pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
“VeLiTi”
2024-03-15 12:43:10 +01:00
commit 670b00eeab
424 changed files with 216891 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
api/v1/.DS_Store vendored Normal file
View File

Binary file not shown.

79
api/v1/authorization.php Normal file
View File

@@ -0,0 +1,79 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Get user_details
//------------------------------------------
$user_credentials = json_decode(decode_payload($input),true);
//Connect to DB
$pdo = dbConnect($dbname_users);
$username = $user_credentials['username'] ?? '';
//Define Query
$stmt = $pdo->prepare('SELECT id, username, password, salesID, partnerhierarchy, view, service, settings, lastlogin, userkey, language FROM users WHERE username = ?');
//Excute Query
$stmt->execute([$username]);
// Check if username exists. Verify user exists then verify
if ($stmt->rowCount() == 1) {
$user_data = $stmt->fetch();
$permission = userRights($user_data['view']);
$profile = getProfile($user_data['settings'],$permission);
$password = $user_credentials['password'];
if (array_key_exists('resetkey', $user_credentials)){
if ($user_credentials['resetkey'] == ''){
//Reset procedure
//STEP 1.A- Create resetkey
$headers = array('alg'=>'HS256','typ'=>'JWT');
$payload = array('username'=>$user_data['username'], 'exp'=>(time() + 1800));
$resetkey = generate_jwt($headers, $payload);
//STEP 1.B Store in DB
$sql = 'UPDATE users SET resetkey = ? WHERE id = ?';
$stmt = $pdo->prepare($sql);
$stmt->execute([$resetkey,$user_data['id']]);
//STEP 2- Send to user
include_once './assets/mail/email_template_reset.php';
send_mail($user_data['username'],$subject,$message,'','');
}
} else { //STANDARD LOGIN
if (password_verify($password, $user_data['password'])) {
$token = createCommunicationToken($user_data['service']);
$user = array(
'id' => $user_data['id'],
'username' => $user_data['username'],
'salesID' => $user_data['salesID'],
'partnerhierarchy' => $user_data['partnerhierarchy'],
'permission' => $permission,
'profile' => $profile,
'service' => $user_data['service'],
'userkey' => $user_data['userkey'],
'language' => $user_data['language'],
'token' => $token
);
//Encrypt results
$messages = generate_payload($user);
//Send results
print_r($messages);
} else {
http_response_code(403); //Not authorized
}
}
} elseif (array_key_exists('resetkey', $user_credentials)) {
if ($user_credentials['resetkey'] != ''){
//UPDATE PASSWORD BASED ON RESETKEY
$password = $user_credentials['password'];
$passwordvalid = password_hash($password, PASSWORD_DEFAULT);
$stmt = $pdo->prepare('UPDATE users SET password = ? WHERE resetkey = ? ');
$stmt->execute([$passwordvalid, $user_credentials['resetkey']]);
} else {
http_response_code(403);//Not authorized
}
}
else
{
http_response_code(403);//Not authorized
}
?>

129
api/v1/get/accounts.php Normal file
View File

@@ -0,0 +1,129 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Accounts
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname_users);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
}
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'accountdetails') {
//build up search
$clause .= ' AND accountdetails like :'.$v[0];
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND accountdetails like :'.$v[0];
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM account '.$whereclause.'';
}
elseif (isset($criterias['list']) && $criterias['list'] =='') {
//SQL for Paging
$sql = 'SELECT * FROM account '.$whereclause.'';
}
else {
//SQL for Paging
$sql = 'SELECT * FROM account '.$whereclause.' LIMIT :page,:num_products';
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search' ||$key == 'accountdetails' ){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
elseif(isset($criterias['list']) && $criterias['list']==''){
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * $page_rows_accounts, PDO::PARAM_INT);
$stmt->bindValue('num_products', $page_rows_accounts, PDO::PARAM_INT);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//Encrypt results
$messages = generate_payload($messages);
//Send results
echo $messages;
?>

212
api/v1/get/application.php Normal file
View File

@@ -0,0 +1,212 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Application related calls
//------------------------------------------
$action = $request[3] ?? '';
//------------------------------------------
// Check for action & start application API
//------------------------------------------
if ($action !=''){
//------------------------------------------
//Connect to DB
//------------------------------------------
$pdo = dbConnect($dbname);
//------------------------------------------
//Get user_rights from users.php
//------------------------------------------
$partner = json_decode($partnerhierarchy);
//------------------------------------------
//SoldTo is empty
//------------------------------------------
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//------------------------------------------
//default whereclause
//------------------------------------------
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
case '2':
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = 'WHERE e.accounthierarchy like "'.$condition.'"';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
$whereclause = 'WHERE e.accounthierarchy like "'.$condition.'"';
break;
}
//------------------------------------------
//NEW ARRAY
//------------------------------------------
$criterias = [];
$clause = '';
//------------------------------------------
//Check for $_GET variables and build up clause
//------------------------------------------
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='history' || $v[0] =='target' || $v[0] =='success_msg'){
//do nothing
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//------------------------------------------
// QUERY define query
//------------------------------------------
switch ($action) {
case 'get_rowID':
$sql = 'SELECT e.rowID from equipment e '.$whereclause.'';
break;
case 'firmwareCommunication':
if (isset($criterias['hw_version']) && $criterias['hw_version'] != ''){
include './settings/systemfirmware.php';
$target = $criterias['target'] ?? '0';
//FILTER VARIABLES FOR SQL
$filter1 = 'soldto":"';
$filter2 = '","shipto';
$filter3 = 'shipto":"';
$filter4 = '","location';
//ADD additional createria to whereclause (Firmware and Active)
$whereclause .= " AND c.type_1='1' AND c.status='1' AND e.status != 5 AND (e.sw_version != '$FirmwarenameR06' OR e.sw_version != '$FirmwarenameR06A' OR e.sw_version != '$FirmwarenameR07A' OR e.sw_version != '$FirmwarenameR07B' OR e.sw_version != '$FirmwarenameR07' OR e.sw_version != '$FirmwarenameR08')";
//get target
switch ($target) {
case '0': // Both
$onclause ="SUBSTRING_INDEX(SUBSTRING_INDEX(e.accounthierarchy, '$filter1', -1),'$filter2',1) = c.partnerID or SUBSTRING_INDEX(SUBSTRING_INDEX(e.accounthierarchy, '$filter3', -1),'$filter4',1) = c.partnerID";
break;
case '1': // SoldTO only
$onclause ="SUBSTRING_INDEX(SUBSTRING_INDEX(e.accounthierarchy, '$filter1', -1),'$filter2',1) = c.partnerID";
break;
case '2': // ShipTO only
$onclause =" SUBSTRING_INDEX(SUBSTRING_INDEX(e.accounthierarchy, '$filter3', -1),'$filter4',1) = c.partnerID";
break;
}
$sql = "SELECT e.sw_version, c.email from equipment e join communication c on $onclause $whereclause group by c.email";
}
else {
http_response_code(400);
}
break;
case 'serviceforecast':
$sql = 'SELECT YEAR(e.service_date) AS year, QUARTER(e.service_date) AS quarter, count(e.rowID) AS count FROM equipment e '.$whereclause.' GROUP BY YEAR(e.service_date), QUARTER(e.service_date)';
break;
case 'warrantyforecast':
$sql = 'SELECT YEAR(e.warranty_date) AS year, QUARTER(e.warranty_date) AS quarter, count(e.rowID) AS count FROM equipment e '.$whereclause.' GROUP BY YEAR(e.warranty_date), QUARTER(e.warranty_date)';
break;
default:
# code...
break;
}
$stmt = $pdo->prepare($sql);
//------------------------------------------
// BIND VARIABELS
//------------------------------------------
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
//------------------------------------------
//Excute Query
//------------------------------------------
$stmt->execute();
//------------------------------------------
//Get results
//------------------------------------------
switch ($action) {
case 'get_rowID':
$messages = $stmt->fetch();
break;
case 'firmwareCommunication':
$result = $stmt->fetchAll(PDO::FETCH_ASSOC);
if ($result) {
$messages = json_encode(array("firmware_scope"=> count($result)));
}
else {
$messages = json_encode(array("firmware_scope"=> '0'));
}
break;
case 'serviceforecast':
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
break;
case 'warrantyforecast':
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
break;
}
//------------------------------------------
//Encrypt results
//------------------------------------------
$messages = generate_payload($messages);
//------------------------------------------
//Send results
//------------------------------------------
echo $messages;
//------------------------------------------
// END APPLICATION API
//------------------------------------------
}
else
{
echo null;
}

