CMXX - Improved whereclause

.gitignore

@@ -9,3 +9,4 @@ log/
 assets/images/products/
 settings/config.php
 settings/settings.php
+variable_scan.php

api/v1/get/accounts.php

@@ -12,20 +12,8 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
 
 //NEW ARRAY
 $criterias = [];   

api/v1/get/application.php

@@ -29,24 +29,8 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //------------------------------------------
 //default whereclause
 //------------------------------------------
-$whereclause = '';
 
-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE e.accounthierarchy like "'.$condition.'"';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = 'WHERE e.accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
 //------------------------------------------
 //NEW ARRAY

api/v1/get/cartests.php

@@ -12,24 +12,8 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like :condition ';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = 'WHERE accounthierarchy like :condition ';
-        break;
-} 
 
 //NEW ARRAY
 $criterias = [];   

api/v1/get/communications.php

@@ -12,20 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
-
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE salesID like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclauselvl2('communications',$permission,$partner);
 
 //NEW ARRAY
 $criterias = [];   

api/v1/get/equipment_data.php

@@ -15,24 +15,8 @@ $partner = json_decode($partnerhierarchy);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('equipment',$permission,$partner);
 
-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE e.accounthierarchy like :condition ';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = 'WHERE e.accounthierarchy like :condition ';
-        break;
-} 
 //------------------------------------------
 //NEW ARRAY
 //------------------------------------------

api/v1/get/equipments.php

@@ -16,24 +16,8 @@ $partner = json_decode($partnerhierarchy);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('equipment',$permission,$partner);
 
-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE e.accounthierarchy like :condition ';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = 'WHERE e.accounthierarchy like :condition ';
-        break;
-} 
 //------------------------------------------
 //NEW ARRAY
 //------------------------------------------

api/v1/get/partners.php

@@ -12,20 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
-
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE salesID like :condition';
-        break;
-} 
+list($whereclause,$condition) = getWhereclauselvl2('partners',$permission,$partner);
 
 //NEW ARRAY
 $criterias = [];   

api/v1/get/products.php

@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
 //NEW ARRAY
 $criterias = [];   

api/v1/get/products_software.php

@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
 //NEW ARRAY
 $criterias = [];   

api/v1/get/products_versions.php

@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
 //NEW ARRAY
 $criterias = [];   

api/v1/get/profile.php

@@ -12,24 +12,8 @@ $partner = json_decode($partnerhierarchy);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('profile',$permission,$partner);
 
-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE partnerhierarchy  like :condition ';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = 'WHERE partnerhierarchy  like :condition ';
-        break;
-} 
 //NEW ARRAY
 $criterias = [];   
 $clause = '';

api/v1/get/users.php

@@ -12,24 +12,8 @@ $partner = json_decode($partnerhierarchy);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('profile',$permission,$partner);
 
-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE partnerhierarchy  like :condition ';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = 'WHERE partnerhierarchy  like :condition ';
-        break;
-} 
 //NEW ARRAY
 $criterias = [];   
 $clause = '';

api/v1/post/accounts.php

@@ -13,21 +13,9 @@ $post_content = json_decode(decode_payload($input),true);
 //SoldTo is empty
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
-//default whereclause to check if data is owned buy user
-$whereclause = '';
+//default whereclause
+list($whereclause,$condition) = getWhereclause('equipment',$permission,$partner);
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID

api/v1/post/communications.php

@@ -14,20 +14,8 @@ $post_content = json_decode(decode_payload($input),true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID

api/v1/post/contracts.php

@@ -16,22 +16,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
 
-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID

api/v1/post/equipments.php

@@ -16,22 +16,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
 
-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID

api/v1/post/partners.php

@@ -14,20 +14,7 @@ $post_content = json_decode(decode_payload($input),true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause to check if data is owned by user
-$whereclause = '';
-
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND salesID like "'.$condition.'"';
-        break;
-} 
+$whereclause = getWhereclauselvl2('partners',$permission,$partner);
 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['partnerID'] ?? ''; //check for rowID

api/v1/post/products.php

@@ -14,20 +14,8 @@ $post_content = json_decode(decode_payload($input),true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID

api/v1/post/products_software.php

@@ -14,20 +14,8 @@ $post_content = json_decode(decode_payload($input),true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
 
 //ENSURE PRODUCTROWID IS SEND
 if (isset($post_content['productrowid']) && $post_content['productrowid'] != ''){

api/v1/post/products_versions.php

@@ -14,20 +14,8 @@ $post_content = json_decode(decode_payload($input),true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
 
 //ENSURE PRODUCTROWID IS SEND
 if (isset($post_content['productrowid']) && $post_content['productrowid'] != ''){

api/v1/post/users.php

@@ -15,24 +15,8 @@ $owner_user = 0;
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause to check if data is owned by user
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('profile',$permission,$partner);
 
-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND partnerhierarchy like "'.$condition.'"';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = ' AND partnerhierarchy like "'.$condition.'"';
-        break;
-} 
 
 //SET PARAMETERS FOR QUERY
 $id = (isset($post_content['id'])) ? $post_content['id']: ''; //check for rowID

api/v2/get/accounts.php

@@ -12,20 +12,8 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
 
 //NEW ARRAY
 $criterias = [];   

api/v2/get/cartests.php

@@ -12,24 +12,8 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like :condition ';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = 'WHERE accounthierarchy like :condition ';
-        break;
-} 
 
 //NEW ARRAY
 $criterias = [];   

api/v2/get/categories.php

@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
 //NEW ARRAY
 $criterias = [];   

api/v2/get/discounts.php

@@ -12,20 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
-
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE d.accounthierarchy like "'.$condition.'"';
-        break;
-} 
+$whereclause = getWhereclauselvl2("discounts",$permission,$partner);
 
 //NEW ARRAY
 $criterias = [];   

api/v2/get/equipment_data.php

@@ -15,24 +15,8 @@ $partner = json_decode($partnerhierarchy);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('equipment',$permission,$partner);
 
-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE e.accounthierarchy like :condition ';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = 'WHERE e.accounthierarchy like :condition ';
-        break;
-} 
 //------------------------------------------
 //NEW ARRAY
 //------------------------------------------

api/v2/get/equipment_healthindex.php

@@ -15,24 +15,8 @@ $partner = json_decode($partnerhierarchy);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('equipment',$permission,$partner);
 
-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE e.accounthierarchy like :condition ';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = 'WHERE e.accounthierarchy like :condition ';
-        break;
-} 
 //------------------------------------------
 //NEW ARRAY
 //------------------------------------------

api/v2/get/equipments.php

@@ -15,24 +15,8 @@ $partner = json_decode($partnerhierarchy);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE e.accounthierarchy like :condition ';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = 'WHERE e.accounthierarchy like :condition ';
-        break;
-} 
 //------------------------------------------
 //NEW ARRAY
 //------------------------------------------

api/v2/get/invoice.php

@@ -12,20 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
-
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE inv.accounthierarchy like "'.$condition.'"';
-        break;
-} 
+$whereclause = getWhereclauselvl2("invoice",$permission,$partner);
 
 //NEW ARRAY
 $criterias = [];   
@@ -62,7 +49,8 @@ if(isset($criterias['totals']) && $criterias['totals'] ==''){
 } 
 elseif (isset($criterias['list']) && $criterias['list'] =='invoice'){
     //SQL for Paging 
-    $sql = 'SELECT tx.*, txi.*, p.productname, inv.id as invoice, inv.created as invoice_created FROM transactions tx 
+    $sql = 'SELECT tx.*, txi.item_id as item_id,txi.item_price as item_price, txi.item_quantity as item_quantity, txi.item_options as item_options, p.productcode, p.productname, inv.id as invoice, inv.created as invoice_created 
+            FROM transactions tx 
             left join invoice inv ON tx.id = inv.txn_id
             left join transactions_items txi ON tx.id = txi.txn_id
             left join products p ON p.rowID = txi.item_id '.$whereclause;

api/v2/get/media.php

@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
 //NEW ARRAY
 $criterias = [];   

api/v2/get/pricelists.php

@@ -12,20 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
-
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE pls.accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('pricelist',$permission,$partner);
 
 //NEW ARRAY
 $criterias = [];   

api/v2/get/pricelists_items.php

@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
 //NEW ARRAY
 $criterias = [];   

api/v2/get/products.php

@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
 //NEW ARRAY
 $criterias = [];   

api/v2/get/products_attributes.php

@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
 //NEW ARRAY
 $criterias = [];   

api/v2/get/products_attributes_items.php

@@ -12,20 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
-
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE pat.accounthierarchy like "'.$condition.'"';
-        break;
-} 
+$whereclause = getWhereclauselvl2("attributes",$permission,$partner);
 
 //NEW ARRAY
 $criterias = [];   

api/v2/get/products_categories.php

@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
 //NEW ARRAY
 $criterias = [];   

api/v2/get/products_configurations.php

@@ -12,20 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
-
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE pc.accounthierarchy like "'.$condition.'"';
-        break;
-} 
+$whereclause = getWhereclauselvl2("config",$permission,$partner);
 
 //NEW ARRAY
 $criterias = [];   

api/v2/get/products_software.php

@@ -12,20 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
-
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE p.accounthierarchy like "'.$condition.'"';
-        break;
-} 
+$whereclause = getWhereclauselvl2("software",$permission,$partner);
 
 //NEW ARRAY
 $criterias = [];   

api/v2/get/products_versions.php

@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
 //NEW ARRAY
 $criterias = [];   

api/v2/get/rma.php

@@ -11,24 +11,8 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like :condition ';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = 'WHERE accounthierarchy like :condition ';
-        break;
-} 
 
 //NEW ARRAY
 $criterias = [];   

api/v2/get/rma_history.php

@@ -11,24 +11,8 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like :condition ';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = 'WHERE accounthierarchy like :condition ';
-        break;
-} 
 
 //NEW ARRAY
 $criterias = [];   

api/v2/get/shipping.php

@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
 //NEW ARRAY
 $criterias = [];   

api/v2/get/taxes.php

@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
 //NEW ARRAY
 $criterias = [];   

api/v2/get/transactions.php

@@ -12,20 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
-
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE tx.accounthierarchy like "'.$condition.'"';
-        break;
-} 
+$whereclause = getWhereclauselvl2("transactions",$permission,$partner);
 
