pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CMXX - Consumer identity

Browse Source
This commit is contained in:
“VeLiTi”
2025-02-22 23:45:27 +01:00
parent 8dd7023310
commit 3182cb0b3c
10 changed files with 381 additions and 16 deletions
Download Patch File Download Diff File Expand all files Collapse all files

110
api/v2/get/consumer_identity.php Normal file
View File

@@ -0,0 +1,110 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Consumer identity
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//Get user_rights from users.php
$partner = json_decode($partnerhierarchy);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
list($whereclause,$condition) = getWhereclause('',$permission,$partner,'get');
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND email like :'.$v[0];
}
elseif ($v[0] == 'partnerid') {
//check accounthierarchy related users
$clause .= ' AND accounthierarchy like :'.$v[0];
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count from consumer_identity '.$whereclause.'';
}
else {
//SQL for Paging
$sql = 'SELECT id,email,profile,first_name,last_name,address_street,address_city,address_state,address_zip,address_country,registered,address_phone,lastlogin,userkey,language,login_count,created,createdby,updated,updatedby,accounthierarchy FROM consumer_identity '.$whereclause.' ORDER BY lastlogin DESC LIMIT :page,:num_products';
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
elseif ($key == 'partnerid'){
$search_value = '%"_"'.$value.'-%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * $page_rows_users, PDO::PARAM_INT);
$stmt->bindValue('num_products', $page_rows_users, PDO::PARAM_INT);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;

6
api/v2/get/translations.php
View File

@@ -14,7 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
//default whereclause
$whereclause = '';
list($whereclause,$condition) = getWhereclause('',$permission,$partner,'get');
list($whereclause,$condition) = getWhereclause('text_variables',$permission,$partner,'get');
//NEW ARRAY
$criterias = [];
@@ -53,13 +53,13 @@ if(isset($get_content) && $get_content!=''){
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM text_variables '.$whereclause.'';
$sql = 'SELECT count(*) as count FROM text_variables tv '.$whereclause.'';
} elseif (isset($criterias['generatefile']) && $criterias['generatefile'] !=''){
$sql = 'SELECT tv.variable,tvt.translation FROM text_variables tv JOIN text_variables_translations tvt ON tv.rowID = tvt.variable_ID '.$whereclause.'';
}
else {
//SQL for Paging
$sql = 'SELECT * FROM text_variables '.$whereclause.' LIMIT :page,:num_products';
$sql = 'SELECT * FROM text_variables tv '.$whereclause.' LIMIT :page,:num_products';
}
$stmt = $pdo->prepare($sql);

