Blobs
from
to eed365156a2e
Restore this content →
Unified diff
Naive LCS-based line diff. Additions in emerald, deletions in rose. Both sides decompressed live from BLOB_STORE.
1package MODS::ABForge::Wrapper;
2#======================================================================
3# ABForge — page wrapper.
4#
5# Renders the sidebar + topbar shell around a page's main content.
6# Uses MODS::Template for the shell template (abforge_wrapper.html
7# for logged-in pages, abforge_marketing.html for logged-out).
8#
9# Caller pattern:
10#
11# my $body = qq~ ...page body html... ~;
12# $wrap->render({
13# userinfo => $userinfo, # required for logged-in shell
14# page_key => 'dashboard', # marks the active sidebar item
15# title => 'Dashboard',
16# body => $body,
17# extra_js => ['/assets/javascript/graphs.js'], # optional
18# });
19#======================================================================
20
21use strict;
22use warnings;
23
24use MODS::Template;
25use MODS::DBConnect;
26use MODS::ABForge::Config;
27
28my $tfile = MODS::Template->new;
29my $config = MODS::ABForge::Config->new;
30my $db = MODS::DBConnect->new;
31
32# Sidebar nav: section headers + entries. Each entry has a key
33# matched against $page_key to set "active", an icon name (resolved
34# to inline SVG below), label, href, and optional badge.
35my @SIDEBAR = (
36 # ABForge is an experimentation + analytics platform (A/B + MVT +
37 # heatmaps + funnels). The sidebar reflects only the CGIs that
38 # actually exist for this product. The earlier e-commerce nav
39 # ("My Storefront / Models / Bundles / Fulfill Orders / ...") was
40 # leftover from the WebSTLs fork and pointed at CGIs this product
41 # never built; removed so users don't 404 click-by-click.
42 #
43 # Per-row gating attrs (all optional):
44 # feature = permission_features.slug -- hide row from team
45 # members who lack the slug. Owners always pass.
46 # owner_only = 1 -- only the account owner sees this row.
47 # admin_only = 1 -- hides from non-admin users entirely.
48 { section => 'Workspace' },
49 { key => 'dashboard', label => 'Overview', href => '/dashboard.cgi', icon => 'dashboard' },
50 { key => 'calendar', label => 'Calendar', href => '/calendar.cgi', icon => 'calendar' },
51 { key => 'sites', label => 'My Sites', href => '/sites.cgi', icon => 'storefront' },
52 { key => 'realtime', label => 'Real-time', href => '/realtime.cgi', icon => 'visitors' },
53
54 { section => 'Experiments' },
55 { key => 'experiments', label => 'A/B + MVT', href => '/experiments.cgi', icon => 'optimize' },
56 { key => 'heatmaps', label => 'Heatmaps', href => '/heatmaps.cgi', icon => 'analytics' },
57 { key => 'goals', label => 'Goals', href => '/goals.cgi', icon => 'promotions' },
58 { key => 'funnels', label => 'Funnels', href => '/funnels.cgi', icon => 'funnel' },
59
60 { section => 'Analytics' },
61 # Customer-facing traffic dashboard for the user's own site — the
62 # equivalent of what /admin_traffic.cgi is for us, but scoped to
63 # their storefront and their KPIs. Sister to Heatmaps + Sources +
64 # Devices + Geography below.
65 { key => 'analytics', label => 'Traffic Statistics',href => '/analytics.cgi', icon => 'dashboard' },
66 { key => 'pages', label => 'Pages', href => '/pages.cgi', icon => 'seo' },
67 { key => 'sources', label => 'Sources', href => '/sources.cgi', icon => 'analytics' },
68 { key => 'devices', label => 'Devices', href => '/devices.cgi', icon => 'analytics' },
69 { key => 'geo', label => 'Geography', href => '/geo.cgi', icon => 'visitors' },
70
71 # (Legacy "Messages" inbox section removed -- it was a WebSTLs-fork
72 # cross-platform comment aggregator and made no sense on an A/B + MVT
73 # + heatmaps platform. The admin support inbox lives in Admin >
74 # Support inbox below.)
75
76 # Help-section items (Tutorials, A/B & MVT tutorials, Product tour)
77 # live in the topbar Help-button dropdown, not the sidebar -- the
78 # dropdown is reachable from every page so help is always one click
79 # away without taking sidebar real estate. Source: abforge_wrapper.html.
