From df51ba8e58af391efbe1df684476042369f4e85d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E2=80=9CVeLiTi=E2=80=9D?= <“info@veliti.nl”>
Date: Mon, 15 Apr 2024 15:21:23 +0200
Subject: [PATCH] Database merge

---
 api/v0/authorization.php        |  2 +-
 api/v0/get/authorization.php    |  2 +-
 api/v0/get/user_credentials.php |  2 +-
 api/v1/authorization.php        |  2 +-
 api/v1/get/accounts.php         |  2 +-
 api/v1/get/authorization.php    |  2 +-
 api/v1/get/partners.php         |  2 +-
 api/v1/get/profile.php          |  2 +-
 api/v1/get/user_credentials.php |  2 +-
 api/v1/get/users.php            |  2 +-
 api/v1/post/accounts.php        |  2 +-
 api/v1/post/application.php     | 10 +++----
 api/v1/post/partners.php        |  2 +-
 api/v1/post/profile.php         |  2 +-
 api/v1/post/users.php           |  2 +-
 assets/functions.php            | 51 ++++++++++++++++++++++++++++++++-
 contract.php                    | 11 ++++---
 17 files changed, 76 insertions(+), 24 deletions(-)

diff --git a/api/v0/authorization.php b/api/v0/authorization.php
index 2144f85..2eb2a17 100644
--- a/api/v0/authorization.php
+++ b/api/v0/authorization.php
@@ -15,7 +15,7 @@ if (!empty($username) && !empty($password)) {
     $username = strip_tags(trim($username));
     $password = strip_tags(trim($password));
 
-    $conn = new mysqli($db,$dbuser,$dbpw,$dbname_users);
+    $conn = new mysqli($db,$dbuser,$dbpw,$dbname);
             if ($conn->connect_error) {
             die("Connection failed: " . $conn->connect_error);
     }
diff --git a/api/v0/get/authorization.php b/api/v0/get/authorization.php
index 2144f85..2eb2a17 100644
--- a/api/v0/get/authorization.php
+++ b/api/v0/get/authorization.php
@@ -15,7 +15,7 @@ if (!empty($username) && !empty($password)) {
     $username = strip_tags(trim($username));
     $password = strip_tags(trim($password));
 
-    $conn = new mysqli($db,$dbuser,$dbpw,$dbname_users);
+    $conn = new mysqli($db,$dbuser,$dbpw,$dbname);
             if ($conn->connect_error) {
             die("Connection failed: " . $conn->connect_error);
     }
diff --git a/api/v0/get/user_credentials.php b/api/v0/get/user_credentials.php
index cdbfac3..6187a5c 100644
--- a/api/v0/get/user_credentials.php
+++ b/api/v0/get/user_credentials.php
@@ -5,7 +5,7 @@ defined($security_key) or exit;
 // Get user_details based on securitykey
 //------------------------------------------
 //Connect to DB
-$pdo = dbConnect($dbname_users);
+$pdo = dbConnect($dbname);
 //Define Query
 $stmt = $pdo->prepare('SELECT * FROM users WHERE service = ? OR userkey = ?');
 //Excute Query
diff --git a/api/v1/authorization.php b/api/v1/authorization.php
index 47dcf7c..7bfd7b2 100644
--- a/api/v1/authorization.php
+++ b/api/v1/authorization.php
@@ -6,7 +6,7 @@ defined($security_key) or exit;
 //------------------------------------------
 $user_credentials = json_decode(decode_payload($input),true);
 //Connect to DB
-$pdo = dbConnect($dbname_users);
+$pdo = dbConnect($dbname);
 $username = $user_credentials['username'] ?? '';
 //Define Query
 $stmt = $pdo->prepare('SELECT id, username, password, salesID, partnerhierarchy, view, service, settings, lastlogin, userkey, language FROM users WHERE username = ?');
diff --git a/api/v1/get/accounts.php b/api/v1/get/accounts.php
index 1bdde11..4024c8f 100644
--- a/api/v1/get/accounts.php
+++ b/api/v1/get/accounts.php
@@ -6,7 +6,7 @@ defined($security_key) or exit;
 //------------------------------------------
 
