Implement Software Upgrade Management API and Frontend Functionality

- Added software.php for managing software versions, including download and purchase actions.
- Created upgrade_paths.php for handling upgrade paths management.
- Developed user_licenses.php for managing user licenses.
- Introduced version_access_rules.php for managing access rules for software versions.
- Implemented frontend functions in functions.js for interacting with the software upgrade API.
- Added version_access.php for user access validation and license management.
- Created upgrades.php for displaying available upgrades and handling user interactions.
- Enhanced UI with responsive design and progress indicators for downloads and purchases.

api/v2/get/download_logs.php

@@ -0,0 +1,100 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// Download Logs
+//------------------------------------------
+
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+$whereclause = '';
+
+//NEW ARRAY
+$criterias = [];
+$clause = '';
+
+//Check for $_GET variables and build up clause
+if(isset($get_content) && $get_content!=''){
+    //GET VARIABLES FROM URL
+    $requests = explode("&", $get_content);
+    //Check for keys and values
+    foreach ($requests as $y){
+        $v = explode("=", $y);
+        //INCLUDE VARIABLES IN ARRAY
+        $criterias[$v[0]] = $v[1];
+
+        if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
+        //do nothing
+        }
+        elseif ($v[0] == 'user_id') {
+            $clause .= ' AND dl.user_id = :'.$v[0];
+        }
+        elseif ($v[0] == 'version_id') {
+            $clause .= ' AND dl.version_id = :'.$v[0];
+        }
+        elseif ($v[0] == 'date_from') {
+            $clause .= ' AND dl.downloaded_at >= :'.$v[0];
+        }
+        elseif ($v[0] == 'date_to') {
+            $clause .= ' AND dl.downloaded_at <= :'.$v[0];
+        }
+        elseif ($v[0] == 'search') {
+            $clause .= ' AND (sv.name LIKE :'.$v[0].' OR u.username LIKE :'.$v[0].' OR dl.ip_address LIKE :'.$v[0].')';
+        }
+        else {
+            $clause .= ' AND dl.'.$v[0].' = :'.$v[0];
+        }
+    }
+    if ($whereclause == '' && $clause !=''){
+        $whereclause = 'WHERE '.substr($clause, 4);
+    } else {
+        $whereclause .= $clause;
+    }
+}
+
+//Define Query
+if(isset($criterias['totals']) && $criterias['totals']==''){
+//Request for total rows
+    $sql = 'SELECT count(*) as count FROM download_logs dl LEFT JOIN software_versions sv ON dl.version_id = sv.id LEFT JOIN users u ON dl.user_id = u.id '.$whereclause.'';
+}
+elseif (isset($criterias['list']) && $criterias['list']=='') {
+    //SQL for Paging
+    $sql = 'SELECT dl.*, sv.version, sv.name as software_name, u.username FROM download_logs dl LEFT JOIN software_versions sv ON dl.version_id = sv.id LEFT JOIN users u ON dl.user_id = u.id '.$whereclause.' ORDER BY dl.downloaded_at DESC';
+}
+else {
+    $current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
+    $sql = 'SELECT dl.*, sv.version, sv.name as software_name, u.username FROM download_logs dl LEFT JOIN software_versions sv ON dl.version_id = sv.id LEFT JOIN users u ON dl.user_id = u.id '.$whereclause.' ORDER BY dl.downloaded_at DESC LIMIT ?, ?';
+    $stmt = $pdo->prepare($sql);
+    $stmt->bindValue(1, ($current_page - 1) * $page_rows_products, PDO::PARAM_INT);
+    $stmt->bindValue(2, $page_rows_products, PDO::PARAM_INT);
+    $stmt->execute();
+    $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+}
+
+//Execute Query for totals/list
+if(isset($criterias['totals']) && $criterias['totals']==''){
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute();
+    $messages = $stmt->fetch();
+    $messages = $messages[0];
+}
+elseif(isset($criterias['list'])){
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute();
+    $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+}
+
+//------------------------------------------
+//JSON_ENCODE
+//------------------------------------------
+$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
+
+//Send results
+echo $messages;
+
+?>

