pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CM89 - contract changes

Browse Source
This commit is contained in:
“VeLiTi”
2024-09-20 14:57:11 +02:00
parent e139b91c30
commit 78cfe93dce
19 changed files with 1780 additions and 211 deletions
Download Patch File Download Diff File Expand all files Collapse all files

32
api/v1/get/application.php
View File

@@ -67,7 +67,33 @@ if(isset($get_content) && $get_content!=''){
$criterias[$v[0]] = $v[1]; $criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='history' || $v[0] =='target' || $v[0] =='success_msg'){ if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='history' || $v[0] =='target' || $v[0] =='success_msg'){
//do nothing //do nothing
} }
elseif ($v[0] == 'serialnumber') {
//build up serialnumber
//check if multiple serialnumbers are provided
if (str_contains($v[1], ',')){
$inputs = explode(",",$v[1]);
$new_querystring = ''; //empty querystring
$x=0;
foreach($inputs as $input){
//create key
$new_key = $v[0].'_'.$x;
//inject new key/value to array
$criterias[$new_key] = $input;
$new_querystring .= ':'.$new_key.',';
$x++;
}
//remove obsolete last character from new_querystring
$new_querystring = substr($new_querystring,0, -1);
//add new_querystring to clause
$clause .= ' AND e.serialnumber IN ('.$new_querystring.')';
//remove original key/value from array
unset($criterias[$v[0]]);
}
else {
$clause .= ' AND e.serialnumber IN (:'.$v[0].')';
}
}
else {//create clause else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0]; $clause .= ' AND '.$v[0].' = :'.$v[0];
} }
@@ -155,6 +181,10 @@ switch ($action) {
$sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM history h LEFT JOIN equipment e ON h.equipmentid = e.rowID where h.type = "ServiceReport" AND NOT e.productrowid = "31" GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)'; $sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM history h LEFT JOIN equipment e ON h.equipmentid = e.rowID where h.type = "ServiceReport" AND NOT e.productrowid = "31" GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)';
break; break;
case 'contract_usage_servicereports':
$sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.' GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)';
break;
case 'report_usage_firmware': case 'report_usage_firmware':
$sql = 'SELECT YEAR(h.created) AS year,QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM history h LEFT JOIN equipment e ON h.equipmentid=e.rowID where h.type="Firmware" AND NOT e.productrowid="31" GROUP BY YEAR(h.created),QUARTER(h.created), MONTH(h.created)'; $sql = 'SELECT YEAR(h.created) AS year,QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM history h LEFT JOIN equipment e ON h.equipmentid=e.rowID where h.type="Firmware" AND NOT e.productrowid="31" GROUP BY YEAR(h.created),QUARTER(h.created), MONTH(h.created)';
break; break;

24
api/v1/get/contracts.php
View File

@@ -8,11 +8,33 @@ defined($security_key) or exit;
//Connect to DB //Connect to DB
$pdo = dbConnect($dbname); $pdo = dbConnect($dbname);
//Get user_rights from users.php
$partner = json_decode($partnerhierarchy);
//SoldTo is empty //SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
case '2':
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = 'WHERE accounthierarchy like :condition ';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
$whereclause = 'WHERE accounthierarchy like :condition ';
break;
}
//NEW ARRAY //NEW ARRAY
$whereclause ='';
$criterias = []; $criterias = [];
$clause = ''; $clause = '';

1
api/v1/get/user_credentials.php
View File

@@ -23,6 +23,7 @@ if ($stmt->rowCount() == 1) {
$servicekey = $user_data['service']; $servicekey = $user_data['service'];
$language = $user_data['language']; $language = $user_data['language'];
$partner = json_decode($partnerhierarchy); $partner = json_decode($partnerhierarchy);
$clientsecret = $user_data['userkey'];
//Update Lastlogin //Update Lastlogin
$logindate = date('Y-m-d H:i:s'); $logindate = date('Y-m-d H:i:s');

170
api/v1/post/contracts.php
View File

@@ -13,9 +13,26 @@ $post_content = json_decode(decode_payload($input),true);
//SoldTo is empty //SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause to check if data is owned buy user //default whereclause
$whereclause = ''; $whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
case '2':
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
}
//SET PARAMETERS FOR QUERY //SET PARAMETERS FOR QUERY
$id = $post_content['rowID'] ?? ''; //check for rowID $id = $post_content['rowID'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT $command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
@@ -27,17 +44,161 @@ $clause = '';
$clause_insert =''; $clause_insert ='';
$input_insert = ''; $input_insert = '';
//remove blanks from array
if (isset($post_content['servicetool'])){
$post_content['servicetool'] = array_map('trim', $post_content['servicetool']);
$post_content['servicetool'] = array_filter($post_content['servicetool'], 'strlen');
}
if (isset($post_content['assigned_users'])){
$post_content['assigned_users'] = array_map('trim', $post_content['assigned_users']);
$post_content['assigned_users'] = array_filter($post_content['assigned_users'], 'strlen');
}
if ($id != ''){
//DEFINE ACCOUNTHIERARCHY
$stmt = $pdo->prepare('SELECT * FROM contracts WHERE rowID = ?');
$stmt->execute([$id]);
$contract_data = $stmt->fetch();
$contract_old = json_decode($contract_data['accounthierarchy']);
$salesid_new = (($post_content['salesid'] != '' && $post_content['salesid'] != $contract_old->salesid)? $post_content['salesid'] : $contract_old->salesid);
$soldto_new = (($post_content['soldto'] != '' && $post_content['soldto'] != $contract_old->soldto)? $post_content['soldto'] : $contract_old->soldto);
$shipto_new = (($post_content['shipto'] != '' && $post_content['shipto'] != $contract_old->shipto)? $post_content['shipto'] : $contract_old->shipto);
$location_new = (($post_content['location'] != '' && $post_content['location'] != $contract_old->location)? $post_content['location'] : $contract_old->location);
if ($permission == 4){
//ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$salesid_new,
"soldto"=>$soldto_new,
"shipto"=>$shipto_new,
"location"=>$location_new
);
}
elseif ($permission == 3) {
//ADMIN ONLY ARE ALLOWED TO CHANGE SOLD
$account = array(
"salesid"=>$contract_old->salesid,
"soldto"=>$soldto_new,
"shipto"=>$shipto_new,
"location"=>$location_new
);
}
else {
$account = array(
"salesid"=>$contract_old->salesid,
"soldto"=>$contract_old->soldto,
"shipto"=>$shipto_new,
"location"=>$location_new
);
}
//CHECK FOR CHANGES IN ASSIGNED_USERS
if (isset($post_content['assigned_users'])){
$assigned_users_current = json_decode($contract_data['assigned_users'],true);
$assigned_users_new = $post_content['assigned_users'];
// Find deleted items (items in current but not in new)
$deletedItems = array_diff($assigned_users_current, $assigned_users_new);
// Find added items (items in new but not in current)
$addedItems = array_diff($assigned_users_new, $assigned_users_current);
//When deleted items are found
if (!empty($deletedItems)){
foreach ($deletedItems as $item){
//CALL TO API FOR General information
$api_url = '/v2/users/username='.$item;
$responses = ioApi($api_url,'',$clientsecret);
if (!empty($responses)){
$response = json_decode($responses,true);
//If response is not null update the service flag of the user
if (count($response) != 0){
$id_removed_user = $response[0]['id'];
//Remove serviceflag from user
$sql = 'UPDATE users SET service = "" WHERE id = ? ';
$stmt = $pdo->prepare($sql);
$stmt->execute([$id_removed_user]);
}
}
}
}
}
}
else {
//ID is empty => INSERT / NEW RECORD
if ($permission == 4){
$account = array(
"salesid"=>$post_content['salesid'],
"soldto"=>$post_content['soldto'],
"shipto"=>$post_content['shipto'],
"location"=>$post_content['location']
);
}
elseif ($permission == 3){
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$post_content['soldto'],
"shipto"=>$post_content['shipto'],
"location"=>$post_content['location']
);
}else {
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$partner->soldto,
"shipto"=>$post_content['shipto'],
"location"=>$post_content['location']
);
}
}
// CREATE ACCOUNTHIERARCHY JSON FROM ACCOUNT ARRAY
$post_content['accounthierarchy'] = json_encode($account, JSON_UNESCAPED_UNICODE);
if ($command == 'insert' && !isset($post_content['delete'])){ if ($command == 'insert' && !isset($post_content['delete'])){
$post_content['created'] = $date; $post_content['created'] = $date;
$post_content['createdby'] = $username; $post_content['createdby'] = $username;
} }
$post_content['assigned_users'] = json_encode($post_content['assigned_users'], JSON_UNESCAPED_UNICODE); //remove blanks from array
if (isset($post_content['servicetool'])){
$post_content['servicetool'] = json_encode($post_content['servicetool'], JSON_UNESCAPED_UNICODE);
}
if (isset($post_content['assigned_users'])){
//Check for all users in array if exist then update service or create
foreach ($post_content['assigned_users'] as $user_assigned){
//CALL TO API FOR General information
$responses = ioApi('/v2/users/username='.$user_assigned,'',$clientsecret);
if (!empty($responses)){
$response = json_decode($responses,true);
//If response is not null update the service flag of the user
if (count($response) != 0){
$id_exist_user = $response[0]['id'];
$generate_service = bin2hex(random_bytes(25));
//Remove serviceflag from user
$sql = 'UPDATE users SET service = ? WHERE id = ? ';
$stmt = $pdo->prepare($sql);
$stmt->execute([$generate_service,$id_exist_user]);
} else {
//Decode the account structure of the contract and create user
$ah_array = json_decode($post_content['accounthierarchy'],true);
$data = json_encode(array("username" => $user_assigned, "email"=> $user_assigned,"view" => 2 ,"settings"=>"service","service"=> 1,"userkey"=> 1, "salesid" => $ah_array['salesid'], "soldto" => $ah_array['soldto'],"shipto" => $ah_array['shipto'],"location" => $ah_array['location']), JSON_UNESCAPED_UNICODE);
//call the API to create user
ioApi('/v2/users',$data,$clientsecret);
}
}
}
//CREAT NEW ARRAY AND MAP TO CLAUSE // UPDATE TO JSON
$post_content['assigned_users'] = json_encode($post_content['assigned_users'], JSON_UNESCAPED_UNICODE);
}
//CREATE NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){ if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){ foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'delete' || $key == 'rowID'|| $key == 'id' || str_contains($key, 'old_')|| $key == 'salesid' || $key == 'soldto'){ if ($key == 'submit' || $key == 'delete' || $key == 'rowID'|| $key == 'id' || str_contains($key, 'old_')|| $key == 'salesid' || $key == 'soldto' || $key == 'shipto' || $key == 'location'){
//do nothing //do nothing
} }
else { else {
@@ -61,6 +222,7 @@ if ($command == 'update' && !isset($post_content['delete']) && isAllowed('contra
$execute_input[] = $id; $execute_input[] = $id;
$stmt = $pdo->prepare($sql); $stmt = $pdo->prepare($sql);
$stmt->execute($execute_input); $stmt->execute($execute_input);
} }
elseif ($command == 'insert' && !isset($post_content['delete']) && isAllowed('contract',$profile,$permission,'C') === 1){ elseif ($command == 'insert' && !isset($post_content['delete']) && isAllowed('contract',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO contracts ('.$clause_insert.') VALUES ('.$input_insert.')'; $sql = 'INSERT INTO contracts ('.$clause_insert.') VALUES ('.$input_insert.')';

