pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Hardening

Browse Source
This commit is contained in:
“VeLiTi”
2025-08-20 19:24:03 +02:00
parent 41200633cb
commit 010b23b0e5
19 changed files with 1358 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

50
api/v2/post/dealers.php
View File

@@ -3,16 +3,17 @@ defined($security_key) or exit;
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
//------------------------------------------
// dealers
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//CHECK IF REQUEST IS FROM DEALERFINDER
if(isset($post_content['bounds'])){
//++++++++++++++++++++++
@@ -194,6 +195,8 @@ elseif(isset($post_content['dealerfinder'])){
}
//CHECK ALL THE POSTED ITEMS
//CHECK ALL THE POSTED ITEMS
$orderByParts = [];
foreach ($post_content as $key => $value){
//GET FILTER CRITERIA
if ($key !='submit' && $key !='city' && $key !='range' && $key !='lat' && $key !='lng' && $value !='C'){
@@ -204,80 +207,75 @@ elseif(isset($post_content['dealerfinder'])){
//check value returned and include SQL
switch ($value) {
case '1':
$sql .= 'case when d.'.$key.' = 1 then 1 else 0 end +';
$orderByParts[] = 'case when d.'.$key.' = 1 then 1 else 0 end';
break;
case '0':
$sql .= 'case when d.'.$key.' = 0 then 1 else 0 end +';
$orderByParts[] = 'case when d.'.$key.' = 0 then 1 else 0 end';
break;
}
//------------------------------------
break;
case ($field_question_2 ?? 'showroom_quality'): //showroom_quality
//check value returned and include SQL
switch ($value) {
case '2':
$sql .= 'case when d.'.$key.' = 2 then 1 else 0 end +';
$orderByParts[] = 'case when d.'.$key.' = 2 then 1 else 0 end';
break;
case '1':
$sql .= 'case when d.'.$key.' = 1 then 1 else 0 end +';
$orderByParts[] = 'case when d.'.$key.' = 1 then 1 else 0 end';
break;
case '0':
$sql .= 'case when d.'.$key.' = 0 then 1 else 0 end +';
$orderByParts[] = 'case when d.'.$key.' = 0 then 1 else 0 end';
break;
}
//------------------------------------
break;
case ($field_question_3 ?? 'showroom_size'): //showroom_size
//check value returned and include SQL
switch ($value) {
case '2':
$sql .= 'case when d.'.$key.' = 2 then 1 else 0 end +';
$orderByParts[] = 'case when d.'.$key.' = 2 then 1 else 0 end';
break;
case '1':
$sql .= 'case when d.'.$key.' = 1 then 1 else 0 end +';
$orderByParts[] = 'case when d.'.$key.' = 1 then 1 else 0 end';
break;
case '0':
$sql .= 'case when d.'.$key.' = 0 then 1 else 0 end +';
$orderByParts[] = 'case when d.'.$key.' = 0 then 1 else 0 end';
break;
}
//------------------------------------
break;
case ($field_question_4 ?? 'brand_category'): //brand_category
//check value returned and include SQL
switch ($value) {
case '2':
$sql .= 'case when d.'.$key.' = 2 then 1 else 0 end +';
$orderByParts[] = 'case when d.'.$key.' = 2 then 1 else 0 end';
break;
case '1':
$sql .= 'case when d.'.$key.' = 1 then 1 else 0 end +';
$orderByParts[] = 'case when d.'.$key.' = 1 then 1 else 0 end';
break;
case '0':
$sql .= 'case when d.'.$key.' = 0 then 1 else 0 end +';
$orderByParts[] = 'case when d.'.$key.' = 0 then 1 else 0 end';
break;
}
//------------------------------------
break;
}
}
}
//Replace LAST J
$sql = removeTrailingElement($sql, ',');
//REPLACE LAST + with DESC
$sql = removeTrailingElement($sql, '+').' desc limit 0,4';
// Build the final ORDER BY clause
if (!empty($orderByParts)) {
// If we have filter criteria, order by the sum of matching criteria descending
$sql .= '(' . implode(' + ', $orderByParts) . ') desc limit 0,4';
} else {
// If no criteria (all "C" values), just order by name or some default
$sql .= 'd.name asc limit 0,4';
}
//Prepare statement
$stmt = $pdo->prepare($sql);