diff --git a/api/v0/get/application.php b/api/v0/get/application.php index b68deef..3334335 100644 --- a/api/v0/get/application.php +++ b/api/v0/get/application.php @@ -56,7 +56,7 @@ case 'validateSerial': //BUILD SQL $whereclause = "WHERE description like '%$filter1%'"; - $sql = "SELECT rowID from history $whereclause"; + $sql = "SELECT rowID FROM equipment_history $whereclause"; $stmt = $pdo->prepare($sql); $stmt->execute(); //Get results @@ -115,11 +115,11 @@ $sn_found = 0; switch ($_GET['type']) { case 'latest': if ($sn_found == 1){ - $whereclause .= ' AND h.rowID in (Select MAX(h.rowID) AS row_ID FROM history h GROUP BY h.equipmentid)'; + $whereclause .= ' AND h.rowID in (Select MAX(h.rowID) AS row_ID FROM equipment_history h GROUP BY h.equipmentid)'; } else { - $whereclause = "WHERE h.rowID in (Select MAX(h.rowID) AS row_ID FROM history h WHERE h.description like '%historycreated%' GROUP BY h.equipmentid)"; + $whereclause = "WHERE h.rowID in (Select MAX(h.rowID) AS row_ID FROM equipment_history h WHERE h.description like '%historycreated%' GROUP BY h.equipmentid)"; } break; @@ -152,7 +152,7 @@ $sn_found = 0; // +++++++++++++++++++++++++++++++++++++++++++++++++++++++ $pdo = dbConnect($dbname); -$sql = "SELECT h.rowID, h.description from history h $whereclause"; +$sql = "SELECT h.rowID, h.description FROM equipment_history h $whereclause"; $stmt = $pdo->prepare($sql); $stmt->execute(); //Get results @@ -338,7 +338,7 @@ case 'getCartest': //CONNECT TO DB $pdo = dbConnect($dbname); - $sql = "SELECT * from history where type='cartest' group by SUBSTRING_INDEX(SUBSTRING_INDEX(description, '$filter1', -1),'$filter2',1), SUBSTRING_INDEX(SUBSTRING_INDEX(description, '$filter2', -1),'$filter3',1) ORDER BY description ASC"; + $sql = "SELECT * FROM equipment_history where type='cartest' group by SUBSTRING_INDEX(SUBSTRING_INDEX(description, '$filter1', -1),'$filter2',1), SUBSTRING_INDEX(SUBSTRING_INDEX(description, '$filter2', -1),'$filter3',1) ORDER BY description ASC"; $stmt = $pdo->prepare($sql); $stmt->execute(); //Get results diff --git a/api/v0/post/application.php b/api/v0/post/application.php index 45207bc..5e8c299 100644 --- a/api/v0/post/application.php +++ b/api/v0/post/application.php @@ -194,10 +194,10 @@ if (!empty($post_content['sn']) && !empty($post_content['testdetails'])) { } // +++++++++++++++++++++++++++++++++++++++++++++++++++++++ - // Insert or update history item ++++++++++++++++++++++++ + // Insert or UPDATE equipment_history item ++++++++++++++++++++++++ // +++++++++++++++++++++++++++++++++++++++++++++++++++++++ if ($updateObject_visual == 1){ - $sql = "UPDATE history SET description = '$testdetails' WHERE rowID = ?"; + $sql = "UPDATE equipment_history SET description = '$testdetails' WHERE rowID = ?"; $stmt = $pdo->prepare($sql); $stmt->execute([$visualinspectionID]); $last_id = $visualinspectionID; @@ -263,7 +263,7 @@ if (!empty($post_content['sn']) && !empty($post_content['testdetails'])) { changelog($dbname,'equipment',$rowID,'status',$update_status,$user); } // +++++++++++++++++++++++++++++++++++++++++++++++++++++++ - //Update history type ++++++++++++++++++++++++++ + //UPDATE equipment_history type ++++++++++++++++++++++++++ // +++++++++++++++++++++++++++++++++++++++++++++++++++++++ if ($historyUpdate_type == 1){ //Check if servicereport comes from ServiceTool else inhouse @@ -275,8 +275,8 @@ if (!empty($post_content['sn']) && !empty($post_content['testdetails'])) { $visualID = $post_content['testdetails']['visualinspection']; } - //Update history record - $sql = "UPDATE history SET type = ? where rowID= ? or rowID= ?"; + //UPDATE equipment_history record + $sql = "UPDATE equipment_history SET type = ? where rowID= ? or rowID= ?"; $stmt = $pdo->prepare($sql); $stmt->execute([$type15,$visualID,$maintenanceID]); } @@ -305,7 +305,7 @@ if (!empty($post_content['sn']) && !empty($post_content['testdetails'])) { } // +++++++++++++++++++++++++++++++++++++++++++++++++++++++ - // Update history of service tool ++++++++++++++++++++++++++ + // UPDATE equipment_history of service tool ++++++++++++++++++++++++++ // +++++++++++++++++++++++++++++++++++++++++++++++++++++++ if ($servicetoolHistoryUpdate == 1 && !empty($sn_service)){ @@ -336,7 +336,7 @@ if (!empty($post_content['sn']) && !empty($post_content['testdetails'])) { // +++++++++++++++++++++++++++++++++++++++++++++++++++++++ if ($sendServiceReport == 1){ //GET STORED SERVICE REPORT - $sql = 'SELECT h.rowID as historyID, h.type, h.description, h.created, h.createdby FROM history h WHERE rowID = ?'; + $sql = 'SELECT h.rowID as historyID, h.type, h.description, h.created, h.createdby FROM equipment_history h WHERE rowID = ?'; $pdo = dbConnect($dbname); $stmt = $pdo->prepare($sql); $stmt->execute([$last_id]); diff --git a/api/v1/authorization.php b/api/v1/authorization.php index 7fddb8e..860114b 100644 --- a/api/v1/authorization.php +++ b/api/v1/authorization.php @@ -114,16 +114,34 @@ if ($stmt->rowCount() == 1) { } } elseif (array_key_exists('resetkey', $user_credentials)) { if ($user_credentials['resetkey'] != ''){ - //UPDATE PASSWORD BASED ON RESETKEY - $password = $user_credentials['password']; - $passwordvalid = password_hash($password, PASSWORD_DEFAULT); - $stmt = $pdo->prepare('UPDATE users SET password = ? WHERE resetkey = ? '); - $stmt->execute([$passwordvalid, $user_credentials['resetkey']]); - // - } else { + //check if resetkey is still valid + $is_resetkey_valid = is_jwt_valid($user_credentials['resetkey']); + + if($is_resetkey_valid) { + $password = $user_credentials['password']; + + if (strlen(trim($password)) < 6){ + //Return bad request + http_response_code(400); + } + else { + //UPDATE PASSWORD BASED ON RESETKEY + $passwordvalid = password_hash($password, PASSWORD_DEFAULT); + $stmt = $pdo->prepare('UPDATE users SET password = ? WHERE resetkey = ? '); + $stmt->execute([$passwordvalid, $user_credentials['resetkey']]); + } + + } else { + http_response_code(403);//Not authorized + } + + // + } else + { http_response_code(403);//Not authorized } + } else { diff --git a/api/v1/get/application.php b/api/v1/get/application.php index b250af3..cf0ca01 100644 --- a/api/v1/get/application.php +++ b/api/v1/get/application.php @@ -205,23 +205,23 @@ switch ($action) { break; case 'report_usage_servicereports': - $sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM history h LEFT JOIN equipment e ON h.equipmentid = e.rowID where h.type = "ServiceReport" AND NOT e.productrowid = "31" GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)'; + $sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM equipment_history h LEFT JOIN equipment e ON h.equipmentid = e.rowID where h.type = "ServiceReport" AND NOT e.productrowid = "31" GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)'; break; case 'contract_usage_servicereports': - $sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.' GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)'; + $sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM equipment_history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.' GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)'; break; case 'report_usage_firmware': - $sql = 'SELECT YEAR(h.created) AS year,QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM history h LEFT JOIN equipment e ON h.equipmentid=e.rowID where h.type="Firmware" AND NOT e.productrowid="31" GROUP BY YEAR(h.created),QUARTER(h.created), MONTH(h.created)'; + $sql = 'SELECT YEAR(h.created) AS year,QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM equipment_history h LEFT JOIN equipment e ON h.equipmentid=e.rowID