 //Connect to DB
-$pdo = dbConnect($dbname_users);
+$pdo = dbConnect($dbname);
 
 //SoldTo is empty
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
diff --git a/api/v1/get/authorization.php b/api/v1/get/authorization.php
index 913374e..933746e 100644
--- a/api/v1/get/authorization.php
+++ b/api/v1/get/authorization.php
@@ -6,7 +6,7 @@ defined($security_key) or exit;
 //------------------------------------------
 $user_credentials = json_decode(decode_payload($input),true);
 //Connect to DB
-$pdo = dbConnect($dbname_users);
+$pdo = dbConnect($dbname);
 $username = $user_credentials['username'];
 //Define Query
 $stmt = $pdo->prepare('SELECT id, username, password, salesID, partnerhierarchy, view, service, settings, lastlogin, userkey, language FROM users WHERE username = ?');
diff --git a/api/v1/get/partners.php b/api/v1/get/partners.php
index ab9adaf..a1dfd72 100644
--- a/api/v1/get/partners.php
+++ b/api/v1/get/partners.php
@@ -6,7 +6,7 @@ defined($security_key) or exit;
 //------------------------------------------
 
 //Connect to DB
-$pdo = dbConnect($dbname_users);
+$pdo = dbConnect($dbname);
 
 //SoldTo is empty
 if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
diff --git a/api/v1/get/profile.php b/api/v1/get/profile.php
index 2dad5c9..15e315e 100644
--- a/api/v1/get/profile.php
+++ b/api/v1/get/profile.php
@@ -5,7 +5,7 @@ defined($security_key) or exit;
 // Users
 //------------------------------------------
 //Connect to DB
-$pdo = dbConnect($dbname_users);
+$pdo = dbConnect($dbname);
 //Get user_rights from users.php
 $partner = json_decode($partnerhierarchy);  
 //SoldTo is empty
diff --git a/api/v1/get/user_credentials.php b/api/v1/get/user_credentials.php
index 5e818a9..ad05606 100644
--- a/api/v1/get/user_credentials.php
+++ b/api/v1/get/user_credentials.php
@@ -5,7 +5,7 @@ defined($security_key) or exit;
 // Get user_details based on securitykey
 //------------------------------------------
 //Connect to DB
-$pdo = dbConnect($dbname_users);
+$pdo = dbConnect($dbname);
 //Define Query
 $stmt = $pdo->prepare('SELECT * FROM users WHERE service = ? OR userkey = ?');
 //Excute Query
diff --git a/api/v1/get/users.php b/api/v1/get/users.php
index dd688f6..c779285 100644
--- a/api/v1/get/users.php
+++ b/api/v1/get/users.php
@@ -5,7 +5,7 @@ defined($security_key) or exit;
 // Users
 //------------------------------------------
 //Connect to DB
-$pdo = dbConnect($dbname_users);
+$pdo = dbConnect($dbname);
 //Get user_rights from users.php
 $partner = json_decode($partnerhierarchy);  
 //SoldTo is empty
diff --git a/api/v1/post/accounts.php b/api/v1/post/accounts.php
index 9860388..1665b88 100644
--- a/api/v1/post/accounts.php
+++ b/api/v1/post/accounts.php
@@ -5,7 +5,7 @@ defined($security_key) or exit;
 // Products
 //------------------------------------------
 //Connect to DB
-$pdo = dbConnect($dbname_users);
+$pdo = dbConnect($dbname);
 $pdo2 = dbConnect($dbname);
 //CONTENT FROM API (POST)
 $post_content = json_decode(decode_payload($input),true);
diff --git a/api/v1/post/application.php b/api/v1/post/application.php
index e06b4af..88db30e 100644
--- a/api/v1/post/application.php
+++ b/api/v1/post/application.php
@@ -15,7 +15,7 @@ if ($action !=''){
 //Connect to DB
 //------------------------------------------
 $pdo = dbConnect($dbname);
-$pdo2 = dbConnect($dbname_users);
+$pdo2 = dbConnect($dbname);
 
