pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Removed initial software_upgrade

Browse Source
This commit is contained in:
“VeLiTi”
2025-12-12 10:54:45 +01:00
parent c39a5ca648
commit 2b42013e23
19 changed files with 53 additions and 2132 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
.DS_Store vendored
View File

Binary file not shown.

7
api.php
View File

@@ -168,10 +168,9 @@ if($is_jwt_valid && str_contains($version, 'v')) {
// END check if endPoint is fileUpload // END check if endPoint is fileUpload
//------------------------------------------ //------------------------------------------
if ($collection === 'com_log' && file_exists($api_file_post)) { debuglog("API call: collection=$collection, input_empty=" . (empty($input) ? 'true' : 'false') . ", file_exists=" . (file_exists($api_file) ? 'true' : 'false'));
include_once $api_file_post;
} if (isAllowed($collection,$profile,$permission,'R') === 1 && empty($input) && file_exists($api_file)){
elseif (isAllowed($collection,$profile,$permission,'R') === 1 && empty($input) && file_exists($api_file)){
include_once $api_file; include_once $api_file;
} }

BIN
api/v2/get/.DS_Store vendored Normal file
View File

Binary file not shown.

100
api/v2/get/download_logs.php
View File

@@ -1,100 +0,0 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Download Logs
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'user_id') {
$clause .= ' AND dl.user_id = :'.$v[0];
}
elseif ($v[0] == 'version_id') {
$clause .= ' AND dl.version_id = :'.$v[0];
}
elseif ($v[0] == 'date_from') {
$clause .= ' AND dl.downloaded_at >= :'.$v[0];
}
elseif ($v[0] == 'date_to') {
$clause .= ' AND dl.downloaded_at <= :'.$v[0];
}
elseif ($v[0] == 'search') {
$clause .= ' AND (sv.name LIKE :'.$v[0].' OR u.username LIKE :'.$v[0].' OR dl.ip_address LIKE :'.$v[0].')';
}
else {
$clause .= ' AND dl.'.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals']==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM download_logs dl LEFT JOIN software_versions sv ON dl.version_id = sv.id LEFT JOIN users u ON dl.user_id = u.id '.$whereclause.'';
}
elseif (isset($criterias['list']) && $criterias['list']=='') {
//SQL for Paging
$sql = 'SELECT dl.*, sv.version, sv.name as software_name, u.username FROM download_logs dl LEFT JOIN software_versions sv ON dl.version_id = sv.id LEFT JOIN users u ON dl.user_id = u.id '.$whereclause.' ORDER BY dl.downloaded_at DESC';
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$sql = 'SELECT dl.*, sv.version, sv.name as software_name, u.username FROM download_logs dl LEFT JOIN software_versions sv ON dl.version_id = sv.id LEFT JOIN users u ON dl.user_id = u.id '.$whereclause.' ORDER BY dl.downloaded_at DESC LIMIT ?, ?';
$stmt = $pdo->prepare($sql);
$stmt->bindValue(1, ($current_page - 1) * $page_rows_products, PDO::PARAM_INT);
$stmt->bindValue(2, $page_rows_products, PDO::PARAM_INT);
$stmt->execute();
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//Execute Query for totals/list
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt = $pdo->prepare($sql);
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
elseif(isset($criterias['list'])){
$stmt = $pdo->prepare($sql);
$stmt->execute();
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
?>

97
api/v2/get/download_tokens.php
View File

@@ -1,97 +0,0 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Download Tokens
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'user_id') {
$clause .= ' AND dt.user_id = :'.$v[0];
}
elseif ($v[0] == 'version_id') {
$clause .= ' AND dt.version_id = :'.$v[0];
}
elseif ($v[0] == 'used') {
$clause .= ' AND dt.used = :'.$v[0];
}
elseif ($v[0] == 'token') {
$clause .= ' AND dt.token = :'.$v[0];
}
else {
$clause .= ' AND dt.'.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals']==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM download_tokens dt LEFT JOIN software_versions sv ON dt.version_id = sv.id LEFT JOIN users u ON dt.user_id = u.id '.$whereclause.'';
}
elseif (isset($criterias['list']) && $criterias['list']=='') {
//SQL for Paging
$sql = 'SELECT dt.*, sv.version, sv.name as software_name, u.username FROM download_tokens dt LEFT JOIN software_versions sv ON dt.version_id = sv.id LEFT JOIN users u ON dt.user_id = u.id '.$whereclause.' ORDER BY dt.created_at DESC';
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$sql = 'SELECT dt.*, sv.version, sv.name as software_name, u.username FROM download_tokens dt LEFT JOIN software_versions sv ON dt.version_id = sv.id LEFT JOIN users u ON dt.user_id = u.id '.$whereclause.' ORDER BY dt.created_at DESC LIMIT ?, ?';
$stmt = $pdo->prepare($sql);
$stmt->bindValue(1, ($current_page - 1) * $page_rows_products, PDO::PARAM_INT);
$stmt->bindValue(2, $page_rows_products, PDO::PARAM_INT);
$stmt->execute();
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//Execute Query for totals/list
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt = $pdo->prepare($sql);
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
elseif(isset($criterias['list'])){
$stmt = $pdo->prepare($sql);
$stmt->execute();
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
?>

