CMXX - Dealers

2025-04-13 17:16:12 +02:00
parent cb18443af9
commit c3e5873912
25 changed files with 2630 additions and 100 deletions
--- a/api/v2/get/dealers.php
+++ b/api/v2/get/dealers.php
@@ -12,7 +12,7 @@ $pdo = dbConnect($dbname);
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

 //default whereclause
-list($whereclause,$condition) = getWhereclauselvl2("",$permission,$partner,'get');
+list($whereclause,$condition) = getWhereclauselvl2("dealers",$permission,$partner,'get');

 //NEW ARRAY
 $criterias = [];   
@@ -33,7 +33,10 @@ if(isset($get_content) && $get_content!=''){
        }  
        elseif ($v[0] == 'search') {
        //build up search
-        $clause .= ' AND name like :'.$v[0]; 
+        $clause .= ' AND d.name like :'.$v[0]; 
+        }
+        elseif ($v[0] == 'id') {//create clause
+            $clause .= ' AND d.rowID = :'.$v[0];
        }
        else {//create clause
            $clause .= ' AND d.'.$v[0].' = :'.$v[0];
@@ -51,9 +54,12 @@ if(isset($criterias['totals']) && $criterias['totals'] ==''){
 //Request for total rows
    $sql = 'SELECT count(*) as count FROM dealers '.$whereclause.'';
 } 
+elseif (isset($criterias['list']) && $criterias['list'] ==''){
+    $sql = 'SELECT d.* FROM dealers d '.$whereclause;
+}
 else {
    //SQL for Paging 
-    $sql = 'SELECT * FROM dealers '.$whereclause.' LIMIT :page,:num_products';
+    $sql = 'SELECT d.*, m.full_path FROM dealers d LEFT JOIN media m ON d.dealer_media = m.rowID '.$whereclause.' LIMIT :page,:num_products';
 }
 $stmt = $pdo->prepare($sql);

