From bc7e83efe962c44181bd59f4462b6b511eb1357f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9CVeLiTi=E2=80=9D?= <“info@veliti.nl”>
Date: Sun, 23 Feb 2025 15:25:06 +0100
Subject: [PATCH] CMXX - Changed consumer_identity to identity

---
 .../{consumer_identity.php => identity.php}   |  4 +-
 .../{consumer_identity.php => identity.php}   | 37 ++++++++++---------
 settings/settingsmenu.php                     |  8 ++--
 settings/settingsprofiles.php                 |  4 +-
 settings/settingsviews.php                    |  2 +-
 5 files changed, 29 insertions(+), 26 deletions(-)
 rename api/v2/get/{consumer_identity.php => identity.php} (93%)
 rename api/v2/post/{consumer_identity.php => identity.php} (82%)

diff --git a/api/v2/get/consumer_identity.php b/api/v2/get/identity.php
similarity index 93%
rename from api/v2/get/consumer_identity.php
rename to api/v2/get/identity.php
index 0a59a06..5c1f5c6 100644
--- a/api/v2/get/consumer_identity.php
+++ b/api/v2/get/identity.php
@@ -52,11 +52,11 @@ if(isset($get_content) && $get_content!=''){
 
 if(isset($criterias['totals']) && $criterias['totals'] ==''){
 //Request for total rows
-    $sql = 'SELECT count(*) as count from consumer_identity '.$whereclause.'';
+    $sql = 'SELECT count(*) as count from identity '.$whereclause.'';
 } 
 else {
     //SQL for Paging 
-    $sql = 'SELECT id,email,profile,first_name,last_name,address_street,address_city,address_state,address_zip,address_country,registered,address_phone,lastlogin,userkey,language,login_count,created,createdby,updated,updatedby,accounthierarchy FROM consumer_identity '.$whereclause.' ORDER BY lastlogin DESC LIMIT :page,:num_products';
+    $sql = 'SELECT id,email,profile,first_name,last_name,address_street,address_city,address_state,address_zip,address_country,registered,address_phone,lastlogin,userkey,language,login_count,created,createdby,updated,updatedby,accounthierarchy FROM identity '.$whereclause.' ORDER BY lastlogin DESC LIMIT :page,:num_products';
 }
 
 $stmt = $pdo->prepare($sql);
diff --git a/api/v2/post/consumer_identity.php b/api/v2/post/identity.php
similarity index 82%
rename from api/v2/post/consumer_identity.php
rename to api/v2/post/identity.php
index 9b8dd55..ae31c5f 100644
--- a/api/v2/post/consumer_identity.php
+++ b/api/v2/post/identity.php
@@ -2,7 +2,7 @@
 defined($security_key) or exit;
 
 //------------------------------------------
-// consumer_identity
+// identity
 //------------------------------------------
 //Connect to DB
 $pdo = dbConnect($dbname);
@@ -47,7 +47,7 @@ $resetkey = generate_jwt($headers, $payload);
 if ($id != '' && $command == 'reset'){
 
     //STEP 1 - Get username
-    $stmt = $pdo->prepare('SELECT * FROM consumer_identity WHERE userkey = ?');
+    $stmt = $pdo->prepare('SELECT * FROM identity WHERE userkey = ?');
     $stmt->execute([$id]);
     $consumer_data = $stmt->fetch();
 
@@ -66,7 +66,7 @@ if ($id != '' && $command == 'reset'){
 //ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
 if ($command == 'update'){ 
     //Define Query
-    $stmt = $pdo->prepare('SELECT * FROM consumer_identity WHERE userkey = ?');
+    $stmt = $pdo->prepare('SELECT * FROM identity WHERE userkey = ?');
     $stmt->execute([$id]);
     $consumer_data = $stmt->fetch();
 
@@ -78,23 +78,25 @@ if ($command == 'update'){
  
 }
 elseif ($command == 'insert'){
-    $post_content['password'] = bin2hex(random_bytes(25)); //generate initial password
+    $post_content['password'] = password_hash($post_content['password'], PASSWORD_DEFAULT);; //generate initial password
     $post_content['language'] = isset($post_content['language']) ? $post_content['language'] : 'US';
+    $post_content['profile'] = 0;
+    $post_content['isverified'] = 0;
 }
 elseif ($command == 'login'){
 
     //SETUP SQL FOR LOGIN_COUNT
-    $sql_login = 'UPDATE consumer_identity SET login_count = ? WHERE id = ?';
+    $sql_login = 'UPDATE identity SET login_count = ? WHERE id = ?';
 