170
api/v2/get/software.php
View File

@@ -1,170 +0,0 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Software Versions for Upgrades
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'available') {
// Special case: get available upgrades for current user
// This will be handled separately below
}
elseif ($v[0] == 'version_id') {
$clause .= ' AND sv.id = :'.$v[0];
}
elseif ($v[0] == 'version') {
$clause .= ' AND sv.version = :'.$v[0];
}
elseif ($v[0] == 'search') {
$clause .= ' AND (sv.name LIKE :'.$v[0].' OR sv.description LIKE :'.$v[0].')';
}
else {
$clause .= ' AND sv.'.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
// Special handling for available upgrades
if (isset($criterias['available'])) {
// Include version access logic
require_once './includes/version_access.php';
$userId = $user_data['id'];
// Get all active versions
$stmt = $pdo->prepare("
SELECT sv.rowID as id, sv.version, sv.major_version, sv.minor_version, sv.patch_version,
sv.name, sv.description, sv.file_size, sv.release_date
FROM software_versions sv
WHERE sv.status = 'published'
ORDER BY sv.major_version DESC, sv.minor_version DESC, sv.patch_version DESC
");
$stmt->execute();
$versions = $stmt->fetchAll(PDO::FETCH_ASSOC);
// Get user's current versions
$ownedVersions = getUserOwnedVersions($userId);
$latestOwned = getLatestOwnedVersion($userId);
$response = [
'current_version' => $latestOwned ? $latestOwned['version'] : null,
'owned_versions' => array_map(function($v) {
return [
'version' => $v['version'],
'name' => $v['name'],
'purchased_at' => $v['purchased_at']
];
}, $ownedVersions),
'available_versions' => []
];
// Check access for each version
foreach ($versions as $version) {
$accessInfo = checkVersionAccess($userId, $version['id']);
$versionData = [
'id' => $version['id'],
'version' => $version['version'],
'name' => $version['name'],
'description' => $version['description'],
'file_size' => $version['file_size'],
'release_date' => $version['release_date'],
'is_accessible' => $accessInfo['accessible'],
'requires_payment' => $accessInfo['requires_payment'] ?? false,
'price' => $accessInfo['price'] ?? 0.00,
'access_reason' => $accessInfo['reason']
];
// Add additional info based on access type
if (isset($accessInfo['original_price'])) {
$versionData['original_price'] = $accessInfo['original_price'];
}
if (isset($accessInfo['is_upgrade'])) {
$versionData['is_upgrade'] = $accessInfo['is_upgrade'];
}
if (isset($accessInfo['from_version'])) {
$versionData['upgrade_from'] = $accessInfo['from_version'];
}
if (isset($accessInfo['required_version'])) {
$versionData['required_version'] = $accessInfo['required_version'];
}
$response['available_versions'][] = $versionData;
}
$messages = $response;
}
else {
// Regular software versions query
if(isset($criterias['totals']) && $criterias['totals']==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM software_versions sv '.$whereclause.'';
}
elseif (isset($criterias['list']) && $criterias['list']=='') {
//SQL for Paging
$sql = 'SELECT sv.* FROM software_versions sv '.$whereclause.' ORDER BY sv.major_version DESC, sv.minor_version DESC, sv.patch_version DESC';
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$sql = 'SELECT sv.* FROM software_versions sv '.$whereclause.' ORDER BY sv.major_version DESC, sv.minor_version DESC, sv.patch_version DESC LIMIT ?, ?';
$stmt = $pdo->prepare($sql);
$stmt->bindValue(1, ($current_page - 1) * $page_rows_products, PDO::PARAM_INT);
$stmt->bindValue(2, $page_rows_products, PDO::PARAM_INT);
$stmt->execute();
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//Execute Query for totals/list
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt = $pdo->prepare($sql);
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
elseif(isset($criterias['list'])){
$stmt = $pdo->prepare($sql);
$stmt->execute();
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
?>

95
api/v2/get/software_download.php
View File

@@ -1,95 +0,0 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Secure Software Download
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
$token = $_GET['token'] ?? null;
if (!$token) {
http_response_code(400);
exit('Invalid request');
}
// Validate token
$tokenData = validateDownloadToken($pdo, $token);
if (!$tokenData) {
http_response_code(403);
exit('Invalid or expired token');
}
// Get file details
$stmt = $pdo->prepare("SELECT * FROM software_versions WHERE rowID = ?");
$stmt->execute([$tokenData['version_id']]);
$version = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$version) {
http_response_code(404);
exit('File not found');
}
// Invalidate token after use (one-time use)
invalidateToken($pdo, $token);
// Stream the file
$filePath = $version['file_path']; // e.g., '/var/www/secure_files/update_v2.0.zip'
if (!file_exists($filePath)) {
http_response_code(404);
exit('File not found on server');
}
// Set headers for file download
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . basename($version['filename']) . '"');
header('Content-Length: ' . filesize($filePath));
header('Cache-Control: no-cache, must-revalidate');
header('Pragma: no-cache');
header('Expires: 0');
// Stream file in chunks to handle large files
$handle = fopen($filePath, 'rb');
while (!feof($handle)) {
echo fread($handle, 8192);
flush();
}
fclose($handle);
exit;
// Helper functions for token management
function validateDownloadToken($pdo, $token) {
$stmt = $pdo->prepare(
"SELECT user_id, version_id, expires_at, used
FROM download_tokens
WHERE token = ?"
);
$stmt->execute([$token]);
$tokenData = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$tokenData) {
return false;
}
// Check if expired
if (strtotime($tokenData['expires_at']) < time()) {
return false;
}
// Check if already used
if ($tokenData['used']) {
return false;
}
return $tokenData;
}
function invalidateToken($pdo, $token) {
$stmt = $pdo->prepare("UPDATE download_tokens SET used = 1 WHERE token = ?");
$stmt->execute([$token]);
}
?>

97
api/v2/get/upgrade_paths.php
View File

@@ -1,97 +0,0 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Upgrade Paths
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'from_version_id') {
$clause .= ' AND up.from_version_id = :'.$v[0];
}
elseif ($v[0] == 'to_version_id') {
$clause .= ' AND up.to_version_id = :'.$v[0];
}
elseif ($v[0] == 'is_free') {
$clause .= ' AND up.is_free = :'.$v[0];
}
elseif ($v[0] == 'search') {
$clause .= ' AND (sv1.name LIKE :'.$v[0].' OR sv2.name LIKE :'.$v[0].' OR up.description LIKE :'.$v[0].')';
}
else {
$clause .= ' AND up.'.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals']==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM upgrade_paths up LEFT JOIN software_versions sv1 ON up.from_version_id = sv1.id LEFT JOIN software_versions sv2 ON up.to_version_id = sv2.id '.$whereclause.'';
}
elseif (isset($criterias['list']) && $criterias['list']=='') {
//SQL for Paging
$sql = 'SELECT up.*, sv1.version as from_version, sv1.name as from_name, sv2.version as to_version, sv2.name as to_name FROM upgrade_paths up LEFT JOIN software_versions sv1 ON up.from_version_id = sv1.id LEFT JOIN software_versions sv2 ON up.to_version_id = sv2.id '.$whereclause.' ORDER BY up.id';
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$sql = 'SELECT up.*, sv1.version as from_version, sv1.name as from_name, sv2.version as to_version, sv2.name as to_name FROM upgrade_paths up LEFT JOIN software_versions sv1 ON up.from_version_id = sv1.id LEFT JOIN software_versions sv2 ON up.to_version_id = sv2.id '.$whereclause.' ORDER BY up.id LIMIT ?, ?';
$stmt = $pdo->prepare($sql);
$stmt->bindValue(1, ($current_page - 1) * $page_rows_products, PDO::PARAM_INT);
$stmt->bindValue(2, $page_rows_products, PDO::PARAM_INT);
$stmt->execute();
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//Execute Query for totals/list
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt = $pdo->prepare($sql);
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
elseif(isset($criterias['list'])){
$stmt = $pdo->prepare($sql);
$stmt->execute();
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
?>

