pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update for BeWellWell my account en media_upload

Browse Source
This commit is contained in:
“VeLiTi”
2025-08-29 15:01:30 +02:00
parent 010b23b0e5
commit f8e089ffcd
20 changed files with 603 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

BIN
api/.DS_Store vendored
View File

Binary file not shown.

BIN
api/v1/.DS_Store vendored
View File

Binary file not shown.

BIN
api/v2/.DS_Store vendored
View File

Binary file not shown.

150
api/v2/get/appointment.php Normal file
View File

@@ -0,0 +1,150 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Appointments
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//NEW ARRAY
$criterias = [];
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
}
}
//GET SLOTS PER DEALER
if(isset($criterias['action']) && $criterias['action'] == 'get_slots' && isset($criterias['dealer_id']) && isset($criterias['year']) && isset($criterias['month'])){
//DECODE DEALER_ID
$dealer_id = decodeUuid($criterias['dealer_id']);
$year = (int)$criterias['year'];
$month = (int)$criterias['month'];
// Get the number of days in the month
$num_days = cal_days_in_month(CAL_GREGORIAN, $month, $year);
//GET OPENING_HOURS
$sql_opening_hours = 'SELECT opening_hours FROM dealers WHERE rowID = ?';
$stmt = $pdo->prepare($sql_opening_hours);
$stmt->execute([$dealer_id]);
$opening_hours = $stmt->fetch(PDO::FETCH_ASSOC);
$opening_hours = json_decode($opening_hours['opening_hours'],true);
if (empty($opening_hours)){
// Define opening hours
$opening_hours = [
1 => ['start' => '09:00', 'end' => '17:00'], // Monday
2 => ['start' => '09:00', 'end' => '17:00'], // Tuesday
3 => ['start' => '09:00', 'end' => '17:00'], // Wednesday
4 => ['start' => '09:00', 'end' => '17:00'], // Thursday
5 => ['start' => '09:00', 'end' => '17:00'], // Friday
6 => ['start' => '09:00', 'end' => '17:00'], // Saturday
7 => null // Sunday - Closed
];
} else {
// Convert all string "null" values to actual null
foreach ($opening_hours as $day => $hours) {
if ($hours === "null") {
$opening_hours[$day] = null;
}
}
}
// Initialize an array to store the available slots for the entire month
$all_available_slots = [];
// Initialize a counter for the slot IDs
$id_counter = 1;
// Iterate over each day in the month
for ($day = 1; $day <= $num_days; $day++) {
// Create a full date string
$full_date = sprintf("%04d-%02d-%02d", $year, $month, $day);
// Determine the day of the week (1 = Monday, 7 = Sunday)
$day_of_week = date('N', strtotime($full_date));
// Check if the day is open
if ($opening_hours[$day_of_week] === null) {
continue; // Skip closed days (Sunday)
}
// Get existing booked/unavailable slots for the day
$booked_slots_sql = "SELECT start_time, end_time FROM appointment_slots
WHERE DATE(start_time) = ? AND dealer_id = ? AND is_available = false";
$stmt = $pdo->prepare($booked_slots_sql);
$stmt->execute([$full_date, $dealer_id]);
$booked_result = $stmt->fetchAll(PDO::FETCH_ASSOC);
// Store booked slots for the day
$booked_slots = [];
foreach ($booked_result as $row){
$booked_slots[] = [
'start' => substr($row['start_time'], 11, 5),
'end' => substr($row['end_time'], 11, 5)
];
}
// Generate all possible slots for the day
$start_time = new DateTime($full_date . ' ' . $opening_hours[$day_of_week]['start']);
$end_time = new DateTime($full_date . ' ' . $opening_hours[$day_of_week]['end']);
$interval = new DateInterval('PT1H');
// Iterate through each hour and check availability
while ($start_time < $end_time) {
$slot_end = clone $start_time;
$slot_end->add($interval);
// Check if this slot is booked
$is_available = true;
foreach ($booked_slots as $booked) {
$booked_start = new DateTime($full_date . ' ' . $booked['start']);
$booked_end = new DateTime($full_date . ' ' . $booked['end']);
if (($start_time >= $booked_start && $start_time < $booked_end) ||
($slot_end > $booked_start && $slot_end <= $booked_end)) {
$is_available = false;
break;
}
}
// If the slot is available, add it to the list
if ($is_available) {
$all_available_slots[] = [
'id' => $id_counter++,
'start_time' => $start_time->format('Y-m-d H:i:s'),
'end_time' => $slot_end->format('Y-m-d H:i:s')
];
}
$start_time->add($interval);
}
}
$messages = $all_available_slots;
} else {
$messages =['success' => false, 'slots' => ''];
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
?>

