CMXX - Improved whereclause

2025-02-20 13:35:59 +01:00
parent 3aaa6c6680
commit 4c6ed0d203
83 changed files with 897 additions and 1274 deletions
--- a/.gitignore
+++ b/.gitignore
@@ -9,3 +9,4 @@ log/
 assets/images/products/
 settings/config.php
 settings/settings.php
 variable_scan.php
--- a/api/v1/get/accounts.php
+++ b/api/v1/get/accounts.php
@@ -12,20 +12,8 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v1/get/application.php
+++ b/api/v1/get/application.php
@@ -29,24 +29,8 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //------------------------------------------
 //default whereclause
 //------------------------------------------
 $whereclause = '';
-switch ($permission) {    
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
    case '4': 
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;
    case '2':
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE e.accounthierarchy like "'.$condition.'"';
        break;
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
        $whereclause = 'WHERE e.accounthierarchy like "'.$condition.'"';
        break;
 } 
 //------------------------------------------
 //NEW ARRAY
--- a/api/v1/get/cartests.php
+++ b/api/v1/get/cartests.php
@@ -12,24 +12,8 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4': 
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;
    case '2':
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE accounthierarchy like :condition ';
        break;
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
        $whereclause = 'WHERE accounthierarchy like :condition ';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v1/get/communications.php
+++ b/api/v1/get/communications.php
@@ -12,20 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclauselvl2('communications',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE salesID like "'.$condition.'"';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v1/get/equipment_data.php
+++ b/api/v1/get/equipment_data.php
@@ -15,24 +15,8 @@ $partner = json_decode($partnerhierarchy);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('equipment',$permission,$partner);
 switch ($permission) {    
    case '4': 
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;
    case '2':
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE e.accounthierarchy like :condition ';
        break;
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
        $whereclause = 'WHERE e.accounthierarchy like :condition ';
        break;
 } 
 //------------------------------------------
 //NEW ARRAY
 //------------------------------------------
--- a/api/v1/get/equipments.php
+++ b/api/v1/get/equipments.php
@@ -16,24 +16,8 @@ $partner = json_decode($partnerhierarchy);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('equipment',$permission,$partner);
 switch ($permission) {    
    case '4': 
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;
    case '2':
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE e.accounthierarchy like :condition ';
        break;
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
        $whereclause = 'WHERE e.accounthierarchy like :condition ';
        break;
 } 
 //------------------------------------------
 //NEW ARRAY
 //------------------------------------------
--- a/api/v1/get/partners.php
+++ b/api/v1/get/partners.php
@@ -12,20 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclauselvl2('partners',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE salesID like :condition';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v1/get/products.php
+++ b/api/v1/get/products.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
-switch ($permission) {    
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v1/get/products_software.php
+++ b/api/v1/get/products_software.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
-switch ($permission) {    
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v1/get/products_versions.php
+++ b/api/v1/get/products_versions.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
-switch ($permission) {    
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v1/get/profile.php
+++ b/api/v1/get/profile.php
@@ -12,24 +12,8 @@ $partner = json_decode($partnerhierarchy);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('profile',$permission,$partner);
 switch ($permission) {    
    case '4': 
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;
    case '2':
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE partnerhierarchy  like :condition ';
        break;
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
        $whereclause = 'WHERE partnerhierarchy  like :condition ';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
 $clause = '';
--- a/api/v1/get/users.php
+++ b/api/v1/get/users.php
@@ -12,24 +12,8 @@ $partner = json_decode($partnerhierarchy);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('profile',$permission,$partner);
 switch ($permission) {    
    case '4': 
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;
    case '2':
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE partnerhierarchy  like :condition ';
        break;
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
        $whereclause = 'WHERE partnerhierarchy  like :condition ';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
 $clause = '';
--- a/api/v1/post/accounts.php
+++ b/api/v1/post/accounts.php
@@ -13,21 +13,9 @@ $post_content = json_decode(decode_payload($input),true);
 //SoldTo is empty
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
-//default whereclause to check if data is owned buy user
+//default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('equipment',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v1/post/communications.php
+++ b/api/v1/post/communications.php
@@ -14,20 +14,8 @@ $post_content = json_decode(decode_payload($input),true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v1/post/contracts.php
+++ b/api/v1/post/contracts.php
@@ -16,22 +16,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
-switch ($permission) {    
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
    case '4': 
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;
    case '2':
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v1/post/equipments.php
+++ b/api/v1/post/equipments.php
@@ -16,22 +16,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
-switch ($permission) {    
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
    case '4': 
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;
    case '2':
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v1/post/partners.php
+++ b/api/v1/post/partners.php
@@ -14,20 +14,7 @@ $post_content = json_decode(decode_payload($input),true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause to check if data is owned by user
-$whereclause = '';
+$whereclause = getWhereclauselvl2('partners',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND salesID like "'.$condition.'"';
        break;
 } 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['partnerID'] ?? ''; //check for rowID
--- a/api/v1/post/products.php
+++ b/api/v1/post/products.php
@@ -14,20 +14,8 @@ $post_content = json_decode(decode_payload($input),true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v1/post/products_software.php
+++ b/api/v1/post/products_software.php
@@ -14,20 +14,8 @@ $post_content = json_decode(decode_payload($input),true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //ENSURE PRODUCTROWID IS SEND
 if (isset($post_content['productrowid']) && $post_content['productrowid'] != ''){
--- a/api/v1/post/products_versions.php
+++ b/api/v1/post/products_versions.php
@@ -14,20 +14,8 @@ $post_content = json_decode(decode_payload($input),true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //ENSURE PRODUCTROWID IS SEND
 if (isset($post_content['productrowid']) && $post_content['productrowid'] != ''){
--- a/api/v1/post/users.php
+++ b/api/v1/post/users.php
@@ -15,24 +15,8 @@ $owner_user = 0;
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause to check if data is owned by user
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('profile',$permission,$partner);
 switch ($permission) {    
    case '4': 
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;
    case '2':
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND partnerhierarchy like "'.$condition.'"';
        break;
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
        $whereclause = ' AND partnerhierarchy like "'.$condition.'"';
        break;
 } 
 //SET PARAMETERS FOR QUERY
 $id = (isset($post_content['id'])) ? $post_content['id']: ''; //check for rowID
--- a/api/v2/get/accounts.php
+++ b/api/v2/get/accounts.php
@@ -12,20 +12,8 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/cartests.php
+++ b/api/v2/get/cartests.php
@@ -12,24 +12,8 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4': 
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;
    case '2':
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE accounthierarchy like :condition ';
        break;
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
        $whereclause = 'WHERE accounthierarchy like :condition ';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/categories.php
+++ b/api/v2/get/categories.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
-switch ($permission) {    
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/discounts.php
+++ b/api/v2/get/discounts.php
@@ -12,20 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+$whereclause = getWhereclauselvl2("discounts",$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE d.accounthierarchy like "'.$condition.'"';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/equipment_data.php
+++ b/api/v2/get/equipment_data.php
@@ -15,24 +15,8 @@ $partner = json_decode($partnerhierarchy);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('equipment',$permission,$partner);
 switch ($permission) {    
    case '4': 
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;
    case '2':
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE e.accounthierarchy like :condition ';
        break;
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
        $whereclause = 'WHERE e.accounthierarchy like :condition ';
        break;
 } 
 //------------------------------------------
 //NEW ARRAY
 //------------------------------------------
--- a/api/v2/get/equipment_healthindex.php
+++ b/api/v2/get/equipment_healthindex.php
@@ -15,24 +15,8 @@ $partner = json_decode($partnerhierarchy);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('equipment',$permission,$partner);
 switch ($permission) {    
    case '4': 
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;
    case '2':
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE e.accounthierarchy like :condition ';
        break;
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
        $whereclause = 'WHERE e.accounthierarchy like :condition ';
        break;
 } 
 //------------------------------------------
 //NEW ARRAY
 //------------------------------------------
--- a/api/v2/get/equipments.php
+++ b/api/v2/get/equipments.php
@@ -15,24 +15,8 @@ $partner = json_decode($partnerhierarchy);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4': 
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;