97
api/v2/get/user_licenses.php
View File

@@ -1,97 +0,0 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// User Licenses
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'user_id') {
$clause .= ' AND ul.user_id = :'.$v[0];
}
elseif ($v[0] == 'version_id') {
$clause .= ' AND ul.version_id = :'.$v[0];
}
elseif ($v[0] == 'status') {
$clause .= ' AND ul.status = :'.$v[0];
}
elseif ($v[0] == 'search') {
$clause .= ' AND (sv.name LIKE :'.$v[0].' OR ul.license_key LIKE :'.$v[0].')';
}
else {
$clause .= ' AND ul.'.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals']==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM user_licenses ul LEFT JOIN software_versions sv ON ul.version_id = sv.id '.$whereclause.'';
}
elseif (isset($criterias['list']) && $criterias['list']=='') {
//SQL for Paging
$sql = 'SELECT ul.*, sv.version, sv.name as software_name FROM user_licenses ul LEFT JOIN software_versions sv ON ul.version_id = sv.id '.$whereclause.' ORDER BY ul.purchased_at DESC';
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$sql = 'SELECT ul.*, sv.version, sv.name as software_name FROM user_licenses ul LEFT JOIN software_versions sv ON ul.version_id = sv.id '.$whereclause.' ORDER BY ul.purchased_at DESC LIMIT ?, ?';
$stmt = $pdo->prepare($sql);
$stmt->bindValue(1, ($current_page - 1) * $page_rows_products, PDO::PARAM_INT);
$stmt->bindValue(2, $page_rows_products, PDO::PARAM_INT);
$stmt->execute();
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//Execute Query for totals/list
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt = $pdo->prepare($sql);
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
elseif(isset($criterias['list'])){
$stmt = $pdo->prepare($sql);
$stmt->execute();
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
?>

94
api/v2/get/version_access_rules.php
View File

@@ -1,94 +0,0 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Version Access Rules
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'version_id') {
$clause .= ' AND var.version_id = :'.$v[0];
}
elseif ($v[0] == 'access_type') {
$clause .= ' AND var.access_type = :'.$v[0];
}
elseif ($v[0] == 'search') {
$clause .= ' AND (sv.name LIKE :'.$v[0].' OR var.description LIKE :'.$v[0].')';
}
else {
$clause .= ' AND var.'.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals']==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM version_access_rules var LEFT JOIN software_versions sv ON var.version_id = sv.id '.$whereclause.'';
}
elseif (isset($criterias['list']) && $criterias['list']=='') {
//SQL for Paging
$sql = 'SELECT var.*, sv.version, sv.name as software_name FROM version_access_rules var LEFT JOIN software_versions sv ON var.version_id = sv.id '.$whereclause.' ORDER BY var.id';
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$sql = 'SELECT var.*, sv.version, sv.name as software_name FROM version_access_rules var LEFT JOIN software_versions sv ON var.version_id = sv.id '.$whereclause.' ORDER BY var.id LIMIT ?, ?';
$stmt = $pdo->prepare($sql);
$stmt->bindValue(1, ($current_page - 1) * $page_rows_products, PDO::PARAM_INT);
$stmt->bindValue(2, $page_rows_products, PDO::PARAM_INT);
$stmt->execute();
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//Execute Query for totals/list
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt = $pdo->prepare($sql);
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
elseif(isset($criterias['list'])){
$stmt = $pdo->prepare($sql);
$stmt->execute();
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
?>

BIN
api/v2/post/.DS_Store vendored Normal file
View File

Binary file not shown.

202
api/v2/post/software.php
View File

@@ -1,202 +0,0 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Software Versions Management
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
list($whereclause,$condition) = getWhereclause('',$permission,$partner,'');
// Handle different actions
$action = $post_content['action'] ?? '';
switch ($action) {
case 'download':
// Handle secure download request
require_once './includes/version_access.php';
$versionId = $post_content['version_id'] ?? null;
if (!$versionId) {
http_response_code(400);
echo json_encode(['error' => 'Missing version_id']);
exit;
}
$userId = $user_data['id'];
// Validate user has access to this version
if (!validateUserAccess($userId, $versionId)) {
http_response_code(403);
echo json_encode(['error' => 'Access denied. Payment required or insufficient permissions.']);
exit;
}
// Get version details
$stmt = $pdo->prepare("SELECT * FROM software_versions WHERE rowID = ?");
$stmt->execute([$versionId]);
$version = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$version) {
http_response_code(404);
echo json_encode(['error' => 'Version not found']);
exit;
}
// Log the download
logDownload($pdo, $userId, $versionId);
// Generate temporary signed URL
$downloadToken = generateSecureDownloadToken($pdo, $userId, $versionId);
echo json_encode([
'download_url' => '/api/v2/get/software_download.php?token=' . $downloadToken,
'expires_in' => 300 // 5 minutes
]);
break;
case 'purchase':
// Handle purchase/license grant
require_once './includes/version_access.php';
$versionId = $post_content['version_id'] ?? null;
$transactionId = $post_content['transaction_id'] ?? null;
if (!$versionId) {
http_response_code(400);
echo json_encode(['error' => 'Missing version_id']);
exit;
}
$userId = $user_data['id'];
// Verify payment was successful (integrate with your payment processor)
$paymentVerified = true; // For testing - integrate with actual payment verification
if (!$paymentVerified) {
http_response_code(400);
echo json_encode(['error' => 'Payment verification failed']);
exit;
}
// Check access requirements
$accessInfo = checkVersionAccess($userId, $versionId);
if ($accessInfo['accessible']) {
// Already has access
echo json_encode([
'success' => true,
'message' => 'You already have access to this version',
'license_granted' => false
]);
exit;
}
if (!$accessInfo['requires_payment']) {
// Shouldn't need payment
http_response_code(400);
echo json_encode(['error' => 'This version does not require payment']);
exit;
}
// Grant license
$success = grantLicense($pdo, $userId, $versionId, $transactionId);
if ($success) {
echo json_encode([
'success' => true,
'message' => 'License granted successfully',
'license_granted' => true
]);
} else {
http_response_code(500);
echo json_encode(['error' => 'Failed to grant license']);
}
break;
default:
// Handle CRUD operations for software versions (admin only)
if (!isAllowed('software', $profile, $permission, 'C') &&
!isAllowed('software', $profile, $permission, 'U') &&
!isAllowed('software', $profile, $permission, 'D')) {
http_response_code(403);
echo json_encode(['error' => 'Insufficient permissions']);
exit;
}
//SET PARAMETERS FOR QUERY
$id = $post_content['id'] ?? ''; //check for id
$command = ($id == '')? 'insert' : 'update'; //IF id = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
$date = date('Y-m-d H:i:s');
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){
$post_content['updated'] = $date;
$post_content['updatedby'] = $username;
}
elseif ($command == 'insert'){
$post_content['created'] = $date;
$post_content['createdby'] = $username;
}
//BUILD UP CLAUSE
$execute_input = [];
foreach ($post_content as $key => $value) {
if ($key == 'action' || $key == 'id' || $key == 'delete') continue;
if ($command == 'insert') {
$clause_insert .= $key.',';
$input_insert .= '?,';
$execute_input[] = $value;
} elseif ($command == 'update') {
$clause .= $key.'=?,';
$execute_input[] = $value;
}
}
//CLEAN UP INPUT
$clause = substr($clause, 0, -1); //Clean clause - remove last comma
$clause_insert = substr($clause_insert, 0, -1); //Clean clause - remove last comma
$input_insert = substr($input_insert, 0, -1); //Clean clause - remove last comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('software',$profile,$permission,'U') === 1){
$sql = 'UPDATE software_versions SET '.$clause.' WHERE rowID = ?';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && isAllowed('software',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO software_versions ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('software',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE FROM software_versions WHERE rowID = ?');
$stmt->execute([$id]);
//Add deletion to changelog
changelog($dbname,'software_versions',$id,'Delete','Delete',$username);
} else {
http_response_code(403);
echo json_encode(['error' => 'Operation not allowed']);
}
break;
}
?>

