diff --git a/api/v1/get/products_software.php b/api/v1/get/products_software.php new file mode 100644 index 0000000..bce6ba1 --- /dev/null +++ b/api/v1/get/products_software.php @@ -0,0 +1,140 @@ +soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} + +//default whereclause +$whereclause = ''; + +switch ($permission) { + case '4': + $whereclause = ''; + break; + case '3': + $whereclause = ''; + break; + default: + $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; + $whereclause = 'WHERE accounthierarchy like "'.$condition.'"'; + break; +} + +//NEW ARRAY +$criterias = []; +$clause = ''; + +//Check for $_GET variables and build up clause +if(isset($get_content) && $get_content!=''){ + //GET VARIABLES FROM URL + $requests = explode("&", $get_content); + //Check for keys and values + foreach ($requests as $y){ + $v = explode("=", $y); + //INCLUDE VARIABLES IN ARRAY + $criterias[$v[0]] = $v[1]; + + if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){ + //do nothing + } + elseif ($v[0] == 'search') { + //build up search + $clause .= ' AND productcode like :'.$v[0]; + } + else {//create clause + $clause .= ' AND '.$v[0].' = :'.$v[0]; + } + } + if ($whereclause == '' && $clause !=''){ + $whereclause = 'WHERE '.substr($clause, 4); + } else { + $whereclause .= $clause; + } +} + +//ENSURE PRODUCTROWID IS SEND +if (isset($criterias['productrowid']) && $criterias['productrowid'] != ''){ + + //CHECK IF ALLOWED TO CRUD VERSIONS + $sql = "SELECT * FROM products WHERE rowID = ? '.$whereclause.'"; + $stmt = $pdo->prepare($sql); + $stmt->execute([$criterias['productrowid']]); + $product_data = $stmt->fetch(); + $product_owner = ($product_data['rowID'])? 1 : 0; + + //IF PRODUCT IS OWNED THEN CRUD is ALLOWED + if ($product_owner === 1 ){ + + //Define Query + if(isset($criterias['totals']) && $criterias['totals'] ==''){ + //Request for total rows + $sql = 'SELECT count(*) as count FROM products_software '.$whereclause.''; + } + elseif (isset($criterias['list']) && $criterias['list'] =='') { + //SQL for Paging + $sql = 'SELECT * FROM products_software '.$whereclause.''; + } + else { + //SQL for Paging + $sql = 'SELECT * FROM products_software '.$whereclause.''; + } + + $stmt = $pdo->prepare($sql); + + //Bind to query + if (str_contains($whereclause, ':condition')){ + $stmt->bindValue('condition', $condition, PDO::PARAM_STR); + } + + if (!empty($criterias)){ + foreach ($criterias as $key => $value){ + $key_condition = ':'.$key; + if (str_contains($whereclause, $key_condition)){ + if ($key == 'search'){ + $search_value = '%'.$value.'%'; + $stmt->bindValue($key, $search_value, PDO::PARAM_STR); + } + else { + $stmt->bindValue($key, $value, PDO::PARAM_STR); + } + } + } + } + + //Add paging details + if(isset($criterias['totals']) && $criterias['totals']==''){ + $stmt->execute(); + $messages = $stmt->fetch(); + $messages = $messages[0]; + } + elseif(isset($criterias['list']) && $criterias['list']==''){ + //Excute Query + $stmt->execute(); + //Get results + $messages = $stmt->fetchAll(PDO::FETCH_ASSOC); + } + else { + //$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1; + //$stmt->bindValue('page', ($current_page - 1) * $page_rows_products, PDO::PARAM_INT); + //$stmt->bindValue('num_products', $page_rows_products, PDO::PARAM_INT); + + //Excute Query + $stmt->execute(); + //Get results + $messages = $stmt->fetchAll(PDO::FETCH_ASSOC); + } + //Encrypt results + $messages = generate_payload($messages); + + //Send results + echo $messages; + } +} +?> \ No newline at end of file diff --git a/api/v1/post/products_software.php b/api/v1/post/products_software.php new file mode 100644 index 0000000..d5d1e1f --- /dev/null +++ b/api/v1/post/products_software.php @@ -0,0 +1,105 @@ +soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} + +//default whereclause +$whereclause = ''; + +switch ($permission) { + case '4': + $whereclause = ''; + break; + case '3': + $whereclause = ''; + break; + default: + $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; + $whereclause = ' AND accounthierarchy like "'.