 //------------------------------------------
 //CONTENT FROM API (POST)
@@ -147,7 +147,7 @@ switch ($action) {
 
                 //Check if shipto is empty and if empty search partner or create
                 if ($partner_equipment->shipto == ''){
-                    $partner_shipto = getrowID($dbname_users,'partnerID','partner','partnername = "'.$partnername.'" && partnertype="'.$partnertype3.'"');
+                    $partner_shipto = getrowID($dbname,'partnerID','partner','partnername = "'.$partnername.'" && partnertype="'.$partnertype3.'"');
                     if ($partner_shipto){
                         //Partner exists - Use it
                         $partnerhierarchy['shipto'] = $partner_shipto['partnerID'].'-'.$partnername;
@@ -167,7 +167,7 @@ switch ($action) {
                 }
                 //Check if location is empty and if empty search partner or create
                 if ($partner_equipment->location == ''){
-                    $partner_location = getrowID($dbname_users,'partnerID','partner','partnername = "'.$partnername.'" && partnertype="'.$partnertype4.'"');
+                    $partner_location = getrowID($dbname,'partnerID','partner','partnername = "'.$partnername.'" && partnertype="'.$partnertype4.'"');
                     if ($partner_location){
                         //Partner exists - Use it
                         $partnerhierarchy['location'] = $partner_location['partnerID'].'-'.$partnername;
@@ -250,7 +250,7 @@ switch ($action) {
 
             //Check if shipto is empty and if empty search partner or create
             if ($partner_equipment->shipto == ''){
-                $partner_shipto = getrowID($dbname_users,'partnerID','partner','partnername = "'.$partnername.'" && partnertype="'.$partnertype3.'"');
+                $partner_shipto = getrowID($dbname,'partnerID','partner','partnername = "'.$partnername.'" && partnertype="'.$partnertype3.'"');
                 if ($partner_shipto){
                     //Partner exists - Use it
                     $partnerhierarchy['shipto'] = $partner_shipto['partnerID'].'-'.$partnername;
@@ -270,7 +270,7 @@ switch ($action) {
             }
             //Check if location is empty and if empty search partner or create
             if ($partner_equipment->location == ''){
-                $partner_location = getrowID($dbname_users,'partnerID','partner','partnername = "'.$partnername.'" && partnertype="'.$partnertype4.'"');
+                $partner_location = getrowID($dbname,'partnerID','partner','partnername = "'.$partnername.'" && partnertype="'.$partnertype4.'"');
                 if ($partner_location){
                     //Partner exists - Use it
                     $partnerhierarchy['location'] = $partner_location['partnerID'].'-'.$partnername;
diff --git a/api/v1/post/partners.php b/api/v1/post/partners.php
index f3e3019..206d697 100644
--- a/api/v1/post/partners.php
+++ b/api/v1/post/partners.php
@@ -5,7 +5,7 @@ defined($security_key) or exit;
 // Products
 //------------------------------------------
 //Connect to DB
-$pdo = dbConnect($dbname_users);
+$pdo = dbConnect($dbname);
 
 //CONTENT FROM API (POST)
 $post_content = json_decode(decode_payload($input),true);
diff --git a/api/v1/post/profile.php b/api/v1/post/profile.php
index 98489ad..6f7f537 100644
--- a/api/v1/post/profile.php
+++ b/api/v1/post/profile.php
@@ -5,7 +5,7 @@ defined($security_key) or exit;
 // users
 //------------------------------------------
 //Connect to DB
-$pdo = dbConnect($dbname_users);
+$pdo = dbConnect($dbname);
 
 //CONTENT FROM API (POST)
 $post_content = json_decode(decode_payload($input),true);
diff --git a/api/v1/post/users.php b/api/v1/post/users.php
index d01389e..4fae5b7 100644
--- a/api/v1/post/users.php
+++ b/api/v1/post/users.php
@@ -5,7 +5,7 @@ defined($security_key) or exit;
 // users
 //------------------------------------------
 //Connect to DB
-$pdo = dbConnect($dbname_users);
+$pdo = dbConnect($dbname);
 
