From 78cfe93dcef705ae333c4ffdc575761921ac592f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E2=80=9CVeLiTi=E2=80=9D?= <“info@veliti.nl”> Date: Fri, 20 Sep 2024 14:57:11 +0200 Subject: [PATCH] CM89 - contract changes --- api/v1/get/application.php | 32 ++- api/v1/get/contracts.php | 24 +- api/v1/get/user_credentials.php | 1 + api/v1/post/contracts.php | 170 ++++++++++++- api/v1/post/users.php | 13 +- api/v2/authorization.php | 12 +- api/v2/get/changelog.php | 2 +- api/v2/get/contracts.php | 134 ++++++++++ api/v2/get/equipments.php | 3 +- api/v2/get/products_versions.php | 2 +- api/v2/get/users.php | 126 ++++++++++ api/v2/post/contracts.php | 243 +++++++++++++++++++ api/v2/post/equipments.php | 248 +++++++++++++++++++ api/v2/post/users.php | 279 +++++++++++++++++++++ assets/functions.php | 32 +++ contract.php | 403 +++++++++++++++++-------------- contract_manage.php | 250 +++++++++++++++++++ contracts.php | 11 +- dev.php | 6 + 19 files changed, 1780 insertions(+), 211 deletions(-) create mode 100644 api/v2/get/contracts.php create mode 100644 api/v2/get/users.php create mode 100644 api/v2/post/contracts.php create mode 100644 api/v2/post/equipments.php create mode 100644 api/v2/post/users.php create mode 100644 contract_manage.php diff --git a/api/v1/get/application.php b/api/v1/get/application.php index 562a157..80c6bc4 100644 --- a/api/v1/get/application.php +++ b/api/v1/get/application.php @@ -67,7 +67,33 @@ if(isset($get_content) && $get_content!=''){ $criterias[$v[0]] = $v[1]; if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='history' || $v[0] =='target' || $v[0] =='success_msg'){ //do nothing - } + } + elseif ($v[0] == 'serialnumber') { + //build up serialnumber + //check if multiple serialnumbers are provided + if (str_contains($v[1], ',')){ + $inputs = explode(",",$v[1]); + $new_querystring = ''; //empty querystring + $x=0; + foreach($inputs as $input){ + //create key + $new_key = $v[0].'_'.$x; + //inject new key/value to array + $criterias[$new_key] = $input; + $new_querystring .= ':'.$new_key.','; + $x++; + } + //remove obsolete last character from new_querystring + $new_querystring = substr($new_querystring,0, -1); + //add new_querystring to clause + $clause .= ' AND e.serialnumber IN ('.$new_querystring.')'; + //remove original key/value from array + unset($criterias[$v[0]]); + } + else { + $clause .= ' AND e.serialnumber IN (:'.$v[0].')'; + } + } else {//create clause $clause .= ' AND '.$v[0].' = :'.$v[0]; } @@ -155,6 +181,10 @@ switch ($action) { $sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM history h LEFT JOIN equipment e ON h.equipmentid = e.rowID where h.type = "ServiceReport" AND NOT e.productrowid = "31" GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)'; break; + case 'contract_usage_servicereports': + $sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.' GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)'; + break; + case 'report_usage_firmware': $sql = 'SELECT YEAR(h.created) AS year,QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM history h LEFT JOIN equipment e ON h.equipmentid=e.rowID where h.type="Firmware" AND NOT e.productrowid="31" GROUP BY YEAR(h.created),QUARTER(h.created), MONTH(h.created)'; break; diff --git a/api/v1/get/contracts.php b/api/v1/get/contracts.php index f5323df..f9053b8 100644 --- a/api/v1/get/contracts.php +++ b/api/v1/get/contracts.php @@ -8,11 +8,33 @@ defined($security_key) or exit; //Connect to DB $pdo = dbConnect($dbname); +//Get user_rights from users.php +$partner = json_decode($partnerhierarchy); + //SoldTo is empty if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} +//default whereclause +$whereclause = ''; + +switch ($permission) { + case '4': + $whereclause = ''; + break; + case '3': + $whereclause = ''; + break; + case '2': + $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; + $whereclause = 'WHERE accounthierarchy like :condition '; + break; + default: + $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; + $whereclause = 'WHERE accounthierarchy like :condition '; + break; +} + //NEW ARRAY -$whereclause =''; $criterias = []; $clause = ''; diff --git a/api/v1/get/user_credentials.php b/api/v1/get/user_credentials.php index 3423300..3f98774 100644 --- a/api/v1/get/user_credentials.php +++ b/api/v1/get/user_credentials.php @@ -23,6 +23,7 @@ if ($stmt->rowCount() == 1) { $servicekey = $user_data['service']; $language = $user_data['language']; $partner = json_decode($partnerhierarchy); + $clientsecret = $user_data['userkey']; //Update Lastlogin $logindate = date('Y-m-d H:i:s'); diff --git a/api/v1/post/contracts.php b/api/v1/post/contracts.php index 17409bc..e7d5458 100644 --- a/api/v1/post/contracts.php +++ b/api/v1/post/contracts.php @@ -13,9 +13,26 @@ $post_content = json_decode(decode_payload($input),true); //SoldTo is empty if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} -//default whereclause to check if data is owned buy user +//default whereclause $whereclause = ''; +switch ($permission) { + case '4': + $whereclause = ''; + break; + case '3': + $whereclause = ''; + break; + case '2': + $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; + $whereclause = ' AND accounthierarchy like "'.$condition.'"'; + break; + default: + $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; + $whereclause = ' AND accounthierarchy like "'.$condition.'"'; + break; +} + //SET PARAMETERS FOR QUERY $id = $post_content['rowID'] ?? ''; //check for rowID $command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT @@ -27,17 +44,161 @@ $clause = ''; $clause_insert =''; $input_insert = ''; +//remove blanks from array +if (isset($post_content['servicetool'])){ + $post_content['servicetool'] = array_map('trim', $post_content['servicetool']); + $post_content['servicetool'] = array_filter($post_content['servicetool'], 'strlen'); +} +if (isset($post_content['assigned_users'])){ + $post_content['assigned_users'] = array_map('trim', $post_content['assigned_users']); + $post_content['assigned_users'] = array_filter($post_content['assigned_users'], 'strlen'); +} +if ($id != ''){ + + //DEFINE ACCOUNTHIERARCHY + $stmt = $pdo->prepare('SELECT * FROM contracts WHERE rowID = ?'); + $stmt->execute([$id]); + $contract_data = $stmt->fetch(); + + $contract_old = json_decode($contract_data['accounthierarchy']); + $salesid_new = (($post_content['salesid'] != '' && $post_content['salesid'] != $contract_old->salesid)? $post_content['salesid'] : $contract_old->salesid); + $soldto_new = (($post_content['soldto'] != '' && $post_content['soldto'] != $contract_old->soldto)? $post_content['soldto'] : $contract_old->soldto); + $shipto_new = (($post_content['shipto'] != '' && $post_content['shipto'] != $contract_old->shipto)? $post_content['shipto'] : $contract_old->shipto); + $location_new = (($post_content['location'] != '' && $post_content['location'] != $contract_old->location)? $post_content['location'] : $contract_old->location); + + if ($permission == 4){ + //ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD + $account = array( + "salesid"=>$salesid_new, + "soldto"=>$soldto_new, + "shipto"=>$shipto_new, + "location"=>$location_new + ); + } + elseif ($permission == 3) { + //ADMIN ONLY ARE ALLOWED TO CHANGE SOLD + $account = array( + "salesid"=>$contract_old->salesid, + "soldto"=>$soldto_new, + "shipto"=>$shipto_new, + "location"=>$location_new + ); + } + else { + $account = array( + "salesid"=>$contract_old->salesid, + "soldto"=>$contract_old->soldto, + "shipto"=>$shipto_new, + "location"=>$location_new + ); + } + + //CHECK FOR CHANGES IN ASSIGNED_USERS + if (isset($post_content['assigned_users'])){ + $assigned_users_current = json_decode($contract_data['assigned_users'],true); + $assigned_users_new = $post_content['assigned_users']; + + // Find deleted items (items in current but not in new) + $deletedItems = array_diff($assigned_users_current, $assigned_users_new); + // Find added items (items in new but not in current) + $addedItems = array_diff($assigned_users_new, $assigned_users_current); + + //When deleted items are found + if (!empty($deletedItems)){ + foreach ($deletedItems as $item){ + //CALL TO API FOR General information + $api_url = '/v2/users/username='.$item; + $responses = ioApi($api_url,'',$clientsecret); + if (!empty($responses)){ + $response = json_decode($responses,true); + + //If response is not null update the service flag of the user + if (count($response) != 0){ + $id_removed_user = $response[0]['id']; + //Remove serviceflag from user + $sql = 'UPDATE users SET service = "" WHERE id = ? '; + $stmt = $pdo->prepare($sql); + $stmt->execute([$id_removed_user]); + } + } + } + } + + } +} +else { + //ID is empty => INSERT / NEW RECORD + if ($permission == 4){ + $account = array( + "salesid"=>$post_content['salesid'], + "soldto"=>$post_content['soldto'], + "shipto"=>$post_content['shipto'], + "location"=>$post_content['location'] + ); + } + elseif ($permission == 3){ + $account = array( + "salesid"=>$partner->salesid, + "soldto"=>$post_content['soldto'], + "shipto"=>$post_content['shipto'], + "location"=>$post_content['location'] + ); + }else { + $account = array( + "salesid"=>$partner->salesid, + "soldto"=>$partner->soldto, + "shipto"=>$post_content['shipto'], + "location"=>$post_content['location'] + ); + } +} + +// CREATE ACCOUNTHIERARCHY JSON FROM ACCOUNT ARRAY +$post_content['accounthierarchy'] = json_encode($account, JSON_UNESCAPED_UNICODE); + if ($command == 'insert' && !isset($post_content['delete'])){ $post_content['created'] = $date; $post_content['createdby'] = $username; } -$post_content['assigned_users'] = json_encode($post_content['assigned_users'], JSON_UNESCAPED_UNICODE); +//remove blanks from array +if (isset($post_content['servicetool'])){ + $post_content['servicetool'] = json_encode($post_content['servicetool'], JSON_UNESCAPED_UNICODE); +} +if (isset($post_content['assigned_users'])){ + //Check for all users in array if exist then update service or create + foreach ($post_content['assigned_users'] as $user_assigned){ + //CALL TO API FOR General information + $responses = ioApi('/v2/users/username='.