where h.type="Firmware" AND NOT e.productrowid="31" GROUP BY YEAR(h.created),QUARTER(h.created), MONTH(h.created)'; break; case 'report_usage_warranty': - $sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM history h LEFT JOIN equipment e ON h.equipmentid = e.rowID where h.type = "Warranty" AND NOT e.productrowid = "31" GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)'; + $sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM equipment_history h LEFT JOIN equipment e ON h.equipmentid = e.rowID where h.type = "Warranty" AND NOT e.productrowid = "31" GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)'; break; case 'report_usage_other': - $sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM history h LEFT JOIN equipment e ON h.equipmentid = e.rowID where NOT h.type = "Warranty" OR NOT h.type = "Firmware" OR NOT h.type = "ServiceReport" GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)'; + $sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM equipment_history h LEFT JOIN equipment e ON h.equipmentid = e.rowID where NOT h.type = "Warranty" OR NOT h.type = "Firmware" OR NOT h.type = "ServiceReport" GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)'; break; case 'report_usage_equipment': diff --git a/api/v1/get/equipments.php b/api/v1/get/equipments.php index e6c1814..61b7e18 100644 --- a/api/v1/get/equipments.php +++ b/api/v1/get/equipments.php @@ -190,7 +190,7 @@ elseif (isset($criterias['products']) && $criterias['products'] ==''){ } elseif (isset($criterias['totals']) && $criterias['totals'] =='' && isset($criterias['type'])){ //Request for total rows for history reports - $sql ='SELECT count(*) as count from history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.''; + $sql ='SELECT count(*) as count FROM equipment_history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.''; } elseif (isset($criterias['history']) && $criterias['history'] != ''){ @@ -212,7 +212,7 @@ elseif (isset($criterias['history']) && $criterias['history'] != ''){ break; } //request history - $sql ='SELECT h.rowID as historyID, e.rowID as equipmentID, h.equipmentid as h_equipmentid, e.serialnumber, h.type, h.description, h.created, h.createdby from history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.$sort; + $sql ='SELECT h.rowID as historyID, e.rowID as equipmentID, h.equipmentid as h_equipmentid, e.serialnumber, h.type, h.description, h.created, h.createdby FROM equipment_history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.$sort; } else { // GET SORT INDICATOR diff --git a/api/v1/get/history.php b/api/v1/get/history.php index 726e4a2..b0c3239 100644 --- a/api/v1/get/history.php +++ b/api/v1/get/history.php @@ -82,11 +82,11 @@ if(isset($get_content) && $get_content!=''){ if(isset($criterias['totals']) && $criterias['totals'] ==''){ //Request for total rows - $sql ='SELECT count(h.rowID) as historyID from history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.''; + $sql ='SELECT count(h.rowID) as historyID FROM equipment_history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.''; } else { //request history - $sql ='SELECT h.rowID as historyID, e.rowID as equipmentID, e.serialnumber, h.type, h.description, h.created, h.createdby from history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.' ORDER BY h.created DESC LIMIT :page,:num_products'; + $sql ='SELECT h.rowID as historyID, e.rowID as equipmentID, e.serialnumber, h.type, h.description, h.created, h.createdby FROM equipment_history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.' ORDER BY h.created DESC LIMIT :page,:num_products'; } $stmt = $pdo->prepare($sql); diff --git a/api/v1/post/equipments.php b/api/v1/post/equipments.php index b985e06..14c9630 100644 --- a/api/v1/post/equipments.php +++ b/api/v1/post/equipments.php @@ -236,7 +236,7 @@ elseif ($command == 'delete' && (isAllowed('equipment_manage',$profile,$permissi $stmt = $pdo->prepare('DELETE FROM equipment WHERE rowID = ? '.