84
api/v2/post/upgrade_paths.php
View File

@@ -1,84 +0,0 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Upgrade Paths Management
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
list($whereclause,$condition) = getWhereclause('',$permission,$partner,'');
//SET PARAMETERS FOR QUERY
$id = $post_content['id'] ?? ''; //check for id
$command = ($id == '')? 'insert' : 'update'; //IF id = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
$date = date('Y-m-d H:i:s');
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){
$post_content['updated'] = $date;
$post_content['updatedby'] = $username;
}
elseif ($command == 'insert'){
$post_content['created'] = $date;
$post_content['createdby'] = $username;
}
//BUILD UP CLAUSE
$execute_input = [];
foreach ($post_content as $key => $value) {
if ($key == 'id' || $key == 'delete') continue;
if ($command == 'insert') {
$clause_insert .= $key.',';
$input_insert .= '?,';
$execute_input[] = $value;
} elseif ($command == 'update') {
$clause .= $key.'=?,';
$execute_input[] = $value;
}
}
//CLEAN UP INPUT
$clause = substr($clause, 0, -1); //Clean clause - remove last comma
$clause_insert = substr($clause_insert, 0, -1); //Clean clause - remove last comma
$input_insert = substr($input_insert, 0, -1); //Clean clause - remove last comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('upgrade_paths',$profile,$permission,'U') === 1){
$sql = 'UPDATE upgrade_paths SET '.$clause.' WHERE id = ?';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && isAllowed('upgrade_paths',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO upgrade_paths ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('upgrade_paths',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE FROM upgrade_paths WHERE id = ?');
$stmt->execute([$id]);
//Add deletion to changelog
changelog($dbname,'upgrade_paths',$id,'Delete','Delete',$username);
} else {
http_response_code(403);
echo json_encode(['error' => 'Operation not allowed']);
}
?>

84
api/v2/post/user_licenses.php
View File

@@ -1,84 +0,0 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// User Licenses Management
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
list($whereclause,$condition) = getWhereclause('',$permission,$partner,'');
//SET PARAMETERS FOR QUERY
$id = $post_content['id'] ?? ''; //check for id
$command = ($id == '')? 'insert' : 'update'; //IF id = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
$date = date('Y-m-d H:i:s');
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){
$post_content['updated'] = $date;
$post_content['updatedby'] = $username;
}
elseif ($command == 'insert'){
$post_content['created'] = $date;
$post_content['createdby'] = $username;
}
//BUILD UP CLAUSE
$execute_input = [];
foreach ($post_content as $key => $value) {
if ($key == 'id' || $key == 'delete') continue;
if ($command == 'insert') {
$clause_insert .= $key.',';
$input_insert .= '?,';
$execute_input[] = $value;
} elseif ($command == 'update') {
$clause .= $key.'=?,';
$execute_input[] = $value;
}
}
//CLEAN UP INPUT
$clause = substr($clause, 0, -1); //Clean clause - remove last comma
$clause_insert = substr($clause_insert, 0, -1); //Clean clause - remove last comma
$input_insert = substr($input_insert, 0, -1); //Clean clause - remove last comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('user_licenses',$profile,$permission,'U') === 1){
$sql = 'UPDATE user_licenses SET '.$clause.' WHERE id = ?';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && isAllowed('user_licenses',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO user_licenses ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('user_licenses',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE FROM user_licenses WHERE id = ?');
$stmt->execute([$id]);
//Add deletion to changelog
changelog($dbname,'user_licenses',$id,'Delete','Delete',$username);
} else {
http_response_code(403);
echo json_encode(['error' => 'Operation not allowed']);
}
?>

84
api/v2/post/version_access_rules.php
View File

@@ -1,84 +0,0 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Version Access Rules Management
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
list($whereclause,$condition) = getWhereclause('',$permission,$partner,'');
//SET PARAMETERS FOR QUERY
$id = $post_content['id'] ?? ''; //check for id
$command = ($id == '')? 'insert' : 'update'; //IF id = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
$date = date('Y-m-d H:i:s');
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){
$post_content['updated'] = $date;
$post_content['updatedby'] = $username;
}
elseif ($command == 'insert'){
$post_content['created'] = $date;
$post_content['createdby'] = $username;
}
//BUILD UP CLAUSE
$execute_input = [];
foreach ($post_content as $key => $value) {
if ($key == 'id' || $key == 'delete') continue;
if ($command == 'insert') {
$clause_insert .= $key.',';
$input_insert .= '?,';
$execute_input[] = $value;
} elseif ($command == 'update') {
$clause .= $key.'=?,';
$execute_input[] = $value;
}
}
//CLEAN UP INPUT
$clause = substr($clause, 0, -1); //Clean clause - remove last comma
$clause_insert = substr($clause_insert, 0, -1); //Clean clause - remove last comma
$input_insert = substr($input_insert, 0, -1); //Clean clause - remove last comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('version_access_rules',$profile,$permission,'U') === 1){
$sql = 'UPDATE version_access_rules SET '.$clause.' WHERE id = ?';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && isAllowed('version_access_rules',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO version_access_rules ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('version_access_rules',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE FROM version_access_rules WHERE id = ?');
$stmt->execute([$id]);
//Add deletion to changelog
changelog($dbname,'version_access_rules',$id,'Delete','Delete',$username);
} else {
http_response_code(403);
echo json_encode(['error' => 'Operation not allowed']);
}
?>