13
api/v1/post/users.php
View File

@@ -14,7 +14,7 @@ $owner_user = 0;
//SoldTo is empty //SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause to check if data is owned buy user //default whereclause to check if data is owned by user
$whereclause = ''; $whereclause = '';
switch ($permission) { switch ($permission) {
@@ -35,7 +35,7 @@ switch ($permission) {
} }
//SET PARAMETERS FOR QUERY //SET PARAMETERS FOR QUERY
$id = $post_content['id'] ?? ''; //check for rowID $id = (isset($post_content['id'])) ? $post_content['id']: ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT $command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
if (isset($post_content['reset'])){$command = 'reset';} //change command to reset if (isset($post_content['reset'])){$command = 'reset';} //change command to reset
@@ -143,14 +143,15 @@ $accounthierarchy = json_encode($account, JSON_UNESCAPED_UNICODE);
//Create resetkey & tokens //Create resetkey & tokens
$headers = array('alg'=>'HS256','typ'=>'JWT'); $headers = array('alg'=>'HS256','typ'=>'JWT');
$payload = array('username'=>$post_content['username'], 'exp'=>(time() + 1800)); $payload = array('username'=>$post_content['username'], 'exp'=>(time() + 1800));
$post_content['service'] = ($post_content['service'] == 1) ? bin2hex(random_bytes(25)) : ''; $post_content['service'] = (isset($post_content['service']) && $post_content['service'] == 1) ? bin2hex(random_bytes(25)) : '';
$post_content['userkey'] = ($post_content['userkey'] == 1) ? bin2hex(random_bytes(25)) : ''; $post_content['userkey'] = (isset($post_content['userkey']) && $post_content['userkey'] == 1) ? bin2hex(random_bytes(25)) : '';
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE //ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){ if ($command == 'update'){
$post_content['partnerhierarchy'] = $accounthierarchy; $post_content['partnerhierarchy'] = $accounthierarchy;
} }
elseif ($command == 'insert'){ elseif ($command == 'insert'){
$post_content['resetkey'] = $resetkey = generate_jwt($headers, $payload);
$post_content['password'] = generate_jwt($headers, $payload); $post_content['password'] = generate_jwt($headers, $payload);
$post_content['partnerhierarchy'] = $accounthierarchy; $post_content['partnerhierarchy'] = $accounthierarchy;
$post_content['salesID'] = $partner->salesid; $post_content['salesID'] = $partner->salesid;
@@ -249,10 +250,6 @@ elseif ($command == 'insert' && isAllowed('user',$profile,$permission,'C') === 1
$stmt = $pdo->prepare($sql); $stmt = $pdo->prepare($sql);
$stmt->execute($execute_input); $stmt->execute($execute_input);
//STEP 1- create resetkey
$headers = array('alg'=>'HS256','typ'=>'JWT');
$payload = array('username'=>$post_content['username'], 'exp'=>(time() + 1800));
$resetkey = generate_jwt($headers, $payload);
//STEP 2- Send to user //STEP 2- Send to user
include_once './assets/mail/email_template_new.php'; include_once './assets/mail/email_template_new.php';
send_mail($post_content['email'],$subject,$message,'',''); send_mail($post_content['email'],$subject,$message,'','');

12
api/v2/authorization.php
View File

@@ -7,7 +7,8 @@ defined($security_key) or exit;
$user_credentials = json_decode($input,true); $user_credentials = json_decode($input,true);
//Connect to DB //Connect to DB
$pdo = dbConnect($dbname); $pdo = dbConnect($dbname);
$username = $user_credentials['username'] ?? ''; //User username or clientID
$username = (isset($user_credentials['username']))? $user_credentials['username'] : (isset($user_credentials['clientID'])? $user_credentials['clientID'] : '');
//Define Query //Define Query
$stmt = $pdo->prepare('SELECT * FROM users WHERE username = ?'); $stmt = $pdo->prepare('SELECT * FROM users WHERE username = ?');
//Excute Query //Excute Query
@@ -21,8 +22,8 @@ if ($stmt->rowCount() == 1) {
$user_data = $stmt->fetch(); $user_data = $stmt->fetch();
$permission = userRights($user_data['view']); $permission = userRights($user_data['view']);
$profile = getProfile($user_data['settings'],$permission); $profile = getProfile($user_data['settings'],$permission);
$password = $user_credentials['password']; $password = (isset($user_credentials['password']))? $user_credentials['password'] : (isset($user_credentials['clientsecret'])? $user_credentials['clientsecret'] : '');
if ($user_data['login_count'] < 5){ if ($user_data['login_count'] < 5){
if (array_key_exists('resetkey', $user_credentials)){ if (array_key_exists('resetkey', $user_credentials)){
@@ -51,9 +52,10 @@ if ($stmt->rowCount() == 1) {
//RETURN JWT AND CLIENTSECRET //RETURN JWT AND CLIENTSECRET
$user = array( $user = array(
'clientID' => $user_data['id'], 'clientID' => $user_data['username'],
'token' => $token, 'token' => $token,
'clientsecret' => $user_data['userkey'] 'token_valid' => date('Y-m-d H:i:s',time() + 1800),
'userkey' => $user_data['userkey']
); );
//Reset login count after succesfull attempt //Reset login count after succesfull attempt

2
api/v2/get/changelog.php
View File

@@ -132,7 +132,7 @@ else {
} }
//------------------------------------------ //------------------------------------------
//JSON_DECODE //JSON_ENCODE
//------------------------------------------ //------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE); $messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results //Send results