 //NEW ARRAY
 $criterias = [];   
@@ -62,8 +49,16 @@ if(isset($get_content) && $get_content!=''){
 //Define Query
 if(isset($criterias['totals']) && $criterias['totals'] ==''){
 //Request for total rows
-    $sql = 'SELECT count(*) as count FROM transactions '.$whereclause.'';
+    $sql = 'SELECT count(*) as count FROM transactions tx '.$whereclause.'';
 } 
+elseif (isset($criterias['list']) && $criterias['list'] =='order'){
+    //SQL for Paging 
+    $sql = 'SELECT tx.*, txi.item_id as item_id,txi.item_price as item_price, txi.item_quantity as item_quantity, txi.item_options as item_options, p.productcode, p.productname, inv.id as invoice, inv.created as invoice_created 
+            FROM transactions tx 
+            left join invoice inv ON tx.id = inv.txn_id
+            left join transactions_items txi ON tx.id = txi.txn_id
+            left join products p ON p.rowID = txi.item_id '.$whereclause;
+}
 else {
     //SQL for Paging 
     $sql = 'SELECT * FROM transactions tx '.$whereclause.' LIMIT :page,:num_products';
@@ -95,6 +90,12 @@ if(isset($criterias['totals']) && $criterias['totals']==''){
     $stmt->execute();
     $messages = $stmt->fetch();
     $messages = $messages[0];
+}
+elseif (isset($criterias['list']) && $criterias['list']=='order'){
+    $stmt->execute();
+    //Get results
+    $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+    $messages = transformOrderData($messages);
 } 
 else {
     $current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;

api/v2/get/transactions_items.php

@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
 //NEW ARRAY
 $criterias = [];   

api/v2/get/translations.php

@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
 //NEW ARRAY
 $criterias = [];   

api/v2/get/translations_details.php

@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
 //NEW ARRAY
 $criterias = [];   

api/v2/get/users.php

@@ -12,24 +12,8 @@ $partner = json_decode($partnerhierarchy);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('profile',$permission,$partner);
 
-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = 'WHERE partnerhierarchy  like :condition ';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = 'WHERE partnerhierarchy  like :condition ';
-        break;
-} 
 //NEW ARRAY
 $criterias = [];   
 $clause = '';

api/v2/post/accounts.php

@@ -13,21 +13,8 @@ $post_content = json_decode($input,true);
 //SoldTo is empty
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
-//default whereclause to check if data is owned buy user
-$whereclause = '';
-
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
+//default whereclause
+list($whereclause,$condition) = getWhereclause('equipment',$permission,$partner);
 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID

api/v2/post/categories.php

@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+$whereclause = getWhereclauselvl2("categories",$permission,$partner);
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND c.accounthierarchy like "'.$condition.'"';
-        break;
-} 
 
 //BUILD UP PARTNERHIERARCHY FROM USER
 $partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);

api/v2/post/contracts.php

@@ -16,22 +16,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
 
-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID

api/v2/post/discounts.php

@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
 
 //BUILD UP PARTNERHIERARCHY FROM USER
 $partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);

api/v2/post/equipments.php

@@ -16,22 +16,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
 
-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID

api/v2/post/invoice.php

@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['id'] ?? ''; //check for rowID

api/v2/post/media.php

@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID

api/v2/post/placeorder.php

@@ -110,6 +110,11 @@ if (isset($post_content['cart']) && isset($post_content['checkout_input']) && is
         $stmt->execute([$transaction_id, $product['id'], $product['options_price'], $product['quantity'], $options]);
     }
 
+    //CHECK IF GIFTCARD IS USED AND THEN DISABLE IT
+    if ($checkout_input['discount_code'] !=''){
+        useGiftCart($pdo,$checkout_input['discount_code'],$partner_product);
+    }
+
     //Return to checkout page
     $messages = [
         "id" => $transaction_id,

api/v2/post/pricelists.php

@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID

api/v2/post/pricelists_items.php

@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID

api/v2/post/products.php

@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID

api/v2/post/products_attributes.php

@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID

api/v2/post/products_attributes_items.php

@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID

api/v2/post/products_categories.php

@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
 //CHECK IF PRODUCT ID IS SEND
 if (isset($post_content['product_id']) && $post_content['product_id'] != ''){
 

api/v2/post/products_configurations.php

@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
 
 //ENSURE PRODUCTROWID IS SEND
 if (isset($post_content['productrowid']) && $post_content['productrowid'] != ''){

api/v2/post/products_software.php

@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
 
 //ENSURE PRODUCTROWID IS SEND
 if (isset($post_content['productrowid']) && $post_content['productrowid'] != ''){

api/v2/post/products_versions.php

@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
 
 //ENSURE PRODUCTROWID IS SEND
 if (isset($post_content['productrowid']) && $post_content['productrowid'] != ''){

api/v2/post/shipping.php

@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
 
 //BUILD UP PARTNERHIERARCHY FROM USER
 $partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);

api/v2/post/transactions.php

@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
 
 //WEBSHOP UPDATE CAN SEND TXN_ID ONLY
 if (isset($post_content['txn_id']) && $post_content['txn_id'] != '' && !isset($post_content['id'])){
@@ -65,6 +53,20 @@ $partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$par
 //ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
 if ($command == 'update'){
 
+    //CHECK IF PAYMENT STATUS is PAID (1)
+    if(isset($post_content['payment_status']) && $post_content['payment_status'] == 1){
+
+        //check if GIFTCARD ID IS PROVIDED AND NOT EMPTY
+        if(isset($post_content['giftcard_categoryID']) && $post_content['giftcard_categoryID'] != ''){
+
+            //CHECK FOR GIFTCARDS IN ORDER AND CREATE WHEN AVAILABLE AND NOT CREATED YET
+            createGiftCart($pdo, $post_content['id'], $post_content['giftcard_categoryID'],$partner_product);
+
+            //remove giftcard_categoryID from $post_content array
+            unset($post_content['giftcard_categoryID']);
+        }
+    }
+
 }
 elseif ($command == 'insert'){
     $post_content['accounthierarchy'] = $partner_product;

api/v2/post/translations.php

@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID

api/v2/post/translations_details.php

@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 
-switch ($permission) {    
-    case '4':
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;  
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
-        break;
-} 
 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID

api/v2/post/users.php

@@ -14,25 +14,9 @@ $owner_user = 0;
 //SoldTo is empty
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 
-//default whereclause to check if data is owned by user
-$whereclause = '';
+//default whereclause
+list($whereclause,$condition) = getWhereclause('profile',$permission,$partner);
 
-switch ($permission) {    
-    case '4': 
-        $whereclause = '';
-        break;
-    case '3':
-        $whereclause = '';
-        break;
-    case '2':
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
-        $whereclause = ' AND partnerhierarchy like "'.$condition.'"';
-        break;
-    default:
-        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
-        $whereclause = ' AND partnerhierarchy like "'.$condition.'"';
-        break;
-} 
 
 //SET PARAMETERS FOR QUERY
 $id = (isset($post_content['id'])) ? $post_content['id']: ''; //check for rowID

assets/functions.php

@@ -190,6 +190,7 @@ function menu($selected,$selected_child){
   }
   return $menu;
   }
+
 //------------------------------------------
 // Template Header
 //------------------------------------------
@@ -642,6 +643,89 @@ function ioAPIv2($api_call, $data, $token){
   return $resp;
 }
 
+//------------------------------------------
+// DEFINE WHERECLAUSE BASED ON ACCOUNTHIERARCHY ALL
+//------------------------------------------
+
+function getWhereclause($table_name,$permission,$partner){
+
+  //api_name converter to table
+  $table =[
+    "equipment" => "e.accounthierarchy",
+    "profile" => "partnerhierarchy"
+  ];
+
+  $table = ($table_name != '') ? $table[$table_name] : 'accounthierarchy';
+
+  //SoldTo is empty
+  if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+  //default whereclause
+  $whereclause = '';
+
+  switch ($permission) {    
+      case '4': 
+          $whereclause = '';
+          break;
+      case '3':
+          $whereclause = '';
+          break;
+      case '2':
+          $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
+          $whereclause = 'WHERE '.$table.' like :condition ';
+          break;
+      default:
+          $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
+          $whereclause = 'WHERE '.$table.' like :condition ';
+          break;
+  } 
+
+  return array($whereclause,$condition);
+}
+
+//------------------------------------------
+// DEFINE WHERECLAUSE BASED ON ACCOUNTHIERARCHY SALES AND SOLD
+//------------------------------------------
+function getWhereclauselvl2($table_name,$permission,$partner){
+
+  //api_name converter to table
+  $table =[
+    "pricelist" => "pls.accounthierarchy",
+    "communications" => "salesID",
+    "partners" => "salesID",
+    "discounts" => "d.accounthierarchy",
+    "invoice" => "inv.accounthierarchy",
+    "attributes" => "pat.accounthierarchy",
+    "config" => "pc.accounthierarchy",
+    "software" => "p.accounthierarchy",
+    "transactions" => "tx.accounthierarchy",
+    "categories" => "c.accounthierarchy"
+  ];
+
+  $table = ($table_name != '') ? $table[$table_name] : 'accounthierarchy';
+
+  //SoldTo is empty
+  if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+  //default whereclause
+  $whereclause = '';
+
+  switch ($permission) {    
+    case '4':
+        $whereclause = '';
+        break;
+    case '3':
+        $whereclause = '';
+        break;  
+    default:
+        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
+        $whereclause = 'WHERE '.$table.' like "'.$condition.'"';
+        break;
+} 
+
+  return array($whereclause,$condition);
+}
+
 //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 //get user profile||$profile=settings, $permision = userright()
 //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
@@ -3439,14 +3523,26 @@ function transformOrderData(array $orderData): array {
   $firstRow = $orderData[0];
   