$condition.'"'; + break; +} + +//ENSURE PRODUCTROWID IS SEND +if (isset($post_content['productrowid']) && $post_content['productrowid'] != ''){ + + //CHECK IF ALLOWED TO CRUD VERSIONS + $sql = 'SELECT * FROM products WHERE rowID = ? '.$whereclause.''; + $stmt = $pdo->prepare($sql); + $stmt->execute([$post_content['productrowid']]); + $product_data = $stmt->fetch(); + $product_owner = ($product_data['rowID'])? 1 : 0; + + //IF PRODUCT IS OWNED THEN CRUD is ALLOWED + if ($product_owner === 1 ){ + //SET PARAMETERS FOR QUERY + $id = $post_content['rowID'] ?? ''; //check for rowID + $command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT + if (isset($post_content['delete'])){$command = 'delete';} //change command to delete + $date = date('Y-m-d H:i:s'); + + //CREATE EMPTY STRINGS + $clause = ''; + $clause_insert =''; + $input_insert = ''; + + if ($command == 'insert'){ + $post_content['created'] = $date; + $post_content['createdby'] = $username; + } + + //CREAT NEW ARRAY AND MAP TO CLAUSE + if(isset($post_content) && $post_content!=''){ + foreach ($post_content as $key => $var){ + if ($key == 'submit' || $key == 'rowID'){ + //do nothing + } + else { + $criterias[$key] = $var; + $clause .= ' , '.$key.' = ?'; + $clause_insert .= ' , '.$key.''; + $input_insert .= ', ?'; // ? for each insert item + $execute_input[]= $var; // Build array for input + } + } + } + + //CLEAN UP INPUT + $clause = substr($clause, 2); //Clean clause - remove first comma + $clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma + $input_insert = substr($input_insert, 1); //Clean clause - remove first comma + + //QUERY AND VERIFY ALLOWED + if ($command == 'update' && isAllowed('products_software',$profile,$permission,'U') === 1){ + $sql = 'UPDATE products_software SET '.$clause.' WHERE rowID = ? '.$whereclause.''; + $execute_input[] = $id; + $stmt = $pdo->prepare($sql); + $stmt->execute($execute_input); + } + elseif ($command == 'insert' && isAllowed('products_software',$profile,$permission,'C') === 1){ + $sql = 'INSERT INTO products_software ('.$clause_insert.') VALUES ('.$input_insert.')'; + $stmt = $pdo->prepare($sql); + $stmt->execute($execute_input); + } + elseif ($command == 'delete' && isAllowed('products_software',$profile,$permission,'D') === 1){ + $stmt = $pdo->prepare('DELETE FROM products_software WHERE rowID = ? '.$whereclause.''); + $stmt->execute([ $id ]); + + //Add deletion to changelog + changelog($dbname,'products_software',$id,'Delete','Delete',$username); + } else + { + //do nothing + } + } +} +?> \ No newline at end of file diff --git a/api/v2/get/products_software.php b/api/v2/get/products_software.php index 50bc5b0..391c389 100644 --- a/api/v2/get/products_software.php +++ b/api/v2/get/products_software.php @@ -28,7 +28,7 @@ if (isset($criterias['productcode']) && $criterias['productcode'] != '' && isset $pdo = dbConnect($dbname); //SQL for Paging - $sql = 'SELECT * FROM products_versions pv JOIN products p ON pv.productrowid = p.rowID WHERE p.productcode = ? AND pv.version = ? AND pv.status = "1"'; + $sql = 'SELECT * FROM products_software pv JOIN products p ON pv.productrowid = p.rowID WHERE p.productcode = ? AND pv.version = ? AND pv.status = "1"'; $stmt = $pdo->prepare($sql); //Excute Query $stmt->execute([$criterias['productcode'],$criterias['version']]); diff --git a/api/v2/post/products_software.php b/api/v2/post/products_software.php new file mode 100644 index 0000000..3617012 --- /dev/null +++ b/api/v2/post/products_software.php @@ -0,0 +1,105 @@ +soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} + +//default whereclause +$whereclause = ''; + +switch ($permission) { + case '4': + $whereclause = ''; + break; + case '3': + $whereclause = ''; + break; + default: + $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; + $whereclause = ' AND accounthierarchy like "'.