api/v2/get/download_tokens.php

@@ -0,0 +1,97 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// Download Tokens
+//------------------------------------------
+
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+$whereclause = '';
+
+//NEW ARRAY
+$criterias = [];
+$clause = '';
+
+//Check for $_GET variables and build up clause
+if(isset($get_content) && $get_content!=''){
+    //GET VARIABLES FROM URL
+    $requests = explode("&", $get_content);
+    //Check for keys and values
+    foreach ($requests as $y){
+        $v = explode("=", $y);
+        //INCLUDE VARIABLES IN ARRAY
+        $criterias[$v[0]] = $v[1];
+
+        if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
+        //do nothing
+        }
+        elseif ($v[0] == 'user_id') {
+            $clause .= ' AND dt.user_id = :'.$v[0];
+        }
+        elseif ($v[0] == 'version_id') {
+            $clause .= ' AND dt.version_id = :'.$v[0];
+        }
+        elseif ($v[0] == 'used') {
+            $clause .= ' AND dt.used = :'.$v[0];
+        }
+        elseif ($v[0] == 'token') {
+            $clause .= ' AND dt.token = :'.$v[0];
+        }
+        else {
+            $clause .= ' AND dt.'.$v[0].' = :'.$v[0];
+        }
+    }
+    if ($whereclause == '' && $clause !=''){
+        $whereclause = 'WHERE '.substr($clause, 4);
+    } else {
+        $whereclause .= $clause;
+    }
+}
+
+//Define Query
+if(isset($criterias['totals']) && $criterias['totals']==''){
+//Request for total rows
+    $sql = 'SELECT count(*) as count FROM download_tokens dt LEFT JOIN software_versions sv ON dt.version_id = sv.id LEFT JOIN users u ON dt.user_id = u.id '.$whereclause.'';
+}
+elseif (isset($criterias['list']) && $criterias['list']=='') {
+    //SQL for Paging
+    $sql = 'SELECT dt.*, sv.version, sv.name as software_name, u.username FROM download_tokens dt LEFT JOIN software_versions sv ON dt.version_id = sv.id LEFT JOIN users u ON dt.user_id = u.id '.$whereclause.' ORDER BY dt.created_at DESC';
+}
+else {
+    $current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
+    $sql = 'SELECT dt.*, sv.version, sv.name as software_name, u.username FROM download_tokens dt LEFT JOIN software_versions sv ON dt.version_id = sv.id LEFT JOIN users u ON dt.user_id = u.id '.$whereclause.' ORDER BY dt.created_at DESC LIMIT ?, ?';
+    $stmt = $pdo->prepare($sql);
+    $stmt->bindValue(1, ($current_page - 1) * $page_rows_products, PDO::PARAM_INT);
+    $stmt->bindValue(2, $page_rows_products, PDO::PARAM_INT);
+    $stmt->execute();
+    $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+}
+
+//Execute Query for totals/list
+if(isset($criterias['totals']) && $criterias['totals']==''){
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute();
+    $messages = $stmt->fetch();
+    $messages = $messages[0];
+}
+elseif(isset($criterias['list'])){
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute();
+    $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+}
+
+//------------------------------------------
+//JSON_ENCODE
+//------------------------------------------
+$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
+
+//Send results
+echo $messages;
+
+?>