@@ -69,7 +75,12 @@ if (!empty($criterias)){
            if ($key == 'search'){
                $search_value = '%'.$value.'%';
                $stmt->bindValue($key, $search_value, PDO::PARAM_STR);
-            } 
+            }
+            elseif($key == 'rowid' || $key == 'id' ){
+                //decode UUID to ID
+                $decoded_value = decodeUuid($value);
+                $stmt->bindValue($key, $decoded_value, PDO::PARAM_STR);
+            }
            else {
                $stmt->bindValue($key, $value, PDO::PARAM_STR);
            }
@@ -82,7 +93,13 @@ if(isset($criterias['totals']) && $criterias['totals']==''){
    $stmt->execute();
    $messages = $stmt->fetch();
    $messages = $messages[0];
-} 
+}
+elseif (isset($criterias['list']) && $criterias['list']==''){
+    //Excute Query
+    $stmt->execute();
+    //Get results
+    $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+}
 else {
    $current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
    $stmt->bindValue('page', ($current_page - 1) * $page_rows_dealers, PDO::PARAM_INT);
--- a/api/v2/get/dealers_media.php
+++ b/api/v2/get/dealers_media.php
@@ -0,0 +1,125 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// dealers
+//------------------------------------------
+
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+$whereclause = '';
+
+//NEW ARRAY
+$criterias = [];   
+$clause = '';
+
+//Check for $_GET variables and build up clause
+if(isset($get_content) && $get_content!=''){    
+    //GET VARIABLES FROM URL
+    $requests = explode("&", $get_content);     
+    //Check for keys and values
+    foreach ($requests as $y){
+        $v = explode("=", $y);
+        //INCLUDE VARIABLES IN ARRAY
+        $criterias[$v[0]] = $v[1]; 
+    
+        if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list' || $v[0] =='history'|| $v[0] =='success_msg'){
+        //do nothing
+        } 
+        else {//create clause
+        $clause .= ' AND '.$v[0].' = :'.$v[0];
+        }
+    }
+    if ($whereclause == '' && $clause !=''){
+        $whereclause = 'WHERE '.substr($clause, 4);
+    } else {
+        $whereclause .= $clause;
+    }
+} 
+
+//ENSURE PRODUCTROWID IS SEND
+if (isset($criterias['dealer_id']) && $criterias['dealer_id'] != ''){
+
+    //CHECK IF ALLOWED TO CRUD VERSIONS
+    $sql = "SELECT * FROM dealers WHERE rowID = ? '.$whereclause.'";
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute([decodeUuid($criterias['dealer_id'])]);
+    $dealer_data = $stmt->fetch();
+    $dealer_owner = ($dealer_data['rowID'])? 1 : 0;
+    
+    //IF PRODUCT IS OWNED THEN CRUD is ALLOWED
+    if ($dealer_owner === 1 ){
+
+        //Define Query
+        if(isset($criterias['totals']) && $criterias['totals'] ==''){
+        //Request for total rows
+            $sql = 'SELECT count(*) as count FROM dealers_media '.$whereclause.'';
+        } 
+        elseif (isset($criterias['list']) && $criterias['list'] =='') {
+            //SQL for Paging 
+            $sql = 'SELECT * FROM dealers_media '.$whereclause.'';
+        }
+        else {
+            //SQL for Paging 
+            $sql = 'SELECT p_m.*, m.full_path FROM dealers_media p_m LEFT JOIN media m ON p_m.media_id = m.rowID '.$whereclause.'';
+        }
+
+        $stmt = $pdo->prepare($sql);
+
+        //Bind to query
+        if (str_contains($whereclause, ':condition')){
+            $stmt->bindValue('condition', $condition, PDO::PARAM_STR);
+        }
+
+        if (!empty($criterias)){
+            foreach ($criterias as $key => $value){
+                $key_condition = ':'.$key;
+                if (str_contains($whereclause, $key_condition)){
+                    if ($key == 'search'){
+                        $search_value = '%'.$value.'%';
+                        $stmt->bindValue($key, $search_value, PDO::PARAM_STR);
+                    }
+                    else {
+                        $stmt->bindValue($key, $value, PDO::PARAM_STR);
+                    }
+                }
+            }
+        }
+
+        //Add paging details
+        if(isset($criterias['totals']) && $criterias['totals']==''){
+            $stmt->execute();
+            $messages = $stmt->fetch();
+            $messages = $messages[0];
+        }
+        elseif(isset($criterias['list']) && $criterias['list']==''){
+            //Excute Query
+            $stmt->execute();
+            //Get results
+            $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+        }
+        else {
+            //$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
+            //$stmt->bindValue('page', ($current_page - 1) * $page_rows_dealers, PDO::PARAM_INT);
+            //$stmt->bindValue('num_dealers', $page_rows_dealers, PDO::PARAM_INT);
+
+            //Excute Query
+            $stmt->execute();
+            //Get results
+            $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+        }
+        //------------------------------------------
+        //JSON_ENCODE
+        //------------------------------------------
+        $messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
+
+        //Send results
+        echo $messages;
+    }
+}
+?>
--- a/api/v2/post/dealers.php
+++ b/api/v2/post/dealers.php
@@ -10,78 +10,394 @@ $pdo = dbConnect($dbname);
 //CONTENT FROM API (POST)
 $post_content = json_decode($input,true);

-//SoldTo is empty
-if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}

-//default whereclause
-list($whereclause,$condition) = getWhereclause('',$permission,$partner,'');
+//CHECK IF REQUEST IS FROM DEALERFINDER 
+if(isset($post_content['bounds'])){
+    //++++++++++++++++++++++
+    //Process DEALERFINDER PROCES
+    //++++++++++++++++++++++

+    //------------------------------------------
+    //NEW ARRAY
+    //------------------------------------------
+    $whereclause = '';
+    $criterias = [];   
+    $clause = '';