215
api/v2/post/consumer_identity.php Normal file
View File

@@ -0,0 +1,215 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// consumer_identity
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
list($whereclause,$condition) = getWhereclause('',$permission,$partner,'');
//SET PARAMETERS FOR QUERY
$id = (isset($post_content['userkey'])) ? $post_content['userkey']: ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
if (isset($post_content['reset'])){$command = 'reset';} //change command to reset
if (isset($post_content['login'], $post_content['email'], $post_content['password'])){$command = 'login';}//change command to login
$date = date('Y-m-d H:i:s');
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//BUILD UP PARTNERHIERARCHY FROM INTERFACE USER
$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
//FIXED VARIABLES
$post_content['updatedby'] = $userrname; //initial = interface user
$post_content['accounthierarchy'] = $partner_product; // related to interface user
$post_content['userkey'] = bin2hex(random_bytes(25));
//Create or update resetkey
$headers = array('alg'=>'HS256','typ'=>'JWT');
$payload = array('key'=> bin2hex(random_bytes(25)), 'exp'=>(time() + 1800));
$resetkey = generate_jwt($headers, $payload);
//GET EXISTING CONSUMER DATA
if ($id != '' && $command == 'reset'){
//STEP 1 - Get username
$stmt = $pdo->prepare('SELECT * FROM consumer_identity WHERE userkey = ?');
$stmt->execute([$id]);
$consumer_data = $stmt->fetch();
//STEP 2- Store resetkey
$sql = 'UPDATE users SET resetkey = ?, updatedby = ? WHERE id = ? '.$whereclause.'';
$stmt = $pdo->prepare($sql);
$stmt->execute([$resetkey,$post_content['updatedby'],$id]);
//STEP 3 - Send DATA BACK TO FRONT_END
$messages = json_encode(array('consumer_email'=> $consumer_data['email'], "resetkey" => $resetkey), JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
exit;
}
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){
//Define Query
$stmt = $pdo->prepare('SELECT * FROM consumer_identity WHERE userkey = ?');
$stmt->execute([$id]);
$consumer_data = $stmt->fetch();
$post_content['updatedby'] = $consumer_data['email'];
if (isset($post_content['password'])){
$post_content['password'] = password_hash($password, PASSWORD_DEFAULT);
}
}
elseif ($command == 'insert'){
$post_content['password'] = bin2hex(random_bytes(25)); //generate initial password
$post_content['language'] = isset($post_content['language']) ? $post_content['language'] : 'US';
}
elseif ($command == 'login'){
//SETUP SQL FOR LOGIN_COUNT
$sql_login = 'UPDATE consumer_identity SET login_count = ? WHERE id = ?';
// Check if the account exists
$stmt = $pdo->prepare('SELECT * FROM consumer_identity WHERE email = ?');
$stmt->execute([ $post_content['email'] ]);
$account = $stmt->fetch(PDO::FETCH_ASSOC);
if (count($account) != 0){
//CHECK NUMBER OF LOGIN ATTEMPTS IS BELOW 5
if($user_data['login_count'] < 5){
// If account exists verify password
if ($account && password_verify($post_content['password'], $account['password'])) {
//CONSUMER LOGIN CORRECT RETURN DATA
$consumer = array(
'accountID' => $account['userkey'],
'profile' => $account['profile']
);
//Reset login count after succesfull attempt
$login_attempt = 0;
$stmt_login = $pdo->prepare($sql_login);
$stmt_login->execute([$login_attempt, $account['id']]);
//Encrypt results
$messages = json_encode($consumer, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
exit;
}
else {
//Update Login count with failed attempt
$login_attempt = $account['login_count'] + 1;
$stmt_login = $pdo->prepare($sql_login);
$stmt_login->execute([$login_attempt, $account['id']]);
//Send Response
http_response_code(403); //Not authorized
exit;
}
}
else {
//User is blocked & send error
$messages = '1';
//------------------------------------------
//Send results
//------------------------------------------
echo $messages;
exit;
}
}
}
else {
//do nothing
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'id'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && (isAllowed('consumer_identity',$profile,$permission,'U') === 1)){
$sql = 'UPDATE consumer_identity SET '.$clause.' WHERE userkey = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && isAllowed('',$profile,$permission,'C') === 1){
//check if consumer_identity exists
$stmt = $pdo->prepare('SELECT * FROM consumer_identity WHERE email = ?');
$stmt->execute([$post_content['email']]);
$consumer_exist = $stmt->fetch();
$exists = (isset($consumer_exist['email']))? 1 : 0;
if($consumer_exist == 0 ){
$sql = 'INSERT INTO consumer_identity ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
//STEP 2- Send to user
$messages = json_encode(array('consumer_email'=> $post_content['email'], "resetkey" => $resetkey), JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
exit;
} else {
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($exists, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
}
}
elseif ($command == 'delete' && isAllowed('consumer_identity',$profile,$permission,'D') === 1){
//delete equipment
$stmt = $pdo->prepare('DELETE FROM consumer_identity WHERE userkey = ? '.$whereclause.'');
$stmt->execute([ $id ]);
//Add deletion to changelog
changelog($dbname,'consumer_identity',$id,'Delete','Delete',$consumername);
} else
{
//do nothing
}
?>

1
api/v2/post/translations_details.php
View File

@@ -70,7 +70,6 @@ if ($command == 'update' && isAllowed('translation_manage',$profile,$permission,
$sql = 'UPDATE text_variables_translations SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->debugDumpParams();
$stmt->execute($execute_input);
}

26
api/v2/post/users.php
View File

@@ -17,7 +17,6 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
//default whereclause
list($whereclause,$condition) = getWhereclause('profile',$permission,$partner,'');
//SET PARAMETERS FOR QUERY
$id = (isset($post_content['id'])) ? $post_content['id']: ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
@@ -134,6 +133,9 @@ $post_content['userkey'] = (isset($post_content['userkey']) && $post_content['us
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){
if (isset($post_content['password'])){
$post_content['password'] = password_hash($password, PASSWORD_DEFAULT);
}
$post_content['partnerhierarchy'] = $accounthierarchy;
}
elseif ($command == 'insert'){
@@ -147,6 +149,28 @@ else {
//do nothing
}
//+++++++++++++++++++++++++++++++++++++++++++++
//RESET VIEW/PERMISSION BASED ON USER PERMISSION
//+++++++++++++++++++++++++++++++++++++++++++++
if($post_content['view']){
switch ($permission) {
case '4':
//ADMIN+ no override
break;
case '3':
//ADMINS cannot set ADMIN+ => reset to admin
$post_content['view'] = ($post_content['view'] == 5) ? 4 : $post_content['view'];
break;
default:
//OTHERS CANNOT SET HIGHER -> IF SET THEN MANIPULATION EXPECTED -> SET USER to READONLY
$post_content['view'] = ($post_content['view'] == 4 || $post_content['view'] == 5) ? 3 : $post_content['view'];
break;
}
}
//+++++++++++++++++++++++++++++++++++++++++++++
//+++++++++++++++++++++++++++++++++++++++++++++
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){