Implement Software Upgrade Management API and Frontend Functionality

- Added software.php for managing software versions, including download and purchase actions.
- Created upgrade_paths.php for handling upgrade paths management.
- Developed user_licenses.php for managing user licenses.
- Introduced version_access_rules.php for managing access rules for software versions.
- Implemented frontend functions in functions.js for interacting with the software upgrade API.
- Added version_access.php for user access validation and license management.
- Created upgrades.php for displaying available upgrades and handling user interactions.
- Enhanced UI with responsive design and progress indicators for downloads and purchases.

api/v2/post/software.php

@@ -0,0 +1,202 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// Software Versions Management
+//------------------------------------------
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//CONTENT FROM API (POST)
+$post_content = json_decode($input,true);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+list($whereclause,$condition) = getWhereclause('',$permission,$partner,'');
+
+// Handle different actions
+$action = $post_content['action'] ?? '';
+
+switch ($action) {
+    case 'download':
+        // Handle secure download request
+        require_once './includes/version_access.php';
+
+        $versionId = $post_content['version_id'] ?? null;
+
+        if (!$versionId) {
+            http_response_code(400);
+            echo json_encode(['error' => 'Missing version_id']);
+            exit;
+        }
+
+        $userId = $user_data['id'];
+
+        // Validate user has access to this version
+        if (!validateUserAccess($userId, $versionId)) {
+            http_response_code(403);
+            echo json_encode(['error' => 'Access denied. Payment required or insufficient permissions.']);
+            exit;
+        }
+
+        // Get version details
+        $stmt = $pdo->prepare("SELECT * FROM software_versions WHERE id = ?");
+        $stmt->execute([$versionId]);
+        $version = $stmt->fetch(PDO::FETCH_ASSOC);
+
+        if (!$version) {
+            http_response_code(404);
+            echo json_encode(['error' => 'Version not found']);
+            exit;
+        }
+
+        // Log the download
+        logDownload($pdo, $userId, $versionId);
+
+        // Generate temporary signed URL
+        $downloadToken = generateSecureDownloadToken($pdo, $userId, $versionId);
+
+        echo json_encode([
+            'download_url' => '/api/v2/get/software_download.php?token=' . $downloadToken,
+            'expires_in' => 300 // 5 minutes
+        ]);
+        break;
+
+    case 'purchase':
+        // Handle purchase/license grant
+        require_once './includes/version_access.php';
+
+        $versionId = $post_content['version_id'] ?? null;
+        $transactionId = $post_content['transaction_id'] ?? null;
+
+        if (!$versionId) {
+            http_response_code(400);
+            echo json_encode(['error' => 'Missing version_id']);
+            exit;
+        }
+
+        $userId = $user_data['id'];
+
+        // Verify payment was successful (integrate with your payment processor)
+        $paymentVerified = true; // For testing - integrate with actual payment verification
+
+        if (!$paymentVerified) {
+            http_response_code(400);
+            echo json_encode(['error' => 'Payment verification failed']);
+            exit;
+        }
+
+        // Check access requirements
+        $accessInfo = checkVersionAccess($userId, $versionId);
+
+        if ($accessInfo['accessible']) {
+            // Already has access
+            echo json_encode([
+                'success' => true,
+                'message' => 'You already have access to this version',
+                'license_granted' => false
+            ]);
+            exit;
+        }
+
+        if (!$accessInfo['requires_payment']) {
+            // Shouldn't need payment
+            http_response_code(400);
+            echo json_encode(['error' => 'This version does not require payment']);
+            exit;
+        }
+
+        // Grant license
+        $success = grantLicense($pdo, $userId, $versionId, $transactionId);
+
+        if ($success) {
+            echo json_encode([
+                'success' => true,
+                'message' => 'License granted successfully',
+                'license_granted' => true
+            ]);
+        } else {
+            http_response_code(500);
+            echo json_encode(['error' => 'Failed to grant license']);
+        }
+        break;
+
+    default:
+        // Handle CRUD operations for software versions (admin only)
+        if (!isAllowed('software', $profile, $permission, 'C') &&
+            !isAllowed('software', $profile, $permission, 'U') &&
+            !isAllowed('software', $profile, $permission, 'D')) {
+            http_response_code(403);
+            echo json_encode(['error' => 'Insufficient permissions']);
+            exit;
+        }
+
+        //SET PARAMETERS FOR QUERY
+        $id = $post_content['id'] ?? ''; //check for id
+        $command = ($id == '')? 'insert' : 'update';  //IF id = empty then INSERT
+        if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
+        $date = date('Y-m-d H:i:s');
+
+        //CREATE EMPTY STRINGS
+        $clause = '';
+        $clause_insert ='';
+        $input_insert = '';
+
+        //ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
+        if ($command == 'update'){
+            $post_content['updated'] = $date;
+            $post_content['updatedby'] = $username;
+        }
+        elseif ($command == 'insert'){
+            $post_content['created'] = $date;
+            $post_content['createdby'] = $username;
+        }
+
+        //BUILD UP CLAUSE
+        $execute_input = [];
+        foreach ($post_content as $key => $value) {
+            if ($key == 'action' || $key == 'id' || $key == 'delete') continue;
+
+            if ($command == 'insert') {
+                $clause_insert .= $key.',';
+                $input_insert .= '?,';
+                $execute_input[] = $value;
+            } elseif ($command == 'update') {
+                $clause .= $key.'=?,';
+                $execute_input[] = $value;
+            }
+        }
+
+        //CLEAN UP INPUT
+        $clause = substr($clause, 0, -1); //Clean clause - remove last comma
+        $clause_insert = substr($clause_insert, 0, -1); //Clean clause - remove last comma
+        $input_insert = substr($input_insert, 0, -1); //Clean clause - remove last comma
+
+        //QUERY AND VERIFY ALLOWED
+        if ($command == 'update' && isAllowed('software',$profile,$permission,'U') === 1){
+            $sql = 'UPDATE software_versions SET '.$clause.' WHERE id = ?';
+            $execute_input[] = $id;
+            $stmt = $pdo->prepare($sql);
+            $stmt->execute($execute_input);
+        }
+        elseif ($command == 'insert' && isAllowed('software',$profile,$permission,'C') === 1){
+            $sql = 'INSERT INTO software_versions ('.$clause_insert.') VALUES ('.$input_insert.')';
+            $stmt = $pdo->prepare($sql);
+            $stmt->execute($execute_input);
+        }
+        elseif ($command == 'delete' && isAllowed('software',$profile,$permission,'D') === 1){
+            $stmt = $pdo->prepare('DELETE FROM software_versions WHERE id = ?');
+            $stmt->execute([$id]);
+
+            //Add deletion to changelog
+            changelog($dbname,'software_versions',$id,'Delete','Delete',$username);
+        } else {
+            http_response_code(403);
+            echo json_encode(['error' => 'Operation not allowed']);
+        }
+        break;
+}
+
+?>