350
assets/functions.js
View File

@@ -1,350 +0,0 @@
// Software Upgrade System - Frontend Functions
// Requires: jQuery or modern fetch API
class UpgradeManager {
constructor(apiBase = '/api.php') {
this.apiBase = apiBase;
this.serviceToken = '';
this.init();
}
init() {
// Get service token from DOM if available
const tokenElement = document.getElementById('servicetoken');
if (tokenElement) {
this.serviceToken = tokenElement.innerHTML || '';
}
}
async makeAPICall(endpoint, method = 'GET', data = null) {
const url = this.apiBase + endpoint;
const bearer = 'Bearer ' + this.serviceToken;
const options = {
method: method,
headers: {
'Authorization': bearer,
'Content-Type': 'application/json'
},
credentials: 'include'
};
if (data && (method === 'POST' || method === 'PUT')) {
options.body = JSON.stringify(data);
}
const response = await fetch(url, options);
if (!response.ok) {
const errorData = await response.json().catch(() => ({ error: 'Network error' }));
throw new Error(errorData.error || `HTTP ${response.status}`);
}
return await response.json();
}
async getAvailableVersions() {
try {
const data = await this.makeAPICall('/v2/get/software?available');
return data;
} catch (error) {
console.error('Error fetching available versions:', error);
throw error;
}
}
async downloadVersion(versionId, onProgress = null) {
try {
// Step 1: Request download token
const downloadRequest = await this.makeAPICall('/v2/post/software', 'POST', {
action: 'download',
version_id: parseInt(versionId)
});
if (!downloadRequest.download_url) {
throw new Error('No download URL received');
}
// Step 2: Download file using temporary URL
await this.downloadFile(downloadRequest.download_url, onProgress);
} catch (error) {
console.error('Download error:', error);
throw error;
}
}
async downloadFile(url, onProgress) {
const response = await fetch(url, {
credentials: 'include'
});
if (!response.ok) {
throw new Error('Download failed');
}
const contentLength = response.headers.get('Content-Length');
const total = parseInt(contentLength, 10);
let loaded = 0;
const reader = response.body.getReader();
const chunks = [];
while (true) {
const { done, value } = await reader.read();
if (done) break;
chunks.push(value);
loaded += value.length;
if (onProgress && total) {
onProgress(loaded, total);
}
}
// Create blob from chunks
const blob = new Blob(chunks);
// Trigger download
const downloadUrl = window.URL.createObjectURL(blob);
const a = document.createElement('a');
a.href = downloadUrl;
a.download = 'software_upgrade.zip'; // Filename will be set by server
document.body.appendChild(a);
a.click();
window.URL.revokeObjectURL(downloadUrl);
document.body.removeChild(a);
}
async purchaseVersion(versionId, transactionId = null) {
try {
const purchaseData = {
action: 'purchase',
version_id: parseInt(versionId)
};
if (transactionId) {
purchaseData.transaction_id = transactionId;
}
const result = await this.makeAPICall('/v2/post/software', 'POST', purchaseData);
return result;
} catch (error) {
console.error('Purchase error:', error);
throw error;
}
}
formatBytes(bytes) {
if (bytes === 0) return '0 Bytes';
const k = 1024;
const sizes = ['Bytes', 'KB', 'MB', 'GB'];
const i = Math.floor(Math.log(bytes) / Math.log(k));
return Math.round(bytes / Math.pow(k, i) * 100) / 100 + ' ' + sizes[i];
}
formatPrice(price, currency = 'USD') {
return new Intl.NumberFormat('en-US', {
style: 'currency',
currency: currency
}).format(price);
}
}
// Global upgrade manager instance
let upgradeManager;
// Initialize upgrade system
function initUpgradeSystem() {
upgradeManager = new UpgradeManager();
}
// Display upgrade options in UI
async function showUpgradeOptions(containerId = 'upgrade-container') {
const container = document.getElementById(containerId);
if (!container) {
console.error('Container element not found:', containerId);
return;
}
try {
const data = await upgradeManager.getAvailableVersions();
container.innerHTML = '';
// Show current version info
if (data.current_version) {
const currentDiv = document.createElement('div');
currentDiv.className = 'current-version-info';
currentDiv.innerHTML = `
<h3>Your Current Version: ${data.current_version}</h3>
<p>Owned versions: ${data.owned_versions.map(v => v.version).join(', ')}</p>
`;
container.appendChild(currentDiv);
}
// Show available versions
if (data.available_versions && data.available_versions.length > 0) {
const versionsDiv = document.createElement('div');
versionsDiv.className = 'available-versions';
data.available_versions.forEach(version => {
const versionCard = document.createElement('div');
versionCard.className = 'version-card';
versionCard.dataset.versionId = version.id;
let buttonHTML = '';
let priceHTML = '';
let statusHTML = '';
if (version.is_accessible) {
statusHTML = '<span class="badge owned">Owned</span>';
buttonHTML = `<button onclick="downloadVersion(${version.id})" class="download-btn">Download</button>`;
} else if (version.requires_payment) {
if (version.is_upgrade) {
priceHTML = `
<div class="price-info">
<span class="upgrade-price">${upgradeManager.formatPrice(version.price)}</span>
<span class="original-price">${upgradeManager.formatPrice(version.original_price)}</span>
<span class="upgrade-label">Upgrade from v${version.upgrade_from}</span>
</div>
`;
} else {
priceHTML = `<div class="price-info">${upgradeManager.formatPrice(version.price)}</div>`;
}
buttonHTML = `<button onclick="purchaseVersion(${version.id}, ${version.price})" class="purchase-btn">Purchase</button>`;
} else if (version.access_reason === 'requires_base_version') {
statusHTML = `<span class="badge locked">Requires v${version.required_version}</span>`;
buttonHTML = `<button disabled class="locked-btn">Requires v${version.required_version}</button>`;
}
versionCard.innerHTML = `
<div class="version-header">
<h4>${version.name} ${statusHTML}</h4>
<span class="version-number">v${version.version}</span>
</div>
<div class="version-description">${version.description}</div>
<div class="version-meta">
<span class="file-size">Size: ${upgradeManager.formatBytes(version.file_size)}</span>
<span class="release-date">Released: ${new Date(version.release_date).toLocaleDateString()}</span>
</div>
${priceHTML}
<div class="version-actions">
${buttonHTML}
</div>
`;
versionsDiv.appendChild(versionCard);
});
container.appendChild(versionsDiv);
} else {
container.innerHTML = '<p>No software versions available at this time.</p>';
}
} catch (error) {
container.innerHTML = `<div class="error-message">Error loading upgrades: ${error.message}</div>`;
console.error('Error showing upgrade options:', error);
}
}
// Download version with progress
async function downloadVersion(versionId) {
const button = event.target;
const originalText = button.innerHTML;
try {
button.disabled = true;
button.innerHTML = 'Preparing Download...';
// Create progress indicator
const progressContainer = document.createElement('div');
progressContainer.className = 'download-progress';
progressContainer.innerHTML = `
<div class="progress-bar">
<div class="progress-fill" style="width: 0%"></div>
</div>
<div class="progress-text">0%</div>
`;
button.parentNode.appendChild(progressContainer);
const progressFill = progressContainer.querySelector('.progress-fill');
const progressText = progressContainer.querySelector('.progress-text');
await upgradeManager.downloadVersion(versionId, (loaded, total) => {
const percent = Math.round((loaded / total) * 100);
progressFill.style.width = percent + '%';
progressText.textContent = percent + '%';
});
button.innerHTML = 'Download Complete!';
progressText.textContent = 'Complete';
// Remove progress after a delay
setTimeout(() => {
progressContainer.remove();
button.innerHTML = originalText;
button.disabled = false;
}, 3000);
} catch (error) {
button.innerHTML = 'Download Failed';
button.disabled = false;
alert('Download failed: ' + error.message);
// Remove progress on error
const progressContainer = button.parentNode.querySelector('.download-progress');
if (progressContainer) {
progressContainer.remove();
}
}
}
// Purchase version
async function purchaseVersion(versionId, price) {
const button = event.target;
const originalText = button.innerHTML;
const confirmed = confirm(`Purchase this software version for ${upgradeManager.formatPrice(price)}?`);
if (!confirmed) return;
try {
button.disabled = true;
button.innerHTML = 'Processing Purchase...';
// Here you would integrate with your payment processor
// For now, we'll simulate with a transaction ID
const transactionId = 'txn_' + Date.now();
const result = await upgradeManager.purchaseVersion(versionId, transactionId);
if (result.success) {
button.innerHTML = 'Purchase Successful!';
button.className = 'success-btn';
// Refresh the upgrade options
setTimeout(() => {
showUpgradeOptions();
}, 2000);
} else {
throw new Error(result.error || 'Purchase failed');
}
} catch (error) {
button.innerHTML = 'Purchase Failed';
button.disabled = false;
alert('Purchase failed: ' + error.message);
}
}
// Initialize when DOM is ready
document.addEventListener('DOMContentLoaded', function() {
initUpgradeSystem();
});
// Export for module usage (optional)
if (typeof module !== 'undefined' && module.exports) {
module.exports = { UpgradeManager, upgradeManager };
}

