pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Hardening

Browse Source
This commit is contained in:
“VeLiTi”
2025-08-20 19:24:03 +02:00
parent 41200633cb
commit 010b23b0e5
19 changed files with 1358 additions and 59 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
.DS_Store vendored
View File

Binary file not shown.

BIN
api/.DS_Store vendored
View File

Binary file not shown.

BIN
api/v0/.DS_Store vendored
View File

Binary file not shown.

4
api/v0/authorization.php
View File

@@ -60,12 +60,12 @@ if (!empty($username) && !empty($password)) {
} }
else else
{ {
http_response_code(203); http_response_code(403);
} }
} }
} }
else { else {
http_response_code(203); http_response_code(403);
} }
$conn->close(); $conn->close();
} }

BIN
api/v1/.DS_Store vendored
View File

Binary file not shown.

3
api/v1/get/application.php
View File

@@ -188,7 +188,8 @@ switch ($action) {
break; break;
case 'report_usage_servicereports': case 'report_usage_servicereports':
$sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM equipment_history h LEFT JOIN equipment e ON h.equipmentid = e.rowID where h.type = "ServiceReport" AND NOT e.productrowid = "31" GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)'; $exclusion = ' AND NOT e.serialnumber = "22050695" AND NOT e.serialnumber = "22020439" AND NOT e.serialnumber = "23060550" AND NOT e.serialnumber = "22020444" ';
$sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM equipment_history h LEFT JOIN equipment e ON h.equipmentid = e.rowID where h.type = "ServiceReport" AND NOT e.productrowid = "31" '.$exclusion.' GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)';
break; break;
case 'contract_usage_servicereports': case 'contract_usage_servicereports':

2
api/v1/get/history.php
View File

@@ -68,7 +68,7 @@ if(isset($get_content) && $get_content!=''){
//Filter out only relevant servicereports //Filter out only relevant servicereports
$filter_key_1 = '"%serialnumber%"'; $filter_key_1 = '"%serialnumber%"';
$filter_key_2 = '"ServiceReport"'; $filter_key_2 = '"ServiceReport"';
$clause .= ' AND h.type = '.$filter_key_2.' AND h.description like '.$filter_key_1; $clause .= ' AND h.type = '.$filter_key_2.' AND e.productrowid = "31" AND h.description like '.$filter_key_1;
} }
else {//create clause else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0]; $clause .= ' AND '.$v[0].' = :'.$v[0];

BIN
api/v2/.DS_Store vendored Normal file
View File

Binary file not shown.

3
api/v2/get/catalog.php
View File

@@ -80,12 +80,15 @@ foreach ($products as $product) {
$version_configurations = []; $version_configurations = [];
foreach ($product_config as $item) { foreach ($product_config as $item) {
if ($item['productrowid'] == $product['rowID']) { if ($item['productrowid'] == $product['rowID']) {
// Initialize version array if it doesn't exist // Initialize version array if it doesn't exist
if (!isset($version_configurations[$item['version']])) { if (!isset($version_configurations[$item['version']])) {
$version_configurations[$item['version']] = [ $version_configurations[$item['version']] = [
'version_id' => $item['version'], 'version_id' => $item['version'],
'config_setting' => $item['config'], 'config_setting' => $item['config'],
'main_option_for_display' => $item['measurement'],
'configurations' => [] 'configurations' => []
]; ];
} }

2
api/v2/get/history.php
View File

@@ -68,7 +68,7 @@ if(isset($get_content) && $get_content!=''){
//Filter out only relevant servicereports //Filter out only relevant servicereports
$filter_key_1 = '"%serialnumber%"'; $filter_key_1 = '"%serialnumber%"';
$filter_key_2 = '"ServiceReport"'; $filter_key_2 = '"ServiceReport"';
$clause .= ' AND h.type = '.$filter_key_2.' AND h.description like '.$filter_key_1; $clause .= ' AND h.type = '.$filter_key_2.' AND NOT e.productrowid = "31" AND h.description like '.$filter_key_1;
} }
elseif ($v[0] == 'created') { elseif ($v[0] == 'created') {
//build up search //build up search

