diff --git a/.gitignore b/.gitignore index 413b735..80e923d 100644 --- a/.gitignore +++ b/.gitignore @@ -9,3 +9,4 @@ log/ assets/images/products/ settings/config.php settings/settings.php +variable_scan.php diff --git a/api/v1/get/accounts.php b/api/v1/get/accounts.php index 4024c8f..4931208 100644 --- a/api/v1/get/accounts.php +++ b/api/v1/get/accounts.php @@ -12,20 +12,8 @@ $pdo = dbConnect($dbname); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} //NEW ARRAY $criterias = []; diff --git a/api/v1/get/application.php b/api/v1/get/application.php index cf0ca01..772fd9e 100644 --- a/api/v1/get/application.php +++ b/api/v1/get/application.php @@ -29,24 +29,8 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el //------------------------------------------ //default whereclause //------------------------------------------ -$whereclause = ''; -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - case '2': - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE e.accounthierarchy like "'.$condition.'"'; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; - $whereclause = 'WHERE e.accounthierarchy like "'.$condition.'"'; - break; -} +list($whereclause,$condition) = getWhereclause('',$permission,$partner); //------------------------------------------ //NEW ARRAY diff --git a/api/v1/get/cartests.php b/api/v1/get/cartests.php index 76aa80b..4605eb6 100644 --- a/api/v1/get/cartests.php +++ b/api/v1/get/cartests.php @@ -12,24 +12,8 @@ $pdo = dbConnect($dbname); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - case '2': - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE accounthierarchy like :condition '; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; - $whereclause = 'WHERE accounthierarchy like :condition '; - break; -} //NEW ARRAY $criterias = []; diff --git a/api/v1/get/communications.php b/api/v1/get/communications.php index 0025932..db1ce91 100644 --- a/api/v1/get/communications.php +++ b/api/v1/get/communications.php @@ -12,20 +12,7 @@ $pdo = dbConnect($dbname); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; - -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE salesID like "'.$condition.'"'; - break; -} +list($whereclause,$condition) = getWhereclauselvl2('communications',$permission,$partner); //NEW ARRAY $criterias = []; diff --git a/api/v1/get/equipment_data.php b/api/v1/get/equipment_data.php index 3777193..66a83cd 100644 --- a/api/v1/get/equipment_data.php +++ b/api/v1/get/equipment_data.php @@ -15,24 +15,8 @@ $partner = json_decode($partnerhierarchy); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('equipment',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - case '2': - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE e.accounthierarchy like :condition '; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; - $whereclause = 'WHERE e.accounthierarchy like :condition '; - break; -} //------------------------------------------ //NEW ARRAY //------------------------------------------ diff --git a/api/v1/get/equipments.php b/api/v1/get/equipments.php index 68d1246..2b522cb 100644 --- a/api/v1/get/equipments.php +++ b/api/v1/get/equipments.php @@ -16,24 +16,8 @@ $partner = json_decode($partnerhierarchy); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('equipment',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - case '2': - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE e.accounthierarchy like :condition '; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; - $whereclause = 'WHERE e.accounthierarchy like :condition '; - break; -} //------------------------------------------ //NEW ARRAY //------------------------------------------ diff --git a/api/v1/get/partners.php b/api/v1/get/partners.php index a1dfd72..0dd52a1 100644 --- a/api/v1/get/partners.php +++ b/api/v1/get/partners.php @@ -12,20 +12,7 @@ $pdo = dbConnect($dbname); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; - -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE salesID like :condition'; - break; -} +list($whereclause,$condition) = getWhereclauselvl2('partners',$permission,$partner); //NEW ARRAY $criterias = []; diff --git a/api/v1/get/products.php b/api/v1/get/products.php index e90bde7..937c3ce 100644 --- a/api/v1/get/products.php +++ b/api/v1/get/products.php @@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el //default whereclause $whereclause = ''; -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE accounthierarchy like "'.$condition.'"'; - break; -} +list($whereclause,$condition) = getWhereclause('',$permission,$partner); //NEW ARRAY $criterias = []; diff --git a/api/v1/get/products_software.php b/api/v1/get/products_software.php index 355cf17..b589359 100644 --- a/api/v1/get/products_software.php +++ b/api/v1/get/products_software.php @@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el //default whereclause $whereclause = ''; -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE accounthierarchy like "'.$condition.'"'; - break; -} +list($whereclause,$condition) = getWhereclause('',$permission,$partner); //NEW ARRAY $criterias = []; diff --git a/api/v1/get/products_versions.php b/api/v1/get/products_versions.php index e5b0fd0..93c25a1 100644 --- a/api/v1/get/products_versions.php +++ b/api/v1/get/products_versions.php @@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el //default whereclause $whereclause = ''; -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE accounthierarchy like "'.$condition.'"'; - break; -} +list($whereclause,$condition) = getWhereclause('',$permission,$partner); //NEW ARRAY $criterias = []; diff --git a/api/v1/get/profile.php b/api/v1/get/profile.php index f4a9e6c..bf8442f 100644 --- a/api/v1/get/profile.php +++ b/api/v1/get/profile.php @@ -12,24 +12,8 @@ $partner = json_decode($partnerhierarchy); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('profile',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - case '2': - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE partnerhierarchy like :condition '; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; - $whereclause = 'WHERE partnerhierarchy like :condition '; - break; -} //NEW ARRAY $criterias = []; $clause = ''; diff --git a/api/v1/get/users.php b/api/v1/get/users.php index f409588..c832bf3 100644 --- a/api/v1/get/users.php +++ b/api/v1/get/users.php @@ -12,24 +12,8 @@ $partner = json_decode($partnerhierarchy); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('profile',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - case '2': - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE partnerhierarchy like :condition '; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; - $whereclause = 'WHERE partnerhierarchy like :condition '; - break; -} //NEW ARRAY $criterias = []; $clause = ''; diff --git a/api/v1/post/accounts.php b/api/v1/post/accounts.php index 4641908..2b30ba5 100644 --- a/api/v1/post/accounts.php +++ b/api/v1/post/accounts.php @@ -13,21 +13,9 @@ $post_content = json_decode(decode_payload($input),true); //SoldTo is empty if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} -//default whereclause to check if data is owned buy user -$whereclause = ''; +//default whereclause +list($whereclause,$condition) = getWhereclause('equipment',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} //SET PARAMETERS FOR QUERY $id = $post_content['rowID'] ?? ''; //check for rowID diff --git a/api/v1/post/communications.php b/api/v1/post/communications.php index e773669..f5eb043 100644 --- a/api/v1/post/communications.php +++ b/api/v1/post/communications.php @@ -14,20 +14,8 @@ $post_content = json_decode(decode_payload($input),true); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} //SET PARAMETERS FOR QUERY $id = $post_content['rowID'] ?? ''; //check for rowID diff --git a/api/v1/post/contracts.php b/api/v1/post/contracts.php index fd0384a..68e7eb6 100644 --- a/api/v1/post/contracts.php +++ b/api/v1/post/contracts.php @@ -16,22 +16,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el //default whereclause $whereclause = ''; -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - case '2': - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} +list($whereclause,$condition) = getWhereclause('',$permission,$partner); //SET PARAMETERS FOR QUERY $id = $post_content['rowID'] ?? ''; //check for rowID diff --git a/api/v1/post/equipments.php b/api/v1/post/equipments.php index d0a89b9..5951882 100644 --- a/api/v1/post/equipments.php +++ b/api/v1/post/equipments.php @@ -16,22 +16,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el //default whereclause $whereclause = ''; -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - case '2': - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} +list($whereclause,$condition) = getWhereclause('',$permission,$partner); //SET PARAMETERS FOR QUERY $id = $post_content['rowID'] ?? ''; //check for rowID diff --git a/api/v1/post/partners.php b/api/v1/post/partners.php index 530b981..65c688d 100644 --- a/api/v1/post/partners.php +++ b/api/v1/post/partners.php @@ -14,20 +14,7 @@ $post_content = json_decode(decode_payload($input),true); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause to check if data is owned by user -$whereclause = ''; - -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND salesID like "'.