80
81 { section => 'Account' },
82 { key => 'my_profile', label => 'My Profile', href => '/profile.cgi', icon => 'profile' },
83 { key => 'billing', label => 'Billing & Plan', href => '/billing.cgi', icon => 'billing', feature => 'manage_billing' },
84 { key => 'team', label => 'Team Members', href => '/team.cgi', icon => 'team', owner_only => 1 },
85 { key => 'preferences', label => 'Preferences', href => '/preferences.cgi', icon => 'settings' },
86
87 { section => 'Admin', admin_only => 1 },
88 { key => 'admin_earnings', label => 'Earnings & Expenses', href => '/admin_earnings.cgi', icon => 'billing', super_admin_only => 1, tip => 'Revenue from paid invoices + manual expense ledger. Net + margin. Date range with this-month default.' },
89 { key => 'admin_messages', label => 'Support inbox', href => '/admin_messages.cgi', icon => 'messages',
90 admin_only => 1, feature => 'admin_view_messages' }, { key => 'admin_companies', label => 'All Companies', href => '/admin_companies.cgi', icon => 'building', admin_only => 1 },
91
92 { key => 'admin_users', label => 'All Users', href => '/admin_users.cgi', icon => 'admin',
93 admin_only => 1, feature => 'admin_view_users' },
94
95 { key => 'admin_teams', label => 'Team Members', href => '/admin_teams.cgi', icon => 'team',
96 admin_only => 1 },
97 { key => 'admin_billing', label => 'User Billing', href => '/admin_billing.cgi', icon => 'billing',
98 admin_only => 1, feature => 'admin_view_billing' },
99 # Pricing & Promotions is one sidebar entry covering BOTH the
100 # billing-packages catalogue and the platform-wide promotions list.
101 # The two pages share a tab nav at the top so the user can switch
102 # between them; both set page_key='admin_packages' so this entry
103 # stays highlighted across either URL.
104 { key => 'admin_packages', label => 'Pricing & Promotions', href => '/admin_packages.cgi', icon => 'billing',
105 admin_only => 1, super_admin_only => 1 },
106 # Tax: rates + marketplace-facilitator collection policy. Visible
107 # to all admins, but only super-admins can save changes (the CGI
108 # gates the POST handlers). Separate from Pricing & Promotions
109 # because tax is platform-wide compliance, not seller-facing
110 # pricing.
111 { key => 'admin_tax', label => 'Tax', href => '/admin_tax.cgi', icon => 'billing',
112 admin_only => 1 },
113 { key => 'admin_seo', label => 'SEO', href => '/admin_seo.cgi', icon => 'seo',
114 admin_only => 1, feature => 'admin_view_seo' },
115 { key => 'admin_funnels', label => 'Conversion Funnel', href => '/admin_funnels.cgi', icon => 'funnel',
116 admin_only => 1 },
117 { key => 'admin_traffic', label => 'Traffic Reports', href => '/admin_traffic.cgi', icon => 'analytics',
118 admin_only => 1, tip => 'Where visitors are coming from + globe + per-country drill.' },
119 # Heatmaps now lives as a tab inside /admin_visitors.cgi (no
120 # separate sidebar entry). /admin_heatmap.cgi is still reachable
121 # at its direct URL and renders the same tab nav with Heatmaps
122 # highlighted.
123 { key => 'admin_chat', label => 'Chat', href => '/admin_chat.cgi', icon => 'chat',
124 admin_only => 1, feature => 'admin_chat' }, # Sandbox CCs for QA. Super-admin-only because a misused test card
125 # could be assigned to a real seller's account and silently
126 # "approve" their next charge. Staff with manage-billing get to see
127 # tests it; only the platform owner gets to create them.
128 { key => 'admin_test_cards', label => 'Test Credit Cards', href => '/admin_test_cards.cgi', icon => 'card',
129 admin_only => 1, super_admin_only => 1 },
130 { key => 'email_setup', label => 'Email Setup', href => '/admin_emails.cgi', icon => 'messages', admin_only => 1, super_admin_only => 1 },
131 # Platform-owner-only: edits Stripe keys / branding / email and
132 # other DB-backed settings. Regular admins do NOT see this row.
133 { key => 'admin_maintenance', label => 'Maintenance', href => '/admin_maintenance.cgi', icon => 'settings', super_admin_only => 1, tip => 'Lock the site for everyone except admins; edit the message users see while locked.' }, { key => 'admin_config', label => 'Configuration', href => '/admin_config.cgi', icon => 'settings',
134 admin_only => 1, super_admin_only => 1 },
135);
136
137sub new {
138 my ($class) = @_;
139 return bless({}, $class);
140}
141
142#----------------------------------------------------------------------
143# render(\%opts) — print the full page (Content-Type already sent
144# by the calling .cgi).