134
api/v2/get/contracts.php Normal file
View File

@@ -0,0 +1,134 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// contracts
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//Get user_rights from users.php
$partner = json_decode($partnerhierarchy);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
case '2':
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = 'WHERE accounthierarchy like :condition ';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
$whereclause = 'WHERE accounthierarchy like :condition ';
break;
}
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND reference like :'.$v[0];
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM contracts '.$whereclause.'';
}
elseif (isset($criterias['list']) && $criterias['list'] =='') {
//SQL for Paging
$sql = 'SELECT * FROM contracts '.$whereclause.'';
}
else {
//SQL for Paging
$sql = 'SELECT * FROM contracts '.$whereclause.' LIMIT :page,:num_products';
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
elseif(isset($criterias['list']) && $criterias['list']==''){
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * $page_rows_contracts, PDO::PARAM_INT);
$stmt->bindValue('num_products', $page_rows_contracts, PDO::PARAM_INT);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
?>

3
api/v2/get/equipments.php
View File

@@ -11,7 +11,6 @@ $pdo = dbConnect($dbname);
//Get user_rights from users.php //Get user_rights from users.php
$partner = json_decode($partnerhierarchy); $partner = json_decode($partnerhierarchy);
//SoldTo is empty //SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
@@ -293,7 +292,7 @@ else {
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC); $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
} }
//------------------------------------------ //------------------------------------------
//JSON_DECODE //JSON_EnCODE
//------------------------------------------ //------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE); $messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//------------------------------------------ //------------------------------------------

2
api/v2/get/products_versions.php
View File

@@ -131,7 +131,7 @@ if (isset($criterias['productrowid']) && $criterias['productrowid'] != ''){
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC); $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
} }
//------------------------------------------ //------------------------------------------
//JSON_DECODE //JSON_ENCODE
//------------------------------------------ //------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE); $messages = json_encode($messages, JSON_UNESCAPED_UNICODE);

126
api/v2/get/users.php Normal file
View File

@@ -0,0 +1,126 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Users
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//Get user_rights from users.php
$partner = json_decode($partnerhierarchy);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
case '2':
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = 'WHERE partnerhierarchy like :condition ';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
$whereclause = 'WHERE partnerhierarchy like :condition ';
break;
}
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND username like :'.$v[0];
}
elseif ($v[0] == 'partnerid') {
//check accounthierarchy related users
$clause .= ' AND partnerhierarchy like :'.$v[0];
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count from users '.$whereclause.'';
}
else {
//SQL for Paging
$sql = 'SELECT id,username, email, salesID, partnerhierarchy, view, created, service, settings, lastlogin, userkey, language,login_count FROM users '.$whereclause.' ORDER BY lastlogin DESC LIMIT :page,:num_products';
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
elseif ($key == 'partnerid'){
$search_value = '%"_"'.$value.'-%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * $page_rows_users, PDO::PARAM_INT);
$stmt->bindValue('num_products', $page_rows_users, PDO::PARAM_INT);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;

243
api/v2/post/contracts.php Normal file
View File

@@ -0,0 +1,243 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// contracts
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
case '2':
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
}
//SET PARAMETERS FOR QUERY
$id = $post_content['rowID'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
$date = date('Y-m-d H:i:s');
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//remove blanks from array
if (isset($post_content['servicetool'])){
$post_content['servicetool'] = array_map('trim', $post_content['servicetool']);
$post_content['servicetool'] = array_filter($post_content['servicetool'], 'strlen');
}
if (isset($post_content['assigned_users'])){
$post_content['assigned_users'] = array_map('trim', $post_content['assigned_users']);
$post_content['assigned_users'] = array_filter($post_content['assigned_users'], 'strlen');
}
if ($id != ''){
//DEFINE ACCOUNTHIERARCHY
$stmt = $pdo->prepare('SELECT * FROM contracts WHERE rowID = ?');
$stmt->execute([$id]);
$contract_data = $stmt->fetch();
$contract_old = json_decode($contract_data['accounthierarchy']);
$salesid_new = (($post_content['salesid'] != '' && $post_content['salesid'] != $contract_old->salesid)? $post_content['salesid'] : $contract_old->salesid);
$soldto_new = (($post_content['soldto'] != '' && $post_content['soldto'] != $contract_old->soldto)? $post_content['soldto'] : $contract_old->soldto);
$shipto_new = (($post_content['shipto'] != '' && $post_content['shipto'] != $contract_old->shipto)? $post_content['shipto'] : $contract_old->shipto);
$location_new = (($post_content['location'] != '' && $post_content['location'] != $contract_old->location)? $post_content['location'] : $contract_old->location);
if ($permission == 4){
//ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$salesid_new,
"soldto"=>$soldto_new,
"shipto"=>$shipto_new,
"location"=>$location_new
);
}
elseif ($permission == 3) {
//ADMIN ONLY ARE ALLOWED TO CHANGE SOLD
$account = array(
"salesid"=>$contract_old->salesid,
"soldto"=>$soldto_new,
"shipto"=>$shipto_new,
"location"=>$location_new
);
}
else {
$account = array(
"salesid"=>$contract_old->salesid,
"soldto"=>$contract_old->soldto,
"shipto"=>$shipto_new,
"location"=>$location_new
);
}
//CHECK FOR CHANGES IN ASSIGNED_USERS
if (isset($post_content['assigned_users'])){
$assigned_users_current = json_decode($contract_data['assigned_users'],true);
$assigned_users_new = $post_content['assigned_users'];
// Find deleted items (items in current but not in new)
$deletedItems = array_diff($assigned_users_current, $assigned_users_new);
// Find added items (items in new but not in current)
$addedItems = array_diff($assigned_users_new, $assigned_users_current);
//When deleted items are found
if (!empty($deletedItems)){
foreach ($deletedItems as $item){
//CALL TO API FOR General information
$api_url = '/v2/users/username='.$item;
$responses = ioApi($api_url,'',$clientsecret);
if (!empty($responses)){
$response = json_decode($responses,true);
//If response is not null update the service flag of the user
if (count($response) != 0){
$id_removed_user = $response[0]['id'];
//Remove serviceflag from user
$sql = 'UPDATE users SET service = "" WHERE id = ? ';
$stmt = $pdo->prepare($sql);
$stmt->execute([$id_removed_user]);
}
}
}
}
}
}
else {
//ID is empty => INSERT / NEW RECORD
if ($permission == 4){
$account = array(
"salesid"=>$post_content['salesid'],
"soldto"=>$post_content['soldto'],
"shipto"=>$post_content['shipto'],
"location"=>$post_content['location']
);
}
elseif ($permission == 3){
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$post_content['soldto'],
"shipto"=>$post_content['shipto'],
"location"=>$post_content['location']
);
}else {
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$partner->soldto,
"shipto"=>$post_content['shipto'],
"location"=>$post_content['location']
);
}
}
// CREATE ACCOUNTHIERARCHY JSON FROM ACCOUNT ARRAY
$post_content['accounthierarchy'] = json_encode($account, JSON_UNESCAPED_UNICODE);
if ($command == 'insert' && !isset($post_content['delete'])){
$post_content['created'] = $date;
$post_content['createdby'] = $username;
}
//remove blanks from array
if (isset($post_content['servicetool'])){
$post_content['servicetool'] = json_encode($post_content['servicetool'], JSON_UNESCAPED_UNICODE);
}
if (isset($post_content['assigned_users'])){
//Check for all users in array if exist then update service or create
foreach ($post_content['assigned_users'] as $user_assigned){
//CALL TO API FOR General information
$responses = ioApi('/v2/users/username='.$user_assigned,'',$clientsecret);
if (!empty($responses)){
$response = json_decode($responses,true);
//If response is not null update the service flag of the user
if (count($response) != 0){
$id_exist_user = $response[0]['id'];
$generate_service = bin2hex(random_bytes(25));
//Remove serviceflag from user
$sql = 'UPDATE users SET service = ? WHERE id = ? ';
$stmt = $pdo->prepare($sql);
$stmt->execute([$generate_service,$id_exist_user]);
} else {
//Decode the account structure of the contract and create user
$ah_array = json_decode($post_content['accounthierarchy'],true);
$data = json_encode(array("username" => $user_assigned, "email"=> $user_assigned,"view" => 2 ,"settings"=>"service","service"=> 1,"userkey"=> 1, "salesid" => $ah_array['salesid'], "soldto" => $ah_array['soldto'],"shipto" => $ah_array['shipto'],"location" => $ah_array['location']), JSON_UNESCAPED_UNICODE);
//call the API to create user
ioApi('/v2/users',$data,$clientsecret);
}
}
}
// UPDATE TO JSON
$post_content['assigned_users'] = json_encode($post_content['assigned_users'], JSON_UNESCAPED_UNICODE);
}
//CREATE NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'delete' || $key == 'rowID'|| $key == 'id' || str_contains($key, 'old_')|| $key == 'salesid' || $key == 'soldto' || $key == 'shipto' || $key == 'location'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && !isset($post_content['delete']) && isAllowed('contract',$profile,$permission,'U') === 1){
$sql = 'UPDATE contracts SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && !isset($post_content['delete']) && isAllowed('contract',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO contracts ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('contract',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE FROM contracts WHERE rowID = ? '.$whereclause.'');
$stmt->execute([ $id ]);
//Add deletion to changelog
changelog($dbname,'contracts',$id,'Delete','Delete',$username);
} else
{
//do nothing
}
?>

