pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CMXX - Link to asset in contract

Browse Source
This commit is contained in:
“VeLiTi”
2024-10-21 17:03:21 +02:00
parent 43144ca91b
commit be96b12e66
10 changed files with 384 additions and 26 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
api/v0/authorization.php
View File

@@ -20,7 +20,7 @@ if (!empty($username) && !empty($password)) {
die("Connection failed: " . $conn->connect_error);
}
$sql = "SELECT id, username, password, service FROM users WHERE username='$username'";
$sql = "SELECT id, username, password, service, lastlogin FROM users WHERE username='$username'";
$result = $conn->query($sql);
if ($result->num_rows == 1) {
@@ -34,14 +34,25 @@ if (!empty($username) && !empty($password)) {
http_response_code(401);
}
else {
$service = bin2hex(random_bytes(25)); //$row['service'];
//Check valid userkey
$valid_key = strtotime('+30 minutes',strtotime($row['lastlogin']));
$valid = ($valid_key <= time())?0:1;
if ($row['service'] != '' && $valid == 0){
$sql_service = 'UPDATE users SET service = ? WHERE id = ?';
$stmt_service = $conn->prepare($sql_service);
$stmt_service->execute([$service, $row['id']]);
}
$jwt = createCommunicationToken($service);
$logindate = date('Y-m-d H:i:s');
$id = $row['id'];
$sql1 = "UPDATE users SET lastlogin = '$logindate', service = '$service' WHERE id='$id'";
$sql1 = "UPDATE users SET lastlogin = '$logindate' WHERE id='$id'";
$conn->query($sql1);
echo json_encode(array('token' => $jwt));

8
api/v1/authorization.php
View File

@@ -48,8 +48,12 @@ if ($stmt->rowCount() == 1) {
} else { //STANDARD LOGIN
if (password_verify($password, $user_data['password'])) {
//Check valid userkey
$valid_key = strtotime('+30 minutes',strtotime($user_data['lastlogin']));
$valid = ($valid_key <= time())?0:1;
//REFRESH USERKEY
if ($user_data['userkey'] != ''){
if ($user_data['userkey'] != '' && $valid == 0){
$user_data['userkey'] = bin2hex(random_bytes(25));
$sql_userkey = 'UPDATE users SET userkey = ? WHERE id = ?';
$stmt_userkey = $pdo->prepare($sql_userkey);
@@ -57,7 +61,7 @@ if ($stmt->rowCount() == 1) {
}
//REFRESH USERKEY
if ($user_data['service'] != ''){
if ($user_data['service'] != '' && $valid == 0){
$user_data['service'] = bin2hex(random_bytes(25));
$sql_service = 'UPDATE users SET service = ? WHERE id = ?';
$stmt_service = $pdo->prepare($sql_service);

8
api/v1/get/contracts.php
View File

@@ -55,6 +55,10 @@ if(isset($get_content) && $get_content!=''){
//build up search
$clause .= ' AND reference like :'.$v[0];
}
elseif ($v[0] == 'servicetool') {
//build up search
$clause .= ' AND servicetool like :'.$v[0];
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
@@ -94,6 +98,10 @@ if (!empty($criterias)){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
elseif ($key == 'servicetool'){
$search_value = '%"'.$value.'"%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}

8
api/v2/authorization.php
View File

@@ -49,8 +49,12 @@ if ($stmt->rowCount() == 1) {
} else { //STANDARD LOGIN
if (password_verify($password, $user_data['password'])) {
//Check valid userkey
$valid_key = strtotime('+30 minutes',strtotime($user_data['lastlogin']));
$valid = ($valid_key <= time())?0:1;
//REFRESH USERKEY
if ($user_data['userkey'] != ''){
if ($user_data['userkey'] != '' && $valid == 0){
$user_data['userkey'] = bin2hex(random_bytes(25));
$sql_userkey = 'UPDATE users SET userkey = ? WHERE id = ?';
$stmt_userkey = $pdo->prepare($sql_userkey);
@@ -58,7 +62,7 @@ if ($stmt->rowCount() == 1) {
}
//REFRESH USERKEY
if ($user_data['service'] != ''){
if ($user_data['service'] != '' && $valid == 0){
$user_data['service'] = bin2hex(random_bytes(25));
$sql_service = 'UPDATE users SET service = ? WHERE id = ?';
$stmt_service = $pdo->prepare($sql_service);

