pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CMXX - Checkout and Placeorder

Browse Source
This commit is contained in:
“VeLiTi”
2025-02-17 19:01:04 +01:00
parent 2072250072
commit 3aaa6c6680
26 changed files with 3148 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

135
api/v2/get/discounts.php Normal file
View File

@@ -0,0 +1,135 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// discounts
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = 'WHERE d.accounthierarchy like "'.$condition.'"';
break;
}
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND name like :'.$v[0];
}
elseif ($v[0] == 'discount_category_id'){
$clause .= ' AND d.id = :'.$v[0];
}
elseif ($v[0] == 'discount_products_id'){
$clause .= ' AND d.id = :'.$v[0];
}
else {//create clause
$clause .= ' AND d.'.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM discounts '.$whereclause.'';
}
elseif(isset($criterias['discount_category_id']) && $criterias['discount_category_id'] !=''){
$sql ='SELECT c.name, c.rowID FROM discounts d JOIN categories c ON FIND_IN_SET(c.rowID, d.category_ids) '.$whereclause;
}
elseif(isset($criterias['discount_products_id']) && $criterias['discount_products_id'] !=''){
$sql ='SELECT p.productname, p.rowID FROM discounts d JOIN products p ON FIND_IN_SET(p.rowID, d.product_ids) '.$whereclause;
}
else {
//SQL for Paging
$sql = 'SELECT d.*, GROUP_CONCAT(DISTINCT p.productname) product_names, GROUP_CONCAT(DISTINCT c.name) category_names FROM discounts d LEFT JOIN products p ON FIND_IN_SET(p.rowID, d.product_ids) LEFT JOIN categories c ON FIND_IN_SET(c.rowID, d.category_ids) '.$whereclause.' GROUP BY d.id, d.category_ids, d.product_ids, d.discount_code, d.discount_type, d.discount_type, d.discount_value, d.start_date, d.end_date LIMIT :page,:num_products';
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
} else if ((isset($criterias['discount_category_id']) && $criterias['discount_category_id'] !='') || (isset($criterias['discount_products_id']) && $criterias['discount_products_id'] !='')){
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * $page_rows_discounts, PDO::PARAM_INT);
$stmt->bindValue('num_products', $page_rows_discounts, PDO::PARAM_INT);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
?>

127
api/v2/get/invoice.php Normal file
View File

@@ -0,0 +1,127 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// invoice
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = 'WHERE inv.accounthierarchy like "'.$condition.'"';
break;
}
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
else {//create clause
$clause .= ' AND inv.'.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM invoice inv '.$whereclause.'';
}
elseif (isset($criterias['list']) && $criterias['list'] =='invoice'){
//SQL for Paging
$sql = 'SELECT tx.*, txi.*, p.productname, inv.id as invoice, inv.created as invoice_created FROM transactions tx
left join invoice inv ON tx.id = inv.txn_id
left join transactions_items txi ON tx.id = txi.txn_id
left join products p ON p.rowID = txi.item_id '.$whereclause;
}
else {
//SQL for Paging
$sql = 'SELECT * FROM invoice inv '.$whereclause.' LIMIT :page,:num_products';
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
elseif (isset($criterias['list']) && $criterias['list']=='invoice'){
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
$messages = transformOrderData($messages);
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * $page_rows_invoice, PDO::PARAM_INT);
$stmt->bindValue('num_products', $page_rows_invoice, PDO::PARAM_INT);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
?>

4
api/v2/get/products_categories.php
View File

@@ -104,6 +104,10 @@ if(isset($get_content) && $get_content!=''){
//build up filter
$clause .= ' AND c.filter = :'.$v[0];
}
elseif ($v[0] == 'status') {
//build up filter
$clause .= ' AND c.status = :'.$v[0];
}
else {//create clause
$clause .= ' AND pc.'.$v[0].' = :'.$v[0];
}