$condition.'"'; - break; -} +$whereclause = getWhereclauselvl2('partners',$permission,$partner); //SET PARAMETERS FOR QUERY $id = $post_content['partnerID'] ?? ''; //check for rowID diff --git a/api/v1/post/products.php b/api/v1/post/products.php index b1b1c2a..b851073 100644 --- a/api/v1/post/products.php +++ b/api/v1/post/products.php @@ -14,20 +14,8 @@ $post_content = json_decode(decode_payload($input),true); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} //SET PARAMETERS FOR QUERY $id = $post_content['rowID'] ?? ''; //check for rowID diff --git a/api/v1/post/products_software.php b/api/v1/post/products_software.php index f0893b4..04118ef 100644 --- a/api/v1/post/products_software.php +++ b/api/v1/post/products_software.php @@ -14,20 +14,8 @@ $post_content = json_decode(decode_payload($input),true); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} //ENSURE PRODUCTROWID IS SEND if (isset($post_content['productrowid']) && $post_content['productrowid'] != ''){ diff --git a/api/v1/post/products_versions.php b/api/v1/post/products_versions.php index beda5a3..dc63408 100644 --- a/api/v1/post/products_versions.php +++ b/api/v1/post/products_versions.php @@ -14,20 +14,8 @@ $post_content = json_decode(decode_payload($input),true); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} //ENSURE PRODUCTROWID IS SEND if (isset($post_content['productrowid']) && $post_content['productrowid'] != ''){ diff --git a/api/v1/post/users.php b/api/v1/post/users.php index 6a4ccf9..314b782 100644 --- a/api/v1/post/users.php +++ b/api/v1/post/users.php @@ -15,24 +15,8 @@ $owner_user = 0; if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause to check if data is owned by user -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('profile',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - case '2': - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND partnerhierarchy like "'.$condition.'"'; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; - $whereclause = ' AND partnerhierarchy like "'.$condition.'"'; - break; -} //SET PARAMETERS FOR QUERY $id = (isset($post_content['id'])) ? $post_content['id']: ''; //check for rowID diff --git a/api/v2/get/accounts.php b/api/v2/get/accounts.php index 1ab4634..8a80da3 100644 --- a/api/v2/get/accounts.php +++ b/api/v2/get/accounts.php @@ -12,20 +12,8 @@ $pdo = dbConnect($dbname); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} //NEW ARRAY $criterias = []; diff --git a/api/v2/get/cartests.php b/api/v2/get/cartests.php index 2fbbdb4..d091274 100644 --- a/api/v2/get/cartests.php +++ b/api/v2/get/cartests.php @@ -12,24 +12,8 @@ $pdo = dbConnect($dbname); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - case '2': - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE accounthierarchy like :condition '; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; - $whereclause = 'WHERE accounthierarchy like :condition '; - break; -} //NEW ARRAY $criterias = []; diff --git a/api/v2/get/categories.php b/api/v2/get/categories.php index 04e55b6..1503b89 100644 --- a/api/v2/get/categories.php +++ b/api/v2/get/categories.php @@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el //default whereclause $whereclause = ''; -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE accounthierarchy like "'.$condition.'"'; - break; -} +list($whereclause,$condition) = getWhereclause('',$permission,$partner); //NEW ARRAY $criterias = []; diff --git a/api/v2/get/discounts.php b/api/v2/get/discounts.php index 964a275..f188700 100644 --- a/api/v2/get/discounts.php +++ b/api/v2/get/discounts.php @@ -12,20 +12,7 @@ $pdo = dbConnect($dbname); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; - -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE d.accounthierarchy like "'.$condition.'"'; - break; -} +$whereclause = getWhereclauselvl2("discounts",$permission,$partner); //NEW ARRAY $criterias = []; diff --git a/api/v2/get/equipment_data.php b/api/v2/get/equipment_data.php index 67df24b..5def010 100644 --- a/api/v2/get/equipment_data.php +++ b/api/v2/get/equipment_data.php @@ -15,24 +15,8 @@ $partner = json_decode($partnerhierarchy); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('equipment',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - case '2': - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE e.accounthierarchy like :condition '; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; - $whereclause = 'WHERE e.accounthierarchy like :condition '; - break; -} //------------------------------------------ //NEW ARRAY //------------------------------------------ diff --git a/api/v2/get/equipment_healthindex.php b/api/v2/get/equipment_healthindex.php index 8698c96..8925b30 100644 --- a/api/v2/get/equipment_healthindex.php +++ b/api/v2/get/equipment_healthindex.php @@ -15,24 +15,8 @@ $partner = json_decode($partnerhierarchy); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('equipment',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - case '2': - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE e.accounthierarchy like :condition '; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; - $whereclause = 'WHERE e.accounthierarchy like :condition '; - break; -} //------------------------------------------ //NEW ARRAY //------------------------------------------ diff --git a/api/v2/get/equipments.php b/api/v2/get/equipments.php index 008513c..320ba85 100644 --- a/api/v2/get/equipments.php +++ b/api/v2/get/equipments.php @@ -15,24 +15,8 @@ $partner = json_decode($partnerhierarchy); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - case '2': - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE e.accounthierarchy like :condition '; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; - $whereclause = 'WHERE e.accounthierarchy like :condition '; - break; -} //------------------------------------------ //NEW ARRAY //------------------------------------------ diff --git a/api/v2/get/invoice.php b/api/v2/get/invoice.php index c38c1f7..b6042c0 100644 --- a/api/v2/get/invoice.php +++ b/api/v2/get/invoice.php @@ -12,20 +12,7 @@ $pdo = dbConnect($dbname); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; - -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE inv.accounthierarchy like "'.$condition.'"'; - break; -} +$whereclause = getWhereclauselvl2("invoice",$permission,$partner); //NEW ARRAY $criterias = []; @@ -62,7 +49,8 @@ if(isset($criterias['totals']) && $criterias['totals'] ==''){ } elseif (isset($criterias['list']) && $criterias['list'] =='invoice'){ //SQL for Paging - $sql = 'SELECT tx.*, txi.*, p.productname, inv.id as invoice, inv.created as invoice_created FROM transactions tx + $sql = 'SELECT tx.*, txi.item_id as item_id,txi.item_price as item_price, txi.item_quantity as item_quantity, txi.item_options as item_options, p.productcode, p.productname, inv.id as invoice, inv.created as invoice_created + FROM transactions tx left join invoice inv ON tx.id = inv.txn_id left join transactions_items txi ON tx.id = txi.txn_id left join products p ON p.rowID = txi.item_id '.$whereclause; diff --git a/api/v2/get/media.php b/api/v2/get/media.php index 08e010e..32ec1dc 100644 --- a/api/v2/get/media.php +++ b/api/v2/get/media.php @@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el //default whereclause $whereclause = ''; -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE accounthierarchy like "'.$condition.'"'; - break; -} +list($whereclause,$condition) = getWhereclause('',$permission,$partner); //NEW ARRAY $criterias = []; diff --git a/api/v2/get/pricelists.php b/api/v2/get/pricelists.php index 4ed1645..f56e125 100644 --- a/api/v2/get/pricelists.php +++ b/api/v2/get/pricelists.php @@ -12,20 +12,7 @@ $pdo = dbConnect($dbname); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; - -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE pls.accounthierarchy like "'.$condition.'"'; - break; -} +list($whereclause,$condition) = getWhereclause('pricelist',$permission,$partner); //NEW ARRAY $criterias = []; diff --git a/api/v2/get/pricelists_items.php b/api/v2/get/pricelists_items.php index e150f39..dc327d9 100644 --- a/api/v2/get/pricelists_items.php +++ b/api/v2/get/pricelists_items.php @@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el //default whereclause $whereclause = ''; -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE accounthierarchy like "'.$condition.'"'; - break; -} +list($whereclause,$condition) = getWhereclause('',$permission,$partner); //NEW ARRAY $criterias = []; diff --git a/api/v2/get/products.php b/api/v2/get/products.php index fc3c13c..ac0f98a 100644 --- a/api/v2/get/products.php +++ b/api/v2/get/products.php @@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el //default whereclause $whereclause = ''; -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE accounthierarchy like "'.$condition.'"'; - break; -} +list($whereclause,$condition) = getWhereclause('',$permission,$partner); //NEW ARRAY $criterias = []; diff --git a/api/v2/get/products_attributes.php b/api/v2/get/products_attributes.php index d261a32..ec6b003 100644 --- a/api/v2/get/products_attributes.php +++ b/api/v2/get/products_attributes.php @@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el //default whereclause $whereclause = ''; -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE accounthierarchy like "'.$condition.'"'; - break; -} +list($whereclause,$condition) = getWhereclause('',$permission,$partner); //NEW ARRAY $criterias = []; diff --git a/api/v2/get/products_attributes_items.php b/api/v2/get/products_attributes_items.php index 9043616..1792741 100644 --- a/api/v2/get/products_attributes_items.php +++ b/api/v2/get/products_attributes_items.php @@ -12,20 +12,7 @@ $pdo = dbConnect($dbname); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; - -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE pat.accounthierarchy like "'.$condition.'"'; - break; -} +$whereclause = getWhereclauselvl2("attributes",$permission,$partner); //NEW ARRAY $criterias = []; diff --git a/api/v2/get/products_categories.php b/api/v2/get/products_categories.php index f6f5939..e87f9d5 100644 --- a/api/v2/get/products_categories.php +++ b/api/v2/get/products_categories.php @@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el //default whereclause $whereclause = ''; -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE accounthierarchy like "'.