   $result = [
+      'header' => [
+        "id" => $firstRow['id'],
+        "txn_id" => $firstRow['txn_id'],
+        "payment_status" => $firstRow['payment_status'],
+        "payment_method" => $firstRow['payment_method'],
+        "shipping_method" => $firstRow['shipping_method'],
+        "discount_code" => $firstRow['discount_code'],
+        "created" => $firstRow['created'],
+        "updated " => $firstRow['updated']
+      ],
       'customer' => [
+          'account_id' => $firstRow['account_id'],
           'email' => $firstRow['payer_email'],
           'name' => $firstRow['first_name'] . ' ' . $firstRow['last_name'],
           'street' => $firstRow['address_street'],
           'zip' => $firstRow['address_zip'],
+          'state' => $firstRow['address_state'],
           'city' => $firstRow['address_city'],
-          'country' => $firstRow['address_country']
-
+          'country' => $firstRow['address_country'],
+          'phone' => $firstRow['address_phone']
       ],
       'products' => [],
       'invoice' => [
@@ -3477,6 +3573,7 @@ function transformOrderData(array $orderData): array {
       // Add product information
       $result['products'][] = [
           'item_id' => $row['item_id'],
+          'productcode' => $row['productcode'],
           'product_name' => $row['productname'],
           'options' => $itemOptions,
           'quantity' => $row['item_quantity'],
@@ -3493,4 +3590,67 @@ function transformOrderData(array $orderData): array {
   $result['pricing']['payment_amount'] = number_format(floatval($result['pricing']['payment_amount']), 2, '.', '');
   
   return $result;
+}
+
+//=============================================
+// Use giftcart
+//=============================================
+
+function useGiftCart($pdo, $discount_code, $accounthierarchy){
+   
+  // Get the current date
+  $end_date = date("Y-m-d H:i:s");
+
+  //Check if Giftcard already exists
+  $stmt = $pdo->prepare('SELECT * from discounts WHERE discount_code = ? AND accounthierarchy = ?');
+  $stmt->execute([$discount_code,$accounthierarchy]);
+  $discount_exist = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+  if (!empty($discount_exist) || $discount_exist != '') {
+      //Update Giftcard end data
+      $stmt = $pdo->prepare('UPDATE discounts SET end_date = ? WHERE discount_code = ? AND accounthierarchy = ?');
+      $stmt->execute([$end_date,$discount_code, $accounthierarchy]);
+  }
+}
+
+function createGiftCart($pdo, $orderID, $giftcard_categoryID,$accounthierarchy){
+   
+  //Check if Giftcard is ordered
+  $stmt = $pdo->prepare('SELECT t.payer_email as email, ti.id as id, t.txn_id as txn, ti.item_price as item_price, ti.item_quantity as item_quantity FROM transactions t INNER JOIN transactions_items ti ON t.txn_id = ti.txn_id INNER JOIN products_categories p ON ti.item_id = p.product_id WHERE p.category_id = ? AND ti.txn_id = ? AND accounthierarchy = ?');
+  $stmt->execute([$giftcard_categoryID,$orderID,$accounthierarchy]);
+  $giftcards = $stmt->fetchAll(PDO::FETCH_ASSOC);
+  
+  if ($giftcards) {
+      foreach ($giftcards as $giftcard) {
+       
+          //For each quantity
+          $x = 0;
+         
+          while ($x < $giftcard['item_quantity']){
+              
+              //Generate discount code = TXN/ID/X
+              $discount_code = $giftcard['txn'].'#'.$giftcard['id'].'#'.$x;
+              $value = $giftcard['item_price'];
+
+              // Get the current date
+              $start_date = date("Y-m-d H:i:s");
+              $end_date = date("Y-m-d H:i:s", strtotime("+5 years"));;
+
+              //Check if Giftcard already exists
+              $stmt = $pdo->prepare('SELECT * from discounts WHERE discount_code = ? AND accounthierarchy = ?');
+              $stmt->execute([$discount_code,$accounthierarchy]);
+              $discount_exist = $stmt->fetchAll(PDO::FETCH_ASSOC);
+              
+              if (empty($discount_exist) || $discount_exist == '') {
+                  //Insert Giftcard
+                  $discount_type = 0; //Fixed
+                  //SQL Insert
+                  $stmt = $pdo->prepare('INSERT INTO discounts (discount_code,discount_type,discount_value,start_date,end_date,accounthierarchy) VALUES (?,?,?,?,?,?)');
+                  $stmt->execute([$discount_code, $discount_type, $value, $start_date, $end_date,$accounthierarchy]);
+              }
+              $x++;
+          }    
+      } 
+      
+  }
 }

categories.php

@@ -62,7 +62,7 @@ function admin_populate_categories($categories, $parent_id = 0, $n = 0) {
             <tr>
                 <td><span style="padding-right:8px;color:#bbbec0;border-left:1px solid #bbbec0;padding-bottom:2px;">-' . str_repeat('----', $n) . '</span>' . $category['name'] . '</td>
                 <td>'.(($category['filter'] == 1) ? 'V' : '').'</td>
-                <td><a href="index.php?page=category&rowID=' . $category['rowID'] . '" class="link1">Edit</a> (ID =' . $category['rowID'] . ') </td>
+                <td><a href="index.php?page=category&rowID=' . $category['rowID'] . '" class="btn_link">Edit</a> (ID =' . $category['rowID'] . ') </td>
             </tr>           
             ';
             $html .= admin_populate_categories($categories, $category['rowID'], $n+1);

discount.php

@@ -166,8 +166,8 @@ $view .= '      </div>
 
             <label for="type"><i class="required">*</i>'.($discounts_type ?? 'Type').'</label>
             <select id="type" name="discount_type">
-                <option value="'.$discount['discount_type'].'" '.($discount['discount_type']== 0 ? ' selected':'').'>'.($discounts_type_fixed ?? 'Fixed').'</option>
-                <option value="'.$discount['discount_type'].'" '.($discount['discount_type']== 1 ? ' selected':'').'>'.($discounts_type_percentage ?? 'Percentage').'</option>
+                <option value="0" '.($discount['discount_type']== 0 ? ' selected':'').'>'.($discounts_type_fixed ?? 'Fixed').'</option>
+                <option value="1" '.($discount['discount_type']== 1 ? ' selected':'').'>'.($discounts_type_percentage ?? 'Percentage').'</option>
             </select>
             <label for="discount_value"><i class="required">*</i>'.($discounts_value ?? 'Value').'</label>
             <input id="discount_value" type="number" name="discount_value" placeholder="'.($discounts_value ?? 'Value').'" min="0" step=".01" value="'.$discount['discount_value'].'" required>

discounts.php

@@ -116,7 +116,7 @@ $view .= '
                             <td>'.$discount['discount_value'].'</td>
                             <td class="responsive-hidden">'.date('Y-m-d h:ia', strtotime($discount['start_date'])).'</td>
                             <td class="responsive-hidden">'.date('Y-m-d h:ia', strtotime($discount['end_date'])).'</td>
-                            <td><a href="index.php?page=discount&id='.$discount['id'].'" class="link1">'.$general_view.'</a></td>
+                            <td><a href="index.php?page=discount&id='.$discount['id'].'" class="btn_link">'.$general_view.'</a></td>
                         </tr>';
                     }
 

order.php

@@ -1,163 +1,199 @@
 <?php
-defined('admin') or exit;
-if (!isset($_GET['id'])) {
-    exit('Invalid ID!');
+defined(page_security_key) or exit;
+
+if (debug && debug_id == $_SESSION['id']){
+    ini_set('display_errors', '1');
+    ini_set('display_startup_errors', '1');
+    error_reporting(E_ALL);  
 }
-// Retrieve order items
-$stmt = $pdo->prepare('SELECT ti.*, p.productcode, p.name FROM transactions t JOIN transactions_items ti ON ti.txn_id = t.txn_id LEFT JOIN products p ON p.id = ti.item_id WHERE t.id = ?');
-$stmt->execute([ $_GET['id'] ]);
-$order_items = $stmt->fetchAll(PDO::FETCH_ASSOC);
-// Retrieve order details
-$stmt = $pdo->prepare('SELECT a.email, a.id AS a_id, a.first_name AS a_first_name, a.last_name AS a_last_name, a.address_street AS a_address_street, a.address_city AS a_address_city, a.address_state AS a_address_state, a.address_zip AS a_address_zip, a.address_country AS a_address_country, a.address_phone AS a_address_phone, t.* FROM transactions t LEFT JOIN transactions_items ti ON ti.txn_id = t.txn_id LEFT JOIN accounts a ON a.id = t.account_id WHERE t.id = ?');
-$stmt->execute([ $_GET['id'] ]);
-$order = $stmt->fetch(PDO::FETCH_ASSOC);
+include_once './assets/functions.php';
+include_once './settings/settings.php';
 
-// Get tax
-$stmt = $pdo->prepare('SELECT * FROM taxes WHERE country = ?');
-$stmt->execute([$order['a_address_country']]);
-$tax = $stmt->fetch(PDO::FETCH_ASSOC);
-$tax_rate = $tax ? $tax['rate'] : 0.00;
+//SET ORIGIN FOR NAVIGATION
+$prev_page = $_SESSION['prev_origin'] ?? '';
+$page = 'order';
 
-//Add giftcards
-if (isset($_GET['add_giftcard'])){
-    createGiftCart($pdo, $order['txn_id']);
-}
+//create backbutton to prev_origin
+$back_btn_orgin =  ($prev_page != '')? '<a href="'.$prev_page.'" class="btn alt mar-right-2">'.$button_back.'</a>':'';
 
-//Get connected giftcards
-$giftcards_template = $order['txn_id'].'#%#%';
-$stmt = $pdo->prepare('SELECT * from discounts WHERE discount_code like ?');
-$stmt->execute([$giftcards_template]);
-$giftcards = $stmt->fetchAll(PDO::FETCH_ASSOC);
-
-// Get the current date
-$current_date = strtotime((new DateTime())->format('Y-m-d H:i:s'));
-
-// Delete transaction
-if (isset($_GET['delete'])) {
-    // Delete the transaction
-    $stmt = $pdo->prepare('DELETE t, ti FROM transactions t LEFT JOIN transactions_items ti ON ti.txn_id = t.txn_id WHERE t.id = ?');
-    $stmt->execute([ $_GET['id'] ]);
-
-    // Deactive giftcards
-    removeGiftCart($pdo, $_GET['txn']);
-
-    header('Location: index.php?page=orders&success_msg=3');
+//Check if allowed
+if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){
+    header('location: index.php');
     exit;
 }
-if (!$order) {
-    exit('Invalid ID!');
+
+//GET PARAMETERS && STORE in SESSION for FURTHER USE/NAVIGATION
+$pagination_page = $_SESSION['p'] = isset($_GET['p']) ? $_GET['p'] : 1;
+
+//PAGE Security
+$page_manage = 'order_manage';
+$update_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'U');
+$update_allowed_edit = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'U');
+$delete_allowed = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'D');
+$create_allowed = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'C');
+
+//GET Details from URL
+$_GET['list'] = 'order';
+$GET_VALUES = urlGETdetails($_GET) ?? '';
+
+//CALL TO API
+$api_url = '/v2/transactions/'.$GET_VALUES;
+$order = ioServer($api_url,'');
+//Decode Payload
+if (!empty($order)){$order = json_decode($order,true);}else{$order = null;}
+
+// Handle success messages
+if (isset($_GET['success_msg'])) {
+    if ($_GET['success_msg'] == 1) {
+        $success_msg = $message_order_1 ?? 'Created';
+    }
+    if ($_GET['success_msg'] == 2) {
+        $success_msg = $message_order_2 ?? 'Updated';
+    }
+    if ($_GET['success_msg'] == 3) {
+        $success_msg = $message_order_3 ?? 'Deleted' ;
+    }
 }
 