248
api/v2/post/equipments.php Normal file
View File

@@ -0,0 +1,248 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// equipments
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
case '2':
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
}
//SET PARAMETERS FOR QUERY
$id = $post_content['rowID'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
$date = date('Y-m-d H:i:s');
//CREATE EMPTY STRINGS
$owner_equipment = 0;
$clause = '';
$clause_insert ='';
$input_insert = '';
if ($id != ''){
//DEFINE ACCOUNTHIERARCHY
$stmt = $pdo->prepare('SELECT * FROM equipment WHERE rowID = ?');
$stmt->execute([$id]);
$equipment_data = $stmt->fetch();
$equipment_old = json_decode($equipment_data['accounthierarchy']);
$salesid_new = (($post_content['salesid'] != '' && $post_content['salesid'] != $equipment_old->salesid)? $post_content['salesid'] : $equipment_old->salesid);
$soldto_new = (($post_content['soldto'] != '' && $post_content['soldto'] != $equipment_old->soldto)? $post_content['soldto'] : $equipment_old->soldto);
$shipto_new = (($post_content['shipto'] != '' && $post_content['shipto'] != $equipment_old->shipto)? $post_content['shipto'] : $equipment_old->shipto);
$location_new = (($post_content['location'] != '' && $post_content['location'] != $equipment_old->location)? $post_content['location'] : $equipment_old->location);
$section_new = (($post_content['section'] != '' && $post_content['section'] != $equipment_old->section)? $post_content['section'] : $equipment_old->section);
$owner_equipment = (($equipment_data['createdby'] == $username)? 1 : 0);
if ($permission == 4){
//ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$salesid_new,
"soldto"=>$soldto_new,
"shipto"=>$shipto_new,
"location"=>$location_new,
"section"=>$section_new
);
}
elseif ($permission == 3) {
//ADMIN ONLY ARE ALLOWED TO CHANGE SOLD
$account = array(
"salesid"=>$equipment_old->salesid,
"soldto"=>$soldto_new,
"shipto"=>$shipto_new,
"location"=>$location_new,
"section"=>$section_new
);
}
else {
$account = array(
"salesid"=>$equipment_old->salesid,
"soldto"=>$equipment_old->soldto,
"shipto"=>$shipto_new,
"location"=>$location_new,
"section"=>$section_new
);
}
}
else {
//ID is empty => INSERT / NEW RECORD
if ($permission == 4){
$account = array(
"salesid"=>$post_content['salesid'],
"soldto"=>$post_content['soldto'],
"shipto"=>$post_content['shipto'],
"location"=>$post_content['location'],
"section"=>$post_content['section']
);
}
elseif ($permission == 3){
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$post_content['soldto'],
"shipto"=>$post_content['shipto'],
"location"=>$post_content['location'],
"section"=>$post_content['section']
);
}else {
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$partner->soldto,
"shipto"=>$post_content['shipto'],
"location"=>$post_content['location'],
"section"=>$post_content['section']
);
}
}
//CHECK IF PARTNER HAS PARTNER RECORD - IF NOT CREATE AND USE
foreach ($account as $key => $value){
if ($key != "section"){
//CHECK for id- pattern
if (empty($value) ||$value == '' || preg_match('/\-.*/',$value)){
//Do Nothing
}
else {
//No partner ID found
switch ($key) {
case 'salesid':
$p_type = 'SalesID';
break;
case 'soldto':
$p_type = 'SoldTo';
break;
case 'shipto':
$p_type = 'ShipTo';
break;
case 'location':
$p_type = 'Location';
break;
}
//Create partner and push to array account
$account[$key] = createPartner($partner->salesid,$partner->soldto,$value,$p_type,$userkey);
}
}
}
// CREATE ACCOUNTHIERARCHY JSON FROM ACCOUNT ARRAY
$accounthierarchy = json_encode($account, JSON_UNESCAPED_UNICODE);
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){
//RESET WARRANTY AND SERVICE DATES WHEN STATUS IS CHANGED TO SEND(3)
if (isset($post_content['status']) && $post_content['status'] == 3 && $equipment_data['status'] != 3)
{
$post_content['service_date'] = $date;
$post_content['warranty_date'] = $date;
}
//UPDATE CHANGELOG BASED ON STATUS CHANGE
if (isset($post_content['status']) && $post_content['status'] != $equipment_data['status'])
{
changelog($dbname,'equipment',$equipment_data['rowID'],'status',$post_content['status'],$username);
}
//UPDATE CHANGELOG BASED ON ORDER_REF change
if (isset($post_content['order_ref']) && $post_content['order_ref'] != $equipment_data['order_ref'])
{
changelog($dbname,'equipment',$equipment_data['rowID'],'order_ref',$post_content['order_ref'],$username);
}
$post_content['accounthierarchy'] = $accounthierarchy;
//CHECK for special permissions
if (isAllowed('equipment_manage_edit',$profile,$permission,'U') === 0 && $owner_equipment === 0 ){
$post_content['status'] = $equipment_data['status'];
$post_content['serialnumber'] = $equipment_data['serialnumber'];
$post_content['service_date'] = $equipment_data['service_date'];
$post_content['warranty_date'] = $equipment_data['warranty_date'];
}
}
elseif ($command == 'insert'){
$post_content['created'] = $date;
$post_content['createdby'] = $username;
$post_content['accounthierarchy'] = $accounthierarchy;
$post_content['service_date'] = $date;
$post_content['warranty_date'] = $date;
}
else {
//do nothing
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'rowID' || str_contains($key, 'old_') || $key == 'salesid' || $key == 'soldto' || $key == 'shipto' || $key == 'location' || $key == 'section' || str_contains($key, 'productcode') || str_contains($key, 'productname')){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && (isAllowed('equipment_manage',$profile,$permission,'U') === 1 || isAllowed('equipments_mass_update',$profile,$permission,'U') === 1 || $owner_equipment === 1)){
$sql = 'UPDATE equipment SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && isAllowed('equipment_manage',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO equipment ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && (isAllowed('equipment_manage',$profile,$permission,'D') === 1 || $owner_equipment === 1)){
//delete equipment
$stmt = $pdo->prepare('DELETE FROM equipment WHERE rowID = ? '.$whereclause.'');
$stmt->execute([ $id ]);
//delete history related to equipment
$stmt = $pdo->prepare('DELETE FROM history WHERE equipmentid = ?');
$stmt->execute([ $id ]);
//Add deletion to changelog
changelog($dbname,'equipment',$id,'Delete','Delete',$username);
} else
{
//do nothing
}
?>