api/v2/get/software.php

@@ -0,0 +1,170 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// Software Versions for Upgrades
+//------------------------------------------
+
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+$whereclause = '';
+
+//NEW ARRAY
+$criterias = [];
+$clause = '';
+
+//Check for $_GET variables and build up clause
+if(isset($get_content) && $get_content!=''){
+    //GET VARIABLES FROM URL
+    $requests = explode("&", $get_content);
+    //Check for keys and values
+    foreach ($requests as $y){
+        $v = explode("=", $y);
+        //INCLUDE VARIABLES IN ARRAY
+        $criterias[$v[0]] = $v[1];
+
+        if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
+        //do nothing
+        }
+        elseif ($v[0] == 'available') {
+            // Special case: get available upgrades for current user
+            // This will be handled separately below
+        }
+        elseif ($v[0] == 'version_id') {
+            $clause .= ' AND sv.id = :'.$v[0];
+        }
+        elseif ($v[0] == 'version') {
+            $clause .= ' AND sv.version = :'.$v[0];
+        }
+        elseif ($v[0] == 'search') {
+            $clause .= ' AND (sv.name LIKE :'.$v[0].' OR sv.description LIKE :'.$v[0].')';
+        }
+        else {
+            $clause .= ' AND sv.'.$v[0].' = :'.$v[0];
+        }
+    }
+    if ($whereclause == '' && $clause !=''){
+        $whereclause = 'WHERE '.substr($clause, 4);
+    } else {
+        $whereclause .= $clause;
+    }
+}
+
+// Special handling for available upgrades
+if (isset($criterias['available'])) {
+    // Include version access logic
+    require_once './includes/version_access.php';
+
+    $userId = $user_data['id'];
+
+    // Get all active versions
+    $stmt = $pdo->prepare("
+        SELECT sv.id, sv.version, sv.major_version, sv.minor_version, sv.patch_version,
+               sv.name, sv.description, sv.file_size, sv.release_date
+        FROM software_versions sv
+        WHERE sv.is_active = TRUE
+        ORDER BY sv.major_version DESC, sv.minor_version DESC, sv.patch_version DESC
+    ");
+    $stmt->execute();
+    $versions = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+    // Get user's current versions
+    $ownedVersions = getUserOwnedVersions($userId);
+    $latestOwned = getLatestOwnedVersion($userId);
+
+    $response = [
+        'current_version' => $latestOwned ? $latestOwned['version'] : null,
+        'owned_versions' => array_map(function($v) {
+            return [
+                'version' => $v['version'],
+                'name' => $v['name'],
+                'purchased_at' => $v['purchased_at']
+            ];
+        }, $ownedVersions),
+        'available_versions' => []
+    ];
+
+    // Check access for each version
+    foreach ($versions as $version) {
+        $accessInfo = checkVersionAccess($userId, $version['id']);
+
+        $versionData = [
+            'id' => $version['id'],
+            'version' => $version['version'],
+            'name' => $version['name'],
+            'description' => $version['description'],
+            'file_size' => $version['file_size'],
+            'release_date' => $version['release_date'],
+            'is_accessible' => $accessInfo['accessible'],
+            'requires_payment' => $accessInfo['requires_payment'] ?? false,
+            'price' => $accessInfo['price'] ?? 0.00,
+            'access_reason' => $accessInfo['reason']
+        ];
+
+        // Add additional info based on access type
+        if (isset($accessInfo['original_price'])) {
+            $versionData['original_price'] = $accessInfo['original_price'];
+        }
+        if (isset($accessInfo['is_upgrade'])) {
+            $versionData['is_upgrade'] = $accessInfo['is_upgrade'];
+        }
+        if (isset($accessInfo['from_version'])) {
+            $versionData['upgrade_from'] = $accessInfo['from_version'];
+        }
+        if (isset($accessInfo['required_version'])) {
+            $versionData['required_version'] = $accessInfo['required_version'];
+        }
+
+        $response['available_versions'][] = $versionData;
+    }
+
+    $messages = $response;
+}
+else {
+    // Regular software versions query
+    if(isset($criterias['totals']) && $criterias['totals']==''){
+        //Request for total rows
+        $sql = 'SELECT count(*) as count FROM software_versions sv '.$whereclause.'';
+    }
+    elseif (isset($criterias['list']) && $criterias['list']=='') {
+        //SQL for Paging
+        $sql = 'SELECT sv.* FROM software_versions sv '.$whereclause.' ORDER BY sv.major_version DESC, sv.minor_version DESC, sv.patch_version DESC';
+    }
+    else {
+        $current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
+        $sql = 'SELECT sv.* FROM software_versions sv '.$whereclause.' ORDER BY sv.major_version DESC, sv.minor_version DESC, sv.patch_version DESC LIMIT ?, ?';
+        $stmt = $pdo->prepare($sql);
+        $stmt->bindValue(1, ($current_page - 1) * $page_rows_products, PDO::PARAM_INT);
+        $stmt->bindValue(2, $page_rows_products, PDO::PARAM_INT);
+        $stmt->execute();
+        $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+    }
+
+    //Execute Query for totals/list
+    if(isset($criterias['totals']) && $criterias['totals']==''){
+        $stmt = $pdo->prepare($sql);
+        $stmt->execute();
+        $messages = $stmt->fetch();
+        $messages = $messages[0];
+    }
+    elseif(isset($criterias['list'])){
+        $stmt = $pdo->prepare($sql);
+        $stmt->execute();
+        $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+    }
+}
+
+//------------------------------------------
+//JSON_ENCODE
+//------------------------------------------
+$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
+
+//Send results
+echo $messages;
+
+?>

api/v2/get/software_download.php

@@ -0,0 +1,95 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// Secure Software Download
+//------------------------------------------
+
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+$token = $_GET['token'] ?? null;
+
+if (!$token) {
+    http_response_code(400);
+    exit('Invalid request');
+}
+
+// Validate token
+$tokenData = validateDownloadToken($pdo, $token);
+if (!$tokenData) {
+    http_response_code(403);
+    exit('Invalid or expired token');
+}
+
+// Get file details
+$stmt = $pdo->prepare("SELECT * FROM software_versions WHERE id = ?");
+$stmt->execute([$tokenData['version_id']]);
+$version = $stmt->fetch(PDO::FETCH_ASSOC);
+
+if (!$version) {
+    http_response_code(404);
+    exit('File not found');
+}
+
+// Invalidate token after use (one-time use)
+invalidateToken($pdo, $token);
+
+// Stream the file
+$filePath = $version['file_path']; // e.g., '/var/www/secure_files/update_v2.0.zip'
+
+if (!file_exists($filePath)) {
+    http_response_code(404);
+    exit('File not found on server');
+}
+
+// Set headers for file download
+header('Content-Type: application/octet-stream');
+header('Content-Disposition: attachment; filename="' . basename($version['filename']) . '"');
+header('Content-Length: ' . filesize($filePath));
+header('Cache-Control: no-cache, must-revalidate');
+header('Pragma: no-cache');
+header('Expires: 0');
+
+// Stream file in chunks to handle large files
+$handle = fopen($filePath, 'rb');
+while (!feof($handle)) {
+    echo fread($handle, 8192);
+    flush();
+}
+fclose($handle);
+exit;
+
+// Helper functions for token management
+function validateDownloadToken($pdo, $token) {
+    $stmt = $pdo->prepare(
+        "SELECT user_id, version_id, expires_at, used
+         FROM download_tokens
+         WHERE token = ?"
+    );
+    $stmt->execute([$token]);
+    $tokenData = $stmt->fetch(PDO::FETCH_ASSOC);
+
+    if (!$tokenData) {
+        return false;
+    }
+
+    // Check if expired
+    if (strtotime($tokenData['expires_at']) < time()) {
+        return false;
+    }
+
+    // Check if already used
+    if ($tokenData['used']) {
+        return false;
+    }
+
+    return $tokenData;
+}
+
+function invalidateToken($pdo, $token) {
+    $stmt = $pdo->prepare("UPDATE download_tokens SET used = 1 WHERE token = ?");
+    $stmt->execute([$token]);
+}
+
+?>