-//BUILD UP PARTNERHIERARCHY FROM USER
-$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
+    //------------------------------------------
+    //GET THE POST CONTENT
+    //------------------------------------------
+    if(isset($post_content) && $post_content !=''){

-$id = $post_content['rowID'] ?? ''; //check for rowID
-$command = ($id == '')? 'insert' : 'update';  //IF rowID = empty then INSERT
-if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
+        //------------------------------------------
+        //RUN THROUGH POST CONTENT
+        //------------------------------------------
+        foreach($post_content as $criteria => $value){

-//CREATE EMPTY STRINGS
-$clause = '';
-$clause_insert ='';
-$input_insert = '';
+            //HANDLE MAP BOUNDS
+            if ($criteria == 'bounds'){
+                //GET THE INPUT
+                $northEastLat = (float)$value['_northEast']['lat'];
+                $northEastLng = (float)$value['_northEast']['lng'];
+                $southWestLat = (float)$value['_southWest']['lat'];
+                $southWestLng = (float)$value['_southWest']['lng'];
+    
+                // Handle the case where the map crosses the 180/-180 longitude line
+                if ($southWestLng > $northEastLng) {
+                    $clause .= " AND (d.lng >= :lng_sw OR d.lng <= :lng_ne)";
+                    $criterias['lng_sw'] = $southWestLng;
+                    $criterias['lng_ne'] = $northEastLng;

+                } else {
+                    $clause .= " AND d.lng >= :lng_sw AND d.lng <= :lng_ne";
+                    $criterias['lng_sw'] = $southWestLng;
+                    $criterias['lng_ne'] = $northEastLng;
+                }
+                
+                // Latitude is simpler as it doesn't wrap around
+                $clause .= " AND d.lat >= :lat_sw AND d.lat <= :lat_ne";
+                $criterias['lat_sw'] = $southWestLat;
+                $criterias['lat_ne'] = $northEastLat;            
+            }
+            
+        }   