67
api/v1/get/authorization.php Normal file
View File

@@ -0,0 +1,67 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Get user_details
//------------------------------------------
$user_credentials = json_decode(decode_payload($input),true);
//Connect to DB
$pdo = dbConnect($dbname_users);
$username = $user_credentials['username'];
//Define Query
$stmt = $pdo->prepare('SELECT id, username, password, salesID, partnerhierarchy, view, service, settings, lastlogin, userkey, language FROM users WHERE username = ?');
//Excute Query
$stmt->execute([$username]);
// Check if username exists. Verify user exists then verify
if ($stmt->rowCount() == 1) {
$user_data = $stmt->fetch();
$permission = userRights($user_data['view']);
$profile = getProfile($user_data['settings'],$permission);
$password = $user_credentials['password'];
if (array_key_exists('resetkey', $user_credentials)){
//Reset procedure
//STEP 1.A- Create resetkey
$headers = array('alg'=>'HS256','typ'=>'JWT');
$payload = array('username'=>$user_data['username'], 'exp'=>(time() + 1800));
$resetkey = generate_jwt($headers, $payload);
//STEP 1.B Store in DB
$sql = 'UPDATE users SET resetkey = ? WHERE id = ?';
$stmt = $pdo->prepare($sql);
$stmt->execute([$resetkey,$user_data['id']]);
//STEP 2- Send to user
include_once './assets/mail/email_template_reset.php';
send_mail($user_data['username'],$subject,$message,'','');
} else { //STANDARD LOGIN
if (password_verify($password, $user_data['password'])) {
$token = createCommunicationToken($user_data['service']);
$user = array(
'id' => $user_data['id'],
'username' => $user_data['username'],
'salesID' => $user_data['salesID'],
'partnerhierarchy' => $user_data['partnerhierarchy'],
'permission' => $permission,
'profile' => $profile,
'service' => $user_data['service'],
'userkey' => $user_data['userkey'],
'language' => $user_data['language'],
'token' => $token
);
//Encrypt results
$messages = generate_payload($user);
//Send results
print_r($messages);
} else {
http_response_code(403); //Not authorized
}
}
}
else
{
http_response_code(403);//Not authorized
}
?>

125
api/v1/get/communications.php Normal file
View File

@@ -0,0 +1,125 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Communications
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = 'WHERE salesID like "'.$condition.'"';
break;
}
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND email like :'.$v[0];
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM communication '.$whereclause.'';
}
elseif (isset($criterias['list']) && $criterias['list'] =='') {
//SQL for Paging
$sql = 'SELECT * FROM communication '.$whereclause.'';
}
else {
//SQL for Paging
$sql = 'SELECT * FROM communication '.$whereclause.' LIMIT :page,:num_products';
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
elseif(isset($criterias['list']) && $criterias['list']==''){
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * $page_rows_communication, PDO::PARAM_INT);
$stmt->bindValue('num_products', $page_rows_communication, PDO::PARAM_INT);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//Encrypt results
$messages = generate_payload($messages);
//Send results
echo $messages;
?>

110
api/v1/get/contracts.php Normal file
View File

@@ -0,0 +1,110 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Products
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//NEW ARRAY
$whereclause ='';
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND reference like :'.$v[0];
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM contracts '.$whereclause.'';
}
elseif (isset($criterias['list']) && $criterias['list'] =='') {
//SQL for Paging
$sql = 'SELECT * FROM contracts '.$whereclause.'';
}
else {
//SQL for Paging
$sql = 'SELECT * FROM contracts '.$whereclause.' LIMIT :page,:num_products';
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
elseif(isset($criterias['list']) && $criterias['list']==''){
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * $page_rows_contracts, PDO::PARAM_INT);
$stmt->bindValue('num_products', $page_rows_contracts, PDO::PARAM_INT);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//Encrypt results
$messages = generate_payload($messages);
//Send results
echo $messages;
?>

196
api/v1/get/equipments.php Normal file
View File

@@ -0,0 +1,196 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Equipments
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//Get user_rights from users.php
$partner = json_decode($partnerhierarchy);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
case '2':
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = 'WHERE e.accounthierarchy like :condition ';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
$whereclause = 'WHERE e.accounthierarchy like :condition ';
break;
}
//------------------------------------------
//NEW ARRAY
//------------------------------------------
$criterias = [];
$clause = '';
//------------------------------------------
//Check for $_GET variables and build up clause
//------------------------------------------
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='history' || $v[0] =='success_msg' || $v[0] =='download'){
//do nothing
}
elseif ($v[0] == 'equipmentid') {
//build up search
$clause .= ' AND e.rowID = :'.$v[0];
}
elseif ($v[0] == 'servicedate') {
//build up service coverage
$clause .= ' AND e.service_date <= :'.$v[0];
}
elseif ($v[0] == 'warrantydate') {
//build up warranty coverage
$clause .= ' AND e.warranty_date >= :'.$v[0];
}
elseif ($v[0] == 'historyid') {
//build up history ID
$clause .= ' AND h.rowID = :'.$v[0];
}
elseif ($v[0] == 'type') {
//build up history ID
$clause .= ' AND h.type = :'.$v[0];
}
elseif ($v[0] == 'h_equipmentid') {
//build up search
$clause .= ' AND h.equipmentid = :'.$v[0];
}
elseif ($v[0] == 'status') {
//Update status based on status
$clause .= ' AND e.'.$v[0].' = :'.$v[0];
$status = $v[1];
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND (serialnumber like :'.$v[0].' OR e.rowID like :'.$v[0].')';
}
elseif ($v[0] == 'partnerid') {
//build up accounthierarchy
$clause .= ' AND e.accounthierarchy like :'.$v[0];
}
elseif ($v[0] == 'firmware') {
//Include systemfirwmare
include './settings/systemfirmware.php';
//build up search
$clause .= ' AND e.status != 5 AND e.sw_version not like "'.substr($FirmwarenameR06, 0, -4).'%"';
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
if (isset($criterias['download']) && $criterias['download'] ==''){
//Request for download
$sql = 'SELECT e.rowID as equipmentID, e.productrowid, e.serialnumber, e.status, e.created, e.hw_version, e.sw_version, e.accounthierarchy, e.service_date, e.warranty_date, p.productcode, p.productname from equipment e LEFT JOIN products p ON e.productrowid = p.rowID '.$whereclause.' ORDER BY equipmentID';
}
elseif (isset($criterias['totals']) && $criterias['totals'] =='' && !isset($criterias['type'])){
//Request for total rows
$sql = 'SELECT count(*) as count from equipment e LEFT JOIN products p ON e.productrowid = p.rowID '.$whereclause.'';
}
elseif (isset($criterias['totals']) && $criterias['totals'] =='' && isset($criterias['type'])){
//Request for total rows for history reports
$sql ='SELECT count(*) as count from history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.'';
}
elseif (isset($criterias['history']) && $criterias['history'] ==''){
//request history
$sql ='SELECT h.rowID as historyID, e.rowID as equipmentID, h.equipmentid as h_equipmentid, e.serialnumber, h.type, h.description, h.created, h.createdby from history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.'';
}
else {
//SQL for Paging
$sql = 'SELECT e.rowID as equipmentID, e.productrowid, e.serialnumber, e.status, e.created, e.createdby, e.hw_version, e.sw_version, e.accounthierarchy, e.service_date, e.warranty_date, p.productcode, p.productname from equipment e LEFT JOIN products p ON e.productrowid = p.rowID '.$whereclause.' ORDER BY equipmentID LIMIT :page,:num_products';
}
$stmt = $pdo->prepare($sql);
//------------------------------------------
//Bind to query
//------------------------------------------
if (str_contains($whereclause, ':status')){
$stmt->bindValue('status', $status, PDO::PARAM_INT);
}
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
elseif ($key == 'partnerid'){
$search_value = '%"_"'.$value.'-%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
elseif ($key == 'p'){
//Do nothing (bug)
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//------------------------------------------
//Add paging details
//------------------------------------------
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
elseif ((isset($criterias['history']) && $criterias['history'] =='') || (isset($criterias['download']) && $criterias['download'] =='')){
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * $page_rows_equipment, PDO::PARAM_INT);
$stmt->bindValue('num_products', $page_rows_equipment, PDO::PARAM_INT);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//------------------------------------------
//Encrypt results
//------------------------------------------
$messages = generate_payload($messages);
//------------------------------------------
//Send results
//------------------------------------------
echo $messages;
?>