api/v2/get/upgrade_paths.php

@@ -0,0 +1,97 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// Upgrade Paths
+//------------------------------------------
+
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+$whereclause = '';
+
+//NEW ARRAY
+$criterias = [];
+$clause = '';
+
+//Check for $_GET variables and build up clause
+if(isset($get_content) && $get_content!=''){
+    //GET VARIABLES FROM URL
+    $requests = explode("&", $get_content);
+    //Check for keys and values
+    foreach ($requests as $y){
+        $v = explode("=", $y);
+        //INCLUDE VARIABLES IN ARRAY
+        $criterias[$v[0]] = $v[1];
+
+        if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
+        //do nothing
+        }
+        elseif ($v[0] == 'from_version_id') {
+            $clause .= ' AND up.from_version_id = :'.$v[0];
+        }
+        elseif ($v[0] == 'to_version_id') {
+            $clause .= ' AND up.to_version_id = :'.$v[0];
+        }
+        elseif ($v[0] == 'is_free') {
+            $clause .= ' AND up.is_free = :'.$v[0];
+        }
+        elseif ($v[0] == 'search') {
+            $clause .= ' AND (sv1.name LIKE :'.$v[0].' OR sv2.name LIKE :'.$v[0].' OR up.description LIKE :'.$v[0].')';
+        }
+        else {
+            $clause .= ' AND up.'.$v[0].' = :'.$v[0];
+        }
+    }
+    if ($whereclause == '' && $clause !=''){
+        $whereclause = 'WHERE '.substr($clause, 4);
+    } else {
+        $whereclause .= $clause;
+    }
+}
+
+//Define Query
+if(isset($criterias['totals']) && $criterias['totals']==''){
+//Request for total rows
+    $sql = 'SELECT count(*) as count FROM upgrade_paths up LEFT JOIN software_versions sv1 ON up.from_version_id = sv1.id LEFT JOIN software_versions sv2 ON up.to_version_id = sv2.id '.$whereclause.'';
+}
+elseif (isset($criterias['list']) && $criterias['list']=='') {
+    //SQL for Paging
+    $sql = 'SELECT up.*, sv1.version as from_version, sv1.name as from_name, sv2.version as to_version, sv2.name as to_name FROM upgrade_paths up LEFT JOIN software_versions sv1 ON up.from_version_id = sv1.id LEFT JOIN software_versions sv2 ON up.to_version_id = sv2.id '.$whereclause.' ORDER BY up.id';
+}
+else {
+    $current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
+    $sql = 'SELECT up.*, sv1.version as from_version, sv1.name as from_name, sv2.version as to_version, sv2.name as to_name FROM upgrade_paths up LEFT JOIN software_versions sv1 ON up.from_version_id = sv1.id LEFT JOIN software_versions sv2 ON up.to_version_id = sv2.id '.$whereclause.' ORDER BY up.id LIMIT ?, ?';
+    $stmt = $pdo->prepare($sql);
+    $stmt->bindValue(1, ($current_page - 1) * $page_rows_products, PDO::PARAM_INT);
+    $stmt->bindValue(2, $page_rows_products, PDO::PARAM_INT);
+    $stmt->execute();
+    $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+}
+
+//Execute Query for totals/list
+if(isset($criterias['totals']) && $criterias['totals']==''){
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute();
+    $messages = $stmt->fetch();
+    $messages = $messages[0];
+}
+elseif(isset($criterias['list'])){
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute();
+    $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+}
+
+//------------------------------------------
+//JSON_ENCODE
+//------------------------------------------
+$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
+
+//Send results
+echo $messages;
+
+?>