-if ($command == 'update'){
-    $post_content['updatedby'] = $username ;
-}
-if ($command == 'insert'){
-    $post_content['createdby'] = $username;
-    $post_content['accounthierarchy'] = $partner_product;
-}
-
-//CREAT NEW ARRAY AND MAP TO CLAUSE
-if(isset($post_content) && $post_content!=''){   
-    foreach ($post_content as $key => $var){
-        if ($key == 'submit' || $key == 'rowID'){
-            //do nothing
+        //UPDATE THE WHERECLAUSE DEPENDING ON ORIGINAL WHERECLAUSE
+        if ($whereclause == '' && $clause !=''){
+            $whereclause = 'WHERE '.substr($clause, 4);
+        } else {
+            $whereclause .= $clause;
        }
-        else {
-            $criterias[$key] = $var;
-            $clause .= ' , '.$key.' = ?';
-            $clause_insert .= ' , '.$key.'';
-            $input_insert .= ', ?'; // ? for each insert item
-            $execute_input[]= $var; // Build array for input
+
+    }
+
+    //------------------------------------------
+    // SQL
+    //------------------------------------------
+    $sql = 'SELECT d.*, m.full_path FROM dealers d LEFT JOIN media m ON d.dealer_media = m.rowID '.$whereclause;
+
+    //PREPARE QUERY
+    $stmt = $pdo->prepare($sql);
+
+    //------------------------------------------
+    // BIND CRITERIAS TO SQL
+    //------------------------------------------
+    if (!empty($criterias)){
+        foreach ($criterias as $key => $value){
+            $key_condition = ':'.$key;
+            if (str_contains($whereclause, $key_condition)){
+                if ($key == 'search'){
+                    $search_value = '%'.$value.'%';
+                    $stmt->bindValue($key, $search_value, PDO::PARAM_STR);
+                }
+                elseif ($key == 'p'){
+                    //Do nothing (bug)
+                }
+                else {
+                    $stmt->bindValue($key, $value, PDO::PARAM_STR);
+                }
+            }
        }
    }
+
+    //------------------------------------------
+    // EXECUTE QUERY
+    //------------------------------------------
+    $stmt->execute();
+
+    //Get results
+    $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+    //------------------------------------------
+    //CHANGE ROWID INTO UUID
+    //------------------------------------------
+    function updateRowID($row) {
+        $row['rowID'] = encodeUuid($row['rowID']);
+        return $row;
+    }
+    
+    $updatedData = array_map('updateRowID', $messages);
+    //------------------------------------------
+    //JSON_ENCODE
+    //------------------------------------------
+    $messages = [
+        "results" => $updatedData,
+        "total" => count($updatedData)
+    ];
+
+    $messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
+    //------------------------------------------
+    //Send results
+    //------------------------------------------
+    echo $messages; 
+
+} 
+elseif(isset($post_content['dealerfinder'])){
+    //++++++++++++++++++++++
+    //DEALER FINDER
+    //++++++++++++++++++++++
+
+    //remove dealerfinder from post_content
+    unset($post_content['dealerfinder']);
+
+    //GET GEOLOCATION
+    if ($post_content['range'] && $post_content['lat']!='0' && $post_content['lng']!='0'){
+        //INPUT GEOLOCATION USER
+        $lat = $post_content['lat'];
+        $lng = $post_content['lng'];
+
+        //BUILD GEO-QUERY
+        $geo_search_1 = 'ROUND((6371 * acos(cos(radians('.$lat.')) * cos(radians(d.lat)) * cos(radians(d.lng) - radians('.$lng.')) + sin(radians('.$lat.')) * sin(radians(d.lat)))), (2)) AS distance';
+        $geo_search_2 = 'HAVING distance < '.$post_content['range']; 
+    
+        //Build SQL FOR GEO SEARCH
+        $sql = 'select d.*,  m.full_path, '.$geo_search_1.' FROM dealers d LEFT JOIN media m ON d.dealer_media = m.rowID '.$geo_search_2.' ORDER BY d.rating_overall  ';
+    } 
+    else {
+        //Use standard
+        $sql = 'select d.*, m.full_path FROM dealers d LEFT JOIN media m ON d.dealer_media = m.rowID ORDER BY d.rating_overall ';
+    }
+   
+    //CHECK ALL THE POSTED ITEMS
+    foreach ($post_content as $key => $value){
+        //GET FILTER CRITERIA
+        if ($key !='submit'  && $key !='city' && $key !='range' && $key !='lat' && $key !='lng' && $value !='C'){
+            
+            //TRANSLATE RESPONSE TO DATABASE VALUES
+            switch ($key) {