$condition.'"'; - break; -} +list($whereclause,$condition) = getWhereclause('',$permission,$partner); //NEW ARRAY $criterias = []; diff --git a/api/v2/get/products_configurations.php b/api/v2/get/products_configurations.php index 6a54d20..d1bbcad 100644 --- a/api/v2/get/products_configurations.php +++ b/api/v2/get/products_configurations.php @@ -12,20 +12,7 @@ $pdo = dbConnect($dbname); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; - -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE pc.accounthierarchy like "'.$condition.'"'; - break; -} +$whereclause = getWhereclauselvl2("config",$permission,$partner); //NEW ARRAY $criterias = []; diff --git a/api/v2/get/products_software.php b/api/v2/get/products_software.php index 47538d4..39afbed 100644 --- a/api/v2/get/products_software.php +++ b/api/v2/get/products_software.php @@ -12,20 +12,7 @@ $pdo = dbConnect($dbname); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; - -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE p.accounthierarchy like "'.$condition.'"'; - break; -} +$whereclause = getWhereclauselvl2("software",$permission,$partner); //NEW ARRAY $criterias = []; diff --git a/api/v2/get/products_versions.php b/api/v2/get/products_versions.php index 9316ecb..cd95647 100644 --- a/api/v2/get/products_versions.php +++ b/api/v2/get/products_versions.php @@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el //default whereclause $whereclause = ''; -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE accounthierarchy like "'.$condition.'"'; - break; -} +list($whereclause,$condition) = getWhereclause('',$permission,$partner); //NEW ARRAY $criterias = []; diff --git a/api/v2/get/rma.php b/api/v2/get/rma.php index c54f6b7..d8c0cc3 100644 --- a/api/v2/get/rma.php +++ b/api/v2/get/rma.php @@ -11,24 +11,8 @@ $pdo = dbConnect($dbname); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - case '2': - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE accounthierarchy like :condition '; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; - $whereclause = 'WHERE accounthierarchy like :condition '; - break; -} //NEW ARRAY $criterias = []; diff --git a/api/v2/get/rma_history.php b/api/v2/get/rma_history.php index e16196f..99378d4 100644 --- a/api/v2/get/rma_history.php +++ b/api/v2/get/rma_history.php @@ -11,24 +11,8 @@ $pdo = dbConnect($dbname); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - case '2': - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE accounthierarchy like :condition '; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; - $whereclause = 'WHERE accounthierarchy like :condition '; - break; -} //NEW ARRAY $criterias = []; diff --git a/api/v2/get/shipping.php b/api/v2/get/shipping.php index c2d80ea..ebaf988 100644 --- a/api/v2/get/shipping.php +++ b/api/v2/get/shipping.php @@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el //default whereclause $whereclause = ''; -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE accounthierarchy like "'.$condition.'"'; - break; -} +list($whereclause,$condition) = getWhereclause('',$permission,$partner); //NEW ARRAY $criterias = []; diff --git a/api/v2/get/taxes.php b/api/v2/get/taxes.php index 8a845b2..5dd0a90 100644 --- a/api/v2/get/taxes.php +++ b/api/v2/get/taxes.php @@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el //default whereclause $whereclause = ''; -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE accounthierarchy like "'.$condition.'"'; - break; -} +list($whereclause,$condition) = getWhereclause('',$permission,$partner); //NEW ARRAY $criterias = []; diff --git a/api/v2/get/transactions.php b/api/v2/get/transactions.php index 935039b..286974b 100644 --- a/api/v2/get/transactions.php +++ b/api/v2/get/transactions.php @@ -12,20 +12,7 @@ $pdo = dbConnect($dbname); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; - -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE tx.accounthierarchy like "'.$condition.'"'; - break; -} +$whereclause = getWhereclauselvl2("transactions",$permission,$partner); //NEW ARRAY $criterias = []; @@ -62,8 +49,16 @@ if(isset($get_content) && $get_content!=''){ //Define Query if(isset($criterias['totals']) && $criterias['totals'] ==''){ //Request for total rows - $sql = 'SELECT count(*) as count FROM transactions '.$whereclause.''; + $sql = 'SELECT count(*) as count FROM transactions tx '.$whereclause.''; } +elseif (isset($criterias['list']) && $criterias['list'] =='order'){ + //SQL for Paging + $sql = 'SELECT tx.*, txi.item_id as item_id,txi.item_price as item_price, txi.item_quantity as item_quantity, txi.item_options as item_options, p.productcode, p.productname, inv.id as invoice, inv.created as invoice_created + FROM transactions tx + left join invoice inv ON tx.id = inv.txn_id + left join transactions_items txi ON tx.id = txi.txn_id + left join products p ON p.rowID = txi.item_id '.$whereclause; +} else { //SQL for Paging $sql = 'SELECT * FROM transactions tx '.$whereclause.' LIMIT :page,:num_products'; @@ -95,6 +90,12 @@ if(isset($criterias['totals']) && $criterias['totals']==''){ $stmt->execute(); $messages = $stmt->fetch(); $messages = $messages[0]; +} +elseif (isset($criterias['list']) && $criterias['list']=='order'){ + $stmt->execute(); + //Get results + $messages = $stmt->fetchAll(PDO::FETCH_ASSOC); + $messages = transformOrderData($messages); } else { $current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1; diff --git a/api/v2/get/transactions_items.php b/api/v2/get/transactions_items.php index f63f05c..cd24231 100644 --- a/api/v2/get/transactions_items.php +++ b/api/v2/get/transactions_items.php @@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el //default whereclause $whereclause = ''; -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE accounthierarchy like "'.$condition.'"'; - break; -} +list($whereclause,$condition) = getWhereclause('',$permission,$partner); //NEW ARRAY $criterias = []; diff --git a/api/v2/get/translations.php b/api/v2/get/translations.php index f068a3d..a57549a 100644 --- a/api/v2/get/translations.php +++ b/api/v2/get/translations.php @@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el //default whereclause $whereclause = ''; -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE accounthierarchy like "'.$condition.'"'; - break; -} +list($whereclause,$condition) = getWhereclause('',$permission,$partner); //NEW ARRAY $criterias = []; diff --git a/api/v2/get/translations_details.php b/api/v2/get/translations_details.php index 6abd3ec..e8aa87b 100644 --- a/api/v2/get/translations_details.php +++ b/api/v2/get/translations_details.php @@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el //default whereclause $whereclause = ''; -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE accounthierarchy like "'.$condition.'"'; - break; -} +list($whereclause,$condition) = getWhereclause('',$permission,$partner); //NEW ARRAY $criterias = []; diff --git a/api/v2/get/users.php b/api/v2/get/users.php index 797231b..b497dd0 100644 --- a/api/v2/get/users.php +++ b/api/v2/get/users.php @@ -12,24 +12,8 @@ $partner = json_decode($partnerhierarchy); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('profile',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - case '2': - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = 'WHERE partnerhierarchy like :condition '; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; - $whereclause = 'WHERE partnerhierarchy like :condition '; - break; -} //NEW ARRAY $criterias = []; $clause = ''; diff --git a/api/v2/post/accounts.php b/api/v2/post/accounts.php index bbe1688..4d694fc 100644 --- a/api/v2/post/accounts.php +++ b/api/v2/post/accounts.php @@ -13,21 +13,8 @@ $post_content = json_decode($input,true); //SoldTo is empty if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} -//default whereclause to check if data is owned buy user -$whereclause = ''; - -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} +//default whereclause +list($whereclause,$condition) = getWhereclause('equipment',$permission,$partner); //SET PARAMETERS FOR QUERY $id = $post_content['rowID'] ?? ''; //check for rowID diff --git a/api/v2/post/categories.php b/api/v2/post/categories.php index 046cd58..ce818a8 100644 --- a/api/v2/post/categories.php +++ b/api/v2/post/categories.php @@ -14,20 +14,8 @@ $post_content = json_decode($input,true); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +$whereclause = getWhereclauselvl2("categories",$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND c.accounthierarchy like "'.$condition.'"'; - break; -} //BUILD UP PARTNERHIERARCHY FROM USER $partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE); diff --git a/api/v2/post/contracts.php b/api/v2/post/contracts.php index 072c2bf..0860704 100644 --- a/api/v2/post/contracts.php +++ b/api/v2/post/contracts.php @@ -16,22 +16,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el //default whereclause $whereclause = ''; -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - case '2': - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} +list($whereclause,$condition) = getWhereclause('',$permission,$partner); //SET PARAMETERS FOR QUERY $id = $post_content['rowID'] ?? ''; //check for rowID diff --git a/api/v2/post/discounts.php b/api/v2/post/discounts.php index 8c17d4c..faaa9f2 100644 --- a/api/v2/post/discounts.php +++ b/api/v2/post/discounts.php @@ -14,20 +14,8 @@ $post_content = json_decode($input,true); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} //BUILD UP PARTNERHIERARCHY FROM USER $partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE); diff --git a/api/v2/post/equipments.php b/api/v2/post/equipments.php index 612f15b..3e58a59 100644 --- a/api/v2/post/equipments.php +++ b/api/v2/post/equipments.php @@ -16,22 +16,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el //default whereclause $whereclause = ''; -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - case '2': - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} +list($whereclause,$condition) = getWhereclause('',$permission,$partner); //SET PARAMETERS FOR QUERY $id = $post_content['rowID'] ?? ''; //check for rowID diff --git a/api/v2/post/invoice.php b/api/v2/post/invoice.php index b229643..c3fa5f4 100644 --- a/api/v2/post/invoice.php +++ b/api/v2/post/invoice.php @@ -14,20 +14,8 @@ $post_content = json_decode($input,true); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} //SET PARAMETERS FOR QUERY $id = $post_content['id'] ?? ''; //check for rowID diff --git a/api/v2/post/media.php b/api/v2/post/media.php index c15ce55..256440c 100644 --- a/api/v2/post/media.php +++ b/api/v2/post/media.php @@ -14,20 +14,8 @@ $post_content = json_decode($input,true); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} //SET PARAMETERS FOR QUERY $id = $post_content['rowID'] ?? ''; //check for rowID diff --git a/api/v2/post/placeorder.php b/api/v2/post/placeorder.php index 67acfae..b6e7b37 100644 --- a/api/v2/post/placeorder.php +++ b/api/v2/post/placeorder.php @@ -110,6 +110,11 @@ if (isset($post_content['cart']) && isset($post_content['checkout_input']) && is $stmt->execute([$transaction_id, $product['id'], $product['options_price'], $product['quantity'], $options]); } + //CHECK IF GIFTCARD IS USED AND THEN DISABLE IT + if ($checkout_input['discount_code'] !