pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add API endpoints and management pages for software versions and upgrade paths

Browse Source 
- Implemented API endpoint for managing software versions in `products_software_versions.php`.
- Created management page for software version assignments in `products_software_assignments.php`.
- Developed upgrade paths management functionality in `products_software_upgrade_paths_manage.php`.
- Enhanced software version details page in `products_software_version.php`.
- Added form handling and validation for software version creation and updates in `products_software_version_manage.php`.
- Introduced pagination and filtering for software versions in `products_software_versions.php`.
- Implemented success message handling for CRUD operations across various pages.
This commit is contained in:
“VeLiTi”
2025-12-15 14:52:50 +01:00
parent 2b42013e23
commit bdb460c046
26 changed files with 2969 additions and 67 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
api/v2/get/generate_download_token.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Generate Download Token Helper
// Allows authenticated users to generate download URL tokens server-side
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//NEW ARRAY
$criterias = [];
//Parse GET parameters
if(isset($get_content) && $get_content != ''){
$requests = explode("&", $get_content);
foreach ($requests as $y){
$v = explode("=", $y);
$criterias[$v[0]] = $v[1];
}
}
// Validate required parameters
if (!isset($criterias['sn']) || !isset($criterias['version_id'])) {
http_response_code(400);
echo json_encode(["error" => "MISSING_PARAMETERS", "message" => "sn and version_id required"]);
exit;
}
// Generate token
$token = create_download_url_token($criterias['sn'], $criterias['version_id']);
$download_url = "https://" . $_SERVER['SERVER_NAME'] . "/api.php/v2/get/software_download?token=" . $token;
// Return token and download URL
echo json_encode([
"success" => true,
"token" => $token,
"download_url" => $download_url,
"expires_in_seconds" => 900,
"serial_number" => $criterias['sn'],
"version_id" => $criterias['version_id']
]);
?>

122
api/v2/get/products_software_assignment.php Normal file
View File

@@ -0,0 +1,122 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Products Software Assignment
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
list($whereclause,$condition) = getWhereclauselvl2("software_assignment",$permission,$partner,'get');
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND (product_id like :'.$v[0].' OR software_version_id like :'.$v[0].')';
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM products_software_assignment '.$whereclause.'';
}
elseif (isset($criterias['list']) && $criterias['list'] =='') {
//SQL for list
$sql = 'SELECT * FROM products_software_assignment '.$whereclause.' ORDER BY created DESC';
}
else {
if (isset($criterias['product_id'])) {
// No paging for specific product
$sql = 'SELECT * FROM products_software_assignment '.$whereclause.' ORDER BY created DESC';
$stmt = $pdo->prepare($sql);
} else {
// Paged
$sql = 'SELECT * FROM products_software_assignment '.$whereclause.' ORDER BY created DESC LIMIT :page,:num_assignments';
$stmt = $pdo->prepare($sql);
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * $page_rows_software_assignment, PDO::PARAM_INT);
$stmt->bindValue('num_assignments', $page_rows_software_assignment, PDO::PARAM_INT);
}
}
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
elseif(isset($criterias['list']) && $criterias['list']==''){
//Execute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
else {
if (isset($criterias['product_id'])) {
//Execute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
} else {
//Execute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
}
//Send results
echo json_encode($messages);
?>

111
api/v2/get/products_software_licenses.php Normal file
View File

@@ -0,0 +1,111 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Products Software Licenses
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
list($whereclause,$condition) = getWhereclauselvl2("software_licenses",$permission,$partner,'get');
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND (license_key like :'.$v[0].')';
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM products_software_licenses '.$whereclause.'';
}
elseif (isset($criterias['list']) && $criterias['list'] =='') {
//SQL for list
$sql = 'SELECT l.*, u.username, v.name as version_name FROM products_software_licenses l LEFT JOIN users u ON l.user_id = u.id LEFT JOIN products_software_versions v ON l.version_id = v.rowID '.$whereclause.' ORDER BY l.created DESC';
}
else {
//SQL for paged
$sql = 'SELECT l.*, u.username, v.name as version_name FROM products_software_licenses l LEFT JOIN users u ON l.user_id = u.id LEFT JOIN products_software_versions v ON l.version_id = v.rowID '.$whereclause.' ORDER BY l.created DESC LIMIT :page,:num_licenses';
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
elseif(isset($criterias['list']) && $criterias['list']==''){
//Execute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * 50, PDO::PARAM_INT);
$stmt->bindValue('num_licenses', 50, PDO::PARAM_INT);
//Execute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//Send results
echo json_encode($messages);
?>