132
api/v1/get/history.php Normal file
View File

@@ -0,0 +1,132 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// History
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
case '2':
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = 'WHERE e.accounthierarchy like :condition AND (type = "'.$type1.'" or type = "'.$type2.'" or type = "'.$type3.'" or type = "'.$type9.'" or type = "'.$type14.'" or type = "'.$type16.'")';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
$whereclause = 'WHERE e.accounthierarchy like :condition AND (type = "'.$type1.'" or type = "'.$type2.'" or type = "'.$type3.'" or type = "'.$type14.'" or type = "'.$type16.'")';
break;
}
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='history'){
//do nothing
}
elseif ($v[0] == 'equipmentid' || $v[0] == 'equipmentID') {
//build up search
$clause .= ' AND e.rowID = :'.$v[0];
}
elseif ($v[0] == 'historyid') {
//build up search
$clause .= ' AND h.rowID = :'.$v[0];
}
elseif ($v[0] == 'status') {
//Update status based on status
$clause .= ' AND e.'.$v[0].' = :'.$v[0];
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND h.rowID like :'.$v[0];
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql ='SELECT count(h.rowID) as historyID from history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.'';
}
else {
//request history
$sql ='SELECT h.rowID as historyID, e.rowID as equipmentID, e.serialnumber, h.type, h.description, h.created, h.createdby from history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.' ORDER BY h.created DESC LIMIT :page,:num_products';
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':status')){
$stmt->bindValue('status', $status, PDO::PARAM_INT);
}
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * $page_rows_history, PDO::PARAM_INT);
$stmt->bindValue('num_products', $page_rows_history, PDO::PARAM_INT);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//Encrypt results
$messages = generate_payload($messages);
//Send results
echo $messages;
?>

125
api/v1/get/partners.php Normal file
View File

@@ -0,0 +1,125 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Products
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname_users);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = 'WHERE salesID like :condition';
break;
}
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND partnername like :'.$v[0];
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM partner '.$whereclause.'';
}
elseif(isset($criterias['list']) && $criterias['list'] ==''){
//Request for total rows
$sql = 'SELECT * FROM partner '.$whereclause.'';
}
else {
//SQL for Paging
$sql = 'SELECT * FROM partner '.$whereclause.' LIMIT :page,:num_products';
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
elseif(isset($criterias['list']) && $criterias['list']==''){
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * $page_rows_partners, PDO::PARAM_INT);
$stmt->bindValue('num_products', $page_rows_partners, PDO::PARAM_INT);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//Encrypt results
$messages = generate_payload($messages);
//Send results
echo $messages;
?>

125
api/v1/get/products.php Normal file
View File

@@ -0,0 +1,125 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Products
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
break;
}
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND productcode like :'.$v[0];
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM products '.$whereclause.'';
}
elseif (isset($criterias['list']) && $criterias['list'] =='') {
//SQL for Paging
$sql = 'SELECT * FROM products '.$whereclause.'';
}
else {
//SQL for Paging
$sql = 'SELECT * FROM products '.$whereclause.' LIMIT :page,:num_products';
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
elseif(isset($criterias['list']) && $criterias['list']==''){
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * $page_rows_products, PDO::PARAM_INT);
$stmt->bindValue('num_products', $page_rows_products, PDO::PARAM_INT);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//Encrypt results
$messages = generate_payload($messages);
//Send results
echo $messages;
?>

115
api/v1/get/profile.php Normal file
View File

@@ -0,0 +1,115 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Users
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname_users);
//Get user_rights from users.php
$partner = json_decode($partnerhierarchy);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
case '2':
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = 'WHERE partnerhierarchy like :condition ';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
$whereclause = 'WHERE partnerhierarchy like :condition ';
break;
}
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND username like :'.$v[0];
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count from users '.$whereclause.'';
}
else {
//SQL for Paging
$sql = 'SELECT id,username,salesID, partnerhierarchy, view, created, service, settings, lastlogin, userkey, language FROM users '.$whereclause.' ORDER BY id LIMIT :page,:num_products';
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * $page_rows_users, PDO::PARAM_INT);
$stmt->bindValue('num_products', $page_rows_users, PDO::PARAM_INT);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//Encrypt results
$messages = generate_payload($messages);
//Send results
echo $messages;

36
api/v1/get/user_credentials.php Normal file
View File

@@ -0,0 +1,36 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Get user_details based on securitykey
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname_users);
//Define Query
$stmt = $pdo->prepare('SELECT * FROM users WHERE service = ? OR userkey = ?');
//Excute Query
$stmt->execute([$userkey, $userkey]);
// Check if username exists.
if ($stmt->rowCount() == 1) {
//Get results
$user_data = $stmt->fetch();
//Define User data
$partnerhierarchy = $user_data['partnerhierarchy'];
$permission = userRights($user_data['view']);
$profile= getProfile($user_data['settings'],$permission);
$username = $user_data['username'];
$servicekey = $user_data['service'];
$language = $user_data['language'];
$partner = json_decode($partnerhierarchy);
//Update Lastlogin
$logindate = date('Y-m-d H:i:s');
$stmt = $pdo->prepare('UPDATE users SET lastlogin = ? WHERE id = ?');
//Excute Query
$stmt->execute([$logindate, $user_data['id']]);
} else
{
http_response_code(403);//Not authorized
}
?>

115
api/v1/get/users.php Normal file
View File

@@ -0,0 +1,115 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Users
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname_users);
//Get user_rights from users.php
$partner = json_decode($partnerhierarchy);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
case '2':
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = 'WHERE partnerhierarchy like :condition ';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
$whereclause = 'WHERE partnerhierarchy like :condition ';
break;
}
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND username like :'.$v[0];
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count from users '.$whereclause.'';
}
else {
//SQL for Paging
$sql = 'SELECT id,username,salesID, partnerhierarchy, view, created, service, settings, lastlogin, userkey, language FROM users '.$whereclause.' ORDER BY lastlogin DESC LIMIT :page,:num_products';
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * $page_rows_users, PDO::PARAM_INT);
$stmt->bindValue('num_products', $page_rows_users, PDO::PARAM_INT);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//Encrypt results
$messages = generate_payload($messages);
//Send results
echo $messages;