2
api/v2/get/products_configurations.php
View File

@@ -69,7 +69,7 @@ if (isset($criterias['productrowid']) && $criterias['productrowid'] != ''){
} }
else { else {
//SQL for Paging include name from different tables //SQL for Paging include name from different tables
$sql = 'SELECT pc.*, pv.config,pag.group_mandatory, pag.group_type, $sql = 'SELECT pc.*, pv.config,pv.measurement,pag.group_mandatory, pag.group_type,
CASE WHEN p.rowID IS NOT NULL THEN p.productname CASE WHEN p.rowID IS NOT NULL THEN p.productname
WHEN pag.group_id IS NOT NULL THEN pag.group_name WHEN pag.group_id IS NOT NULL THEN pag.group_name
END AS assignment_name, END AS assignment_name,

50
api/v2/post/dealers.php
View File

@@ -3,16 +3,17 @@ defined($security_key) or exit;
ini_set('display_errors', '1'); ini_set('display_errors', '1');
ini_set('display_startup_errors', '1'); ini_set('display_startup_errors', '1');
error_reporting(E_ALL); error_reporting(E_ALL);
//------------------------------------------ //------------------------------------------
// dealers // dealers
//------------------------------------------ //------------------------------------------
//Connect to DB //Connect to DB
$pdo = dbConnect($dbname); $pdo = dbConnect($dbname);
//CONTENT FROM API (POST) //CONTENT FROM API (POST)
$post_content = json_decode($input,true); $post_content = json_decode($input,true);
//CHECK IF REQUEST IS FROM DEALERFINDER //CHECK IF REQUEST IS FROM DEALERFINDER
if(isset($post_content['bounds'])){ if(isset($post_content['bounds'])){
//++++++++++++++++++++++ //++++++++++++++++++++++
@@ -194,6 +195,8 @@ elseif(isset($post_content['dealerfinder'])){
} }
//CHECK ALL THE POSTED ITEMS //CHECK ALL THE POSTED ITEMS
//CHECK ALL THE POSTED ITEMS
$orderByParts = [];
foreach ($post_content as $key => $value){ foreach ($post_content as $key => $value){
//GET FILTER CRITERIA //GET FILTER CRITERIA
if ($key !='submit' && $key !='city' && $key !='range' && $key !='lat' && $key !='lng' && $value !='C'){ if ($key !='submit' && $key !='city' && $key !='range' && $key !='lat' && $key !='lng' && $value !='C'){
@@ -204,80 +207,75 @@ elseif(isset($post_content['dealerfinder'])){
//check value returned and include SQL //check value returned and include SQL
switch ($value) { switch ($value) {
case '1': case '1':
$sql .= 'case when d.'.$key.' = 1 then 1 else 0 end +'; $orderByParts[] = 'case when d.'.$key.' = 1 then 1 else 0 end';
break; break;
case '0': case '0':
$sql .= 'case when d.'.$key.' = 0 then 1 else 0 end +'; $orderByParts[] = 'case when d.'.$key.' = 0 then 1 else 0 end';
break; break;
} }
//------------------------------------
break; break;