111
api/v2/get/products_software_upgrade_paths.php Normal file
View File

@@ -0,0 +1,111 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Products Software Upgrade Paths
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
list($whereclause,$condition) = getWhereclauselvl2("software_upgrade_paths",$permission,$partner,'get');
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND (description like :'.$v[0].')';
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM products_software_upgrade_paths '.$whereclause.'';
}
elseif (isset($criterias['list']) && $criterias['list'] =='') {
//SQL for list
$sql = 'SELECT * FROM products_software_upgrade_paths '.$whereclause.' ORDER BY created DESC';
}
else {
//SQL for paged
$sql = 'SELECT * FROM products_software_upgrade_paths '.$whereclause.' ORDER BY created DESC LIMIT :page,:num_paths';
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
elseif(isset($criterias['list']) && $criterias['list']==''){
//Execute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * 50, PDO::PARAM_INT); // Assuming 50 per page
$stmt->bindValue('num_paths', 50, PDO::PARAM_INT);
//Execute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//Send results
echo json_encode($messages);
?>

112
api/v2/get/products_software_versions.php Normal file
View File

@@ -0,0 +1,112 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Products Software Versions
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
list($whereclause,$condition) = getWhereclauselvl2("software_versions",$permission,$partner,'get');
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND (name like :'.$v[0].' OR version like :'.$v[0].' OR description like :'.$v[0].')';
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM products_software_versions '.$whereclause.'';
}
elseif (isset($criterias['list']) && $criterias['list'] =='') {
//SQL for list
$sql = 'SELECT * FROM products_software_versions '.$whereclause.' ORDER BY created DESC';
}
else {
//SQL for paged
$sql = 'SELECT * FROM products_software_versions '.$whereclause.' ORDER BY created DESC LIMIT :page,:num_versions';
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
elseif(isset($criterias['list']) && $criterias['list']==''){
//Execute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * $page_rows_software_versions, PDO::PARAM_INT);
$stmt->bindValue('num_versions', $page_rows_software_versions, PDO::PARAM_INT);
//Execute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//Send results
echo json_encode($messages);
?>