=''){ + useGiftCart($pdo,$checkout_input['discount_code'],$partner_product); + } + //Return to checkout page $messages = [ "id" => $transaction_id, diff --git a/api/v2/post/pricelists.php b/api/v2/post/pricelists.php index 2bae067..97068a3 100644 --- a/api/v2/post/pricelists.php +++ b/api/v2/post/pricelists.php @@ -14,20 +14,8 @@ $post_content = json_decode($input,true); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} //SET PARAMETERS FOR QUERY $id = $post_content['rowID'] ?? ''; //check for rowID diff --git a/api/v2/post/pricelists_items.php b/api/v2/post/pricelists_items.php index 08a84ca..7af14da 100644 --- a/api/v2/post/pricelists_items.php +++ b/api/v2/post/pricelists_items.php @@ -14,20 +14,8 @@ $post_content = json_decode($input,true); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} //SET PARAMETERS FOR QUERY $id = $post_content['rowID'] ?? ''; //check for rowID diff --git a/api/v2/post/products.php b/api/v2/post/products.php index 017f800..f6670e4 100644 --- a/api/v2/post/products.php +++ b/api/v2/post/products.php @@ -14,20 +14,8 @@ $post_content = json_decode($input,true); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} //SET PARAMETERS FOR QUERY $id = $post_content['rowID'] ?? ''; //check for rowID diff --git a/api/v2/post/products_attributes.php b/api/v2/post/products_attributes.php index ccc68a6..a8d4d19 100644 --- a/api/v2/post/products_attributes.php +++ b/api/v2/post/products_attributes.php @@ -14,20 +14,8 @@ $post_content = json_decode($input,true); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} //SET PARAMETERS FOR QUERY $id = $post_content['rowID'] ?? ''; //check for rowID diff --git a/api/v2/post/products_attributes_items.php b/api/v2/post/products_attributes_items.php index 0a0cb86..72b30c5 100644 --- a/api/v2/post/products_attributes_items.php +++ b/api/v2/post/products_attributes_items.php @@ -14,20 +14,8 @@ $post_content = json_decode($input,true); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} //SET PARAMETERS FOR QUERY $id = $post_content['rowID'] ?? ''; //check for rowID diff --git a/api/v2/post/products_categories.php b/api/v2/post/products_categories.php index bbc1fda..3c83365 100644 --- a/api/v2/post/products_categories.php +++ b/api/v2/post/products_categories.php @@ -14,20 +14,8 @@ $post_content = json_decode($input,true); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} //CHECK IF PRODUCT ID IS SEND if (isset($post_content['product_id']) && $post_content['product_id'] != ''){ diff --git a/api/v2/post/products_configurations.php b/api/v2/post/products_configurations.php index b50bb20..32f3a53 100644 --- a/api/v2/post/products_configurations.php +++ b/api/v2/post/products_configurations.php @@ -14,20 +14,8 @@ $post_content = json_decode($input,true); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} //ENSURE PRODUCTROWID IS SEND if (isset($post_content['productrowid']) && $post_content['productrowid'] != ''){ diff --git a/api/v2/post/products_software.php b/api/v2/post/products_software.php index 50edf4a..fdb37d8 100644 --- a/api/v2/post/products_software.php +++ b/api/v2/post/products_software.php @@ -14,20 +14,8 @@ $post_content = json_decode($input,true); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} //ENSURE PRODUCTROWID IS SEND if (isset($post_content['productrowid']) && $post_content['productrowid'] != ''){ diff --git a/api/v2/post/products_versions.php b/api/v2/post/products_versions.php index 2355dd3..8940d9b 100644 --- a/api/v2/post/products_versions.php +++ b/api/v2/post/products_versions.php @@ -14,20 +14,8 @@ $post_content = json_decode($input,true); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} //ENSURE PRODUCTROWID IS SEND if (isset($post_content['productrowid']) && $post_content['productrowid'] != ''){ diff --git a/api/v2/post/shipping.php b/api/v2/post/shipping.php index dc0b8c3..e887738 100644 --- a/api/v2/post/shipping.php +++ b/api/v2/post/shipping.php @@ -14,20 +14,8 @@ $post_content = json_decode($input,true); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} //BUILD UP PARTNERHIERARCHY FROM USER $partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE); diff --git a/api/v2/post/transactions.php b/api/v2/post/transactions.php index a8ea78c..fcf2de4 100644 --- a/api/v2/post/transactions.php +++ b/api/v2/post/transactions.php @@ -14,20 +14,8 @@ $post_content = json_decode($input,true); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} //WEBSHOP UPDATE CAN SEND TXN_ID ONLY if (isset($post_content['txn_id']) && $post_content['txn_id'] != '' && !isset($post_content['id'])){ @@ -65,6 +53,20 @@ $partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$par //ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE if ($command == 'update'){ + //CHECK IF PAYMENT STATUS is PAID (1) + if(isset($post_content['payment_status']) && $post_content['payment_status'] == 1){ + + //check if GIFTCARD ID IS PROVIDED AND NOT EMPTY + if(isset($post_content['giftcard_categoryID']) && $post_content['giftcard_categoryID'] != ''){ + + //CHECK FOR GIFTCARDS IN ORDER AND CREATE WHEN AVAILABLE AND NOT CREATED YET + createGiftCart($pdo, $post_content['id'], $post_content['giftcard_categoryID'],$partner_product); + + //remove giftcard_categoryID from $post_content array + unset($post_content['giftcard_categoryID']); + } + } + } elseif ($command == 'insert'){ $post_content['accounthierarchy'] = $partner_product; diff --git a/api/v2/post/translations.php b/api/v2/post/translations.php index 924dbfd..144ab57 100644 --- a/api/v2/post/translations.php +++ b/api/v2/post/translations.php @@ -14,20 +14,8 @@ $post_content = json_decode($input,true); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} //SET PARAMETERS FOR QUERY $id = $post_content['rowID'] ?? ''; //check for rowID diff --git a/api/v2/post/translations_details.php b/api/v2/post/translations_details.php index 84b4bb6..040d4a2 100644 --- a/api/v2/post/translations_details.php +++ b/api/v2/post/translations_details.php @@ -14,20 +14,8 @@ $post_content = json_decode($input,true); if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause -$whereclause = ''; +list($whereclause,$condition) = getWhereclause('',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND accounthierarchy like "'.$condition.'"'; - break; -} //SET PARAMETERS FOR QUERY $id = $post_content['rowID'] ?? ''; //check for rowID diff --git a/api/v2/post/users.php b/api/v2/post/users.php index be1b8ef..92e209c 100644 --- a/api/v2/post/users.php +++ b/api/v2/post/users.php @@ -14,25 +14,9 @@ $owner_user = 0; //SoldTo is empty if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} -//default whereclause to check if data is owned by user -$whereclause = ''; +//default whereclause +list($whereclause,$condition) = getWhereclause('profile',$permission,$partner); -switch ($permission) { - case '4': - $whereclause = ''; - break; - case '3': - $whereclause = ''; - break; - case '2': - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; - $whereclause = ' AND partnerhierarchy like "'.$condition.'"'; - break; - default: - $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; - $whereclause = ' AND partnerhierarchy like "'.$condition.'"'; - break; -} //SET PARAMETERS FOR QUERY $id = (isset($post_content['id'])) ? $post_content['id']: ''; //check for rowID diff --git a/assets/functions.php b/assets/functions.php index a88acaf..099dff3 100644 --- a/assets/functions.php +++ b/assets/functions.php @@ -190,6 +190,7 @@ function menu($selected,$selected_child){ } return $menu; } + //------------------------------------------ // Template Header //------------------------------------------ @@ -642,6 +643,89 @@ function ioAPIv2($api_call, $data, $token){ return $resp; } +//------------------------------------------ +// DEFINE WHERECLAUSE BASED ON ACCOUNTHIERARCHY ALL +//------------------------------------------ + +function getWhereclause($table_name,$permission,$partner){ + + //api_name converter to table + $table =[ + "equipment" => "e.accounthierarchy", + "profile" => "partnerhierarchy" + ]; + + $table = ($table_name != '') ? $table[$table_name] : 'accounthierarchy'; + + //SoldTo is empty + if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} + + //default whereclause + $whereclause = ''; + + switch ($permission) { + case '4': + $whereclause = ''; + break; + case '3': + $whereclause = ''; + break; + case '2': + $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; + $whereclause = 'WHERE '.$table.' like :condition '; + break; + default: + $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; + $whereclause = 'WHERE '.