57
assets/functions.php
View File

@@ -1016,21 +1016,64 @@ function getProfile($profile, $permission){
//Include settingsa //Include settingsa
include dirname(__FILE__,2).'/settings/settings_redirector.php'; include dirname(__FILE__,2).'/settings/settings_redirector.php';
// Always allowed collections: [collection => allowed_actions_string]
$always_allowed = [
'com_log' => 'U'
];
// Group permissions: [granting_page => [collection => allowed_actions_string]]
$group_permissions = [
'upgrades' => [
'software_downloads' => 'RU',
'software' => 'RU',
'upgrade_paths' => 'RU',
'user_licenses' => 'RU',
'version_access_rules' => 'RU',
'download_logs' => 'RU',
'download_tokens' => 'RU'
]
];
// Debug log
debuglog("isAllowed called: page=$page, profile=$profile, permission=$permission, action=$action");
// 1. Check always allowed
if (isset($always_allowed[$page]) && str_contains($always_allowed[$page], $action)) {
debuglog("Allowed by always_allowed");
return 1;
}
//GET ALLOWED ACTIONS //GET ALLOWED ACTIONS
$user_permission = ${'permission_'.$permission}; $user_permission = ${'permission_'.$permission};
//CHECK ALLOWED //CHECK ALLOWED
$page_action = str_contains($user_permission,$action) > 0 ? 1 : 0; //CHECK IF USER IS ALLOWED TODO THE ACTION $page_action = str_contains($user_permission,$action) > 0 ? 1 : 0; //CHECK IF USER IS ALLOWED TO DO THE ACTION
$page_access = str_contains($profile,$page) > 0 ? 1 : 0; //CHECK USER IS ALLOWED TO ACCESS PAGE $page_access = str_contains($profile,$page) > 0 ? 1 : 0; //CHECK USER IS ALLOWED TO ACCESS PAGE
//RETURN CODE debuglog("user_permission=$user_permission, page_action=$page_action, page_access=$page_access");
// 2. Check user permissions (standard)
if ($page_access == 1 && $page_action == 1){ if ($page_access == 1 && $page_action == 1){
$user_access = 1; debuglog("Allowed by user permissions");
} else { return 1;
//Not Allowed
$user_access = 0;
} }
return $user_access;
// 3. If not allowed by user, check group permissions
if ($page_access == 0) {
foreach ($group_permissions as $granting_page => $grants) {
if (str_contains($profile, $granting_page)) {
debuglog("Found granting_page: $granting_page");
if (isset($grants[$page]) && str_contains($grants[$page], $action)) {
debuglog("Allowed by group permissions");
return 1;
}
}
}
}
debuglog("Not allowed");
// Not allowed
return 0;
} }