-?>
-<?=template_admin_header('Orders', 'orders')?>
+template_header('order', 'order', 'view');
+$view = '
+    <div class="content-title responsive-flex-wrap responsive-pad-bot-3">
+        <h2 class="responsive-width-100">'.$order['header']['id'].' - '.$order['header']['txn_id'].'</h2>
+        <a href="index.php?page='.$_SESSION['origin'].'&p='.$_SESSION['p'].'" class="btn alt mar-right-2">'.$button_cancel.'</a>
+';
 
-<div class="content-title responsive-flex-wrap responsive-pad-bot-3">
-    <h2 class="responsive-width-100">Order #<?=$_GET['id']?></h2>
-    <a href="index.php?page=orders" class="btn alt mar-right-2">Cancel</a>
-    <a href="index.php?page=order&id=<?=$_GET['id']?>&delete=true&txn=<?=$order['txn_id']?>" class="btn red mar-right-2" onclick="return confirm('Are you sure you want to delete this order?')">Delete</a>
-    <a href="index.php?page=order_manage&id=<?=$_GET['id']?>" class="btn">Edit</a>
-</div>
 
-<div class="content-block-wrapper">
+//------------------------------------
+//
+//------------------------------------
+if ($update_allowed_edit === 1){
+    $view .= '<a href="index.php?page=order_manage&id='.$_GET['id'].'" class="btn">Edit</a>';
+}
+
+$view .= '</div>';
+
+if (isset($success_msg)){
+    $view .= ' <div class="msg success">
+                    <i class="fas fa-check-circle"></i>
+                    <p>'.$success_msg.'</p>
+                    <i class="fas fa-times"></i>
+                </div>';
+}
+
+$view .= '<div class="content-block-wrapper">';
+
+$view .='
     <div class="content-block order-details">
         <div class="block-header">
             <i class="fa-solid fa-cart-shopping fa-sm"></i>Order Details
         </div>
         <div class="order-detail">
             <h3>Order ID</h3>
-            <p><?=$order['id']?></p>
+            <p>' . $order['header']['id'] . '</p>
         </div>
         <div class="order-detail">
             <h3>Transaction ID</h3>
-            <p><?=$order['txn_id']?></p>
-        </div>
-        <?php if ($order['shipping_method']): ?>
+            <p>' . $order['header']['txn_id'] . '</p>
+        </div>';
+
+if ($order['header']['shipping_method']) {
+    $view .='
         <div class="order-detail">
             <h3>Shipping Method</h3>
-            <p><?=$order['shipping_method'] ? htmlspecialchars($order['shipping_method'], ENT_QUOTES) : '--'?></p>
-        </div>
-        <?php endif; ?>
+            <p>' . htmlspecialchars($order['header']['shipping_method'], ENT_QUOTES) . '</p>
+        </div>';
+}
+
+$view .='
         <div class="order-detail">
             <h3>Payment Method</h3>
-            <p><?=$order['payment_method']?></p>
+            <p>' . $order['header']['payment_method'] . '</p>
         </div>
         <div class="order-detail">
             <h3>Payment Status</h3>
-            <p><?=$order['payment_status']?></p>
+            <p>' . $order['header']['payment_status'] . '</p>
         </div>
         <div class="order-detail">
             <h3>Date</h3>
-            <p><?=date('F j, Y H:ia', strtotime($order['created']))?></p>
-        </div>
-        <?php if ($order['discount_code']): ?>
+            <p>'.getRelativeTime($order['header']['created']). '</p>
+        </div>';
+
+if ($order['header']['discount_code']) {
+    $view .='
         <div class="order-detail">
             <h3>Discount Code</h3>
-            <p><?=htmlspecialchars($order['discount_code'], ENT_QUOTES)?></p>
-        </div>
-        <?php endif; ?>
-    </div>
+            <p>' . htmlspecialchars($order['header']['discount_code'], ENT_QUOTES) . '</p>
+        </div>';
+}
 
+$view .='    </div>';
+
+// Account Details Block
+$view .='
     <div class="content-block order-details">
         <div class="block-header">
             <i class="fa-solid fa-user fa-sm"></i>Account Details
-        </div>
-        <?php if ($order['email']): ?>
+        </div>';
+
+if ($order['customer']['email']) {
+    $view .='
         <div class="order-detail">
             <h3>Email</h3>
-            <p><a href="index.php?page=account&id=<?=$order['a_id']?>" target="_blank" class="link1" style="margin:0"><?=htmlspecialchars($order['email'], ENT_QUOTES)?></a></p>
+            <p><a href="index.php?page=account&id=' . $order['header']['id'] . '" target="_blank" class="link1" style="margin:0">' . htmlspecialchars($order['customer']['email'], ENT_QUOTES) . '</a></p>
         </div>
         <div class="order-detail">
             <h3>Name</h3>
-            <p><?=htmlspecialchars($order['a_first_name'], ENT_QUOTES)?> <?=htmlspecialchars($order['a_last_name'], ENT_QUOTES)?></p>
+            <p>' . htmlspecialchars($order['customer']['name'], ENT_QUOTES) . '</p>
         </div>
         <div class="order-detail">
             <h3>Address</h3>
-            <p style="text-align:right;"><?=htmlspecialchars($order['a_address_street'], ENT_QUOTES)?><br>
-                <?=htmlspecialchars($order['a_address_city'], ENT_QUOTES)?><br>
-                <?=htmlspecialchars($order['a_address_state'], ENT_QUOTES)?><br>
-                <?=htmlspecialchars($order['a_address_zip'], ENT_QUOTES)?><br>
-                <?=htmlspecialchars($order['a_address_country'], ENT_QUOTES)?>
-            </p>
+            <p style="text-align:right;">' . htmlspecialchars($order['customer']['street'], ENT_QUOTES) . '<br>
+                ' . htmlspecialchars($order['customer']['city'], ENT_QUOTES) . '<br>
+                ' . htmlspecialchars($order['customer']['state'], ENT_QUOTES) . '<br>
+                ' . htmlspecialchars($order['customer']['zip'], ENT_QUOTES) . '<br>
+                ' . htmlspecialchars($order['customer']['country'], ENT_QUOTES) . '</p>
         </div>
         <div class="order-detail">
             <h3>Contact</h3>
-            <p style="text-align:right;"><?=htmlspecialchars($order['a_address_phone'], ENT_QUOTES)?>
-            </p>
-        </div>
-        <?php else: ?>
-        <p>The order is not associated with an account.</p>
-        <?php endif; ?>
-    </div>
+            <p style="text-align:right;">' . htmlspecialchars($order['customer']['phone'], ENT_QUOTES) . '</p>
+        </div>';
+} else {
+    $view .='        <p>The order is not associated with an account.</p>';
+}
 
+$view .='    </div>';
+
+// Customer Details Block
+$view .='
     <div class="content-block order-details">
         <div class="block-header">
             <i class="fa-solid fa-user fa-sm"></i>Customer Details
         </div>
         <div class="order-detail">
             <h3>Email</h3>
-            <p><?=htmlspecialchars($order['payer_email'], ENT_QUOTES)?></p>
+            <p>' . htmlspecialchars($order['customer']['email'], ENT_QUOTES) . '</p>
         </div>
         <div class="order-detail">
             <h3>Name</h3>
-            <p><?=htmlspecialchars($order['first_name'], ENT_QUOTES)?> <?=htmlspecialchars($order['last_name'], ENT_QUOTES)?></p>
+            <p>' . htmlspecialchars($order['customer']['name'], ENT_QUOTES) . ' </p>
         </div>
         <div class="order-detail">
             <h3>Address</h3>
-            <p style="text-align:right;"><?=htmlspecialchars($order['address_street'], ENT_QUOTES)?><br>
-                <?=htmlspecialchars($order['address_city'], ENT_QUOTES)?><br>
-                <?=htmlspecialchars($order['address_state'], ENT_QUOTES)?><br>
-                <?=htmlspecialchars($order['address_zip'], ENT_QUOTES)?><br>
-                <?=htmlspecialchars($order['address_country'], ENT_QUOTES)?>
-            </p>
+            <p style="text-align:right;">' . htmlspecialchars($order['customer']['street'], ENT_QUOTES) . '<br>
+                ' . htmlspecialchars($order['customer']['city'], ENT_QUOTES) . '<br>
+                ' . htmlspecialchars($order['customer']['state'], ENT_QUOTES) . '<br>
+                ' . htmlspecialchars($order['customer']['zip'], ENT_QUOTES) . '<br>
+                ' . htmlspecialchars($order['customer']['country'], ENT_QUOTES) . '</p>
         </div>
         <div class="order-detail">
             <h3>Contact</h3>
-            <p style="text-align:right;"><?=htmlspecialchars($order['a_address_phone'], ENT_QUOTES)?>
-            </p>
+            <p style="text-align:right;">' . htmlspecialchars($order['customer']['phone'], ENT_QUOTES) . '</p>
         </div>
     </div>
-</div>
+</div>';
 