$user_assigned,'',$clientsecret); + if (!empty($responses)){ + $response = json_decode($responses,true); + + //If response is not null update the service flag of the user + if (count($response) != 0){ + $id_exist_user = $response[0]['id']; + $generate_service = bin2hex(random_bytes(25)); + //Remove serviceflag from user + $sql = 'UPDATE users SET service = ? WHERE id = ? '; + $stmt = $pdo->prepare($sql); + $stmt->execute([$generate_service,$id_exist_user]); + } else { + //Decode the account structure of the contract and create user + $ah_array = json_decode($post_content['accounthierarchy'],true); + $data = json_encode(array("username" => $user_assigned, "email"=> $user_assigned,"view" => 2 ,"settings"=>"service","service"=> 1,"userkey"=> 1, "salesid" => $ah_array['salesid'], "soldto" => $ah_array['soldto'],"shipto" => $ah_array['shipto'],"location" => $ah_array['location']), JSON_UNESCAPED_UNICODE); + //call the API to create user + ioApi('/v2/users',$data,$clientsecret); + } + } + } -//CREAT NEW ARRAY AND MAP TO CLAUSE + // UPDATE TO JSON + $post_content['assigned_users'] = json_encode($post_content['assigned_users'], JSON_UNESCAPED_UNICODE); +} + +//CREATE NEW ARRAY AND MAP TO CLAUSE if(isset($post_content) && $post_content!=''){ foreach ($post_content as $key => $var){ - if ($key == 'submit' || $key == 'delete' || $key == 'rowID'|| $key == 'id' || str_contains($key, 'old_')|| $key == 'salesid' || $key == 'soldto'){ + if ($key == 'submit' || $key == 'delete' || $key == 'rowID'|| $key == 'id' || str_contains($key, 'old_')|| $key == 'salesid' || $key == 'soldto' || $key == 'shipto' || $key == 'location'){ //do nothing } else { @@ -61,6 +222,7 @@ if ($command == 'update' && !isset($post_content['delete']) && isAllowed('contra $execute_input[] = $id; $stmt = $pdo->prepare($sql); $stmt->execute($execute_input); + } elseif ($command == 'insert' && !isset($post_content['delete']) && isAllowed('contract',$profile,$permission,'C') === 1){ $sql = 'INSERT INTO contracts ('.$clause_insert.') VALUES ('.$input_insert.')'; diff --git a/api/v1/post/users.php b/api/v1/post/users.php index 993256d..2730789 100644 --- a/api/v1/post/users.php +++ b/api/v1/post/users.php @@ -14,7 +14,7 @@ $owner_user = 0; //SoldTo is empty if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} -//default whereclause to check if data is owned buy user +//default whereclause to check if data is owned by user $whereclause = ''; switch ($permission) { @@ -35,7 +35,7 @@ switch ($permission) { } //SET PARAMETERS FOR QUERY -$id = $post_content['id'] ?? ''; //check for rowID +$id = (isset($post_content['id'])) ? $post_content['id']: ''; //check for rowID $command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT if (isset($post_content['delete'])){$command = 'delete';} //change command to delete if (isset($post_content['reset'])){$command = 'reset';} //change command to reset @@ -143,14 +143,15 @@ $accounthierarchy = json_encode($account, JSON_UNESCAPED_UNICODE); //Create resetkey & tokens $headers = array('alg'=>'HS256','typ'=>'JWT'); $payload = array('username'=>$post_content['username'], 'exp'=>(time() + 1800)); -$post_content['service'] = ($post_content['service'] == 1) ? bin2hex(random_bytes(25)) : ''; -$post_content['userkey'] = ($post_content['userkey'] == 1) ? bin2hex(random_bytes(25)) : ''; +$post_content['service'] = (isset($post_content['service']) && $post_content['service'] == 1) ? bin2hex(random_bytes(25)) : ''; +$post_content['userkey'] = (isset($post_content['userkey']) && $post_content['userkey'] == 1) ? bin2hex(random_bytes(25)) : ''; //ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE if ($command == 'update'){ $post_content['partnerhierarchy'] = $accounthierarchy; } elseif ($command == 'insert'){ + $post_content['resetkey'] = $resetkey = generate_jwt($headers, $payload); $post_content['password'] = generate_jwt($headers, $payload); $post_content['partnerhierarchy'] = $accounthierarchy; $post_content['salesID'] = $partner->salesid; @@ -249,10 +250,6 @@ elseif ($command == 'insert' && isAllowed('user',$profile,$permission,'C') === 1 $stmt = $pdo->prepare($sql); $stmt->execute($execute_input); - //STEP 1- create resetkey - $headers = array('alg'=>'HS256','typ'=>'JWT'); - $payload = array('username'=>$post_content['username'], 'exp'=>(time() + 1800)); - $resetkey = generate_jwt($headers, $payload); //STEP 2- Send to user include_once './assets/mail/email_template_new.php'; send_mail($post_content['email'],$subject,$message,'',''); diff --git a/api/v2/authorization.php b/api/v2/authorization.php index 1f99643..c8c38b3 100644 --- a/api/v2/authorization.php +++ b/api/v2/authorization.php @@ -7,7 +7,8 @@ defined($security_key) or exit; $user_credentials = json_decode($input,true); //Connect to DB $pdo = dbConnect($dbname); -$username = $user_credentials['username'] ?? ''; +//User username or clientID +$username = (isset($user_credentials['username']))? $user_credentials['username'] : (isset($user_credentials['clientID'])? $user_credentials['clientID'] : ''); //Define Query $stmt = $pdo->prepare('SELECT * FROM users WHERE username = ?'); //Excute Query @@ -21,8 +22,8 @@ if ($stmt->rowCount() == 1) { $user_data = $stmt->fetch(); $permission = userRights($user_data['view']); $profile = getProfile($user_data['settings'],$permission); - $password = $user_credentials['password']; - + $password = (isset($user_credentials['password']))? $user_credentials['password'] : (isset($user_credentials['clientsecret'])? $user_credentials['clientsecret'] : ''); + if ($user_data['login_count'] < 5){ if (array_key_exists('resetkey', $user_credentials)){ @@ -51,9 +52,10 @@ if ($stmt->rowCount() == 1) { //RETURN JWT AND CLIENTSECRET $user = array( - 'clientID' => $user_data['id'], + 'clientID' => $user_data['username'], 'token' => $token, - 'clientsecret' => $user_data['userkey'] + 'token_valid' => date('Y-m-d H:i:s',time() + 1800), + 'userkey' => $user_data['userkey'] ); //Reset login count after succesfull attempt diff --git a/api/v2/get/changelog.php b/api/v2/get/changelog.php index 09e3203..4f3f595 100644 --- a/api/v2/get/changelog.php +++ b/api/v2/get/changelog.php @@ -132,7 +132,7 @@ else { } //------------------------------------------ -//JSON_DECODE +//JSON_ENCODE //------------------------------------------ $messages = json_encode($messages, JSON_UNESCAPED_UNICODE); //Send results diff --git a/api/v2/get/contracts.php b/api/v2/get/contracts.php new file mode 100644 index 0000000..74cd53d --- /dev/null +++ b/api/v2/get/contracts.php @@ -0,0 +1,134 @@ +soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} + +//default whereclause +$whereclause = ''; + +switch ($permission) { + case '4': + $whereclause = ''; + break; + case '3': + $whereclause = ''; + break; + case '2': + $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; + $whereclause = 'WHERE accounthierarchy like :condition '; + break; + default: + $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; + $whereclause = 'WHERE accounthierarchy like :condition '; + break; +} + +//NEW ARRAY +$criterias = []; +$clause = ''; + +//Check for $_GET variables and build up clause +if(isset($get_content) && $get_content!=''){ + //GET VARIABLES FROM URL + $requests = explode("&", $get_content); + //Check for keys and values + foreach ($requests as $y){ + $v = explode("=", $y); + //INCLUDE VARIABLES IN ARRAY + $criterias[$v[0]] = $v[1]; + + if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){ + //do nothing + } + elseif ($v[0] == 'search') { + //build up search + $clause .= ' AND reference like :'.$v[0]; + } + else {//create clause + $clause .= ' AND '.$v[0].' = :'.$v[0]; + } + } + if ($whereclause == '' && $clause !=''){ + $whereclause = 'WHERE '.substr($clause, 4); + } else { + $whereclause .= $clause; + } +} +//Define Query +if(isset($criterias['totals']) && $criterias['totals'] ==''){ +//Request for total rows + $sql = 'SELECT count(*) as count FROM contracts '.$whereclause.''; +} +elseif (isset($criterias['list']) && $criterias['list'] =='') { + //SQL for Paging + $sql = 'SELECT * FROM contracts '.$whereclause.''; +} +else { + //SQL for Paging + $sql = 'SELECT * FROM contracts '.$whereclause.' LIMIT :page,:num_products'; +} + +$stmt = $pdo->prepare($sql); + +//Bind to query +if (str_contains($whereclause, ':condition')){ + $stmt->bindValue('condition', $condition, PDO::PARAM_STR); +} + +if (!empty($criterias)){ + foreach ($criterias as $key => $value){ + $key_condition = ':'.