279
api/v2/post/users.php Normal file
View File

@@ -0,0 +1,279 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// users
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
$owner_user = 0;
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause to check if data is owned by user
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
case '2':
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND partnerhierarchy like "'.$condition.'"';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%';
$whereclause = ' AND partnerhierarchy like "'.$condition.'"';
break;
}
//SET PARAMETERS FOR QUERY
$id = (isset($post_content['id'])) ? $post_content['id']: ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
if (isset($post_content['reset'])){$command = 'reset';} //change command to reset
$date = date('Y-m-d H:i:s');
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//GET EXISTING USER DATA
if ($id != '' && $command != 'reset'){
//Define Query
$stmt = $pdo->prepare('SELECT * FROM users WHERE id = ?');
$stmt->execute([$id]);
$user_data = $stmt->fetch();
$owner_user = (($user_data['username'] == $username)? 1 : 0);
$user_name_old = $user_data['username'];
$view_old = $user_data['view'];
$partnerhierarchy_old = json_decode($user_data['partnerhierarchy']);
$salesid_new = ((isset($post_content['salesid']) && $post_content['salesid'] != '' && $post_content['salesid'] != $partnerhierarchy_old->salesid)? $post_content['salesid'] : $partnerhierarchy_old->salesid);
$soldto_new = ((isset($post_content['soldto']) && $post_content['soldto'] != '' && $post_content['soldto'] != $partnerhierarchy_old->soldto)? $post_content['soldto'] : $partnerhierarchy_old->soldto);
$shipto_new = (($post_content['shipto'] != '' && $post_content['shipto'] != $partnerhierarchy_old->shipto)? $post_content['shipto'] : $partnerhierarchy_old->shipto);
$location_new = (($post_content['location'] != '' && $post_content['location'] != $partnerhierarchy_old->location)? $post_content['location'] : $partnerhierarchy_old->location);
if ($permission == 4){
//ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$salesid_new,
"soldto"=>$soldto_new,
"shipto"=>$shipto_new,
"location"=>$location_new
);
}elseif ($permission == 3) {
//ADMIN ONLY ARE ALLOWED TO CHANGE SOLD
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$soldto_new,
"shipto"=>$shipto_new,
"location"=>$location_new
);
}
else {
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$partner->soldto,
"shipto"=>$shipto_new,
"location"=>$location_new
);
}
} elseif ($command == 'insert') {
//ID is empty => INSERT / NEW RECORD
if ($permission == 4){
//ADMIN+ ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$post_content['salesid'],
"soldto"=>$post_content['soldto'],
"shipto"=>$post_content['shipto'],
"location"=>$post_content['location']
);
}
elseif ($permission == 3){
//ADMIN ONLY ARE ALLOWED TO CHANGE SOLD
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$post_content['soldto'],
"shipto"=>$post_content['shipto'],
"location"=>$post_content['location']
);
}
else {
$account = array(
"salesid"=>$partner->salesid,
"soldto"=>$partner->soldto,
"shipto"=>$post_content['shipto'],
"location"=>$post_content['location']
);
}
} elseif ($id != '' && $command == 'reset'){
//Reset user requested
//Get username
$stmt = $pdo->prepare('SELECT * FROM users WHERE id = ?');
$stmt->execute([$id]);
$user_data = $stmt->fetch();
//generate resetkey
$post_content['resetkey'] = generate_jwt($headers, $payload);
//STEP 1- create resetkey
$headers = array('alg'=>'HS256','typ'=>'JWT');
$payload = array('username'=>$user_data['username'], 'exp'=>(time() + 1800));
$resetkey = generate_jwt($headers, $payload);
//STEP 2- Store resetkey
$sql = 'UPDATE users SET resetkey = ? WHERE id = ? '.$whereclause.'';
$stmt = $pdo->prepare($sql);
$stmt->execute([$resetkey,$id]);
//STEP 3 - Send to user
include_once './assets/mail/email_template_reset.php';
send_mail($user_data['email'],$subject,$message,'','');
}
$accounthierarchy = json_encode($account, JSON_UNESCAPED_UNICODE);
//Create resetkey & tokens
$headers = array('alg'=>'HS256','typ'=>'JWT');
$payload = array('username'=>$post_content['username'], 'exp'=>(time() + 1800));
$post_content['service'] = (isset($post_content['service']) && $post_content['service'] == 1) ? bin2hex(random_bytes(25)) : '';
$post_content['userkey'] = (isset($post_content['userkey']) && $post_content['userkey'] == 1) ? bin2hex(random_bytes(25)) : '';
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){
$post_content['partnerhierarchy'] = $accounthierarchy;
}
elseif ($command == 'insert'){
$post_content['resetkey'] = $resetkey = generate_jwt($headers, $payload);
$post_content['password'] = generate_jwt($headers, $payload);
$post_content['partnerhierarchy'] = $accounthierarchy;
$post_content['salesID'] = $partner->salesid;
}
else {
//do nothing
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'id' || str_contains($key, 'old_') || $key == 'salesid' || $key == 'soldto' || $key == 'shipto' || $key == 'location'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && (isAllowed('user',$profile,$permission,'U') === 1 || $owner_user === 1)){
$sql = 'UPDATE users SET '.$clause.' WHERE id = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
//Update the username in all tables when changed
if ($post_content['username'] != $user_name_old){
$sql_like = '%'.$user_name_old.'%';
$sql1= 'UPDATE equipment SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
$sql2= 'UPDATE communication SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
$sql3= 'UPDATE contracts SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
$sql4= 'UPDATE feedback SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
$sql5= 'UPDATE history SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
$sql6= 'UPDATE opportunities SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
$sql7= 'UPDATE orders SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
$sql8= 'UPDATE products SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
$sql_users = 'UPDATE account SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
$sql_partner = 'UPDATE partner SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?';
//SQL_users
$stmt = $pdo->prepare($sql_users);
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
//SQL_partners
$stmt = $pdo->prepare($sql_partner);
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
$pdo = dbConnect($dbname);
//SQL1
$stmt = $pdo->prepare($sql1);
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
//SQL2
$stmt = $pdo->prepare($sql2);
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
//SQL3
$stmt = $pdo->prepare($sql3);
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
//SQL4
$stmt = $pdo->prepare($sql4);
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
//SQL5
$stmt = $pdo->prepare($sql5);
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
//SQL6
$stmt = $pdo->prepare($sql6);
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
//SQL7
$stmt = $pdo->prepare($sql7);
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
//SQL8
$stmt = $pdo->prepare($sql8);
$stmt->execute([$user_name_old,$post_content['username'], $sql_like]);
}
}
elseif ($command == 'insert' && isAllowed('user',$profile,$permission,'C') === 1){
//check if user exists
$stmt = $pdo->prepare('SELECT * FROM users WHERE username = ?');
$stmt->execute([$post_content['username']]);
$user_exist = $stmt->fetch();
$exists = (isset($user_exist['username']))? 1 : 0;
if($user_exist == 0 ){
$sql = 'INSERT INTO users ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
//STEP 2- Send to user
include_once './assets/mail/email_template_new.php';
send_mail($post_content['email'],$subject,$message,'','');
} else {
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($exists, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
}
}
elseif ($command == 'delete' && isAllowed('user',$profile,$permission,'D') === 1){
//delete equipment
$stmt = $pdo->prepare('DELETE FROM users WHERE id = ? '.$whereclause.'');
$stmt->execute([ $id ]);
//Add deletion to changelog
changelog($dbname,'users',$id,'Delete','Delete',$username);
} else
{
//do nothing
}
?>

32
assets/functions.php
View File

@@ -2308,4 +2308,36 @@ function calculateMedian($array) {
$highMiddle = $array[ceil((count($array) - 1) / 2)]; $highMiddle = $array[ceil((count($array) - 1) / 2)];
return ($lowMiddle + $highMiddle) / 2; return ($lowMiddle + $highMiddle) / 2;
} }
}
// +++++++++++++++++++++++++++++++++++++++++++++++++++++++
// visual forecast for service and warranty+++++++++++++++
// +++++++++++++++++++++++++++++++++++++++++++++++++++++++
function usageView($messages){
//GET TOTAL SERVICE COUNT
$totalcount = 0;
foreach ($messages as $message){
$totalcount += $message['count'];
}
$view = '
<smaller>Service = '.$totalcount.' </smaller>
<div style="margin-bottom: 30px;">
<ul style="width: 100%;max-width:100%" class="chart">
';
foreach ($messages as $message){
$height = ($message['count'] / $totalcount) * 100;
$fc_year = $message['year'];
$dateObj = DateTime::createFromFormat('!m', $message['month']);
$title = $dateObj->format('F').' '.$fc_year;
$view .='<li style="text-align:center;">' . $message['count'] . '<span style="height:' . $height . '%" title="' . $title . '"></span></li>';
}
$view .='</ul>
</div>
';
return $view;
} }