api/v2/post/upgrade_paths.php

@@ -0,0 +1,84 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// Upgrade Paths Management
+//------------------------------------------
+
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//CONTENT FROM API (POST)
+$post_content = json_decode($input,true);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+list($whereclause,$condition) = getWhereclause('',$permission,$partner,'');
+
+//SET PARAMETERS FOR QUERY
+$id = $post_content['id'] ?? ''; //check for id
+$command = ($id == '')? 'insert' : 'update';  //IF id = empty then INSERT
+if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
+$date = date('Y-m-d H:i:s');
+
+//CREATE EMPTY STRINGS
+$clause = '';
+$clause_insert ='';
+$input_insert = '';
+
+//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
+if ($command == 'update'){
+    $post_content['updated'] = $date;
+    $post_content['updatedby'] = $username;
+}
+elseif ($command == 'insert'){
+    $post_content['created'] = $date;
+    $post_content['createdby'] = $username;
+}
+
+//BUILD UP CLAUSE
+$execute_input = [];
+foreach ($post_content as $key => $value) {
+    if ($key == 'id' || $key == 'delete') continue;
+
+    if ($command == 'insert') {
+        $clause_insert .= $key.',';
+        $input_insert .= '?,';
+        $execute_input[] = $value;
+    } elseif ($command == 'update') {
+        $clause .= $key.'=?,';
+        $execute_input[] = $value;
+    }
+}
+
+//CLEAN UP INPUT
+$clause = substr($clause, 0, -1); //Clean clause - remove last comma
+$clause_insert = substr($clause_insert, 0, -1); //Clean clause - remove last comma
+$input_insert = substr($input_insert, 0, -1); //Clean clause - remove last comma
+
+//QUERY AND VERIFY ALLOWED
+if ($command == 'update' && isAllowed('upgrade_paths',$profile,$permission,'U') === 1){
+    $sql = 'UPDATE upgrade_paths SET '.$clause.' WHERE id = ?';
+    $execute_input[] = $id;
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute($execute_input);
+}
+elseif ($command == 'insert' && isAllowed('upgrade_paths',$profile,$permission,'C') === 1){
+    $sql = 'INSERT INTO upgrade_paths ('.$clause_insert.') VALUES ('.$input_insert.')';
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute($execute_input);
+}
+elseif ($command == 'delete' && isAllowed('upgrade_paths',$profile,$permission,'D') === 1){
+    $stmt = $pdo->prepare('DELETE FROM upgrade_paths WHERE id = ?');
+    $stmt->execute([$id]);
+
+    //Add deletion to changelog
+    changelog($dbname,'upgrade_paths',$id,'Delete','Delete',$username);
+} else {
+    http_response_code(403);
+    echo json_encode(['error' => 'Operation not allowed']);
+}
+
+?>