$key; + if (str_contains($whereclause, $key_condition)){ + if ($key == 'search'){ + $search_value = '%'.$value.'%'; + $stmt->bindValue($key, $search_value, PDO::PARAM_STR); + } + else { + $stmt->bindValue($key, $value, PDO::PARAM_STR); + } + } + } +} + +//Add paging details +if(isset($criterias['totals']) && $criterias['totals']==''){ + $stmt->execute(); + $messages = $stmt->fetch(); + $messages = $messages[0]; +} +elseif(isset($criterias['list']) && $criterias['list']==''){ + //Excute Query + $stmt->execute(); + //Get results + $messages = $stmt->fetchAll(PDO::FETCH_ASSOC); +} +else { + $current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1; + $stmt->bindValue('page', ($current_page - 1) * $page_rows_contracts, PDO::PARAM_INT); + $stmt->bindValue('num_products', $page_rows_contracts, PDO::PARAM_INT); + + //Excute Query + $stmt->execute(); + //Get results + $messages = $stmt->fetchAll(PDO::FETCH_ASSOC); +} + +//------------------------------------------ +//JSON_ENCODE +//------------------------------------------ +$messages = json_encode($messages, JSON_UNESCAPED_UNICODE); + +//Send results +echo $messages; +?> \ No newline at end of file diff --git a/api/v2/get/equipments.php b/api/v2/get/equipments.php index a780cfe..aee748e 100644 --- a/api/v2/get/equipments.php +++ b/api/v2/get/equipments.php @@ -11,7 +11,6 @@ $pdo = dbConnect($dbname); //Get user_rights from users.php $partner = json_decode($partnerhierarchy); - //SoldTo is empty if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} @@ -293,7 +292,7 @@ else { $messages = $stmt->fetchAll(PDO::FETCH_ASSOC); } //------------------------------------------ -//JSON_DECODE +//JSON_EnCODE //------------------------------------------ $messages = json_encode($messages, JSON_UNESCAPED_UNICODE); //------------------------------------------ diff --git a/api/v2/get/products_versions.php b/api/v2/get/products_versions.php index e7702fa..9316ecb 100644 --- a/api/v2/get/products_versions.php +++ b/api/v2/get/products_versions.php @@ -131,7 +131,7 @@ if (isset($criterias['productrowid']) && $criterias['productrowid'] != ''){ $messages = $stmt->fetchAll(PDO::FETCH_ASSOC); } //------------------------------------------ - //JSON_DECODE + //JSON_ENCODE //------------------------------------------ $messages = json_encode($messages, JSON_UNESCAPED_UNICODE); diff --git a/api/v2/get/users.php b/api/v2/get/users.php new file mode 100644 index 0000000..1dd9496 --- /dev/null +++ b/api/v2/get/users.php @@ -0,0 +1,126 @@ +soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} + +//default whereclause +$whereclause = ''; + +switch ($permission) { + case '4': + $whereclause = ''; + break; + case '3': + $whereclause = ''; + break; + case '2': + $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; + $whereclause = 'WHERE partnerhierarchy like :condition '; + break; + default: + $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; + $whereclause = 'WHERE partnerhierarchy like :condition '; + break; +} +//NEW ARRAY +$criterias = []; +$clause = ''; + +//Check for $_GET variables and build up clause +if(isset($get_content) && $get_content!=''){ + //GET VARIABLES FROM URL + $requests = explode("&", $get_content); + //Check for keys and values + foreach ($requests as $y){ + $v = explode("=", $y); + //INCLUDE VARIABLES IN ARRAY + $criterias[$v[0]] = $v[1]; + + if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='success_msg'){ + //do nothing + } + elseif ($v[0] == 'search') { + //build up search + $clause .= ' AND username like :'.$v[0]; + } + elseif ($v[0] == 'partnerid') { + //check accounthierarchy related users + $clause .= ' AND partnerhierarchy like :'.$v[0]; + } + else {//create clause + $clause .= ' AND '.$v[0].' = :'.$v[0]; + } + } + if ($whereclause == '' && $clause !=''){ + $whereclause = 'WHERE '.substr($clause, 4); + } else { + $whereclause .= $clause; + } +} + +if(isset($criterias['totals']) && $criterias['totals'] ==''){ +//Request for total rows + $sql = 'SELECT count(*) as count from users '.$whereclause.''; +} +else { + //SQL for Paging + $sql = 'SELECT id,username, email, salesID, partnerhierarchy, view, created, service, settings, lastlogin, userkey, language,login_count FROM users '.$whereclause.' ORDER BY lastlogin DESC LIMIT :page,:num_products'; +} + +$stmt = $pdo->prepare($sql); + +//Bind to query +if (str_contains($whereclause, ':condition')){ + $stmt->bindValue('condition', $condition, PDO::PARAM_STR); +} + +if (!empty($criterias)){ + foreach ($criterias as $key => $value){ + $key_condition = ':'.$key; + if (str_contains($whereclause, $key_condition)){ + if ($key == 'search'){ + $search_value = '%'.$value.'%'; + $stmt->bindValue($key, $search_value, PDO::PARAM_STR); + } + elseif ($key == 'partnerid'){ + $search_value = '%"_"'.$value.'-%'; + $stmt->bindValue($key, $search_value, PDO::PARAM_STR); + } + else { + $stmt->bindValue($key, $value, PDO::PARAM_STR); + } + } + } +} + +//Add paging details +if(isset($criterias['totals']) && $criterias['totals']==''){ + $stmt->execute(); + $messages = $stmt->fetch(); + $messages = $messages[0]; +} +else { + $current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1; + $stmt->bindValue('page', ($current_page - 1) * $page_rows_users, PDO::PARAM_INT); + $stmt->bindValue('num_products', $page_rows_users, PDO::PARAM_INT); + //Excute Query + $stmt->execute(); + //Get results + $messages = $stmt->fetchAll(PDO::FETCH_ASSOC); +} + +//------------------------------------------ +//JSON_ENCODE +//------------------------------------------ +$messages = json_encode($messages, JSON_UNESCAPED_UNICODE); + +//Send results +echo $messages; diff --git a/api/v2/post/contracts.php b/api/v2/post/contracts.php new file mode 100644 index 0000000..5d86d55 --- /dev/null +++ b/api/v2/post/contracts.php @@ -0,0 +1,243 @@ +soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} + +//default whereclause +$whereclause = ''; + +switch ($permission) { + case '4': + $whereclause = ''; + break; + case '3': + $whereclause = ''; + break; + case '2': + $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; + $whereclause = ' AND accounthierarchy like "'.$condition.'"'; + break; + default: + $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; + $whereclause = ' AND accounthierarchy like "'.$condition.'"'; + break; +} + +//SET PARAMETERS FOR QUERY +$id = $post_content['rowID'] ?? ''; //check for rowID +$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT +if (isset($post_content['delete'])){$command = 'delete';} //change command to delete +$date = date('Y-m-d H:i:s'); + +//CREATE EMPTY STRINGS +$clause = ''; +$clause_insert =''; +$input_insert = ''; + +//remove blanks from array +if (isset($post_content['servicetool'])){ + $post_content['servicetool'] = array_map('trim', $post_content['servicetool']); + $post_content['servicetool'] = array_filter($post_content['servicetool'], 'strlen'); +} +if (isset($post_content['assigned_users'])){ + $post_content['assigned_users'] = array_map('trim', $post_content['assigned_users']); + $post_content['assigned_users'] = array_filter($post_content['assigned_users'], 'strlen'); +} +if ($id != ''){ + + //DEFINE ACCOUNTHIERARCHY + $stmt = $pdo->prepare('SELECT * FROM contracts WHERE rowID = ?'); + $stmt->execute([$id]); + $contract_data = $stmt->fetch(); + + $contract_old = json_decode($contract_data['accounthierarchy']); + $salesid_new = (($post_content['salesid'] != '' && $post_content['salesid'] != $contract_old->salesid)? $post_content['salesid'] : $contract_old->salesid); + $soldto_new = (($post_content['soldto'] != '' && $post_content['soldto'] != $contract_old->soldto)? $post_content['soldto'] : $contract_old->soldto); + $shipto_new = (($post_content['shipto'] != '' && $post_content['shipto'] != $contract_old->shipto)? $post_content['shipto'] : $contract_old->shipto); + $location_new = (($post_content['location'] != '' && $post_content['location'] != $contract_old->location)? $post_content['location'] : $contract_old->location); + + if ($permission == 4){ + //ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD + $account = array( + "salesid"=>$salesid_new, + "soldto"=>$soldto_new, + "shipto"=>$shipto_new, + "location"=>$location_new + ); + } + elseif ($permission == 3) { + //ADMIN ONLY ARE ALLOWED TO CHANGE SOLD + $account = array( + "salesid"=>$contract_old->salesid, + "soldto"=>$soldto_new, + "shipto"=>$shipto_new, + "location"=>$location_new + ); + } + else { + $account = array( + "salesid"=>$contract_old->salesid, + "soldto"=>$contract_old->soldto, + "shipto"=>$shipto_new, + "location"=>$location_new + ); + } + + //CHECK FOR CHANGES IN ASSIGNED_USERS + if (isset($post_content['assigned_users'])){ + $assigned_users_current = json_decode($contract_data['assigned_users'],true); + $assigned_users_new = $post_content['assigned_users']; + + // Find deleted items (items in current but not in new) + $deletedItems = array_diff($assigned_users_current, $assigned_users_new); + // Find added items (items in new but not in current) + $addedItems = array_diff($assigned_users_new, $assigned_users_current); + + //When deleted items are found + if (!empty($deletedItems)){ + foreach ($deletedItems as $item){ + //CALL TO API FOR General information + $api_url = '/v2/users/username='.