186
api/v1/post/accounts.php Normal file
View File

@@ -0,0 +1,186 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Products
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname_users);
$pdo2 = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode(decode_payload($input),true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause to check if data is owned buy user
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
}
//SET PARAMETERS FOR QUERY
$id = $post_content['rowID'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
$date = date('Y-m-d H:i:s');
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
if ($id != ''){
//Define Query
$stmt = $pdo->prepare('SELECT * FROM account WHERE rowID = ?');
$stmt->execute([$id]);
$account_data = $stmt->fetch();
$accounthierarchy_old = json_decode($account_data['accounthierarchy']);
$salesid_new = (($post_content['salesid'] != '' && $post_content['salesid'] != $accounthierarchy_old->salesid)? $post_content['salesid'] : $accounthierarchy_old->salesid);
$soldto_new = (($post_content['soldto'] != '' && $post_content['soldto'] != $accounthierarchy_old->soldto)? $post_content['soldto'] : $accounthierarchy_old->soldto);
if ($permission == 3 || $permission == 4){
//ADMIN ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$salesid_new,
"soldto"=>$soldto_new
);
} else {
$account = array(
"salesid"=>$accounthierarchy_old->salesid,
"soldto"=> $soldto_new
);
}
}
else {
//ID is empty => INSERT / NEW RECORD
//GET PARTNERDETAILS FROM USER
$sales_user = array(
"salesid"=>$partner->salesid,
"soldto"=>$partner->soldto
);
$salesID = json_encode($sales_user, JSON_UNESCAPED_UNICODE);
//CHECK IF PARTNER-ID IS EMPTY THEN CHECK IF EXIST OR CREATE
if ($post_content['soldto'] ==''){
//PARTNER ID IS EMPTY => SEARCH IF EXIST
$stmt = $pdo->prepare('SELECT * FROM partner WHERE partnername = ? AND partnertype = ?');
$stmt->execute([$post_content['accountdetails']['billcompany'],$partnertype2]);
$partner_exist = $stmt->fetch();
if($partner_exist){
//PARTNER EXIST -> USE IT
$post_content['soldto'] = $partner_exist['partnerID'].'-'.$partner_exist['partnername'];
}
else{
//PARTNER DOES NOT EXIST -> CREATE IT
//INSERT NEW PARTNER
$sql = 'INSERT INTO partner (partnertype, partnername, partnernotes, salesID, createdby) VALUES (?,?,?,?,?)';
$stmt = $pdo->prepare($sql);
$stmt->execute([$partnertype2,$post_content['accountdetails']['billcompany'],'created from account',$salesID,$username]);
$rowID = $pdo->lastInsertId();
$post_content['soldto'] = $rowID.'-'.$post_content['accountdetails']['billcompany'];
}
}
//CHECK IF PARTNER-ID IS NOT EMPTY THEN USE IT
$account = array(
"salesid"=>$post_content['salesid'],
"soldto"=>$post_content['soldto']
);
//CHECK IF COMMUNICATION USER EXIST FOR THIS PARTNER
if (isset($post_content['accountdetails']['billemail']) && $post_content['accountdetails']['billemail'] !=''){
//Check if communication record exist
$rowID = getrowID($dbname,'rowID','communication','partnerID ="'.$post_content['soldto'].'" and email = "'.$post_content['accountdetails']['billemail'].'"');
if ($rowID){
//communication record exist
}
else
{
//communication record does not exist ->create
$sql = 'INSERT INTO communication (status,partnerID,email,type_1,type_2,type_3,createdby,salesID,coms_type) VALUES (?,?,?,?,?,?,?,?,?)';
$stmt = $pdo2->prepare($sql);
$stmt->execute(['1',$post_content['soldto'],$post_content['accountdetails']['billemail'],'1','1','1',$username,$salesID,'1']);
}
}
}
//Create JSONs
$accounthierarchy = json_encode($account, JSON_UNESCAPED_UNICODE);
$accountdetails = json_encode($post_content['accountdetails'], JSON_UNESCAPED_UNICODE);
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update' && !isset($post_content['delete'])){
$post_content['rowID'] = $id;
$post_content['accounthierarchy'] = $accounthierarchy;
$post_content['accountdetails'] = $accountdetails;
}
elseif ($command == 'insert' && !isset($post_content['delete'])){
$post_content['created'] = $date;
$post_content['createdby'] = $username;
$post_content['accounthierarchy'] = $accounthierarchy;
$post_content['accountdetails'] = $accountdetails;
}
else {
//do nothing
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'delete' || $key == 'rowID'|| $key == 'id' || str_contains($key, 'old_')|| $key == 'salesid' || $key == 'soldto'|| $key == 'accountID'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && !isset($post_content['delete']) && isAllowed('account',$profile,$permission,'U') === 1){
$sql = 'UPDATE account SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && !isset($post_content['delete']) && isAllowed('account',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO account ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('account',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE FROM account WHERE rowID = ? '.$whereclause.'');
$stmt->execute([ $id ]);
} else
{
//do nothing
}
?>

