CMXX - Initial product attributes

api/v2/get/products_attributes.php

@@ -0,0 +1,118 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// Products attributes
+//------------------------------------------
+
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+$whereclause = '';
+
+switch ($permission) {    
+    case '4':
+        $whereclause = '';
+        break;
+    case '3':
+        $whereclause = '';
+        break;  
+    default:
+        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
+        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
+        break;
+} 
+
+//NEW ARRAY
+$criterias = [];   
+$clause = '';
+
+//Check for $_GET variables and build up clause
+if(isset($get_content) && $get_content!=''){    
+    //GET VARIABLES FROM URL
+    $requests = explode("&", $get_content);     
+    //Check for keys and values
+    foreach ($requests as $y){
+        $v = explode("=", $y);
+        //INCLUDE VARIABLES IN ARRAY
+        $criterias[$v[0]] = $v[1]; 
+    
+        if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
+        //do nothing
+        }  
+        elseif ($v[0] == 'search') {
+        //build up search
+        $clause .= ' AND variable like :'.$v[0]; 
+        }
+        else {//create clause
+        $clause .= ' AND '.$v[0].' = :'.$v[0];
+        }
+    }
+    if ($whereclause == '' && $clause !=''){
+        $whereclause = 'WHERE '.substr($clause, 4);
+    } else {
+        $whereclause .= $clause;
+    }
+} 
+//Define Query
+if(isset($criterias['totals']) && $criterias['totals'] ==''){
+//Request for total rows
+    $sql = 'SELECT count(*) as count FROM products_attributes_groups '.$whereclause.'';
+} 
+else {
+    //SQL for Paging 
+    $sql = 'SELECT * FROM products_attributes_groups '.$whereclause.' LIMIT :page,:num_products';
+}
+
+$stmt = $pdo->prepare($sql);
+
+//Bind to query
+if (str_contains($whereclause, ':condition')){
+    $stmt->bindValue('condition', $condition, PDO::PARAM_STR);
+}
+
+if (!empty($criterias)){
+    foreach ($criterias as $key => $value){
+        $key_condition = ':'.$key;
+        if (str_contains($whereclause, $key_condition)){
+            if ($key == 'search'){
+                $search_value = '%'.$value.'%';
+                $stmt->bindValue($key, $search_value, PDO::PARAM_STR);
+            } 
+            else {
+                $stmt->bindValue($key, $value, PDO::PARAM_STR);
+            }
+        }
+    }
+}
+
+//Add paging details
+if(isset($criterias['totals']) && $criterias['totals']==''){
+    $stmt->execute();
+    $messages = $stmt->fetch();
+    $messages = $messages[0];
+} 
+else {
+    $current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
+    $stmt->bindValue('page', ($current_page - 1) * $page_rows_products_attributes, PDO::PARAM_INT);
+    $stmt->bindValue('num_products', $page_rows_products_attributes, PDO::PARAM_INT);
+
+    //Excute Query
+    $stmt->execute();
+    //Get results
+    $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+}
+
+//------------------------------------------
+//JSON_ENCODE
+//------------------------------------------
+$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
+
+//Send results
+echo $messages;
+
+?>