403
contract.php
View File

@@ -1,223 +1,258 @@
<?php <?php
defined(page_security_key) or exit; defined(page_security_key) or exit;
if (debug && debug_id == $_SESSION['id']){
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
}
include_once './assets/functions.php';
include_once './settings/settings.php';
//SET ORIGIN FOR NAVIGATION
$prev_page = $_SESSION['prev_origin'] ?? '';
$page = 'contract'; $page = 'contract';
//create backbutton to prev_origin
$back_btn_orgin = ($prev_page != '')? '<a href="'.$prev_page.'" class="btn alt mar-right-2">'.$button_back.'</a>':'';
//Check if allowed //Check if allowed
if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){ if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){
header('location: index.php'); header('location: index.php');
exit; exit;
} }
//GET PARAMETERS && STORE in SESSION for FURTHER USE/NAVIGATION
$pagination_page = $_SESSION['p'] = isset($_GET['p']) ? $_GET['p'] : 1;
//PAGE Security //PAGE Security
$page_manage = 'contract_manage';
$update_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'U'); $update_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'U');
$delete_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'D'); $update_allowed_edit = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'U');
$create_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'C'); $delete_allowed = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'D');
$create_allowed = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'C');
// Default input product values
$contract = [
'rowID' => '',
'type' => '',
'status' => '',
'accountID' => '',
'start_date' => '',
'duration' => '',
'service_count' => '',
'contract_details' => '',
'created' => '',
'createdby' => '',
'billing_plan' => '',
'pricing' => '',
'reference' => '',
'servicetool' => '',
'assigned_users' => []
];
//GET Details from URL
$GET_VALUES = urlGETdetails($_GET) ?? '';
$contract_ID = $_GET['rowID'] ?? ''; $contract_ID = $_GET['rowID'] ?? '';
if ($contract_ID !=''){ //CALL TO API FOR General information
$url = 'index.php?page=contract&rowID='.$contract_ID.''; $api_url = '/v1/contracts/rowID='.$contract_ID;;
} else { $responses = ioServer($api_url,'');
$url = 'index.php?page=contracts'; //Decode Payload
} if (!empty($responses)){$responses = decode_payload($responses);}else{$responses = null;}
$responses = $responses[0];
if (isset($_GET['rowID'])) { //------------------------------
//CALL TO API //Variables
$api_url = '/v1/contracts/rowID='.$contract_ID; //------------------------------
$responses = ioServer($api_url,''); $contract_status_text = 'contract_status'.$responses->status ?? '';
//Decode Payload $contract_type_text = 'contract_type'.$responses->type ?? '';
if (!empty($responses)){$responses = decode_payload($responses);}else{$responses = null;} $servicetools = json_decode($responses->servicetool,true) ?? '';
$assigned_users = json_decode($responses->assigned_users,true) ?? '';
$contract = json_decode(json_encode($responses[0]), true);
if ($update_allowed === 1){ //Partnerdata
if (isset($_POST['submit'])) { $partner_data = json_decode($responses->accounthierarchy);
//GET ALL POST DATA $salesid = getPartnerName($partner_data->salesid) ?? $not_specified;
$data = json_encode($_POST, JSON_UNESCAPED_UNICODE); $soldto = getPartnerName($partner_data->soldto) ?? '-';
$shipto = getPartnerName($partner_data->shipto) ?? '-';
$location = getPartnerName($partner_data->location) ?? '-';
//Secure data // Handle success messages
$payload = generate_payload($data); if (isset($_GET['success_msg'])) {
if ($_GET['success_msg'] == 1) {
//API call $success_msg = $message_contract_1;
$responses = ioServer('/v1/contracts', $payload);
if ($responses === 'NOK'){
} else {
header('Location: index.php?page=contracts&success_msg=2');
exit;
}
}
} }
if ($_GET['success_msg'] == 2) {
if ($delete_allowed === 1){ $success_msg = $message_contract_2;
if (isset($_POST['delete'])) {
//GET ALL POST DATA
$data = json_encode($_POST , JSON_UNESCAPED_UNICODE);
//Secure data
$payload = generate_payload($data);
//API call
$responses = ioServer('/v1/contracts', $payload);
// Redirect and delete product
if ($responses === 'NOK'){
} else {
header('Location: index.php?page=contracts&success_msg=3');
exit;
}
}
} }
if ($_GET['success_msg'] == 3) {
} else { $success_msg = $message_contract_3;
// Create a new product
if (isset($_POST['submit']) && $create_allowed === 1) {
//GET ALL POST DATA
$data = json_encode($_POST, JSON_UNESCAPED_UNICODE);
//Secure data
$payload = generate_payload($data);
//API call
$responses = ioServer('/v1/contracts', $payload);
if ($responses === 'NOK'){
} else {
header('Location: index.php?page=contracts&success_msg=1');
exit;
}
} }
} }
template_header('Contract', 'contract', 'manage'); template_header('Contract', 'contract', 'view');
$view = '
$view ='
<form action="" method="post">
<div class="content-title responsive-flex-wrap responsive-pad-bot-3"> <div class="content-title responsive-flex-wrap responsive-pad-bot-3">
<h2 class="responsive-width-100">'.$contract_h2.'</h2> <h2 class="responsive-width-100">'.$responses->rowID.'</h2>
<a href="index.php?page=contracts" class="btn alt mar-right-2">'.$button_cancel.'</a> <a href="index.php?page='.$_SESSION['origin'].'&p='.$_SESSION['p'].'" class="btn alt mar-right-2">'.$button_cancel.'</a>
'; ';
if ($delete_allowed === 1){
$view .= '<input type="submit" name="delete" value="Delete" class="btn red mar-right-2" onclick="return confirm(\'Are you sure you want to delete this contract?\')">'; //------------------------------------
//
//------------------------------------
if ($update_allowed_edit === 1){
$view .= '<a href="index.php?page=contract_manage&rowID='.$_GET['rowID'].'" class="btn">Edit</a>';
} }
if ($update_allowed === 1){
$view .= '<input type="submit" name="submit" value="Save" class="btn">';
}
$view .= '</div>'; $view .= '</div>';
$view .= '<div class="tabs"> if (isset($success_msg)){
<a href="#" class="active">'.$tab1 .'</a> $view .= ' <div class="msg success">
<a href="#">'.$tab2.'</a> <i class="fas fa-check-circle"></i>
<a href="#">'.$tab3.'</a> <p>'.$success_msg.'</p>
<i class="fas fa-times"></i>
</div>';
}
$view .= '<div class="content-block-wrapper">';
$view .= ' <div class="content-block order-details">
<div class="block-header">
<i class="fa-solid fa-circle-info"></i></i>'.($product_data ?? '').'
</div>
<div class="order-detail">
<h3>'.$contract_id.'</h3>
<p>'.$responses->rowID.'</p>
</div>
<div class="order-detail">
<h3>'.$contract_status.'</h3>
<p><span class="status id'.$responses->status.'">'.$$contract_status_text.'</span></p>
</div>
<div class="order-detail">
<h3>'.$contract_type.'</h3>
