Initial commit
This commit is contained in:
“VeLiTi”
252
api/v1/post/users.php
Normal file
252
api/v1/post/users.php
Normal file
@@ -0,0 +1,252 @@
|
||||
<?php
|
||||
defined($security_key) or exit;
|
||||
|
||||
//------------------------------------------
|
||||
// users
|
||||
//------------------------------------------
|
||||
//Connect to DB
|
||||
$pdo = dbConnect($dbname_users);
|
||||
|
||||
//CONTENT FROM API (POST)
|
||||
$post_content = json_decode(decode_payload($input),true);
|
||||
$owner_user = 0;
|
||||
|
||||
//SoldTo is empty
|
||||
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
|
||||
|
||||
//default whereclause to check if data is owned buy user
|
||||
$whereclause = '';
|
||||
|
||||
switch ($permission) {
|
||||
case '4':
|
||||
$whereclause = '';
|
||||
break;
|
||||
case '3':
|
||||
$whereclause = '';
|
||||
break;
|
||||
case '2':
|
||||
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
|
||||
$whereclause = ' AND partnerhierarchy like "'.$condition.'"';
|
||||
break;
|
||||
default:
|
||||
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
|
||||
$whereclause = ' AND partnerhierarchy like "'.$condition.'"';
|
||||
break;
|
||||
}
|
||||
|
||||
//SET PARAMETERS FOR QUERY
|
||||
$id = $post_content['id'] ?? ''; //check for rowID
|
||||
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
|
||||
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
|
||||
if (isset($post_content['reset'])){$command = 'reset';} //change command to reset
|
||||
$date = date('Y-m-d H:i:s');
|
||||
|
||||
//CREATE EMPTY STRINGS
|
||||
$clause = '';
|
||||
$clause_insert ='';
|
||||
$input_insert = '';
|
||||
|
||||
//GET EXISTING USER DATA
|
||||
if ($id != '' && $command != 'reset'){
|
||||
//Define Query
|
||||
$stmt = $pdo->prepare('SELECT * FROM users WHERE id = ?');
|
||||
$stmt->execute([$id]);
|
||||
$user_data = $stmt->fetch();
|
||||
|
||||
$owner_user = (($user_data['username'] == $username)? 1 : 0);
|
||||
|
||||
$user_name_old = $user_data['username'];
|
||||
$view_old = $user_data['view'];
|
||||
$partnerhierarchy_old = json_decode($user_data['partnerhierarchy']);
|
||||
|
||||
$salesid_new = ((isset($post_content['salesid']) && $post_content['salesid'] != '' && $post_content['salesid'] != $partnerhierarchy_old->salesid)? $post_content['salesid'] : $partnerhierarchy_old->salesid);
|
||||
$soldto_new = ((isset($post_content['soldto']) && $post_content['soldto'] != '' && $post_content['soldto'] != $partnerhierarchy_old->soldto)? $post_content['soldto'] : $partnerhierarchy_old->soldto);
|
||||
$shipto_new = (($post_content['shipto'] != '' && $post_content['shipto'] != $partnerhierarchy_old->shipto)? $post_content['shipto'] : $partnerhierarchy_old->shipto);
|
||||
$location_new = (($post_content['location'] != '' && $post_content['location'] != $partnerhierarchy_old->location)? $post_content['location'] : $partnerhierarchy_old->location);
|
||||
|
||||
if ($permission == 3 || $permission == 4){
|
||||
//ADMIN ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
|
||||
$account = array(
|
||||
"salesid"=>$salesid_new,
|
||||
"soldto"=>$soldto_new,
|
||||
"shipto"=>$shipto_new,
|
||||
"location"=>$location_new
|
||||
);
|
||||
} else {
|
||||
$account = array(
|
||||
"salesid"=>$partner->salesid,
|
||||
"soldto"=>$partner->soldto,
|
||||
"shipto"=>$shipto_new,
|
||||
"location"=>$location_new
|
||||
);
|
||||
}
|
||||
} elseif ($command == 'insert') {
|
||||
//ID is empty => INSERT / NEW RECORD
|
||||
if ($permission == 3 || $permission == 4){