284
api/v2/get/software_download.php Normal file
View File

@@ -0,0 +1,284 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Secure Software Download API
// Validates time-based URL token and streams firmware files
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
var_dump($_GET);
// STEP 1: Validate token parameter exists
if (!isset($_GET['token']) || $_GET['token'] == '') {
http_response_code(400);
echo json_encode(["error" => "MISSING_TOKEN", "message" => "Download token required"]);
exit;
}
$download_start = microtime(true);
// URL decode the token in case it was encoded during transmission
$url_token = urldecode($_GET['token']);
// STEP 2: Validate and decode URL token using standalone secure function
$token_data = validate_secure_download_token($url_token);
if (isset($token_data['error'])) {
http_response_code(403);
echo json_encode([
"error" => $token_data['error'],
"message" => $token_data['message']
]);
exit;
}
$serial_number = $token_data['sn'];
$version_id = $token_data['version_id'];
// STEP 3: Get equipment data (reuse software_update.php logic)
$sql = 'SELECT
e.rowID as equipment_rowid,
e.productrowid,
e.sw_version as current_sw_version,
e.hw_version,
e.sw_version_license,
e.accounthierarchy,
p.productcode
FROM equipment e
JOIN products p ON e.productrowid = p.rowID
WHERE e.serialnumber = ?';
$stmt = $pdo->prepare($sql);
$stmt->execute([$serial_number]);
$equipment = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$equipment) {
http_response_code(404);
log_download([
'user_id' => $user_data['id'],
'version_id' => $version_id,
'status' => 'failed',
'error_message' => 'Equipment not found',
'createdby' => $username
]);
echo json_encode(["error" => "EQUIPMENT_NOT_FOUND", "message" => "Equipment not found"]);
exit;
}
// STEP 4: Get version data
$sql = 'SELECT
psv.rowID,
psv.version,
psv.name,
psv.file_path,
psv.hw_version,
psv.status
FROM products_software_versions psv
WHERE psv.rowID = ?';
$stmt = $pdo->prepare($sql);
$stmt->execute([$version_id]);
$version = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$version) {
http_response_code(404);
log_download([
'user_id' => $user_data['id'],
'version_id' => $version_id,
'status' => 'failed',
'error_message' => 'Version not found',
'accounthierarchy' => $equipment['accounthierarchy'],
'createdby' => $username
]);
echo json_encode(["error" => "VERSION_NOT_FOUND", "message" => "Version not found"]);
exit;
}
if ($version['status'] != 1) {
http_response_code(403);
log_download([
'user_id' => $user_data['id'],
'version_id' => $version_id,
'status' => 'failed',
'error_message' => 'Version inactive',
'accounthierarchy' => $equipment['accounthierarchy'],
'createdby' => $username
]);
echo json_encode(["error" => "VERSION_INACTIVE", "message" => "Version is not active"]);
exit;
}
// STEP 5: Check version is assigned to product
$sql = 'SELECT COUNT(*) as assigned
FROM products_software_assignment
WHERE product_id = ? AND software_version_id = ? AND status = 1';
$stmt = $pdo->prepare($sql);
$stmt->execute([$equipment['productrowid'], $version_id]);
$assignment = $stmt->fetch(PDO::FETCH_ASSOC);
if ($assignment['assigned'] == 0) {
http_response_code(403);
log_download([
'user_id' => $user_data['id'],
'version_id' => $version_id,
'status' => 'failed',
'error_message' => 'Version not assigned to product',
'accounthierarchy' => $equipment['accounthierarchy'],
'createdby' => $username
]);
echo json_encode(["error" => "VERSION_NOT_ASSIGNED", "message" => "Version not assigned to product"]);
exit;
}
// STEP 6: Hardware version compatibility
if ($version['hw_version'] && $version['hw_version'] != '' && $equipment['hw_version']) {
if ($version['hw_version'] != $equipment['hw_version']) {
http_response_code(403);
log_download([
'user_id' => $user_data['id'],
'version_id' => $version_id,
'status' => 'failed',
'error_message' => 'Hardware version mismatch',
'accounthierarchy' => $equipment['accounthierarchy'],