+// Order Items Table
+$view .='
 <div class="content-block">
     <div class="block-header">
         <i class="fa-solid fa-bars fa-sm"></i>Order
@@ -173,60 +209,63 @@ if (!$order) {
                     <td style="text-align:right;">Total</td>
                 </tr>
             </thead>
-            <tbody>
-                <?php if (empty($order_items)): ?>
+            <tbody>';
+
+if (empty($order)) {
+    $view .='
                 <tr>
                     <td colspan="5" style="text-align:center;">There are no order items</td>
-                </tr>
-                <?php else: ?>
-                <?php 
-                    $subtotal = 0;    
-                    foreach ($order_items as $item): 
-                ?>
+                </tr>';
+} else {
+    foreach ($order['products'] as $item) {
+        $view .='
                 <tr>
-                    <td><?=$item['productcode']?> <?=$item['name'] ? htmlspecialchars($item['name'], ENT_QUOTES) : '(Product ' . $item['item_id'] . ')'?></td>
-                    <td><?=$item['item_options'] ? htmlspecialchars(str_replace(',', ', ', $item['item_options']), ENT_QUOTES) : '--'?></td>
-                    <td><?=$item['item_quantity']?></td>
-                    <td class="responsive-hidden"><?=currency_code?><?=number_format($item['item_price'], 2)?></td>
-                    <td style="text-align:right;"><?=currency_code?><?=number_format($item['item_price']*$item['item_quantity'], 2)?></td>
-                </tr>
-                <?php $subtotal += $item['item_price']*$item['item_quantity'];?>
-                <?php endforeach; ?>
-                <?php endif; ?>
+                    <td>' . ($item['product_name'] ? htmlspecialchars(${$item['product_name']} ?? $item['product_name'] , ENT_QUOTES) : '(Product ' . $item['item_id'] . ')') . '</td>
+                    <td>' . ($item['options'] ? htmlspecialchars(implode(", ", $item['options']), ENT_QUOTES) : '--') . '</td>
+                    <td>' . $item['quantity'] . '</td>
+                    <td class="responsive-hidden">' .  number_format($item['price'], 2) . '</td>
+                    <td style="text-align:right;">' .  number_format($item['line_total'], 2) . '</td>
+                </tr>';
+    }
+}
+
+$view .='
                 <tr>
                     <td colspan="5" class="item-list-end"></td>
                 </tr>
                 <tr>
                     <td colspan="4" class="subtotal">Subtotal</td>
-                    <td class="num"><?=currency_code?><?=number_format($subtotal, 2)?></td>
+                    <td class="num">' .  number_format($order['pricing']['subtotal'], 2) . '</td>
                 </tr>
                 <tr>
                     <td colspan="4" class="shipping">Shipping</td>
-                    <td class="num"><?=currency_code?><?=number_format($order['shipping_amount'], 2)?></td>
+                    <td class="num">' .  number_format($order['pricing']['shipping_total'], 2) . '</td>
                 </tr>
                 <tr>
                     <td colspan="4" class="shipping">Discount</td>
-                    <td class="num"><?=currency_code?><?=number_format(($order['payment_amount']+$order['shipping_amount'])-($subtotal), 2)?></td>
+                    <td class="num">' .  number_format($order['pricing']['discount_total'], 2) . '</td>
                 </tr>
                 <tr>
                     <td colspan="4" class="shipping">VAT</td>
-                    <td class="num" style="border-bottom: 1px solid #f0f1f2;"><?=currency_code?><?=number_format($order['tax_amount'], 2)?></td>
+                    <td class="num" style="border-bottom: 1px solid #f0f1f2;">' .  number_format($order['pricing']['tax_total'], 2) . '</td>
                 </tr>
                 <tr>
                     <td colspan="4" class="total">Total</td>
-                    <td class="num"><b><?=currency_code?><?=number_format($order['payment_amount'], 2)?></b></td>
+                    <td class="num"><b>' .  number_format($order['pricing']['payment_amount'], 2) . '</b></td>
                 </tr>
             </tbody>
         </table>
     </div>
-</div>
+</div>';
 
+// Giftcards Block
+$view .='
 <div class="content-block">
     <div class="block-header">
         <i class="fa-solid fa-bars fa-sm"></i>Giftcards
     </div>
     <div class="table order-table">
-        <a href="index.php?page=order&id=<?=$_GET['id']?>&add_giftcard" class="btn">Relate giftcards</a>
+        <a href="index.php?page=order&id=' . $_GET['id'] . '&add_giftcard" class="btn">Relate giftcards</a>
         <table>
             <thead>
                 <tr>
@@ -235,56 +274,69 @@ if (!$order) {
                     <td>Value</td>
                 </tr>
             </thead>
-            <tbody>
-                <?php if (empty($giftcards)): ?>
+            <tbody>';
+
+if (empty($giftcards)) {
+    $view .='
                 <tr>
                     <td colspan="5" style="text-align:center;">There are no order items</td>
-                </tr>
-                <?php else: ?>
-                <?php foreach ($giftcards as $giftcard): ?>
+                </tr>';
+} else {
+    foreach ($giftcards as $giftcard) {
+        $view .='
                 <tr>
-                    <td><?=$giftcard['discount_code']?></td>
-                    <td><?=$current_date >= strtotime($giftcard['start_date']) && $current_date <= strtotime($giftcard['end_date']) ? 'Yes' : 'No'?></td>
-                    <td><?=currency_code?><?=number_format($giftcard['discount_value'], 2)?></td>
-                </tr>
-                <?php endforeach; ?>
-                <?php endif; ?>
+                    <td>' . $giftcard['discount_code'] . '</td>
+                    <td>' . ($current_date >= strtotime($giftcard['start_date']) && $current_date <= strtotime($giftcard['end_date']) ? 'Yes' : 'No') . '</td>
+                    <td>' .  number_format($giftcard['discount_value'], 2) . '</td>
+                </tr>';
+    }
+}
+
+$view .='
                 <tr>
                     <td colspan="5" class="item-list-end"></td>
                 </tr>
             </tbody>
         </table>
     </div>
-</div>
+</div>';
 
+// Invoice Block
+$view .='
 <div class="content-block">
     <div class="block-header">
         <i class="fa-solid fa-bars fa-sm"></i>Invoice
     </div>
     <div class="table order-table">
-    <table>
-        <tr>
-            <td style="width:70px";>
-                <form action="index.php?page=factuur" method="post">
-                    <input type="hidden" name="txn_id" value="<?=$order['txn_id']?>">
-                    <input type="submit" class="btn" name="show_invoice" value="Show">
-                </form>
-            </td>
-            <td style="width: 157px;">
-                <form action="index.php?page=factuur" method="post">
-                    <input type="hidden" name="txn_id" value="<?=$order['txn_id']?>">
-                    <input type="submit" class="btn" name="email_invoice" value="Email to Customer" onclick="return confirm('Send invoice to customer?');">
-                </form>
-            </td>
-            <td>
-                <form action="index.php?page=factuur" method="post">
-                    <input type="hidden" name="txn_id" value="<?=$order['txn_id']?>">
-                    <input type="submit" class="btn" name="email_invoice_to_admin" value="Email to Admin" onclick="return confirm('Send invoice to admin?');">
-                </form>
-            </td>
-        </tr>
-    </table>
-    </div>
-</div>
+        <table>
+            <tr>
+                <td style="width:70px";>
+                    <form action="index.php?page=factuur" method="post">
+                        <input type="hidden" name="txn_id" value="' . $order['header']['txn_id'] . '">
+                        <input type="submit" class="btn" name="show_invoice" value="Show">
+                    </form>
+                </td>
+                <td style="width: 157px;">
+                    <form action="index.php?page=factuur" method="post">
+                        <input type="hidden" name="txn_id" value="' . $order['header']['txn_id'] . '">
+                        <input type="submit" class="btn" name="email_invoice" value="Email to Customer" onclick="return confirm(\'Send invoice to customer?\');">
+                    </form>
+                </td>
+                <td>
+                    <form action="index.php?page=factuur" method="post">
+                        <input type="hidden" name="txn_id" value="' . $order['header']['txn_id'] . '">
+                        <input type="submit" class="btn" name="email_invoice_to_admin" value="Email to Admin" onclick="return confirm(\'Send invoice to admin?\');">
+                    </form>
+                </td>
+            </tr>
+        </table>
+    </div>';
 
-<?=template_admin_footer()?>
+$view .='</div>';
+
+//OUTPUT
+echo $view;    
+
+template_footer()
+
+?>