api/v2/get/products_attributes_items.php

@@ -0,0 +1,118 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// Products attributes items
+//------------------------------------------
+
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+$whereclause = '';
+
+switch ($permission) {    
+    case '4':
+        $whereclause = '';
+        break;
+    case '3':
+        $whereclause = '';
+        break;  
+    default:
+        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
+        $whereclause = 'WHERE accounthierarchy like "'.$condition.'"';
+        break;
+} 
+
+//NEW ARRAY
+$criterias = [];   
+$clause = '';
+
+//Check for $_GET variables and build up clause
+if(isset($get_content) && $get_content!=''){    
+    //GET VARIABLES FROM URL
+    $requests = explode("&", $get_content);     
+    //Check for keys and values
+    foreach ($requests as $y){
+        $v = explode("=", $y);
+        //INCLUDE VARIABLES IN ARRAY
+        $criterias[$v[0]] = $v[1]; 
+    
+        if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
+        //do nothing
+        } 
+        elseif ($v[0] == 'search') {
+        //build up search
+        $clause .= ' AND translation like :'.$v[0]; 
+        }
+        else {//create clause
+        $clause .= ' AND '.$v[0].' = :'.$v[0];
+        }
+    }
+    if ($whereclause == '' && $clause !=''){
+        $whereclause = 'WHERE '.substr($clause, 4);
+    } else {
+        $whereclause .= $clause;
+    }
+} 
+//Define Query
+if(isset($criterias['totals']) && $criterias['totals'] ==''){
+//Request for total rows
+    $sql = 'SELECT count(*) as count FROM products_attributes_items '.$whereclause.'';
+} 
+else {
+    //SQL for Paging 
+    $sql = 'SELECT * FROM products_attributes_items '.$whereclause.' LIMIT :page,:num_products';
+}
+
+$stmt = $pdo->prepare($sql);
+
+//Bind to query
+if (str_contains($whereclause, ':condition')){
+    $stmt->bindValue('condition', $condition, PDO::PARAM_STR);
+}
+
+if (!empty($criterias)){
+    foreach ($criterias as $key => $value){
+        $key_condition = ':'.$key;
+        if (str_contains($whereclause, $key_condition)){
+            if ($key == 'search'){
+                $search_value = '%'.$value.'%';
+                $stmt->bindValue($key, $search_value, PDO::PARAM_STR);
+            }
+            else {
+                $stmt->bindValue($key, $value, PDO::PARAM_STR);
+            }
+        }
+    }
+}
+
+//Add paging details
+if(isset($criterias['totals']) && $criterias['totals']==''){
+    $stmt->execute();
+    $messages = $stmt->fetch();
+    $messages = $messages[0];
+}
+else {
+    $current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
+    $stmt->bindValue('page', ($current_page - 1) * $page_rows_products_attributes, PDO::PARAM_INT);
+    $stmt->bindValue('num_products', $page_rows_products_attributes, PDO::PARAM_INT);
+
+    //Excute Query
+    $stmt->execute();
+    //Get results
+    $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+}
+
+//------------------------------------------
+//JSON_ENCODE
+//------------------------------------------
+$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
+
+//Send results
+echo $messages;
+
+?>

api/v2/post/products_attributes.php

@@ -0,0 +1,105 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// Products attributes
+//------------------------------------------
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//CONTENT FROM API (POST)
+$post_content = json_decode($input,true);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+$whereclause = '';
+
+switch ($permission) {    
+    case '4':
+        $whereclause = '';
+        break;
+    case '3':
+        $whereclause = '';
+        break;  
+    default:
+        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
+        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
+        break;
+} 
+
+//SET PARAMETERS FOR QUERY
+$id = $post_content['rowID'] ?? ''; //check for rowID
+$command = ($id == '')? 'insert' : 'update';  //IF rowID = empty then INSERT
+if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
+$date = date('Y-m-d H:i:s');
+
+//CREATE EMPTY STRINGS
+$clause = '';
+$clause_insert ='';
+$input_insert = '';
+
+//BUILD UP PARTNERHIERARCHY FROM USER
+$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
+
+//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
+if ($command == 'update'){
+    $post_content['updatedby'] = $username ;
+
+}
+elseif ($command == 'insert'){
+    $post_content['createdby'] = $username;
+    $post_content['accounthierarchy'] = $partner_product;
+}
+else {
+    //do nothing
+}
+
+//CREAT NEW ARRAY AND MAP TO CLAUSE
+if(isset($post_content) && $post_content!=''){   
+    foreach ($post_content as $key => $var){
+        if ($key == 'submit' || $key == 'rowID'){
+            //do nothing
+        }
+        else {
+            $criterias[$key] = $var;
+            $clause .= ' , '.$key.' = ?';
+            $clause_insert .= ' , '.$key.'';
+            $input_insert .= ', ?'; // ? for each insert item
+            $execute_input[]= $var; // Build array for input
+        }
+    }
+}
+
+//CLEAN UP INPUT
+$clause = substr($clause, 2); //Clean clause - remove first comma
+$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
+$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
+
+//QUERY AND VERIFY ALLOWED
+if ($command == 'update' && isAllowed('products_attributes_manage',$profile,$permission,'U') === 1){
+    $sql = 'UPDATE products_attributes_groups SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
+    $execute_input[] = $id;
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute($execute_input);
+} 
+elseif ($command == 'insert' && isAllowed('products_attributes_manage',$profile,$permission,'C') === 1){
+    $sql = 'INSERT INTO products_attributes_groups('.$clause_insert.') VALUES ('.$input_insert.')';
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute($execute_input);
+    // Return ID            
+    echo json_encode(array('rowID'=> $pdo->lastInsertId()));
+}
+elseif ($command == 'delete' && isAllowed('products_attributes_manage',$profile,$permission,'D') === 1){
+    $stmt = $pdo->prepare('DELETE FROM products_attributes_groups WHERE rowID = ? '.$whereclause.'');
+    $stmt->execute([ $id ]); 
+
+      //Add deletion to changelog
+      changelog($dbname,'products_attributes_groups',$id,'Delete','Delete',$username);
+} else
+{
+    //do nothing
+}
+
+?>