$item; + $responses = ioApi($api_url,'',$clientsecret); + if (!empty($responses)){ + $response = json_decode($responses,true); + + //If response is not null update the service flag of the user + if (count($response) != 0){ + $id_removed_user = $response[0]['id']; + //Remove serviceflag from user + $sql = 'UPDATE users SET service = "" WHERE id = ? '; + $stmt = $pdo->prepare($sql); + $stmt->execute([$id_removed_user]); + } + } + } + } + + } +} +else { + //ID is empty => INSERT / NEW RECORD + if ($permission == 4){ + $account = array( + "salesid"=>$post_content['salesid'], + "soldto"=>$post_content['soldto'], + "shipto"=>$post_content['shipto'], + "location"=>$post_content['location'] + ); + } + elseif ($permission == 3){ + $account = array( + "salesid"=>$partner->salesid, + "soldto"=>$post_content['soldto'], + "shipto"=>$post_content['shipto'], + "location"=>$post_content['location'] + ); + }else { + $account = array( + "salesid"=>$partner->salesid, + "soldto"=>$partner->soldto, + "shipto"=>$post_content['shipto'], + "location"=>$post_content['location'] + ); + } +} + +// CREATE ACCOUNTHIERARCHY JSON FROM ACCOUNT ARRAY +$post_content['accounthierarchy'] = json_encode($account, JSON_UNESCAPED_UNICODE); + +if ($command == 'insert' && !isset($post_content['delete'])){ + $post_content['created'] = $date; + $post_content['createdby'] = $username; +} + +//remove blanks from array +if (isset($post_content['servicetool'])){ + $post_content['servicetool'] = json_encode($post_content['servicetool'], JSON_UNESCAPED_UNICODE); +} +if (isset($post_content['assigned_users'])){ + //Check for all users in array if exist then update service or create + foreach ($post_content['assigned_users'] as $user_assigned){ + //CALL TO API FOR General information + $responses = ioApi('/v2/users/username='.$user_assigned,'',$clientsecret); + if (!empty($responses)){ + $response = json_decode($responses,true); + + //If response is not null update the service flag of the user + if (count($response) != 0){ + $id_exist_user = $response[0]['id']; + $generate_service = bin2hex(random_bytes(25)); + //Remove serviceflag from user + $sql = 'UPDATE users SET service = ? WHERE id = ? '; + $stmt = $pdo->prepare($sql); + $stmt->execute([$generate_service,$id_exist_user]); + } else { + //Decode the account structure of the contract and create user + $ah_array = json_decode($post_content['accounthierarchy'],true); + $data = json_encode(array("username" => $user_assigned, "email"=> $user_assigned,"view" => 2 ,"settings"=>"service","service"=> 1,"userkey"=> 1, "salesid" => $ah_array['salesid'], "soldto" => $ah_array['soldto'],"shipto" => $ah_array['shipto'],"location" => $ah_array['location']), JSON_UNESCAPED_UNICODE); + //call the API to create user + ioApi('/v2/users',$data,$clientsecret); + } + } + } + + // UPDATE TO JSON + $post_content['assigned_users'] = json_encode($post_content['assigned_users'], JSON_UNESCAPED_UNICODE); +} + +//CREATE NEW ARRAY AND MAP TO CLAUSE +if(isset($post_content) && $post_content!=''){ + foreach ($post_content as $key => $var){ + if ($key == 'submit' || $key == 'delete' || $key == 'rowID'|| $key == 'id' || str_contains($key, 'old_')|| $key == 'salesid' || $key == 'soldto' || $key == 'shipto' || $key == 'location'){ + //do nothing + } + else { + $criterias[$key] = $var; + $clause .= ' , '.$key.' = ?'; + $clause_insert .= ' , '.$key.''; + $input_insert .= ', ?'; // ? for each insert item + $execute_input[]= $var; // Build array for input + } + } +} + +//CLEAN UP INPUT +$clause = substr($clause, 2); //Clean clause - remove first comma +$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma +$input_insert = substr($input_insert, 1); //Clean clause - remove first comma + +//QUERY AND VERIFY ALLOWED +if ($command == 'update' && !isset($post_content['delete']) && isAllowed('contract',$profile,$permission,'U') === 1){ + $sql = 'UPDATE contracts SET '.$clause.' WHERE rowID = ? '.$whereclause.''; + $execute_input[] = $id; + $stmt = $pdo->prepare($sql); + $stmt->execute($execute_input); + +} +elseif ($command == 'insert' && !isset($post_content['delete']) && isAllowed('contract',$profile,$permission,'C') === 1){ + $sql = 'INSERT INTO contracts ('.$clause_insert.') VALUES ('.$input_insert.')'; + $stmt = $pdo->prepare($sql); + $stmt->execute($execute_input); +} +elseif ($command == 'delete' && isAllowed('contract',$profile,$permission,'D') === 1){ + $stmt = $pdo->prepare('DELETE FROM contracts WHERE rowID = ? '.$whereclause.''); + $stmt->execute([ $id ]); + + //Add deletion to changelog + changelog($dbname,'contracts',$id,'Delete','Delete',$username); +} else +{ + //do nothing +} + +?> \ No newline at end of file diff --git a/api/v2/post/equipments.php b/api/v2/post/equipments.php new file mode 100644 index 0000000..6c955b2 --- /dev/null +++ b/api/v2/post/equipments.php @@ -0,0 +1,248 @@ +soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} + +//default whereclause +$whereclause = ''; + +switch ($permission) { + case '4': + $whereclause = ''; + break; + case '3': + $whereclause = ''; + break; + case '2': + $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; + $whereclause = ' AND accounthierarchy like "'.$condition.'"'; + break; + default: + $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; + $whereclause = ' AND accounthierarchy like "'.$condition.'"'; + break; +} + +//SET PARAMETERS FOR QUERY +$id = $post_content['rowID'] ?? ''; //check for rowID +$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT +if (isset($post_content['delete'])){$command = 'delete';} //change command to delete +$date = date('Y-m-d H:i:s'); + +//CREATE EMPTY STRINGS +$owner_equipment = 0; +$clause = ''; +$clause_insert =''; +$input_insert = ''; + + +if ($id != ''){ + //DEFINE ACCOUNTHIERARCHY + $stmt = $pdo->prepare('SELECT * FROM equipment WHERE rowID = ?'); + $stmt->execute([$id]); + $equipment_data = $stmt->fetch(); + + $equipment_old = json_decode($equipment_data['accounthierarchy']); + + $salesid_new = (($post_content['salesid'] != '' && $post_content['salesid'] != $equipment_old->salesid)? $post_content['salesid'] : $equipment_old->salesid); + $soldto_new = (($post_content['soldto'] != '' && $post_content['soldto'] != $equipment_old->soldto)? $post_content['soldto'] : $equipment_old->soldto); + $shipto_new = (($post_content['shipto'] != '' && $post_content['shipto'] != $equipment_old->shipto)? $post_content['shipto'] : $equipment_old->shipto); + $location_new = (($post_content['location'] != '' && $post_content['location'] != $equipment_old->location)? $post_content['location'] : $equipment_old->location); + $section_new = (($post_content['section'] != '' && $post_content['section'] != $equipment_old->section)? $post_content['section'] : $equipment_old->section); + + $owner_equipment = (($equipment_data['createdby'] == $username)? 1 : 0); + + if ($permission == 4){ + //ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD + $account = array( + "salesid"=>$salesid_new, + "soldto"=>$soldto_new, + "shipto"=>$shipto_new, + "location"=>$location_new, + "section"=>$section_new + ); + } + elseif ($permission == 3) { + //ADMIN ONLY ARE ALLOWED TO CHANGE SOLD + $account = array( + "salesid"=>$equipment_old->salesid, + "soldto"=>$soldto_new, + "shipto"=>$shipto_new, + "location"=>$location_new, + "section"=>$section_new + ); + } + else { + $account = array( + "salesid"=>$equipment_old->salesid, + "soldto"=>$equipment_old->soldto, + "shipto"=>$shipto_new, + "location"=>$location_new, + "section"=>$section_new + ); + } +} +else { + //ID is empty => INSERT / NEW RECORD + if ($permission == 4){ + $account = array( + "salesid"=>$post_content['salesid'], + "soldto"=>$post_content['soldto'], + "shipto"=>$post_content['shipto'], + "location"=>$post_content['location'], + "section"=>$post_content['section'] + + ); + } + elseif ($permission == 3){ + $account = array( + "salesid"=>$partner->salesid, + "soldto"=>$post_content['soldto'], + "shipto"=>$post_content['shipto'], + "location"=>$post_content['location'], + "section"=>$post_content['section'] + + ); + }else { + $account = array( + "salesid"=>$partner->salesid, + "soldto"=>$partner->soldto, + "shipto"=>$post_content['shipto'], + "location"=>$post_content['location'], + "section"=>$post_content['section'] + + ); + } +} +//CHECK IF PARTNER HAS PARTNER RECORD - IF NOT CREATE AND USE +foreach ($account as $key => $value){ + if ($key != "section"){ + //CHECK for id- pattern + if (empty($value) ||$value == '' || preg_match('/\-.