pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CMXX - Checkout and Placeorder

Browse Source
This commit is contained in:
“VeLiTi”
2025-02-17 19:01:04 +01:00
parent 2072250072
commit 3aaa6c6680
26 changed files with 3148 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

125
api/v2/post/transactions.php Normal file
View File

@@ -0,0 +1,125 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Transactions
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
}
//WEBSHOP UPDATE CAN SEND TXN_ID ONLY
if (isset($post_content['txn_id']) && $post_content['txn_id'] != '' && !isset($post_content['id'])){
//CHECK IF TXN_ID is send and valid
$sql = 'SELECT * FROM transactions WHERE txn_id = ?';
$stmt = $pdo->prepare($sql);
//Excute Query
$stmt->execute([$post_content['txn_id']]);
//Get results
if ($messages = $stmt->fetch(PDO::FETCH_ASSOC)){
//UPDATE ID TO TXN_ID RELATED ID
$post_content['id'] = $messages['id'];
unset($post_content['txn_id']);
}
}
//SET PARAMETERS FOR QUERY
$id = $post_content['id'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
//CHECK FOR ERRORS
$errors = validateTransactionData($post_content);
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//BUILD UP PARTNERHIERARCHY FROM USER
$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){
}
elseif ($command == 'insert'){
$post_content['accounthierarchy'] = $partner_product;
}
else {
//do nothing
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'rowID'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('transactions',$profile,$permission,'U') === 1){
$sql = 'UPDATE transactions SET '.$clause.' WHERE id = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
//RETURN UPDATED ID
$messages = json_encode(array('transaction_id'=> $id), JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
}
elseif ($command == 'insert' && empty($errors) && isAllowed('transactions',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO transactions ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('transactions',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE FROM transactions WHERE id = ? '.$whereclause.'');
$stmt->execute([ $id ]);
//Add deletion to changelog
changelog($dbname,'transactions',$id,'Delete','Delete',$username);
} else
{
//do nothing
}
?>