$whereclause.''); $stmt->execute([ $id ]); //delete history related to equipment - $stmt = $pdo->prepare('DELETE FROM history WHERE equipmentid = ?'); + $stmt = $pdo->prepare('DELETE FROM equipment_history WHERE equipmentid = ?'); $stmt->execute([ $id ]); //Add deletion to changelog changelog($dbname,'equipment',$id,'Delete','Delete',$username); diff --git a/api/v1/post/history.php b/api/v1/post/history.php index 17db06d..5040d82 100644 --- a/api/v1/post/history.php +++ b/api/v1/post/history.php @@ -67,7 +67,7 @@ $input_insert = substr($input_insert, 1); //Clean clause - remove first comma //QUERY AND VERIFY ALLOWED if ($command == 'update' && !isset($post_content['delete']) && isAllowed('history',$profile,$permission,'U') === 1){ - $sql = 'UPDATE history SET '.$clause.' WHERE rowID = ?'; + $sql = 'UPDATE equipment_history SET '.$clause.' WHERE rowID = ?'; $execute_input[] = $id; $stmt = $pdo->prepare($sql); $stmt->execute($execute_input); @@ -78,7 +78,7 @@ elseif ($command == 'insert' && !isset($post_content['delete']) && isAllowed('hi $stmt->execute($execute_input); } elseif ($command == 'delete' && isAllowed('history',$profile,$permission,'D') === 1){ - $stmt = $pdo->prepare('DELETE FROM history WHERE rowID = ?'); + $stmt = $pdo->prepare('DELETE FROM equipment_history WHERE rowID = ?'); $stmt->execute([ $id ]); //Add deletion to changelog diff --git a/api/v1/post/users.php b/api/v1/post/users.php index f779406..ba828c3 100644 --- a/api/v1/post/users.php +++ b/api/v1/post/users.php @@ -197,7 +197,7 @@ if ($command == 'update' && (isAllowed('user',$profile,$permission,'U') === 1 || $sql2= 'UPDATE communication SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; $sql3= 'UPDATE contracts SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; $sql4= 'UPDATE feedback SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; - $sql5= 'UPDATE history SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; + $sql5= 'UPDATE equipment_history SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; $sql6= 'UPDATE opportunities SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; $sql7= 'UPDATE orders SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; $sql8= 'UPDATE products SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; diff --git a/api/v2/authorization.php b/api/v2/authorization.php index 8a0f174..d9855cc 100644 --- a/api/v2/authorization.php +++ b/api/v2/authorization.php @@ -31,7 +31,7 @@ if ($stmt->rowCount() == 1) { //Reset procedure //STEP 1.A- Create resetkey $headers = array('alg'=>'HS256','typ'=>'JWT'); - $payload = array('username'=>$user_data['username'], 'exp'=>(time() + 1800)); + $payload = array('username'=>$user_data['username'], 'exp'=>(time() + 600)); $resetkey = generate_jwt($headers, $payload); //STEP 1.B Store in DB $sql = 'UPDATE users SET resetkey = ? WHERE id = ?'; @@ -108,12 +108,29 @@ if ($stmt->rowCount() == 1) { echo $messages; } } elseif (array_key_exists('resetkey', $user_credentials)) { + if ($user_credentials['resetkey'] != ''){ - //UPDATE PASSWORD BASED ON RESETKEY - $password = $user_credentials['password']; - $passwordvalid = password_hash($password, PASSWORD_DEFAULT); - $stmt = $pdo->prepare('UPDATE users SET password = ? WHERE resetkey = ? '); - $stmt->execute([$passwordvalid, $user_credentials['resetkey']]); + + //check if resetkey is still valid + $is_resetkey_valid = is_jwt_valid($user_credentials['resetkey']); + + if($is_resetkey_valid) { + $password = $user_credentials['password']; + + if (strlen(trim($password)) < 6){ + //Return bad request + http_response_code(400); + } + else { + //UPDATE PASSWORD BASED ON RESETKEY + $passwordvalid = password_hash($password, PASSWORD_DEFAULT); + $stmt = $pdo->prepare('UPDATE users SET password = ? WHERE resetkey = ? '); + $stmt->execute([$passwordvalid, $user_credentials['resetkey']]); + } + + } else { + http_response_code(403);//Not authorized + } // } else { diff --git a/api/v2/get/application.php b/api/v2/get/application.php index 3e35d1a..669cca2 100644 --- a/api/v2/get/application.php +++ b/api/v2/get/application.php @@ -205,23 +205,23 @@ switch ($action) { break; case 'report_usage_servicereports': - $sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM history h LEFT JOIN equipment e ON h.equipmentid = e.rowID where h.type = "ServiceReport" AND NOT e.productrowid = "31" GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)'; + $sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM equipment_history h LEFT JOIN equipment e ON h.equipmentid = e.rowID where h.type = "ServiceReport" AND NOT e.productrowid = "31" GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)'; break; case 'contract_usage_servicereports': - $sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.' GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)'; + $sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM equipment_history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.' GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)'; break; case 'report_usage_firmware': - $sql = 'SELECT YEAR(h.created) AS year,QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM history h LEFT JOIN equipment e ON h.equipmentid=e.rowID where h.type="Firmware" AND NOT e.productrowid="31" GROUP BY YEAR(h.created),QUARTER(h.created), MONTH(h.created)'; + $sql = 'SELECT YEAR(h.created) AS year,QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM equipment_history h LEFT JOIN equipment e ON h.equipmentid=e.rowID where h.type="Firmware" AND NOT e.productrowid="31" GROUP BY YEAR(h.created),QUARTER(h.created), MONTH(h.created)'; break; case 'report_usage_warranty': - $sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM history h LEFT JOIN equipment e ON h.equipmentid = e.rowID where h.type = "Warranty" AND NOT e.productrowid = "31" GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)'; + $sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM equipment_history h LEFT JOIN equipment e ON h.equipmentid = e.rowID where h.type = "Warranty" AND NOT e.productrowid = "31" GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)'; break; case 'report_usage_other': - $sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM history h LEFT JOIN equipment e ON h.equipmentid = e.rowID where NOT h.type = "Warranty" OR NOT h.type = "Firmware" OR NOT h.type = "ServiceReport" GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)'; + $sql = 'SELECT YEAR(h.created) AS year, QUARTER(h.created) AS quarter, MONTH(h.created) as month, count(h.rowID) AS count FROM equipment_history h LEFT JOIN equipment e ON h.equipmentid = e.rowID where NOT h.type = "Warranty" OR NOT h.type = "Firmware" OR NOT h.type = "ServiceReport" GROUP BY YEAR(h.created), QUARTER(h.created), MONTH(h.created)'; break; case 'report_usage_equipment': diff --git a/api/v2/get/equipments.php b/api/v2/get/equipments.php index 0f677c5..5c82922 100644 --- a/api/v2/get/equipments.php +++ b/api/v2/get/equipments.php @@ -185,7 +185,7 @@ elseif (isset($criterias['products']) && $criterias['products'] ==''){ } elseif (isset($criterias['totals']) && $criterias['totals'] =='' && isset($criterias['type'])){ //Request for total rows for history reports - $sql ='SELECT count(*) as count from history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.''; + $sql ='SELECT count(*) as count FROM equipment_history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.''; } elseif (isset($criterias['history']) && $criterias['history'] != ''){ @@ -207,7 +207,7 @@ elseif (isset($criterias['history']) && $criterias['history'] != ''){ break; } //request history - $sql ='SELECT h.rowID as historyID, e.rowID as equipmentID, h.equipmentid as h_equipmentid, e.serialnumber, h.type, h.description, h.created, h.createdby from history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.