*/',$value)){ + //Do Nothing + } + else { + //No partner ID found + switch ($key) { + case 'salesid': + $p_type = 'SalesID'; + break; + case 'soldto': + $p_type = 'SoldTo'; + break; + case 'shipto': + $p_type = 'ShipTo'; + break; + case 'location': + $p_type = 'Location'; + break; + } + //Create partner and push to array account + $account[$key] = createPartner($partner->salesid,$partner->soldto,$value,$p_type,$userkey); + } + } +} +// CREATE ACCOUNTHIERARCHY JSON FROM ACCOUNT ARRAY +$accounthierarchy = json_encode($account, JSON_UNESCAPED_UNICODE); + +//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE +if ($command == 'update'){ + + //RESET WARRANTY AND SERVICE DATES WHEN STATUS IS CHANGED TO SEND(3) + if (isset($post_content['status']) && $post_content['status'] == 3 && $equipment_data['status'] != 3) + { + $post_content['service_date'] = $date; + $post_content['warranty_date'] = $date; + + } + //UPDATE CHANGELOG BASED ON STATUS CHANGE + if (isset($post_content['status']) && $post_content['status'] != $equipment_data['status']) + { + changelog($dbname,'equipment',$equipment_data['rowID'],'status',$post_content['status'],$username); + } + //UPDATE CHANGELOG BASED ON ORDER_REF change + if (isset($post_content['order_ref']) && $post_content['order_ref'] != $equipment_data['order_ref']) + { + changelog($dbname,'equipment',$equipment_data['rowID'],'order_ref',$post_content['order_ref'],$username); + } + + $post_content['accounthierarchy'] = $accounthierarchy; + + //CHECK for special permissions + if (isAllowed('equipment_manage_edit',$profile,$permission,'U') === 0 && $owner_equipment === 0 ){ + $post_content['status'] = $equipment_data['status']; + $post_content['serialnumber'] = $equipment_data['serialnumber']; + $post_content['service_date'] = $equipment_data['service_date']; + $post_content['warranty_date'] = $equipment_data['warranty_date']; + } + +} +elseif ($command == 'insert'){ + $post_content['created'] = $date; + $post_content['createdby'] = $username; + $post_content['accounthierarchy'] = $accounthierarchy; + $post_content['service_date'] = $date; + $post_content['warranty_date'] = $date; +} +else { + //do nothing +} + +//CREAT NEW ARRAY AND MAP TO CLAUSE +if(isset($post_content) && $post_content!=''){ + foreach ($post_content as $key => $var){ + if ($key == 'submit' || $key == 'rowID' || str_contains($key, 'old_') || $key == 'salesid' || $key == 'soldto' || $key == 'shipto' || $key == 'location' || $key == 'section' || str_contains($key, 'productcode') || str_contains($key, 'productname')){ + //do nothing + } + else { + $criterias[$key] = $var; + $clause .= ' , '.$key.' = ?'; + $clause_insert .= ' , '.$key.''; + $input_insert .= ', ?'; // ? for each insert item + $execute_input[]= $var; // Build array for input + } + } +} + +//CLEAN UP INPUT +$clause = substr($clause, 2); //Clean clause - remove first comma +$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma +$input_insert = substr($input_insert, 1); //Clean clause - remove first comma + +//QUERY AND VERIFY ALLOWED +if ($command == 'update' && (isAllowed('equipment_manage',$profile,$permission,'U') === 1 || isAllowed('equipments_mass_update',$profile,$permission,'U') === 1 || $owner_equipment === 1)){ + $sql = 'UPDATE equipment SET '.$clause.' WHERE rowID = ? '.$whereclause.''; + $execute_input[] = $id; + $stmt = $pdo->prepare($sql); + $stmt->execute($execute_input); +} +elseif ($command == 'insert' && isAllowed('equipment_manage',$profile,$permission,'C') === 1){ + $sql = 'INSERT INTO equipment ('.$clause_insert.') VALUES ('.$input_insert.')'; + $stmt = $pdo->prepare($sql); + $stmt->execute($execute_input); +} +elseif ($command == 'delete' && (isAllowed('equipment_manage',$profile,$permission,'D') === 1 || $owner_equipment === 1)){ + //delete equipment + $stmt = $pdo->prepare('DELETE FROM equipment WHERE rowID = ? '.$whereclause.''); + $stmt->execute([ $id ]); + //delete history related to equipment + $stmt = $pdo->prepare('DELETE FROM history WHERE equipmentid = ?'); + $stmt->execute([ $id ]); + //Add deletion to changelog + changelog($dbname,'equipment',$id,'Delete','Delete',$username); +} else +{ + //do nothing +} + +?> \ No newline at end of file diff --git a/api/v2/post/users.php b/api/v2/post/users.php new file mode 100644 index 0000000..f4740fd --- /dev/null +++ b/api/v2/post/users.php @@ -0,0 +1,279 @@ +soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} + +//default whereclause to check if data is owned by user +$whereclause = ''; + +switch ($permission) { + case '4': + $whereclause = ''; + break; + case '3': + $whereclause = ''; + break; + case '2': + $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; + $whereclause = ' AND partnerhierarchy like "'.$condition.'"'; + break; + default: + $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; + $whereclause = ' AND partnerhierarchy like "'.$condition.'"'; + break; +} + +//SET PARAMETERS FOR QUERY +$id = (isset($post_content['id'])) ? $post_content['id']: ''; //check for rowID +$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT +if (isset($post_content['delete'])){$command = 'delete';} //change command to delete +if (isset($post_content['reset'])){$command = 'reset';} //change command to reset +$date = date('Y-m-d H:i:s'); + +//CREATE EMPTY STRINGS +$clause = ''; +$clause_insert =''; +$input_insert = ''; + +//GET EXISTING USER DATA +if ($id != '' && $command != 'reset'){ +//Define Query +$stmt = $pdo->prepare('SELECT * FROM users WHERE id = ?'); +$stmt->execute([$id]); +$user_data = $stmt->fetch(); + +$owner_user = (($user_data['username'] == $username)? 1 : 0); + +$user_name_old = $user_data['username']; +$view_old = $user_data['view']; +$partnerhierarchy_old = json_decode($user_data['partnerhierarchy']); + +$salesid_new = ((isset($post_content['salesid']) && $post_content['salesid'] != '' && $post_content['salesid'] != $partnerhierarchy_old->salesid)? $post_content['salesid'] : $partnerhierarchy_old->salesid); +$soldto_new = ((isset($post_content['soldto']) && $post_content['soldto'] != '' && $post_content['soldto'] != $partnerhierarchy_old->soldto)? $post_content['soldto'] : $partnerhierarchy_old->soldto); +$shipto_new = (($post_content['shipto'] != '' && $post_content['shipto'] != $partnerhierarchy_old->shipto)? $post_content['shipto'] : $partnerhierarchy_old->shipto); +$location_new = (($post_content['location'] != '' && $post_content['location'] != $partnerhierarchy_old->location)? $post_content['location'] : $partnerhierarchy_old->location); + + if ($permission == 4){ + //ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD + $account = array( + "salesid"=>$salesid_new, + "soldto"=>$soldto_new, + "shipto"=>$shipto_new, + "location"=>$location_new + ); + }elseif ($permission == 3) { + //ADMIN ONLY ARE ALLOWED TO CHANGE SOLD + $account = array( + "salesid"=>$partner->salesid, + "soldto"=>$soldto_new, + "shipto"=>$shipto_new, + "location"=>$location_new + ); + } + else { + $account = array( + "salesid"=>$partner->salesid, + "soldto"=>$partner->soldto, + "shipto"=>$shipto_new, + "location"=>$location_new + ); + } +} elseif ($command == 'insert') { + //ID is empty => INSERT / NEW RECORD + if ($permission == 4){ + //ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD + $account = array( + "salesid"=>$post_content['salesid'], + "soldto"=>$post_content['soldto'], + "shipto"=>$post_content['shipto'], + "location"=>$post_content['location'] + ); + } + elseif ($permission == 3){ + //ADMIN ONLY ARE ALLOWED TO CHANGE SOLD + $account = array( + "salesid"=>$partner->salesid, + "soldto"=>$post_content['soldto'], + "shipto"=>$post_content['shipto'], + "location"=>$post_content['location'] + ); + } + else { + $account = array( + "salesid"=>$partner->salesid, + "soldto"=>$partner->soldto, + "shipto"=>$post_content['shipto'], + "location"=>$post_content['location'] + ); + } +} elseif ($id != '' && $command == 'reset'){ + //Reset user requested + //Get username + $stmt = $pdo->prepare('SELECT * FROM users WHERE id = ?'); + $stmt->execute([$id]); + $user_data = $stmt->fetch(); + //generate resetkey + $post_content['resetkey'] = generate_jwt($headers, $payload); + //STEP 1- create resetkey + $headers = array('alg'=>'HS256','typ'=>'JWT'); + $payload = array('username'=>$user_data['username'], 'exp'=>(time() + 1800)); + $resetkey = generate_jwt($headers, $payload); + //STEP 2- Store resetkey + $sql = 'UPDATE users SET resetkey = ? WHERE id = ? '.$whereclause.''; + $stmt = $pdo->prepare($sql); + $stmt->execute([$resetkey,$id]); + //STEP 3 - Send to user + include_once './assets/mail/email_template_reset.php'; + send_mail($user_data['email'],$subject,$message,'',''); +} + +$accounthierarchy = json_encode($account, JSON_UNESCAPED_UNICODE); + +//Create resetkey & tokens +$headers = array('alg'=>'HS256','typ'=>'JWT'); +$payload = array('username'=>$post_content['username'], 'exp'=>(time() + 1800)); +$post_content['service'] = (isset($post_content['service']) && $post_content['service'] == 1) ? bin2hex(random_bytes(25)) : ''; +$post_content['userkey'] = (isset($post_content['userkey']) && $post_content['userkey'] == 1) ? bin2hex(random_bytes(25)) : ''; + +//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE +if ($command == 'update'){ + $post_content['partnerhierarchy'] = $accounthierarchy; +} +elseif ($command == 'insert'){ + $post_content['resetkey'] = $resetkey = generate_jwt($headers, $payload); + $post_content['password'] = generate_jwt($headers, $payload); + $post_content['partnerhierarchy'] = $accounthierarchy; + $post_content['salesID'] = $partner->salesid; +} +else { + //do nothing +} + +//CREAT NEW ARRAY AND MAP TO CLAUSE +if(isset($post_content) && $post_content!=''){ + foreach ($post_content as $key => $var){ + if ($key == 'submit' || $key == 'id' || str_contains($key, 'old_') || $key == 'salesid' || $key == 'soldto' || $key == 'shipto' || $key == 'location'){ + //do nothing + } + else { + $criterias[$key] = $var; + $clause .