418
api/v1/post/application.php Normal file
View File

@@ -0,0 +1,418 @@
<?php
defined($security_key) or exit;
///------------------------------------------
// Application related calls
//------------------------------------------
$action = $request[2] ?? '';
//------------------------------------------
// Check for action & start application API
//------------------------------------------
if ($action !=''){
//------------------------------------------
//Connect to DB
//------------------------------------------
$pdo = dbConnect($dbname);
$pdo2 = dbConnect($dbname_users);
//------------------------------------------
//CONTENT FROM API (POST)
//------------------------------------------
$post_content = json_decode(decode_payload($input),true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = 'WHERE';
switch ($permission) {
case '4':
$whereclause .= '';
break;
case '3':
$whereclause .= '';
break;
case '2':
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause .= ' e.accounthierarchy like "'.$condition.'" AND ';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
$whereclause .= ' e.accounthierarchy like "'.$condition.'" AND ';
break;
}
//------------------------------------------
// Actions
//------------------------------------------
switch ($action) {
case 'unscribe':
// -----------------------------------------------------------
// Unscribe from mailinglist -> set communication status to 0
// -----------------------------------------------------------
if (isset($post_content['email']) && $post_content['email'] !=''){
$sql = 'UPDATE communication SET status = 0 WHERE email = ?';
$stmt = $pdo->prepare($sql);
$stmt->execute([$post_content['email']]);
if($stmt->execute()){
$messages = $unscribe_msg1;
} else{
$messages = $unscribe_msg_error;
}
} else{
$messages = $unscribe_msg_error;
}
//Encrypt results
$messages = generate_payload($messages);
//Send results
echo $messages;
break;
case 'register':
// --------------------------------------------
// User registration
// --------------------------------------------
$firmware_account_send = 0; //Default value -> no mail send
$communication_check = 0; //Check communication record
$message_box = [];
$timestamp = date("Y-m-d H:i:s");
// Create history description
$history_description = [
"start_date"=>$timestamp,
"end_date"=>date("Y-m-d", strtotime("+730 days")),
"organization"=>strip_tags(trim($post_content['organization'])),
"phone"=>strip_tags(trim($post_content['phone'])),
"city"=>strip_tags(trim($post_content['city'])),
"country"=>strip_tags(trim($post_content['country'])),
"email_consent"=>strip_tags(trim($post_content['email_consent'])),
"terms_consent"=>strip_tags(trim($post_content['terms_consent']))
];
$description = json_encode($history_description, JSON_UNESCAPED_UNICODE);
// --------------------------------------------
// Check if multiple serialnumbers are provided
// --------------------------------------------
if(is_array($post_content['sn'])){
foreach ($post_content['sn'] as $sn){
//Get equipmentid based on rowID
$rowID = getrowID($dbname,'rowID','equipment','serialnumber="'.$sn.'"');
if ($rowID){
//check if under warranty
$warranty = getrowID($dbname,'rowID','history','equipmentid="'.$rowID['rowID'].'" && (type="'.$type9.'" || type="'.$type10.'" || type="'.$type11.'" || type="'.$type12.'")');
if ($warranty){
// --------------------------------------------
// Already under contract
// --------------------------------------------
//Serialnumber under warranty
$message_box[] = $sn.' - '.$register_message_2;
$communication_check = 1;
} else
{
// --------------------------------------------
// Not under warranty
// --------------------------------------------
//Send user firmware account
$firmware_account_send = 1;
//create history
// Prepare queries
$sql = 'INSERT INTO history (equipmentid, type, description, created, createdby) VALUES (?,?,?,?,?)';
$stmt = $pdo->prepare($sql);
$stmt->execute([$rowID['rowID'],$type9,$description,$timestamp,$post_content['email']]);
//GET PARTNER DETAILS OF EQUIPMENT
$partner_equipment = getrowID($dbname,'accounthierarchy','equipment','rowID="'.$rowID['rowID'].'"');
$partner_equipment = json_decode($partner_equipment['accounthierarchy']);
//Setup partnerhierarchy (salesID)
$partnerhierarchy =[
"salesid"=>$partner_equipment->salesid,
"soldto"=>$partner_equipment->soldto
];
//Setup variables for partner
$partnername = $post_content['organization'];
$partnernotes = 'created based on user registration';
$salesID = json_encode($partnerhierarchy, JSON_UNESCAPED_UNICODE);
$createdby = 'system';
//Check if shipto is empty and if empty search partner or create
if ($partner_equipment->shipto == ''){
$partner_shipto = getrowID($dbname_users,'partnerID','partner','partnername = "'.$partnername.'" && partnertype="'.$partnertype3.'"');
if ($partner_shipto){
//Partner exists - Use it
$partnerhierarchy['shipto'] = $partner_shipto['partnerID'].'-'.$partnername;
} else {
//Partner does not exist create
$sql = 'INSERT INTO partner (partnertype,partnername,salesID,createdby,status) VALUES (?,?,?,?,?)';
$stmt = $pdo2->prepare($sql);
$stmt->execute([$partnertype3,$partnername,$salesID,$createdby,'1']);
//Get rowID of created partner and use it
$partner_rowid = $pdo2->lastInsertId();
$partnerhierarchy['shipto'] = $partner_rowid.'-'.$partnername;
}
} else {
// Shipto exist use it
$partnerhierarchy['shipto'] = $partner_equipment->shipto;
}
//Check if location is empty and if empty search partner or create
if ($partner_equipment->location == ''){
$partner_location = getrowID($dbname_users,'partnerID','partner','partnername = "'.$partnername.'" && partnertype="'.$partnertype4.'"');
if ($partner_location){
//Partner exists - Use it
$partnerhierarchy['location'] = $partner_location['partnerID'].'-'.$partnername;
} else {
//Partner does not exist create
$sql = 'INSERT INTO partner (partnertype,partnername,salesID,createdby,status) VALUES (?,?,?,?,?)';
$stmt = $pdo2->prepare($sql);
$stmt->execute([$partnertype4,$partnername,$salesID,$createdby,'1']);
//Get rowID of created partner and use it
$partner_rowid = $pdo2->lastInsertId();
$partnerhierarchy['location'] = $partner_rowid.'-'.$partnername;
}
} else {
// Location exist use it
$partnerhierarchy['location'] = $partner_equipment->location;
}
$shipto = $partnerhierarchy['shipto'] ?? '';
$partnerhierarchy = json_encode($partnerhierarchy, JSON_UNESCAPED_UNICODE);
// --------------------------------------------
// Update equipment record warranty_date, partnerhierarchy, status equipment
// --------------------------------------------
$sql = 'UPDATE equipment SET status = ?, warranty_date = ?, accounthierarchy = ? WHERE rowID = ?';
$stmt = $pdo->prepare($sql);
$stmt->execute(['4',$warranty_extended,$partnerhierarchy,$rowID['rowID']]);
//Serialnumber recognized
$message_box[] = $sn.' - '.$register_message_3;
$communication_check = 1;
}
} else {
//Serialnumber not recognized
$message_box[] = $sn.' - '.$register_message_1;
}
}
}
else {
// --------------------------------------------
//Get equipmentid based on rowID
// --------------------------------------------
$rowID = getrowID($dbname,'rowID','equipment','serialnumber="'.$post_content['sn'].'"');
if ($rowID){
//check if under warranty
$warranty = getrowID($dbname,'rowID','history','equipmentid="'.$rowID['rowID'].'" && (type="'.$type9.'" || type="'.$type10.'" || type="'.$type11.'" || type="'.$type12.'")');
if ($warranty){
// --------------------------------------------
// Already under contract
// --------------------------------------------
//Serialnumber not recognized
$message_box[] = $post_content['sn'].' - '.$register_message_2;
} else
{
// --------------------------------------------
// Not under warranty
// --------------------------------------------
$firmware_account_send = 1;
//create history
$sql = 'INSERT INTO history (equipmentid, type, description, created, createdby) VALUES (?,?,?,?,?)';
$stmt = $pdo->prepare($sql);
$stmt->execute([$rowID['rowID'],$type9,$description,$timestamp,$post_content['email']]);
//GET PARTNER DETAILS OF EQUIPMENT
$partner_equipment = getrowID($dbname,'accounthierarchy','equipment','rowID="'.$rowID['rowID'].'"');
$partner_equipment = json_decode($partner_equipment['accounthierarchy']);
//Setup partnerhierarchy (salesID)
$partnerhierarchy =[
"salesid"=>$partner_equipment->salesid,
"soldto"=>$partner_equipment->soldto
];
//Setup variables for partner
$partnername = $post_content['organization'];
$partnernotes = 'created based on user registration';
$salesID = json_encode($partnerhierarchy, JSON_UNESCAPED_UNICODE);
$createdby = 'system';
//Check if shipto is empty and if empty search partner or create
if ($partner_equipment->shipto == ''){
$partner_shipto = getrowID($dbname_users,'partnerID','partner','partnername = "'.$partnername.'" && partnertype="'.$partnertype3.'"');
if ($partner_shipto){
//Partner exists - Use it
$partnerhierarchy['shipto'] = $partner_shipto['partnerID'].'-'.$partnername;
} else {
//Partner does not exist create
$sql = 'INSERT INTO partner (partnertype, partnername,salesID,createdby,status) VALUES (?,?,?,?,?)';
$stmt = $pdo2->prepare($sql);
$stmt->execute([$partnertype3,$partnername,$salesID,$createdby,'1']);
//Get rowID of created partner and use it
$partner_rowid = $pdo2->lastInsertId();
$partnerhierarchy['shipto'] = $partner_rowid.'-'.$partnername;
}
} else {
// Shipto exist use it
$partnerhierarchy['shipto'] = $partner_equipment->shipto;
}
//Check if location is empty and if empty search partner or create
if ($partner_equipment->location == ''){
$partner_location = getrowID($dbname_users,'partnerID','partner','partnername = "'.$partnername.'" && partnertype="'.$partnertype4.'"');
if ($partner_location){
//Partner exists - Use it
$partnerhierarchy['location'] = $partner_location['partnerID'].'-'.$partnername;
} else {
//Partner does not exist create
$sql = 'INSERT INTO partner (partnertype,partnername,salesID,createdby,status) VALUES (?,?,?,?,?)';
$stmt = $pdo2->prepare($sql);
$stmt->execute([$partnertype4,$partnername,$salesID,$createdby,'1']);
//Get rowID of created partner and use it
$partner_rowid = $pdo2->lastInsertId();
$partnerhierarchy['location'] = $partner_rowid.'-'.$partnername;
}
} else {
// Location exist use it
$partnerhierarchy['location'] = $partner_equipment->location;
}
$partnerhierarchy = json_encode($partnerhierarchy, JSON_UNESCAPED_UNICODE);
// --------------------------------------------
// Update equipment record warranty_date, partnerhierarchy, status equipment
// --------------------------------------------
$sql = 'UPDATE equipment SET status = ?, warranty_date = ?, accounthierarchy = ? WHERE rowID = ?';
$stmt = $pdo->prepare($sql);
$stmt->execute(['4',$warranty_extended,$partnerhierarchy,$rowID['rowID']]);
//Serialnumber recognized
$message_box[] = $post_content['sn'].' - '.$register_message_3;
}
}
else {
//Serialnumber not recognized
$message_box[] = $post_content['sn'].' - '.$register_message_1;
}
}
// --------------------------------------------
// Send generic account to user for software updates
// --------------------------------------------
if ($firmware_account_send == 2){
include_once './assets/mail/email_template_software.php';
send_mail($post_content['email'],$subject,$message,'','');
}
// ----------------------------------------------
// Create communication user when not exist
// ----------------------------------------------
if ($communication_check == 1 && isset($shipto) && $shipto !=''){
//Check if communication record exist
$rowID = getrowID($dbname,'rowID','communication','partnerID ="'.$shipto.'" and email = "'.$post_content['email'].'"');
if ($rowID){
//communication record exist
}
else
{
//communication record does not exist ->create
$sql = 'INSERT INTO communication (status,partnerID,email,type_1,type_2,type_3,createdby,salesID,coms_type) VALUES (?,?,?,?,?,?,?,?,?)';
$stmt = $pdo->prepare($sql);
$stmt->execute(['1',$shipto,$post_content['email'],'1','1','1',$createdby,$salesID,'1']);
}
}
//Encrypt results
$messages = generate_payload($message_box);
//Send results
echo $messages;
// --------------------------------------------
// END User registration
// --------------------------------------------
break;
case 'firmwareCommunication':
if (isset($post_content['hw_version']) && $post_content['hw_version'] != ''){
include './settings/systemfirmware.php';
$target = $post_content['target'] ?? '0';
//FILTER VARIABLES FOR SQL
$filter1 = 'soldto":"';
$filter2 = '","shipto';
$filter3 = 'shipto":"';
$filter4 = '","location';
//ADD additional createria to whereclause (Firmware and Active)
$whereclause .= " e.hw_version= ? AND c.type_1='1' AND c.status='1' AND e.status != 5 AND (e.sw_version != '$FirmwarenameR06' OR e.sw_version != '$FirmwarenameR06A' OR e.sw_version != '$FirmwarenameR07A' OR e.sw_version != '$FirmwarenameR07B' OR e.sw_version != '$FirmwarenameR07' OR e.sw_version != '$FirmwarenameR08')";
//get target
switch ($target) {
case '0': // Both
$onclause ="SUBSTRING_INDEX(SUBSTRING_INDEX(e.accounthierarchy, '$filter1', -1),'$filter2',1) = c.partnerID or SUBSTRING_INDEX(SUBSTRING_INDEX(e.accounthierarchy, '$filter3', -1),'$filter4',1) = c.partnerID";
break;
case '1': // SoldTO only
$onclause ="SUBSTRING_INDEX(SUBSTRING_INDEX(e.accounthierarchy, '$filter1', -1),'$filter2',1) = c.partnerID";
break;
case '2': // ShipTO only
$onclause =" SUBSTRING_INDEX(SUBSTRING_INDEX(e.accounthierarchy, '$filter3', -1),'$filter4',1) = c.partnerID";
break;
}
//CHECK IF WHERE CLAUSE CONTAINS WHERE
//GET THE FULL LIST OF COMMUNCATION RECORDS FOR FIRMWARE MESSAGE
$sql = "SELECT e.sw_version, c.email from equipment e join communication c on $onclause $whereclause group by c.email";
$stmt = $pdo->prepare($sql);
$stmt->execute([$post_content['hw_version']]);
$results = $stmt->fetchAll(PDO::FETCH_ASSOC);
if ($results) {
//IF RESULTS ARE RETURNED
foreach ($results as $result) {
//LOOP OVER ALL RESULTS AND SET SEND_INDICATOR to 1
$sql = "UPDATE communication SET send_indicator = 1 WHERE email = ?";
$stmt = $pdo->prepare($sql);
$stmt->execute([$result['email']]);
}
//------------------------------------------
//Encrypt results
//------------------------------------------
$messages = generate_payload('200');
//------------------------------------------
//Send results
//------------------------------------------
echo $messages;
}
else {
http_response_code(200);
}
}
else {
http_response_code(400);
}
break;
}
}