$table.' like :condition '; + break; + } + + return array($whereclause,$condition); +} + +//------------------------------------------ +// DEFINE WHERECLAUSE BASED ON ACCOUNTHIERARCHY SALES AND SOLD +//------------------------------------------ +function getWhereclauselvl2($table_name,$permission,$partner){ + + //api_name converter to table + $table =[ + "pricelist" => "pls.accounthierarchy", + "communications" => "salesID", + "partners" => "salesID", + "discounts" => "d.accounthierarchy", + "invoice" => "inv.accounthierarchy", + "attributes" => "pat.accounthierarchy", + "config" => "pc.accounthierarchy", + "software" => "p.accounthierarchy", + "transactions" => "tx.accounthierarchy", + "categories" => "c.accounthierarchy" + ]; + + $table = ($table_name != '') ? $table[$table_name] : 'accounthierarchy'; + + //SoldTo is empty + if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} + + //default whereclause + $whereclause = ''; + + switch ($permission) { + case '4': + $whereclause = ''; + break; + case '3': + $whereclause = ''; + break; + default: + $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; + $whereclause = 'WHERE '.$table.' like "'.$condition.'"'; + break; +} + + return array($whereclause,$condition); +} + //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ //get user profile||$profile=settings, $permision = userright() //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ @@ -3439,14 +3523,26 @@ function transformOrderData(array $orderData): array { $firstRow = $orderData[0]; $result = [ + 'header' => [ + "id" => $firstRow['id'], + "txn_id" => $firstRow['txn_id'], + "payment_status" => $firstRow['payment_status'], + "payment_method" => $firstRow['payment_method'], + "shipping_method" => $firstRow['shipping_method'], + "discount_code" => $firstRow['discount_code'], + "created" => $firstRow['created'], + "updated " => $firstRow['updated'] + ], 'customer' => [ + 'account_id' => $firstRow['account_id'], 'email' => $firstRow['payer_email'], 'name' => $firstRow['first_name'] . ' ' . $firstRow['last_name'], 'street' => $firstRow['address_street'], 'zip' => $firstRow['address_zip'], + 'state' => $firstRow['address_state'], 'city' => $firstRow['address_city'], - 'country' => $firstRow['address_country'] - + 'country' => $firstRow['address_country'], + 'phone' => $firstRow['address_phone'] ], 'products' => [], 'invoice' => [ @@ -3477,6 +3573,7 @@ function transformOrderData(array $orderData): array { // Add product information $result['products'][] = [ 'item_id' => $row['item_id'], + 'productcode' => $row['productcode'], 'product_name' => $row['productname'], 'options' => $itemOptions, 'quantity' => $row['item_quantity'], @@ -3493,4 +3590,67 @@ function transformOrderData(array $orderData): array { $result['pricing']['payment_amount'] = number_format(floatval($result['pricing']['payment_amount']), 2, '.', ''); return $result; +} + +//============================================= +// Use giftcart +//============================================= + +function useGiftCart($pdo, $discount_code, $accounthierarchy){ + + // Get the current date + $end_date = date("Y-m-d H:i:s"); + + //Check if Giftcard already exists + $stmt = $pdo->prepare('SELECT * from discounts WHERE discount_code = ? AND accounthierarchy = ?'); + $stmt->execute([$discount_code,$accounthierarchy]); + $discount_exist = $stmt->fetchAll(PDO::FETCH_ASSOC); + + if (!empty($discount_exist) || $discount_exist != '') { + //Update Giftcard end data + $stmt = $pdo->prepare('UPDATE discounts SET end_date = ? WHERE discount_code = ? AND accounthierarchy = ?'); + $stmt->execute([$end_date,$discount_code, $accounthierarchy]); + } +} + +function createGiftCart($pdo, $orderID, $giftcard_categoryID,$accounthierarchy){ + + //Check if Giftcard is ordered + $stmt = $pdo->prepare('SELECT t.payer_email as email, ti.id as id, t.txn_id as txn, ti.item_price as item_price, ti.item_quantity as item_quantity FROM transactions t INNER JOIN transactions_items ti ON t.txn_id = ti.txn_id INNER JOIN products_categories p ON ti.item_id = p.product_id WHERE p.category_id = ? AND ti.txn_id = ? AND accounthierarchy = ?'); + $stmt->execute([$giftcard_categoryID,$orderID,$accounthierarchy]); + $giftcards = $stmt->fetchAll(PDO::FETCH_ASSOC); + + if ($giftcards) { + foreach ($giftcards as $giftcard) { + + //For each quantity + $x = 0; + + while ($x < $giftcard['item_quantity']){ + + //Generate discount code = TXN/ID/X + $discount_code = $giftcard['txn'].'#'.$giftcard['id'].'#'.$x; + $value = $giftcard['item_price']; + + // Get the current date + $start_date = date("Y-m-d H:i:s"); + $end_date = date("Y-m-d H:i:s", strtotime("+5 years"));; + + //Check if Giftcard already exists + $stmt = $pdo->prepare('SELECT * from discounts WHERE discount_code = ? AND accounthierarchy = ?'); + $stmt->execute([$discount_code,$accounthierarchy]); + $discount_exist = $stmt->fetchAll(PDO::FETCH_ASSOC); + + if (empty($discount_exist) || $discount_exist == '') { + //Insert Giftcard + $discount_type = 0; //Fixed + //SQL Insert + $stmt = $pdo->prepare('INSERT INTO discounts (discount_code,discount_type,discount_value,start_date,end_date,accounthierarchy) VALUES (?,?,?,?,?,?)'); + $stmt->execute([$discount_code, $discount_type, $value, $start_date, $end_date,$accounthierarchy]); + } + $x++; + } + } + + } } \ No newline at end of file diff --git a/categories.php b/categories.php index 3229530..2ece3c7 100644 --- a/categories.php +++ b/categories.php @@ -62,7 +62,7 @@ function admin_populate_categories($categories, $parent_id = 0, $n = 0) { -' . str_repeat('----', $n) . '' . $category['name'] . ' '.(($category['filter'] == 1) ? 'V' : '').' - Edit (ID =' . $category['rowID'] . ') + Edit (ID =' . $category['rowID'] . ') '; $html .= admin_populate_categories($categories, $category['rowID'], $n+1); diff --git a/discount.php b/discount.php index 7ad0af6..778fe37 100644 --- a/discount.php +++ b/discount.php @@ -166,8 +166,8 @@ $view .= ' diff --git a/discounts.php b/discounts.php index f511e7d..27e3842 100644 --- a/discounts.php +++ b/discounts.php @@ -116,7 +116,7 @@ $view .= ' '.$discount['discount_value'].' '.date('Y-m-d h:ia', strtotime($discount['start_date'])).' '.date('Y-m-d h:ia', strtotime($discount['end_date'])).' - '.$general_view.' + '.$general_view.' '; } diff --git a/order.php b/order.php index 49b5ae3..2764041 100644 --- a/order.php +++ b/order.php @@ -1,163 +1,199 @@ prepare('SELECT ti.*, p.productcode, p.name FROM transactions t JOIN transactions_items ti ON ti.txn_id = t.txn_id LEFT JOIN products p ON p.id = ti.item_id WHERE t.id = ?'); -$stmt->execute([ $_GET['id'] ]); -$order_items = $stmt->fetchAll(PDO::FETCH_ASSOC); -// Retrieve order details -$stmt = $pdo->prepare('SELECT a.email, a.id AS a_id, a.first_name AS a_first_name, a.last_name AS a_last_name, a.address_street AS a_address_street, a.address_city AS a_address_city, a.address_state AS a_address_state, a.address_zip AS a_address_zip, a.address_country AS a_address_country, a.address_phone AS a_address_phone, t.* FROM transactions t LEFT JOIN transactions_items ti ON ti.txn_id = t.txn_id LEFT JOIN accounts a ON a.id = t.account_id WHERE t.id = ?'); -$stmt->execute([ $_GET['id'] ]); -$order = $stmt->fetch(PDO::FETCH_ASSOC); +include_once './assets/functions.php'; +include_once './settings/settings.php'; -// Get tax -$stmt = $pdo->prepare('SELECT * FROM taxes WHERE country = ?'); -$stmt->execute([$order['a_address_country']]); -$tax = $stmt->fetch(PDO::FETCH_ASSOC); -$tax_rate = $tax ? $tax['rate'] : 0.00; +//SET ORIGIN FOR NAVIGATION +$prev_page = $_SESSION['prev_origin'] ?? ''; +$page = 'order'; -//Add giftcards -if (isset($_GET['add_giftcard'])){ - createGiftCart($pdo, $order['txn_id']); -} +//create backbutton to prev_origin +$back_btn_orgin = ($prev_page != '')? ''.$button_back.'':''; -//Get connected giftcards -$giftcards_template = $order['txn_id'].'#%#%'; -$stmt = $pdo->prepare('SELECT * from discounts WHERE discount_code like ?'); -$stmt->execute([$giftcards_template]); -$giftcards = $stmt->fetchAll(PDO::FETCH_ASSOC); - -// Get the current date -$current_date = strtotime((new DateTime())->format('Y-m-d H:i:s')); - -// Delete transaction -if (isset($_GET['delete'])) { - // Delete the transaction - $stmt = $pdo->prepare('DELETE t, ti FROM transactions t LEFT JOIN transactions_items ti ON ti.txn_id = t.txn_id WHERE t.id = ?'); - $stmt->execute([ $_GET['id'] ]); - - // Deactive giftcards - removeGiftCart($pdo, $_GET['txn']); - - header('Location: index.php?page=orders&success_msg=3'); +//Check if allowed +if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){ + header('location: index.php'); exit; } -if (!$order) { - exit('Invalid ID!'); + +//GET PARAMETERS && STORE in SESSION for FURTHER USE/NAVIGATION +$pagination_page = $_SESSION['p'] = isset($_GET['p']) ? $_GET['p'] : 1; + +//PAGE Security +$page_manage = 'order_manage'; +$update_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'U'); +$update_allowed_edit = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'U'); +$delete_allowed = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'D'); +$create_allowed = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'C'); + +//GET Details from URL +$_GET['list'] = 'order'; +$GET_VALUES = urlGETdetails($_GET) ?? ''; + +//CALL TO API +$api_url = '/v2/transactions/'.$GET_VALUES; +$order = ioServer($api_url,''); +//Decode Payload +if (!empty($order)){$order = json_decode($order,true);}else{$order = null;} + +// Handle success messages +if (isset($_GET['success_msg'])) { + if ($_GET['success_msg'] == 1) { + $success_msg = $message_order_1 ?? 'Created'; + } + if ($_GET['success_msg'] == 2) { + $success_msg = $message_order_2 ?? 'Updated'; + } + if ($_GET['success_msg'] == 3) { + $success_msg = $message_order_3 ?? 'Deleted' ; + } } -?> - +template_header('order', 'order', 'view'); +$view = ' +
+

