From 0655cf945827daecbb8ae1e11abe4273fb6dbfdf Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CVeLiTi=E2=80=9D?= <“info@veliti.nl”> Date: Tue, 19 Nov 2024 19:03:27 +0100 Subject: [PATCH] CMXX - Update software downloader --- api/v1/post/products_software.php | 23 +++++++++++++++++ api/v2/get/products_software.php | 12 +++++++++ api/v2/get/vin.php | 42 ++++++++++++++++++++++++++++--- api/v2/post/products_software.php | 24 ++++++++++++++++++ products_software.php | 2 +- 5 files changed, 99 insertions(+), 4 deletions(-) diff --git a/api/v1/post/products_software.php b/api/v1/post/products_software.php index a1721d3..415a5a3 100644 --- a/api/v1/post/products_software.php +++ b/api/v1/post/products_software.php @@ -53,6 +53,14 @@ if (isset($post_content['productrowid']) && $post_content['productrowid'] != '') $input_insert = ''; if ($command == 'insert'){ + + //USE PART OF FILENAME AS VERSION + if (($pos = strpos($post_content['software'], "_")) !== FALSE) { + $version = substr($post_content['software'], $pos+1); + $version = substr($version, 0, -4); //remove filetype + $post_content['version'] = $version; + } + $post_content['latest'] = 1; //New software is always latest $post_content['created'] = $date; $post_content['createdby'] = $username; @@ -100,6 +108,21 @@ if (isset($post_content['productrowid']) && $post_content['productrowid'] != '') } elseif ($command == 'delete' && isAllowed('products_software',$profile,$permission,'D') === 1){ + + //GET FILENAME AND REMOVE FROM SERVER + $sql = 'SELECT * FROM products_software WHERE rowID = ? '.$whereclause.''; + $stmt = $pdo->prepare($sql); + $stmt->execute([$id]); + //Get results + $softwares = $stmt->fetchAll(PDO::FETCH_ASSOC); + + foreach ($softwares as $software){ + $software_file = dirname(__FILE__,4)."/firmware/".$software['software']; + $file = glob($software_file, GLOB_BRACE); + if (!empty($file)){ + unlink($software_file); + } + } $stmt = $pdo->prepare('DELETE FROM products_software WHERE rowID = ? '.$whereclause.''); $stmt->execute([ $id ]); diff --git a/api/v2/get/products_software.php b/api/v2/get/products_software.php index e4cc476..753b15a 100644 --- a/api/v2/get/products_software.php +++ b/api/v2/get/products_software.php @@ -165,6 +165,18 @@ if (!isset($criterias['productrowid']) && isset($criterias['sn']) && $criterias[ } } + //GET PRODUCTCODE BASED ON SN WHEN NO RECORDS FOUND + if (count($messages) === 0){ + $sql = 'SELECT p.productcode FROM equipment e JOIN products p ON e.productrowid = p.rowID WHERE e.serialnumber =?'; + $stmt = $pdo->prepare($sql); + //Excute Query + $stmt->execute([$criterias['sn']]); + //Get results + $productcodes = $stmt->fetchAll(PDO::FETCH_ASSOC); + //assign serialnumber to productcode + $criterias['productcode'] = $productcodes[0]['productcode']; + } + if ($latest_check == 0){ //GET LATEST BASED ON PRODUCTCODE $sql = 'SELECT * FROM products_software ps JOIN products p ON ps.productrowid = p.rowID WHERE p.productcode = ? AND ps.status = "1" AND ps.latest = "1"'; diff --git a/api/v2/get/vin.php b/api/v2/get/vin.php index 867f2de..9773d54 100644 --- a/api/v2/get/vin.php +++ b/api/v2/get/vin.php @@ -8,7 +8,7 @@ defined($security_key) or exit; // translated from JS (kevinboutin on 3/11/18) to PHP // https://gist.github.com/kevboutin/3ac029e336fc7cafd20c05adda42ffa5 //------------------------------------------ -// Transliterate VIN characters for validation +/* Transliterate VIN characters for validation function transliterate($c) { $index = strpos('0123456789.ABCDEFGH..JKLMN.P.R..STUVWXYZ', $c); return $index % 10; @@ -27,6 +27,41 @@ function getCheckDigit($vin) { function validateVIN($vin) { if (strlen($vin) !