132
api/v2/get/accounts.php Normal file
View File

@@ -0,0 +1,132 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Accounts
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
}
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'accountdetails') {
//build up search
$clause .= ' AND accountdetails like :'.$v[0];
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND accountdetails like :'.$v[0];
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM account '.$whereclause.'';
}
elseif (isset($criterias['list']) && $criterias['list'] =='') {
//SQL for Paging
$sql = 'SELECT * FROM account '.$whereclause.'';
}
else {
//SQL for Paging
$sql = 'SELECT * FROM account '.$whereclause.' LIMIT :page,:num_products';
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search' ||$key == 'accountdetails' ){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
elseif(isset($criterias['list']) && $criterias['list']==''){
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * $page_rows_accounts, PDO::PARAM_INT);
$stmt->bindValue('num_products', $page_rows_accounts, PDO::PARAM_INT);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
?>

8
api/v2/get/contracts.php
View File

@@ -55,6 +55,10 @@ if(isset($get_content) && $get_content!=''){
//build up search
$clause .= ' AND reference like :'.$v[0];
}
elseif ($v[0] == 'servicetool') {
//build up search
$clause .= ' AND servicetool like :'.$v[0];
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
@@ -94,6 +98,10 @@ if (!empty($criterias)){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
elseif ($key == 'servicetool'){
$search_value = '%"'.$value.'"%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}

188
api/v2/post/accounts.php Normal file
View File

@@ -0,0 +1,188 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Products
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
$pdo2 = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause to check if data is owned buy user
$whereclause = '';
switch ($permission) {
case '4':
$whereclause = '';
break;
case '3':
$whereclause = '';
break;
default:
$condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
$whereclause = ' AND accounthierarchy like "'.$condition.'"';
break;
}
//SET PARAMETERS FOR QUERY
$id = $post_content['rowID'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
$date = date('Y-m-d H:i:s');
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
if ($id != ''){
//Define Query
$stmt = $pdo->prepare('SELECT * FROM account WHERE rowID = ?');
$stmt->execute([$id]);
$account_data = $stmt->fetch();
$accounthierarchy_old = json_decode($account_data['accounthierarchy']);
$salesid_new = ((isset($post_content['salesid']) && $post_content['salesid'] != '' && $post_content['salesid'] != $accounthierarchy_old->salesid)? $post_content['salesid'] : $accounthierarchy_old->salesid);
$soldto_new = ((isset($post_content['soldto']) && $post_content['soldto'] != '' && $post_content['soldto'] != $accounthierarchy_old->soldto)? $post_content['soldto'] : $accounthierarchy_old->soldto);
if ($permission == 3 || $permission == 4){
//ADMIN ONLY ARE ALLOWED TO CHANGE SALES AND SOLD
$account = array(
"salesid"=>$salesid_new,
"soldto"=>$soldto_new
);
} else {
$account = array(
"salesid"=>$accounthierarchy_old->salesid,
"soldto"=> $soldto_new
);
}
}
else {
//ID is empty => INSERT / NEW RECORD
//GET PARTNERDETAILS FROM USER
$sales_user = array(
"salesid"=>$partner->salesid,
"soldto"=>$partner->soldto
);
$salesID = json_encode($sales_user, JSON_UNESCAPED_UNICODE);
//CHECK IF PARTNER-ID IS EMPTY THEN CHECK IF EXIST OR CREATE
if (isset($post_content['soldto']) && $post_content['soldto'] ==''){
//PARTNER ID IS EMPTY => SEARCH IF EXIST
$stmt = $pdo->prepare('SELECT * FROM partner WHERE partnername = ? AND partnertype = ?');
$stmt->execute([$post_content['accountdetails']['billcompany'],$partnertype2]);
$partner_exist = $stmt->fetch();
if($partner_exist){
//PARTNER EXIST -> USE IT
$post_content['soldto'] = $partner_exist['partnerID'].'-'.$partner_exist['partnername'];
}
else{
//PARTNER DOES NOT EXIST -> CREATE IT
//INSERT NEW PARTNER
$sql = 'INSERT INTO partner (partnertype, partnername, partnernotes, salesID, createdby) VALUES (?,?,?,?,?)';
$stmt = $pdo->prepare($sql);
$stmt->execute([$partnertype2,$post_content['accountdetails']['billcompany'],'created from account',$salesID,$username]);
$rowID = $pdo->lastInsertId();
$post_content['soldto'] = $rowID.'-'.$post_content['accountdetails']['billcompany'];
}
}
//CHECK IF PARTNER-ID IS NOT EMPTY THEN USE IT
$account = array(
"salesid"=>$post_content['salesid'],
"soldto"=>$post_content['soldto']
);
//CHECK IF COMMUNICATION USER EXIST FOR THIS PARTNER
if (isset($post_content['accountdetails']['billemail']) && $post_content['accountdetails']['billemail'] !=''){
//Check if communication record exist
$rowID = getrowID($dbname,'rowID','communication','partnerID ="'.$post_content['soldto'].'" and email = "'.$post_content['accountdetails']['billemail'].'"');
if ($rowID){
//communication record exist
}
else
{
//communication record does not exist ->create
$sql = 'INSERT INTO communication (status,partnerID,email,type_1,type_2,type_3,createdby,salesID,coms_type) VALUES (?,?,?,?,?,?,?,?,?)';
$stmt = $pdo2->prepare($sql);
$stmt->execute(['1',$post_content['soldto'],$post_content['accountdetails']['billemail'],'1','1','1',$username,$salesID,'1']);
}
}
}
//Create JSONs
$accounthierarchy = json_encode($account, JSON_UNESCAPED_UNICODE);
$accountdetails = json_encode($post_content['accountdetails'], JSON_UNESCAPED_UNICODE);
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update' && !isset($post_content['delete'])){
$post_content['rowID'] = $id;
$post_content['accounthierarchy'] = $accounthierarchy;
$post_content['accountdetails'] = $accountdetails;
}
elseif ($command == 'insert' && !isset($post_content['delete'])){
$post_content['created'] = $date;
$post_content['createdby'] = $username;
$post_content['accounthierarchy'] = $accounthierarchy;
$post_content['accountdetails'] = $accountdetails;
}
else {
//do nothing
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'delete' || $key == 'rowID'|| $key == 'id' || str_contains($key, 'old_')|| $key == 'salesid' || $key == 'soldto'|| $key == 'accountID'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && !isset($post_content['delete']) && isAllowed('account',$profile,$permission,'U') === 1){
$sql = 'UPDATE account SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && !isset($post_content['delete']) && isAllowed('account',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO account ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('account',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE FROM account WHERE rowID = ? '.$whereclause.'');
$stmt->execute([ $id ]);
//Add deletion to changelog
changelog($dbname,'accounts',$id,'Delete','Delete',$username);
} else
{
//do nothing
}
?>