<p><span class="status id'.$responses->type.'">'.$$contract_type_text.'</span></p>
</div>
<div class="order-detail">
<h3>'.$contract_start_date.'</h3>
<p>'.$responses->start_date.'</p>
</div>
<div class="order-detail">
<h3>'.$contract_duration.'</h3>
<p>'.$responses->duration.'</p>
</div>
';
if ($responses->duration !='' && $responses->start_date !=''){
$date = date('Y-m-d', strtotime('+'.$responses->duration.' months', strtotime($responses->start_date)));
$view .= '
<div class="order-detail">
<h3>'.$contract_end_date.'</h3>
<p>'.$date.'</p>
</div>';
}
$view .='
</div>
';
$view .='<div class="content-block order-details">
<div class="block-header">
<i class="fa-solid fa-user fa-sm"></i>'.$view_asset_partners.'
</div>
<div class="order-detail">
<h3>'.$general_salesid.'</h3>
<p>'.$salesid.'</p>
</div>
<div class="order-detail">
<h3>'.$general_soldto.'</h3>
<p>'.$soldto.'</p>
</div>
<div class="order-detail">
<h3>'.$general_shipto.'</h3>
<p>'.$shipto.'</p>
</div>
<div class="order-detail">
<h3>'.$general_location.'</h3>
<p>'.$location.'</p>
</div>
<div class="order-detail">
<h3>'.$contract_reference.'</h3>
<p>'.$responses->reference.'</p>
</div>
</div>';
$view .= '</div>';
//Usageview
//get all assigned serialnumbers
$url_input = '';
foreach($servicetools as $service_tool){
$url_input .= $service_tool.',';
}
//Return report_usage_servicereports
$api_url = '/v1/application/type=ServiceReport&serialnumber='.substr($url_input,0,-1).'/contract_usage_servicereports';
$contract_usage_servicereports = ioServer($api_url,'');
//Decode Payload
if (!empty($contract_usage_servicereports)){$contract_usage_servicereports = decode_payload($contract_usage_servicereports);}else{$contract_usage_servicereports = null;}
$service_events = usageView(json_decode(json_encode($contract_usage_servicereports),true));
$view .= '<div class="content-block">
<div class="block-header">
<i class="fa-solid fa-bars fa-sm"></i>'.$menu_service_reports.'
</div>
<div class="table order-table">
'.$service_events.'
</div>
</div> </div>
'; ';
$view .='<div class="content-block tab-content active">
<div class="form responsive-width-100"> $view .= '<div class="content-block">
<label for="">'.$contract_status.'</label> <div class="block-header">
<select name="status"> <i class="fa-solid fa-bars fa-sm"></i>'.$contract_assigned_users.'
<option value="0" '.($contract['status']==0?' selected':'').'>'.$contract_status0.'</option>
<option value="1" '.($contract['status']==1?' selected':'').'>'.$contract_status1.'</option>
<option value="2" '.($contract['status']==2?' selected':'').'>'.$contract_status2.'</option>
</select>
</div> </div>
<div class="form responsive-width-100"> <div class="table order-table">
<label for="">'.$contract_type.'</label> <table class="sortable">
<select name="type"> <tbody>';
<option value="0" '.($contract['type']==0?' selected':'').'>'.$contract_type0.'</option> //Check for assigned users
<option value="1" '.($contract['type']==1?' selected':'').'>'.$contract_type1.'</option> foreach ($assigned_users as $user){
<option value="2" '.($contract['type']==2?' selected':'').'>'.$contract_type2.'</option> $view .= '<tr><td>'.$user.'</td><tr>';
</select> }
$view .= '
</tbody>
</table>
</div> </div>
<div class="form responsive-width-100">
<label for="">'.$contract_start_date.'</label>
<input type="date" name="start_date" value="'.$contract['start_date'].'" required>
</div>';
//Define end_date based on duration
if ($contract['duration'] !='' && $contract['start_date'] !=''){
$date = date('Y-m-d', strtotime('+'.$contract['duration'].' months', strtotime($contract['start_date'])));
$view .= '<div class="form responsive-width-100">
<label for="">'.$contract_end_date.'</label>
<input type="date" value="'.$date.'" readonly>
</div>';
}
$view .= '<div class="form responsive-width-100">
<label for="">'.$contract_duration.'</label>
<input type="number" name="duration" value="'.$contract['duration'].'" required>
</div>
<div class="form responsive-width-100">
<label for="">'.$contract_reference.'</label>
<input type="text" name="reference" value="'.$contract['reference'].'" >
</div>
</div>';
//GET PARTNER DROPDOWN
$soldto_dropdown = listAccounts('accountID',$_SESSION['permission'],$contract['accountID']);
$view .= '<div class="content-block tab-content">
<div class="form responsive-width-100">
<label for="">'.$contract_account.'</label>
'.$soldto_dropdown.'
</div>
<div class="form responsive-width-100">
<label for="">'.$contract_servicetool.'</label>
<input id="name" type="text" name="servicetool" placeholder="'.$contract_servicetool.'" value="'.$contract['servicetool'].'">
</div>
<div class="form responsive-width-100">
<label for="">'.$contract_assigned_users.'</label>';
//Check for assigned users
$assigned_users = (is_string($contract['assigned_users']))? json_decode($contract['assigned_users']) : '';
if (is_array($assigned_users)) {
foreach ($assigned_users as $user){
$view .= '<input id="assigned_users" type="text" name="assigned_users" placeholder="'.$contract_assigned_users.'" value="'.$user.'">';
}
} else{
$view .= '<input id="assigned_users" type="text" name="assigned_users[]" placeholder="'.$contract_assigned_users.'" value="">';
}
$view .=' </div>
<button type="button" class="btn" onclick="addField(\'assigned_users\',\'assigned_users[]\');"> + </button> <small>'.$contract_assigned_users_add.'</small>
</div>';
$view .= '<div class="content-block tab-content">
<div class="form responsive-width-100">
<label for="">'.$general_created.'</label>
<input id="name" type="text" name="" placeholder="'.$general_created.'" value="'.$contract['created'].'" readonly>
<label for="">'.$general_createdby.'</label>
<input id="name" type="text" name="" placeholder="'.$general_createdby.'" value="'.$contract['createdby'].'" readonly>
<input id="name" type="hidden" name="rowID" value="'.$contract['rowID'].'" readonly>
</div> </div>
</div>'; ';
$view .= '<div class="content-block">
<div class="block-header">
<i class="fa-solid fa-bars fa-sm"></i>'. $contract_servicetool.'
</div>
<div class="table order-table">
<table class="sortable">
<tbody>';
//Check for assigned tools
foreach ($servicetools as $tools){
$view .= '<tr><td>'.$tools.'</td><tr>';
}
$view .= '
</tbody>
</table>
</div>
</div>
';
$view .= '<div class="content-block">
<div class="block-header">
<i class="fa-solid fa-bars fa-sm"></i>'.$tab3.'
</div>
<div class="table order-table">
<table>
<tr>
<td style="width:25%;">'.$general_created.'</td>
<td>'.$responses->created.'</td>
</tr>
<tr>
<td style="width:25%;">'.$general_createdby.'</td>
<td>'.$responses->createdby.'</td>
</tr>
</table>
</div>
</div>
';
$view .= '</form>'; $view .='</div>';
//OUTPUT
echo $view;
//Output template_footer()
echo $view;
template_footer()?> ?>