api/v2/get/user_licenses.php

@@ -0,0 +1,97 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// User Licenses
+//------------------------------------------
+
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+$whereclause = '';
+
+//NEW ARRAY
+$criterias = [];
+$clause = '';
+
+//Check for $_GET variables and build up clause
+if(isset($get_content) && $get_content!=''){
+    //GET VARIABLES FROM URL
+    $requests = explode("&", $get_content);
+    //Check for keys and values
+    foreach ($requests as $y){
+        $v = explode("=", $y);
+        //INCLUDE VARIABLES IN ARRAY
+        $criterias[$v[0]] = $v[1];
+
+        if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
+        //do nothing
+        }
+        elseif ($v[0] == 'user_id') {
+            $clause .= ' AND ul.user_id = :'.$v[0];
+        }
+        elseif ($v[0] == 'version_id') {
+            $clause .= ' AND ul.version_id = :'.$v[0];
+        }
+        elseif ($v[0] == 'status') {
+            $clause .= ' AND ul.status = :'.$v[0];
+        }
+        elseif ($v[0] == 'search') {
+            $clause .= ' AND (sv.name LIKE :'.$v[0].' OR ul.license_key LIKE :'.$v[0].')';
+        }
+        else {
+            $clause .= ' AND ul.'.$v[0].' = :'.$v[0];
+        }
+    }
+    if ($whereclause == '' && $clause !=''){
+        $whereclause = 'WHERE '.substr($clause, 4);
+    } else {
+        $whereclause .= $clause;
+    }
+}
+
+//Define Query
+if(isset($criterias['totals']) && $criterias['totals']==''){
+//Request for total rows
+    $sql = 'SELECT count(*) as count FROM user_licenses ul LEFT JOIN software_versions sv ON ul.version_id = sv.id '.$whereclause.'';
+}
+elseif (isset($criterias['list']) && $criterias['list']=='') {
+    //SQL for Paging
+    $sql = 'SELECT ul.*, sv.version, sv.name as software_name FROM user_licenses ul LEFT JOIN software_versions sv ON ul.version_id = sv.id '.$whereclause.' ORDER BY ul.purchased_at DESC';
+}
+else {
+    $current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
+    $sql = 'SELECT ul.*, sv.version, sv.name as software_name FROM user_licenses ul LEFT JOIN software_versions sv ON ul.version_id = sv.id '.$whereclause.' ORDER BY ul.purchased_at DESC LIMIT ?, ?';
+    $stmt = $pdo->prepare($sql);
+    $stmt->bindValue(1, ($current_page - 1) * $page_rows_products, PDO::PARAM_INT);
+    $stmt->bindValue(2, $page_rows_products, PDO::PARAM_INT);
+    $stmt->execute();
+    $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+}
+
+//Execute Query for totals/list
+if(isset($criterias['totals']) && $criterias['totals']==''){
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute();
+    $messages = $stmt->fetch();
+    $messages = $messages[0];
+}
+elseif(isset($criterias['list'])){
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute();
+    $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+}
+
+//------------------------------------------
+//JSON_ENCODE
+//------------------------------------------
+$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
+
+//Send results
+echo $messages;
+
+?>

api/v2/get/version_access_rules.php

@@ -0,0 +1,94 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// Version Access Rules
+//------------------------------------------
+
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+$whereclause = '';
+
+//NEW ARRAY
+$criterias = [];
+$clause = '';
+
+//Check for $_GET variables and build up clause
+if(isset($get_content) && $get_content!=''){
+    //GET VARIABLES FROM URL
+    $requests = explode("&", $get_content);
+    //Check for keys and values
+    foreach ($requests as $y){
+        $v = explode("=", $y);
+        //INCLUDE VARIABLES IN ARRAY
+        $criterias[$v[0]] = $v[1];
+
+        if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
+        //do nothing
+        }
+        elseif ($v[0] == 'version_id') {
+            $clause .= ' AND var.version_id = :'.$v[0];
+        }
+        elseif ($v[0] == 'access_type') {
+            $clause .= ' AND var.access_type = :'.$v[0];
+        }
+        elseif ($v[0] == 'search') {
+            $clause .= ' AND (sv.name LIKE :'.$v[0].' OR var.description LIKE :'.$v[0].')';
+        }
+        else {
+            $clause .= ' AND var.'.$v[0].' = :'.$v[0];
+        }
+    }
+    if ($whereclause == '' && $clause !=''){
+        $whereclause = 'WHERE '.substr($clause, 4);
+    } else {
+        $whereclause .= $clause;
+    }
+}
+
+//Define Query
+if(isset($criterias['totals']) && $criterias['totals']==''){
+//Request for total rows
+    $sql = 'SELECT count(*) as count FROM version_access_rules var LEFT JOIN software_versions sv ON var.version_id = sv.id '.$whereclause.'';
+}
+elseif (isset($criterias['list']) && $criterias['list']=='') {
+    //SQL for Paging
+    $sql = 'SELECT var.*, sv.version, sv.name as software_name FROM version_access_rules var LEFT JOIN software_versions sv ON var.version_id = sv.id '.$whereclause.' ORDER BY var.id';
+}
+else {
+    $current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
+    $sql = 'SELECT var.*, sv.version, sv.name as software_name FROM version_access_rules var LEFT JOIN software_versions sv ON var.version_id = sv.id '.$whereclause.' ORDER BY var.id LIMIT ?, ?';
+    $stmt = $pdo->prepare($sql);
+    $stmt->bindValue(1, ($current_page - 1) * $page_rows_products, PDO::PARAM_INT);
+    $stmt->bindValue(2, $page_rows_products, PDO::PARAM_INT);
+    $stmt->execute();
+    $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+}
+
+//Execute Query for totals/list
+if(isset($criterias['totals']) && $criterias['totals']==''){
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute();
+    $messages = $stmt->fetch();
+    $messages = $messages[0];
+}
+elseif(isset($criterias['list'])){
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute();
+    $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+}
+
+//------------------------------------------
+//JSON_ENCODE
+//------------------------------------------
+$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
+
+//Send results
+echo $messages;
+
+?>