case ($field_question_2 ?? 'showroom_quality'): //showroom_quality case ($field_question_2 ?? 'showroom_quality'): //showroom_quality
//check value returned and include SQL
switch ($value) { switch ($value) {
case '2': case '2':
$sql .= 'case when d.'.$key.' = 2 then 1 else 0 end +'; $orderByParts[] = 'case when d.'.$key.' = 2 then 1 else 0 end';
break; break;
case '1': case '1':
$sql .= 'case when d.'.$key.' = 1 then 1 else 0 end +'; $orderByParts[] = 'case when d.'.$key.' = 1 then 1 else 0 end';
break; break;
case '0': case '0':
$sql .= 'case when d.'.$key.' = 0 then 1 else 0 end +'; $orderByParts[] = 'case when d.'.$key.' = 0 then 1 else 0 end';
break; break;
} }
//------------------------------------
break; break;
case ($field_question_3 ?? 'showroom_size'): //showroom_size case ($field_question_3 ?? 'showroom_size'): //showroom_size
//check value returned and include SQL
switch ($value) { switch ($value) {
case '2': case '2':
$sql .= 'case when d.'.$key.' = 2 then 1 else 0 end +'; $orderByParts[] = 'case when d.'.$key.' = 2 then 1 else 0 end';
break; break;
case '1': case '1':
$sql .= 'case when d.'.$key.' = 1 then 1 else 0 end +'; $orderByParts[] = 'case when d.'.$key.' = 1 then 1 else 0 end';
break; break;
case '0': case '0':
$sql .= 'case when d.'.$key.' = 0 then 1 else 0 end +'; $orderByParts[] = 'case when d.'.$key.' = 0 then 1 else 0 end';
break; break;
} }
//------------------------------------
break; break;
case ($field_question_4 ?? 'brand_category'): //brand_category case ($field_question_4 ?? 'brand_category'): //brand_category
//check value returned and include SQL
switch ($value) { switch ($value) {
case '2': case '2':
$sql .= 'case when d.'.$key.' = 2 then 1 else 0 end +'; $orderByParts[] = 'case when d.'.$key.' = 2 then 1 else 0 end';
break; break;
case '1': case '1':
$sql .= 'case when d.'.$key.' = 1 then 1 else 0 end +'; $orderByParts[] = 'case when d.'.$key.' = 1 then 1 else 0 end';
break; break;
case '0': case '0':
$sql .= 'case when d.'.$key.' = 0 then 1 else 0 end +'; $orderByParts[] = 'case when d.'.$key.' = 0 then 1 else 0 end';
break; break;
} }
//------------------------------------
break; break;
} }
} }
} }
//Replace LAST J // Build the final ORDER BY clause
$sql = removeTrailingElement($sql, ','); if (!empty($orderByParts)) {
//REPLACE LAST + with DESC // If we have filter criteria, order by the sum of matching criteria descending
$sql = removeTrailingElement($sql, '+').' desc limit 0,4'; $sql .= '(' . implode(' + ', $orderByParts) . ') desc limit 0,4';
} else {
// If no criteria (all "C" values), just order by name or some default
$sql .= 'd.name asc limit 0,4';
}
//Prepare statement //Prepare statement
$stmt = $pdo->prepare($sql); $stmt = $pdo->prepare($sql);