'.$order['header']['id'].' - '.$order['header']['txn_id'].'

+ '.$button_cancel.' +'; -
-

Order #

- Cancel - Delete - Edit -
-
+//------------------------------------ +// +//------------------------------------ +if ($update_allowed_edit === 1){ + $view .= 'Edit'; +} + +$view .= '
'; + +if (isset($success_msg)){ + $view .= '
+ +

'.$success_msg.'

+ +
'; +} + +$view .= '
'; + +$view .='
Order Details

Order ID

-

+

' . $order['header']['id'] . '

Transaction ID

-

-
- +

' . $order['header']['txn_id'] . '

+
'; + +if ($order['header']['shipping_method']) { + $view .='

Shipping Method

-

-
- +

' . htmlspecialchars($order['header']['shipping_method'], ENT_QUOTES) . '

+
'; +} + +$view .='

Payment Method

-

+

' . $order['header']['payment_method'] . '

Payment Status

-

+

' . $order['header']['payment_status'] . '

Date

-

-
- +

'.getRelativeTime($order['header']['created']). '

+
'; + +if ($order['header']['discount_code']) { + $view .='

Discount Code

-

-
- - +

' . htmlspecialchars($order['header']['discount_code'], ENT_QUOTES) . '

+ '; +} +$view .=' '; + +// Account Details Block +$view .='
Account Details -
- +
'; + +if ($order['customer']['email']) { + $view .='

Email

-

+

' . htmlspecialchars($order['customer']['email'], ENT_QUOTES) . '

Name

-

+

' . htmlspecialchars($order['customer']['name'], ENT_QUOTES) . '

Address

-


-
-
-
- -

+

' . htmlspecialchars($order['customer']['street'], ENT_QUOTES) . '
+ ' . htmlspecialchars($order['customer']['city'], ENT_QUOTES) . '
+ ' . htmlspecialchars($order['customer']['state'], ENT_QUOTES) . '
+ ' . htmlspecialchars($order['customer']['zip'], ENT_QUOTES) . '
+ ' . htmlspecialchars($order['customer']['country'], ENT_QUOTES) . '

Contact

-

-

-
- -

The order is not associated with an account.

- - +

' . htmlspecialchars($order['customer']['phone'], ENT_QUOTES) . '

+ '; +} else { + $view .='

The order is not associated with an account.