28
api/v2/get/dealers.php
View File

@@ -55,7 +55,8 @@ if(isset($get_content) && $get_content!=''){
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM dealers d '.$whereclause.'';
$sql = 'SELECT count(*) as count FROM dealers d '.$whereclause;
}
elseif (isset($criterias['list']) && $criterias['list'] ==''){
$sql = 'SELECT d.* FROM dealers d '.$whereclause;
@@ -64,6 +65,7 @@ else {
//SQL for Paging
$sql = 'SELECT d.*, m.full_path FROM dealers d LEFT JOIN media m ON d.dealer_media = m.rowID '.$whereclause.' LIMIT :page,:num_products';
}
$stmt = $pdo->prepare($sql);
//Bind to query
@@ -95,8 +97,18 @@ if (!empty($criterias)){
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $stmt->fetch();
$messages = $messages[0];
//No further data transformation need
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
//exit
exit();
}
elseif (isset($criterias['list']) && $criterias['list']==''){
//Excute Query
@@ -116,10 +128,20 @@ else {
}
//------------------------------------------
//CHANGE ROWID INTO UUID
//------------------------------------------
function updateRowID($row) {
$row['rowID'] = encodeUuid($row['rowID']);
return $row;
}
$updatedData = array_map('updateRowID', $messages);
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
$messages = json_encode($updatedData, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;

5
api/v2/get/identity.php
View File

@@ -50,6 +50,11 @@ if(isset($get_content) && $get_content!=''){
}
}
//ASSIGN DEALER ID TO IDENTITY
if(isset($criterias['userkey'])){
checkAndInsertIdentityDealer($pdo, $criterias['userkey']);
}
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count from identity '.$whereclause.'';

59
api/v2/get/identity_dealers.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
defined($security_key) or exit;
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
//------------------------------------------
// dealers
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//NEW ARRAY
$criterias = [];
$messages = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
}
}
//IDENTITY REQUEST - override SQL
if(isset($criterias['identity_id'])){
$sql = 'SELECT d.*, m.full_path FROM identity_dealers id JOIN dealers d ON id.dealer_ID = d.rowID LEFT JOIN media m ON d.dealer_media = m.rowID WHERE identity_id='.$criterias['identity_id'].'';
$stmt = $pdo->prepare($sql);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
//------------------------------------------
//CHANGE ROWID INTO UUID
//------------------------------------------
function updateRowID($row) {
$row['rowID'] = encodeUuid($row['rowID']);
return $row;
}
$updatedData = array_map('updateRowID', $messages);
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($updatedData, JSON_UNESCAPED_UNICODE);
}
//Send results
echo $messages;
?>

137
api/v2/post/appointment.php Normal file
View File

@@ -0,0 +1,137 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Appointment
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SET PARAMETERS FOR QUERY
$id = $post_content['id'] ?? ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
$date = date('Y-m-d H:i:s');
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
if(isset($post_content['action']) && $post_content['action'] == 'book_appointment'){
//APPOINTMENT BOOKING
$dealer_id = $post_content['dealer_id'];
$name = $post_content['name'] ?? '';
$email = $post_content['email'] ?? '';
$phone = $post_content['phone'] ?? '';
$starttime = $post_content['starttime'] ?? '';
$endtime = $post_content['endtime'] ?? '';
// First check if the slot is still available
$sql = "SELECT start_time, end_time, is_available FROM appointment_slots WHERE start_time = ? AND end_time = ? AND is_available = ? AND dealer_id = ?";
$stmt = $pdo->prepare($sql);
$stmt->execute([$starttime,$endtime,1,$dealer_id]);
$result = $stmt->fetch(PDO::FETCH_ASSOC);
if (isset($result['id'])){
$messages = ['success' => false, 'message' => 'This slot is no longer available'];
}
else {
try {
//INSERT TIMESLOT
$sql = "INSERT INTO appointment_slots (dealer_id, start_time, end_time, is_available,createdby) VALUES (?,?, ?, ?, ?)";
$stmt = $pdo->prepare($sql);
$stmt->execute([$dealer_id,$starttime,$endtime,0,'system']);
$appointment_id = $pdo->lastInsertId();
//INSERT APPOINTMENT
$sql = "INSERT INTO appointments (appointment_slot_id, client_name, client_email, client_phone, appointment_status,createdby, dealer_id) VALUES (?,?,?,?,?,?,?)";
$stmt = $pdo->prepare($sql);
$stmt->execute([$appointment_id,$name, $email, $phone,0,'system', $dealer_id]);
$messages = [
'success' => true,
'message' => 'Appointment requested successfully',
'appointment_id' => $appointment_id
];
} catch (Exception $e) {
// Roll back transaction on error
$pdo->rollback();
$messages = ['success' => false, 'message' => 'Error: ' . $e->getMessage()];
}
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
}
else {
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){
$post_content['updatedby'] = $username ;
}
elseif ($command == 'insert'){
$post_content['createdby'] = $username;
}
else {
//do nothing
}
//CREAT NEW ARRAY AND MAP TO CLAUSE
if(isset($post_content) && $post_content!=''){
foreach ($post_content as $key => $var){
if ($key == 'submit' || $key == 'id'){
//do nothing
}
else {
$criterias[$key] = $var;
$clause .= ' , '.$key.' = ?';
$clause_insert .= ' , '.$key.'';
$input_insert .= ', ?'; // ? for each insert item
$execute_input[]= $var; // Build array for input
}
}
}
//CLEAN UP INPUT
$clause = substr($clause, 2); //Clean clause - remove first comma
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('appointment',$profile,$permission,'U') === 1){
$sql = 'UPDATE appointment SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && isAllowed('appointment',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO appointment ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
// Return ID
echo json_encode(array('rowID'=> $pdo->lastInsertId()));
}
elseif ($command == 'delete' && isAllowed('appointment',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE FROM appointment WHERE rowID = ? '.$whereclause.'');
$stmt->execute([ $id ]);
//Add deletion to changelog
changelog($dbname,'appointment',$id,'Delete','Delete',$username);
} else
{
//do nothing
}
}
?>