order_old.php

@@ -0,0 +1,290 @@
+<?php
+defined('admin') or exit;
+if (!isset($_GET['id'])) {
+    exit('Invalid ID!');
+}
+// Retrieve order items
+$stmt = $pdo->prepare('SELECT ti.*, p.productcode, p.name FROM transactions t JOIN transactions_items ti ON ti.txn_id = t.txn_id LEFT JOIN products p ON p.id = ti.item_id WHERE t.id = ?');
+$stmt->execute([ $_GET['id'] ]);
+$order_items = $stmt->fetchAll(PDO::FETCH_ASSOC);
+// Retrieve order details
+$stmt = $pdo->prepare('SELECT a.email, a.id AS a_id, a.first_name AS a_first_name, a.last_name AS a_last_name, a.address_street AS a_address_street, a.address_city AS a_address_city, a.address_state AS a_address_state, a.address_zip AS a_address_zip, a.address_country AS a_address_country, a.address_phone AS a_address_phone, t.* FROM transactions t LEFT JOIN transactions_items ti ON ti.txn_id = t.txn_id LEFT JOIN accounts a ON a.id = t.account_id WHERE t.id = ?');
+$stmt->execute([ $_GET['id'] ]);
+$order = $stmt->fetch(PDO::FETCH_ASSOC);
+
+// Get tax
+$stmt = $pdo->prepare('SELECT * FROM taxes WHERE country = ?');
+$stmt->execute([$order['a_address_country']]);
+$tax = $stmt->fetch(PDO::FETCH_ASSOC);
+$tax_rate = $tax ? $tax['rate'] : 0.00;
+
+//Add giftcards
+if (isset($_GET['add_giftcard'])){
+    createGiftCart($pdo, $order['txn_id']);
+}
+
+//Get connected giftcards
+$giftcards_template = $order['txn_id'].'#%#%';
+$stmt = $pdo->prepare('SELECT * from discounts WHERE discount_code like ?');
+$stmt->execute([$giftcards_template]);
+$giftcards = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+// Get the current date
+$current_date = strtotime((new DateTime())->format('Y-m-d H:i:s'));
+
+// Delete transaction
+if (isset($_GET['delete'])) {
+    // Delete the transaction
+    $stmt = $pdo->prepare('DELETE t, ti FROM transactions t LEFT JOIN transactions_items ti ON ti.txn_id = t.txn_id WHERE t.id = ?');
+    $stmt->execute([ $_GET['id'] ]);
+
+    // Deactive giftcards
+    removeGiftCart($pdo, $_GET['txn']);
+
+    header('Location: index.php?page=orders&success_msg=3');
+    exit;
+}
+if (!$order) {
+    exit('Invalid ID!');
+}
+
+?>
+<?=template_admin_header('Orders', 'orders')?>
+
+<div class="content-title responsive-flex-wrap responsive-pad-bot-3">
+    <h2 class="responsive-width-100">Order #<?=$_GET['id']?></h2>
+    <a href="index.php?page=orders" class="btn alt mar-right-2">Cancel</a>
+    <a href="index.php?page=order&id=<?=$_GET['id']?>&delete=true&txn=<?=$order['txn_id']?>" class="btn red mar-right-2" onclick="return confirm('Are you sure you want to delete this order?')">Delete</a>
+    <a href="index.php?page=order_manage&id=<?=$_GET['id']?>" class="btn">Edit</a>
+</div>
+
+<div class="content-block-wrapper">
+    <div class="content-block order-details">
+        <div class="block-header">
+            <i class="fa-solid fa-cart-shopping fa-sm"></i>Order Details
+        </div>
+        <div class="order-detail">
+            <h3>Order ID</h3>
+            <p><?=$order['id']?></p>
+        </div>
+        <div class="order-detail">
+            <h3>Transaction ID</h3>
+            <p><?=$order['txn_id']?></p>
+        </div>
+        <?php if ($order['shipping_method']): ?>
+        <div class="order-detail">
+            <h3>Shipping Method</h3>
+            <p><?=$order['shipping_method'] ? htmlspecialchars($order['shipping_method'], ENT_QUOTES) : '--'?></p>
+        </div>
+        <?php endif; ?>
+        <div class="order-detail">
+            <h3>Payment Method</h3>
+            <p><?=$order['payment_method']?></p>
+        </div>
+        <div class="order-detail">
+            <h3>Payment Status</h3>
+            <p><?=$order['payment_status']?></p>
+        </div>
+        <div class="order-detail">
+            <h3>Date</h3>
+            <p><?=date('F j, Y H:ia', strtotime($order['created']))?></p>
+        </div>
+        <?php if ($order['discount_code']): ?>
+        <div class="order-detail">
+            <h3>Discount Code</h3>
+            <p><?=htmlspecialchars($order['discount_code'], ENT_QUOTES)?></p>
+        </div>
+        <?php endif; ?>
+    </div>
+
+    <div class="content-block order-details">
+        <div class="block-header">
+            <i class="fa-solid fa-user fa-sm"></i>Account Details
+        </div>
+        <?php if ($order['email']): ?>
+        <div class="order-detail">
+            <h3>Email</h3>
+            <p><a href="index.php?page=account&id=<?=$order['a_id']?>" target="_blank" class="link1" style="margin:0"><?=htmlspecialchars($order['email'], ENT_QUOTES)?></a></p>
+        </div>
+        <div class="order-detail">
+            <h3>Name</h3>
+            <p><?=htmlspecialchars($order['a_first_name'], ENT_QUOTES)?> <?=htmlspecialchars($order['a_last_name'], ENT_QUOTES)?></p>
+        </div>
+        <div class="order-detail">
+            <h3>Address</h3>
+            <p style="text-align:right;"><?=htmlspecialchars($order['a_address_street'], ENT_QUOTES)?><br>
+                <?=htmlspecialchars($order['a_address_city'], ENT_QUOTES)?><br>
+                <?=htmlspecialchars($order['a_address_state'], ENT_QUOTES)?><br>
+                <?=htmlspecialchars($order['a_address_zip'], ENT_QUOTES)?><br>
+                <?=htmlspecialchars($order['a_address_country'], ENT_QUOTES)?>
+            </p>
+        </div>
+        <div class="order-detail">
+            <h3>Contact</h3>
+            <p style="text-align:right;"><?=htmlspecialchars($order['a_address_phone'], ENT_QUOTES)?>
+            </p>
+        </div>
+        <?php else: ?>
+        <p>The order is not associated with an account.</p>
+        <?php endif; ?>
+    </div>
+
+    <div class="content-block order-details">
+        <div class="block-header">
+            <i class="fa-solid fa-user fa-sm"></i>Customer Details
+        </div>
+        <div class="order-detail">
+            <h3>Email</h3>
+            <p><?=htmlspecialchars($order['payer_email'], ENT_QUOTES)?></p>
+        </div>
+        <div class="order-detail">
+            <h3>Name</h3>
+            <p><?=htmlspecialchars($order['first_name'], ENT_QUOTES)?> <?=htmlspecialchars($order['last_name'], ENT_QUOTES)?></p>
+        </div>
+        <div class="order-detail">
+            <h3>Address</h3>
+            <p style="text-align:right;"><?=htmlspecialchars($order['address_street'], ENT_QUOTES)?><br>
+                <?=htmlspecialchars($order['address_city'], ENT_QUOTES)?><br>
+                <?=htmlspecialchars($order['address_state'], ENT_QUOTES)?><br>
+                <?=htmlspecialchars($order['address_zip'], ENT_QUOTES)?><br>
+                <?=htmlspecialchars($order['address_country'], ENT_QUOTES)?>
+            </p>
+        </div>
+        <div class="order-detail">
+            <h3>Contact</h3>
+            <p style="text-align:right;"><?=htmlspecialchars($order['a_address_phone'], ENT_QUOTES)?>
+            </p>
+        </div>
+    </div>
+</div>
+
+<div class="content-block">
+    <div class="block-header">
+        <i class="fa-solid fa-bars fa-sm"></i>Order
+    </div>
+    <div class="table order-table">
+        <table>
+            <thead>
+                <tr>
+                    <td>Product</td>
+                    <td>Options</td>
+                    <td>Qty</td>
+                    <td class="responsive-hidden">Price</td>
+                    <td style="text-align:right;">Total</td>
+                </tr>
+            </thead>
+            <tbody>
+                <?php if (empty($order_items)): ?>
+                <tr>
+                    <td colspan="5" style="text-align:center;">There are no order items</td>
+                </tr>
+                <?php else: ?>
+                <?php 
+                    $subtotal = 0;    
+                    foreach ($order_items as $item): 
+                ?>
+                <tr>
+                    <td><?=$item['productcode']?> <?=$item['name'] ? htmlspecialchars($item['name'], ENT_QUOTES) : '(Product ' . $item['item_id'] . ')'?></td>
+                    <td><?=$item['item_options'] ? htmlspecialchars(str_replace(',', ', ', $item['item_options']), ENT_QUOTES) : '--'?></td>
+                    <td><?=$item['item_quantity']?></td>
+                    <td class="responsive-hidden"><?=currency_code?><?=number_format($item['item_price'], 2)?></td>
+                    <td style="text-align:right;"><?=currency_code?><?=number_format($item['item_price']*$item['item_quantity'], 2)?></td>
+                </tr>
+                <?php $subtotal += $item['item_price']*$item['item_quantity'];?>
+                <?php endforeach; ?>
+                <?php endif; ?>
+                <tr>
+                    <td colspan="5" class="item-list-end"></td>
+                </tr>
+                <tr>
+                    <td colspan="4" class="subtotal">Subtotal</td>
+                    <td class="num"><?=currency_code?><?=number_format($subtotal, 2)?></td>
+                </tr>
+                <tr>
+                    <td colspan="4" class="shipping">Shipping</td>
+                    <td class="num"><?=currency_code?><?=number_format($order['shipping_amount'], 2)?></td>
+                </tr>
+                <tr>
+                    <td colspan="4" class="shipping">Discount</td>
+                    <td class="num"><?=currency_code?><?=number_format(($order['payment_amount']+$order['shipping_amount'])-($subtotal), 2)?></td>
+                </tr>
+                <tr>
+                    <td colspan="4" class="shipping">VAT</td>
+                    <td class="num" style="border-bottom: 1px solid #f0f1f2;"><?=currency_code?><?=number_format($order['tax_amount'], 2)?></td>
+                </tr>
+                <tr>
+                    <td colspan="4" class="total">Total</td>
+                    <td class="num"><b><?=currency_code?><?=number_format($order['payment_amount'], 2)?></b></td>
+                </tr>
+            </tbody>
+        </table>
+    </div>
+</div>
+
+<div class="content-block">
+    <div class="block-header">
+        <i class="fa-solid fa-bars fa-sm"></i>Giftcards
+    </div>
+    <div class="table order-table">
+        <a href="index.php?page=order&id=<?=$_GET['id']?>&add_giftcard" class="btn">Relate giftcards</a>
+        <table>
+            <thead>
+                <tr>
+                    <td>Giftcard</td>
+                    <td>Valid</td>
+                    <td>Value</td>
+                </tr>
+            </thead>
+            <tbody>
+                <?php if (empty($giftcards)): ?>
+                <tr>
+                    <td colspan="5" style="text-align:center;">There are no order items</td>
+                </tr>
+                <?php else: ?>
+                <?php foreach ($giftcards as $giftcard): ?>
+                <tr>
+                    <td><?=$giftcard['discount_code']?></td>
+                    <td><?=$current_date >= strtotime($giftcard['start_date']) && $current_date <= strtotime($giftcard['end_date']) ? 'Yes' : 'No'?></td>
+                    <td><?=currency_code?><?=number_format($giftcard['discount_value'], 2)?></td>
+                </tr>
+                <?php endforeach; ?>
+                <?php endif; ?>
+                <tr>
+                    <td colspan="5" class="item-list-end"></td>
+                </tr>
+            </tbody>
+        </table>
+    </div>
+</div>
+
+<div class="content-block">
+    <div class="block-header">
+        <i class="fa-solid fa-bars fa-sm"></i>Invoice
+    </div>
+    <div class="table order-table">
+    <table>
+        <tr>
+            <td style="width:70px";>
+                <form action="index.php?page=factuur" method="post">
+                    <input type="hidden" name="txn_id" value="<?=$order['txn_id']?>">
+                    <input type="submit" class="btn" name="show_invoice" value="Show">
+                </form>
+            </td>
+            <td style="width: 157px;">
+                <form action="index.php?page=factuur" method="post">
+                    <input type="hidden" name="txn_id" value="<?=$order['txn_id']?>">
+                    <input type="submit" class="btn" name="email_invoice" value="Email to Customer" onclick="return confirm('Send invoice to customer?');">
+                </form>
+            </td>
+            <td>
+                <form action="index.php?page=factuur" method="post">
+                    <input type="hidden" name="txn_id" value="<?=$order['txn_id']?>">
+                    <input type="submit" class="btn" name="email_invoice_to_admin" value="Email to Admin" onclick="return confirm('Send invoice to admin?');">
+                </form>
+            </td>
+        </tr>
+    </table>
+    </div>
+</div>
+
+<?=template_admin_footer()?>