145#----------------------------------------------------------------------
146sub render {
147 my ($self, $opts) = @_;
148 $opts ||= {};
149
150 my $userinfo = $opts->{userinfo};
151 my $logged_in = $userinfo && $userinfo->{user_id} ? 1 : 0;
152
153 my $tvars = {
154 website_title => $config->settings('website_title'),
155 brand_name => $config->settings('brand_name'),
156 brand_tagline => $config->settings('brand_tagline'),
157 assets => $config->settings('assets'),
158 assets_css => $config->settings('assets_css'),
159 assets_js => $config->settings('assets_js'),
160 title => $opts->{title} || 'ABForge',
161 body => $opts->{body} || '',
162 extra_js => _format_scripts($opts->{extra_js}),
163 extra_css => _format_styles($opts->{extra_css}),
164 # SEO meta block (built below). Renders into abforge_wrapper.html
165 # / abforge_marketing.html at $meta_tags so every page emits a
166 # consistent <meta> set without each CGI having to know.
167 meta_tags => _build_meta_tags($opts),
168 };
169
170 if ($logged_in) {
171 $tvars->{user_id} = $userinfo->{user_id};
172 $tvars->{display_name} = $userinfo->{display_name};
173 $tvars->{email} = $userinfo->{email};
174 $tvars->{plan_tier} = ucfirst($userinfo->{plan_tier} || 'free');
175 $tvars->{initials} = _initials($userinfo->{display_name} || $userinfo->{email});
176
177 my $is_admin = $userinfo->{is_admin} || $userinfo->{_admin_is_admin} || 0;
178 $tvars->{is_admin} = $is_admin;
179 # Unread comments/reviews drive the red dot on the bell icon and
180 # the Messages entry in both menus. Querying once here so the
181 # sidebar builder + the topbar template both read the same number.
182 my $unread = _unread_messages_count($userinfo->{user_id}, $is_admin);
183 $tvars->{unread_messages_count} = $unread;
184 $tvars->{has_unread_messages} = $unread > 0 ? 1 : 0;
185 # Where the topbar Messages pill lands. Admins manage every
186 # storefront's tickets via the admin console; sellers only
187 # see their own threads at the customer-facing portal.
188 $tvars->{messages_href} = $is_admin ? '/admin_messages.cgi' : '/messages.cgi';
189 # Live chats awaiting an admin reply. Drives the topbar pill
190 # so admins can't miss a visitor mid-conversation no matter
191 # what page they're on. Pill always renders for admins; the
192 # idle (blue) vs waiting (green/pulsing) state is gated on
193 # count. Clicking the waiting pill jumps straight to the
194 # longest-waiting chat so admins skip the console list.
195 my $chat_data = $is_admin ? _pending_chats_data() : { n => 0, first_id => 0 };
196 $tvars->{admin_chats_pending} = $chat_data->{n};
197 $tvars->{has_admin_chats_pending} = $chat_data->{n} > 0 ? 1 : 0;
198 $tvars->{admin_chats_first_id} = $chat_data->{first_id} || 0;
199 $tvars->{admin_chats_href} = $chat_data->{first_id}
200 ? "/admin_chat.cgi?chat=$chat_data->{first_id}"
201 : '/admin_chat.cgi';
202 $tvars->{sidebar} = _build_sidebar($opts->{page_key} || '', $is_admin, $unread, $userinfo);
203 $tvars->{dropdown_links} = _build_dropdown_links($is_admin, $unread, $userinfo);
204 $tvars->{impersonation_banner} = _impersonation_banner($userinfo);
205
206 # Per-user sidebar pref: applied as a class on <html> so the
207 # final layout is in place on first paint (no flash). Guarded
208 # against the user_settings.sidebar_collapsed column not having
209 # been added yet -- a missing-column SELECT would 500 the page.
210 my ($collapsed, $mobile_open) = _sidebar_pref($userinfo->{user_id});
211 my @cls;
212 push @cls, 'sidebar-collapsed' if $collapsed;
213 push @cls, 'mobile-nav-open' if $mobile_open;
214 $tvars->{html_class} = join(' ', @cls);
215 }
216
217 # Heatmap-view mode: when /admin_heatmap.cgi loads a page in its
218 # preview iframe it appends `heatmap_view=1` to the URL. We render
219 # that request as if the visitor were logged OUT so the DOM
220 # matches exactly what a real visitor saw -- otherwise the admin
221 # session would inject the studio sidebar wrapper and every stored
222 # selector would resolve to a different element. We also suppress
223 # track.js so the admin's preview clicks don't pollute analytics.
224 my $heatmap_view = ($ENV{QUERY_STRING} || '') =~ /(?:^|&)heatmap_view=1(?:&|$)/ ? 1 : 0;
225 $tvars->{heatmap_view} = $heatmap_view;
226
227 # Tutorial-embed mode: a [frame:/url] block inside a tutorial body
228 # loads the target URL in an iframe with ?tut_embed=1 appended. We
229 # strip the sidebar/topbar (same as heatmap_view does) so the
230 # iframe shows just the page content, not the whole studio shell.