== 17) return false; return getCheckDigit($vin) === $vin[8]; +}*/ + +function validateVIN($vin) { + + $vin = strtolower($vin); + if (!preg_match('/^[^\Wioq]{17}$/', $vin)) { + return false; + } + $weights = array(8, 7, 6, 5, 4, 3, 2, 10, 0, 9, 8, 7, 6, 5, 4, 3, 2); + $transliterations = array( + "a" => 1, "b" => 2, "c" => 3, "d" => 4, + "e" => 5, "f" => 6, "g" => 7, "h" => 8, + "j" => 1, "k" => 2, "l" => 3, "m" => 4, + "n" => 5, "p" => 7, "r" => 9, "s" => 2, + "t" => 3, "u" => 4, "v" => 5, "w" => 6, + "x" => 7, "y" => 8, "z" => 9 + ); + $sum = 0; + for($i = 0 ; $i < strlen($vin) ; $i++ ) { // loop through characters of VIN + // add transliterations * weight of their positions to get the sum + $check_char = substr($vin, $i, 1); + if(!is_numeric($check_char)) { + $sum += $transliterations[$check_char] * $weights[$i]; + } else { + $sum += $check_char * $weights[$i]; + } + } + + // find checkdigit by taking the mod of the sum + $checkdigit = $sum % 11; + if($checkdigit == 10) { // checkdigit of 10 is represented by "X" + $checkdigit = "x"; + } + $actual_checkdigit = substr($vin, 8, 1); + return ($checkdigit == $actual_checkdigit); } //------------------------------------------ @@ -79,14 +114,15 @@ if (strlen($get_content) == 17){ $messages = [ "VIN" => $vin, - "IsValid" => (validateVIN($vin) ? "Yes" : "No"), "Manufacturer" => getManufacturer(getWMI($vin)), "year" => getYear(getVIS($vin)) ]; } else { $messages = [ - "IsValid" => "No" + "VIN" => $vin, + "Manufacturer" => "Unknown", + "year" => "Unknown" ]; } diff --git a/api/v2/post/products_software.php b/api/v2/post/products_software.php index 08262af..349a33b 100644 --- a/api/v2/post/products_software.php +++ b/api/v2/post/products_software.php @@ -53,6 +53,13 @@ if (isset($post_content['productrowid']) && $post_content['productrowid'] != '') $input_insert = ''; if ($command == 'insert'){ + + if (($pos = strpos($post_content['software'], "_")) !== FALSE) { + $version = substr($post_content['software'], $pos+1); + $version = substr($version, 0, -4); //remove filetype + $post_content['version'] = $version; + } + $post_content['latest'] = 1; //New software is always latest $post_content['created'] = $date; $post_content['createdby'] = $username; @@ -99,11 +106,28 @@ if (isset($post_content['productrowid']) && $post_content['productrowid'] != '') $stmt->execute($execute_input); } elseif ($command == 'delete' && isAllowed('products_software',$profile,$permission,'D') === 1){ + + //GET FILENAME AND REMOVE FROM SERVER + $sql = 'SELECT * FROM products_software WHERE rowID = ? '.$whereclause.''; + $stmt = $pdo->prepare($sql); + $stmt->execute([$id]); + //Get results + $softwares = $stmt->fetchAll(PDO::FETCH_ASSOC); + + foreach ($softwares as $software){ + $software_file = dirname(__FILE__,4)."/firmware/".$software['software']; + $file = glob($software_file, GLOB_BRACE); + if (!empty($file)){ + unlink($software_file); + } + } + $stmt = $pdo->prepare('DELETE FROM products_software WHERE rowID = ? '.$whereclause.''); $stmt->execute([ $id ]); //Add deletion to changelog changelog($dbname,'products_',$id,'Delete','Delete',$username); + } else { //do nothing diff --git a/products_software.php b/products_software.php index 3f71e2e..42bd3fd 100644 --- a/products_software.php +++ b/products_software.php @@ -187,7 +187,7 @@ $view .= '
- + '; if ($products_software['software'] !=''){ $view .= '