    case '2':
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE e.accounthierarchy like :condition ';
        break;
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
        $whereclause = 'WHERE e.accounthierarchy like :condition ';
        break;
 } 
 //------------------------------------------
 //NEW ARRAY
 //------------------------------------------
--- a/api/v2/get/invoice.php
+++ b/api/v2/get/invoice.php
@@ -12,20 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+$whereclause = getWhereclauselvl2("invoice",$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE inv.accounthierarchy like "'.$condition.'"';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
@@ -62,7 +49,8 @@ if(isset($criterias['totals']) && $criterias['totals'] ==''){
 } 
 elseif (isset($criterias['list']) && $criterias['list'] =='invoice'){
    //SQL for Paging 
-    $sql = 'SELECT tx.*, txi.*, p.productname, inv.id as invoice, inv.created as invoice_created FROM transactions tx 
+    $sql = 'SELECT tx.*, txi.item_id as item_id,txi.item_price as item_price, txi.item_quantity as item_quantity, txi.item_options as item_options, p.productcode, p.productname, inv.id as invoice, inv.created as invoice_created 
            FROM transactions tx 
            left join invoice inv ON tx.id = inv.txn_id
            left join transactions_items txi ON tx.id = txi.txn_id
            left join products p ON p.rowID = txi.item_id '.$whereclause;
--- a/api/v2/get/media.php
+++ b/api/v2/get/media.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
-switch ($permission) {    
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/pricelists.php
+++ b/api/v2/get/pricelists.php
@@ -12,20 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('pricelist',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE pls.accounthierarchy like "'.$condition.'"';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/pricelists_items.php
+++ b/api/v2/get/pricelists_items.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
-switch ($permission) {    
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/products.php
+++ b/api/v2/get/products.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
-switch ($permission) {    
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/products_attributes.php
+++ b/api/v2/get/products_attributes.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
-switch ($permission) {    
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/products_attributes_items.php
+++ b/api/v2/get/products_attributes_items.php
@@ -12,20 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+$whereclause = getWhereclauselvl2("attributes",$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE pat.accounthierarchy like "'.$condition.'"';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/products_categories.php
+++ b/api/v2/get/products_categories.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
-switch ($permission) {    
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/products_configurations.php
+++ b/api/v2/get/products_configurations.php
@@ -12,20 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+$whereclause = getWhereclauselvl2("config",$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE pc.accounthierarchy like "'.$condition.'"';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/products_software.php
+++ b/api/v2/get/products_software.php
@@ -12,20 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+$whereclause = getWhereclauselvl2("software",$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE p.accounthierarchy like "'.$condition.'"';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/products_versions.php
+++ b/api/v2/get/products_versions.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
-switch ($permission) {    
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/rma.php
+++ b/api/v2/get/rma.php
@@ -11,24 +11,8 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4': 
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;
    case '2':
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE accounthierarchy like :condition ';
        break;
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
        $whereclause = 'WHERE accounthierarchy like :condition ';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/rma_history.php
+++ b/api/v2/get/rma_history.php
@@ -11,24 +11,8 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4': 
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;
    case '2':
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE accounthierarchy like :condition ';
        break;
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
        $whereclause = 'WHERE accounthierarchy like :condition ';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/shipping.php
+++ b/api/v2/get/shipping.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
-switch ($permission) {    
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/taxes.php
+++ b/api/v2/get/taxes.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
-switch ($permission) {    
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/transactions.php
+++ b/api/v2/get/transactions.php
@@ -12,20 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+$whereclause = getWhereclauselvl2("transactions",$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE tx.accounthierarchy like "'.$condition.'"';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
@@ -62,7 +49,15 @@ if(isset($get_content) && $get_content!=''){
 //Define Query
 if(isset($criterias['totals']) && $criterias['totals'] ==''){
 //Request for total rows
-    $sql = 'SELECT count(*) as count FROM transactions '.$whereclause.'';
+    $sql = 'SELECT count(*) as count FROM transactions tx '.$whereclause.'';
 } 
 elseif (isset($criterias['list']) && $criterias['list'] =='order'){
    //SQL for Paging 
    $sql = 'SELECT tx.*, txi.item_id as item_id,txi.item_price as item_price, txi.item_quantity as item_quantity, txi.item_options as item_options, p.productcode, p.productname, inv.id as invoice, inv.created as invoice_created 
            FROM transactions tx 
            left join invoice inv ON tx.id = inv.txn_id
            left join transactions_items txi ON tx.id = txi.txn_id
            left join products p ON p.rowID = txi.item_id '.$whereclause;
 }
 else {
    //SQL for Paging 
@@ -96,6 +91,12 @@ if(isset($criterias['totals']) && $criterias['totals']==''){
    $messages = $stmt->fetch();
    $messages = $messages[0];
 }
 elseif (isset($criterias['list']) && $criterias['list']=='order'){
    $stmt->execute();
    //Get results
    $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
    $messages = transformOrderData($messages);
 } 
 else {
    $current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
    $stmt->bindValue('page', ($current_page - 1) * $page_rows_transactions, PDO::PARAM_INT);
--- a/api/v2/get/transactions_items.php
+++ b/api/v2/get/transactions_items.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
-switch ($permission) {    
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/translations.php
+++ b/api/v2/get/translations.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
-switch ($permission) {    
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/translations_details.php
+++ b/api/v2/get/translations_details.php
@@ -14,18 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
-switch ($permission) {    
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
--- a/api/v2/get/users.php
+++ b/api/v2/get/users.php
@@ -12,24 +12,8 @@ $partner = json_decode($partnerhierarchy);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('profile',$permission,$partner);
 switch ($permission) {    
    case '4': 
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;
    case '2':
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE partnerhierarchy  like :condition ';
        break;
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
        $whereclause = 'WHERE partnerhierarchy  like :condition ';
        break;
 } 
 //NEW ARRAY
 $criterias = [];   
 $clause = '';
--- a/api/v2/post/accounts.php
+++ b/api/v2/post/accounts.php
@@ -13,21 +13,8 @@ $post_content = json_decode($input,true);
 //SoldTo is empty
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
-//default whereclause to check if data is owned buy user
+//default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('equipment',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v2/post/categories.php
+++ b/api/v2/post/categories.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+$whereclause = getWhereclauselvl2("categories",$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND c.accounthierarchy like "'.$condition.'"';
        break;
 } 
 //BUILD UP PARTNERHIERARCHY FROM USER
 $partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
--- a/api/v2/post/contracts.php
+++ b/api/v2/post/contracts.php
@@ -16,22 +16,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
-switch ($permission) {    
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
    case '4': 
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;
    case '2':
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v2/post/discounts.php
+++ b/api/v2/post/discounts.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //BUILD UP PARTNERHIERARCHY FROM USER
 $partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
--- a/api/v2/post/equipments.php
+++ b/api/v2/post/equipments.php
@@ -16,22 +16,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
 //default whereclause
 $whereclause = '';
-switch ($permission) {    
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
    case '4': 
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;
    case '2':
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v2/post/invoice.php
+++ b/api/v2/post/invoice.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['id'] ?? ''; //check for rowID
--- a/api/v2/post/media.php
+++ b/api/v2/post/media.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v2/post/placeorder.php
+++ b/api/v2/post/placeorder.php
@@ -110,6 +110,11 @@ if (isset($post_content['cart']) && isset($post_content['checkout_input']) && is
        $stmt->execute([$transaction_id, $product['id'], $product['options_price'], $product['quantity'], $options]);
    }
    //CHECK IF GIFTCARD IS USED AND THEN DISABLE IT
    if ($checkout_input['discount_code'] !=''){
        useGiftCart($pdo,$checkout_input['discount_code'],$partner_product);
    }
    //Return to checkout page
    $messages = [
        "id" => $transaction_id,
--- a/api/v2/post/pricelists.php
+++ b/api/v2/post/pricelists.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v2/post/pricelists_items.php
+++ b/api/v2/post/pricelists_items.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v2/post/products.php
+++ b/api/v2/post/products.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v2/post/products_attributes.php
+++ b/api/v2/post/products_attributes.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v2/post/products_attributes_items.php
+++ b/api/v2/post/products_attributes_items.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v2/post/products_categories.php
+++ b/api/v2/post/products_categories.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //CHECK IF PRODUCT ID IS SEND