api/v2/post/user_licenses.php

@@ -0,0 +1,84 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// User Licenses Management
+//------------------------------------------
+
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//CONTENT FROM API (POST)
+$post_content = json_decode($input,true);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+list($whereclause,$condition) = getWhereclause('',$permission,$partner,'');
+
+//SET PARAMETERS FOR QUERY
+$id = $post_content['id'] ?? ''; //check for id
+$command = ($id == '')? 'insert' : 'update';  //IF id = empty then INSERT
+if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
+$date = date('Y-m-d H:i:s');
+
+//CREATE EMPTY STRINGS
+$clause = '';
+$clause_insert ='';
+$input_insert = '';
+
+//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
+if ($command == 'update'){
+    $post_content['updated'] = $date;
+    $post_content['updatedby'] = $username;
+}
+elseif ($command == 'insert'){
+    $post_content['created'] = $date;
+    $post_content['createdby'] = $username;
+}
+
+//BUILD UP CLAUSE
+$execute_input = [];
+foreach ($post_content as $key => $value) {
+    if ($key == 'id' || $key == 'delete') continue;
+
+    if ($command == 'insert') {
+        $clause_insert .= $key.',';
+        $input_insert .= '?,';
+        $execute_input[] = $value;
+    } elseif ($command == 'update') {
+        $clause .= $key.'=?,';
+        $execute_input[] = $value;
+    }
+}
+
+//CLEAN UP INPUT
+$clause = substr($clause, 0, -1); //Clean clause - remove last comma
+$clause_insert = substr($clause_insert, 0, -1); //Clean clause - remove last comma
+$input_insert = substr($input_insert, 0, -1); //Clean clause - remove last comma
+
+//QUERY AND VERIFY ALLOWED
+if ($command == 'update' && isAllowed('user_licenses',$profile,$permission,'U') === 1){
+    $sql = 'UPDATE user_licenses SET '.$clause.' WHERE id = ?';
+    $execute_input[] = $id;
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute($execute_input);
+}
+elseif ($command == 'insert' && isAllowed('user_licenses',$profile,$permission,'C') === 1){
+    $sql = 'INSERT INTO user_licenses ('.$clause_insert.') VALUES ('.$input_insert.')';
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute($execute_input);
+}
+elseif ($command == 'delete' && isAllowed('user_licenses',$profile,$permission,'D') === 1){
+    $stmt = $pdo->prepare('DELETE FROM user_licenses WHERE id = ?');
+    $stmt->execute([$id]);
+
+    //Add deletion to changelog
+    changelog($dbname,'user_licenses',$id,'Delete','Delete',$username);
+} else {
+    http_response_code(403);
+    echo json_encode(['error' => 'Operation not allowed']);
+}
+
+?>

api/v2/post/version_access_rules.php

@@ -0,0 +1,84 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// Version Access Rules Management
+//------------------------------------------
+
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//CONTENT FROM API (POST)
+$post_content = json_decode($input,true);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+list($whereclause,$condition) = getWhereclause('',$permission,$partner,'');
+
+//SET PARAMETERS FOR QUERY
+$id = $post_content['id'] ?? ''; //check for id
+$command = ($id == '')? 'insert' : 'update';  //IF id = empty then INSERT
+if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
+$date = date('Y-m-d H:i:s');
+
+//CREATE EMPTY STRINGS
+$clause = '';
+$clause_insert ='';
+$input_insert = '';
+
+//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
+if ($command == 'update'){
+    $post_content['updated'] = $date;
+    $post_content['updatedby'] = $username;
+}
+elseif ($command == 'insert'){
+    $post_content['created'] = $date;
+    $post_content['createdby'] = $username;
+}
+
+//BUILD UP CLAUSE
+$execute_input = [];
+foreach ($post_content as $key => $value) {
+    if ($key == 'id' || $key == 'delete') continue;
+
+    if ($command == 'insert') {
+        $clause_insert .= $key.',';
+        $input_insert .= '?,';
+        $execute_input[] = $value;
+    } elseif ($command == 'update') {
+        $clause .= $key.'=?,';
+        $execute_input[] = $value;
+    }
+}
+
+//CLEAN UP INPUT
+$clause = substr($clause, 0, -1); //Clean clause - remove last comma
+$clause_insert = substr($clause_insert, 0, -1); //Clean clause - remove last comma
+$input_insert = substr($input_insert, 0, -1); //Clean clause - remove last comma
+
+//QUERY AND VERIFY ALLOWED
+if ($command == 'update' && isAllowed('version_access_rules',$profile,$permission,'U') === 1){
+    $sql = 'UPDATE version_access_rules SET '.$clause.' WHERE id = ?';
+    $execute_input[] = $id;
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute($execute_input);
+}
+elseif ($command == 'insert' && isAllowed('version_access_rules',$profile,$permission,'C') === 1){
+    $sql = 'INSERT INTO version_access_rules ('.$clause_insert.') VALUES ('.$input_insert.')';
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute($execute_input);
+}
+elseif ($command == 'delete' && isAllowed('version_access_rules',$profile,$permission,'D') === 1){
+    $stmt = $pdo->prepare('DELETE FROM version_access_rules WHERE id = ?');
+    $stmt->execute([$id]);
+
+    //Add deletion to changelog
+    changelog($dbname,'version_access_rules',$id,'Delete','Delete',$username);
+} else {
+    http_response_code(403);
+    echo json_encode(['error' => 'Operation not allowed']);
+}
+
+?>