155
api/v2/get/shipping.php Normal file
View File

@@ -0,0 +1,155 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// shipping
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
break;
}
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND name like :'.$v[0];
}
elseif ($v[0] == 'weight_total') {
//build up search
$clause .= ' AND weight_from <= :'.$v[0].' AND (weight_to >= :'.$v[0].' OR weight_to = 0)';
}
elseif ($v[0] == 'price_total') {
//build up search
$clause .= ' AND price_from <= :'.$v[0].' AND (price_to >= :'.$v[0].' OR price_to = 0)';
}
elseif ($v[0] == 'country') {
if ($v[1] != ''){
//CHECK IF SPECIFIC COUNTRY RECORD IS FOUND OTHERWISE CHECK FOR GLOBAL SHIPPING RECORDS
$sql = "SELECT COUNT(*) as count FROM shipping WHERE FIND_IN_SET(?, countries)";
$stmt = $pdo->prepare($sql);
$stmt->execute([$v[1]]);
$result = $stmt->fetch();
$result = $result[0];
if ($result > 0) {
$clause .= ' AND FIND_IN_SET(:'.$v[0].', countries) > 0';
} else {
//GET ALL COUNTRIES
$clause .= ' AND countries = ""';
}
}
else {
//GET ALL COUNTRIES
$clause .= ' AND countries = :'.$v[0];
}
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM shipping '.$whereclause.'';
}
elseif(isset($criterias['list']) && $criterias['list'] =='methods'){
$sql = 'SELECT * FROM shipping '.$whereclause;
}
else {
//SQL for Paging
$sql = 'SELECT * FROM shipping '.$whereclause.' LIMIT :page,:num_products';
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
elseif(isset($criterias['list']) && $criterias['list']=='methods'){
$stmt->execute();
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * $page_rows_shipping, PDO::PARAM_INT);
$stmt->bindValue('num_products', $page_rows_shipping, PDO::PARAM_INT);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
?>

115
api/v2/get/taxes.php Normal file
View File

@@ -0,0 +1,115 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Taxes
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
break;
}
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND name like :'.$v[0];
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM taxes '.$whereclause.'';
}
else {
//SQL for Paging
$sql = 'SELECT * FROM taxes '.$whereclause;
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
else {
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
?>

118
api/v2/get/transactions.php Normal file
View File

@@ -0,0 +1,118 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// transactions
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = 'WHERE tx.accounthierarchy like "'.$condition.'"';
break;
}
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND tx.name like :'.$v[0];
}
else {//create clause
$clause .= ' AND tx.'.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM transactions '.$whereclause.'';
}
else {
//SQL for Paging
$sql = 'SELECT * FROM transactions tx '.$whereclause.' LIMIT :page,:num_products';
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * $page_rows_transactions, PDO::PARAM_INT);
$stmt->bindValue('num_products', $page_rows_transactions, PDO::PARAM_INT);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
?>

118
api/v2/get/transactions_items.php Normal file
View File

@@ -0,0 +1,118 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// transactions_items
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
break;
}
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND name like :'.$v[0];
}
else {//create clause
$clause .= ' AND tai.'.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM transactions_items tai '.$whereclause.'';
}
else {
//SQL for Paging
$sql = 'SELECT ta.*, tai.* FROM transactions ta left join transactions_items tai ON ta.id = tai.txn_id '.$whereclause;
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
else {
//$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
//$stmt->bindValue('page', ($current_page - 1) * $page_rows_transactions, PDO::PARAM_INT);
//$stmt->bindValue('num_products', $page_rows_transactions, PDO::PARAM_INT);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
?>

52
api/v2/post/checkout.php Normal file
View File

@@ -0,0 +1,52 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Checkout handler
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//ENSURE PRODUCTROWID IS SEND
if (isset($post_content['cart']) && isset($post_content['checkout_input'])){
//CHECKOUT INPUT
$checkout_input = [
"products_validated" => $post_content['cart'],
"selected_country" => $post_content['checkout_input']['selected_country'],
"selected_shipping_method" => $post_content['checkout_input']['selected_shipment_method'],
"business_type" => $post_content['checkout_input']['business_type'],
"discount_code" => $post_content['checkout_input']['discount_code']
];
//Initialize calculator
$calculator = new ShoppingCartCalculator(
$checkout_input['products_validated'],
$checkout_input['selected_country'],
$checkout_input['selected_shipping_method'],
$checkout_input['business_type'],
$checkout_input['discount_code'],
$pdo
);
// Get all calculations in one array
$messages = $calculator->calculateTotals();
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
}
else
{
//------------------------------------------
// Payload not correct
//------------------------------------------
http_response_code(400); // Payload not correct
}
?>