 if (isset($post_content['product_id']) && $post_content['product_id'] != ''){
--- a/api/v2/post/products_configurations.php
+++ b/api/v2/post/products_configurations.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //ENSURE PRODUCTROWID IS SEND
 if (isset($post_content['productrowid']) && $post_content['productrowid'] != ''){
--- a/api/v2/post/products_software.php
+++ b/api/v2/post/products_software.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //ENSURE PRODUCTROWID IS SEND
 if (isset($post_content['productrowid']) && $post_content['productrowid'] != ''){
--- a/api/v2/post/products_versions.php
+++ b/api/v2/post/products_versions.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //ENSURE PRODUCTROWID IS SEND
 if (isset($post_content['productrowid']) && $post_content['productrowid'] != ''){
--- a/api/v2/post/shipping.php
+++ b/api/v2/post/shipping.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //BUILD UP PARTNERHIERARCHY FROM USER
 $partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
--- a/api/v2/post/transactions.php
+++ b/api/v2/post/transactions.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //WEBSHOP UPDATE CAN SEND TXN_ID ONLY
 if (isset($post_content['txn_id']) && $post_content['txn_id'] != '' && !isset($post_content['id'])){
@@ -65,6 +53,20 @@ $partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$par
 //ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
 if ($command == 'update'){
    //CHECK IF PAYMENT STATUS is PAID (1)
    if(isset($post_content['payment_status']) && $post_content['payment_status'] == 1){
        //check if GIFTCARD ID IS PROVIDED AND NOT EMPTY
        if(isset($post_content['giftcard_categoryID']) && $post_content['giftcard_categoryID'] != ''){
            //CHECK FOR GIFTCARDS IN ORDER AND CREATE WHEN AVAILABLE AND NOT CREATED YET
            createGiftCart($pdo, $post_content['id'], $post_content['giftcard_categoryID'],$partner_product);
            //remove giftcard_categoryID from $post_content array
            unset($post_content['giftcard_categoryID']);
        }
    }
 }
 elseif ($command == 'insert'){
    $post_content['accounthierarchy'] = $partner_product;
--- a/api/v2/post/translations.php
+++ b/api/v2/post/translations.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v2/post/translations_details.php
+++ b/api/v2/post/translations_details.php
@@ -14,20 +14,8 @@ $post_content = json_decode($input,true);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
 //default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('',$permission,$partner);
 switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
        break;
 } 
 //SET PARAMETERS FOR QUERY
 $id = $post_content['rowID'] ?? ''; //check for rowID
--- a/api/v2/post/users.php
+++ b/api/v2/post/users.php
@@ -14,25 +14,9 @@ $owner_user = 0;
 //SoldTo is empty
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
-//default whereclause to check if data is owned by user
+//default whereclause
-$whereclause = '';
+list($whereclause,$condition) = getWhereclause('profile',$permission,$partner);
 switch ($permission) {    
    case '4': 
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;
    case '2':
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = ' AND partnerhierarchy like "'.$condition.'"';
        break;
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
        $whereclause = ' AND partnerhierarchy like "'.$condition.'"';
        break;
 } 
 //SET PARAMETERS FOR QUERY
 $id = (isset($post_content['id'])) ? $post_content['id']: ''; //check for rowID
--- a/assets/functions.php
+++ b/assets/functions.php
@@ -190,6 +190,7 @@ function menu($selected,$selected_child){
  }
  return $menu;
  }
 //------------------------------------------
 // Template Header
 //------------------------------------------
@@ -642,6 +643,89 @@ function ioAPIv2($api_call, $data, $token){
  return $resp;
 }
 //------------------------------------------
 // DEFINE WHERECLAUSE BASED ON ACCOUNTHIERARCHY ALL
 //------------------------------------------
 function getWhereclause($table_name,$permission,$partner){
  //api_name converter to table
  $table =[
    "equipment" => "e.accounthierarchy",
    "profile" => "partnerhierarchy"
  ];
  $table = ($table_name != '') ? $table[$table_name] : 'accounthierarchy';
  //SoldTo is empty
  if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
  //default whereclause
  $whereclause = '';
  switch ($permission) {    
      case '4': 
          $whereclause = '';
          break;
      case '3':
          $whereclause = '';
          break;
      case '2':
          $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
          $whereclause = 'WHERE '.$table.' like :condition ';
          break;
      default:
          $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
          $whereclause = 'WHERE '.$table.' like :condition ';
          break;
  } 
  return array($whereclause,$condition);
 }
 //------------------------------------------
 // DEFINE WHERECLAUSE BASED ON ACCOUNTHIERARCHY SALES AND SOLD
 //------------------------------------------
 function getWhereclauselvl2($table_name,$permission,$partner){
  //api_name converter to table
  $table =[
    "pricelist" => "pls.accounthierarchy",
    "communications" => "salesID",
    "partners" => "salesID",
    "discounts" => "d.accounthierarchy",
    "invoice" => "inv.accounthierarchy",
    "attributes" => "pat.accounthierarchy",
    "config" => "pc.accounthierarchy",
    "software" => "p.accounthierarchy",
    "transactions" => "tx.accounthierarchy",
    "categories" => "c.accounthierarchy"
  ];
  $table = ($table_name != '') ? $table[$table_name] : 'accounthierarchy';
  //SoldTo is empty
  if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
  //default whereclause
  $whereclause = '';
  switch ($permission) {    
    case '4':
        $whereclause = '';
        break;
    case '3':
        $whereclause = '';
        break;  
    default:
        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
        $whereclause = 'WHERE '.$table.' like "'.$condition.'"';
        break;
 } 
  return array($whereclause,$condition);
 }
 //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
 //get user profile||$profile=settings, $permision = userright()
 //+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
@@ -3439,14 +3523,26 @@ function transformOrderData(array $orderData): array {
  $firstRow = $orderData[0];
  $result = [
      'header' => [
        "id" => $firstRow['id'],
        "txn_id" => $firstRow['txn_id'],
        "payment_status" => $firstRow['payment_status'],
        "payment_method" => $firstRow['payment_method'],
        "shipping_method" => $firstRow['shipping_method'],
        "discount_code" => $firstRow['discount_code'],
        "created" => $firstRow['created'],
        "updated " => $firstRow['updated']
      ],
      'customer' => [
          'account_id' => $firstRow['account_id'],
          'email' => $firstRow['payer_email'],
          'name' => $firstRow['first_name'] . ' ' . $firstRow['last_name'],
          'street' => $firstRow['address_street'],
          'zip' => $firstRow['address_zip'],
          'state' => $firstRow['address_state'],
          'city' => $firstRow['address_city'],
-          'country' => $firstRow['address_country']
+          'country' => $firstRow['address_country'],
-
+          'phone' => $firstRow['address_phone']
      ],
      'products' => [],
      'invoice' => [
@@ -3477,6 +3573,7 @@ function transformOrderData(array $orderData): array {
      // Add product information
      $result['products'][] = [
          'item_id' => $row['item_id'],
          'productcode' => $row['productcode'],
          'product_name' => $row['productname'],
          'options' => $itemOptions,
          'quantity' => $row['item_quantity'],
@@ -3494,3 +3591,66 @@ function transformOrderData(array $orderData): array {
  return $result;
 }
 //=============================================
 // Use giftcart
 //=============================================
 function useGiftCart($pdo, $discount_code, $accounthierarchy){
  // Get the current date
  $end_date = date("Y-m-d H:i:s");
  //Check if Giftcard already exists
  $stmt = $pdo->prepare('SELECT * from discounts WHERE discount_code = ? AND accounthierarchy = ?');
  $stmt->execute([$discount_code,$accounthierarchy]);
  $discount_exist = $stmt->fetchAll(PDO::FETCH_ASSOC);
  if (!empty($discount_exist) || $discount_exist != '') {
      //Update Giftcard end data
      $stmt = $pdo->prepare('UPDATE discounts SET end_date = ? WHERE discount_code = ? AND accounthierarchy = ?');
      $stmt->execute([$end_date,$discount_code, $accounthierarchy]);
  }
 }
 function createGiftCart($pdo, $orderID, $giftcard_categoryID,$accounthierarchy){
  //Check if Giftcard is ordered
  $stmt = $pdo->prepare('SELECT t.payer_email as email, ti.id as id, t.txn_id as txn, ti.item_price as item_price, ti.item_quantity as item_quantity FROM transactions t INNER JOIN transactions_items ti ON t.txn_id = ti.txn_id INNER JOIN products_categories p ON ti.item_id = p.product_id WHERE p.category_id = ? AND ti.txn_id = ? AND accounthierarchy = ?');
  $stmt->execute([$giftcard_categoryID,$orderID,$accounthierarchy]);
  $giftcards = $stmt->fetchAll(PDO::FETCH_ASSOC);
  if ($giftcards) {
      foreach ($giftcards as $giftcard) {
          //For each quantity
          $x = 0;
          while ($x < $giftcard['item_quantity']){
              //Generate discount code = TXN/ID/X
              $discount_code = $giftcard['txn'].'#'.$giftcard['id'].'#'.$x;
              $value = $giftcard['item_price'];
              // Get the current date
              $start_date = date("Y-m-d H:i:s");
              $end_date = date("Y-m-d H:i:s", strtotime("+5 years"));;
              //Check if Giftcard already exists
              $stmt = $pdo->prepare('SELECT * from discounts WHERE discount_code = ? AND accounthierarchy = ?');
              $stmt->execute([$discount_code,$accounthierarchy]);
              $discount_exist = $stmt->fetchAll(PDO::FETCH_ASSOC);
              if (empty($discount_exist) || $discount_exist == '') {
                  //Insert Giftcard
                  $discount_type = 0; //Fixed
                  //SQL Insert
                  $stmt = $pdo->prepare('INSERT INTO discounts (discount_code,discount_type,discount_value,start_date,end_date,accounthierarchy) VALUES (?,?,?,?,?,?)');
                  $stmt->execute([$discount_code, $discount_type, $value, $start_date, $end_date,$accounthierarchy]);
              }
              $x++;
          }    
      } 
  }
 }
--- a/categories.php
+++ b/categories.php
@@ -62,7 +62,7 @@ function admin_populate_categories($categories, $parent_id = 0, $n = 0) {
            <tr>
                <td><span style="padding-right:8px;color:#bbbec0;border-left:1px solid #bbbec0;padding-bottom:2px;">-' . str_repeat('----', $n) . '</span>' . $category['name'] . '</td>
                <td>'.(($category['filter'] == 1) ? 'V' : '').'</td>
-                <td><a href="index.php?page=category&rowID=' . $category['rowID'] . '" class="link1">Edit</a> (ID =' . $category['rowID'] . ') </td>
+                <td><a href="index.php?page=category&rowID=' . $category['rowID'] . '" class="btn_link">Edit</a> (ID =' . $category['rowID'] . ') </td>
            </tr>           
            ';