$sort; + $sql ='SELECT h.rowID as historyID, e.rowID as equipmentID, h.equipmentid as h_equipmentid, e.serialnumber, h.type, h.description, h.created, h.createdby FROM equipment_history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.$sort; } else { // GET SORT INDICATOR diff --git a/api/v2/get/history.php b/api/v2/get/history.php index 301e1c1..152f939 100644 --- a/api/v2/get/history.php +++ b/api/v2/get/history.php @@ -82,11 +82,11 @@ if(isset($get_content) && $get_content!=''){ if(isset($criterias['totals']) && $criterias['totals'] ==''){ //Request for total rows - $sql ='SELECT count(h.rowID) as historyID from history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.''; + $sql ='SELECT count(h.rowID) as historyID FROM equipment_history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.''; } else { //request history - $sql ='SELECT h.rowID as historyID, e.rowID as equipmentID, e.serialnumber, h.type, h.description, h.created, h.createdby from history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.' ORDER BY h.created DESC LIMIT :page,:num_products'; + $sql ='SELECT h.rowID as historyID, e.rowID as equipmentID, e.serialnumber, h.type, h.description, h.created, h.createdby FROM equipment_history h LEFT JOIN equipment e ON h.equipmentid = e.rowID '.$whereclause.' ORDER BY h.created DESC LIMIT :page,:num_products'; } $stmt = $pdo->prepare($sql); diff --git a/api/v2/post/equipments.php b/api/v2/post/equipments.php index fee668c..2d64baa 100644 --- a/api/v2/post/equipments.php +++ b/api/v2/post/equipments.php @@ -236,7 +236,7 @@ elseif ($command == 'delete' && (isAllowed('equipment_manage',$profile,$permissi $stmt = $pdo->prepare('DELETE FROM equipment WHERE rowID = ? '.$whereclause.''); $stmt->execute([ $id ]); //delete history related to equipment - $stmt = $pdo->prepare('DELETE FROM history WHERE equipmentid = ?'); + $stmt = $pdo->prepare('DELETE FROM equipment_history WHERE equipmentid = ?'); $stmt->execute([ $id ]); //Add deletion to changelog changelog($dbname,'equipment',$id,'Delete','Delete',$username); diff --git a/api/v2/post/history.php b/api/v2/post/history.php index bccde2b..8d31f46 100644 --- a/api/v2/post/history.php +++ b/api/v2/post/history.php @@ -180,10 +180,10 @@ if (isset($post_content['sn']) && isset($post_content['payload'])){ } // +++++++++++++++++++++++++++++++++++++++++++++++++++++++ - // Insert or update history item ++++++++++++++++++++++++ + // Insert or UPDATE equipment_history item ++++++++++++++++++++++++ // +++++++++++++++++++++++++++++++++++++++++++++++++++++++ if ($updateObject_visual == 1){ - $sql = "UPDATE history SET description = '$testdetails' WHERE rowID = ?"; + $sql = "UPDATE equipment_history SET description = '$testdetails' WHERE rowID = ?"; $stmt = $pdo->prepare($sql); $stmt->execute([$visualinspectionID]); $last_id = $visualinspectionID; @@ -249,7 +249,7 @@ if (isset($post_content['sn']) && isset($post_content['payload'])){ changelog($dbname,'equipment',$rowID,'status',$update_status,$user); } // +++++++++++++++++++++++++++++++++++++++++++++++++++++++ - //Update history type ++++++++++++++++++++++++++ + //UPDATE equipment_history type ++++++++++++++++++++++++++ // +++++++++++++++++++++++++++++++++++++++++++++++++++++++ if ($historyUpdate_type == 1){ //Check if servicereport comes from ServiceTool else inhouse @@ -261,8 +261,8 @@ if (isset($post_content['sn']) && isset($post_content['payload'])){ $visualID = $post_content['payload']['visualinspection']; } - //Update history record - $sql = "UPDATE history SET type = ? where rowID= ? or rowID= ?"; + //UPDATE equipment_history record + $sql = "UPDATE equipment_history SET type = ? where rowID= ? or rowID= ?"; $stmt = $pdo->prepare($sql); $stmt->execute([$type15,$visualID,$maintenanceID]); } @@ -291,7 +291,7 @@ if (isset($post_content['sn']) && isset($post_content['payload'])){ } // +++++++++++++++++++++++++++++++++++++++++++++++++++++++ - // Update history of service tool ++++++++++++++++++++++++++ + // UPDATE equipment_history of service tool ++++++++++++++++++++++++++ // +++++++++++++++++++++++++++++++++++++++++++++++++++++++ if ($servicetoolHistoryUpdate == 1 && !empty($sn_service)){ @@ -322,7 +322,7 @@ if (isset($post_content['sn']) && isset($post_content['payload'])){ // +++++++++++++++++++++++++++++++++++++++++++++++++++++++ if ($sendServiceReport == 1){ //GET STORED SERVICE REPORT - $sql = 'SELECT h.rowID as historyID, h.type, h.description, h.created, h.createdby FROM history h WHERE rowID = ?'; + $sql = 'SELECT h.rowID as historyID, h.type, h.description, h.created, h.createdby FROM equipment_history h WHERE rowID = ?'; $stmt = $pdo->prepare($sql); $stmt->execute([$last_id]); $results = $stmt->fetchAll(PDO::FETCH_ASSOC); @@ -399,7 +399,7 @@ else { //QUERY AND VERIFY ALLOWED if ($command == 'update' && !isset($post_content['delete']) && isAllowed('history',$profile,$permission,'U') === 1){ - $sql = 'UPDATE history SET '.$clause.' WHERE rowID = ?'; + $sql = 'UPDATE equipment_history SET '.$clause.' WHERE rowID = ?'; $execute_input[] = $id; $stmt = $pdo->prepare($sql); $stmt->execute($execute_input); @@ -410,7 +410,7 @@ else { $stmt->execute($execute_input); } elseif ($command == 'delete' && isAllowed('history',$profile,$permission,'D') === 1){ - $stmt = $pdo->prepare('DELETE FROM history WHERE rowID = ?'); + $stmt = $pdo->prepare('DELETE FROM equipment_history WHERE rowID = ?'); $stmt->execute([ $id ]); //Add deletion to changelog diff --git a/api/v2/post/users.php b/api/v2/post/users.php index 94ea628..f8e63ca 100644 --- a/api/v2/post/users.php +++ b/api/v2/post/users.php @@ -197,7 +197,7 @@ if ($command == 'update' && (isAllowed('user',$profile,$permission,'U') === 1 || $sql2= 'UPDATE communication SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; $sql3= 'UPDATE contracts SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; $sql4= 'UPDATE feedback SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; - $sql5= 'UPDATE history SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; + $sql5= 'UPDATE equipment_history SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; $sql6= 'UPDATE opportunities SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; $sql7= 'UPDATE orders SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; $sql8= 'UPDATE products SET createdby = REPLACE(createdby, ? , ?) WHERE createdby LIKE ?'; diff --git a/assets/functions.php b/assets/functions.php index 4cca71d..c700483 100644 --- a/assets/functions.php +++ b/assets/functions.php @@ -973,7 +973,7 @@ function serviceEvents ($messages,$page){ //++++++++++++++++++++++++++++++++++++++++++++++ //GET from DB $pdo = dbConnect($dbname); - $sql = 'SELECT description FROM history WHERE rowID = "'.$test.'"'; + $sql = 'SELECT description FROM equipment_history WHERE rowID = "'.