231 my $tut_embed = ($ENV{QUERY_STRING} || '') =~ /(?:^|&)tut_embed=1(?:&|$)/ ? 1 : 0;
232 $tvars->{tut_embed} = $tut_embed;
233
234 my $template_file = ($logged_in && !$heatmap_view && !$tut_embed)
235 ? 'abforge_wrapper.html'
236 : 'abforge_marketing.html';
237
238 my @html = $tfile->template($template_file, $tvars, $userinfo);
239 print "@html";
240 return;
241}
242
243#======================================================================
244# Helpers
245#======================================================================
246
247sub _initials {
248 my ($name) = @_;
249 return '?' unless $name;
250 my @parts = split /[\s\@\.]+/, $name;
251 my $i = '';
252 $i .= uc(substr($parts[0], 0, 1)) if $parts[0];
253 $i .= uc(substr($parts[1], 0, 1)) if $parts[1];
254 return $i || uc(substr($name, 0, 1));
255}
256
257sub _format_scripts {
258 my ($list) = @_;
259 return '' unless $list && ref($list) eq 'ARRAY';
260 return join("\n", map { qq~<script src="$_"></script>~ } @$list);
261}
262
263sub _format_styles {
264 my ($list) = @_;
265 return '' unless $list && ref($list) eq 'ARRAY';
266 return join("\n", map { qq~<link rel="stylesheet" href="$_">~ } @$list);
267}
268
269# Cache the column-existence check so we don't run information_schema
270# on every page load. Under plain CGI this only saves work within a
271# single request; under FCGI/mod_perl it survives across requests.
272our $_sidebar_col_checked;
273our $_sidebar_col_exists;
274
275# Returns ($collapsed, $mobile_open) for the user's sidebar prefs.
276# Both default to 0 (expanded desktop, closed mobile drawer) when no
277# row exists or the migration columns are missing. sidebar_mobile_open
278# was added in a later migration so we guard for its absence.
279sub _sidebar_pref {
280 my ($user_id) = @_;
281 return (0, 0) unless $user_id;
282 $user_id =~ s/[^0-9]//g;
283 return (0, 0) unless $user_id;
284
285 my $DB = $config->settings('database_name');
286 my $dbh = $db->db_connect();
287 return (0, 0) unless $dbh;
288
289 unless ($_sidebar_col_checked) {
290 my $r = $db->db_readwrite($dbh, qq~
291 SELECT COUNT(*) AS n FROM information_schema.columns
292 WHERE table_schema='$DB'
293 AND table_name='user_settings'
294 AND column_name='sidebar_collapsed'
295 ~, $ENV{SCRIPT_NAME}, __LINE__);
296 $_sidebar_col_exists = ($r && $r->{n}) ? 1 : 0;
297 $_sidebar_col_checked = 1;
298 }
299
300 unless ($_sidebar_col_exists) {
301 $db->db_disconnect($dbh);
302 return (0, 0);
303 }
304
305 # Probe the optional mobile column (cheap, cached per-request).
306 my $mob_check = $db->db_readwrite($dbh, qq~
307 SELECT COUNT(*) AS n FROM information_schema.columns
308 WHERE table_schema='$DB'
309 AND table_name='user_settings'
310 AND column_name='sidebar_mobile_open'
311 ~, $ENV{SCRIPT_NAME}, __LINE__);
312 my $mob_extra = ($mob_check && $mob_check->{n}) ? ', sidebar_mobile_open' : '';
313
314 my $r = $db->db_readwrite($dbh, qq~
315 SELECT sidebar_collapsed$mob_extra
316 FROM `${DB}`.user_settings
317 WHERE user_id='$user_id'
318 LIMIT 1
319 ~, $ENV{SCRIPT_NAME}, __LINE__);
320 $db->db_disconnect($dbh);
321
322 my $collapsed = ($r && $r->{sidebar_collapsed}) ? 1 : 0;
323 my $mobile_open = ($r && $r->{sidebar_mobile_open}) ? 1 : 0;
324 return ($collapsed, $mobile_open);
325}
326
327
328sub _build_sidebar {
329 my ($active_key, $is_admin, $unread_messages, $userinfo) = @_;
330 $unread_messages ||= 0;
331 my $html = '';
332 my $pending_section; # buffered header; emitted when a child row gets through
333 my $is_team_member = ($userinfo && $userinfo->{owner_user_id}) ? 1 : 0;
334
335 foreach my $row (@SIDEBAR) {
336 # Admin entries (links AND section headers) are gated -- sellers
337 # must never see them. Hide the rows entirely (not just disable)
338 # so the page keys do not leak in HTML for non-admins to find.
339 next if $row->{admin_only} && !$is_admin;
340
341 if ($row->{section}) {
342 # Buffer the header; we only commit it once a visible child
343 # follows. Prevents dangling "Reporting" labels when every
344 # child is hidden by role.