|
||||
//ADMIN ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
|
||||
$account = array(
|
||||
"salesid"=>$post_content['salesid'],
|
||||
"soldto"=>$post_content['soldto'],
|
||||
"shipto"=>$post_content['shipto'],
|
||||
"location"=>$post_content['location']
|
||||
);
|
||||
} else {
|
||||
$account = array(
|
||||
"salesid"=>$partner->salesid,
|
||||
"soldto"=>$partner->soldto,
|
||||
"shipto"=>$post_content['shipto'],
|
||||
"location"=>$post_content['location']
|
||||
);
|
||||
}
|
||||
} elseif ($id != '' && $command == 'reset'){
|
||||
//Reset user requested
|
||||
//Get username
|
||||
$stmt = $pdo->prepare('SELECT * FROM users WHERE id = ?');
|
||||
$stmt->execute([$id]);
|
||||
$user_data = $stmt->fetch();
|
||||
//generate resetkey
|
||||
$post_content['resetkey'] = generate_jwt($headers, $payload);
|
||||
//STEP 1- create resetkey
|
||||
$headers = array('alg'=>'HS256','typ'=>'JWT');
|
||||
$payload = array('username'=>$user_data['username'], 'exp'=>(time() + 1800));
|
||||
$resetkey = generate_jwt($headers, $payload);
|
||||
//STEP 2- Store resetkey
|
||||
$sql = 'UPDATE users SET resetkey = ? WHERE id = ? '.$whereclause.'';
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute([$resetkey,$id]);
|
||||
//STEP 3 - Send to user
|
||||
include_once './assets/mail/email_template_reset.php';
|
||||
send_mail($user_data['username'],$subject,$message,'','');
|
||||
}
|
||||
|
||||
$accounthierarchy = json_encode($account, JSON_UNESCAPED_UNICODE);
|
||||
|
||||
//Create resetkey & tokens
|
||||
$headers = array('alg'=>'HS256','typ'=>'JWT');
|
||||
$payload = array('username'=>$post_content['username'], 'exp'=>(time() + 1800));
|
||||
$post_content['service'] = ($post_content['service'] == 1) ? bin2hex(random_bytes(25)) : '';
|
||||
$post_content['userkey'] = ($post_content['userkey'] == 1) ? bin2hex(random_bytes(25)) : '';
|
||||
|
||||
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
|
||||
if ($command == 'update'){
|
||||
$post_content['partnerhierarchy'] = $accounthierarchy;
|
||||
}
|
||||
elseif ($command == 'insert'){
|
||||
$post_content['password'] = generate_jwt($headers, $payload);
|
||||
$post_content['partnerhierarchy'] = $accounthierarchy;
|
||||
$post_content['salesID'] = $partner->salesid;
|
||||
}
|
||||
else {
|
||||
//do nothing
|
||||
}
|
||||
|
||||
//CREAT NEW ARRAY AND MAP TO CLAUSE
|
||||
if(isset($post_content) && $post_content!=''){
|
||||
foreach ($post_content as $key => $var){
|
||||
if ($key == 'submit' || $key == 'id' || str_contains($key, 'old_') || $key == 'salesid' || $key == 'soldto' || $key == 'shipto' || $key == 'location'){
|
||||
//do nothing
|
||||
}
|
||||
else {
|
||||
$criterias[$key] = $var;
|
||||
$clause .= ' , '.$key.' = ?';
|
||||
$clause_insert .= ' , '.$key.'';
|
||||
$input_insert .= ', ?'; // ? for each insert item
|
||||
$execute_input[]= $var; // Build array for input
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
//CLEAN UP INPUT
|
||||
$clause = substr($clause, 2); //Clean clause - remove first comma
|
||||
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
|
||||
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
|
||||
|
||||
//QUERY AND VERIFY ALLOWED
|
||||
if ($command == 'update' && (isAllowed('user',$profile,$permission,'U') === 1 || $owner_user === 1)){
|
||||
$sql = 'UPDATE users SET '.$clause.' WHERE id = ? '.$whereclause.'';
|
||||
|
||||
$execute_input[] = $id;
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute($execute_input);
|
||||
|
||||