+                case $field_question_1: //rating overall     
+                //check value returned and include SQL
+                switch ($value) {
+                    case '1':
+                    $sql .= 'case when d.'.$key.' = 8 then 1 else 0 end +';
+                    break;
+                    
+                    case '0':
+                    $sql .= 'case when (d.'.$key.' > 6.5 && d.d.'.$key.' < 8 ) then 1 else 0 end +';   
+                    break;
+                }
+                //------------------------------------
+                break;
+            
+                case $field_question_2: //locations
+                
+                //check value returned and include SQL
+                switch ($value) {
+                    case '1':
+                    $sql .= 'case when d.'.$key.' = 1 then 1 else 0 end +';
+                    break;
+                    
+                    case '0':
+                    $sql .= 'case when d.'.$key.' = 0 then 1 else 0 end +';   
+                    break;
+                }
+                //------------------------------------
+                break;
+
+                case $field_question_3: //brand_type
+                
+                //check value returned and include SQL
+                switch ($value) {
+                    case '1':
+                    $sql .= 'case when d.'.$key.' = 1 then 1 else 0 end +';
+                    break;
+                    
+                    case '0':
+                    $sql .= 'case when d.'.$key.' = 0 then 1 else 0 end +';   
+                    break;
+                }
+                //------------------------------------
+                break;
+
+                case $field_question_4: //showroom size
+                
+                //check value returned and include SQL
+                switch ($value) {
+                    case '1':
+                    $sql .= 'case when d.'.$key.' = 1 then 1 else 0 end +';
+                    break;
+                    
+                    case '0':
+                    $sql .= 'case when d.'.$key.' = 0 then 1 else 0 end +';   
+                    break;
+
+                    case 'C':
+                    $sql .= 'case when d.'.$key.' = 2 then 1 else 0 end +';   
+                    break;
+                }
+                //------------------------------------
+                break;
+                case $field_question_5: //garden_center
+                
+                //check value returned and include SQL
+                switch ($value) {
+                    case '1':
+                    $sql .= 'case when d.'.$key.' = 1 then 1 else 0 end +';
+                    break;
+                    
+                    case '0':
+                    $sql .= 'case when d.'.$key.' = 0 then 1 else 0 end +';   
+                    break;
+                }
+                //------------------------------------
+                break;
+
+                case $field_question_6: // focus offering
+                
+                //check value returned and include SQL
+                switch ($value) {
+                    case '1':
+                    $sql .= 'case when d.'.$key.' = 1 then 1 else 0 end +';
+                    break;
+                    
+                    case '0':
+                    $sql .= 'case when d.'.$key.' = 0 then 1 else 0 end +';   
+                    break;
+                }
+                //------------------------------------
+                break;
+            }          
+        }
+    }
+
+    
+    //REPLACE LAST + with DESC
+    $sql = substr($sql, 0, -1).' desc limit 0,4';
+    //Prepare statement
+    $stmt = $pdo->prepare($sql);
+    //Excute Query
+    $stmt->execute();    
+    //Get results
+    $messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
+    
+    //------------------------------------------
+    //CHANGE ROWID INTO UUID
+    //------------------------------------------
+    function updateRowID($row) {
+        $row['rowID'] = encodeUuid($row['rowID']);
+        return $row;
+    }
+
+    $updatedData = array_map('updateRowID', $messages);
+    $messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
+    //------------------------------------------
+    //Send results
+    //------------------------------------------
+    echo $messages; 
+
+}
+else 