            $html .= admin_populate_categories($categories, $category['rowID'], $n+1);
--- a/discount.php
+++ b/discount.php
@@ -166,8 +166,8 @@ $view .= '      </div>
            <label for="type"><i class="required">*</i>'.($discounts_type ?? 'Type').'</label>
            <select id="type" name="discount_type">
-                <option value="'.$discount['discount_type'].'" '.($discount['discount_type']== 0 ? ' selected':'').'>'.($discounts_type_fixed ?? 'Fixed').'</option>
+                <option value="0" '.($discount['discount_type']== 0 ? ' selected':'').'>'.($discounts_type_fixed ?? 'Fixed').'</option>
-                <option value="'.$discount['discount_type'].'" '.($discount['discount_type']== 1 ? ' selected':'').'>'.($discounts_type_percentage ?? 'Percentage').'</option>
+                <option value="1" '.($discount['discount_type']== 1 ? ' selected':'').'>'.($discounts_type_percentage ?? 'Percentage').'</option>
            </select>
            <label for="discount_value"><i class="required">*</i>'.($discounts_value ?? 'Value').'</label>
            <input id="discount_value" type="number" name="discount_value" placeholder="'.($discounts_value ?? 'Value').'" min="0" step=".01" value="'.$discount['discount_value'].'" required>
--- a/discounts.php
+++ b/discounts.php
@@ -116,7 +116,7 @@ $view .= '
                            <td>'.$discount['discount_value'].'</td>
                            <td class="responsive-hidden">'.date('Y-m-d h:ia', strtotime($discount['start_date'])).'</td>
                            <td class="responsive-hidden">'.date('Y-m-d h:ia', strtotime($discount['end_date'])).'</td>
-                            <td><a href="index.php?page=discount&id='.$discount['id'].'" class="link1">'.$general_view.'</a></td>
+                            <td><a href="index.php?page=discount&id='.$discount['id'].'" class="btn_link">'.$general_view.'</a></td>
                        </tr>';
                    }
--- a/order.php
+++ b/order.php
@@ -1,163 +1,199 @@
 <?php
-defined('admin') or exit;
+defined(page_security_key) or exit;
-if (!isset($_GET['id'])) {
+
-    exit('Invalid ID!');
+if (debug && debug_id == $_SESSION['id']){
    ini_set('display_errors', '1');
    ini_set('display_startup_errors', '1');
    error_reporting(E_ALL);  
 }
-// Retrieve order items
+include_once './assets/functions.php';
-$stmt = $pdo->prepare('SELECT ti.*, p.productcode, p.name FROM transactions t JOIN transactions_items ti ON ti.txn_id = t.txn_id LEFT JOIN products p ON p.id = ti.item_id WHERE t.id = ?');
+include_once './settings/settings.php';
 $stmt->execute([ $_GET['id'] ]);
 $order_items = $stmt->fetchAll(PDO::FETCH_ASSOC);
 // Retrieve order details
 $stmt = $pdo->prepare('SELECT a.email, a.id AS a_id, a.first_name AS a_first_name, a.last_name AS a_last_name, a.address_street AS a_address_street, a.address_city AS a_address_city, a.address_state AS a_address_state, a.address_zip AS a_address_zip, a.address_country AS a_address_country, a.address_phone AS a_address_phone, t.* FROM transactions t LEFT JOIN transactions_items ti ON ti.txn_id = t.txn_id LEFT JOIN accounts a ON a.id = t.account_id WHERE t.id = ?');
 $stmt->execute([ $_GET['id'] ]);
 $order = $stmt->fetch(PDO::FETCH_ASSOC);
-// Get tax
+//SET ORIGIN FOR NAVIGATION
-$stmt = $pdo->prepare('SELECT * FROM taxes WHERE country = ?');
+$prev_page = $_SESSION['prev_origin'] ?? '';
-$stmt->execute([$order['a_address_country']]);
+$page = 'order';
 $tax = $stmt->fetch(PDO::FETCH_ASSOC);
 $tax_rate = $tax ? $tax['rate'] : 0.00;
-//Add giftcards
+//create backbutton to prev_origin
-if (isset($_GET['add_giftcard'])){
+$back_btn_orgin =  ($prev_page != '')? '<a href="'.$prev_page.'" class="btn alt mar-right-2">'.$button_back.'</a>':'';
    createGiftCart($pdo, $order['txn_id']);
 }
-//Get connected giftcards
+//Check if allowed
-$giftcards_template = $order['txn_id'].'#%#%';
+if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){
-$stmt = $pdo->prepare('SELECT * from discounts WHERE discount_code like ?');
+    header('location: index.php');
 $stmt->execute([$giftcards_template]);
 $giftcards = $stmt->fetchAll(PDO::FETCH_ASSOC);
 // Get the current date
 $current_date = strtotime((new DateTime())->format('Y-m-d H:i:s'));
 // Delete transaction
 if (isset($_GET['delete'])) {
    // Delete the transaction
    $stmt = $pdo->prepare('DELETE t, ti FROM transactions t LEFT JOIN transactions_items ti ON ti.txn_id = t.txn_id WHERE t.id = ?');
    $stmt->execute([ $_GET['id'] ]);
    // Deactive giftcards
    removeGiftCart($pdo, $_GET['txn']);
    header('Location: index.php?page=orders&success_msg=3');
    exit;
 }
-if (!$order) {
+
-    exit('Invalid ID!');
+//GET PARAMETERS && STORE in SESSION for FURTHER USE/NAVIGATION
 $pagination_page = $_SESSION['p'] = isset($_GET['p']) ? $_GET['p'] : 1;
 //PAGE Security
 $page_manage = 'order_manage';
 $update_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'U');
 $update_allowed_edit = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'U');
 $delete_allowed = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'D');
 $create_allowed = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'C');
 //GET Details from URL
 $_GET['list'] = 'order';
 $GET_VALUES = urlGETdetails($_GET) ?? '';
 //CALL TO API
 $api_url = '/v2/transactions/'.$GET_VALUES;
 $order = ioServer($api_url,'');
 //Decode Payload
 if (!empty($order)){$order = json_decode($order,true);}else{$order = null;}
 // Handle success messages
 if (isset($_GET['success_msg'])) {
    if ($_GET['success_msg'] == 1) {
        $success_msg = $message_order_1 ?? 'Created';
    }
    if ($_GET['success_msg'] == 2) {
        $success_msg = $message_order_2 ?? 'Updated';
    }
    if ($_GET['success_msg'] == 3) {
        $success_msg = $message_order_3 ?? 'Deleted' ;
    }
 }
-?>
+template_header('order', 'order', 'view');
-<?=template_admin_header('Orders', 'orders')?>
+$view = '
    <div class="content-title responsive-flex-wrap responsive-pad-bot-3">
        <h2 class="responsive-width-100">'.$order['header']['id'].' - '.$order['header']['txn_id'].'</h2>
        <a href="index.php?page='.$_SESSION['origin'].'&p='.$_SESSION['p'].'" class="btn alt mar-right-2">'.$button_cancel.'</a>
 ';
 <div class="content-title responsive-flex-wrap responsive-pad-bot-3">
    <h2 class="responsive-width-100">Order #<?=$_GET['id']?></h2>
    <a href="index.php?page=orders" class="btn alt mar-right-2">Cancel</a>
    <a href="index.php?page=order&id=<?=$_GET['id']?>&delete=true&txn=<?=$order['txn_id']?>" class="btn red mar-right-2" onclick="return confirm('Are you sure you want to delete this order?')">Delete</a>
    <a href="index.php?page=order_manage&id=<?=$_GET['id']?>" class="btn">Edit</a>
 </div>
-<div class="content-block-wrapper">
+//------------------------------------
 //
 //------------------------------------
 if ($update_allowed_edit === 1){
    $view .= '<a href="index.php?page=order_manage&id='.$_GET['id'].'" class="btn">Edit</a>';
 }
 $view .= '</div>';
 if (isset($success_msg)){
    $view .= ' <div class="msg success">
                    <i class="fas fa-check-circle"></i>
                    <p>'.$success_msg.'</p>
                    <i class="fas fa-times"></i>
                </div>';
 }
 $view .= '<div class="content-block-wrapper">';
 $view .='
    <div class="content-block order-details">
        <div class="block-header">
            <i class="fa-solid fa-cart-shopping fa-sm"></i>Order Details
        </div>
        <div class="order-detail">
            <h3>Order ID</h3>
-            <p><?=$order['id']?></p>
+            <p>' . $order['header']['id'] . '</p>
        </div>
        <div class="order-detail">
            <h3>Transaction ID</h3>
-            <p><?=$order['txn_id']?></p>
+            <p>' . $order['header']['txn_id'] . '</p>
-        </div>
+        </div>';
-        <?php if ($order['shipping_method']): ?>
+
 if ($order['header']['shipping_method']) {
    $view .='
        <div class="order-detail">
            <h3>Shipping Method</h3>
-            <p><?=$order['shipping_method'] ? htmlspecialchars($order['shipping_method'], ENT_QUOTES) : '--'?></p>
+            <p>' . htmlspecialchars($order['header']['shipping_method'], ENT_QUOTES) . '</p>
-        </div>
+        </div>';
-        <?php endif; ?>
+}
 $view .='
        <div class="order-detail">
            <h3>Payment Method</h3>
-            <p><?=$order['payment_method']?></p>
+            <p>' . $order['header']['payment_method'] . '</p>
        </div>
        <div class="order-detail">
            <h3>Payment Status</h3>
-            <p><?=$order['payment_status']?></p>
+            <p>' . $order['header']['payment_status'] . '</p>
        </div>
        <div class="order-detail">
            <h3>Date</h3>
-            <p><?=date('F j, Y H:ia', strtotime($order['created']))?></p>
+            <p>'.getRelativeTime($order['header']['created']). '</p>
-        </div>
+        </div>';
-        <?php if ($order['discount_code']): ?>
+
 if ($order['header']['discount_code']) {
    $view .='
        <div class="order-detail">
            <h3>Discount Code</h3>
-            <p><?=htmlspecialchars($order['discount_code'], ENT_QUOTES)?></p>
+            <p>' . htmlspecialchars($order['header']['discount_code'], ENT_QUOTES) . '</p>
-        </div>
+        </div>';
-        <?php endif; ?>
+}
    </div>
 $view .='    </div>';
 // Account Details Block
 $view .='
    <div class="content-block order-details">
        <div class="block-header">
            <i class="fa-solid fa-user fa-sm"></i>Account Details
-        </div>
+        </div>';
-        <?php if ($order['email']): ?>
+
 if ($order['customer']['email']) {
    $view .='
        <div class="order-detail">
            <h3>Email</h3>
-            <p><a href="index.php?page=account&id=<?=$order['a_id']?>" target="_blank" class="link1" style="margin:0"><?=htmlspecialchars($order['email'], ENT_QUOTES)?></a></p>
+            <p><a href="index.php?page=account&id=' . $order['header']['id'] . '" target="_blank" class="link1" style="margin:0">' . htmlspecialchars($order['customer']['email'], ENT_QUOTES) . '</a></p>
        </div>
        <div class="order-detail">
            <h3>Name</h3>
-            <p><?=htmlspecialchars($order['a_first_name'], ENT_QUOTES)?> <?=htmlspecialchars($order['a_last_name'], ENT_QUOTES)?></p>
+            <p>' . htmlspecialchars($order['customer']['name'], ENT_QUOTES) . '</p>
        </div>
        <div class="order-detail">
            <h3>Address</h3>
-            <p style="text-align:right;"><?=htmlspecialchars($order['a_address_street'], ENT_QUOTES)?><br>
+            <p style="text-align:right;">' . htmlspecialchars($order['customer']['street'], ENT_QUOTES) . '<br>
-                <?=htmlspecialchars($order['a_address_city'], ENT_QUOTES)?><br>
+                ' . htmlspecialchars($order['customer']['city'], ENT_QUOTES) . '<br>
-                <?=htmlspecialchars($order['a_address_state'], ENT_QUOTES)?><br>
+                ' . htmlspecialchars($order['customer']['state'], ENT_QUOTES) . '<br>
-                <?=htmlspecialchars($order['a_address_zip'], ENT_QUOTES)?><br>
+                ' . htmlspecialchars($order['customer']['zip'], ENT_QUOTES) . '<br>
-                <?=htmlspecialchars($order['a_address_country'], ENT_QUOTES)?>