     // Check if the account exists
-    $stmt = $pdo->prepare('SELECT * FROM consumer_identity WHERE email = ?');
+    $stmt = $pdo->prepare('SELECT * FROM identity WHERE email = ?');
     $stmt->execute([ $post_content['email'] ]);
     $account = $stmt->fetch(PDO::FETCH_ASSOC);
     
     if (count($account) != 0){
 
         //CHECK NUMBER OF LOGIN ATTEMPTS IS BELOW 5
-        if($user_data['login_count'] < 5){
+        if($account['login_count'] < 5 || $account['isverified'] == 0 ){
             // If account exists verify password
             if ($account && password_verify($post_content['password'], $account['password'])) {
             
@@ -128,7 +130,8 @@ elseif ($command == 'login'){
         }
         else {
             //User is blocked & send error
-            $messages = '1';
+            $messages = ($account['isverified'] == 0)? 0 : 1; //0 = not verified 1=blocked
+
             //------------------------------------------
             //Send results
             //------------------------------------------
@@ -163,8 +166,8 @@ $clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
 $input_insert = substr($input_insert, 1); //Clean clause - remove first comma
 
 //QUERY AND VERIFY ALLOWED
-if ($command == 'update' && (isAllowed('consumer_identity',$profile,$permission,'U') === 1)){
-    $sql = 'UPDATE consumer_identity SET '.$clause.' WHERE userkey = ? '.$whereclause.'';
+if ($command == 'update' && (isAllowed('identity',$profile,$permission,'U') === 1)){
+    $sql = 'UPDATE identity SET '.$clause.' WHERE userkey = ? '.$whereclause.'';
 
     $execute_input[] = $id;
     $stmt = $pdo->prepare($sql);
@@ -173,19 +176,19 @@ if ($command == 'update' && (isAllowed('consumer_identity',$profile,$permission,
 } 
 elseif ($command == 'insert' && isAllowed('',$profile,$permission,'C') === 1){
     
-    //check if consumer_identity exists
-    $stmt = $pdo->prepare('SELECT * FROM consumer_identity WHERE email = ?');
+    //check if identity exists
+    $stmt = $pdo->prepare('SELECT * FROM identity WHERE email = ?');
     $stmt->execute([$post_content['email']]);
     $consumer_exist = $stmt->fetch();
 
     $exists = (isset($consumer_exist['email']))? 1 : 0;
     if($consumer_exist == 0 ){
-        $sql = 'INSERT INTO consumer_identity ('.$clause_insert.') VALUES ('.$input_insert.')';
+        $sql = 'INSERT INTO identity ('.$clause_insert.') VALUES ('.$input_insert.')';
         $stmt = $pdo->prepare($sql);
         $stmt->execute($execute_input);
 
         //STEP 2- Send to user
-        $messages = json_encode(array('consumer_email'=> $post_content['email'], "resetkey" => $resetkey), JSON_UNESCAPED_UNICODE);
+        $messages = json_encode(array('consumer_email'=> $post_content['email'],'accountID' => $account['userkey'],'profile' => $post_content['profile'], 'resetkey' => $resetkey), JSON_UNESCAPED_UNICODE);
         //Send results
         echo $messages;
         exit;
@@ -199,13 +202,13 @@ elseif ($command == 'insert' && isAllowed('',$profile,$permission,'C') === 1){
         echo $messages;            
     }
 }
-elseif ($command == 'delete' && isAllowed('consumer_identity',$profile,$permission,'D') === 1){
+elseif ($command == 'delete' && isAllowed('identity',$profile,$permission,'D') === 1){
     //delete equipment
-    $stmt = $pdo->prepare('DELETE FROM consumer_identity WHERE userkey = ? '.$whereclause.'');
+    $stmt = $pdo->prepare('DELETE FROM identity WHERE userkey = ? '.$whereclause.'');
     $stmt->execute([ $id ]);
 