orders.php

@@ -1,172 +1,143 @@
 <?php
-defined('admin') or exit;
-// Retrieve the GET request parameters (if specified)
-$pagination_page = isset($_GET['pagination_page']) ? $_GET['pagination_page'] : 1;
-$search = isset($_GET['search']) ? $_GET['search'] : '';
-// Filters parameters
-$status = isset($_GET['status']) ? $_GET['status'] : '';
-$method = isset($_GET['method']) ? $_GET['method'] : '';
-$account_id = isset($_GET['account_id']) ? $_GET['account_id'] : '';
-// Order by column
-$order = isset($_GET['order']) && $_GET['order'] == 'ASC' ? 'ASC' : 'DESC';
-// Add/remove columns to the whitelist array
-$order_by_whitelist = ['id','first_name','total_products','payment_amount','payment_method','payment_status','created','payer_email'];
-$order_by = isset($_GET['order_by']) && in_array($_GET['order_by'], $order_by_whitelist) ? $_GET['order_by'] : 'created';
-// Number of results per pagination page
-$results_per_page = 20;
-// Declare query param variables
-$param1 = ($pagination_page - 1) * $results_per_page;
-$param2 = $results_per_page;
-$param3 = '%' . $search . '%';
-// SQL where clause
-$where = '';
-$where .= $search ? 'WHERE (t.first_name LIKE :search OR t.last_name LIKE :search OR t.id LIKE :search OR t.txn_id LIKE :search OR t.payer_email LIKE :search) ' : '';
-// Add filters
-// Payment status filter
-if ($status == 1) $where .= $where ? 'AND payment_status = "Completed" ' : 'WHERE payment_status = "Completed" ';
-if ($status == 2) $where .= $where ? 'AND payment_status = "Pending" ' : 'WHERE payment_status = "Pending" ';
-if ($status == 3) $where .= $where ? 'AND payment_status = "Cancelled" ' : 'WHERE payment_status = "Cancelled" ';
-if ($status == 4) $where .= $where ? 'AND payment_status = "Reversed" ' : 'WHERE payment_status = "Reversed" ';
-if ($status == 5) $where .= $where ? 'AND payment_status = "Shipped" ' : 'WHERE payment_status = "Shipped" ';
-// Payment method filter
-if ($method == 1) $where .= $where ? 'AND payment_method = "website" ' : 'WHERE payment_status = "website" ';
-if ($method == 2) $where .= $where ? 'AND payment_method = "paypal" ' : 'WHERE payment_status = "paypal" ';
-if ($method == 3) $where .= $where ? 'AND payment_method = "stripe" ' : 'WHERE payment_status = "stripe" ';
-// Account ID filter
-if ($account_id) $where .= $where ? 'AND account_id = :account_id ' : 'WHERE account_id = :account_id ';
-// Retrieve the total number of transactions
-$stmt = $pdo->prepare('SELECT COUNT(DISTINCT t.id) AS total FROM transactions t LEFT JOIN transactions_items ti ON ti.txn_id = t.txn_id ' . $where);
-if ($search) $stmt->bindParam('search', $param3, PDO::PARAM_STR);
-if ($account_id) $stmt->bindParam('account_id', $account_id, PDO::PARAM_INT);
-$stmt->execute();
-$orders_total = $stmt->fetchColumn();
-// Retrieve transactions 
-$stmt = $pdo->prepare('SELECT t.*, COUNT(ti.id) AS total_products FROM transactions t LEFT JOIN transactions_items ti ON ti.txn_id = t.txn_id ' . $where . ' GROUP BY t.id, t.txn_id, t.payment_amount, t.payment_status, t.created, t.payer_email, t.first_name, t.last_name, t.address_street, t.address_city, t.address_state, t.address_zip, t.address_country, t.account_id, t.payment_method, t.discount_code, t.shipping_method, t.shipping_amount ORDER BY ' . $order_by . ' ' . $order . ' LIMIT :start_results,:num_results');
-// Bind params
-$stmt->bindParam('start_results', $param1, PDO::PARAM_INT);
-$stmt->bindParam('num_results', $param2, PDO::PARAM_INT);
-if ($search) $stmt->bindParam('search', $param3, PDO::PARAM_STR);
-if ($account_id) $stmt->bindParam('account_id', $account_id, PDO::PARAM_INT);
-$stmt->execute();
-// Retrieve query results
-$orders = $stmt->fetchAll(PDO::FETCH_ASSOC);
+defined(page_security_key) or exit;
+
+if (debug && debug_id == $_SESSION['id']){
+    ini_set('display_errors', '1');
+    ini_set('display_startup_errors', '1');
+    error_reporting(E_ALL);  
+}
+
+include_once './assets/functions.php';
+include_once './settings/settings.php';
+
+//SET ORIGIN FOR NAVIGATION
+$prev_page = $_SESSION['prev_origin'] ?? '';
+$page = $_SESSION['origin'] = 'orders';
+
+//Check if allowed
+if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){
+    header('location: index.php');
+    exit;
+}
+
+//GET PARAMETERS
+$pagination_page = isset($_GET['p']) ? $_GET['p'] : 1;
+$search = isset($_GET['search']) ? '&search='.$_GET['search'] : '';
+
 // Determine the URL
-$url = 'index.php?page=orders&search=' . $search . '&status=' . $status . '&method=' . $method . '&account_id=' . $account_id;
+$url = 'index.php?page=transactions'.$search;
+//GET Details from URL
+$GET_VALUES = urlGETdetails($_GET) ?? '';
+//CALL TO API
+$api_url = '/v2/transactions/'.$GET_VALUES;
+$orders = ioServer($api_url,'');
+//Decode Payload
+if (!empty($orders)){$orders = json_decode($orders,true);}else{$orders = null;}
+
+//Return QueryTotal from API
+$api_url = '/v2/transactions/totals=';
+$query_total = ioServer($api_url,'');
+
+//Decode Payload
+if (!empty($query_total)){$query_total = json_decode($query_total,true);}else{$query_total = null;}
+
 // Handle success messages
 if (isset($_GET['success_msg'])) {
     if ($_GET['success_msg'] == 1) {
-        $success_msg = 'Order created successfully!';
+        $success_msg = $message_orders_1 ?? 'Created';
     }
     if ($_GET['success_msg'] == 2) {
-        $success_msg = 'Order updated successfully!';
+        $success_msg = $message_orders_2 ?? 'Updated';
     }
     if ($_GET['success_msg'] == 3) {
-        $success_msg = 'Order deleted successfully!';
+        $success_msg = $message_orders_3 ?? 'Deleted' ;
     }
 }
-?>
-<?=template_admin_header('Orders', 'orders')?>
 
+template_header('orders', 'orders','view');
+$view = '
 <div class="content-title">
     <div class="title">
-        <i class="fa-solid fa-cart-shopping"></i>
+        <i class="fa-solid fa-truck-fast"></i>
         <div class="txt">
-            <h2>Orders</h2>
-            <p>View, create, and search orders.</p>
+            <h2>'.($orders_h2 ?? 'orders').' ('.$query_total.')</h2>
+            <p>'.($orders_p ?? '').'</p>
         </div>
     </div>
-</div>
+</div>';
 
-<?php if (isset($success_msg)): ?>
-<div class="msg success">
-    <i class="fas fa-check-circle"></i>
-    <p><?=$success_msg?></p>
-    <i class="fas fa-times"></i>
-</div>
-<?php endif; ?>
+if (isset($success_msg)){
+$view .= ' <div class="msg success">
+                <i class="fas fa-check-circle"></i>
+                <p>'.$success_msg.'</p>
+                <i class="fas fa-times"></i>
+            </div>';
+}
 