+                ' . htmlspecialchars($order['customer']['country'], ENT_QUOTES) . '</p>
            </p>
        </div>
        <div class="order-detail">
            <h3>Contact</h3>
-            <p style="text-align:right;"><?=htmlspecialchars($order['a_address_phone'], ENT_QUOTES)?>
+            <p style="text-align:right;">' . htmlspecialchars($order['customer']['phone'], ENT_QUOTES) . '</p>
-            </p>
+        </div>';
-        </div>
+} else {
-        <?php else: ?>
+    $view .='        <p>The order is not associated with an account.</p>';
-        <p>The order is not associated with an account.</p>
+}
        <?php endif; ?>
    </div>
 $view .='    </div>';
 // Customer Details Block
 $view .='
    <div class="content-block order-details">
        <div class="block-header">
            <i class="fa-solid fa-user fa-sm"></i>Customer Details
        </div>
        <div class="order-detail">
            <h3>Email</h3>
-            <p><?=htmlspecialchars($order['payer_email'], ENT_QUOTES)?></p>
+            <p>' . htmlspecialchars($order['customer']['email'], ENT_QUOTES) . '</p>
        </div>
        <div class="order-detail">
            <h3>Name</h3>
-            <p><?=htmlspecialchars($order['first_name'], ENT_QUOTES)?> <?=htmlspecialchars($order['last_name'], ENT_QUOTES)?></p>
+            <p>' . htmlspecialchars($order['customer']['name'], ENT_QUOTES) . ' </p>
        </div>
        <div class="order-detail">
            <h3>Address</h3>
-            <p style="text-align:right;"><?=htmlspecialchars($order['address_street'], ENT_QUOTES)?><br>
+            <p style="text-align:right;">' . htmlspecialchars($order['customer']['street'], ENT_QUOTES) . '<br>
-                <?=htmlspecialchars($order['address_city'], ENT_QUOTES)?><br>
+                ' . htmlspecialchars($order['customer']['city'], ENT_QUOTES) . '<br>
-                <?=htmlspecialchars($order['address_state'], ENT_QUOTES)?><br>
+                ' . htmlspecialchars($order['customer']['state'], ENT_QUOTES) . '<br>
-                <?=htmlspecialchars($order['address_zip'], ENT_QUOTES)?><br>
+                ' . htmlspecialchars($order['customer']['zip'], ENT_QUOTES) . '<br>
-                <?=htmlspecialchars($order['address_country'], ENT_QUOTES)?>
+                ' . htmlspecialchars($order['customer']['country'], ENT_QUOTES) . '</p>
            </p>
        </div>
        <div class="order-detail">
            <h3>Contact</h3>
-            <p style="text-align:right;"><?=htmlspecialchars($order['a_address_phone'], ENT_QUOTES)?>
+            <p style="text-align:right;">' . htmlspecialchars($order['customer']['phone'], ENT_QUOTES) . '</p>
            </p>
        </div>
    </div>
-</div>
+</div>';
 // Order Items Table
 $view .='
 <div class="content-block">
    <div class="block-header">
        <i class="fa-solid fa-bars fa-sm"></i>Order
@@ -173,60 +209,63 @@ if (!$order) {
                    <td style="text-align:right;">Total</td>
                </tr>
            </thead>
-            <tbody>
+            <tbody>';
-                <?php if (empty($order_items)): ?>
+
 if (empty($order)) {
    $view .='
                <tr>
                    <td colspan="5" style="text-align:center;">There are no order items</td>
-                </tr>
+                </tr>';
-                <?php else: ?>
+} else {
-                <?php 
+    foreach ($order['products'] as $item) {
-                    $subtotal = 0;    
+        $view .='
                    foreach ($order_items as $item): 
                ?>
                <tr>
-                    <td><?=$item['productcode']?> <?=$item['name'] ? htmlspecialchars($item['name'], ENT_QUOTES) : '(Product ' . $item['item_id'] . ')'?></td>
+                    <td>' . ($item['product_name'] ? htmlspecialchars(${$item['product_name']} ?? $item['product_name'] , ENT_QUOTES) : '(Product ' . $item['item_id'] . ')') . '</td>
-                    <td><?=$item['item_options'] ? htmlspecialchars(str_replace(',', ', ', $item['item_options']), ENT_QUOTES) : '--'?></td>
+                    <td>' . ($item['options'] ? htmlspecialchars(implode(", ", $item['options']), ENT_QUOTES) : '--') . '</td>
-                    <td><?=$item['item_quantity']?></td>
+                    <td>' . $item['quantity'] . '</td>
-                    <td class="responsive-hidden"><?=currency_code?><?=number_format($item['item_price'], 2)?></td>
+                    <td class="responsive-hidden">' .  number_format($item['price'], 2) . '</td>
-                    <td style="text-align:right;"><?=currency_code?><?=number_format($item['item_price']*$item['item_quantity'], 2)?></td>
+                    <td style="text-align:right;">' .  number_format($item['line_total'], 2) . '</td>
-                </tr>
+                </tr>';
-                <?php $subtotal += $item['item_price']*$item['item_quantity'];?>
+    }
-                <?php endforeach; ?>
+}
-                <?php endif; ?>
+
 $view .='
                <tr>
                    <td colspan="5" class="item-list-end"></td>
                </tr>
                <tr>
                    <td colspan="4" class="subtotal">Subtotal</td>
-                    <td class="num"><?=currency_code?><?=number_format($subtotal, 2)?></td>
+                    <td class="num">' .  number_format($order['pricing']['subtotal'], 2) . '</td>
                </tr>
                <tr>
                    <td colspan="4" class="shipping">Shipping</td>
-                    <td class="num"><?=currency_code?><?=number_format($order['shipping_amount'], 2)?></td>
+                    <td class="num">' .  number_format($order['pricing']['shipping_total'], 2) . '</td>
                </tr>
                <tr>
                    <td colspan="4" class="shipping">Discount</td>
-                    <td class="num"><?=currency_code?><?=number_format(($order['payment_amount']+$order['shipping_amount'])-($subtotal), 2)?></td>
+                    <td class="num">' .  number_format($order['pricing']['discount_total'], 2) . '</td>
                </tr>
                <tr>
                    <td colspan="4" class="shipping">VAT</td>
-                    <td class="num" style="border-bottom: 1px solid #f0f1f2;"><?=currency_code?><?=number_format($order['tax_amount'], 2)?></td>
+                    <td class="num" style="border-bottom: 1px solid #f0f1f2;">' .  number_format($order['pricing']['tax_total'], 2) . '</td>
                </tr>
                <tr>
                    <td colspan="4" class="total">Total</td>
-                    <td class="num"><b><?=currency_code?><?=number_format($order['payment_amount'], 2)?></b></td>
+                    <td class="num"><b>' .  number_format($order['pricing']['payment_amount'], 2) . '</b></td>
                </tr>
            </tbody>
        </table>
    </div>
-</div>
+</div>';
 // Giftcards Block
 $view .='
 <div class="content-block">
    <div class="block-header">
        <i class="fa-solid fa-bars fa-sm"></i>Giftcards
    </div>
    <div class="table order-table">
-        <a href="index.php?page=order&id=<?=$_GET['id']?>&add_giftcard" class="btn">Relate giftcards</a>
+        <a href="index.php?page=order&id=' . $_GET['id'] . '&add_giftcard" class="btn">Relate giftcards</a>
        <table>
            <thead>
                <tr>
@@ -235,56 +274,69 @@ if (!$order) {
                    <td>Value</td>
                </tr>
            </thead>
-            <tbody>
+            <tbody>';
-                <?php if (empty($giftcards)): ?>
+
 if (empty($giftcards)) {
    $view .='
                <tr>
                    <td colspan="5" style="text-align:center;">There are no order items</td>
-                </tr>
+                </tr>';
-                <?php else: ?>
+} else {
-                <?php foreach ($giftcards as $giftcard): ?>
+    foreach ($giftcards as $giftcard) {
        $view .='
                <tr>
-                    <td><?=$giftcard['discount_code']?></td>
+                    <td>' . $giftcard['discount_code'] . '</td>
-                    <td><?=$current_date >= strtotime($giftcard['start_date']) && $current_date <= strtotime($giftcard['end_date']) ? 'Yes' : 'No'?></td>
+                    <td>' . ($current_date >= strtotime($giftcard['start_date']) && $current_date <= strtotime($giftcard['end_date']) ? 'Yes' : 'No') . '</td>
-                    <td><?=currency_code?><?=number_format($giftcard['discount_value'], 2)?></td>
+                    <td>' .  number_format($giftcard['discount_value'], 2) . '</td>
-                </tr>
+                </tr>';
-                <?php endforeach; ?>
+    }
-                <?php endif; ?>
+}
 $view .='
                <tr>
                    <td colspan="5" class="item-list-end"></td>
                </tr>
            </tbody>
        </table>
    </div>
-</div>
+</div>';
 // Invoice Block
 $view .='
 <div class="content-block">
    <div class="block-header">
        <i class="fa-solid fa-bars fa-sm"></i>Invoice
    </div>
    <div class="table order-table">
-    <table>
+        <table>
-        <tr>
+            <tr>
-            <td style="width:70px";>
+                <td style="width:70px";>
-                <form action="index.php?page=factuur" method="post">
+                    <form action="index.php?page=factuur" method="post">
-                    <input type="hidden" name="txn_id" value="<?=$order['txn_id']?>">
+                        <input type="hidden" name="txn_id" value="' . $order['header']['txn_id'] . '">
-                    <input type="submit" class="btn" name="show_invoice" value="Show">
+                        <input type="submit" class="btn" name="show_invoice" value="Show">
-                </form>
+                    </form>
-            </td>
+                </td>
-            <td style="width: 157px;">
+                <td style="width: 157px;">
-                <form action="index.php?page=factuur" method="post">
+                    <form action="index.php?page=factuur" method="post">
-                    <input type="hidden" name="txn_id" value="<?=$order['txn_id']?>">
+                        <input type="hidden" name="txn_id" value="' . $order['header']['txn_id'] . '">
-                    <input type="submit" class="btn" name="email_invoice" value="Email to Customer" onclick="return confirm('Send invoice to customer?');">
+                        <input type="submit" class="btn" name="email_invoice" value="Email to Customer" onclick="return confirm(\'Send invoice to customer?\');">
-                </form>
+                    </form>
-            </td>
+                </td>
-            <td>
+                <td>
-                <form action="index.php?page=factuur" method="post">
+                    <form action="index.php?page=factuur" method="post">
-                    <input type="hidden" name="txn_id" value="<?=$order['txn_id']?>">
+                        <input type="hidden" name="txn_id" value="' . $order['header']['txn_id'] . '">
-                    <input type="submit" class="btn" name="email_invoice_to_admin" value="Email to Admin" onclick="return confirm('Send invoice to admin?');">
+                        <input type="submit" class="btn" name="email_invoice_to_admin" value="Email to Admin" onclick="return confirm(\'Send invoice to admin?\');">
-                </form>