= ' , '.$key.' = ?'; + $clause_insert .= ' , '.$key.''; + $input_insert .= ', ?'; // ? for each insert item + $execute_input[]= $var; // Build array for input + } + } +} + +//CLEAN UP INPUT +$clause = substr($clause, 2); //Clean clause - remove first comma +$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma +$input_insert = substr($input_insert, 1); //Clean clause - remove first comma + +//QUERY AND VERIFY ALLOWED +if ($command == 'update' && (isAllowed('user',$profile,$permission,'U') === 1 || $owner_user === 1)){ + $sql = 'UPDATE users SET '.$clause.' WHERE id = ? '.$whereclause.''; + + $execute_input[] = $id; + $stmt = $pdo->prepare($sql); + $stmt->execute($execute_input); + + //Update the username in all tables when changed + if ($post_content['username'] != $user_name_old){ + $sql_like = '%'.$user_name_old.'%'; + $sql1= 'UPDATE equipment SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; + $sql2= 'UPDATE communication SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; + $sql3= 'UPDATE contracts SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; + $sql4= 'UPDATE feedback SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; + $sql5= 'UPDATE history SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; + $sql6= 'UPDATE opportunities SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; + $sql7= 'UPDATE orders SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; + $sql8= 'UPDATE products SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; + $sql_users = 'UPDATE account SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; + $sql_partner = 'UPDATE partner SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; + + //SQL_users + $stmt = $pdo->prepare($sql_users); + $stmt->execute([$user_name_old,$post_content['username'], $sql_like]); + //SQL_partners + $stmt = $pdo->prepare($sql_partner); + $stmt->execute([$user_name_old,$post_content['username'], $sql_like]); + + $pdo = dbConnect($dbname); + //SQL1 + $stmt = $pdo->prepare($sql1); + $stmt->execute([$user_name_old,$post_content['username'], $sql_like]); + //SQL2 + $stmt = $pdo->prepare($sql2); + $stmt->execute([$user_name_old,$post_content['username'], $sql_like]); + //SQL3 + $stmt = $pdo->prepare($sql3); + $stmt->execute([$user_name_old,$post_content['username'], $sql_like]); + //SQL4 + $stmt = $pdo->prepare($sql4); + $stmt->execute([$user_name_old,$post_content['username'], $sql_like]); + //SQL5 + $stmt = $pdo->prepare($sql5); + $stmt->execute([$user_name_old,$post_content['username'], $sql_like]); + //SQL6 + $stmt = $pdo->prepare($sql6); + $stmt->execute([$user_name_old,$post_content['username'], $sql_like]); + //SQL7 + $stmt = $pdo->prepare($sql7); + $stmt->execute([$user_name_old,$post_content['username'], $sql_like]); + //SQL8 + $stmt = $pdo->prepare($sql8); + $stmt->execute([$user_name_old,$post_content['username'], $sql_like]); + } +} +elseif ($command == 'insert' && isAllowed('user',$profile,$permission,'C') === 1){ + + //check if user exists + $stmt = $pdo->prepare('SELECT * FROM users WHERE username = ?'); + $stmt->execute([$post_content['username']]); + $user_exist = $stmt->fetch(); + + $exists = (isset($user_exist['username']))? 1 : 0; + if($user_exist == 0 ){ + $sql = 'INSERT INTO users ('.$clause_insert.') VALUES ('.$input_insert.')'; + $stmt = $pdo->prepare($sql); + $stmt->execute($execute_input); + + //STEP 2- Send to user + include_once './assets/mail/email_template_new.php'; + send_mail($post_content['email'],$subject,$message,'',''); + } else { + //------------------------------------------ + //JSON_ENCODE + //------------------------------------------ + $messages = json_encode($exists, JSON_UNESCAPED_UNICODE); + + //Send results + echo $messages; + } +} +elseif ($command == 'delete' && isAllowed('user',$profile,$permission,'D') === 1){ + //delete equipment + $stmt = $pdo->prepare('DELETE FROM users WHERE id = ? '.$whereclause.''); + $stmt->execute([ $id ]); + + //Add deletion to changelog + changelog($dbname,'users',$id,'Delete','Delete',$username); +} else +{ + //do nothing +} + + +?> \ No newline at end of file diff --git a/assets/functions.php b/assets/functions.php index c8565af..c0e8768 100644 --- a/assets/functions.php +++ b/assets/functions.php @@ -2308,4 +2308,36 @@ function calculateMedian($array) { $highMiddle = $array[ceil((count($array) - 1) / 2)]; return ($lowMiddle + $highMiddle) / 2; } +} + +// +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +// visual forecast for service and warranty+++++++++++++++ +// +++++++++++++++++++++++++++++++++++++++++++++++++++++++ +function usageView($messages){ + + //GET TOTAL SERVICE COUNT + $totalcount = 0; + foreach ($messages as $message){ + $totalcount += $message['count']; + } + + $view = ' + Service = '.$totalcount.' +
+ +
+ '; + + return $view; } \ No newline at end of file diff --git a/contract.php b/contract.php index f75ad55..e84a037 100644 --- a/contract.php +++ b/contract.php @@ -1,223 +1,258 @@ '.$button_back.'':''; + //Check if allowed if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){ header('location: index.php'); exit; } + +//GET PARAMETERS && STORE in SESSION for FURTHER USE/NAVIGATION +$pagination_page = $_SESSION['p'] = isset($_GET['p']) ? $_GET['p'] : 1; + //PAGE Security +$page_manage = 'contract_manage'; $update_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'U'); -$delete_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'D'); -$create_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'C'); - -// Default input product values -$contract = [ - 'rowID' => '', - 'type' => '', - 'status' => '', - 'accountID' => '', - 'start_date' => '', - 'duration' => '', - 'service_count' => '', - 'contract_details' => '', - 'created' => '', - 'createdby' => '', - 'billing_plan' => '', - 'pricing' => '', - 'reference' => '', - 'servicetool' => '', - 'assigned_users' => [] -]; +$update_allowed_edit = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'U'); +$delete_allowed = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'D'); +$create_allowed = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'C'); +//GET Details from URL +$GET_VALUES = urlGETdetails($_GET) ?? ''; $contract_ID = $_GET['rowID'] ?? ''; -if ($contract_ID !=''){ - $url = 'index.php?page=contract&rowID='.$contract_ID.''; -} else { - $url = 'index.php?page=contracts'; -} +//CALL TO API FOR General information +$api_url = '/v1/contracts/rowID='.$contract_ID;; +$responses = ioServer($api_url,''); +//Decode Payload +if (!empty($responses)){$responses = decode_payload($responses);}else{$responses = null;} +$responses = $responses[0]; -if (isset($_GET['rowID'])) { - //CALL TO API - $api_url = '/v1/contracts/rowID='.$contract_ID; - $responses = ioServer($api_url,''); - //Decode Payload - if (!empty($responses)){$responses = decode_payload($responses);}else{$responses = null;} - - $contract = json_decode(json_encode($responses[0]), true); +//------------------------------ +//Variables +//------------------------------ +$contract_status_text = 'contract_status'.$responses->status ?? ''; +$contract_type_text = 'contract_type'.$responses->type ?? ''; +$servicetools = json_decode($responses->servicetool,true) ?? ''; +$assigned_users = json_decode($responses->assigned_users,true) ?? ''; - if ($update_allowed === 1){ - if (isset($_POST['submit'])) { - //GET ALL POST DATA - $data = json_encode($_POST, JSON_UNESCAPED_UNICODE); +//Partnerdata +$partner_data = json_decode($responses->accounthierarchy); +$salesid = getPartnerName($partner_data->salesid) ?? $not_specified; +$soldto = getPartnerName($partner_data->soldto) ?? '-'; +$shipto = getPartnerName($partner_data->shipto) ?? '-'; +$location = getPartnerName($partner_data->location) ?? '-'; - //Secure data - $payload = generate_payload($data); - - //API call - $responses = ioServer('/v1/contracts', $payload); - if ($responses === 'NOK'){ - - } else { - header('Location: index.php?page=contracts&success_msg=2'); - exit; - } - - } +// Handle success messages +if (isset($_GET['success_msg'])) { + if ($_GET['success_msg'] == 1) { + $success_msg = $message_contract_1; } - - if ($delete_allowed === 1){ - if (isset($_POST['delete'])) { - //GET ALL POST DATA - $data = json_encode($_POST , JSON_UNESCAPED_UNICODE); - //Secure data - $payload = generate_payload($data); - //API call - $responses = ioServer('/v1/contracts', $payload); - // Redirect and delete product - if ($responses === 'NOK'){ - - } else { - header('Location: index.php?page=contracts&success_msg=3'); - exit; - } - } + if ($_GET['success_msg'] == 2) { + $success_msg = $message_contract_2; } - -} else { - // Create a new product - if (isset($_POST['submit']) && $create_allowed === 1) { - //GET ALL POST DATA - $data = json_encode($_POST, JSON_UNESCAPED_UNICODE); - //Secure data - $payload = generate_payload($data); - //API call - $responses = ioServer('/v1/contracts', $payload); - if ($responses === 'NOK'){ - - } else { - header('Location: index.php?page=contracts&success_msg=1'); - exit; - } + if ($_GET['success_msg'] == 3) { + $success_msg = $message_contract_3; } } -template_header('Contract', 'contract', 'manage'); - -$view =' -
+template_header('Contract', 'contract', 'view'); +$view = '
-