14
assets/functions.php
View File

@@ -842,6 +842,7 @@ function getWhereclause($table_name,$permission,$partner,$method){
switch ($permission) { switch ($permission) {
case '4': case '4':
$whereclause = ''; $whereclause = '';
$condition = '';
break; break;
case '3': case '3':
$condition = '__salesid___'.$partner->salesid.'___soldto___%'; $condition = '__salesid___'.$partner->salesid.'___soldto___%';
@@ -892,6 +893,7 @@ function getWhereclauselvl2($table_name,$permission,$partner,$method){
switch ($permission) { switch ($permission) {
case '4': case '4':
$whereclause = ''; $whereclause = '';
$condition = '';
break; break;
case '3': case '3':
$condition = '__salesid___'.$partner->salesid.'___soldto___%'; $condition = '__salesid___'.$partner->salesid.'___soldto___%';
@@ -3330,6 +3332,7 @@ function processProductCollection($products) {
// Add version specific data // Add version specific data
$versionProduct['version_id'] = $version['version_id']; $versionProduct['version_id'] = $version['version_id'];
$versionProduct['config_setting'] = $version['config_setting']; $versionProduct['config_setting'] = $version['config_setting'];
$versionProduct['main_option_for_display'] = $version['main_option_for_display'];
$versionProduct['configurations'] = $version['configurations']; $versionProduct['configurations'] = $version['configurations'];
// Only modify identifiers if there's more than one version // Only modify identifiers if there's more than one version
@@ -3630,9 +3633,16 @@ class ShoppingCartCalculator {
$stmt->execute([$this->selected_country]); $stmt->execute([$this->selected_country]);
$tax = $stmt->fetch(PDO::FETCH_ASSOC); $tax = $stmt->fetch(PDO::FETCH_ASSOC);
if ($this->business_type === 'b2c') {
// Tax is included in final price
return $tax ? ($amount_to_tax - ($amount_to_tax / ( 1 + ($tax['rate'] / 100)))) : 0;
} else {
// Tax is added on top for B2B
return $tax ? ($amount_to_tax * ($tax['rate'] / 100)) : 0; return $tax ? ($amount_to_tax * ($tax['rate'] / 100)) : 0;
} }
}
private function calculateFinalTotal($subtotal, $shippingtotal, $discounttotal, $taxtotal) { private function calculateFinalTotal($subtotal, $shippingtotal, $discounttotal, $taxtotal) {
$base = $subtotal - $discounttotal + $shippingtotal; $base = $subtotal - $discounttotal + $shippingtotal;
@@ -4025,7 +4035,7 @@ function getDomainName($hostname) {
// encode ID to UUID // encode ID to UUID
//======================================= //=======================================
function encodeUuid($number) { function encodeUuid($number) {
$alphabet = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%&?-'; $alphabet = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
$base = strlen($alphabet); $base = strlen($alphabet);
$encoded = ''; $encoded = '';
@@ -4049,7 +4059,7 @@ function encodeUuid($number) {
function decodeUuid($encoded) { function decodeUuid($encoded) {
$encoded = strtoupper($encoded); $encoded = strtoupper($encoded);
$alphabet = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ!@#$%&?-'; $alphabet = '0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ';
$base = strlen($alphabet); $base = strlen($alphabet);
$number = 0; $number = 0;

1280
assets/qrcode/qrcode.php Normal file
View File

File diff suppressed because it is too large Load Diff

4
equipment.php
View File

@@ -47,11 +47,11 @@ if (!empty($media_responses)){$media_responses = json_decode($media_responses,tr
$media_responses = $media_responses[0]; $media_responses = $media_responses[0];
//CALL TO API FOR History //CALL TO API FOR History
$api_url = '/v1/equipments/equipmentID='.$responses->equipmentID.'&type=ServiceReport&history=1'; $api_url = '/v2/equipments/equipmentID='.$responses->equipmentID.'&type=ServiceReport&history=1';
$history = ioServer($api_url,''); $history = ioServer($api_url,'');
//Decode Payload //Decode Payload
if (!empty($history)){$history = decode_payload($history);}else{$history = null;} if (!empty($history)){$history = json_decode($history);}else{$history = null;}
//CALL TO API FOR EQUIPMENT DATA //CALL TO API FOR EQUIPMENT DATA
$api_url = '/v1/equipment_data/equipmentid='.$responses->equipmentID; $api_url = '/v1/equipment_data/equipmentid='.$responses->equipmentID;

8
products_versions.php
View File

@@ -135,9 +135,15 @@ $view .= '<div class="content-block tab-content active">
</table> </table>
</div>'; </div>';
if (!is_array(json_decode($products_versions['measurement'],true))){
$view .= '
<label for="">'.($product_version_main_product_option ?? 'Main Product Option').'</label>
<input type="text" name="measurement" placeholder="'.($product_version_main_product_option ?? 'Main Product Option').'" value="'.$products_versions['measurement'].'">';
} }
if (isset($_GET['rowID']) && $_GET['rowID'] !='' && !empty($products_versions['measurement'])){ }
if (isset($_GET['rowID']) && $_GET['rowID'] !='' && !empty($products_versions['measurement']) && is_array(json_decode($products_versions['measurement'],true))){
$measurements = json_decode($products_versions['measurement'],true); $measurements = json_decode($products_versions['measurement'],true);
$view .= ' $view .= '