api/v2/post/software.php

@@ -0,0 +1,202 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// Software Versions Management
+//------------------------------------------
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//CONTENT FROM API (POST)
+$post_content = json_decode($input,true);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+list($whereclause,$condition) = getWhereclause('',$permission,$partner,'');
+
+// Handle different actions
+$action = $post_content['action'] ?? '';
+
+switch ($action) {
+    case 'download':
+        // Handle secure download request
+        require_once './includes/version_access.php';
+
+        $versionId = $post_content['version_id'] ?? null;
+
+        if (!$versionId) {
+            http_response_code(400);
+            echo json_encode(['error' => 'Missing version_id']);
+            exit;
+        }
+
+        $userId = $user_data['id'];
+
+        // Validate user has access to this version
+        if (!validateUserAccess($userId, $versionId)) {
+            http_response_code(403);
+            echo json_encode(['error' => 'Access denied. Payment required or insufficient permissions.']);
+            exit;
+        }
+
+        // Get version details
+        $stmt = $pdo->prepare("SELECT * FROM software_versions WHERE id = ?");
+        $stmt->execute([$versionId]);
+        $version = $stmt->fetch(PDO::FETCH_ASSOC);
+
+        if (!$version) {
+            http_response_code(404);
+            echo json_encode(['error' => 'Version not found']);
+            exit;
+        }
+
+        // Log the download
+        logDownload($pdo, $userId, $versionId);
+
+        // Generate temporary signed URL
+        $downloadToken = generateSecureDownloadToken($pdo, $userId, $versionId);
+
+        echo json_encode([
+            'download_url' => '/api/v2/get/software_download.php?token=' . $downloadToken,
+            'expires_in' => 300 // 5 minutes
+        ]);
+        break;
+
+    case 'purchase':
+        // Handle purchase/license grant
+        require_once './includes/version_access.php';
+
+        $versionId = $post_content['version_id'] ?? null;
+        $transactionId = $post_content['transaction_id'] ?? null;
+
+        if (!$versionId) {
+            http_response_code(400);
+            echo json_encode(['error' => 'Missing version_id']);
+            exit;
+        }
+
+        $userId = $user_data['id'];
+
+        // Verify payment was successful (integrate with your payment processor)
+        $paymentVerified = true; // For testing - integrate with actual payment verification
+
+        if (!$paymentVerified) {
+            http_response_code(400);
+            echo json_encode(['error' => 'Payment verification failed']);
+            exit;
+        }
+
+        // Check access requirements
+        $accessInfo = checkVersionAccess($userId, $versionId);
+
+        if ($accessInfo['accessible']) {
+            // Already has access
+            echo json_encode([
+                'success' => true,
+                'message' => 'You already have access to this version',
+                'license_granted' => false
+            ]);
+            exit;
+        }
+
+        if (!$accessInfo['requires_payment']) {
+            // Shouldn't need payment
+            http_response_code(400);
+            echo json_encode(['error' => 'This version does not require payment']);
+            exit;
+        }
+
+        // Grant license
+        $success = grantLicense($pdo, $userId, $versionId, $transactionId);
+
+        if ($success) {
+            echo json_encode([
+                'success' => true,
+                'message' => 'License granted successfully',
+                'license_granted' => true
+            ]);
+        } else {
+            http_response_code(500);
+            echo json_encode(['error' => 'Failed to grant license']);
+        }
+        break;
+
+    default:
+        // Handle CRUD operations for software versions (admin only)
+        if (!isAllowed('software', $profile, $permission, 'C') &&
+            !isAllowed('software', $profile, $permission, 'U') &&
+            !isAllowed('software', $profile, $permission, 'D')) {
+            http_response_code(403);
+            echo json_encode(['error' => 'Insufficient permissions']);
+            exit;
+        }
+
+        //SET PARAMETERS FOR QUERY
+        $id = $post_content['id'] ?? ''; //check for id
+        $command = ($id == '')? 'insert' : 'update';  //IF id = empty then INSERT
+        if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
+        $date = date('Y-m-d H:i:s');
+
+        //CREATE EMPTY STRINGS
+        $clause = '';
+        $clause_insert ='';
+        $input_insert = '';
+
+        //ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
+        if ($command == 'update'){
+            $post_content['updated'] = $date;
+            $post_content['updatedby'] = $username;
+        }
+        elseif ($command == 'insert'){
+            $post_content['created'] = $date;
+            $post_content['createdby'] = $username;
+        }
+
+        //BUILD UP CLAUSE
+        $execute_input = [];
+        foreach ($post_content as $key => $value) {
+            if ($key == 'action' || $key == 'id' || $key == 'delete') continue;
+
+            if ($command == 'insert') {
+                $clause_insert .= $key.',';
+                $input_insert .= '?,';
+                $execute_input[] = $value;
+            } elseif ($command == 'update') {
+                $clause .= $key.'=?,';
+                $execute_input[] = $value;
+            }
+        }
+
+        //CLEAN UP INPUT
+        $clause = substr($clause, 0, -1); //Clean clause - remove last comma
+        $clause_insert = substr($clause_insert, 0, -1); //Clean clause - remove last comma
+        $input_insert = substr($input_insert, 0, -1); //Clean clause - remove last comma
+
+        //QUERY AND VERIFY ALLOWED
+        if ($command == 'update' && isAllowed('software',$profile,$permission,'U') === 1){
+            $sql = 'UPDATE software_versions SET '.$clause.' WHERE id = ?';
+            $execute_input[] = $id;
+            $stmt = $pdo->prepare($sql);
+            $stmt->execute($execute_input);
+        }
+        elseif ($command == 'insert' && isAllowed('software',$profile,$permission,'C') === 1){
+            $sql = 'INSERT INTO software_versions ('.$clause_insert.') VALUES ('.$input_insert.')';
+            $stmt = $pdo->prepare($sql);
+            $stmt->execute($execute_input);
+        }
+        elseif ($command == 'delete' && isAllowed('software',$profile,$permission,'D') === 1){
+            $stmt = $pdo->prepare('DELETE FROM software_versions WHERE id = ?');
+            $stmt->execute([$id]);
+
+            //Add deletion to changelog
+            changelog($dbname,'software_versions',$id,'Delete','Delete',$username);
+        } else {
+            http_response_code(403);
+            echo json_encode(['error' => 'Operation not allowed']);
+        }
+        break;
+}
+
+?>