api/v2/post/products_attributes_items.php

@@ -0,0 +1,103 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// Products attributes items
+//------------------------------------------
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//CONTENT FROM API (POST)
+$post_content = json_decode($input,true);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+$whereclause = '';
+
+switch ($permission) {    
+    case '4':
+        $whereclause = '';
+        break;
+    case '3':
+        $whereclause = '';
+        break;  
+    default:
+        $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
+        $whereclause = ' AND accounthierarchy like "'.$condition.'"';
+        break;
+} 
+
+//SET PARAMETERS FOR QUERY
+$id = $post_content['rowID'] ?? ''; //check for rowID
+$command = ($id == '')? 'insert' : 'update';  //IF rowID = empty then INSERT
+if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
+$date = date('Y-m-d H:i:s');
+
+//CREATE EMPTY STRINGS
+$clause = '';
+$clause_insert ='';
+$input_insert = '';
+
+//BUILD UP PARTNERHIERARCHY FROM USER
+$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
+
+//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
+if ($command == 'update'){
+    $post_content['updatedby'] = $username ;
+
+}
+elseif ($command == 'insert'){
+    $post_content['createdby'] = $username;
+    $post_content['accounthierarchy'] = $partner_product;
+}
+else {
+    //do nothing
+}
+
+//CREAT NEW ARRAY AND MAP TO CLAUSE
+if(isset($post_content) && $post_content!=''){   
+    foreach ($post_content as $key => $var){
+        if ($key == 'submit' || $key == 'update' || $key == 'add' ||$key == 'rowID'){
+            //do nothing
+        }
+        else {
+            $criterias[$key] = $var;
+            $clause .= ' , '.$key.' = ?';
+            $clause_insert .= ' , '.$key.'';
+            $input_insert .= ', ?'; // ? for each insert item
+            $execute_input[]= $var; // Build array for input
+        }
+    }
+}
+
+//CLEAN UP INPUT
+$clause = substr($clause, 2); //Clean clause - remove first comma
+$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
+$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
+
+//QUERY AND VERIFY ALLOWED
+if ($command == 'update' && isAllowed('products_attributes_manage',$profile,$permission,'U') === 1){
+    $sql = 'UPDATE products_attributes_items SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
+    $execute_input[] = $id;
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute($execute_input);
+} 
+elseif ($command == 'insert' && isAllowed('products_attributes_manage',$profile,$permission,'C') === 1){
+    $sql = 'INSERT INTO products_attributes_items ('.$clause_insert.') VALUES ('.$input_insert.')';
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute($execute_input);
+}
+elseif ($command == 'delete' && isAllowed('products_attributes_manage',$profile,$permission,'D') === 1){
+    $stmt = $pdo->prepare('DELETE FROM products_attributes_items WHERE rowID = ? '.$whereclause.'');
+    $stmt->execute([ $id ]); 
+
+      //Add deletion to changelog
+      changelog($dbname,'products_attributes_items',$id,'Delete','Delete',$username);
+} else
+{
+    //do nothing
+}
+
+?>