'createdby' => $username
]);
echo json_encode(["error" => "HW_VERSION_MISMATCH", "message" => "Hardware version incompatible"]);
exit;
}
}
// STEP 7: License validation (reuse software_update.php logic)
$current_sw_version = $equipment['current_sw_version'];
// Get upgrade pricing
$sql = 'SELECT price, currency
FROM products_software_upgrade_paths pup
JOIN products_software_versions from_ver ON pup.from_version_id = from_ver.rowID
WHERE pup.to_version_id = ? AND from_ver.version = ? AND pup.is_active = 1';
$stmt = $pdo->prepare($sql);
$stmt->execute([$version_id, $current_sw_version]);
$upgrade_pricing = $stmt->fetch(PDO::FETCH_ASSOC);
$final_price = $upgrade_pricing['price'] ?? '0.00';
if ($final_price > 0) {
// Paid upgrade - check license
$sw_version_license = $equipment['sw_version_license'];
if (!$sw_version_license) {
http_response_code(402);
log_download([
'user_id' => $user_data['id'],
'version_id' => $version_id,
'status' => 'failed',
'error_message' => 'License required',
'accounthierarchy' => $equipment['accounthierarchy'],
'createdby' => $username
]);
echo json_encode([
"error" => "LICENSE_REQUIRED",
"message" => "Valid license required",
"price" => $final_price,
"currency" => $upgrade_pricing['currency']
]);
exit;
}
// Validate license
$sql = 'SELECT status, starts_at, expires_at
FROM products_software_licenses
WHERE license_key = ? AND equipment_id = ?';
$stmt = $pdo->prepare($sql);
$stmt->execute([$sw_version_license, $equipment['equipment_rowid']]);
$license = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$license || $license['status'] != 1) {
http_response_code(402);
log_download([
'user_id' => $user_data['id'],
'version_id' => $version_id,
'status' => 'failed',
'error_message' => 'Invalid license',
'accounthierarchy' => $equipment['accounthierarchy'],
'createdby' => $username
]);
echo json_encode(["error" => "INVALID_LICENSE", "message" => "License is invalid"]);
exit;
}
// Check license date validity
$now = date('Y-m-d H:i:s');
if (($license['starts_at'] && $license['starts_at'] > $now) ||
($license['expires_at'] && $license['expires_at'] < $now)) {
http_response_code(402);
log_download([
'user_id' => $user_data['id'],
'version_id' => $version_id,
'status' => 'failed',
'error_message' => 'License expired',
'accounthierarchy' => $equipment['accounthierarchy'],
'createdby' => $username
]);
echo json_encode(["error" => "LICENSE_EXPIRED", "message" => "License is expired"]);
exit;
}
}
// STEP 8: Build file path and verify exists
$firmware_path = dirname(__FILE__, 4) . '/firmware/' . $version['file_path'];
if (!file_exists($firmware_path)) {
http_response_code(404);
log_download([
'user_id' => $user_data['id'],
'version_id' => $version_id,
'status' => 'failed',
'error_message' => 'File not found on server',
'accounthierarchy' => $equipment['accounthierarchy'],
'createdby' => $username
]);
echo json_encode(["error" => "FILE_NOT_FOUND", "message" => "Firmware file not available"]);
exit;
}
// STEP 9: Stream file and log
$file_size = filesize($firmware_path);
try {
// Log successful download before streaming
$download_time = round(microtime(true) - $download_start);
log_download([
'user_id' => $user_data['id'],
'version_id' => $version_id,
'file_size' => $file_size,
'download_time_seconds' => $download_time,
'status' => 'success',
'accounthierarchy' => $equipment['accounthierarchy'],
'createdby' => $username
]);
// Stream file (function handles path traversal check and exits after streaming)
stream_file_download($firmware_path, $version['file_path']);
} catch (Exception $e) {
log_download([
'user_id' => $user_data['id'],
'version_id' => $version_id,
'file_size' => $file_size,
'status' => 'failed',
'error_message' => $e->getMessage(),
'accounthierarchy' => $equipment['accounthierarchy'],
'createdby' => $username
]);
http_response_code(500);
echo json_encode(["error" => "DOWNLOAD_FAILED", "message" => "Download failed"]);
}
?>