345 $pending_section = $row->{section};
346 next;
347 }
348
349 # owner_only rows are visible only to the actual account owner
350 # (billing, team management, ...). Team members and impersonated
351 # admins are blocked here so the menu cannot leak them.
352 next if $row->{owner_only} && $is_team_member;
353
354 # super_admin_only rows are visible only to the platform owner
355 # (users.is_super_admin=1). Regular admins managing users / billing
356 # still see all the other admin rows but never this one.
357 if ($row->{super_admin_only}) {
358 require MODS::ABForge::Permissions;
359 next unless MODS::ABForge::Permissions->new->is_super_admin($userinfo);
360 }
361
362 # feature gate: skip if user lacks the slug. _has_user_feature
363 # short-circuits for owners (NULL permission_groups_id).
364 next if $row->{feature} && !_has_user_feature($userinfo, $row->{feature});
365
366 if (defined $pending_section) {
367 $html .= qq~<div class="sidebar-section-label">$pending_section</div>\n~;
368 $pending_section = undef;
369 }
370
371 my $cls = ($row->{key} eq $active_key) ? 'sidebar-link active' : 'sidebar-link';
372 my $svg = _icon($row->{icon});
373 my $badge = $row->{badge} ? qq~<span class="badge">$row->{badge}</span>~ : '';
374 # Live unread dot on the Messages row only -- the dot is omitted
375 # when there are zero unread comments/reviews so the navigation
376 # never shows a permanent "alert" indicator.
377 my $unread_dot = '';
378 if ($row->{key} && $row->{key} eq 'messages' && $unread_messages > 0) {
379 $unread_dot = qq~<span class="menu-dot" title="$unread_messages unread"></span>~;
380 }
381 $html .= qq~<a class="$cls" href="$row->{href}">$svg<span>$row->{label}</span>$unread_dot$badge</a>\n~;
382 }
383 return $html;
384}
385
386# Build the profile-dropdown links from the SAME @SIDEBAR data the
387# left sidebar uses. This guarantees the two menus stay in lockstep
388# whenever items are added / renamed / removed -- never hand-edit the
389# dropdown HTML directly. Section headers become <div class="profile-
390# dropdown-section">, divider rows are inserted before each section
391# (except the first), and admin-only items get the .profile-admin
392# class so they render in the admin red/orange accent like before.
393sub _build_dropdown_links {
394 my ($is_admin, $unread_messages, $userinfo) = @_;
395 $unread_messages ||= 0;
396 my $html = '';
397 my $emitted_first_section = 0;
398 my $pending_section;
399 my $pending_divider = 0;
400 my $is_team_member = ($userinfo && $userinfo->{owner_user_id}) ? 1 : 0;
401
402 foreach my $row (@SIDEBAR) {
403 next if $row->{admin_only} && !$is_admin;
404
405 if ($row->{section}) {
406 # Buffer the header + its divider; emit only when a child
407 # row gets through. Otherwise the dropdown shows lone
408 # "Reporting" headers with nothing under them.
409 $pending_section = $row->{section};
410 $pending_divider = $emitted_first_section ? 1 : 0;
411 next;
412 }
413
414 next if $row->{owner_only} && $is_team_member;
415 if ($row->{super_admin_only}) {
416 require MODS::ABForge::Permissions;
417 next unless MODS::ABForge::Permissions->new->is_super_admin($userinfo);
418 }
419 next if $row->{feature} && !_has_user_feature($userinfo, $row->{feature});
420
421 if (defined $pending_section) {
422 $html .= qq~<div class="profile-dropdown-divider"></div>\n~ if $pending_divider;
423 $html .= qq~<div class="profile-dropdown-section">$pending_section</div>\n~;
424 $emitted_first_section = 1;
425 $pending_section = undef;
426 $pending_divider = 0;
427 }
428
429 my $svg = _icon($row->{icon});
430 my $admin_c = $row->{admin_only} ? ' class="profile-admin"' : '';
431 my $unread_dot = '';
432 if ($row->{key} && $row->{key} eq 'messages' && $unread_messages > 0) {
433 $unread_dot = qq~<span class="menu-dot" style="margin-left:auto" title="$unread_messages unread"></span>~;
434 }
435 $html .= qq~<a href="$row->{href}"$admin_c><span class="dropdown-icon">$svg</span> $row->{label}$unread_dot</a>\n~;
436 }
437 return $html;
438}
439
440# Thin wrapper around MODS::ABForge::Permissions->has_feature so the
441# sidebar builders stay decoupled from the module loader. Loaded once.