+{
+    //++++++++++++++++++++++
+    //STANDAARD PROCESS
+    //++++++++++++++++++++++
+
+    //SoldTo is empty
+    if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+    //default whereclause
+    list($whereclause,$condition) = getWhereclause('',$permission,$partner,'');
+
+
+    //BUILD UP PARTNERHIERARCHY FROM USER
+    $partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
+
+    $id = $post_content['rowID'] ? decodeUuid($post_content['rowID']):''; //check for rowID
+    $command = ($id == '')? 'insert' : 'update';  //IF rowID = empty then INSERT
+    if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
+
+    //CREATE EMPTY STRINGS
+    $clause = '';
+    $clause_insert ='';
+    $input_insert = '';
+
+
+    if (isset($post_content['opening_hours'])){
+        $post_content['opening_hours'] = json_encode($post_content['opening_hours'], JSON_UNESCAPED_UNICODE);
+    }
+
+    if ($command == 'update'){
+        $post_content['updatedby'] = $username ;
+    }
+    if ($command == 'insert'){
+
+        //Generate content for missing data
+        $keysToCheck = ['short_description', 'long_description', 'usp1', 'usp2', 'usp3'];
+    
+        foreach ($keysToCheck as $key) {
+
+            $gc = ($post_content['garden_center'] == 0 ? false : true);
+            $ml = ($post_content['locations'] == 0 ? false : true);
+
+            //GENERATE DATA
+            $generated_content = generateSpaCompanyContent(
+                $post_content['name'],    // Company name
+                $post_content['city'],           // City
+                $gc,                // Garden center (yes/no)
+                ${'brand_type_'.$post_content['brand_type']},       // Brand type
+                ${'showroom_size_'.$post_content['showroom_size']},              // Showroom size
+                ${'focus_offering_'.$post_content['focus_offering']},  // Offering
+                ${'dealer_type_'.$post_content['dealer_type']},              // Dealer type
+                $ml                 // Multiple locations
+            );
+
+            if (isset($post_content[$key]) && (empty($post_content[$key]) || $post_content[$key] == '')) {
+                $post_content[$key] = $generated_content[$key]; 
+            }
+        }
+        $post_content['createdby'] = $username;
+        $post_content['accounthierarchy'] = $partner_product;
+    }
+
+    //CREAT NEW ARRAY AND MAP TO CLAUSE
+    if(isset($post_content) && $post_content!=''){   
+        foreach ($post_content as $key => $var){
+            if ($key == 'submit' || $key == 'rowID'){
+                //do nothing
+            }
+            else {
+                $criterias[$key] = $var;
+                $clause .= ' , '.$key.' = ?';
+                $clause_insert .= ' , '.$key.'';
+                $input_insert .= ', ?'; // ? for each insert item
+                $execute_input[]= $var; // Build array for input
+            }
+        }
+    }
+
+    //CLEAN UP INPUT
+    $clause = substr($clause, 2); //Clean clause - remove first comma
+    $clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
+    $input_insert = substr($input_insert, 1); //Clean clause - remove first comma
+
+    //QUERY AND VERIFY ALLOWED
+    if ($command == 'update' && isAllowed('dealers',$profile,$permission,'U') === 1){
+        $sql = 'UPDATE dealers SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
+        $execute_input[] = $id;
+        $stmt = $pdo->prepare($sql);
+    
+        if ($stmt->execute($execute_input)) {
+            echo json_encode(array('rowID'=> $id, 'status' => 'updated'));
+        }
+    } 
+    elseif ($command == 'insert' && isAllowed('dealers',$profile,$permission,'C') === 1){
+        $sql = 'INSERT INTO dealers ('.$clause_insert.') VALUES ('.$input_insert.')';
+        $stmt = $pdo->prepare($sql);
+        $stmt->execute($execute_input);
+        // Return ID            
+        echo json_encode(array('rowID'=> $pdo->lastInsertId(), 'status' => 'created'));
+    }
+    elseif ($command == 'delete' && isAllowed('dealers',$profile,$permission,'D') === 1){
+        $sql = 'DELETE FROM dealers WHERE rowID = ? '.$whereclause;
+        $stmt = $pdo->prepare($sql);
+        $stmt->execute([$id]); 
+
+        //Add deletion to changelog
+        changelog($dbname,'dealers',$id,'Delete','Delete',$username);
+    } else
+    {
+        //do nothing
+    }
 }