//Update the username in all tables when changed
|
||||
if ($post_content['username'] != $user_name_old){
|
||||
$sql_like = '%'.$user_name_old.'%';
|
||||
$sql1= 'UPDATE equipment SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
|
||||
$sql2= 'UPDATE communication SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
|
||||
$sql3= 'UPDATE contracts SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
|
||||
$sql4= 'UPDATE feedback SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
|
||||
$sql5= 'UPDATE history SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
|
||||
$sql6= 'UPDATE opportunities SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
|
||||
$sql7= 'UPDATE orders SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
|
||||
$sql8= 'UPDATE products SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
|
||||
$sql_users = 'UPDATE account SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
|
||||
$sql_partner = 'UPDATE partner SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
|
||||
|
||||
//SQL_users
|
||||
$stmt = $pdo->prepare($sql_users);
|
||||
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
|
||||
//SQL_partners
|
||||
$stmt = $pdo->prepare($sql_partner);
|
||||
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
|
||||
|
||||
$pdo = dbConnect($dbname);
|
||||
//SQL1
|
||||
$stmt = $pdo->prepare($sql1);
|
||||
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
|
||||
//SQL2
|
||||
$stmt = $pdo->prepare($sql2);
|
||||
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
|
||||
//SQL3
|
||||
$stmt = $pdo->prepare($sql3);
|
||||
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
|
||||
//SQL4
|
||||
$stmt = $pdo->prepare($sql4);
|
||||
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
|
||||
//SQL5
|
||||
$stmt = $pdo->prepare($sql5);
|
||||
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
|
||||
//SQL6
|
||||
$stmt = $pdo->prepare($sql6);
|
||||
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
|
||||
//SQL7
|
||||
$stmt = $pdo->prepare($sql7);
|
||||
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
|
||||
//SQL8
|
||||
$stmt = $pdo->prepare($sql8);
|
||||
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
|
||||
}
|
||||
}
|
||||
elseif ($command == 'insert' && isAllowed('user',$profile,$permission,'C') === 1){
|
||||
|
||||
//check if user exists
|
||||
$stmt = $pdo->prepare('SELECT * FROM users WHERE username = ?');
|
||||
$stmt->execute([$post_content['username']]);
|
||||
$user_exist = $stmt->fetch();
|
||||
|
||||
$exists = (isset($user_exist['username']))? 1 : 0;
|
||||
if($user_exist == 0 ){
|
||||
$sql = 'INSERT INTO users ('.$clause_insert.') VALUES ('.$input_insert.')';
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute($execute_input);
|
||||
|
||||
//STEP 1- create resetkey
|
||||
$headers = array('alg'=>'HS256','typ'=>'JWT');
|
||||
$payload = array('username'=>$post_content['username'], 'exp'=>(time() + 1800));
|
||||
$resetkey = generate_jwt($headers, $payload);
|
||||
//STEP 2- Send to user
|
||||
include_once './assets/mail/email_template_new.php';
|
||||
send_mail($post_content['username'],$subject,$message,'','');
|
||||
}
|
||||
}
|
||||
elseif ($command == 'delete' && isAllowed('user',$profile,$permission,'D') === 1){
|
||||
//delete equipment
|
||||
$stmt = $pdo->prepare('DELETE FROM users WHERE id = ? '.$whereclause.'');
|
||||
$stmt->execute([ $id ]);
|
||||
} else
|
||||
{
|
||||
//do nothing
|
||||
}
|
||||
|
||||
|
||||
?>
|
||||
Reference in New Issue
Block a user