1
settings/systemservicetool.php
View File

@@ -63,7 +63,6 @@ $arrayQuestions_visual = array(
array("Question_sequence" => '2',"QuestionID" => "service_visual_14", "Question" => $service_visual_14, "Type" => 'Radiobutton', "Response" => $allowedResponseDropdownCorrosion), array("Question_sequence" => '2',"QuestionID" => "service_visual_14", "Question" => $service_visual_14, "Type" => 'Radiobutton', "Response" => $allowedResponseDropdownCorrosion),
array("Question_sequence" => '2',"QuestionID" => "service_visual_15", "Question" => $service_visual_15, "Type" => 'Radiobutton', "Response" => $allowedResponseRadio), array("Question_sequence" => '2',"QuestionID" => "service_visual_15", "Question" => $service_visual_15, "Type" => 'Radiobutton', "Response" => $allowedResponseRadio),
array("Question_sequence" => '2',"QuestionID" => "service_visual_16", "Question" => $service_visual_16, "Type" => 'Radiobutton', "Response" => $allowedResponseRadio), array("Question_sequence" => '2',"QuestionID" => "service_visual_16", "Question" => $service_visual_16, "Type" => 'Radiobutton', "Response" => $allowedResponseRadio),
array("Question_sequence" => '2',"QuestionID" => "service_visual_17", "Question" => $service_visual_17, "Type" => 'Radiobutton', "Response" => $allowedResponseDropdownCorrosion),
array("Question_sequence" => '2',"QuestionID" => "service_visual_18", "Question" => $service_visual_18, "Type" => 'Radiobutton', "Response" => $allowedResponseRadio) array("Question_sequence" => '2',"QuestionID" => "service_visual_18", "Question" => $service_visual_18, "Type" => 'Radiobutton', "Response" => $allowedResponseRadio)
) )
), ),