282
includes/version_access.php
View File

@@ -1,282 +0,0 @@
<?php
function getUserOwnedVersions($userId) {
global $pdo;
$stmt = $pdo->prepare("
SELECT sv.*, ul.license_key, ul.purchased_at
FROM user_licenses ul
JOIN software_versions sv ON ul.version_id = sv.rowID
WHERE ul.user_id = ? AND ul.status = 'active'
ORDER BY sv.major_version DESC, sv.minor_version DESC
");
$stmt->execute([$userId]);
return $stmt->fetchAll(PDO::FETCH_ASSOC);
}
function getLatestOwnedVersion($userId) {
$versions = getUserOwnedVersions($userId);
return !empty($versions) ? $versions[0] : null;
}
function checkVersionAccess($userId, $versionId) {
global $pdo;
// Get version and its access rules
$stmt = $pdo->prepare("
SELECT sv.*, var.access_type, var.requires_base_version, var.price
FROM software_versions sv
JOIN version_access_rules var ON sv.rowID = var.version_id
WHERE sv.rowID = ?
");
$stmt->execute([$versionId]);
$version = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$version) {
return ['accessible' => false, 'reason' => 'Version not found'];
}
switch ($version['access_type']) {
case 'free_all':
// Free for everyone (like v0.99)
return [
'accessible' => true,
'reason' => 'free_for_all',
'price' => 0.00,
'requires_payment' => false
];
case 'free_for_owners':
// Free for owners of required base version (like v1.1 for v1.0 owners)
if ($version['requires_base_version']) {
$hasBaseVersion = userOwnsVersion($userId, $version['requires_base_version']);
if ($hasBaseVersion) {
return [
'accessible' => true,
'reason' => 'free_upgrade',
'price' => 0.00,
'requires_payment' => false
];
} else {
return [
'accessible' => false,
'reason' => 'requires_base_version',
'required_version' => $version['requires_base_version'],
'price' => $version['price'],
'requires_payment' => true
];
}
}
return ['accessible' => false, 'reason' => 'invalid_access_rule'];
case 'paid':
case 'paid_upgrade':
// Check if user already owns this version
if (userOwnsVersionById($userId, $versionId)) {
return [
'accessible' => true,
'reason' => 'already_owned',
'price' => 0.00,
'requires_payment' => false
];
}
// Check for upgrade pricing
$upgradeInfo = getUpgradePrice($userId, $versionId);
return [
'accessible' => false,
'reason' => 'requires_purchase',
'price' => $upgradeInfo['price'],
'original_price' => $version['price'],
'is_upgrade' => $upgradeInfo['is_upgrade'],
'requires_payment' => true
];
default:
return ['accessible' => false, 'reason' => 'unknown_access_type'];
}
}
function userOwnsVersion($userId, $version) {
global $pdo;
$stmt = $pdo->prepare("
SELECT COUNT(*)
FROM user_licenses ul
JOIN software_versions sv ON ul.version_id = sv.rowID
WHERE ul.user_id = ? AND sv.version = ? AND ul.status = 'active'
");
$stmt->execute([$userId, $version]);
return $stmt->fetchColumn() > 0;
}
function userOwnsVersionById($userId, $versionId) {
global $pdo;
$stmt = $pdo->prepare("
SELECT COUNT(*)
FROM user_licenses
WHERE user_id = ? AND version_id = ? AND status = 'active'
");
$stmt->execute([$userId, $versionId]);
return $stmt->fetchColumn() > 0;
}
function getUpgradePrice($userId, $targetVersionId) {
global $pdo;
// Get user's owned versions
$ownedVersions = getUserOwnedVersions($userId);
if (empty($ownedVersions)) {
// No owned versions, return full price
$stmt = $pdo->prepare("
SELECT var.price
FROM version_access_rules var
WHERE var.version_id = ?
");
$stmt->execute([$targetVersionId]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
return [
'price' => $result['price'] ?? 0.00,
'is_upgrade' => false
];
}
// Check for upgrade paths
$bestUpgradePrice = null;
$fromVersion = null;
foreach ($ownedVersions as $ownedVersion) {
$stmt = $pdo->prepare("
SELECT upgrade_price, is_free
FROM upgrade_paths
WHERE from_version_id = ? AND to_version_id = ?
");
$stmt->execute([$ownedVersion['id'], $targetVersionId]);
$upgrade = $stmt->fetch(PDO::FETCH_ASSOC);
if ($upgrade) {
if ($upgrade['is_free']) {
return [
'price' => 0.00,
'is_upgrade' => true,
'from_version' => $ownedVersion['version']
];
}
if ($bestUpgradePrice === null || $upgrade['upgrade_price'] < $bestUpgradePrice) {
$bestUpgradePrice = $upgrade['upgrade_price'];
$fromVersion = $ownedVersion['version'];
}
}
}
if ($bestUpgradePrice !== null) {
return [
'price' => $bestUpgradePrice,
'is_upgrade' => true,
'from_version' => $fromVersion
];
}
// No upgrade path, return full price
$stmt = $pdo->prepare("
SELECT var.price
FROM version_access_rules var
WHERE var.version_id = ?
");
$stmt->execute([$targetVersionId]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
return [
'price' => $result['price'] ?? 0.00,
'is_upgrade' => false
];
}
function grantLicense($pdo, $userId, $versionId, $transactionId = null) {
// Generate unique license key
$licenseKey = generateLicenseKey($userId, $versionId);
$stmt = $pdo->prepare("
INSERT INTO user_licenses (user_id, version_id, license_key, transaction_id, status)
VALUES (?, ?, ?, ?, 'active')
ON DUPLICATE KEY UPDATE status = 'active', license_key = ?
");
return $stmt->execute([$userId, $versionId, $licenseKey, $transactionId, $licenseKey]);
}
function generateLicenseKey($userId, $versionId) {
// Generate a unique license key
$data = $userId . '-' . $versionId . '-' . time() . '-' . bin2hex(random_bytes(8));
return strtoupper(substr(hash('sha256', $data), 0, 29)); // Format: XXXXX-XXXXX-XXXXX-XXXXX-XXXXX
}
function generateSecureDownloadToken($pdo, $userId, $versionId) {
// Generate random token
$token = bin2hex(random_bytes(32));
// Store token with expiration (5 minutes)
$expiresAt = date('Y-m-d H:i:s', time() + 300);
$stmt = $pdo->prepare(
"INSERT INTO download_tokens (token, user_id, version_id, expires_at, used)
VALUES (?, ?, ?, ?, 0)"
);
$stmt->execute([$token, $userId, $versionId, $expiresAt]);
return $token;
}
function validateUserAccess($userId, $versionId) {
global $pdo;
// Check if version requires payment
$stmt = $pdo->prepare("
SELECT var.access_type
FROM version_access_rules var
WHERE var.version_id = ?
");
$stmt->execute([$versionId]);
$accessRule = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$accessRule) {
return false;
}
if ($accessRule['access_type'] === 'free_all') {
return true; // Free for everyone
}
// Check if user has valid license
$stmt = $pdo->prepare(
"SELECT COUNT(*) FROM user_licenses
WHERE user_id = ? AND version_id = ? AND status = 'active'"
);
$stmt->execute([$userId, $versionId]);
return $stmt->fetchColumn() > 0;
}
function logDownload($pdo, $userId, $versionId) {
$stmt = $pdo->prepare("
INSERT INTO download_logs (user_id, version_id, ip_address, user_agent, downloaded_at)
VALUES (?, ?, ?, ?, NOW())
");
$stmt->execute([
$userId,
$versionId,
$_SERVER['REMOTE_ADDR'] ?? '',
$_SERVER['HTTP_USER_AGENT'] ?? ''
]);
}
?>