+$view .= '
 <div class="content-header responsive-flex-column pad-top-5">
-    <a href="index.php?page=order_manage" class="btn">Create Order</a>
-    <form action="" method="get">
-        <input type="hidden" name="page" value="orders">
-        <div class="filters">
-            <a href="#"><i class="fas fa-sliders-h"></i> Filters</a>
-            <div class="list">
-                <select name="status">
-                    <option value="" disabled selected>Status</option>
-                    <option value="1"<?=$status==1?' selected':''?>>Completed</option>
-                    <option value="2"<?=$status==2?' selected':''?>>Pending</option>
-                    <option value="3"<?=$status==3?' selected':''?>>Cancelled</option>
-                    <option value="4"<?=$status==4?' selected':''?>>Reversed</option>
-                    <option value="5"<?=$status==5?' selected':''?>>Shipped</option>
-                </select>
-                <select name="method">
-                    <option value="" disabled selected>Method</option>
-                    <option value="1"<?=$method==1?' selected':''?>>Website</option>
-                    <option value="2"<?=$method==2?' selected':''?>>PayPal</option>
-                    <option value="3"<?=$method==3?' selected':''?>>Stripe</option>
-                </select>
-                <button type="submit">Apply</button>
-            </div>
-        </div>
-        <div class="search">
-            <label for="search">
-                <input id="search" type="text" name="search" placeholder="Search order..." value="<?=htmlspecialchars($search, ENT_QUOTES)?>" class="responsive-width-100">
-                <i class="fas fa-search"></i>
-            </label>
-        </div>
-    </form>
+    <a href="index.php?page=orders_manage" class="btn">'.($button_create_orders ?? 'Create order').'</a>
 </div>
-
 <div class="content-block">
     <div class="table">
         <table>
             <thead>
                 <tr>
-                    <td><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=id'?>">#<?php if ($order_by=='id'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
-                    <td><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=first_name'?>">Customer<?php if ($order_by=='first_name'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
-                    <td class="responsive-hidden"><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=payer_email'?>">Email<?php if ($order_by=='payer_email'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
-                    <td class="responsive-hidden"><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=total_products'?>">Products<?php if ($order_by=='total_products'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
-                    <td><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=payment_amount'?>">Total<?php if ($order_by=='payment_amount'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
-                    <td class="responsive-hidden"><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=payment_method'?>">Method<?php if ($order_by=='payment_method'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
-                    <td class="responsive-hidden"><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=payment_status'?>">Status<?php if ($order_by=='payment_status'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
-                    <td class="responsive-hidden"><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=created'?>">Date<?php if ($order_by=='created'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
-                    <td>Actions</td>
+                    <td>'.($orders_id ?? '#').'</td>
+                    <td>'.($orders_customer ?? 'name').'</td>
+                    <td>'.($orders_payment_amount ?? 'Total').'</td>
+                    <td class="responsive-hidden">'.($orders_method ?? 'Method').'</td>
+                    <td class="responsive-hidden">'.($orders_status ?? 'Status').'</td>
+                    <td class="responsive-hidden">'.($orders_created ?? 'Created').'</td>
+                    <td>'.$general_actions.'</td>
                 </tr>
             </thead>
-            <tbody>
-                <?php if (empty($orders)): ?>
-                <tr>
-                    <td colspan="9" style="text-align:center;">There are no orders</td>
-                </tr>
-                <?php else: ?>
-                <?php foreach ($orders as $i): ?>
-                <tr>
-                    <td><?=$i['id']?></td>
-                    <td><?=htmlspecialchars($i['first_name'], ENT_QUOTES)?> <?=htmlspecialchars($i['last_name'], ENT_QUOTES)?></td>
-                    <td class="responsive-hidden"><?=htmlspecialchars($i['payer_email'], ENT_QUOTES)?></td>
-                    <td class="responsive-hidden"><?=$i['total_products']?></td>
-                    <td><?=currency_code?><?=number_format($i['payment_amount'], 2)?></td>
-                    <td class="responsive-hidden"><?=$i['payment_method']?></td>
-                    <td class="responsive-hidden"><span class="status <?=strtolower($i['payment_status'])?>"><?=$i['payment_status']?></span></td>
-                    <td class="responsive-hidden"><?=date('F j, Y', strtotime($i['created']))?></td>
-                    <td><a href="index.php?page=order&id=<?=$i['id']?>" class="link1">View</a> <a href="index.php?page=order_manage&id=<?=$i['id']?>" class="link1">Edit</a></td>
-                </tr>
-                <?php endforeach; ?>
-                <?php endif; ?>
+            <tbody>';
+                if (empty($orders)){
+                $view .= '<tr>
+                            <td colspan="8" style="text-align:center;">'.($message_no_orders ?? 'There are no orders').'</td>
+                         </tr>';
+                }
+                else {
+                    foreach ($orders as $order){
+                   
+                        $view .= '
+                        <tr>
+                            <td>'.$order['id'].'</td>
+                            <td>'.$order['first_name'].' '.$order['last_name'].'</td>
+                            <td>'.number_format($order['payment_amount'], 2).'</td>
+                            <td class="responsive-hidden">'.$order['payment_method'].'</td>
+                            <td class="responsive-hidden">'.$order['payment_status'].'</td>
+                            <td class="responsive-hidden">'.getRelativeTime($order['created']).'</td>
+                            <td><a href="index.php?page=order&id='.$order['id'].'" class="btn_link">'.$general_view.'</a></td>
+                        </tr>';
+                    }
+                }
+             
+$view .= '                
             </tbody>
         </table>
     </div>
 </div>
+';
 
-<div class="pagination">
-    <?php if ($pagination_page > 1): ?>
-    <a href="<?=$url?>&pagination_page=<?=$pagination_page-1?>&order=<?=$order?>&order_by=<?=$order_by?>">Prev</a>
-    <?php endif; ?>
-    <span>Page <?=$pagination_page?> of <?=ceil($orders_total / $results_per_page) == 0 ? 1 : ceil($orders_total / $results_per_page)?></span>
-    <?php if ($pagination_page * $results_per_page < $orders_total): ?>
-    <a href="<?=$url?>&pagination_page=<?=$pagination_page+1?>&order=<?=$order?>&order_by=<?=$order_by?>">Next</a>
-    <?php endif; ?>
-</div>
+$view.='<div class="pagination">';
+if ($pagination_page > 1) {
+    $page = $pagination_page-1;
+    $view .= '<a href="'.$url.'&p=1">'.$general_first.'</a>';
+    $view .= '<a href="'.$url.'&p='.$page.'">'.$general_prev.'</a>';
+}
+$totals = ceil($query_total / $page_rows_transactions) == 0 ? 1 : ceil($query_total / $page_rows_transactions);
+$view .= '<span> '.$general_page.$pagination_page.$general_page_of.$totals.'</span>';
+if ($pagination_page * $page_rows_transactions < $query_total){
+    $page = $pagination_page+1;
+    $view .= '<a href="'.$url.'&p='.$page.'">'.$general_next.'</a>';
+    $view .= '<a href="'.$url.'&p='.$totals.'">'.$general_last.'</a>';
 
-<?=template_admin_footer()?>
+}
+$view .= '</div>';
+//OUTPUT
+echo $view;
+
+template_footer();
+?>

settings/settingsmenu.php

@@ -12,7 +12,7 @@ $main_menu = array ('dashboard','sales','buildtool','cartests','marketing','equi
 
 //Sub menus
 $equipments_sub = array('equipments','servicereports','rmas','histories','firmwaretool','equipments_mass_update');
-$sales_sub = array('accounts','contracts','catalog');
+$sales_sub = array('accounts','contracts','catalog','orders');
 $products_sub = array('products','products_attributes','pricelists');
 $admin_sub = array('users','categories','discounts','shipping','communications','partners','media');
 $reporting_sub = array('report_build','report_contracts_billing','report_healthindex','report_usage');
@@ -98,6 +98,12 @@ $urls = array(
         "icon" => "fas fa-tachometer-alt",
         "name" => "menu_sales_contracts"  
         ),
+    "orders" => array(
+        "url" => "orders", 
+        "selected" => "orders", 
+        "icon" => "fas fa-tachometer-alt",
+        "name" => "menu_sales_orders"  
+        ),
     "admin" => array(
         "url" => "partners", 
         "selected" => "partners", 
@@ -286,6 +292,7 @@ $supportedModifiers = ["0" =>"subtract", "1"=>"add"];
 // +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 $all_profiles = [
     "build",
+    "commerce",
     "distribution",
     "firmware",
     "garage",

settings/settingsprofiles.php

@@ -6,9 +6,11 @@ define('superuser_profile','dashboard,profile,assets,equipments,equipment,equipm
 /*Admin*/
 define('admin_profile','dashboard,profile,buildtool,sales,accounts,account,contracts,contract,contract_manage,cartests,cartest,cartest_manage,assets,equipments,equipment,equipment_healthindex,equipment_data,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,rmas,rma,rma_manage,rma_history,rma_history_manage,buildtool,products,products_versions,products_software,product,product_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,communications,communication,communication_send,marketing,reporting,report_build,report_contracts_billing,report_healthindex,changelog,application');
 /*AdminPlus*/
-define('adminplus_profile','dashboard,profile,buildtool,sales,accounts,account,contracts,contract,contract_manage,billing,cartests,cartest,cartest_manage,assets,equipments,equipment,equipment_healthindex,equipment_data,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,rmas,rma,rma_manage,rma_history,rma_history_manage,buildtool,products,products_versions,products_software,products_attributes,products_attributes_items,products_attributes_manage,products_configurations,products_categories,products_media,product,product_manage,pricelists,pricelists_items,pricelists_manage,catalog,categories,category,discounts,discount,shipping,shipping_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,communications,communication,communication_send,marketing,reporting,report_build,report_contracts_billing,report_healthindex,report_usage,config,settings,logfile,changelog,language,translations,translations_details,translation_manage,media,media_manage,application,maintenance,profiles,vin,shopping_cart,checkout,placeorder,taxes,transactions,transactions_items,invoice');
+define('adminplus_profile','dashboard,profile,buildtool,sales,accounts,account,contracts,contract,contract_manage,billing,cartests,cartest,cartest_manage,assets,equipments,equipment,equipment_healthindex,equipment_data,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,rmas,rma,rma_manage,rma_history,rma_history_manage,buildtool,products,products_versions,products_software,products_attributes,products_attributes_items,products_attributes_manage,products_configurations,products_categories,products_media,product,product_manage,pricelists,pricelists_items,pricelists_manage,catalog,categories,category,discounts,discount,shipping,shipping_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,communications,communication,communication_send,marketing,reporting,report_build,report_contracts_billing,report_healthindex,report_usage,config,settings,logfile,changelog,language,translations,translations_details,translation_manage,media,media_manage,application,maintenance,profiles,vin,shopping_cart,checkout,placeorder,taxes,transactions,transactions_items,invoice,order,orders');
 /*Build*/
 define('build','dashboard,profile,buildtool,firmwaretool,buildtool,products_software,application');
+/*Commerce*/
+define('commerce','dashboard,profile,assets,equipments,equipment,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,products,products_versions,products_software,product,product_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,marketing,application');
 /*Distribution*/
 define('distribution','dashboard,profile,assets,equipments,equipment,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,products,products_versions,products_software,product,product_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,marketing,application');
 /*Firmware*/

settings/settingsviews.php

@@ -93,7 +93,9 @@ $all_views = [
     "taxes",
     "transactions",
     "transactions_items",
-    "invoice"
+    "invoice",
+    "order",
+    "orders"
 ];
 
 ?>

shipping.php

@@ -125,7 +125,7 @@ $view .= '
                             <td class="responsive-hidden">'.number_format($shipment['price_from'], 2).' - '.number_format($shipment['price_to'], 2).'</td>
                             <td class="responsive-hidden">'.number_format($shipment['weight_from'], 2).' kg - '.number_format($shipment['weight_to'], 2).' kg</td>
                             <td><?=currency_code?>'.number_format($shipment['price'], 2).'</td>
-                            <td><a href="index.php?page=shipping_manage&id='.$shipment['id'].'" class="link1">'.$general_view.'</a></td>
+                            <td><a href="index.php?page=shipping_manage&id='.$shipment['id'].'" class="btn_link">'.$general_view.'</a></td>
                         </tr>';
                     }
                 }

taxes.php

@@ -63,7 +63,7 @@ if (isset($_GET['success_msg'])) {
                     <td class="responsive-hidden"><?=$tax['id']?></td>
                     <td><?=$tax['country']?></td>
                     <td><?=$tax['rate']?>%</td>
-                    <td><a href="index.php?page=tax&id=<?=$tax['id']?>" class="link1">Edit</a></td>
+                    <td><a href="index.php?page=tax&id=<?=$tax['id']?>" class="btn_link">Edit</a></td>
                 </tr>
                 <?php endforeach; ?>
                 <?php endif; ?>