103
api/v2/post/discounts.php Normal file
View File

@@ -0,0 +1,103 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// discounts
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
}
//BUILD UP PARTNERHIERARCHY FROM USER
$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
$id = $post_content['id'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//IMPLODE CATEGORIES AND PRODUCTS
$post_content['category_ids'] = isset($post_content['categories']) ? implode(',', $post_content['categories']) : '';
$post_content['product_ids'] = isset($post_content['products']) ? implode(',', $post_content['products']) : '';
//REMOVE categories and products from post_content
if (isset($post_content['categories'])) { unset($post_content['categories']);}
if (isset($post_content['products'])) { unset($post_content['products']);}
if ($command == 'update'){
}
if ($command == 'insert'){
$post_content['accounthierarchy'] = $partner_product;
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'rowID'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('discounts',$profile,$permission,'U') === 1){
$sql = 'UPDATE discounts SET '.$clause.' WHERE id = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && isAllowed('discounts',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO discounts ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('discounts',$profile,$permission,'D') === 1){
$sql = 'DELETE FROM discounts WHERE id = ? '.$whereclause;
$stmt = $pdo->prepare($sql);
$stmt->execute([$id]);
//Add deletion to changelog
changelog($dbname,'discounts',$id,'Delete','Delete',$username);
} else
{
//do nothing
}
?>

121
api/v2/post/invoice.php Normal file
View File

@@ -0,0 +1,121 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Invoice
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
}
//SET PARAMETERS FOR QUERY
$id = $post_content['id'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//BUILD UP PARTNERHIERARCHY FROM USER
$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){
}
elseif ($command == 'insert' && (isset($post_content['txn_id']) && $post_content['txn_id'] != '')){
//GET RELATED TRANSACTION DETAILS
$sql = 'SELECT * FROM transactions WHERE id = ? AND payment_status = "0"';
$stmt = $pdo->prepare($sql);
//Excute Query
$stmt->execute([$post_content['txn_id']]);
//Get results
if ($messages = $stmt->fetch(PDO::FETCH_ASSOC)) {
//ADD ADDITIONAL POST CONTENT
$post_content['payment_amount'] = $messages['payment_amount'];
$post_content['shipping_amount'] = $messages['shipping_amount'];
$post_content['discount_amount'] = $messages['discount_amount'];
$post_content['tax_amount'] = $messages['tax_amount'];
$post_content['payment_status'] = $messages['payment_status'];
$post_content['accounthierarchy'] = $partner_product;
}
}
else {
//do nothing
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'rowID'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('invoice',$profile,$permission,'U') === 1){
$sql = 'UPDATE invoice SET '.$clause.' WHERE id = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && isAllowed('invoice',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO invoice ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
//GET LAST_ID
$last_id = $pdo->lastInsertId();
$messages = json_encode(array('invoice_id'=> $last_id), JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
}
elseif ($command == 'delete' && isAllowed('invoice',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE FROM invoice WHERE id = ? '.$whereclause.'');
$stmt->execute([ $id ]);
//Add deletion to changelog
changelog($dbname,'invoice',$id,'Delete','Delete',$username);
} else
{
//do nothing
}
?>