$condition.'"'; + break; +} + +//ENSURE PRODUCTROWID IS SEND +if (isset($post_content['productrowid']) && $post_content['productrowid'] != ''){ + + //CHECK IF ALLOWED TO CRUD VERSIONS + $sql = "SELECT * FROM products WHERE rowID = ? '.$whereclause.'"; + $stmt = $pdo->prepare($sql); + $stmt->execute([$post_content['productrowid']]); + $product_data = $stmt->fetch(); + $product_owner = ($product_data['rowID'])? 1 : 0; + + //IF PRODUCT IS OWNED THEN CRUD is ALLOWED + if ($product_owner === 1 ){ + //SET PARAMETERS FOR QUERY + $id = $post_content['rowID'] ?? ''; //check for rowID + $command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT + if (isset($post_content['delete'])){$command = 'delete';} //change command to delete + $date = date('Y-m-d H:i:s'); + + //CREATE EMPTY STRINGS + $clause = ''; + $clause_insert =''; + $input_insert = ''; + + if ($command == 'insert'){ + $post_content['created'] = $date; + $post_content['createdby'] = $username; + } + + //CREAT NEW ARRAY AND MAP TO CLAUSE + if(isset($post_content) && $post_content!=''){ + foreach ($post_content as $key => $var){ + if ($key == 'submit' || $key == 'rowID'){ + //do nothing + } + else { + $criterias[$key] = $var; + $clause .= ' , '.$key.' = ?'; + $clause_insert .= ' , '.$key.''; + $input_insert .= ', ?'; // ? for each insert item + $execute_input[]= $var; // Build array for input + } + } + } + + //CLEAN UP INPUT + $clause = substr($clause, 2); //Clean clause - remove first comma + $clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma + $input_insert = substr($input_insert, 1); //Clean clause - remove first comma + + //QUERY AND VERIFY ALLOWED + if ($command == 'update' && isAllowed('products_software',$profile,$permission,'U') === 1){ + $sql = 'UPDATE products_software SET '.$clause.' WHERE rowID = ? '.$whereclause.''; + $execute_input[] = $id; + $stmt = $pdo->prepare($sql); + $stmt->execute($execute_input); + } + elseif ($command == 'insert' && isAllowed('products_software',$profile,$permission,'C') === 1){ + $sql = 'INSERT INTO products_software ('.$clause_insert.') VALUES ('.$input_insert.')'; + $stmt = $pdo->prepare($sql); + $stmt->execute($execute_input); + } + elseif ($command == 'delete' && isAllowed('products_software',$profile,$permission,'D') === 1){ + $stmt = $pdo->prepare('DELETE FROM products_software WHERE rowID = ? '.$whereclause.''); + $stmt->execute([ $id ]); + + //Add deletion to changelog + changelog($dbname,'products_',$id,'Delete','Delete',$username); + } else + { + //do nothing + } + } +} +?> \ No newline at end of file diff --git a/product.php b/product.php index 97573e7..af5770b 100644 --- a/product.php +++ b/product.php @@ -48,6 +48,13 @@ $product_versions = ioServer($api_url,''); //Decode Payload if (!empty($product_versions)){$product_versions = decode_payload($product_versions);}else{$product_versions = null;} +//CALL TO API FOR Product_versions +$api_url = '/v1/products_software/productrowid='.$_GET['rowID']; +$product_software = ioServer($api_url,''); +//Decode Payload +if (!empty($product_software)){$product_software = decode_payload($product_software);}else{$product_software = null;} + + //------------------------------ //Variables //------------------------------ @@ -166,13 +173,51 @@ $view .= '
'.$product_version_number.' '.$product_status.' '.$product_version_version.' - '.$product_version_software .' '.$general_actions.' '; foreach ($product_versions as $version){ + $view .= ' + '.$version->rowID.' + '.(($version->status == 1)? ''.$prod_status_1:''.$prod_status_0).' + '.$version->version.' + '.$general_view.' + '; + } + $view .= ' + + +
+ '; + } + +$view .= ' + +'; + +$view .= '
+
+ '.($product_software ?? '').' + + +
'; + if (!empty($product_software)){ + $view .= ' +