+                    </form>
-            </td>
+                </td>
-        </tr>
+            </tr>
-    </table>
+        </table>
-    </div>
+    </div>';
 </div>
-<?=template_admin_footer()?>
+$view .='</div>';
 //OUTPUT
 echo $view;    
 template_footer()
 ?>
--- a/order_old.php
+++ b/order_old.php
@@ -0,0 +1,290 @@
 <?php
 defined('admin') or exit;
 if (!isset($_GET['id'])) {
    exit('Invalid ID!');
 }
 // Retrieve order items
 $stmt = $pdo->prepare('SELECT ti.*, p.productcode, p.name FROM transactions t JOIN transactions_items ti ON ti.txn_id = t.txn_id LEFT JOIN products p ON p.id = ti.item_id WHERE t.id = ?');
 $stmt->execute([ $_GET['id'] ]);
 $order_items = $stmt->fetchAll(PDO::FETCH_ASSOC);
 // Retrieve order details
 $stmt = $pdo->prepare('SELECT a.email, a.id AS a_id, a.first_name AS a_first_name, a.last_name AS a_last_name, a.address_street AS a_address_street, a.address_city AS a_address_city, a.address_state AS a_address_state, a.address_zip AS a_address_zip, a.address_country AS a_address_country, a.address_phone AS a_address_phone, t.* FROM transactions t LEFT JOIN transactions_items ti ON ti.txn_id = t.txn_id LEFT JOIN accounts a ON a.id = t.account_id WHERE t.id = ?');
 $stmt->execute([ $_GET['id'] ]);
 $order = $stmt->fetch(PDO::FETCH_ASSOC);
 // Get tax
 $stmt = $pdo->prepare('SELECT * FROM taxes WHERE country = ?');
 $stmt->execute([$order['a_address_country']]);
 $tax = $stmt->fetch(PDO::FETCH_ASSOC);
 $tax_rate = $tax ? $tax['rate'] : 0.00;
 //Add giftcards
 if (isset($_GET['add_giftcard'])){
    createGiftCart($pdo, $order['txn_id']);
 }
 //Get connected giftcards
 $giftcards_template = $order['txn_id'].'#%#%';
 $stmt = $pdo->prepare('SELECT * from discounts WHERE discount_code like ?');
 $stmt->execute([$giftcards_template]);
 $giftcards = $stmt->fetchAll(PDO::FETCH_ASSOC);
 // Get the current date
 $current_date = strtotime((new DateTime())->format('Y-m-d H:i:s'));
 // Delete transaction
 if (isset($_GET['delete'])) {
    // Delete the transaction
    $stmt = $pdo->prepare('DELETE t, ti FROM transactions t LEFT JOIN transactions_items ti ON ti.txn_id = t.txn_id WHERE t.id = ?');
    $stmt->execute([ $_GET['id'] ]);
    // Deactive giftcards
    removeGiftCart($pdo, $_GET['txn']);
    header('Location: index.php?page=orders&success_msg=3');
    exit;
 }
 if (!$order) {
    exit('Invalid ID!');
 }
 ?>
 <?=template_admin_header('Orders', 'orders')?>
 <div class="content-title responsive-flex-wrap responsive-pad-bot-3">
    <h2 class="responsive-width-100">Order #<?=$_GET['id']?></h2>
    <a href="index.php?page=orders" class="btn alt mar-right-2">Cancel</a>
    <a href="index.php?page=order&id=<?=$_GET['id']?>&delete=true&txn=<?=$order['txn_id']?>" class="btn red mar-right-2" onclick="return confirm('Are you sure you want to delete this order?')">Delete</a>
    <a href="index.php?page=order_manage&id=<?=$_GET['id']?>" class="btn">Edit</a>
 </div>
 <div class="content-block-wrapper">
    <div class="content-block order-details">
        <div class="block-header">
            <i class="fa-solid fa-cart-shopping fa-sm"></i>Order Details
        </div>
        <div class="order-detail">
            <h3>Order ID</h3>
            <p><?=$order['id']?></p>
        </div>
        <div class="order-detail">
            <h3>Transaction ID</h3>
            <p><?=$order['txn_id']?></p>
        </div>
        <?php if ($order['shipping_method']): ?>
        <div class="order-detail">
            <h3>Shipping Method</h3>
            <p><?=$order['shipping_method'] ? htmlspecialchars($order['shipping_method'], ENT_QUOTES) : '--'?></p>
        </div>
        <?php endif; ?>
        <div class="order-detail">
            <h3>Payment Method</h3>
            <p><?=$order['payment_method']?></p>
        </div>
        <div class="order-detail">
            <h3>Payment Status</h3>
            <p><?=$order['payment_status']?></p>
        </div>
        <div class="order-detail">
            <h3>Date</h3>
            <p><?=date('F j, Y H:ia', strtotime($order['created']))?></p>
        </div>
        <?php if ($order['discount_code']): ?>
        <div class="order-detail">
            <h3>Discount Code</h3>
            <p><?=htmlspecialchars($order['discount_code'], ENT_QUOTES)?></p>
        </div>
        <?php endif; ?>
    </div>
    <div class="content-block order-details">
        <div class="block-header">
            <i class="fa-solid fa-user fa-sm"></i>Account Details
        </div>
        <?php if ($order['email']): ?>
        <div class="order-detail">
            <h3>Email</h3>
            <p><a href="index.php?page=account&id=<?=$order['a_id']?>" target="_blank" class="link1" style="margin:0"><?=htmlspecialchars($order['email'], ENT_QUOTES)?></a></p>
        </div>
        <div class="order-detail">
            <h3>Name</h3>
            <p><?=htmlspecialchars($order['a_first_name'], ENT_QUOTES)?> <?=htmlspecialchars($order['a_last_name'], ENT_QUOTES)?></p>
        </div>
        <div class="order-detail">
            <h3>Address</h3>
            <p style="text-align:right;"><?=htmlspecialchars($order['a_address_street'], ENT_QUOTES)?><br>
                <?=htmlspecialchars($order['a_address_city'], ENT_QUOTES)?><br>
                <?=htmlspecialchars($order['a_address_state'], ENT_QUOTES)?><br>
                <?=htmlspecialchars($order['a_address_zip'], ENT_QUOTES)?><br>
                <?=htmlspecialchars($order['a_address_country'], ENT_QUOTES)?>
            </p>
        </div>
        <div class="order-detail">
            <h3>Contact</h3>
            <p style="text-align:right;"><?=htmlspecialchars($order['a_address_phone'], ENT_QUOTES)?>
            </p>
        </div>
        <?php else: ?>
        <p>The order is not associated with an account.</p>
        <?php endif; ?>
    </div>
    <div class="content-block order-details">
        <div class="block-header">
            <i class="fa-solid fa-user fa-sm"></i>Customer Details
        </div>
        <div class="order-detail">
            <h3>Email</h3>
            <p><?=htmlspecialchars($order['payer_email'], ENT_QUOTES)?></p>
        </div>
        <div class="order-detail">
            <h3>Name</h3>
            <p><?=htmlspecialchars($order['first_name'], ENT_QUOTES)?> <?=htmlspecialchars($order['last_name'], ENT_QUOTES)?></p>
        </div>
        <div class="order-detail">
            <h3>Address</h3>
            <p style="text-align:right;"><?=htmlspecialchars($order['address_street'], ENT_QUOTES)?><br>
                <?=htmlspecialchars($order['address_city'], ENT_QUOTES)?><br>
                <?=htmlspecialchars($order['address_state'], ENT_QUOTES)?><br>
                <?=htmlspecialchars($order['address_zip'], ENT_QUOTES)?><br>
                <?=htmlspecialchars($order['address_country'], ENT_QUOTES)?>
            </p>
        </div>
        <div class="order-detail">
            <h3>Contact</h3>
            <p style="text-align:right;"><?=htmlspecialchars($order['a_address_phone'], ENT_QUOTES)?>
            </p>
        </div>
    </div>
 </div>
 <div class="content-block">
    <div class="block-header">
        <i class="fa-solid fa-bars fa-sm"></i>Order
    </div>
    <div class="table order-table">
        <table>
            <thead>
                <tr>
                    <td>Product</td>
                    <td>Options</td>
                    <td>Qty</td>
                    <td class="responsive-hidden">Price</td>
                    <td style="text-align:right;">Total</td>
                </tr>
            </thead>
            <tbody>
                <?php if (empty($order_items)): ?>
                <tr>
                    <td colspan="5" style="text-align:center;">There are no order items</td>
                </tr>
                <?php else: ?>
                <?php 
                    $subtotal = 0;    
                    foreach ($order_items as $item): 
                ?>
                <tr>
                    <td><?=$item['productcode']?> <?=$item['name'] ? htmlspecialchars($item['name'], ENT_QUOTES) : '(Product ' . $item['item_id'] . ')'?></td>
                    <td><?=$item['item_options'] ? htmlspecialchars(str_replace(',', ', ', $item['item_options']), ENT_QUOTES) : '--'?></td>
                    <td><?=$item['item_quantity']?></td>
                    <td class="responsive-hidden"><?=currency_code?><?=number_format($item['item_price'], 2)?></td>
                    <td style="text-align:right;"><?=currency_code?><?=number_format($item['item_price']*$item['item_quantity'], 2)?></td>
                </tr>
                <?php $subtotal += $item['item_price']*$item['item_quantity'];?>
                <?php endforeach; ?>
                <?php endif; ?>
                <tr>
                    <td colspan="5" class="item-list-end"></td>
                </tr>
                <tr>
                    <td colspan="4" class="subtotal">Subtotal</td>
                    <td class="num"><?=currency_code?><?=number_format($subtotal, 2)?></td>
                </tr>
                <tr>
                    <td colspan="4" class="shipping">Shipping</td>
                    <td class="num"><?=currency_code?><?=number_format($order['shipping_amount'], 2)?></td>
                </tr>
                <tr>
                    <td colspan="4" class="shipping">Discount</td>
                    <td class="num"><?=currency_code?><?=number_format(($order['payment_amount']+$order['shipping_amount'])-($subtotal), 2)?></td>
                </tr>
                <tr>
                    <td colspan="4" class="shipping">VAT</td>
                    <td class="num" style="border-bottom: 1px solid #f0f1f2;"><?=currency_code?><?=number_format($order['tax_amount'], 2)?></td>
                </tr>
                <tr>
                    <td colspan="4" class="total">Total</td>
                    <td class="num"><b><?=currency_code?><?=number_format($order['payment_amount'], 2)?></b></td>
                </tr>
            </tbody>
        </table>
    </div>
 </div>
 <div class="content-block">
    <div class="block-header">
        <i class="fa-solid fa-bars fa-sm"></i>Giftcards
    </div>
    <div class="table order-table">
        <a href="index.php?page=order&id=<?=$_GET['id']?>&add_giftcard" class="btn">Relate giftcards</a>
        <table>
            <thead>
                <tr>
                    <td>Giftcard</td>
                    <td>Valid</td>
                    <td>Value</td>
                </tr>
            </thead>
            <tbody>
                <?php if (empty($giftcards)): ?>
                <tr>
                    <td colspan="5" style="text-align:center;">There are no order items</td>
                </tr>
                <?php else: ?>
                <?php foreach ($giftcards as $giftcard): ?>
                <tr>
                    <td><?=$giftcard['discount_code']?></td>
                    <td><?=$current_date >= strtotime($giftcard['start_date']) && $current_date <= strtotime($giftcard['end_date']) ? 'Yes' : 'No'?></td>
                    <td><?=currency_code?><?=number_format($giftcard['discount_value'], 2)?></td>
                </tr>
                <?php endforeach; ?>
                <?php endif; ?>
                <tr>
                    <td colspan="5" class="item-list-end"></td>
                </tr>
            </tbody>