285
upgrades.php
View File

@@ -1,285 +0,0 @@
<?php
defined(page_security_key) or exit;
if (debug && debug_id == $_SESSION['id']){
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
}
include_once './assets/functions.php';
include_once './settings/settings_redirector.php';
//Check if allowed
if (isAllowed('upgrades',$_SESSION['profile'],$_SESSION['permission'],'R') === 0){
header('location: index.php');
exit;
}
template_header('Software Upgrades', 'upgrades', 'view');
$view = '
<div class="container-fluid">
<div class="row">
<div class="col-12">
<div class="card">
<div class="card-header">
<h3 class="card-title">
<i class="fas fa-download"></i> Software Upgrades
</h3>
<div class="card-tools">
<button type="button" class="btn btn-tool" data-card-widget="collapse">
<i class="fas fa-minus"></i>
</button>
</div>
</div>
<div class="card-body">
<div id="upgrade-container">
<div class="text-center">
<div class="spinner-border" role="status">
<span class="sr-only">Loading...</span>
</div>
<p>Loading available upgrades...</p>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<!-- Include the upgrade functions -->
<script src="assets/functions.js"></script>
<script>
// Initialize upgrade system when page loads
document.addEventListener(\'DOMContentLoaded\', function() {
// Wait a bit for the upgrade manager to initialize
setTimeout(function() {
showUpgradeOptions(\'upgrade-container\');
}, 500);
});
</script>
<style>
/* Upgrade System Styles */
.current-version-info {
background: #f8f9fa;
border: 1px solid #dee2e6;
border-radius: 0.375rem;
padding: 1rem;
margin-bottom: 2rem;
}
.current-version-info h3 {
color: #495057;
margin-bottom: 0.5rem;
font-size: 1.25rem;
}
.available-versions {
display: grid;
gap: 1.5rem;
}
.version-card {
border: 1px solid #dee2e6;
border-radius: 0.5rem;
padding: 1.5rem;
background: white;
box-shadow: 0 0.125rem 0.25rem rgba(0, 0, 0, 0.075);
transition: box-shadow 0.15s ease-in-out;
}
.version-card:hover {
box-shadow: 0 0.5rem 1rem rgba(0, 0, 0, 0.15);
}
.version-header {
display: flex;
justify-content: space-between;
align-items: center;
margin-bottom: 1rem;
}
.version-header h4 {
margin: 0;
color: #495057;
font-size: 1.1rem;
}
.version-number {
background: #6c757d;
color: white;
padding: 0.25rem 0.5rem;
border-radius: 0.25rem;
font-size: 0.875rem;
font-weight: 500;
}
.version-description {
color: #6c757d;
margin-bottom: 1rem;
line-height: 1.5;
}
.version-meta {
display: flex;
gap: 1rem;
margin-bottom: 1rem;
font-size: 0.875rem;
color: #6c757d;
}
.price-info {
margin-bottom: 1rem;
font-size: 1.1rem;
font-weight: 600;
color: #28a745;
}
.upgrade-price {
color: #dc3545;
text-decoration: line-through;
margin-right: 0.5rem;
}
.original-price {
color: #6c757d;
font-size: 0.9rem;
}
.upgrade-label {
display: block;
font-size: 0.8rem;
color: #17a2b8;
font-weight: normal;
margin-top: 0.25rem;
}
.version-actions {
margin-top: 1rem;
}
.download-btn, .purchase-btn {
background: #007bff;
color: white;
border: none;
padding: 0.75rem 1.5rem;
border-radius: 0.375rem;
cursor: pointer;
font-size: 1rem;
font-weight: 500;
transition: background-color 0.15s ease-in-out;
}
.download-btn:hover, .purchase-btn:hover {
background: #0056b3;
}
.locked-btn {
background: #6c757d;
color: white;
border: none;
padding: 0.75rem 1.5rem;
border-radius: 0.375rem;
cursor: not-allowed;
font-size: 1rem;
font-weight: 500;
}
.success-btn {
background: #28a745 !important;
color: white;
border: none;
padding: 0.75rem 1.5rem;
border-radius: 0.375rem;
font-size: 1rem;
font-weight: 500;
}
.badge {
display: inline-block;
padding: 0.35rem 0.5rem;
font-size: 0.75rem;
font-weight: 700;
line-height: 1;
text-align: center;
white-space: nowrap;
vertical-align: baseline;
border-radius: 0.375rem;
}
.badge.owned {
background: #28a745;
color: white;
}
.badge.locked {
background: #dc3545;
color: white;
}
.download-progress {
margin-top: 1rem;
text-align: center;
}
.progress-bar {
width: 100%;
height: 1rem;
background: #e9ecef;
border-radius: 0.5rem;
overflow: hidden;
margin-bottom: 0.5rem;
}
.progress-fill {
height: 100%;
background: #007bff;
transition: width 0.3s ease;
border-radius: 0.5rem;
}
.progress-text {
font-weight: 600;
color: #495057;
}
.error-message {
color: #dc3545;
background: #f8d7da;
border: 1px solid #f5c6cb;
border-radius: 0.375rem;
padding: 1rem;
text-align: center;
}
/* Responsive adjustments */
@media (max-width: 768px) {
.version-header {
flex-direction: column;
align-items: flex-start;
gap: 0.5rem;
}
.version-meta {
flex-direction: column;
gap: 0.25rem;
}
.available-versions {
gap: 1rem;
}
.version-card {
padding: 1rem;
}
}
</style>
';
//OUTPUT
echo $view;
template_footer();