-//CLEAN UP INPUT
-$clause = substr($clause, 2); //Clean clause - remove first comma
-$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
-$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
-
-//QUERY AND VERIFY ALLOWED
-if ($command == 'update' && isAllowed('dealers',$profile,$permission,'U') === 1){
-    $sql = 'UPDATE dealers SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
-    $execute_input[] = $id;
-    $stmt = $pdo->prepare($sql);
-    $stmt->execute($execute_input);
-} 
-elseif ($command == 'insert' && isAllowed('dealers',$profile,$permission,'C') === 1){
-    $sql = 'INSERT INTO dealers ('.$clause_insert.') VALUES ('.$input_insert.')';
-    $stmt = $pdo->prepare($sql);
-    $stmt->execute($execute_input);
-}
-elseif ($command == 'delete' && isAllowed('dealers',$profile,$permission,'D') === 1){
-    $sql = 'DELETE FROM dealers WHERE rowID = ? '.$whereclause;
-    $stmt = $pdo->prepare($sql);
-    $stmt->execute([$id]); 
-
-    //Add deletion to changelog
-    changelog($dbname,'dealers',$id,'Delete','Delete',$username);
-} else
-{
-    //do nothing
-}
-
-
 ?>
--- a/api/v2/post/dealers_media.php
+++ b/api/v2/post/dealers_media.php
@@ -0,0 +1,96 @@
+<?php
+defined($security_key) or exit;
+
+//------------------------------------------
+// dealers
+//------------------------------------------
+//Connect to DB
+$pdo = dbConnect($dbname);
+
+//CONTENT FROM API (POST)
+$post_content = json_decode($input,true);
+
+//SoldTo is empty
+if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+
+//default whereclause
+$whereclause = '';
+
+//ENSURE PRODUCTROWID IS SEND
+if (isset($post_content['dealer_id'])){
+
+    //change UUID to ROWID
+    $post_content['dealer_id'] = decodeUuid($post_content['dealer_id']);
+    
+    //CHECK IF ALLOWED TO CRUD VERSIONS
+    $sql = "SELECT * FROM dealers WHERE rowID = ? '.$whereclause.'";
+    $stmt = $pdo->prepare($sql);
+    $stmt->execute([$post_content['dealer_id']]);
+    $dealer_data = $stmt->fetch();
+    $dealer_owner = ($dealer_data['rowID'])? 1 : 0;
+    
+    //IF PRODUCT IS OWNED THEN CRUD is ALLOWED
+    if ($dealer_owner === 1 ){
+        //SET PARAMETERS FOR QUERY
+        $id = $post_content['rowID'] ?? ''; //check for rowID
+        $command = ($id == '')? 'insert' : 'update';  //IF rowID = empty then INSERT
+        if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
+
+        //CREATE EMPTY STRINGS
+        $clause = '';
+        $clause_insert ='';
+        $input_insert = '';
+
+        if ($command == 'insert'){
+            $post_content['createdby'] = $username;
+        }
+        if ($command == 'update'){
+            $post_content['updatedby'] = $username;
+        }
+        
+        //CREATE NEW ARRAY AND MAP TO CLAUSE
+        if(isset($post_content) && $post_content!=''){   
+            foreach ($post_content as $key => $var){
+                if ($key == 'submit' || $key == 'rowID'){
+                    //do nothing
+                }
+                else {
+                    $criterias[$key] = $var;
+                    $clause .= ' , '.$key.' = ?';
+                    $clause_insert .= ' , '.$key.'';
+                    $input_insert .= ', ?'; // ? for each insert item
+                    $execute_input[]= $var; // Build array for input
+                }
+            }
+        }
+
+        //CLEAN UP INPUT
+        $clause = substr($clause, 2); //Clean clause - remove first comma
+        $clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
+        $input_insert = substr($input_insert, 1); //Clean clause - remove first comma
+
+        //QUERY AND VERIFY ALLOWED
+        if ($command == 'update' && isAllowed('dealers_media',$profile,$permission,'U') === 1){
+            $sql = 'UPDATE dealers_media SET '.$clause.' WHERE rowID = ? ';
+            $execute_input[] = $id;
+            $stmt = $pdo->prepare($sql);
+            $stmt->execute($execute_input);
+        } 
+        elseif ($command == 'insert' && isAllowed('dealers_media',$profile,$permission,'C') === 1){
+            $sql = 'INSERT INTO dealers_media ('.$clause_insert.') VALUES ('.$input_insert.')';
+            $stmt = $pdo->prepare($sql);
+            $stmt->execute($execute_input);
+        }
+        elseif ($command == 'delete' && isAllowed('dealers_media',$profile,$permission,'D') === 1){
+            $stmt = $pdo->prepare('DELETE FROM dealers_media WHERE rowID = ? ');
+            $stmt->execute([ $id ]); 
+
+            //Add deletion to changelog
+            changelog($dbname,'dealers_media',$id,'Delete','Delete',$username);
+        } else
+        {
+            //do nothing
+        }
+    }
+}
+?>