442my $_perm_singleton;
443sub _has_user_feature {
444 my ($userinfo, $slug) = @_;
445 return 1 unless $slug;
446 return 0 unless $userinfo;
447 # Owner / unconstrained: skip the DB trip
448 return 1 if !defined($userinfo->{permission_groups_id}) || $userinfo->{permission_groups_id} eq '';
449 if (!$_perm_singleton) {
450 return 1 unless eval { require MODS::ABForge::Permissions; 1 };
451 $_perm_singleton = MODS::ABForge::Permissions->new;
452 }
453 return $_perm_singleton->has_feature($userinfo, $slug);
454}
455
456# Count rows that should drive the unread indicator on the Messages
457# nav entry + the topbar bell. Same query as messages.cgi count_unread,
458# guarded against the table not existing yet on early-adopter installs.
459sub _unread_messages_count {
460 my ($uid, $is_admin) = @_;
461 return 0 unless $uid;
462 $uid =~ s/[^0-9]//g;
463 return 0 unless $uid;
464
465 require MODS::DBConnect;
466 my $db = MODS::DBConnect->new;
467 my $DB = $config->settings('database_name');
468 my $dbh = $db->db_connect();
469 return 0 unless $dbh;
470
471 my $total = 0;
472
473 # 1) Comments / reviews on the user's models. Guarded so a pre-
474 # migration deploy can't 500 the topbar.
475 my $have_ec = $db->db_readwrite($dbh, qq~
476 SELECT COUNT(*) AS n FROM information_schema.tables
477 WHERE table_schema='$DB' AND table_name='external_comments'
478 ~, $ENV{SCRIPT_NAME}, __LINE__);
479 if ($have_ec && $have_ec->{n}) {
480 my $r = $db->db_readwrite($dbh, qq~
481 SELECT COUNT(*) AS n FROM `${DB}`.external_comments
482 WHERE user_id='$uid' AND status='new' AND is_reply=0
483 ~, $ENV{SCRIPT_NAME}, __LINE__);
484 $total += ($r && $r->{n}) ? $r->{n} : 0;
485 }
486
487 # 2) Support tickets / help threads. Admins count threads where
488 # admin_unread > 0 (anyone's ticket needing reply); regular
489 # users count their own threads where customer_unread > 0 (a
490 # reply from admin they haven't read yet). This is what makes
491 # a fresh help request light up the Messages pill.
492 my $have_st = $db->db_readwrite($dbh, qq~
493 SELECT COUNT(*) AS n FROM information_schema.tables
494 WHERE table_schema='$DB' AND table_name='support_threads'
495 ~, $ENV{SCRIPT_NAME}, __LINE__);
496 if ($have_st && $have_st->{n}) {
497 my $sql = $is_admin
498 ? qq~SELECT COUNT(*) AS n FROM `${DB}`.support_threads WHERE admin_unread > 0~
499 : qq~SELECT COUNT(*) AS n FROM `${DB}`.support_threads WHERE customer_user_id='$uid' AND customer_unread > 0~;
500 my $r = $db->db_readwrite($dbh, $sql, $ENV{SCRIPT_NAME}, __LINE__);
501 $total += ($r && $r->{n}) ? $r->{n} : 0;
502 }
503
504 $db->db_disconnect($dbh);
505 return $total;
506}
507
508# Open visitor chats with at least one unread message for the admin.
509# Drives both the topbar pill state (idle/waiting) and its click
510# target (jump direct to the longest-waiting chat). Table existence
511# is guarded via information_schema so pre-migration deploys can't
512# 500 the wrapper. Returns { n => count, first_id => oldest_pending_chat_id }.
513sub _pending_chats_data {
514 require MODS::DBConnect;
515 my $db = MODS::DBConnect->new;
516 my $DB = $config->settings('database_name');
517 my $dbh = $db->db_connect();
518 return { n => 0, first_id => 0 } unless $dbh;
519 my $have = $db->db_readwrite($dbh, qq~
520 SELECT COUNT(*) AS n FROM information_schema.tables
521 WHERE table_schema='$DB' AND table_name='support_chats'
522 ~, $ENV{SCRIPT_NAME}, __LINE__);
523 unless ($have && $have->{n}) {
524 $db->db_disconnect($dbh);
525 return { n => 0, first_id => 0 };
526 }
527 # ORDER BY last_message_at ASC -- oldest unread first. Sending an
528 # admin to the chat that has been waiting longest is the most
529 # courteous default; if they want a different one they can use
530 # the console list as normal.
531 my @rows = $db->db_readwrite_multiple($dbh, qq~
532 SELECT id FROM `${DB}`.support_chats
533 WHERE status = 'open'
534 AND unread_for_admin > 0
535 ORDER BY last_message_at ASC
536 ~, $ENV{SCRIPT_NAME}, __LINE__);
537 $db->db_disconnect($dbh);
538 return {
539 n => scalar(@rows),
540 first_id => scalar(@rows) ? ($rows[0]->{id} + 0) : 0,
541 };
542}
543
544# Banner shown across the top of every authenticated page WHILE an
545# admin is impersonating another user. The "Stop" link is a POST to
546# /admin_action.cgi (form, not GET) so accidental link-followers can't
547# end an impersonation by sharing a URL.