api/v2/post/upgrade_paths.php

@@ -0,0 +1,84 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// Upgrade Paths Management
+//------------------------------------------
+
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//CONTENT FROM API (POST)
+$post_content = json_decode($input,true);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+list($whereclause,$condition) = getWhereclause('',$permission,$partner,'');
+
+//SET PARAMETERS FOR QUERY
+$id = $post_content['id'] ?? ''; //check for id
+$command = ($id == '')? 'insert' : 'update';  //IF id = empty then INSERT
+if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
+$date = date('Y-m-d H:i:s');
+
+//CREATE EMPTY STRINGS
+$clause = '';
+$clause_insert ='';
+$input_insert = '';
+
+//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
+if ($command == 'update'){
+    $post_content['updated'] = $date;
+    $post_content['updatedby'] = $username;
+}
+elseif ($command == 'insert'){
+    $post_content['created'] = $date;
+    $post_content['createdby'] = $username;
+}
+
+//BUILD UP CLAUSE
+$execute_input = [];
+foreach ($post_content as $key => $value) {
+    if ($key == 'id' || $key == 'delete') continue;
+
+    if ($command == 'insert') {
+        $clause_insert .= $key.',';
+        $input_insert .= '?,';
+        $execute_input[] = $value;
+    } elseif ($command == 'update') {
+        $clause .= $key.'=?,';
+        $execute_input[] = $value;
+    }
+}
+
+//CLEAN UP INPUT
+$clause = substr($clause, 0, -1); //Clean clause - remove last comma
+$clause_insert = substr($clause_insert, 0, -1); //Clean clause - remove last comma
+$input_insert = substr($input_insert, 0, -1); //Clean clause - remove last comma
+
+//QUERY AND VERIFY ALLOWED
+if ($command == 'update' && isAllowed('upgrade_paths',$profile,$permission,'U') === 1){
+    $sql = 'UPDATE upgrade_paths SET '.$clause.' WHERE id = ?';
+    $execute_input[] = $id;
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute($execute_input);
+}
+elseif ($command == 'insert' && isAllowed('upgrade_paths',$profile,$permission,'C') === 1){
+    $sql = 'INSERT INTO upgrade_paths ('.$clause_insert.') VALUES ('.$input_insert.')';
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute($execute_input);
+}
+elseif ($command == 'delete' && isAllowed('upgrade_paths',$profile,$permission,'D') === 1){
+    $stmt = $pdo->prepare('DELETE FROM upgrade_paths WHERE id = ?');
+    $stmt->execute([$id]);
+
+    //Add deletion to changelog
+    changelog($dbname,'upgrade_paths',$id,'Delete','Delete',$username);
+} else {
+    http_response_code(403);
+    echo json_encode(['error' => 'Operation not allowed']);
+}
+
+?>