144
api/v2/post/placeorder.php Normal file
View File

@@ -0,0 +1,144 @@
<?php
defined($security_key) or exit;
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
//------------------------------------------
// placeorder handler
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//ENSURE CART, CHECK_OUT_INPUT AND CUSTOMER DATA IS SEND
if (isset($post_content['cart']) && isset($post_content['checkout_input']) && isset($post_content['customer_details'])){
$errors = validateCheckoutData($post_content);
//IF ERRORS RETURN
if (!empty($errors)){
$messages = [
"error" => $errors
];
}
else {
//CHECKOUT INPUT
$checkout_input = [
"products_validated" => $post_content['cart'],
"selected_country" => $post_content['checkout_input']['selected_country'],
"selected_shipping_method" => $post_content['checkout_input']['selected_shipment_method'],
"business_type" => $post_content['checkout_input']['business_type'],
"discount_code" => $post_content['checkout_input']['discount_code'],
"payment_method" => $post_content['checkout_input']['payment_method']
];
//Customer details
$customer_details = [
'account_id' => $post_content['customer_details']['account_id'] ?? '',
'email' => $post_content['customer_details']['email'] ?? '',
'first_name' => $post_content['customer_details']['first_name'] ?? '',
'last_name' => $post_content['customer_details']['last_name'] ?? '',
'address_street' => $post_content['customer_details']['address_street'] ?? '',
'address_city' => $post_content['customer_details']['address_city'] ?? '',
'address_state' => $post_content['customer_details']['address_state'] ?? '',
'address_zip' => $post_content['customer_details']['address_zip'] ?? '',
'address_country' => $post_content['customer_details']['address_country'] ?? '',
'address_phone' => $post_content['customer_details']['address_phone'] ?? ''
];
//Initialize calculator
$calculator = new ShoppingCartCalculator(
$checkout_input['products_validated'],
$checkout_input['selected_country'],
$checkout_input['selected_shipping_method'],
$checkout_input['business_type'],
$checkout_input['discount_code'],
$pdo
);
//Recalculate the checkout
$products_in_cart = $calculator->calculateTotals();
$subtotal = $products_in_cart['totals']['subtotal'];
$shippingtotal = $products_in_cart['totals']['shippingtotal'];
$discounttotal = $products_in_cart['totals']['discounttotal'];
$taxtotal = $products_in_cart['totals']['taxtotal'];
$total = $products_in_cart['totals']['total'];
//BUILD UP PARTNERHIERARCHY FROM USER
$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
// Generate unique transaction ID
$txn_id = strtoupper(uniqid('SC') . substr(md5(mt_rand()), 0, 5));
// Insert transaction header
$stmt = $pdo->prepare('INSERT INTO transactions (txn_id, payment_amount, payment_status, payer_email, first_name, last_name, address_street, address_city, address_state, address_zip, address_country, address_phone, account_id, payment_method, shipping_method, shipping_amount, discount_amount, discount_code, tax_amount,accounthierarchy) VALUES (?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?)');
$stmt->execute([
$txn_id,
$total,
0,
$customer_details['email'],
$customer_details['first_name'],
$customer_details['last_name'],
$customer_details['address_street'],
$customer_details['address_city'],
$customer_details['address_state'],
$customer_details['address_zip'],
$customer_details['address_country'],
$customer_details['address_phone'],
$customer_details['account_id'],
$checkout_input['payment_method'],
$checkout_input['selected_shipping_method'],
$shippingtotal,
$discounttotal,
$checkout_input['discount_code'],
$taxtotal,
$partner_product
]);
// Get order ID
$transaction_id = $pdo->lastInsertId();
//Insert transaction items
foreach ($products_in_cart['cart_details']['products'] as $product) {
// JSON_ENCODE OPTIONS
$options = json_encode($product['options'],JSON_UNESCAPED_UNICODE) ?? '';
// For every product in the shopping cart insert a new transaction_item
$stmt = $pdo->prepare('INSERT INTO transactions_items (txn_id, item_id, item_price, item_quantity, item_options) VALUES (?,?,?,?,?)');
$stmt->execute([$transaction_id, $product['id'], $product['options_price'], $product['quantity'], $options]);
}
//Return to checkout page
$messages = [
"id" => $transaction_id,
"transaction_id" => $txn_id,
"payment_amount" => $total,
"payment_method" => $checkout_input['payment_method'],
"products_checked-out" => $products_in_cart['cart_details'],
"subtotal" => $subtotal,
"discounttotal" => $discounttotal,
"shippingtotal" => $shippingtotal,
"taxtotal" => $taxtotal,
"messages" => '',
"error" => ''
];
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
}
else
{
//------------------------------------------
// Payload not correct
//------------------------------------------
http_response_code(400); // Payload not correct
}
?>