202
api/v2/get/software_update.php Normal file
View File

@@ -0,0 +1,202 @@
<?php
defined($security_key) or exit;
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
//------------------------------------------
// Products Software Upgrades API
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
}
}
// IF SN IS PROVIDED, HANDLE UPGRADE OPTIONS
if (isset($criterias['sn']) && $criterias['sn'] != ''){
//default output (array of options)
$output = [];
//check if current version is send and update the equipment record
if(isset($criterias['version']) && $criterias['version'] !=''){
$sql = 'UPDATE equipment SET sw_version = ?, updatedby = ? WHERE serialnumber = ? ';
$stmt = $pdo->prepare($sql);
$stmt->execute([$criterias['version'],$username,$criterias['sn']]);
}
//check if current hw_version is send and update the equipment record
if(isset($criterias['hw_version']) && $criterias['hw_version'] !=''){
$sql = 'UPDATE equipment SET hw_version = ?, updatedby = ? WHERE serialnumber = ? ';
$stmt = $pdo->prepare($sql);
$stmt->execute([$criterias['hw_version'],$username,$criterias['sn']]);
}
//GET EQUIPMENT AND PRODUCT DATA BASED ON SERIAL NUMBER
$sql = 'SELECT
p.rowID as product_rowid,
p.productcode,
e.sw_version as current_sw_version,
e.hw_version,
e.sw_version_license,
e.rowID as equipment_rowid
FROM equipment e
JOIN products p ON e.productrowid = p.rowID
WHERE e.serialnumber = ?';
$stmt = $pdo->prepare($sql);
$stmt->execute([$criterias['sn']]);
$equipment_data = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$equipment_data) {
$messages = ["error" => "No equipment found for serialnumber"];
} else {
$product_rowid = $equipment_data['product_rowid'];
$productcode = $equipment_data['productcode'];
$current_sw_version = $equipment_data['current_sw_version'];
$hw_version = $equipment_data['hw_version'];
$sw_version_license = $equipment_data['sw_version_license'];
$equipment_rowid = $equipment_data['equipment_rowid'];
//GET ALL DATA: active assignments, version details, and upgrade paths
//Filter on active status and hw_version compatibility
$sql = 'SELECT
psv.rowID as version_id,
psv.version,
psv.name,
psv.description,
psv.mandatory,
psv.latest,
psv.hw_version,
psv.file_path,
pup.price,
pup.currency,
pup.from_version_id,
from_ver.version as from_version
FROM products_software_assignment psa
JOIN products_software_versions psv ON psa.software_version_id = psv.rowID
LEFT JOIN products_software_upgrade_paths pup ON pup.to_version_id = psv.rowID AND pup.is_active = 1
LEFT JOIN products_software_versions from_ver ON pup.from_version_id = from_ver.rowID
WHERE psa.product_id = ?
AND psa.status = 1
AND (psv.hw_version = ? OR psv.hw_version IS NULL OR psv.hw_version = "")
AND (? IS NULL OR ? = "" OR psv.version != ?)';
$stmt = $pdo->prepare($sql);
$stmt->execute([$product_rowid, $hw_version, $current_sw_version, $current_sw_version, $current_sw_version]);
$versions = $stmt->fetchAll(PDO::FETCH_ASSOC);
if (empty($versions)) {
$messages = ["error" => "No active software assignments found for product"];
} else {
foreach ($versions as $version) {
//Check if this version should be shown:
//1. If there's a matching upgrade path from current version, show it
//2. If no current version exists, show all
//3. If there's no upgrade path but also no paths exist for this version at all, show it (free upgrade)
$show_version = false;
if (!$current_sw_version || $current_sw_version == '') {
//No current version - show all
$show_version = true;
} elseif ($version['from_version'] == $current_sw_version) {
//Upgrade path exists from current version
$show_version = true;
} else {
//Check if any upgrade paths exist for this version
$sql = 'SELECT COUNT(*) as path_count
FROM products_software_upgrade_paths
WHERE to_version_id = ? AND is_active = 1';
$stmt = $pdo->prepare($sql);
$stmt->execute([$version['version_id']]);
$path_check = $stmt->fetch(PDO::FETCH_ASSOC);
if ($path_check['path_count'] == 0) {
//No paths exist at all - show as free upgrade
$show_version = true;
}
}
if ($show_version) {
//Check if there's a valid license for this upgrade
$final_price = $version['price'] ?? '0.00';
$final_currency = $version['currency'] ?? '';
if ($final_price > 0 && $sw_version_license) {
//Check if the license is valid
$sql = 'SELECT status, start_at, expires_at
FROM products_software_licenses
WHERE license_key = ? AND equipment_id = ?';
$stmt = $pdo->prepare($sql);
$stmt->execute([$sw_version_license, $equipment_rowid]);
$license = $stmt->fetch(PDO::FETCH_ASSOC);
if ($license && $license['status'] == 1) {
$now = date('Y-m-d H:i:s');
$start_at = $license['start_at'];
$expires_at = $license['expires_at'];
//Check if license is within valid date range
if ((!$start_at || $start_at <= $now) && (!$expires_at || $expires_at >= $now)) {
$final_price = '0.00';
}
}
}
$output[] = [
"productcode" => $productcode,
"name" => $version['name'] ?? '',
"version" => $version['version'],
"version_id" => $version['version_id'],
"description" => $version['description'] ?? '',
"hw_version" => $version['hw_version'] ?? '',
"mandatory" => $version['mandatory'] ?? '',
"latest" => $version['latest'] ?? '',
"software" => $version['file_path'] ?? '',
"source" => '',
"source_type" => '',
"price" => $final_price,
"currency" => $final_currency
];
}
}
//GENERATE DOWNLOAD TOKENS FOR EACH OPTION
foreach ($output as &$option) {
// Generate time-based download token
$download_token = create_download_url_token($criterias['sn'], $option['version_id']);
// Create secure download URL
$download_url = 'https://'.$_SERVER['SERVER_NAME'].'/api.php/v2/software_download/token='.$download_token;
// Set source as download URL
$option['source'] = $download_url;
$option['source_type'] = 'token_url';
}
$messages = $output;
}
}
}
else {
$messages = ["error" => "No serialnumber found"];
}
//Encrypt results
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
?>