250
contract_manage.php Normal file
View File

@@ -0,0 +1,250 @@
<?php
defined(page_security_key) or exit;
$page = 'contract_manage';
//Check if allowed
if (isAllowed($page,$_SESSION['profile'],$_SESSION['permission'],'R') === 0){
header('location: index.php');
exit;
}
//PAGE Security
$update_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'U');
$delete_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'D');
$create_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],'C');
// Default input product values
$contract = [
'rowID' => '',
'type' => '',
'status' => '',
'accountID' => '',
'start_date' => '',
'duration' => '',
'service_count' => '',
'contract_details' => '',
'created' => '',
'createdby' => '',
'billing_plan' => '',
'pricing' => '',
'reference' => '',
'servicetool' => [],
'assigned_users' => [],
'accounthierarchy' => $_SESSION['partnerhierarchy']
];
$contract_ID = $_GET['rowID'] ?? '';
if ($contract_ID !=''){
$url = 'index.php?page=contract&rowID='.$contract_ID.'';
} else {
$url = 'index.php?page=contracts';
}
if (isset($_GET['rowID'])) {
//CALL TO API
$api_url = '/v1/contracts/rowID='.$contract_ID;
$responses = ioServer($api_url,'');
//Decode Payload
if (!empty($responses)){$responses = decode_payload($responses);}else{$responses = null;}
$contract = json_decode(json_encode($responses[0]), true);
if ($update_allowed === 1){
if (isset($_POST['submit'])) {
//GET ALL POST DATA
$data = json_encode($_POST, JSON_UNESCAPED_UNICODE);
var_dump($data);
//Secure data
$payload = generate_payload($data);
//API call
$responses = ioServer('/v1/contracts', $payload);
if ($responses === 'NOK'){
} else {
header('Location: index.php?page=contract&rowID='.$contract_ID.'&success_msg=2');
exit;
}
}
}
if ($delete_allowed === 1){
if (isset($_POST['delete'])) {
//GET ALL POST DATA
$data = json_encode($_POST , JSON_UNESCAPED_UNICODE);
//Secure data
$payload = generate_payload($data);
//API call
$responses = ioServer('/v1/contracts', $payload);
// Redirect and delete product
if ($responses === 'NOK'){
} else {
header('Location: index.php?page=contracts&success_msg=3');
exit;
}
}
}
} else {
// Create a new product
if (isset($_POST['submit']) && $create_allowed === 1) {
//GET ALL POST DATA
$data = json_encode($_POST, JSON_UNESCAPED_UNICODE);
//Secure data
$payload = generate_payload($data);
//API call
$responses = ioServer('/v1/contracts', $payload);
if ($responses === 'NOK'){
} else {
header('Location: index.php?page=contracts&success_msg=1');
exit;
}
}
}
template_header('Contract', 'contract', 'manage');
$view ='
<form action="" method="post">
<div class="content-title responsive-flex-wrap responsive-pad-bot-3">
<h2 class="responsive-width-100">'.$contract_h2.'</h2>
<a href="'.$url.'" class="btn alt mar-right-2">'.$button_cancel.'</a>
';
if ($delete_allowed === 1){
$view .= '<input type="submit" name="delete" value="Delete" class="btn red mar-right-2" onclick="return confirm(\'Are you sure you want to delete this contract?\')">';
}
if ($update_allowed === 1){
$view .= '<input type="submit" name="submit" value="Save" class="btn">';
}
$view .= '</div>';
$view .= '<div class="tabs">
<a href="#" class="active">'.$tab1 .'</a>
<a href="#">'.$tab2.'</a>
<a href="#">'.$tab3.'</a>
</div>
';
$view .='<div class="content-block tab-content active">
<div class="form responsive-width-100">
<label for="">'.$contract_status.'</label>
<select name="status">
<option value="0" '.($contract['status']==0?' selected':'').'>'.$contract_status0.'</option>
<option value="1" '.($contract['status']==1?' selected':'').'>'.$contract_status1.'</option>
<option value="2" '.($contract['status']==2?' selected':'').'>'.$contract_status2.'</option>
</select>
</div>
<div class="form responsive-width-100">
<label for="">'.$contract_type.'</label>
<select name="type">
<option value="0" '.($contract['type']==0?' selected':'').'>'.$contract_type0.'</option>
<option value="1" '.($contract['type']==1?' selected':'').'>'.$contract_type1.'</option>
<option value="2" '.($contract['type']==2?' selected':'').'>'.$contract_type2.'</option>
</select>
</div>
<div class="form responsive-width-100">
<label for="">'.$contract_start_date.'</label>
<input type="date" name="start_date" value="'.$contract['start_date'].'" required>
</div>';
//Define end_date based on duration
if ($contract['duration'] !='' && $contract['start_date'] !=''){
$date = date('Y-m-d', strtotime('+'.$contract['duration'].' months', strtotime($contract['start_date'])));
$view .= '<div class="form responsive-width-100">
<label for="">'.$contract_end_date.'</label>
<input type="date" value="'.$date.'" readonly>
</div>';
}
$view .= '<div class="form responsive-width-100">
<label for="">'.$contract_duration.'</label>
<input type="number" name="duration" value="'.$contract['duration'].'" required>
</div>
<div class="form responsive-width-100">
<label for="">'.$contract_reference.'</label>
<input type="text" name="reference" value="'.$contract['reference'].'" >
</div>';
$view .= '<div class="form responsive-width-100">
<label for="">'.$contract_servicetool.' <button type="button" class="btn2" onclick="addField(\'assigned_servicetools\',\'servicetool[]\');" style="width:5%;background-color:#bed4ea;"> + </button></label>';
//Check for assigned servicetools
$assigned_servicetools = (empty($contract['servicetool']))? '' :json_decode($contract['servicetool'],true);
if (!empty($assigned_servicetools || $assigned_servicetools !='')){
foreach ($assigned_servicetools as $tool){
$view .= '<input id="assigned_servicetools" type="text" name="servicetool[]" placeholder="'.$contract_servicetool.'" value="'.$tool.'">';
}
} else {
$view .= '<input id="assigned_users" type="text" name="servicetool[]" placeholder="'.$contract_servicetool.'" value="">';
}
$view .=' </div>
';
$view .=' <div class="form responsive-width-100">
<label for="">'.$contract_assigned_users.' <button type="button" class="btn2" onclick="addField(\'assigned_users\',\'assigned_users[]\');" style="width:5%;background-color:#bed4ea;"> + </button></label>';
//Check for assigned users
$assigned_users = (empty($contract['assigned_users']))? '' :json_decode($contract['assigned_users'],true);
if (!empty($assigned_users) || $assigned_users != ''){
foreach ($assigned_users as $user){
$view .= '<input id="assigned_users" type="text" name="assigned_users[]" placeholder="'.$contract_assigned_users.'" value="'.$user.'">';
}
} else {
$view .= '<input id="assigned_users" type="text" name="assigned_users[]" placeholder="'.$contract_assigned_users.'" value="">';
}
$view .=' </div>
</div>';
//GET PARTNERDATA
$partner_data = json_decode($contract['accounthierarchy']);
//BUID UP DROPDOWNS
$salesid_dropdown = listPartner('salesid',$_SESSION['permission'],$partner_data->salesid);
$soldto_dropdown = listPartner('soldto',$_SESSION['permission'],$partner_data->soldto);
$shipto_dropdown = listPartner('shipto',$_SESSION['permission'],$partner_data->shipto);
$location_dropdown = listPartner('location',$_SESSION['permission'],$partner_data->location);
//DISPLAY
$view .= '<div class="content-block tab-content">
<div class="form responsive-width-100">
';
$view .= '<label for="status">'.$general_salesid.'</label>';
$view .= $salesid_dropdown;
$view .= '<label for="status">'.$general_soldto.'</label>';
$view .= $soldto_dropdown;
$view .= '<label for="status">'.$general_shipto.'</label>';
$view .= $shipto_dropdown;
$view .= '<label for="status">'.$general_location.'</label>';
$view .= $location_dropdown;
$view .= '
</div>
</div>';
$view .= '<div class="content-block tab-content">
<div class="form responsive-width-100">
<label for="">'.$general_created.'</label>
<input id="name" type="text" name="" placeholder="'.$general_created.'" value="'.$contract['created'].'" readonly>
<label for="">'.$general_createdby.'</label>
<input id="name" type="text" name="" placeholder="'.$general_createdby.'" value="'.$contract['createdby'].'" readonly>
<input id="name" type="hidden" name="rowID" value="'.$contract['rowID'].'" readonly>
</div>
</div>';
$view .= '</form>';
//Output
echo $view;
template_footer()?>

11
contracts.php
View File

@@ -11,8 +11,8 @@ include_once './settings/settings.php';
//SET PAGE ORIGIN FOR NAVIGATION AND SECURITY //SET PAGE ORIGIN FOR NAVIGATION AND SECURITY
$page = $_SESSION['origin'] = 'contracts';
$prev_page = ($_SESSION['origin'] == 'equipments') ? $_SESSION['prev_origin_equipment'] : (($_SESSION['origin'] == 'account')? $_SESSION['prev_origin'] :''); $prev_page = ($_SESSION['origin'] == 'equipments') ? $_SESSION['prev_origin_equipment'] : (($_SESSION['origin'] == 'account')? $_SESSION['prev_origin'] :'');
$page = 'contracts';
//create backbutton to prev_origin //create backbutton to prev_origin
$back_btn_orgin = ($prev_page != '')? '<a href="'.$prev_page.'" class="btn alt mar-right-2">'.$button_back.'</a>':''; $back_btn_orgin = ($prev_page != '')? '<a href="'.$prev_page.'" class="btn alt mar-right-2">'.$button_back.'</a>':'';
@@ -78,7 +78,7 @@ $view .= ' <div class="msg success">
} }
$view .= ' $view .= '
<div class="content-header responsive-flex-column pad-top-5"> <div class="content-header responsive-flex-column pad-top-5">
<a href="index.php?page=contract" class="btn">'.$button_create_contract.'</a> <a href="index.php?page=contract_manage" class="btn">'.$button_create_contract.'</a>
<form action="" method="get"> <form action="" method="get">
<input type="hidden" name="page" value="contracts"> <input type="hidden" name="page" value="contracts">
<div class="filters"> <div class="filters">
@@ -136,12 +136,15 @@ $view .= '
$type = 'contract_type'.$response->type; $type = 'contract_type'.$response->type;
//calculate enddate from duration //calculate enddate from duration
$date = date('Y-m-d', strtotime('+'.$response->duration.' months', strtotime($response->start_date))); $date = date('Y-m-d', strtotime('+'.$response->duration.' months', strtotime($response->start_date)));
//GetPartnerDetails
$partner_data = json_decode($response->accounthierarchy);
$view .= ' $view .= '
<tr> <tr>
<td>'.$response->rowID.'</td> <td>'.$response->rowID.'</td>
<td>'.(($response->status == 1)? '<span class="status enabled">'.$$status:'<span class="status">'.$$status).'</td> <td>'.(($response->status == 1)? '<span class="status enabled">'.$$status:'<span class="status">'.$$status).'</td>
<td>'.$response->accountID.'</td> <td>'.$partner_data->soldto.'</td>
<td>'.$$type.'</td> <td>'.$$type.'</td>
<td>'.$response->start_date.'</td> <td>'.$response->start_date.'</td>
<td>'.$date.'</td> <td>'.$date.'</td>

6
dev.php
View File

@@ -7,6 +7,12 @@ include './assets/functions.php';
include './settings/settings.php'; include './settings/settings.php';
include './settings/config.php'; include './settings/config.php';
$tes= '40';
$test_r = (isset($test))? $test : (isset($test2)? $test2 : 'none');
echo $test_r;
//Connect to DB //Connect to DB
$pdo = dbConnect($dbname); $pdo = dbConnect($dbname);