'.$contract_h2.'

- '.$button_cancel.' +

'.$responses->rowID.'

+ '.$button_cancel.' '; -if ($delete_allowed === 1){ - $view .= ''; + +//------------------------------------ +// +//------------------------------------ +if ($update_allowed_edit === 1){ + $view .= 'Edit'; } -if ($update_allowed === 1){ - $view .= ''; -} - + $view .= '
'; -$view .= '
- '.$tab1 .' - '.$tab2.' - '.$tab3.' +if (isset($success_msg)){ + $view .= '
+ +

'.$success_msg.'

+ +
'; +} + +$view .= '
'; + +$view .= '
+
+ '.($product_data ?? '').' +
+
+

'.$contract_id.'

+

'.$responses->rowID.'

+
+
+

'.$contract_status.'

+

'.$$contract_status_text.'

+
+
+

'.$contract_type.'

+

'.$$contract_type_text.'

+
+
+

'.$contract_start_date.'

+

'.$responses->start_date.'

+
+
+

'.$contract_duration.'

+

'.$responses->duration.'

+
+ '; + if ($responses->duration !='' && $responses->start_date !=''){ + $date = date('Y-m-d', strtotime('+'.$responses->duration.' months', strtotime($responses->start_date))); + + $view .= ' +
+

'.$contract_end_date.'

+

'.$date.'

+
'; + } + +$view .=' +
+'; + +$view .='
+
+ '.$view_asset_partners.' +
+
+

'.$general_salesid.'

+

'.$salesid.'

+
+
+

'.$general_soldto.'

+

'.$soldto.'

+
+
+

'.$general_shipto.'

+

'.$shipto.'

+
+
+

'.$general_location.'

+

'.$location.'

+
+
+

'.$contract_reference.'

+

'.$responses->reference.'