93
api/v1/post/communications.php Normal file
View File

@@ -0,0 +1,93 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Products
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode(decode_payload($input),true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
}
//SET PARAMETERS FOR QUERY
$id = $post_content['rowID'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
$date = date('Y-m-d H:i:s');
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//BUILD UP PARTNERHIERARCHY FROM USER
$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'insert'){
$post_content['created'] = $date;
$post_content['createdby'] = $username;
$post_content['salesID'] = $partner_product;
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'delete' || $key == 'rowID'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('communication',$profile,$permission,'U') === 1){
$sql = 'UPDATE communication SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && isAllowed('communication',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO communication ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('communication',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE FROM communication WHERE rowID = ? '.$whereclause.'');
$stmt->execute([ $id ]);
} else
{
//do nothing
}
?>

78
api/v1/post/contracts.php Normal file
View File

@@ -0,0 +1,78 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// contracts
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode(decode_payload($input),true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause to check if data is owned buy user
$whereclause = '';
//SET PARAMETERS FOR QUERY
$id = $post_content['rowID'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
$date = date('Y-m-d H:i:s');
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
if ($command == 'insert' && !isset($post_content['delete'])){
$post_content['created'] = $date;
$post_content['createdby'] = $username;
}
$post_content['assigned_users'] = json_encode($post_content['assigned_users'], JSON_UNESCAPED_UNICODE);
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'delete' || $key == 'rowID'|| $key == 'id' || str_contains($key, 'old_')|| $key == 'salesid' || $key == 'soldto'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && !isset($post_content['delete']) && isAllowed('contract',$profile,$permission,'U') === 1){
$sql = 'UPDATE contracts SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && !isset($post_content['delete']) && isAllowed('contract',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO contracts ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('contract',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE FROM contracts WHERE rowID = ? '.$whereclause.'');
$stmt->execute([ $id ]);
} else
{
//do nothing
}
?>

183
api/v1/post/equipments.php Normal file
View File

@@ -0,0 +1,183 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// equipments
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode(decode_payload($input),true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
case '2':
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
}
//SET PARAMETERS FOR QUERY
$id = $post_content['rowID'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
$date = date('Y-m-d H:i:s');
//CREATE EMPTY STRINGS
$owner_equipment = 0;
$clause = '';
$clause_insert ='';
$input_insert = '';
if ($id != ''){
//DEFINE ACCOUNTHIERARCHY
$stmt = $pdo->prepare('SELECT * FROM equipment WHERE rowID = ?');
$stmt->execute([$id]);
$equipment_data = $stmt->fetch();
$equipment_old = json_decode($equipment_data['accounthierarchy']);
$salesid_new = (($post_content['salesid'] != '' && $post_content['salesid'] != $equipment_old->salesid)? $post_content['salesid'] : $equipment_old->salesid);
$soldto_new = (($post_content['soldto'] != '' && $post_content['soldto'] != $equipment_old->soldto)? $post_content['soldto'] : $equipment_old->soldto);
$shipto_new = (($post_content['shipto'] != '' && $post_content['shipto'] != $equipment_old->shipto)? $post_content['shipto'] : $equipment_old->shipto);
$location_new = (($post_content['location'] != '' && $post_content['location'] != $equipment_old->location)? $post_content['location'] : $equipment_old->location);
$section_new = (($post_content['section'] != '' && $post_content['section'] != $equipment_old->section)? $post_content['section'] : $equipment_old->section);
$owner_equipment = (($equipment_data['createdby'] == $username)? 1 : 0);
if ($permission == 3 || $permission == 4){
//ADMIN ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$salesid_new,
"soldto"=>$soldto_new,
"shipto"=>$shipto_new,
"location"=>$location_new,
"section"=>$section_new
);
} else {
$account = array(
"salesid"=>$equipment_old->salesid,
"soldto"=>$equipment_old->soldto,
"shipto"=>$shipto_new,
"location"=>$location_new,
"section"=>$section_new
);
}
}
else {
//ID is empty => INSERT / NEW RECORD
if ($permission == 3 || $permission == 4){
$account = array(
"salesid"=>$post_content['salesid'],
"soldto"=>$post_content['soldto'],
"shipto"=>$post_content['shipto'],
"location"=>$post_content['location'],
"section"=>$post_content['section']
);
} else {
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$partner->soldto,
"shipto"=>$post_content['shipto'],
"location"=>$post_content['location'],
"section"=>$post_content['section']
);
}
}
$accounthierarchy = json_encode($account, JSON_UNESCAPED_UNICODE);
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){
//RESET WARRANTY AND SERVICE DATES WHEN STATUS IS CHANGED TO SEND(3)
if ($post_content['status'] == 3 && $equipment_data['status'] != 3)
{
$post_content['service_date'] = $date;
$post_content['warranty_date'] = $date;
}
//UPDATE CHANGELOG BASED ON STATUS CHANGE
if ($post_content['status'] != $equipment_data['status'])
{
changelog($dbname,'equipment',$equipment_data['rowID'],'status',$post_content['status'],$username);
}
$post_content['accounthierarchy'] = $accounthierarchy;
}
elseif ($command == 'insert'){
$post_content['created'] = $date;
$post_content['createdby'] = $username;
$post_content['accounthierarchy'] = $accounthierarchy;
$post_content['service_date'] = $date;
$post_content['warranty_date'] = $date;
}
else {
//do nothing
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'rowID' || str_contains($key, 'old_') || $key == 'salesid' || $key == 'soldto' || $key == 'shipto' || $key == 'location' || $key == 'section'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && (isAllowed('equipment_manage',$profile,$permission,'U') === 1 || isAllowed('equipments_mass_update',$profile,$permission,'U') === 1 || $owner_equipment === 1)){
$sql = 'UPDATE equipment SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && isAllowed('equipment_manage',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO equipment ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && (isAllowed('equipment_manage',$profile,$permission,'D') === 1 || $owner_equipment === 1)){
//delete equipment
$stmt = $pdo->prepare('DELETE FROM equipment WHERE rowID = ? '.$whereclause.'');
$stmt->execute([ $id ]);
//delete history related to equipment
$stmt = $pdo->prepare('DELETE FROM history WHERE equipmentid = ?');
$stmt->execute([ $id ]);
} else
{
//do nothing
}
?>