$test.'"'; $stmt = $pdo->query($sql); $stmt->execute(); $result = $stmt->fetch(); @@ -1052,7 +1052,7 @@ function serviceReport($history, $request, $country_code) if (isset($json_array->maintenance_test)) { //Get Maintenance Test directly from DB $pdo = dbConnect($dbname); - $stmt = $pdo->prepare('SELECT description FROM history WHERE rowID = ?'); + $stmt = $pdo->prepare('SELECT description FROM equipment_history WHERE rowID = ?'); $stmt->execute([$json_array->maintenance_test]); $maintenance_test = $stmt->fetch(); $test_fail = $maintenance_test['description']; @@ -1482,7 +1482,7 @@ function serviceReport($history, $request, $country_code) //Get visualinspection directly from DB $pdo = dbConnect($dbname); - $stmt = $pdo->prepare('SELECT description FROM history WHERE rowID = ?'); + $stmt = $pdo->prepare('SELECT description FROM equipment_history WHERE rowID = ?'); $stmt->execute([$json_array->visualinspection]); $visualinspection = $stmt->fetch(); @@ -2111,7 +2111,7 @@ function geolocationUpdate($token){ include dirname(__FILE__,2).'/settings/settings.php'; //GET ALL WARRANTY REGISTRATIONS WHERE NO GEOLOCATION SET - $sql = 'SELECT h.equipmentid, h.description FROM equipment e join history h on e.rowID = h.equipmentid where h.type = "Warranty" AND e.geolocation is Null'; + $sql = 'SELECT h.equipmentid, h.description FROM equipment e join equipment_history h on e.rowID = h.equipmentid where h.type = "Warranty" AND e.geolocation is Null'; $pdo = dbConnect($dbname); $stmt = $pdo->prepare($sql); $stmt->execute(); @@ -2233,15 +2233,15 @@ function getQuestions($type){ } } // +++++++++++++++++++++++++++++++++++++++++++++++++++++++ -// convert cartest from history to cartest table +// convert cartest FROM equipment_history to cartest table // +++++++++++++++++++++++++++++++++++++++++++++++++++++++ function convertCartest(){ include dirname(__FILE__,2).'/settings/settings.php'; -//GET CARTEST FROM HISTORY TABLE +//GET CARTEST FROM equipment_history TABLE $pdo = dbConnect($dbname); -$sql = 'SELECT * FROM history WHERE type="cartest"'; +$sql = 'SELECT * FROM equipment_history WHERE type="cartest"'; $stmt = $pdo->prepare($sql); //Excute Query $stmt->execute(); @@ -2283,7 +2283,7 @@ $messages = $stmt->fetchAll(PDO::FETCH_ASSOC); $stmt->execute([$carbrand,$cartype,$header,$questions,$datapoints,$nametester,$accounthierarchy]); //MARK HISTORY ITEM FOR DELETATION - $sql = 'UPDATE history SET type = "delete" WHERE rowID = '.$message['rowID']; + $sql = 'UPDATE equipment_history SET type = "delete" WHERE rowID = '.$message['rowID']; $stmt = $pdo->prepare($sql); //Excute Query $stmt->execute(); @@ -2304,7 +2304,7 @@ function traintotalMeasurement(){ $pdo = dbConnect($dbname); //GET DATA - $sql = 'SELECT h.rowID, h.description,h.equipmentid,p.productcode,e.hw_version FROM history h JOIN equipment e ON h.equipmentid = e.rowID JOIN products p ON e.productrowid = p.rowID where p.healthindex = 1 and h.type="Maintenance_Test" and h.description like "%doubletestvalues%"'; + $sql = 'SELECT h.rowID, h.description,h.equipmentid,p.productcode,e.hw_version FROM equipment_history h JOIN equipment e ON h.equipmentid = e.rowID JOIN products p ON e.productrowid = p.rowID where p.healthindex = 1 and h.type="Maintenance_Test" and h.description like "%doubletestvalues%"'; $stmt = $pdo->prepare($sql); $stmt->execute(); $messages = $stmt->fetchAll(PDO::FETCH_ASSOC); @@ -2566,7 +2566,7 @@ function storeMeasurementEquipment($serialnumber){ $clause = (!empty($serialnumber) || $serialnumber !='')? 'e.serialnumber = "'.$serialnumber.'" AND': ''; //GET DATA - $sql = 'SELECT h.rowID, h.description,h.equipmentid,p.productcode,e.hw_version FROM history h JOIN equipment e ON h.equipmentid = e.rowID JOIN products p ON e.productrowid = p.rowID where '.$clause.' type="Maintenance_Test" and description like "%doubletestvalues%"'; + $sql = 'SELECT h.rowID, h.description,h.equipmentid,p.productcode,e.hw_version FROM equipment_history h JOIN equipment e ON h.equipmentid = e.rowID JOIN products p ON e.productrowid = p.rowID where '.$clause.' type="Maintenance_Test" and description like "%doubletestvalues%"'; $stmt = $pdo->prepare($sql); $stmt->execute(); $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);