        </table>
    </div>
 </div>
 <div class="content-block">
    <div class="block-header">
        <i class="fa-solid fa-bars fa-sm"></i>Invoice
    </div>
    <div class="table order-table">
    <table>
        <tr>
            <td style="width:70px";>
                <form action="index.php?page=factuur" method="post">
                    <input type="hidden" name="txn_id" value="<?=$order['txn_id']?>">
                    <input type="submit" class="btn" name="show_invoice" value="Show">
                </form>
            </td>
            <td style="width: 157px;">
                <form action="index.php?page=factuur" method="post">
                    <input type="hidden" name="txn_id" value="<?=$order['txn_id']?>">
                    <input type="submit" class="btn" name="email_invoice" value="Email to Customer" onclick="return confirm('Send invoice to customer?');">
                </form>
            </td>
            <td>
                <form action="index.php?page=factuur" method="post">
                    <input type="hidden" name="txn_id" value="<?=$order['txn_id']?>">
                    <input type="submit" class="btn" name="email_invoice_to_admin" value="Email to Admin" onclick="return confirm('Send invoice to admin?');">
                </form>
            </td>
        </tr>
    </table>
    </div>
 </div>
 <?=template_admin_footer()?>
--- a/orders.php
+++ b/orders.php
@@ -1,172 +1,143 @@
 <?php
-defined('admin') or exit;
+defined(page_security_key) or exit;
-// Retrieve the GET request parameters (if specified)
+
-$pagination_page = isset($_GET['pagination_page']) ? $_GET['pagination_page'] : 1;
+if (debug && debug_id == $_SESSION['id']){
-$search = isset($_GET['search']) ? $_GET['search'] : '';
+    ini_set('display_errors', '1');
-// Filters parameters
+    ini_set('display_startup_errors', '1');
-$status = isset($_GET['status']) ? $_GET['status'] : '';
+    error_reporting(E_ALL);  
-$method = isset($_GET['method']) ? $_GET['method'] : '';
+}
-$account_id = isset($_GET['account_id']) ? $_GET['account_id'] : '';
+
-// Order by column
+include_once './assets/functions.php';
-$order = isset($_GET['order']) && $_GET['order'] == 'ASC' ? 'ASC' : 'DESC';
+include_once './settings/settings.php';
-// Add/remove columns to the whitelist array
+
-$order_by_whitelist = ['id','first_name','total_products','payment_amount','payment_method','payment_status','created','payer_email'];
+//SET ORIGIN FOR NAVIGATION
-$order_by = isset($_GET['order_by']) && in_array($_GET['order_by'], $order_by_whitelist) ? $_GET['order_by'] : 'created';
+$prev_page = $_SESSION['prev_origin'] ?? '';
-// Number of results per pagination page
+$page = $_SESSION['origin'] = 'orders';
-$results_per_page = 20;
+
-// Declare query param variables
+//Check if allowed
-$param1 = ($pagination_page - 1) * $results_per_page;
+if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){
-$param2 = $results_per_page;
+    header('location: index.php');
-$param3 = '%' . $search . '%';
+    exit;
-// SQL where clause
+}
-$where = '';
+
-$where .= $search ? 'WHERE (t.first_name LIKE :search OR t.last_name LIKE :search OR t.id LIKE :search OR t.txn_id LIKE :search OR t.payer_email LIKE :search) ' : '';
+//GET PARAMETERS
-// Add filters
+$pagination_page = isset($_GET['p']) ? $_GET['p'] : 1;
-// Payment status filter
+$search = isset($_GET['search']) ? '&search='.$_GET['search'] : '';
-if ($status == 1) $where .= $where ? 'AND payment_status = "Completed" ' : 'WHERE payment_status = "Completed" ';
+
 if ($status == 2) $where .= $where ? 'AND payment_status = "Pending" ' : 'WHERE payment_status = "Pending" ';
 if ($status == 3) $where .= $where ? 'AND payment_status = "Cancelled" ' : 'WHERE payment_status = "Cancelled" ';
 if ($status == 4) $where .= $where ? 'AND payment_status = "Reversed" ' : 'WHERE payment_status = "Reversed" ';
 if ($status == 5) $where .= $where ? 'AND payment_status = "Shipped" ' : 'WHERE payment_status = "Shipped" ';
 // Payment method filter
 if ($method == 1) $where .= $where ? 'AND payment_method = "website" ' : 'WHERE payment_status = "website" ';
 if ($method == 2) $where .= $where ? 'AND payment_method = "paypal" ' : 'WHERE payment_status = "paypal" ';
 if ($method == 3) $where .= $where ? 'AND payment_method = "stripe" ' : 'WHERE payment_status = "stripe" ';
 // Account ID filter
 if ($account_id) $where .= $where ? 'AND account_id = :account_id ' : 'WHERE account_id = :account_id ';
 // Retrieve the total number of transactions
 $stmt = $pdo->prepare('SELECT COUNT(DISTINCT t.id) AS total FROM transactions t LEFT JOIN transactions_items ti ON ti.txn_id = t.txn_id ' . $where);
 if ($search) $stmt->bindParam('search', $param3, PDO::PARAM_STR);
 if ($account_id) $stmt->bindParam('account_id', $account_id, PDO::PARAM_INT);
 $stmt->execute();
 $orders_total = $stmt->fetchColumn();
 // Retrieve transactions 
 $stmt = $pdo->prepare('SELECT t.*, COUNT(ti.id) AS total_products FROM transactions t LEFT JOIN transactions_items ti ON ti.txn_id = t.txn_id ' . $where . ' GROUP BY t.id, t.txn_id, t.payment_amount, t.payment_status, t.created, t.payer_email, t.first_name, t.last_name, t.address_street, t.address_city, t.address_state, t.address_zip, t.address_country, t.account_id, t.payment_method, t.discount_code, t.shipping_method, t.shipping_amount ORDER BY ' . $order_by . ' ' . $order . ' LIMIT :start_results,:num_results');
 // Bind params
 $stmt->bindParam('start_results', $param1, PDO::PARAM_INT);
 $stmt->bindParam('num_results', $param2, PDO::PARAM_INT);
 if ($search) $stmt->bindParam('search', $param3, PDO::PARAM_STR);
 if ($account_id) $stmt->bindParam('account_id', $account_id, PDO::PARAM_INT);
 $stmt->execute();
 // Retrieve query results
 $orders = $stmt->fetchAll(PDO::FETCH_ASSOC);
 // Determine the URL
-$url = 'index.php?page=orders&search=' . $search . '&status=' . $status . '&method=' . $method . '&account_id=' . $account_id;
+$url = 'index.php?page=transactions'.$search;
 //GET Details from URL
 $GET_VALUES = urlGETdetails($_GET) ?? '';
 //CALL TO API
 $api_url = '/v2/transactions/'.$GET_VALUES;
 $orders = ioServer($api_url,'');
 //Decode Payload
 if (!empty($orders)){$orders = json_decode($orders,true);}else{$orders = null;}
 //Return QueryTotal from API
 $api_url = '/v2/transactions/totals=';
 $query_total = ioServer($api_url,'');
 //Decode Payload
 if (!empty($query_total)){$query_total = json_decode($query_total,true);}else{$query_total = null;}
 // Handle success messages
 if (isset($_GET['success_msg'])) {
    if ($_GET['success_msg'] == 1) {
-        $success_msg = 'Order created successfully!';
+        $success_msg = $message_orders_1 ?? 'Created';
    }
    if ($_GET['success_msg'] == 2) {
-        $success_msg = 'Order updated successfully!';
+        $success_msg = $message_orders_2 ?? 'Updated';
    }
    if ($_GET['success_msg'] == 3) {
-        $success_msg = 'Order deleted successfully!';
+        $success_msg = $message_orders_3 ?? 'Deleted' ;
    }
 }
 ?>
 <?=template_admin_header('Orders', 'orders')?>
 template_header('orders', 'orders','view');
 $view = '
 <div class="content-title">
    <div class="title">
-        <i class="fa-solid fa-cart-shopping"></i>
+        <i class="fa-solid fa-truck-fast"></i>
        <div class="txt">
-            <h2>Orders</h2>
+            <h2>'.($orders_h2 ?? 'orders').' ('.$query_total.')</h2>
-            <p>View, create, and search orders.</p>
+            <p>'.($orders_p ?? '').'</p>
        </div>
    </div>
-</div>
+</div>';
-<?php if (isset($success_msg)): ?>
+if (isset($success_msg)){
-<div class="msg success">
+$view .= ' <div class="msg success">
-    <i class="fas fa-check-circle"></i>
+                <i class="fas fa-check-circle"></i>
-    <p><?=$success_msg?></p>
+                <p>'.$success_msg.'</p>
-    <i class="fas fa-times"></i>
+                <i class="fas fa-times"></i>
-</div>
+            </div>';
-<?php endif; ?>
+}
 $view .= '
 <div class="content-header responsive-flex-column pad-top-5">
-    <a href="index.php?page=order_manage" class="btn">Create Order</a>
+    <a href="index.php?page=orders_manage" class="btn">'.($button_create_orders ?? 'Create order').'</a>
    <form action="" method="get">
        <input type="hidden" name="page" value="orders">
        <div class="filters">
            <a href="#"><i class="fas fa-sliders-h"></i> Filters</a>
            <div class="list">
                <select name="status">
                    <option value="" disabled selected>Status</option>
                    <option value="1"<?=$status==1?' selected':''?>>Completed</option>
                    <option value="2"<?=$status==2?' selected':''?>>Pending</option>
                    <option value="3"<?=$status==3?' selected':''?>>Cancelled</option>
                    <option value="4"<?=$status==4?' selected':''?>>Reversed</option>
                    <option value="5"<?=$status==5?' selected':''?>>Shipped</option>
                </select>
                <select name="method">
                    <option value="" disabled selected>Method</option>
                    <option value="1"<?=$method==1?' selected':''?>>Website</option>
                    <option value="2"<?=$method==2?' selected':''?>>PayPal</option>
                    <option value="3"<?=$method==3?' selected':''?>>Stripe</option>
                </select>
                <button type="submit">Apply</button>
            </div>
        </div>
        <div class="search">
            <label for="search">
                <input id="search" type="text" name="search" placeholder="Search order..." value="<?=htmlspecialchars($search, ENT_QUOTES)?>" class="responsive-width-100">
                <i class="fas fa-search"></i>
            </label>
        </div>
    </form>
 </div>
 <div class="content-block">
    <div class="table">
        <table>
            <thead>
                <tr>
-                    <td><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=id'?>">#<?php if ($order_by=='id'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
+                    <td>'.($orders_id ?? '#').'</td>
-                    <td><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=first_name'?>">Customer<?php if ($order_by=='first_name'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
+                    <td>'.($orders_customer ?? 'name').'</td>
-                    <td class="responsive-hidden"><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=payer_email'?>">Email<?php if ($order_by=='payer_email'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
+                    <td>'.($orders_payment_amount ?? 'Total').'</td>
-                    <td class="responsive-hidden"><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=total_products'?>">Products<?php if ($order_by=='total_products'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
+                    <td class="responsive-hidden">'.($orders_method ?? 'Method').'</td>
-                    <td><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=payment_amount'?>">Total<?php if ($order_by=='payment_amount'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
+                    <td class="responsive-hidden">'.($orders_status ?? 'Status').'</td>