+ + + + + + + + + + + '; + foreach ($product_software as $version){ + $view .= ' diff --git a/products_software.php b/products_software.php new file mode 100644 index 0000000..23817f2 --- /dev/null +++ b/products_software.php @@ -0,0 +1,220 @@ + '', + 'productrowid' => '', + 'status' => '', + 'version' => '', + 'software' => '', + 'created' => '', + 'createdby' => $_SESSION['username'], + 'measurement' => '', +]; + +//productrowid is required by api +$productrowid = $_GET['productrowid'] ?? ''; + +if (isset($_GET['rowID'])) { + // ID param exists, edit an existing product + //CALL TO API + $api_url = '/v1/products_software/rowID='.$_GET['rowID'].'&productrowid='.$productrowid; + $responses = ioServer($api_url,''); + + //Decode Payload + if (!empty($responses)){$responses = decode_payload($responses);}else{$responses = null;} + + $products_versions = json_decode(json_encode($responses[0]), true); + + + if ($update_allowed === 1){ + if (isset($_POST['submit'])) { + + //CHECK FOR FIRMWARE FILE + $firmware_file = $_FILES["fileToUpload"]["name"] ?? ''; + + if($firmware_file !='' || !empty($firmware_file)){ + + $extension = strtolower(pathinfo($firmware_file, PATHINFO_EXTENSION)); + $target_dir = dirname(__FILE__)."/firmware/"; + + if ($extension == 'hex'){ + //READ FILE + $contents = file_get_contents($_FILES["fileToUpload"]["tmp_name"]); + //firmwarename + $firmware_name = pathinfo($_FILES["fileToUpload"]["name"], PATHINFO_FILENAME); + //Filename + $input_file = $target_dir . $firmware_name.'.HEX'; + //store firmware file + file_put_contents($input_file, $contents); + + } else { + $target_file = $target_dir . $firmware_file; + move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file); + $firmware_name = $firmware_file; + } + + //Use firmwarefile name as software version + $_POST['software'] = $firmware_name; + } + + //GET ALL POST DATA + $data = json_encode($_POST, JSON_UNESCAPED_UNICODE); + //Secure data + $payload = generate_payload($data); + //API call + $responses = ioServer('/v1/products_software', $payload); + if ($responses === 'NOK'){ + + } else { + header('Location: index.php?page=product&rowID='.$productrowid.'&success_msg=2'); + exit; + + } + } + } + + if ($delete_allowed === 1){ + if (isset($_POST['delete'])) { + //GET ALL POST DATA + $data = json_encode($_POST, JSON_UNESCAPED_UNICODE); + //Secure data + $payload = generate_payload($data); + //API call + $responses = ioServer('/v1/products_software', $payload); + if ($responses === 'NOK'){ + + } else { + // Redirect and delete product + header('Location: index.php?page=product&rowID='.$productrowid.'&success_msg=3'); + exit; + } + } + } + +} else { + // Create a new product + if (isset($_POST['submit']) && $create_allowed === 1) { + + //CHECK FOR FIRMWARE FILE + $firmware_file = $_FILES["fileToUpload"]["name"] ?? ''; + + if($firmware_file !='' || !empty($firmware_file)){ + + $extension = strtolower(pathinfo($firmware_file, PATHINFO_EXTENSION)); + $target_dir = dirname(__FILE__)."/firmware/"; + + if ($extension == 'hex'){ + //READ FILE + $contents = file_get_contents($_FILES["fileToUpload"]["tmp_name"]); + //firmwarename + $firmware_name = pathinfo($_FILES["fileToUpload"]["name"], PATHINFO_FILENAME); + //Filename + $input_file = $target_dir . $firmware_name.'.HEX'; + //store firmware file + file_put_contents($input_file, $contents); + + $firmware_name = $firmware_name.'.HEX'; + + } else { + $target_file = $target_dir . $firmware_file; + move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file); + $firmware_name = $firmware_file; + } + + //Use firmwarefile name as software version + $_POST['software'] = $firmware_name; + } + + //GET ALL POST DATA + $data = json_encode($_POST , JSON_UNESCAPED_UNICODE); + //Secure data + $payload = generate_payload($data); + //API call + $responses = ioServer('/v1/products_software', $payload); + if ($responses === 'NOK'){ + + } + else { + header('Location: index.php?page=product&rowID='.$productrowid.'&success_msg=1'); + exit; + } + } +} + +template_header('Products software', 'products_software', 'manage'); + +$view =' + +
+

'.$product_version_software.'