38
settings/systemservicetool_init.php
View File

@@ -53,17 +53,17 @@ $init = array(
"AnalogVoltagePP_EP_0_Max"=> 4.8, "AnalogVoltagePP_EP_0_Max"=> 4.8,
"AnalogVoltagePP_EP_0_Min"=> 4.1, "AnalogVoltagePP_EP_0_Min"=> 4.1,
"AnalogVoltagePP_EP_680_Max"=> 3.4, "AnalogVoltagePP_EP_680_Max"=> 3.4,
"AnalogVoltagePP_EP_680_Min"=> 2.9, "AnalogVoltagePP_EP_680_Min"=> 2.85,
"AnalogVoltagePP_EP_480_Max"=> 2.9, "AnalogVoltagePP_EP_480_Max"=> 2.9,
"AnalogVoltagePP_EP_480_Min"=> 2.5, "AnalogVoltagePP_EP_480_Min"=> 2.55,
"AnalogVoltagePP_EP_330_Max"=> 2.5, "AnalogVoltagePP_EP_330_Max"=> 2.55,
"AnalogVoltagePP_EP_330_Min"=> 2.1, "AnalogVoltagePP_EP_330_Min"=> 2.15,
"AnalogVoltageCP_0_POS_Max"=> 12.5, "AnalogVoltageCP_0_POS_Max"=> 12.6,
"AnalogVoltageCP_0_POS_Min"=> 11.5, "AnalogVoltageCP_0_POS_Min"=> 11.4,
"AnalogVoltageCP_0_NEG_Max"=> -11.5, "AnalogVoltageCP_0_NEG_Max"=> -11.4,
"AnalogVoltageCP_0_NEG_Min"=> -12.5, "AnalogVoltageCP_0_NEG_Min"=> -12.6,
"AnalogVoltageCP_2K74_POS_Max"=> 9.2, "AnalogVoltageCP_2K74_POS_Max"=> 9.59,
"AnalogVoltageCP_2K74_POS_Min"=> 8.7, "AnalogVoltageCP_2K74_POS_Min"=> 8.37,
"AnalogVoltagePP_EP_Off_Max"=>0.3, "AnalogVoltagePP_EP_Off_Max"=>0.3,
"AnalogVoltagePP_EP_Off_Min"=>-0.5 "AnalogVoltagePP_EP_Off_Min"=>-0.5
), ),
@@ -73,17 +73,17 @@ $init = array(
"AnalogVoltagePP_EP_0_Max"=> 4.8, "AnalogVoltagePP_EP_0_Max"=> 4.8,
"AnalogVoltagePP_EP_0_Min"=> 4.1, "AnalogVoltagePP_EP_0_Min"=> 4.1,
"AnalogVoltagePP_EP_680_Max"=> 3.4, "AnalogVoltagePP_EP_680_Max"=> 3.4,
"AnalogVoltagePP_EP_680_Min"=> 2.9, "AnalogVoltagePP_EP_680_Min"=> 2.85,
"AnalogVoltagePP_EP_480_Max"=> 2.9, "AnalogVoltagePP_EP_480_Max"=> 2.9,
"AnalogVoltagePP_EP_480_Min"=> 2.5, "AnalogVoltagePP_EP_480_Min"=> 2.55,
"AnalogVoltagePP_EP_330_Max"=> 2.5, "AnalogVoltagePP_EP_330_Max"=> 2.55,
"AnalogVoltagePP_EP_330_Min"=> 2.1, "AnalogVoltagePP_EP_330_Min"=> 2.1,
"AnalogVoltageCP_0_POS_Max"=> 12.5, "AnalogVoltageCP_0_POS_Max"=> 12.6,
"AnalogVoltageCP_0_POS_Min"=> 11.5, "AnalogVoltageCP_0_POS_Min"=> 11.4,
"AnalogVoltageCP_0_NEG_Max"=> -11.5, "AnalogVoltageCP_0_NEG_Max"=> -11.4,
"AnalogVoltageCP_0_NEG_Min"=> -12.5, "AnalogVoltageCP_0_NEG_Min"=> -12.6,
"AnalogVoltageCP_2K74_POS_Max"=> 9.2, "AnalogVoltageCP_2K74_POS_Max"=> 9.59,
"AnalogVoltageCP_2K74_POS_Min"=> 8.7, "AnalogVoltageCP_2K74_POS_Min"=> 8.37,
"AnalogVoltagePP_EP_Off_Max"=>0.3, "AnalogVoltagePP_EP_Off_Max"=>0.3,
"AnalogVoltagePP_EP_Off_Min"=>-0.5 "AnalogVoltagePP_EP_Off_Min"=>-0.5
), ),

2
translation_manage.php
View File

@@ -244,6 +244,7 @@ $view .= '
<tr> <tr>
<td> <td>
<select form="update" id="language" name="item['.$translation['rowID'].'][language_key]">'; <select form="update" id="language" name="item['.$translation['rowID'].'][language_key]">';
$view .= '<option value="FR">FR</option>';
foreach ($supportedLanguages as $language){ foreach ($supportedLanguages as $language){
$view .='<option value="'.$language.'" '.(($translation['language_key'] == $language)?' selected':'').'>'.$language.'</option>'; $view .='<option value="'.$language.'" '.(($translation['language_key'] == $language)?' selected':'').'>'.$language.'</option>';
} }
@@ -271,6 +272,7 @@ $view .= '
newRow.innerHTML = ` newRow.innerHTML = `
<td><select form="new" id="language" name="language_key">'; <td><select form="new" id="language" name="language_key">';
$view .= '<option value="FR">FR</option>';
foreach ($supportedLanguages as $language){ foreach ($supportedLanguages as $language){
$view .= '<option value="'.$language.'">'.$language.'</option>'; $view .= '<option value="'.$language.'">'.$language.'</option>';
} }