93
api/v2/post/products_software_assignment.php Normal file
View File

@@ -0,0 +1,93 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Products Software Assignment
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
list($whereclause,$condition) = getWhereclauselvl2("software_assignment",$permission,$partner,'');
//SET PARAMETERS FOR QUERY
$id = $post_content['rowID'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
$date = date('Y-m-d H:i:s');
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){
$post_content['updated'] = $date;
$post_content['updatedby'] = $username;
}
elseif ($command == 'insert'){
$post_content['created'] = $date;
$post_content['createdby'] = $username;
// No accounthierarchy for assignments
}
else {
//do nothing
}
//CREATE NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'rowID'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('products_software_assignment',$profile,$permission,'U') === 1){
$sql = 'UPDATE products_software_assignment SET '.$clause.' WHERE rowID = ? ';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && isAllowed('products_software_assignment',$profile,$permission,'C') === 1){
//INSERT NEW ITEM
$sql = 'INSERT INTO products_software_assignment ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('products_software_assignment',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE FROM products_software_assignment WHERE rowID = ? ');
$stmt->execute([ $id ]);
//Add deletion to changelog
changelog($dbname,'products_software_assignment',$id,'Delete','Delete',$username);
} else
{
//do nothing
}
?>

93
api/v2/post/products_software_licenses.php Normal file
View File

@@ -0,0 +1,93 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Products Software Licenses
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
list($whereclause,$condition) = getWhereclauselvl2("software_licenses",$permission,$partner,'');
//SET PARAMETERS FOR QUERY
$id = $post_content['rowID'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
$date = date('Y-m-d H:i:s');
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){
$post_content['updated'] = $date;
$post_content['updatedby'] = $username;
}
elseif ($command == 'insert'){
$post_content['created'] = $date;
$post_content['createdby'] = $username;
$post_content['accounthierarchy'] = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
}
else {
//do nothing
}
//CREATE NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'rowID'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('products_software_licenses',$profile,$permission,'U') === 1){
$sql = 'UPDATE products_software_licenses SET '.$clause.' WHERE rowID = ? ';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && isAllowed('products_software_licenses',$profile,$permission,'C') === 1){
//INSERT NEW ITEM
$sql = 'INSERT INTO products_software_licenses ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('products_software_licenses',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE FROM products_software_licenses WHERE rowID = ? ');
$stmt->execute([ $id ]);
//Add deletion to changelog
changelog($dbname,'products_software_licenses',$id,'Delete','Delete',$username);
} else
{
//do nothing
}
?>