-                    <td class="responsive-hidden"><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=payment_method'?>">Method<?php if ($order_by=='payment_method'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
+                    <td class="responsive-hidden">'.($orders_created ?? 'Created').'</td>
-                    <td class="responsive-hidden"><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=payment_status'?>">Status<?php if ($order_by=='payment_status'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
+                    <td>'.$general_actions.'</td>
                    <td class="responsive-hidden"><a href="<?=$url . '&order=' . ($order=='ASC'?'DESC':'ASC') . '&order_by=created'?>">Date<?php if ($order_by=='created'): ?><i class="fas fa-level-<?=str_replace(['ASC', 'DESC'], ['up','down'], $order)?>-alt fa-xs"></i><?php endif; ?></a></td>
                    <td>Actions</td>
                </tr>
            </thead>
-            <tbody>
+            <tbody>';
-                <?php if (empty($orders)): ?>
+                if (empty($orders)){
-                <tr>
+                $view .= '<tr>
-                    <td colspan="9" style="text-align:center;">There are no orders</td>
+                            <td colspan="8" style="text-align:center;">'.($message_no_orders ?? 'There are no orders').'</td>
-                </tr>
+                         </tr>';
-                <?php else: ?>
+                }
-                <?php foreach ($orders as $i): ?>
+                else {
-                <tr>
+                    foreach ($orders as $order){
-                    <td><?=$i['id']?></td>
+                   
-                    <td><?=htmlspecialchars($i['first_name'], ENT_QUOTES)?> <?=htmlspecialchars($i['last_name'], ENT_QUOTES)?></td>
+                        $view .= '
-                    <td class="responsive-hidden"><?=htmlspecialchars($i['payer_email'], ENT_QUOTES)?></td>
+                        <tr>
-                    <td class="responsive-hidden"><?=$i['total_products']?></td>
+                            <td>'.$order['id'].'</td>
-                    <td><?=currency_code?><?=number_format($i['payment_amount'], 2)?></td>
+                            <td>'.$order['first_name'].' '.$order['last_name'].'</td>
-                    <td class="responsive-hidden"><?=$i['payment_method']?></td>
+                            <td>'.number_format($order['payment_amount'], 2).'</td>
-                    <td class="responsive-hidden"><span class="status <?=strtolower($i['payment_status'])?>"><?=$i['payment_status']?></span></td>
+                            <td class="responsive-hidden">'.$order['payment_method'].'</td>
-                    <td class="responsive-hidden"><?=date('F j, Y', strtotime($i['created']))?></td>
+                            <td class="responsive-hidden">'.$order['payment_status'].'</td>
-                    <td><a href="index.php?page=order&id=<?=$i['id']?>" class="link1">View</a> <a href="index.php?page=order_manage&id=<?=$i['id']?>" class="link1">Edit</a></td>
+                            <td class="responsive-hidden">'.getRelativeTime($order['created']).'</td>
-                </tr>
+                            <td><a href="index.php?page=order&id='.$order['id'].'" class="btn_link">'.$general_view.'</a></td>
-                <?php endforeach; ?>
+                        </tr>';
-                <?php endif; ?>
+                    }
                }
 $view .= '                
            </tbody>
        </table>
    </div>
 </div>
 ';
-<div class="pagination">
+$view.='<div class="pagination">';
-    <?php if ($pagination_page > 1): ?>
+if ($pagination_page > 1) {
-    <a href="<?=$url?>&pagination_page=<?=$pagination_page-1?>&order=<?=$order?>&order_by=<?=$order_by?>">Prev</a>
+    $page = $pagination_page-1;
-    <?php endif; ?>
+    $view .= '<a href="'.$url.'&p=1">'.$general_first.'</a>';
-    <span>Page <?=$pagination_page?> of <?=ceil($orders_total / $results_per_page) == 0 ? 1 : ceil($orders_total / $results_per_page)?></span>
+    $view .= '<a href="'.$url.'&p='.$page.'">'.$general_prev.'</a>';
-    <?php if ($pagination_page * $results_per_page < $orders_total): ?>
+}
-    <a href="<?=$url?>&pagination_page=<?=$pagination_page+1?>&order=<?=$order?>&order_by=<?=$order_by?>">Next</a>
+$totals = ceil($query_total / $page_rows_transactions) == 0 ? 1 : ceil($query_total / $page_rows_transactions);
-    <?php endif; ?>
+$view .= '<span> '.$general_page.$pagination_page.$general_page_of.$totals.'</span>';
-</div>
+if ($pagination_page * $page_rows_transactions < $query_total){
    $page = $pagination_page+1;
    $view .= '<a href="'.$url.'&p='.$page.'">'.$general_next.'</a>';
    $view .= '<a href="'.$url.'&p='.$totals.'">'.$general_last.'</a>';
-<?=template_admin_footer()?>
+}
 $view .= '</div>';
 //OUTPUT
 echo $view;
 template_footer();
 ?>
--- a/settings/settingsmenu.php
+++ b/settings/settingsmenu.php
@@ -12,7 +12,7 @@ $main_menu = array ('dashboard','sales','buildtool','cartests','marketing','equi
 //Sub menus
 $equipments_sub = array('equipments','servicereports','rmas','histories','firmwaretool','equipments_mass_update');
-$sales_sub = array('accounts','contracts','catalog');
+$sales_sub = array('accounts','contracts','catalog','orders');
 $products_sub = array('products','products_attributes','pricelists');
 $admin_sub = array('users','categories','discounts','shipping','communications','partners','media');
 $reporting_sub = array('report_build','report_contracts_billing','report_healthindex','report_usage');
@@ -98,6 +98,12 @@ $urls = array(
        "icon" => "fas fa-tachometer-alt",
        "name" => "menu_sales_contracts"  
        ),
    "orders" => array(
        "url" => "orders", 
        "selected" => "orders", 
        "icon" => "fas fa-tachometer-alt",
        "name" => "menu_sales_orders"  
        ),
    "admin" => array(
        "url" => "partners", 
        "selected" => "partners", 
@@ -286,6 +292,7 @@ $supportedModifiers = ["0" =>"subtract", "1"=>"add"];
 // +++++++++++++++++++++++++++++++++++++++++++++++++++++++
 $all_profiles = [
    "build",
    "commerce",
    "distribution",
    "firmware",
    "garage",
--- a/settings/settingsprofiles.php
+++ b/settings/settingsprofiles.php
@@ -6,9 +6,11 @@ define('superuser_profile','dashboard,profile,assets,equipments,equipment,equipm
 /*Admin*/
 define('admin_profile','dashboard,profile,buildtool,sales,accounts,account,contracts,contract,contract_manage,cartests,cartest,cartest_manage,assets,equipments,equipment,equipment_healthindex,equipment_data,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,rmas,rma,rma_manage,rma_history,rma_history_manage,buildtool,products,products_versions,products_software,product,product_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,communications,communication,communication_send,marketing,reporting,report_build,report_contracts_billing,report_healthindex,changelog,application');
 /*AdminPlus*/
-define('adminplus_profile','dashboard,profile,buildtool,sales,accounts,account,contracts,contract,contract_manage,billing,cartests,cartest,cartest_manage,assets,equipments,equipment,equipment_healthindex,equipment_data,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,rmas,rma,rma_manage,rma_history,rma_history_manage,buildtool,products,products_versions,products_software,products_attributes,products_attributes_items,products_attributes_manage,products_configurations,products_categories,products_media,product,product_manage,pricelists,pricelists_items,pricelists_manage,catalog,categories,category,discounts,discount,shipping,shipping_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,communications,communication,communication_send,marketing,reporting,report_build,report_contracts_billing,report_healthindex,report_usage,config,settings,logfile,changelog,language,translations,translations_details,translation_manage,media,media_manage,application,maintenance,profiles,vin,shopping_cart,checkout,placeorder,taxes,transactions,transactions_items,invoice');
+define('adminplus_profile','dashboard,profile,buildtool,sales,accounts,account,contracts,contract,contract_manage,billing,cartests,cartest,cartest_manage,assets,equipments,equipment,equipment_healthindex,equipment_data,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,rmas,rma,rma_manage,rma_history,rma_history_manage,buildtool,products,products_versions,products_software,products_attributes,products_attributes_items,products_attributes_manage,products_configurations,products_categories,products_media,product,product_manage,pricelists,pricelists_items,pricelists_manage,catalog,categories,category,discounts,discount,shipping,shipping_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,communications,communication,communication_send,marketing,reporting,report_build,report_contracts_billing,report_healthindex,report_usage,config,settings,logfile,changelog,language,translations,translations_details,translation_manage,media,media_manage,application,maintenance,profiles,vin,shopping_cart,checkout,placeorder,taxes,transactions,transactions_items,invoice,order,orders');
 /*Build*/
 define('build','dashboard,profile,buildtool,firmwaretool,buildtool,products_software,application');
 /*Commerce*/
 define('commerce','dashboard,profile,assets,equipments,equipment,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,products,products_versions,products_software,product,product_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,marketing,application');
 /*Distribution*/
 define('distribution','dashboard,profile,assets,equipments,equipment,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,products,products_versions,products_software,product,product_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,marketing,application');
 /*Firmware*/
--- a/settings/settingsviews.php
+++ b/settings/settingsviews.php
@@ -93,7 +93,9 @@ $all_views = [
    "taxes",
    "transactions",
    "transactions_items",
-    "invoice"
+    "invoice",
    "order",
    "orders"
 ];
 ?>
--- a/shipping.php
+++ b/shipping.php
@@ -125,7 +125,7 @@ $view .= '
                            <td class="responsive-hidden">'.number_format($shipment['price_from'], 2).' - '.number_format($shipment['price_to'], 2).'</td>
                            <td class="responsive-hidden">'.number_format($shipment['weight_from'], 2).' kg - '.number_format($shipment['weight_to'], 2).' kg</td>
                            <td><?=currency_code?>'.number_format($shipment['price'], 2).'</td>
-                            <td><a href="index.php?page=shipping_manage&id='.$shipment['id'].'" class="link1">'.$general_view.'</a></td>
+                            <td><a href="index.php?page=shipping_manage&id='.$shipment['id'].'" class="btn_link">'.$general_view.'</a></td>
                        </tr>';
                    }
                }
--- a/taxes.php
+++ b/taxes.php
@@ -63,7 +63,7 @@ if (isset($_GET['success_msg'])) {
                    <td class="responsive-hidden"><?=$tax['id']?></td>
                    <td><?=$tax['country']?></td>
                    <td><?=$tax['rate']?>%</td>
-                    <td><a href="index.php?page=tax&id=<?=$tax['id']?>" class="link1">Edit</a></td>
+                    <td><a href="index.php?page=tax&id=<?=$tax['id']?>" class="btn_link">Edit</a></td>
                </tr>
                <?php endforeach; ?>
                <?php endif; ?>