'; +} +$view .=' '; + +// Customer Details Block +$view .='
Customer Details

Email

-

+

' . htmlspecialchars($order['customer']['email'], ENT_QUOTES) . '

Name

-

+

' . htmlspecialchars($order['customer']['name'], ENT_QUOTES) . '

Address

-


-
-
-
- -

+

' . htmlspecialchars($order['customer']['street'], ENT_QUOTES) . '
+ ' . htmlspecialchars($order['customer']['city'], ENT_QUOTES) . '
+ ' . htmlspecialchars($order['customer']['state'], ENT_QUOTES) . '
+ ' . htmlspecialchars($order['customer']['zip'], ENT_QUOTES) . '
+ ' . htmlspecialchars($order['customer']['country'], ENT_QUOTES) . '

Contact

-

-

+

' . htmlspecialchars($order['customer']['phone'], ENT_QUOTES) . '

- +'; +// Order Items Table +$view .='
Order @@ -173,60 +209,63 @@ if (!$order) { Total - - + '; + +if (empty($order)) { + $view .=' There are no order items - - - + '; +} else { + foreach ($order['products'] as $item) { + $view .=' - - - - - - - - - + ' . ($item['product_name'] ? htmlspecialchars(${$item['product_name']} ?? $item['product_name'] , ENT_QUOTES) : '(Product ' . $item['item_id'] . ')') . ' + ' . ($item['options'] ? htmlspecialchars(implode(", ", $item['options']), ENT_QUOTES) : '--') . ' + ' . $item['quantity'] . ' + ' . number_format($item['price'], 2) . ' + ' . number_format($item['line_total'], 2) . ' + '; + } +} + +$view .=' Subtotal - + ' . number_format($order['pricing']['subtotal'], 2) . ' Shipping - + ' . number_format($order['pricing']['shipping_total'], 2) . ' Discount - + ' . number_format($order['pricing']['discount_total'], 2) . ' VAT - + ' . number_format($order['pricing']['tax_total'], 2) . ' Total - + ' . number_format($order['pricing']['payment_amount'], 2) . '
-
+'; +// Giftcards Block +$view .='
Giftcards
- Relate giftcards + Relate giftcards @@ -235,56 +274,69 @@ if (!$order) { - - + '; + +if (empty($giftcards)) { + $view .=' - - - + '; +} else { + foreach ($giftcards as $giftcard) { + $view .=' - - - - - - + + + + '; + } +} + +$view .='
Value
There are no order items
= strtotime($giftcard['start_date']) && $current_date <= strtotime($giftcard['end_date']) ? 'Yes' : 'No'?>
' . $giftcard['discount_code'] . '' . ($current_date >= strtotime($giftcard['start_date']) && $current_date <= strtotime($giftcard['end_date']) ? 'Yes' : 'No') . '' . number_format($giftcard['discount_value'], 2) . '
-
+'; +// Invoice Block +$view .='
Invoice
- - - - - - -
-
- - -
- 		-
- - -
- 		-
- - -
-
-
-
+ + + + + + +
+
+ + +
+ 		+
+ + +
+ 		+
+ + +
+
+ '; - \ No newline at end of file +$view .=''; + +//OUTPUT +echo $view; + +template_footer() + +?> \ No newline at end of file diff --git a/order_old.php b/order_old.php new file mode 100644 index 0000000..49b5ae3 --- /dev/null +++ b/order_old.php @@ -0,0 +1,290 @@ +prepare('SELECT ti.*, p.productcode, p.name FROM transactions t JOIN transactions_items ti ON ti.txn_id = t.txn_id LEFT JOIN products p ON p.id = ti.item_id WHERE t.id = ?'); +$stmt->execute([ $_GET['id'] ]); +$order_items = $stmt->fetchAll(PDO::FETCH_ASSOC); +// Retrieve order details +$stmt = $pdo->prepare('SELECT a.email, a.id AS a_id, a.first_name AS a_first_name, a.last_name AS a_last_name, a.address_street AS a_address_street, a.address_city AS a_address_city, a.address_state AS a_address_state, a.address_zip AS a_address_zip, a.address_country AS a_address_country, a.address_phone AS a_address_phone, t.* FROM transactions t LEFT JOIN transactions_items ti ON ti.txn_id = t.txn_id LEFT JOIN accounts a ON a.id = t.account_id WHERE t.id = ?'); +$stmt->execute([ $_GET['id'] ]); +$order = $stmt->fetch(PDO::FETCH_ASSOC); + +// Get tax +$stmt = $pdo->prepare('SELECT * FROM taxes WHERE country = ?'); +$stmt->execute([$order['a_address_country']]); +$tax = $stmt->fetch(PDO::FETCH_ASSOC); +$tax_rate = $tax ? $tax['rate'] : 0.00; + +//Add giftcards +if (isset($_GET['add_giftcard'])){ + createGiftCart($pdo, $order['txn_id']); +} + +//Get connected giftcards +$giftcards_template = $order['txn_id'].'#%#%'; +$stmt = $pdo->prepare('SELECT * from discounts WHERE discount_code like ?'); +$stmt->execute([$giftcards_template]); +$giftcards = $stmt->fetchAll(PDO::FETCH_ASSOC); + +// Get the current date +$current_date = strtotime((new DateTime())->format('Y-m-d H:i:s')); + +// Delete transaction +if (isset($_GET['delete'])) { + // Delete the transaction + $stmt = $pdo->prepare('DELETE t, ti FROM transactions t LEFT JOIN transactions_items ti ON ti.txn_id = t.txn_id WHERE t.id = ?'); + $stmt->execute([ $_GET['id'] ]); + + // Deactive giftcards + removeGiftCart($pdo, $_GET['txn']); + + header('Location: index.php?page=orders&success_msg=3'); + exit; +} +if (!$order) { + exit('Invalid ID!'); +} + +?> + + +
+

Order #

+ Cancel + Delete + Edit +
+ +
+
+
+ Order Details +
+
+

Order ID

+

+
+
+

Transaction ID

+

+
+ +
+

Shipping Method

+

+
+ +
+

Payment Method

+

+
+
+

Payment Status

+

+
+
+

Date

+

+
+ +
+

Discount Code

+

+
+ +
+ +
+
+ Account Details +
+ +
+

Email

+

+
+
+

Name

+

+
+
+

Address

+


+
+
+
+ +

+
+
+

Contact

+

+

+
+ +

The order is not associated with an account.

+ +
+ +
+
+ Customer Details +
+
+

Email

+

+
+
+

Name

+

+
+
+

Address

+


+
+
+
+ +

+
+
+

Contact

+

+

+
+
+
+ +
+
+ Order +
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
ProductOptionsQtyPriceTotal
There are no order items
Subtotal
Shipping
Discount
VAT
Total
+
+
+ +
+
+ Giftcards +
+
+ Relate giftcards + + + + + + + + + + + + + + + + + + + + + + + + + + +
GiftcardValidValue
There are no order items
= strtotime($giftcard['start_date']) && $current_date <= strtotime($giftcard['end_date']) ? 'Yes' : 'No'?>
+
+
+ +
+
+ Invoice +
+
+ + + + + + +
+
+ + +
+ 		+
+ + +
+ 		+
+ + +
+
+
+
+ + \ No newline at end of file diff --git a/orders.php b/orders.php index ce7fb23..dcae4a5 100644 --- a/orders.php +++ b/orders.php @@ -1,172 +1,143 @@ prepare('SELECT COUNT(DISTINCT t.id) AS total FROM transactions t LEFT JOIN transactions_items ti ON ti.txn_id = t.txn_id ' . $where); -if ($search) $stmt->bindParam('search', $param3, PDO::PARAM_STR); -if ($account_id) $stmt->bindParam('account_id', $account_id, PDO::PARAM_INT); -$stmt->execute(); -$orders_total = $stmt->fetchColumn(); -// Retrieve transactions -$stmt = $pdo->prepare('SELECT t.*, COUNT(ti.id) AS total_products FROM transactions t LEFT JOIN transactions_items ti ON ti.txn_id = t.txn_id ' . $where . ' GROUP BY t.id, t.txn_id, t.payment_amount, t.payment_status, t.created, t.payer_email, t.first_name, t.last_name, t.address_street, t.address_city, t.address_state, t.address_zip, t.address_country, t.account_id, t.payment_method, t.discount_code, t.shipping_method, t.shipping_amount ORDER BY ' . $order_by . ' ' . $order . ' LIMIT :start_results,:num_results'); -// Bind params -$stmt->bindParam('start_results', $param1, PDO::PARAM_INT); -$stmt->bindParam('num_results', $param2, PDO::PARAM_INT); -if ($search) $stmt->bindParam('search', $param3, PDO::PARAM_STR); -if ($account_id) $stmt->bindParam('account_id', $account_id, PDO::PARAM_INT); -$stmt->execute(); -// Retrieve query results -$orders = $stmt->fetchAll(PDO::FETCH_ASSOC); +defined(page_security_key) or exit; + +if (debug && debug_id == $_SESSION['id']){ + ini_set('display_errors', '1'); + ini_set('display_startup_errors', '1'); + error_reporting(E_ALL); +} + +include_once './assets/functions.php'; +include_once './settings/settings.php'; + +//SET ORIGIN FOR NAVIGATION +$prev_page = $_SESSION['prev_origin'] ?? ''; +$page = $_SESSION['origin'] = 'orders'; + +//Check if allowed +if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){ + header('location: index.php'); + exit; +} + +//GET PARAMETERS +$pagination_page = isset($_GET['p']) ? $_GET['p'] : 1; +$search = isset($_GET['search']) ? '&search='.$_GET['search'] : ''; + // Determine the URL -$url = 'index.php?page=orders&search=' . $search . '&status=' . $status . '&method=' . $method . '&account_id=' . $account_id; +$url = 'index.php?page=transactions'.$search; +//GET Details from URL +$GET_VALUES = urlGETdetails($_GET) ?? ''; +//CALL TO API +$api_url = '/v2/transactions/'.$GET_VALUES; +$orders = ioServer($api_url,''); +//Decode Payload +if (!empty($orders)){$orders = json_decode($orders,true);}else{$orders = null;} + +//Return QueryTotal from API +$api_url = '/v2/transactions/totals='; +$query_total = ioServer($api_url,''); + +//Decode Payload +if (!empty($query_total)){$query_total = json_decode($query_total,true);}else{$query_total = null;} + // Handle success messages if (isset($_GET['success_msg'])) { if ($_GET['success_msg'] == 1) { - $success_msg = 'Order created successfully!'; + $success_msg = $message_orders_1 ?? 'Created'; } if ($_GET['success_msg'] == 2) { - $success_msg = 'Order updated successfully!'; + $success_msg = $message_orders_2 ?? 'Updated'; } if ($_GET['success_msg'] == 3) { - $success_msg = 'Order deleted successfully!'; + $success_msg = $message_orders_3 ?? 'Deleted' ; } } -?> - +template_header('orders', 'orders','view'); +$view = '
- +
-