 //CONTENT FROM API (POST)
 $post_content = json_decode(decode_payload($input),true);
diff --git a/assets/functions.php b/assets/functions.php
index 961c7d7..5ac830d 100644
--- a/assets/functions.php
+++ b/assets/functions.php
@@ -1597,7 +1597,7 @@ else {//ADMIN USERS
       $whereclause = '';
       }
 
-  $pdo = dbConnect($dbname_users);
+  $pdo = dbConnect($dbname);
   $sql = 'SELECT distinct partnerID, partnername FROM partner WHERE partnertype = ? AND status = 1 '.$whereclause.'';
   $stmt = $pdo->prepare($sql);
   $stmt->execute([$partnertype, $condition]);
@@ -1624,6 +1624,55 @@ $view .= '</datalist>
 return $view;
 }
 
+//------------------------------------------
+// LIST ACCOUNTS
+//------------------------------------------
+function listAccounts($type, $user_right, $input)
+{
+  include dirname(__FILE__,2).'/settings/settings.php';
+
+//BASED ON USERRIGHT DEFINE SQL AND DATA RETURNED
+if ($user_right != 3 || $user_right !=4) {
+    //NOT ADMIN USER
+    $partner = json_decode($_SESSION['partnerhierarchy']);
+    //SoldTo is empty
+    if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
+    //BUILD CONDITION
+    $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search;
+    $whereclause = 'AND salesID like ?';
+}
+else {//ADMIN USERS
+      $whereclause = '';
+      }
+
+  $pdo = dbConnect($dbname);
+  $sql = 'SELECT distinct partnerID, partnername FROM partner WHERE partnertype = ? AND status = 1 '.$whereclause.'';
+  $stmt = $pdo->prepare($sql);
+  $stmt->execute(['soldto', $condition]);
+  $partners = $stmt->fetchAll(PDO::FETCH_ASSOC);
+
+if ($input !='' && !empty($input)){
+    $partner_available  = '<option value="'.$input.'" selected>'.$input.'</option><option value=" "> </option>';
+} else {
+    $partner_available  = '<option></option>';
+}
+
+$view ='
+    <input list="'.$type.'" name="'.$type.'" placeholder="'.$input.'" class="datalist">
+    <datalist id="'.$type.'">
+    '.$partner_available.'
+';
+
+foreach ($partners as $row) {
+$view .= '<option value="'.$row["partnerID"].'-'.$row["partnername"].'">'.$row["partnerID"].' - '.$row["partnername"].'</option>';
+}
+
+$view .= '</datalist>
+';
+return $view;
+}
+
+
 //------------------------------------------
 // UPLOAD PICTURE for PRODUCTS
 //------------------------------------------
diff --git a/contract.php b/contract.php
index de3e6bf..f75ad55 100644
--- a/contract.php
+++ b/contract.php
@@ -166,16 +166,19 @@ $view .=  '<div class="form responsive-width-100">
             </div>
             <div class="form responsive-width-100">
                 <label for="">'.$contract_reference.'</label>
-                <input type="number" name="reference" value="'.$contract['reference'].'" >
+                <input type="text" name="reference" value="'.$contract['reference'].'" >
             </div>
         </div>';
 
 
-//DISPLAY
+
+//GET PARTNER DROPDOWN
+$soldto_dropdown = listAccounts('accountID',$_SESSION['permission'],$contract['accountID']);
+
 $view .= '<div class="content-block tab-content">
             <div class="form responsive-width-100">
                 <label for="">'.$contract_account.'</label>
-                <input id="name" type="text" name="accountID" placeholder="'.$contract_account.'" value="'.$contract['accountID'].'" required>
+                '.$soldto_dropdown.'
             </div>
             <div class="form responsive-width-100">
                 <label for="">'.$contract_servicetool.'</label>
@@ -186,7 +189,7 @@ $view .= '<div class="content-block tab-content">
 
 
 //Check for assigned users
-$assigned_users = json_decode($contract['assigned_users']) ?? ''; 
+$assigned_users = (is_string($contract['assigned_users']))? json_decode($contract['assigned_users']) : ''; 
 
 if (is_array($assigned_users)) {                        
     foreach ($assigned_users as $user){