93
api/v2/post/products_software_upgrade_paths.php Normal file
View File

@@ -0,0 +1,93 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Products Software Upgrade Paths
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
list($whereclause,$condition) = getWhereclauselvl2("software_upgrade_paths",$permission,$partner,'');
//SET PARAMETERS FOR QUERY
$id = $post_content['rowID'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
$date = date('Y-m-d H:i:s');
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){
$post_content['updated'] = $date;
$post_content['updatedby'] = $username;
}
elseif ($command == 'insert'){
$post_content['created'] = $date;
$post_content['createdby'] = $username;
$post_content['accounthierarchy'] = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
}
else {
//do nothing
}
//CREATE NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'rowID'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('products_software_upgrade_paths',$profile,$permission,'U') === 1){
$sql = 'UPDATE products_software_upgrade_paths SET '.$clause.' WHERE rowID = ? ';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && isAllowed('products_software_upgrade_paths',$profile,$permission,'C') === 1){
//INSERT NEW ITEM
$sql = 'INSERT INTO products_software_upgrade_paths ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('products_software_upgrade_paths',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE FROM products_software_upgrade_paths WHERE rowID = ? ');
$stmt->execute([ $id ]);
//Add deletion to changelog
changelog($dbname,'products_software_upgrade_paths',$id,'Delete','Delete',$username);
} else
{
//do nothing
}
?>

123
api/v2/post/products_software_versions.php Normal file
View File

@@ -0,0 +1,123 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Products Software Versions
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
list($whereclause,$condition) = getWhereclauselvl2("software_versions",$permission,$partner,'');
//SET PARAMETERS FOR QUERY
$id = $post_content['rowID'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
$date = date('Y-m-d H:i:s');
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){
$post_content['updated'] = $date;
$post_content['updatedby'] = $username;
}
elseif ($command == 'insert'){
$post_content['created'] = $date;
$post_content['createdby'] = $username;
$post_content['accounthierarchy'] = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
}
else {
//do nothing
}
//CREATE NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'rowID'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//SET HW VERSION
$hw_version = (isset($criterias['hw_version']))? $criterias['hw_version']:'';
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('products_software_versions',$profile,$permission,'U') === 1){
//REMOVE LATEST FLAG FROM OTHER WHEN SEND
if (isset($criterias['latest']) && $criterias['latest'] == 1){
$sql = 'UPDATE products_software_versions SET latest = 0 WHERE hw_version = ? AND rowID != ?';
$stmt = $pdo->prepare($sql);
$stmt->execute([$hw_version, $id]);
}
$sql = 'UPDATE products_software_versions SET '.$clause.' WHERE rowID = ? ';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && isAllowed('products_software_versions',$profile,$permission,'C') === 1){
//REMOVE LATEST FLAG FROM OTHER IF SET
if (isset($criterias['latest']) && $criterias['latest'] == 1){
$sql = 'UPDATE products_software_versions SET latest = 0 WHERE hw_version = ?';
$stmt = $pdo->prepare($sql);
$stmt->execute([$hw_version]);
}
//INSERT NEW ITEM
$sql = 'INSERT INTO products_software_versions ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('products_software_versions',$profile,$permission,'D') === 1){
//GET FILE_PATH AND REMOVE FROM SERVER
$sql = 'SELECT file_path FROM products_software_versions WHERE rowID = ? ';
$stmt = $pdo->prepare($sql);
$stmt->execute([$id]);
$version = $stmt->fetch(PDO::FETCH_ASSOC);
if ($version && $version['file_path']){
$file_path = dirname(__FILE__,4)."/firmware/".$version['file_path'];
if (file_exists($file_path)){
unlink($file_path);
}
}
$stmt = $pdo->prepare('DELETE FROM products_software_versions WHERE rowID = ? ');
$stmt->execute([ $id ]);
//Add deletion to changelog
changelog($dbname,'products_software_versions',$id,'Delete','Delete',$username);
} else
{
//do nothing
}
?>