548sub _impersonation_banner {
549 my ($userinfo) = @_;
550 return '' unless $userinfo && $userinfo->{_impersonating};
551
552 my $target_email = _html_escape($userinfo->{email} || '');
553 my $target_name = _html_escape($userinfo->{display_name} || $target_email);
554 my $admin_email = _html_escape($userinfo->{_admin_email} || '');
555
556 return qq~
557<div class="impersonation-banner">
558 <div class="impersonation-banner-msg">
559 <svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" width="16" height="16"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10Z"/></svg>
560 <span><strong>Acting as</strong> $target_name &lt;$target_email&gt; &middot; admin: $admin_email</span>
561 </div>
562 <form method="POST" action="/admin_action.cgi" class="impersonation-banner-form">
563 <input type="hidden" name="act" value="stop_impersonation">
564 <button type="submit" class="impersonation-banner-stop">Stop &amp; return to admin</button>
565 </form>
566</div>
567~;
568}
569
570sub _html_escape {
571 my ($s) = @_;
572 return '' unless defined $s;
573 $s =~ s/&/&amp;/g;
574 $s =~ s/</&lt;/g;
575 $s =~ s/>/&gt;/g;
576 $s =~ s/"/&quot;/g;
577 $s =~ s/'/&#39;/g;
578 return $s;
579}
580
581# Inline SVG icon library — keeps the wrapper independent of any
582# external icon font / file. All icons are 24x24, stroke-based.
583my %ICONS = (
584 dashboard => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="3" y="3" width="7" height="9" rx="1"/><rect x="14" y="3" width="7" height="5" rx="1"/><rect x="14" y="12" width="7" height="9" rx="1"/><rect x="3" y="16" width="7" height="5" rx="1"/></svg>',
585 models => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M12 2 3 7v10l9 5 9-5V7l-9-5Z"/><path d="m3 7 9 5 9-5"/><path d="M12 22V12"/></svg>',
586 upload => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M21 15v4a2 2 0 0 1-2 2H5a2 2 0 0 1-2-2v-4"/><polyline points="17 8 12 3 7 8"/><line x1="12" y1="3" x2="12" y2="15"/></svg>',
587 storefront => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="m3 9 1-5h16l1 5"/><path d="M5 9v11a1 1 0 0 0 1 1h12a1 1 0 0 0 1-1V9"/><path d="M9 21V13h6v8"/></svg>',
588 audience => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M17 21v-2a4 4 0 0 0-4-4H5a4 4 0 0 0-4 4v2"/><circle cx="9" cy="7" r="4"/><path d="M23 21v-2a4 4 0 0 0-3-3.87"/><path d="M16 3.13a4 4 0 0 1 0 7.75"/></svg>',
589 messages => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M21 15a2 2 0 0 1-2 2H7l-4 4V5a2 2 0 0 1 2-2h14a2 2 0 0 1 2 2Z"/></svg>',
590 funnel => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2" stroke-linecap="round" stroke-linejoin="round"><path d="M22 3H2l8 9.46V19l4 2v-8.54L22 3z"/></svg>',
591 analytics => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M3 3v18h18"/><path d="m7 14 4-4 4 4 5-5"/></svg>',
592 optimize => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M22 12h-4l-3 9L9 3l-3 9H2"/></svg>',
593 settings => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><circle cx="12" cy="12" r="3"/><path d="M19.4 15a1.65 1.65 0 0 0 .33 1.82l.06.06a2 2 0 1 1-2.83 2.83l-.06-.06a1.65 1.65 0 0 0-1.82-.33 1.65 1.65 0 0 0-1 1.51V21a2 2 0 1 1-4 0v-.09a1.65 1.65 0 0 0-1-1.51 1.65 1.65 0 0 0-1.82.33l-.06.06a2 2 0 1 1-2.83-2.83l.06-.06a1.65 1.65 0 0 0 .33-1.82 1.65 1.65 0 0 0-1.51-1H3a2 2 0 1 1 0-4h.09a1.65 1.65 0 0 0 1.51-1 1.65 1.65 0 0 0-.33-1.82l-.06-.06a2 2 0 1 1 2.83-2.83l.06.06a1.65 1.65 0 0 0 1.82.33 1.65 1.65 0 0 0 1-1.51V3a2 2 0 1 1 4 0v.09a1.65 1.65 0 0 0 1 1.51 1.65 1.65 0 0 0 1.82-.33l.06-.06a2 2 0 1 1 2.83 2.83l-.06.06a1.65 1.65 0 0 0-.33 1.82v0a1.65 1.65 0 0 0 1.51 1H21a2 2 0 1 1 0 4h-.09a1.65 1.65 0 0 0-1.51 1Z"/></svg>',