10
api/v2/post/equipments.php
View File

@@ -54,11 +54,11 @@ if ($id != ''){
$equipment_old = json_decode($equipment_data['accounthierarchy']);
$salesid_new = (($post_content['salesid'] != '' && $post_content['salesid'] != $equipment_old->salesid)? $post_content['salesid'] : $equipment_old->salesid);
$soldto_new = (($post_content['soldto'] != '' && $post_content['soldto'] != $equipment_old->soldto)? $post_content['soldto'] : $equipment_old->soldto);
$shipto_new = (($post_content['shipto'] != '' && $post_content['shipto'] != $equipment_old->shipto)? $post_content['shipto'] : $equipment_old->shipto);
$location_new = (($post_content['location'] != '' && $post_content['location'] != $equipment_old->location)? $post_content['location'] : $equipment_old->location);
$section_new = (($post_content['section'] != '' && $post_content['section'] != $equipment_old->section)? $post_content['section'] : $equipment_old->section);
$salesid_new = ((isset($post_content['salesid']) && $post_content['salesid'] != '' && $post_content['salesid'] != $equipment_old->salesid)? $post_content['salesid'] : $equipment_old->salesid);
$soldto_new = ((isset($post_content['soldto']) &&$post_content['soldto'] != '' && $post_content['soldto'] != $equipment_old->soldto)? $post_content['soldto'] : $equipment_old->soldto);
$shipto_new = ((isset($post_content['shipto']) &&$post_content['shipto'] != '' && $post_content['shipto'] != $equipment_old->shipto)? $post_content['shipto'] : $equipment_old->shipto);
$location_new = ((isset($post_content['location']) &&$post_content['location'] != '' && $post_content['location'] != $equipment_old->location)? $post_content['location'] : $equipment_old->location);
$section_new = ((isset($post_content['section']) &&$post_content['section'] != '' && $post_content['section'] != $equipment_old->section)? $post_content['section'] : $equipment_old->section);
$owner_equipment = (($equipment_data['createdby'] == $username)? 1 : 0);

6
contract.php
View File

@@ -31,6 +31,7 @@ $update_allowed = isAllowed($page ,$_SESSION['profile'],$_SESSION['permission'],
$update_allowed_edit = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'U');
$delete_allowed = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'D');
$create_allowed = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'C');
$view_equipment = isAllowed('equipment' ,$_SESSION['profile'],$_SESSION['permission'],'R');
//GET Details from URL
$GET_VALUES = urlGETdetails($_GET) ?? '';
@@ -304,7 +305,7 @@ $view .= '<div class="content-block">
<tbody>';
//Check for assigned tools
foreach ($servicetools as $tools){
$view .= '<tr><td>'.$tools.'</td><tr>';
$view .= '<tr><td>'.(($view_equipment == 1)? '<a href="index.php?page=equipment&serialnumber='.$tools.'" class="btn2">'.$tools.'</a>':$tools).'</td><tr>';
}
$view .= '
</tbody>
@@ -322,7 +323,8 @@ $view .= '<div class="content-block">
<tbody>';
//Check for ignore list
foreach ($ignore_lists as $list){
$view .= '<tr><td>'.$list.'</td><tr>';
$view .= '<tr><td>'.(($view_equipment == 1)? '<a href="index.php?page=equipment&serialnumber='.$list.'" style="text-decoration:none;color: inherit;">'.$list.'</a>':$list).'</td><tr>';
}
$view .= '
</tbody>