88
api/v1/post/history.php Normal file
View File

@@ -0,0 +1,88 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// History
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode(decode_payload($input),true);
//SET PARAMETERS FOR QUERY
$id = $post_content['rowID'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
$date = date('Y-m-d H:i:s');
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update' && !isset($post_content['delete'])){
}
elseif ($command == 'insert' && !isset($post_content['delete'])){
//GET EQUIPMENTID IF SN IS USED
if (array_key_exists('sn', $post_content)){
$sql = 'SELECT rowID FROM equipment WHERE serialnumber = ?';
$stmt = $pdo->prepare($sql);
$stmt->execute([$post_content['sn']]);
$messages = $stmt->fetch();
$messages = $messages[0];
$post_content['equipmentid'] = $messages;
}
$post_content['created'] = $date;
$post_content['createdby'] = $username;
}
else {
//do nothing
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'rowID' || $key == 'sn'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && !isset($post_content['delete']) && isAllowed('history',$profile,$permission,'U') === 1){
$sql = 'UPDATE history SET '.$clause.' WHERE rowID = ?';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && !isset($post_content['delete']) && isAllowed('history',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO history ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('history',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE FROM history WHERE rowID = ?');
$stmt->execute([ $id ]);
} else
{
//do nothing
}
?>

193
api/v1/post/partners.php Normal file
View File

@@ -0,0 +1,193 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Products
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname_users);
//CONTENT FROM API (POST)
$post_content = json_decode(decode_payload($input),true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause to check if data is owned buy user
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND salesID like "'.$condition.'"';
break;
}
//SET PARAMETERS FOR QUERY
$id = $post_content['partnerID'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
$date = date('Y-m-d H:i:s');
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
if ($id != ''){
//Define Query
$stmt = $pdo->prepare('SELECT * FROM partner WHERE partnerID = ?');
$stmt->execute([$id]);
$partner_data = $stmt->fetch();
$partnername_old = $partner_data['partnerID'].'-'.$partner_data['partnername'];
$partnername_new = $partner_data['partnerID'].'-'.$post_content['partnername'];
$partnerhierarchy_old = json_decode($partner_data['salesID']);
$salesid_new = (($post_content['salesid'] != '' && $post_content['salesid'] != $partnerhierarchy_old->salesid)? $post_content['salesid'] : $partnerhierarchy_old->salesid);
$soldto_new = (($post_content['soldto'] != '' && $post_content['soldto'] != $partnerhierarchy_old->soldto)? $post_content['soldto'] : $partnerhierarchy_old->soldto);
if ($permission == 3 || $permission == 4){
//ADMIN ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$salesid_new,
"soldto"=>$soldto_new
);
} else {
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$partner->soldto
);
}
}
else {
//ID is empty => INSERT / NEW RECORD
if ($permission == 3 || $permission == 4){
//ADMIN ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$post_content['salesid'],
"soldto"=>$post_content['soldto']
);
} else {
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$partner->soldto
);
}
}
$accounthierarchy = json_encode($account, JSON_UNESCAPED_UNICODE);
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update' && !isset($post_content['delete'])){
$post_content['partnerID'] = $id;
$post_content['salesID'] = $accounthierarchy;
}
elseif ($command == 'insert' && !isset($post_content['delete'])){
$post_content['created'] = $date;
$post_content['createdby'] = $username;
$post_content['salesID'] = $accounthierarchy;
}
else {
//do nothing
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'delete' || $key == 'rowID'|| $key == 'id' || str_contains($key, 'old_')|| $key == 'salesid' || $key == 'soldto'|| $key == 'partnerID'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && !isset($post_content['delete']) && isAllowed('partner',$profile,$permission,'U') === 1){
$sql = 'UPDATE partner SET '.$clause.' WHERE partnerID = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
//Update the partnername in all tables
if ($partnername_new != $partnername_old){
$sql_like = '%'.$partnername_old.'%';
$sql1= 'UPDATE equipment SET accounthierarchy = REPLACE(accounthierarchy, ? , ?) WHERE accounthierarchy LIKE ?';
$sql2= 'UPDATE communication SET partnerID = REPLACE(partnerID, ? , ?) WHERE partnerID LIKE ?';
$sql3= 'UPDATE contracts SET accountID = REPLACE(accountID, ? , ?) WHERE accountID LIKE ?';
$sql4= 'UPDATE orders SET accounthierarchy = REPLACE(accounthierarchy, ? , ?) WHERE accounthierarchy LIKE ?';
$sql5= 'UPDATE products SET accounthierarchy = REPLACE(accounthierarchy, ? , ?) WHERE accounthierarchy LIKE ?';
$sql_users = 'UPDATE users SET partnerhierarchy = REPLACE(partnerhierarchy, ? , ?) WHERE partnerhierarchy LIKE ?';
$sql_partner = 'UPDATE partner SET salesID = REPLACE(salesID, ? , ?) WHERE salesID LIKE ?';
$sql_account = 'UPDATE account SET accounthierarchy = REPLACE(accounthierarchy, ? , ?) WHERE accounthierarchy LIKE ?';
//SQL_users
$stmt = $pdo->prepare($sql_users);
$stmt->execute([$partnername_old,$partnername_new, $sql_like]);
//SQL_partners
$stmt = $pdo->prepare($sql_partner);
$stmt->execute([$partnername_old,$partnername_new, $sql_like]);
//SQL_account
$stmt = $pdo->prepare($sql_account);
$stmt->execute([$partnername_old,$partnername_new, $sql_like]);
$pdo = dbConnect($dbname);
//SQL1
$stmt = $pdo->prepare($sql1);
$stmt->execute([$partnername_old,$partnername_new, $sql_like]);
//SQL2
$stmt = $pdo->prepare($sql2);
$stmt->execute([$partnername_old,$partnername_new, $sql_like]);
//SQL3
$stmt = $pdo->prepare($sql3);
$stmt->execute([$partnername_old,$partnername_new, $sql_like]);
//SQL4
$stmt = $pdo->prepare($sql4);
$stmt->execute([$partnername_old,$partnername_new, $sql_like]);
//SQL5
$stmt = $pdo->prepare($sql5);
$stmt->execute([$partnername_old,$partnername_new, $sql_like]);
}
}
elseif ($command == 'insert' && !isset($post_content['delete']) && isAllowed('partner',$profile,$permission,'C') === 1){
//check if partner exists
$stmt = $pdo->prepare('SELECT * FROM partner WHERE partnername = ? AND partnertype = ?');
$stmt->execute([$post_content['partnername'],$post_content['partnertype']]);
$partner_exist = $stmt->fetch();
$exists = (isset($partner_exist['partnername']))? 1 : 0;
if($exists == 0 ){
$sql = 'INSERT INTO partner ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
}
elseif ($command == 'delete' && isAllowed('partner',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE FROM partner WHERE partnerID = ? '.$whereclause.'');
$stmt->execute([ $id ]);
} else
{
//do nothing
}
?>

102
api/v1/post/products.php Normal file
View File

@@ -0,0 +1,102 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Products
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode(decode_payload($input),true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
}
//SET PARAMETERS FOR QUERY
$id = $post_content['rowID'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
$date = date('Y-m-d H:i:s');
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//BUILD UP PARTNERHIERARCHY FROM USER
$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){
$post_content['updated'] = $date;
$post_content['updatedby'] = $username ;
}
elseif ($command == 'insert'){
$post_content['created'] = $date;
$post_content['createdby'] = $username;
$post_content['accounthierarchy'] = $partner_product;
}
else {
//do nothing
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'rowID'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('products',$profile,$permission,'U') === 1){
$sql = 'UPDATE products SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && isAllowed('products',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO products ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('products',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE FROM products WHERE rowID = ? '.$whereclause.'');
$stmt->execute([ $id ]);
} else
{
//do nothing
}
?>