594 building => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="3" y="2" width="18" height="20" rx="2"/><path d="M9 22V12h6v10"/><path d="M9 6h.01"/><path d="M9 10h.01"/><path d="M15 6h.01"/><path d="M15 10h.01"/></svg>',
595 calendar => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="3" y="4" width="18" height="18" rx="2"/><line x1="16" y1="2" x2="16" y2="6"/><line x1="8" y1="2" x2="8" y2="6"/><line x1="3" y1="10" x2="21" y2="10"/></svg>',
596 clock => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><circle cx="12" cy="12" r="10"/><polyline points="12 6 12 12 16 14"/></svg>',
597 admin => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M12 22s8-4 8-10V5l-8-3-8 3v7c0 6 8 10 8 10Z"/><path d="m9 12 2 2 4-4"/></svg>',
598 billing => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="2" y="5" width="20" height="14" rx="2"/><line x1="2" y1="10" x2="22" y2="10"/><line x1="6" y1="15" x2="10" y2="15"/></svg>',
599 promotions => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M20.59 13.41 13.42 20.58a2 2 0 0 1-2.83 0L2 12V2h10l8.59 8.59a2 2 0 0 1 0 2.82z"/><line x1="7" y1="7" x2="7.01" y2="7"/></svg>',
600 profile => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M20 21v-2a4 4 0 0 0-4-4H8a4 4 0 0 0-4 4v2"/><circle cx="12" cy="7" r="4"/></svg>',
601 seo => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><circle cx="11" cy="11" r="7"/><path d="m21 21-4.3-4.3"/><path d="M7 11h8"/><path d="M11 7v8"/></svg>',
602 visitors => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M1 12s4-7 11-7 11 7 11 7-4 7-11 7-11-7-11-7Z"/><circle cx="12" cy="12" r="3"/></svg>',
603 chat => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M21 15a2 2 0 0 1-2 2H7l-4 4V5a2 2 0 0 1 2-2h14a2 2 0 0 1 2 2Z"/></svg>',
604 welcome => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M3 12 12 3l9 9"/><path d="M5 10v10a1 1 0 0 0 1 1h4v-6h4v6h4a1 1 0 0 0 1-1V10"/></svg>',
605 heatmap => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><circle cx="8" cy="9" r="3"/><circle cx="16" cy="14" r="4"/><circle cx="10" cy="17" r="2"/><rect x="2" y="2" width="20" height="20" rx="2"/></svg>',
606 team => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><path d="M17 21v-2a4 4 0 0 0-4-4H5a4 4 0 0 0-4 4v2"/><circle cx="9" cy="7" r="4"/><path d="M23 21v-2a4 4 0 0 0-3-3.87"/><path d="M16 3.13a4 4 0 0 1 0 7.75"/></svg>',
607 card => '<svg viewBox="0 0 24 24" fill="none" stroke="currentColor" stroke-width="2"><rect x="2" y="5" width="20" height="14" rx="2"/><line x1="2" y1="10" x2="22" y2="10"/><line x1="6" y1="15" x2="10" y2="15"/><line x1="14" y1="15" x2="18" y2="15"/></svg>',
608);
609
610sub _icon {
611 my ($name) = @_;
612 return $ICONS{$name} || '';
613}
614
615# Build the <meta> block injected into every page's <head>. Pulls
616# platform defaults from platform_settings, and if the caller passed
617# opts->{storefront} (e.g. /store.cgi), layers the per-storefront SEO
618# row over the top. Cached per-request via $_meta_cache so repeated
619# calls in one CGI don't re-query.
620our $_meta_cache;
621sub _build_meta_tags {
622 my ($opts) = @_;
623 return '' unless $opts;
624
625 require MODS::DBConnect;
626 require MODS::ABForge::SEO;
627 my $db = MODS::DBConnect->new;
628 my $seo = MODS::ABForge::SEO->new;
629 my $DB = $config->settings('database_name');
630 my $dbh = $db->db_connect();
631 return '' unless $dbh;
632
633 my $platform = $seo->get_platform_settings($db, $dbh, $DB);
634 my $store = $opts->{storefront} || {};
635
636 my $tags = $seo->render_tags(
637 platform => $platform,
638 storefront => $store,
639 page_title => $opts->{title} || '',
640 request_url => $opts->{canonical_url} || '',
641 );
642
643 $db->db_disconnect($dbh);
644 return $tags;
645}
646
6471;
Keyboard: j next diff k previous diff g top G bottom r restore c compile-check ? help