15
equipment.php
View File

@@ -26,6 +26,7 @@ $delete_allowed = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permis
$create_allowed = isAllowed($page_manage ,$_SESSION['profile'],$_SESSION['permission'],'C');
$view_product = isAllowed('product' ,$_SESSION['profile'],$_SESSION['permission'],'R');
$view_history = isAllowed('history' ,$_SESSION['profile'],$_SESSION['permission'],'C');
$view_contracts = isAllowed('contracts' ,$_SESSION['profile'],$_SESSION['permission'],'R');
//GET Details from URL
$GET_VALUES = urlGETdetails($_GET) ?? '';
@@ -38,14 +39,14 @@ if (!empty($responses)){$responses = decode_payload($responses);}else{$responses
$responses = $responses[0];
//CALL TO API FOR History
$api_url = '/v1/equipments/equipmentID='.$_GET['equipmentID'].'&type=ServiceReport&history=1';
$api_url = '/v1/equipments/equipmentID='.$responses->equipmentID.'&type=ServiceReport&history=1';
$history = ioServer($api_url,'');
//Decode Payload
if (!empty($history)){$history = decode_payload($history);}else{$history = null;}
//CALL TO API FOR EQUIPMENT DATA
$api_url = '/v1/equipment_data/equipmentid='.$_GET['equipmentID'];
$api_url = '/v1/equipment_data/equipmentid='.$responses->equipmentID;
$equipment_data = ioServer($api_url,'');
//Decode Payload
@@ -110,7 +111,7 @@ if (isset($_GET['success_msg'])) {
template_header('Asset', 'asset', 'view');
$view = '
<div class="content-title responsive-flex-wrap responsive-pad-bot-3">
<h2 class="responsive-width-100">'.$view_asset_h2.' - '.$_GET['equipmentID'].'</h2>
<h2 class="responsive-width-100">'.$view_asset_h2.' - '.$responses->equipmentID.'</h2>
<a href="index.php?page='.$_SESSION['origin'].'&p='.$_SESSION['p'].$_SESSION['status'].$_SESSION['sort'].$_SESSION['search'].$_SESSION['firmware'].$_SESSION['servicedate'].$_SESSION['warrantydate'].$_SESSION['partnerid'].'" class="btn alt mar-right-2">'.$button_cancel.'</a>
';
@@ -122,7 +123,7 @@ $equipment_owner = (($responses->createdby == $_SESSION['username'])? 1 : 0);
//
//------------------------------------
if ($update_allowed_edit === 1 || $equipment_owner === 1){
$view .= '<a href="index.php?page=equipment_manage&equipmentID='.$_GET['equipmentID'].'" class="btn">Edit</a>';
$view .= '<a href="index.php?page=equipment_manage&equipmentID='.$responses->equipmentID.'" class="btn">Edit</a>';
}
$view .= '</div>';
@@ -325,7 +326,7 @@ if ($update_allowed === 1){
</div>
<form action="" method="post">
<textarea id="description" name="description" placeholder="'.$view_asset_notes.'" style="width: 100%;height: 150px;" onchange="this.form.submit();"></textarea>
<input type="hidden" name="equipmentid" value="'.$_GET['equipmentID'].'">
<input type="hidden" name="equipmentid" value="'.$responses->equipmentID.'">
<input type="hidden" name="type" value="'.$type16.'">
</form>
</div>
@@ -353,14 +354,14 @@ $view .= '<div class="content-block">
<div class="block-header">
<i class="fa-solid fa-bars fa-sm"></i>'.$view_asset_actions.'
</div>
<a href="index.php?page=history&equipmentID='.$_GET['equipmentID'].'" class="btn">'.$button_history.'</a>
<a href="index.php?page=history&equipmentID='.$responses->equipmentID.'" class="btn">'.$button_history.'</a>
'.$view_communication.'
'.$view_users.'
';
if ($update_allowed === 1){
$view .='<a href="index.php?page=firmwaretool&equipmentID='.$_GET['equipmentID'].'" class="btn">'.$button_firmware.'</a>';
$view .='<a href="index.php?page=firmwaretool&equipmentID='.$responses->equipmentID.'" class="btn">'.$button_firmware.'</a>';
}
$view .='</div>';