     //Add deletion to changelog
-    changelog($dbname,'consumer_identity',$id,'Delete','Delete',$consumername);
+    changelog($dbname,'identity',$id,'Delete','Delete',$consumername);
 } else
 {
     //do nothing
diff --git a/settings/settingsmenu.php b/settings/settingsmenu.php
index b47c0de..eb6e9e4 100644
--- a/settings/settingsmenu.php
+++ b/settings/settingsmenu.php
@@ -47,11 +47,11 @@ $main_menu = [
             "icon" => "fas fa-tachometer-alt",
             "name" => "menu_sales_orders"  
         ],
-        "consumer_identity" => [
-            "url" => "consumer_identity", 
-            "selected" => "consumer_identity", 
+        "identity" => [
+            "url" => "identity", 
+            "selected" => "identity", 
             "icon" => "fas fa-tachometer-alt",
-            "name" => "menu_consumer_identity"  
+            "name" => "menu_identity"  
         ]
     ],
     "buildtool" => [
diff --git a/settings/settingsprofiles.php b/settings/settingsprofiles.php
index 9018c69..2999088 100644
--- a/settings/settingsprofiles.php
+++ b/settings/settingsprofiles.php
@@ -6,11 +6,11 @@ define('superuser_profile','dashboard,profile,assets,equipments,equipment,equipm
 /*Admin*/
 define('admin_profile','dashboard,profile,buildtool,sales,accounts,account,contracts,contract,contract_manage,cartests,cartest,cartest_manage,assets,equipments,equipment,equipment_healthindex,equipment_data,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,rmas,rma,rma_manage,rma_history,rma_history_manage,buildtool,products,products_versions,products_software,product,product_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,communications,communication,communication_send,marketing,reporting,report_build,report_contracts_billing,report_healthindex,changelog,application');
 /*AdminPlus*/
-define('adminplus_profile','dashboard,profile,buildtool,sales,accounts,account,contracts,contract,contract_manage,billing,cartests,cartest,cartest_manage,assets,equipments,equipment,equipment_healthindex,equipment_data,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,rmas,rma,rma_manage,rma_history,rma_history_manage,buildtool,products,products_versions,products_software,products_attributes,products_attributes_items,products_attributes_manage,products_configurations,products_categories,products_media,product,product_manage,pricelists,pricelists_items,pricelists_manage,catalog,categories,category,discounts,discount,shipping,shipping_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,communications,communication,communication_send,marketing,reporting,report_build,report_contracts_billing,report_healthindex,report_usage,config,settings,logfile,changelog,language,translations,translations_details,translation_manage,media,media_manage,application,maintenance,uploader,profiles,vin,shopping_cart,checkout,placeorder,taxes,transactions,transactions_items,invoice,order,orders,consumer_identity');
+define('adminplus_profile','dashboard,profile,buildtool,sales,accounts,account,contracts,contract,contract_manage,billing,cartests,cartest,cartest_manage,assets,equipments,equipment,equipment_healthindex,equipment_data,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,rmas,rma,rma_manage,rma_history,rma_history_manage,buildtool,products,products_versions,products_software,products_attributes,products_attributes_items,products_attributes_manage,products_configurations,products_categories,products_media,product,product_manage,pricelists,pricelists_items,pricelists_manage,catalog,categories,category,discounts,discount,shipping,shipping_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,communications,communication,communication_send,marketing,reporting,report_build,report_contracts_billing,report_healthindex,report_usage,config,settings,logfile,changelog,language,translations,translations_details,translation_manage,media,media_manage,application,maintenance,uploader,profiles,vin,shopping_cart,checkout,placeorder,taxes,transactions,transactions_items,invoice,order,orders,identity');
 /*Build*/
 define('build','dashboard,profile,buildtool,firmwaretool,buildtool,products_software,application');
 /*Commerce*/
-define('commerce','dashboard,profile,products,products_versions,products_software,products_attributes,products_attributes_items,products_attributes_manage,products_configurations,products_categories,products_media,product,product_manage,pricelists,pricelists_items,pricelists_manage,catalog,categories,category,discounts,discount,shipping,shipping_manage,admin,partners,partner,users,user,user_manage,translations,translations_details,translation_manage,media,media_manage,application,uploader,shopping_cart,checkout,placeorder,taxes,transactions,transactions_items,invoice,order,orders,consumer_identity');
+define('commerce','dashboard,profile,products,products_versions,products_software,products_attributes,products_attributes_items,products_attributes_manage,products_configurations,products_categories,products_media,product,product_manage,pricelists,pricelists_items,pricelists_manage,catalog,categories,category,discounts,discount,shipping,shipping_manage,admin,partners,partner,users,user,user_manage,translations,translations_details,translation_manage,media,media_manage,application,uploader,shopping_cart,checkout,placeorder,taxes,transactions,transactions_items,invoice,order,orders,identity');
 /*Distribution*/
 define('distribution','dashboard,profile,assets,equipments,equipment,equipment_manage,equipment_manage_edit,equipments_mass_update,histories,history,history_manage,firmwaretool,products,products_versions,products_software,product,product_manage,servicereports,servicereport,admin,partners,partner,users,user,user_manage,marketing,application');
 /*Firmware*/
diff --git a/settings/settingsviews.php b/settings/settingsviews.php
index f99f79e..648dded 100644
--- a/settings/settingsviews.php
+++ b/settings/settingsviews.php
@@ -97,7 +97,7 @@ $all_views = [
     "invoice",
     "order",
     "orders",
-    "consumer_identity"
+    "identity"
 ];
 
 ?>
\ No newline at end of file