46
api/v1/post/profile.php Normal file
View File

@@ -0,0 +1,46 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// users
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname_users);
//CONTENT FROM API (POST)
$post_content = json_decode(decode_payload($input),true);
$owner_user = 0;
//SET PARAMETERS FOR QUERY
$id = $post_content['id'] ?? ''; //check for rowID
$command = ($post_content['reset'])? 'reset' : ''; // change command to reset
//GET EXISTING USER DATA
if ($id != ''){
//Define Query
$stmt = $pdo->prepare('SELECT * FROM users WHERE id = ?');
$stmt->execute([$id]);
$user_data = $stmt->fetch();
$owner_user = (($user_data['username'] == $username)? 1 : 0);
if ($command != 'reset' && $owner_user === 1 && $post_content['language']){
$sql = 'UPDATE users SET language = ? WHERE id = ? ';
$stmt = $pdo->prepare($sql);
$stmt->execute([$post_content['language'],$id]);
}
if ($command == 'reset' && $owner_user === 1){
//STEP 1- create resetkey
$headers = array('alg'=>'HS256','typ'=>'JWT');
$payload = array('username'=>$user_data['username'], 'exp'=>(time() + 1800));
$resetkey = generate_jwt($headers, $payload);
//STEP 2- Store resetkey
$sql = 'UPDATE users SET resetkey = ? WHERE id = ? ';
$stmt = $pdo->prepare($sql);
$stmt->execute([$resetkey,$id]);
//STEP 3 - Send to user
include_once './assets/mail/email_template_reset.php';
send_mail($user_data['username'],$subject,$message,'','');
}
}

252
api/v1/post/users.php Normal file
View File

@@ -0,0 +1,252 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// users
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname_users);
//CONTENT FROM API (POST)
$post_content = json_decode(decode_payload($input),true);
$owner_user = 0;
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause to check if data is owned buy user
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
case '2':
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND partnerhierarchy like "'.$condition.'"';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
$whereclause = ' AND partnerhierarchy like "'.$condition.'"';
break;
}
//SET PARAMETERS FOR QUERY
$id = $post_content['id'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
if (isset($post_content['reset'])){$command = 'reset';} //change command to reset
$date = date('Y-m-d H:i:s');
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//GET EXISTING USER DATA
if ($id != '' && $command != 'reset'){
//Define Query
$stmt = $pdo->prepare('SELECT * FROM users WHERE id = ?');
$stmt->execute([$id]);
$user_data = $stmt->fetch();
$owner_user = (($user_data['username'] == $username)? 1 : 0);
$user_name_old = $user_data['username'];
$view_old = $user_data['view'];
$partnerhierarchy_old = json_decode($user_data['partnerhierarchy']);
$salesid_new = ((isset($post_content['salesid']) && $post_content['salesid'] != '' && $post_content['salesid'] != $partnerhierarchy_old->salesid)? $post_content['salesid'] : $partnerhierarchy_old->salesid);
$soldto_new = ((isset($post_content['soldto']) && $post_content['soldto'] != '' && $post_content['soldto'] != $partnerhierarchy_old->soldto)? $post_content['soldto'] : $partnerhierarchy_old->soldto);
$shipto_new = (($post_content['shipto'] != '' && $post_content['shipto'] != $partnerhierarchy_old->shipto)? $post_content['shipto'] : $partnerhierarchy_old->shipto);
$location_new = (($post_content['location'] != '' && $post_content['location'] != $partnerhierarchy_old->location)? $post_content['location'] : $partnerhierarchy_old->location);
if ($permission == 3 || $permission == 4){
//ADMIN ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$salesid_new,
"soldto"=>$soldto_new,
"shipto"=>$shipto_new,
"location"=>$location_new
);
} else {
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$partner->soldto,
"shipto"=>$shipto_new,
"location"=>$location_new
);
}
} elseif ($command == 'insert') {
//ID is empty => INSERT / NEW RECORD
if ($permission == 3 || $permission == 4){
//ADMIN ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$post_content['salesid'],
"soldto"=>$post_content['soldto'],
"shipto"=>$post_content['shipto'],
"location"=>$post_content['location']
);
} else {
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$partner->soldto,
"shipto"=>$post_content['shipto'],
"location"=>$post_content['location']
);
}
} elseif ($id != '' && $command == 'reset'){
//Reset user requested
//Get username
$stmt = $pdo->prepare('SELECT * FROM users WHERE id = ?');
$stmt->execute([$id]);
$user_data = $stmt->fetch();
//generate resetkey
$post_content['resetkey'] = generate_jwt($headers, $payload);
//STEP 1- create resetkey
$headers = array('alg'=>'HS256','typ'=>'JWT');
$payload = array('username'=>$user_data['username'], 'exp'=>(time() + 1800));
$resetkey = generate_jwt($headers, $payload);
//STEP 2- Store resetkey
$sql = 'UPDATE users SET resetkey = ? WHERE id = ? '.$whereclause.'';
$stmt = $pdo->prepare($sql);
$stmt->execute([$resetkey,$id]);
//STEP 3 - Send to user
include_once './assets/mail/email_template_reset.php';
send_mail($user_data['username'],$subject,$message,'','');
}
$accounthierarchy = json_encode($account, JSON_UNESCAPED_UNICODE);
//Create resetkey & tokens
$headers = array('alg'=>'HS256','typ'=>'JWT');
$payload = array('username'=>$post_content['username'], 'exp'=>(time() + 1800));
$post_content['service'] = ($post_content['service'] == 1) ? bin2hex(random_bytes(25)) : '';
$post_content['userkey'] = ($post_content['userkey'] == 1) ? bin2hex(random_bytes(25)) : '';
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){
$post_content['partnerhierarchy'] = $accounthierarchy;
}
elseif ($command == 'insert'){
$post_content['password'] = generate_jwt($headers, $payload);
$post_content['partnerhierarchy'] = $accounthierarchy;
$post_content['salesID'] = $partner->salesid;
}
else {
//do nothing
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'id' || str_contains($key, 'old_') || $key == 'salesid' || $key == 'soldto' || $key == 'shipto' || $key == 'location'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && (isAllowed('user',$profile,$permission,'U') === 1 || $owner_user === 1)){
$sql = 'UPDATE users SET '.$clause.' WHERE id = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
//Update the username in all tables when changed
if ($post_content['username'] != $user_name_old){
$sql_like = '%'.$user_name_old.'%';
$sql1= 'UPDATE equipment SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
$sql2= 'UPDATE communication SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
$sql3= 'UPDATE contracts SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
$sql4= 'UPDATE feedback SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
$sql5= 'UPDATE history SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
$sql6= 'UPDATE opportunities SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
$sql7= 'UPDATE orders SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
$sql8= 'UPDATE products SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
$sql_users = 'UPDATE account SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
$sql_partner = 'UPDATE partner SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
//SQL_users
$stmt = $pdo->prepare($sql_users);
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
//SQL_partners
$stmt = $pdo->prepare($sql_partner);
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
$pdo = dbConnect($dbname);
//SQL1
$stmt = $pdo->prepare($sql1);
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
//SQL2
$stmt = $pdo->prepare($sql2);
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
//SQL3
$stmt = $pdo->prepare($sql3);
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
//SQL4
$stmt = $pdo->prepare($sql4);
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
//SQL5
$stmt = $pdo->prepare($sql5);
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
//SQL6
$stmt = $pdo->prepare($sql6);
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
//SQL7
$stmt = $pdo->prepare($sql7);
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
//SQL8
$stmt = $pdo->prepare($sql8);
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
}
}
elseif ($command == 'insert' && isAllowed('user',$profile,$permission,'C') === 1){
//check if user exists
$stmt = $pdo->prepare('SELECT * FROM users WHERE username = ?');
$stmt->execute([$post_content['username']]);
$user_exist = $stmt->fetch();
$exists = (isset($user_exist['username']))? 1 : 0;
if($user_exist == 0 ){
$sql = 'INSERT INTO users ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
//STEP 1- create resetkey
$headers = array('alg'=>'HS256','typ'=>'JWT');
$payload = array('username'=>$post_content['username'], 'exp'=>(time() + 1800));
$resetkey = generate_jwt($headers, $payload);
//STEP 2- Send to user
include_once './assets/mail/email_template_new.php';
send_mail($post_content['username'],$subject,$message,'','');
}
}
elseif ($command == 'delete' && isAllowed('user',$profile,$permission,'D') === 1){
//delete equipment
$stmt = $pdo->prepare('DELETE FROM users WHERE id = ? '.$whereclause.'');
$stmt->execute([ $id ]);
} else
{
//do nothing
}
?>