+
+ +
'; +$view .= '
'; + + +//Usageview + +//get all assigned serialnumbers +$url_input = ''; +foreach($servicetools as $service_tool){ + $url_input .= $service_tool.','; +} + +//Return report_usage_servicereports +$api_url = '/v1/application/type=ServiceReport&serialnumber='.substr($url_input,0,-1).'/contract_usage_servicereports'; +$contract_usage_servicereports = ioServer($api_url,''); +//Decode Payload +if (!empty($contract_usage_servicereports)){$contract_usage_servicereports = decode_payload($contract_usage_servicereports);}else{$contract_usage_servicereports = null;} + +$service_events = usageView(json_decode(json_encode($contract_usage_servicereports),true)); + +$view .= '
+
+ '.$menu_service_reports.' +
+
+ '.$service_events.' +
'; -$view .='
-
- - + +$view .= '
+
+ '.$contract_assigned_users.'
-
- - +
+ + '; + //Check for assigned users + foreach ($assigned_users as $user){ + $view .= ''; + } +$view .= ' + +
'.$user.'
-
- - -
'; - -//Define end_date based on duration -if ($contract['duration'] !='' && $contract['start_date'] !=''){ - $date = date('Y-m-d', strtotime('+'.$contract['duration'].' months', strtotime($contract['start_date']))); - - $view .= '
- - -
'; -} -$view .= '
- - -
-
- - -
-
'; - - - -//GET PARTNER DROPDOWN -$soldto_dropdown = listAccounts('accountID',$_SESSION['permission'],$contract['accountID']); - -$view .= '
-
- - '.$soldto_dropdown.' -
-
- - -
-
- '; - - -//Check for assigned users -$assigned_users = (is_string($contract['assigned_users']))? json_decode($contract['assigned_users']) : ''; - -if (is_array($assigned_users)) { - foreach ($assigned_users as $user){ - $view .= ''; - } -} else{ - $view .= ''; -} - -$view .='
- '.$contract_assigned_users_add.' -
'; - -$view .= '
-
- - - - -
-
'; + '; + +$view .= '
+
+ '. $contract_servicetool.' +
+
+ + '; + //Check for assigned tools + foreach ($servicetools as $tools){ + $view .= ''; + } +$view .= ' + +
'.$tools.'
+
+
+'; +$view .= '
+
+ '.$tab3.' +
+
+ + + + + + + + + +
'.$general_created.''.$responses->created.'
'.$general_createdby.''.$responses->createdby.'
+
+
+'; -$view .= ''; +$view .='
'; +//OUTPUT +echo $view; -//Output -echo $view; +template_footer() -template_footer()?> \ No newline at end of file +?> \ No newline at end of file diff --git a/contract_manage.php b/contract_manage.php new file mode 100644 index 0000000..10da93e --- /dev/null +++ b/contract_manage.php @@ -0,0 +1,250 @@ + '', + 'type' => '', + 'status' => '', + 'accountID' => '', + 'start_date' => '', + 'duration' => '', + 'service_count' => '', + 'contract_details' => '', + 'created' => '', + 'createdby' => '', + 'billing_plan' => '', + 'pricing' => '', + 'reference' => '', + 'servicetool' => [], + 'assigned_users' => [], + 'accounthierarchy' => $_SESSION['partnerhierarchy'] +]; + +$contract_ID = $_GET['rowID'] ?? ''; + +if ($contract_ID !=''){ + $url = 'index.php?page=contract&rowID='.$contract_ID.''; +} else { + $url = 'index.php?page=contracts'; +} + +if (isset($_GET['rowID'])) { + //CALL TO API + $api_url = '/v1/contracts/rowID='.$contract_ID; + $responses = ioServer($api_url,''); + //Decode Payload + if (!empty($responses)){$responses = decode_payload($responses);}else{$responses = null;} + + $contract = json_decode(json_encode($responses[0]), true); + + if ($update_allowed === 1){ + if (isset($_POST['submit'])) { + //GET ALL POST DATA + $data = json_encode($_POST, JSON_UNESCAPED_UNICODE); + var_dump($data); + //Secure data + $payload = generate_payload($data); + + //API call + $responses = ioServer('/v1/contracts', $payload); + if ($responses === 'NOK'){ + + } else { + header('Location: index.php?page=contract&rowID='.$contract_ID.'&success_msg=2'); + exit; + } + + } + } + + if ($delete_allowed === 1){ + if (isset($_POST['delete'])) { + //GET ALL POST DATA + $data = json_encode($_POST , JSON_UNESCAPED_UNICODE); + //Secure data + $payload = generate_payload($data); + //API call + $responses = ioServer('/v1/contracts', $payload); + // Redirect and delete product + if ($responses === 'NOK'){ + + } else { + header('Location: index.php?page=contracts&success_msg=3'); + exit; + } + } + } + +} else { + // Create a new product + if (isset($_POST['submit']) && $create_allowed === 1) { + //GET ALL POST DATA + $data = json_encode($_POST, JSON_UNESCAPED_UNICODE); + //Secure data + $payload = generate_payload($data); + //API call + $responses = ioServer('/v1/contracts', $payload); + if ($responses === 'NOK'){ + + } else { + header('Location: index.php?page=contracts&success_msg=1'); + exit; + } + } +} + +template_header('Contract', 'contract', 'manage'); + +$view =' +
+
+

'.$contract_h2.'

+ '.$button_cancel.' +'; + +if ($delete_allowed === 1){ + $view .= ''; +} +if ($update_allowed === 1){ + $view .= ''; +} + +$view .= '
'; + +$view .= '
+ '.$tab1 .' + '.$tab2.' + '.$tab3.' +
+ '; + +$view .='
+
+ + +
+
+ + +
+
+ + +
'; + +//Define end_date based on duration +if ($contract['duration'] !='' && $contract['start_date'] !=''){ + $date = date('Y-m-d', strtotime('+'.$contract['duration'].' months', strtotime($contract['start_date']))); + + $view .= '
+ + +
'; +} +$view .= '
+ + +
+
+ + +
'; + +$view .= '
+ '; + //Check for assigned servicetools +$assigned_servicetools = (empty($contract['servicetool']))? '' :json_decode($contract['servicetool'],true); + + if (!empty($assigned_servicetools || $assigned_servicetools !='')){ + foreach ($assigned_servicetools as $tool){ + $view .= ''; + } + } else { + $view .= ''; + + } +$view .='
+ '; + +$view .='
+ '; + +//Check for assigned users +$assigned_users = (empty($contract['assigned_users']))? '' :json_decode($contract['assigned_users'],true); + + if (!empty($assigned_users) || $assigned_users != ''){ + foreach ($assigned_users as $user){ + $view .= ''; + } + } else { + $view .= ''; + } + +$view .='
+ +
'; + +//GET PARTNERDATA +$partner_data = json_decode($contract['accounthierarchy']); + +//BUID UP DROPDOWNS +$salesid_dropdown = listPartner('salesid',$_SESSION['permission'],$partner_data->salesid); +$soldto_dropdown = listPartner('soldto',$_SESSION['permission'],$partner_data->soldto); +$shipto_dropdown = listPartner('shipto',$_SESSION['permission'],$partner_data->shipto); +$location_dropdown = listPartner('location',$_SESSION['permission'],$partner_data->location); + +//DISPLAY +$view .= '
+
+'; +$view .= ''; +$view .= $salesid_dropdown; +$view .= ''; +$view .= $soldto_dropdown; +$view .= ''; +$view .= $shipto_dropdown; +$view .= ''; +$view .= $location_dropdown; + +$view .= ' +
+
'; + +$view .= '
+
+ + + + + +
+
'; + + +$view .= '
'; + + +//Output +echo $view; + +template_footer()?> \ No newline at end of file diff --git a/contracts.php b/contracts.php index 3330d12..ba24d61 100644 --- a/contracts.php +++ b/contracts.php @@ -11,8 +11,8 @@ include_once './settings/settings.php'; //SET PAGE ORIGIN FOR NAVIGATION AND SECURITY +$page = $_SESSION['origin'] = 'contracts'; $prev_page = ($_SESSION['origin'] == 'equipments') ? $_SESSION['prev_origin_equipment'] : (($_SESSION['origin'] == 'account')? $_SESSION['prev_origin'] :''); -$page = 'contracts'; //create backbutton to prev_origin $back_btn_orgin = ($prev_page != '')? ''.$button_back.'':''; @@ -78,7 +78,7 @@ $view .= '
} $view .= '
- '.$button_create_contract.' + '.$button_create_contract.'
@@ -136,12 +136,15 @@ $view .= ' $type = 'contract_type'.$response->type; //calculate enddate from duration $date = date('Y-m-d', strtotime('+'.$response->duration.' months', strtotime($response->start_date))); - + + //GetPartnerDetails + $partner_data = json_decode($response->accounthierarchy); + $view .= ' '.$response->rowID.' '.(($response->status == 1)? ''.$$status:''.$$status).' - '.$response->accountID.' + '.$partner_data->soldto.' '.$$type.' '.$response->start_date.' '.$date.' diff --git a/dev.php b/dev.php index 1eca3f1..148f742 100644 --- a/dev.php +++ b/dev.php @@ -7,6 +7,12 @@ include './assets/functions.php'; include './settings/settings.php'; include './settings/config.php'; + +$tes= '40'; + +$test_r = (isset($test))? $test : (isset($test2)? $test2 : 'none'); + +echo $test_r; //Connect to DB $pdo = dbConnect($dbname);