Orders

-

View, create, and search orders.

+

'.($orders_h2 ?? 'orders').' ('.$query_total.')

+

'.($orders_p ?? '').'

-
+'; - -
- -

- -
- +if (isset($success_msg)){ +$view .= '
+ +

'.$success_msg.'

+ +
'; +} +$view .= '
- Create Order -
- -
- Filters -
- - - -
-
-
- -
-
+ '.($button_create_orders ?? 'Create order').'
-
- - - - - - - - - + + + + + + + - - - - - - - - - - - - - - - - - - - - + '; + if (empty($orders)){ + $view .= ' + + '; + } + else { + foreach ($orders as $order){ + + $view .= ' + + + + + + + + + '; + } + } + +$view .= '
#CustomerEmailProductsTotalMethodStatusDateActions'.($orders_id ?? '#').''.($orders_customer ?? 'name').''.($orders_payment_amount ?? 'Total').''.($orders_method ?? 'Method').''.($orders_status ?? 'Status').''.($orders_created ?? 'Created').''.$general_actions.'
There are no orders
View Edit
'.($message_no_orders ?? 'There are no orders').'
'.$order['id'].''.$order['first_name'].' '.$order['last_name'].''.number_format($order['payment_amount'], 2).''.$order['payment_method'].''.$order['payment_status'].''.getRelativeTime($order['created']).''.$general_view.'
+'; - +$view.=''; +//OUTPUT +echo $view; + +template_footer(); +?> \ No newline at end of file diff --git a/settings/settingsmenu.php b/settings/settingsmenu.php index ff1d0d4..c9a45e5 100644 --- a/settings/settingsmenu.php +++ b/settings/settingsmenu.php @@ -12,7 +12,7 @@ $main_menu = array ('dashboard','sales','buildtool','cartests','marketing','equi //Sub menus $equipments_sub = array('equipments','servicereports','rmas','histories','firmwaretool','equipments_mass_update'); -$sales_sub = array('accounts','contracts','catalog'); +$sales_sub = array('accounts','contracts','catalog','orders'); $products_sub = array('products','products_attributes','pricelists'); $admin_sub = array('users','categories','discounts','shipping','communications','partners','media'); $reporting_sub = array('report_build','report_contracts_billing','report_healthindex','report_usage'); @@ -98,6 +98,12 @@ $urls = array( "icon" => "fas fa-tachometer-alt", "name" => "menu_sales_contracts" ), + "orders" => array( + "url" => "orders", + "selected" => "orders", + "icon" => "fas fa-tachometer-alt", + "name" => "menu_sales_orders" + ), "admin" => array( "url" => "partners", "selected" => "partners", @@ -286,6 +292,7 @@ $supportedModifiers = ["0" =>"subtract", "1"=>"add"]; // +++++++++++++++++++++++++++++++++++++++++++++++++++++++ $all_profiles = [ "build", + "commerce", "distribution", "firmware", "garage", diff --git a/settings/settingsprofiles.php b/settings/settingsprofiles.php index 257df0d..4309eab 100644 --- a/settings/settingsprofiles.php +++ b/settings/settingsprofiles.php @@ -6,9 +6,11 @@ define('superuser_profile','dashboard,profile,assets,equipments,equipment,equipm /*Admin*/ define('admin_profile','dashboard,profile,buildtool,sales,accounts,account,contracts,contract,contract_manage,cartests,cartest,cartest_manage,assets,equipments,equipment,equipment_healthindex,equipment_data,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,rmas,rma,rma_manage,rma_history,rma_history_manage,buildtool,products,products_versions,products_software,product,product_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,communications,communication,communication_send,marketing,reporting,report_build,report_contracts_billing,report_healthindex,changelog,application'); /*AdminPlus*/ -define('adminplus_profile','dashboard,profile,buildtool,sales,accounts,account,contracts,contract,contract_manage,billing,cartests,cartest,cartest_manage,assets,equipments,equipment,equipment_healthindex,equipment_data,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,rmas,rma,rma_manage,rma_history,rma_history_manage,buildtool,products,products_versions,products_software,products_attributes,products_attributes_items,products_attributes_manage,products_configurations,products_categories,products_media,product,product_manage,pricelists,pricelists_items,pricelists_manage,catalog,categories,category,discounts,discount,shipping,shipping_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,communications,communication,communication_send,marketing,reporting,report_build,report_contracts_billing,report_healthindex,report_usage,config,settings,logfile,changelog,language,translations,translations_details,translation_manage,media,media_manage,application,maintenance,profiles,vin,shopping_cart,checkout,placeorder,taxes,transactions,transactions_items,invoice'); +define('adminplus_profile','dashboard,profile,buildtool,sales,accounts,account,contracts,contract,contract_manage,billing,cartests,cartest,cartest_manage,assets,equipments,equipment,equipment_healthindex,equipment_data,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,rmas,rma,rma_manage,rma_history,rma_history_manage,buildtool,products,products_versions,products_software,products_attributes,products_attributes_items,products_attributes_manage,products_configurations,products_categories,products_media,product,product_manage,pricelists,pricelists_items,pricelists_manage,catalog,categories,category,discounts,discount,shipping,shipping_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,communications,communication,communication_send,marketing,reporting,report_build,report_contracts_billing,report_healthindex,report_usage,config,settings,logfile,changelog,language,translations,translations_details,translation_manage,media,media_manage,application,maintenance,profiles,vin,shopping_cart,checkout,placeorder,taxes,transactions,transactions_items,invoice,order,orders'); /*Build*/ define('build','dashboard,profile,buildtool,firmwaretool,buildtool,products_software,application'); +/*Commerce*/ +define('commerce','dashboard,profile,assets,equipments,equipment,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,products,products_versions,products_software,product,product_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,marketing,application'); /*Distribution*/ define('distribution','dashboard,profile,assets,equipments,equipment,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,products,products_versions,products_software,product,product_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,marketing,application'); /*Firmware*/ diff --git a/settings/settingsviews.php b/settings/settingsviews.php index 058b9e8..4c13fbc 100644 --- a/settings/settingsviews.php +++ b/settings/settingsviews.php @@ -93,7 +93,9 @@ $all_views = [ "taxes", "transactions", "transactions_items", - "invoice" + "invoice", + "order", + "orders" ]; ?> \ No newline at end of file diff --git a/shipping.php b/shipping.php index 2492599..1528bdf 100644 --- a/shipping.php +++ b/shipping.php @@ -125,7 +125,7 @@ $view .= ' '.number_format($shipment['price_from'], 2).' - '.number_format($shipment['price_to'], 2).' '.number_format($shipment['weight_from'], 2).' kg - '.number_format($shipment['weight_to'], 2).' kg '.number_format($shipment['price'], 2).' - '.$general_view.' + '.$general_view.' '; } } diff --git a/taxes.php b/taxes.php index 26e40f9..97b6b48 100644 --- a/taxes.php +++ b/taxes.php @@ -63,7 +63,7 @@ if (isset($_GET['success_msg'])) { % - Edit + Edit