+ '.$button_cancel.' +'; + +if ($delete_allowed === 1){ + $view .= ''; +} +if ($update_allowed === 1){ + $view .= ''; +} + +$view .= '
'; + +$view .= '
+ '.$tab1.' + '.$tab3.' +
+ '; + +$view .= '
+
+ + + + + + + + + + + + + + + +
+
'; + +$view .= '
+
+ + + + +
+
'; +$view .= ''; + +//Output +echo $view; +template_footer() +?> \ No newline at end of file diff --git a/products_versions.php b/products_versions.php index daa2842..e0493eb 100644 --- a/products_versions.php +++ b/products_versions.php @@ -187,14 +187,7 @@ $view .= '
- - - - - - - - + '; if (isset($_GET['rowID']) && $_GET['rowID'] !='' && !empty($products_versions['measurement'])){ diff --git a/settings/translations/translations_DE.php b/settings/translations/translations_DE.php index 8550656..3030336 100644 --- a/settings/translations/translations_DE.php +++ b/settings/translations/translations_DE.php @@ -76,6 +76,9 @@ $general_actions_more = 'Mehr anzeigen'; $general_profile = 'Profil'; $general_logout = 'Abmelden'; +$general_yes = 'Ja'; +$general_no = 'Nein'; + $button_apply = 'Anwenden'; $button_cancel = 'Abbrechen'; $button_back = 'Zurück'; diff --git a/settings/translations/translations_ES.php b/settings/translations/translations_ES.php index 5d8a155..6da8fc7 100644 --- a/settings/translations/translations_ES.php +++ b/settings/translations/translations_ES.php @@ -76,6 +76,9 @@ $general_actions_more = 'Mostrar más'; $general_profile = 'Perfil'; $general_logout = 'Cerrar sesión'; +$general_yes = 'Sí'; +$general_no = 'No'; + $button_apply = 'Aplicar'; $button_cancel = 'Cancelar'; $button_back = 'Regresar'; diff --git a/settings/translations/translations_NL.php b/settings/translations/translations_NL.php index 6eb85ed..f15b143 100644 --- a/settings/translations/translations_NL.php +++ b/settings/translations/translations_NL.php @@ -77,6 +77,9 @@ $general_actions_more = 'Meer resultaten'; $general_profile = 'Profiel'; $general_logout = 'Uitloggen'; +$general_yes = 'Ja'; +$general_no = 'Nee'; + $button_apply = 'Toepassen'; $button_cancel = 'Terug'; $button_back = 'Terug'; diff --git a/settings/translations/translations_PT.php b/settings/translations/translations_PT.php index f6df9cb..00200da 100644 --- a/settings/translations/translations_PT.php +++ b/settings/translations/translations_PT.php @@ -76,6 +76,9 @@ $general_actions_more = 'Mostrar mais'; $general_profile = 'Perfil'; $general_logout = 'Sair'; +$general_yes = 'Não'; +$general_no = 'Ruim'; + $button_apply = 'Aplicar'; $button_cancel = 'Cancelar'; $button_back = 'Voltar'; diff --git a/settings/translations/translations_US.php b/settings/translations/translations_US.php index 7071880..aba7622 100644 --- a/settings/translations/translations_US.php +++ b/settings/translations/translations_US.php @@ -76,6 +76,9 @@ $general_actions_more = 'Show more'; $general_profile = 'Profile'; $general_logout = 'Logout'; +$general_yes = 'Yes'; +$general_no = 'No'; + $button_apply = 'Apply'; $button_cancel = 'Cancel'; $button_back = 'Back';
#'.$product_status.''.$product_version_version.''.$product_version_software .''.$general_actions.'
'.$version->rowID.' '.(($version->status == 1)? ''.$prod_status_1:''.$prod_status_0).'