api/v2/post/user_licenses.php

@@ -0,0 +1,84 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// User Licenses Management
+//------------------------------------------
+
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//CONTENT FROM API (POST)
+$post_content = json_decode($input,true);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+list($whereclause,$condition) = getWhereclause('',$permission,$partner,'');
+
+//SET PARAMETERS FOR QUERY
+$id = $post_content['id'] ?? ''; //check for id
+$command = ($id == '')? 'insert' : 'update';  //IF id = empty then INSERT
+if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
+$date = date('Y-m-d H:i:s');
+
+//CREATE EMPTY STRINGS
+$clause = '';
+$clause_insert ='';
+$input_insert = '';
+
+//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
+if ($command == 'update'){
+    $post_content['updated'] = $date;
+    $post_content['updatedby'] = $username;
+}
+elseif ($command == 'insert'){
+    $post_content['created'] = $date;
+    $post_content['createdby'] = $username;
+}
+
+//BUILD UP CLAUSE
+$execute_input = [];
+foreach ($post_content as $key => $value) {
+    if ($key == 'id' || $key == 'delete') continue;
+
+    if ($command == 'insert') {
+        $clause_insert .= $key.',';
+        $input_insert .= '?,';
+        $execute_input[] = $value;
+    } elseif ($command == 'update') {
+        $clause .= $key.'=?,';
+        $execute_input[] = $value;
+    }
+}
+
+//CLEAN UP INPUT
+$clause = substr($clause, 0, -1); //Clean clause - remove last comma
+$clause_insert = substr($clause_insert, 0, -1); //Clean clause - remove last comma
+$input_insert = substr($input_insert, 0, -1); //Clean clause - remove last comma
+
+//QUERY AND VERIFY ALLOWED
+if ($command == 'update' && isAllowed('user_licenses',$profile,$permission,'U') === 1){
+    $sql = 'UPDATE user_licenses SET '.$clause.' WHERE id = ?';
+    $execute_input[] = $id;
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute($execute_input);
+}
+elseif ($command == 'insert' && isAllowed('user_licenses',$profile,$permission,'C') === 1){
+    $sql = 'INSERT INTO user_licenses ('.$clause_insert.') VALUES ('.$input_insert.')';
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute($execute_input);
+}
+elseif ($command == 'delete' && isAllowed('user_licenses',$profile,$permission,'D') === 1){
+    $stmt = $pdo->prepare('DELETE FROM user_licenses WHERE id = ?');
+    $stmt->execute([$id]);
+
+    //Add deletion to changelog
+    changelog($dbname,'user_licenses',$id,'Delete','Delete',$username);
+} else {
+    http_response_code(403);
+    echo json_encode(['error' => 'Operation not allowed']);
+}
+
+?>

api/v2/post/version_access_rules.php

@@ -0,0 +1,84 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// Version Access Rules Management
+//------------------------------------------
+
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//CONTENT FROM API (POST)
+$post_content = json_decode($input,true);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+list($whereclause,$condition) = getWhereclause('',$permission,$partner,'');
+
+//SET PARAMETERS FOR QUERY
+$id = $post_content['id'] ?? ''; //check for id
+$command = ($id == '')? 'insert' : 'update';  //IF id = empty then INSERT
+if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
+$date = date('Y-m-d H:i:s');
+
+//CREATE EMPTY STRINGS
+$clause = '';
+$clause_insert ='';
+$input_insert = '';
+
+//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
+if ($command == 'update'){
+    $post_content['updated'] = $date;
+    $post_content['updatedby'] = $username;
+}
+elseif ($command == 'insert'){
+    $post_content['created'] = $date;
+    $post_content['createdby'] = $username;
+}
+
+//BUILD UP CLAUSE
+$execute_input = [];
+foreach ($post_content as $key => $value) {
+    if ($key == 'id' || $key == 'delete') continue;
+
+    if ($command == 'insert') {
+        $clause_insert .= $key.',';
+        $input_insert .= '?,';
+        $execute_input[] = $value;
+    } elseif ($command == 'update') {
+        $clause .= $key.'=?,';
+        $execute_input[] = $value;
+    }
+}
+
+//CLEAN UP INPUT
+$clause = substr($clause, 0, -1); //Clean clause - remove last comma
+$clause_insert = substr($clause_insert, 0, -1); //Clean clause - remove last comma
+$input_insert = substr($input_insert, 0, -1); //Clean clause - remove last comma
+
+//QUERY AND VERIFY ALLOWED
+if ($command == 'update' && isAllowed('version_access_rules',$profile,$permission,'U') === 1){
+    $sql = 'UPDATE version_access_rules SET '.$clause.' WHERE id = ?';
+    $execute_input[] = $id;
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute($execute_input);
+}
+elseif ($command == 'insert' && isAllowed('version_access_rules',$profile,$permission,'C') === 1){
+    $sql = 'INSERT INTO version_access_rules ('.$clause_insert.') VALUES ('.$input_insert.')';
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute($execute_input);
+}
+elseif ($command == 'delete' && isAllowed('version_access_rules',$profile,$permission,'D') === 1){
+    $stmt = $pdo->prepare('DELETE FROM version_access_rules WHERE id = ?');
+    $stmt->execute([$id]);
+
+    //Add deletion to changelog
+    changelog($dbname,'version_access_rules',$id,'Delete','Delete',$username);
+} else {
+    http_response_code(403);
+    echo json_encode(['error' => 'Operation not allowed']);
+}
+
+?>