99
api/v2/post/shipping.php Normal file
View File

@@ -0,0 +1,99 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// shipping
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
}
//BUILD UP PARTNERHIERARCHY FROM USER
$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
$id = $post_content['id'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//IMPLODE CATEGORIES AND PRODUCTS
$post_content['countries'] = isset($post_content['countries']) ? implode(',', $post_content['countries']) : '';
if ($command == 'update'){
}
if ($command == 'insert'){
$post_content['accounthierarchy'] = $partner_product;
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'rowID'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('shipping',$profile,$permission,'U') === 1){
$sql = 'UPDATE shipping SET '.$clause.' WHERE id = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && isAllowed('shipping',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO shipping ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('shipping',$profile,$permission,'D') === 1){
$sql = 'DELETE FROM shipping WHERE id = ? '.$whereclause;
$stmt = $pdo->prepare($sql);
$stmt->execute([$id]);
//Add deletion to changelog
changelog($dbname,'shipping',$id,'Delete','Delete',$username);
} else
{
//do nothing
}
?>

14
api/v2/post/shopping_cart.php
View File

@@ -43,6 +43,19 @@ if (isset($post_content['product']) && $post_content['product'] != '' && isset($
$options_weight = 0;
$options = $result['selected_items'];
//------------------------------------------
// ADD Product categories
//------------------------------------------
$cat_products = ioAPIv2('/v2/products_categories/status=1&product_id='.$product_ID,'',$clientsecret);
$cat_products = json_decode($cat_products,true);
$cat_input = '';
foreach($cat_products as $cat_product_id){
$cat_input .= $cat_product_id['rowID'].',';
}
$categories = substr($cat_input,0,-1);
$products_validated = [
'id' => $product_in_cart['rowID'],
'meta' =>
@@ -50,6 +63,7 @@ if (isset($post_content['product']) && $post_content['product'] != '' && isset($
"img" => $product_in_cart['full_path'],
"name" => $product_in_cart['productname'],
"productcode" => $product_in_cart['productcode'],
"category_ids" => $categories
],
'quantity' => $quantity,
'options' => [$options],

125
api/v2/post/transactions.php Normal file
View File

@@ -0,0 +1,125 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Transactions
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
}
//WEBSHOP UPDATE CAN SEND TXN_ID ONLY
if (isset($post_content['txn_id']) && $post_content['txn_id'] != '' && !isset($post_content['id'])){
//CHECK IF TXN_ID is send and valid
$sql = 'SELECT * FROM transactions WHERE txn_id = ?';
$stmt = $pdo->prepare($sql);
//Excute Query
$stmt->execute([$post_content['txn_id']]);
//Get results
if ($messages = $stmt->fetch(PDO::FETCH_ASSOC)){
//UPDATE ID TO TXN_ID RELATED ID
$post_content['id'] = $messages['id'];
unset($post_content['txn_id']);
}
}
//SET PARAMETERS FOR QUERY
$id = $post_content['id'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
//CHECK FOR ERRORS
$errors = validateTransactionData($post_content);
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//BUILD UP PARTNERHIERARCHY FROM USER
$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){
}
elseif ($command == 'insert'){
$post_content['accounthierarchy'] = $partner_product;
}
else {
//do nothing
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'rowID'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('transactions',$profile,$permission,'U') === 1){
$sql = 'UPDATE transactions SET '.$clause.' WHERE id = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
//RETURN UPDATED ID
$messages = json_encode(array('transaction_id'=> $id), JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
}
elseif ($command == 'insert' && empty($errors) && isAllowed('transactions',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO transactions ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('transactions',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE FROM transactions WHERE id = ? '.$whereclause.'');
$stmt->execute([ $id ]);
//Add deletion to changelog
changelog($dbname,'transactions',$id,'Delete','Delete',$username);
} else
{
//do nothing
}
?>