5
api/v2/post/dealers.php
View File

@@ -1,9 +1,6 @@
<?php
defined($security_key) or exit;
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
//------------------------------------------
// dealers
//------------------------------------------

4
api/v2/post/identity.php
View File

@@ -96,8 +96,8 @@ elseif ($command == 'login'){
if (count($account) != 0){
//CHECK NUMBER OF LOGIN ATTEMPTS IS BELOW 5
if($account['login_count'] < 5 || $account['isverified'] == 0 ){
//CHECK NUMBER OF LOGIN ATTEMPTS IS BELOW 5 and account isverified
if($account['login_count'] < 5 && $account['isverified'] == 1 ){
// If account exists verify password
if ($account && password_verify($post_content['password'], $account['password'])) {

25
api/v2/post/mailer.php
View File

@@ -1,6 +1,8 @@
<?php
defined($security_key) or exit;
ini_set('display_errors', '1');
ini_set('display_startup_errors', '1');
error_reporting(E_ALL);
//------------------------------------------
// Products attributes
//------------------------------------------
@@ -34,6 +36,13 @@ if (isset($post_content['type']) && $post_content['type'] !=''){
echo json_encode(array('status' => 'send'));
break;
case 'register_identity':
//SEND MAIL
send_mail($mail_to,$mail_subject,$mail_content,'','');
echo json_encode(array('status' => 'send'));
break;
case 'reset':
//GET TEMPLATE
@@ -43,6 +52,20 @@ if (isset($post_content['type']) && $post_content['type'] !=''){
//SEND MAIL
send_mail($mail_to,$subject,$message,'','');
break;
case 'sendInvite':
// Get appointment data from mail_content
$appointment = $post_content['content'];
if ($appointment && isset($appointment['starttime']) && isset($appointment['endtime'])) {
sendIcsCalendar($appointment, $post_content['to'], $post_content['subject']);
echo json_encode(array('status' => 'send'));
} else {
echo json_encode(array('status' => 'error', 'message' => 'Invalid appointment data'));
}
break;
}
}

60
api/v2/post/media_upload.php Normal file
View File

@@ -0,0 +1,60 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Media_upload
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
if (!isset($_FILES['image'])) {
echo json_encode(['error' => 'No file uploaded']);
exit;
}
$file = $_FILES['image'];
// Validate file type
$allowedTypes = ['jpg', 'jpeg', 'png', 'gif', 'webp'];
$filename = $file['name'];
$ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
if (!in_array($ext, $allowedTypes)) {
http_response_code(400);
echo json_encode(['error' => 'Invalid file type. Only JPEG, PNG, GIF, and WebP allowed.']);
exit;
}
$target_dir = dirname(__FILE__, 4)."/assets/images/media/";
$title = uniqid().'_'.time().'_'.$input['title'];
$full_path = $target_dir . $title;
$logical_dir = "assets/images/media/".$title;
if (move_uploaded_file($file['tmp_name'], $full_path)) {
//BUILD UP PARTNERHIERARCHY FROM USER
$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
//If succesfull recvieved store in DB
$insert_media_sql = 'INSERT INTO `media`(`title`, `full_path`, `createdby`,`accounthierarchy`) VALUES (?,?,?,?)';
$stmt = $pdo->prepare( $insert_media_sql);
$stmt->execute([$title,$logical_dir,$username,$partner_product]);
// Return ID
$media_rowID = $pdo->lastInsertId();
//assign picture to dealer
if(isset($input['dealer_id']) && !empty($input['dealer_id'])){
$dealer_id = decodeUuid($input['dealer_id']);
$update_dealer = 'UPDATE dealers SET dealer_media = ? , updatedby = ? WHERE rowID = ?';
$stmt = $pdo->prepare( $update_dealer);
$stmt->execute([$media_rowID,$username,$dealer_id]);
}
echo json_encode(['success' => true, 'path' => $logical_dir]);
}
else {
echo json_encode(['error' => 'Failed to move file']);
}
?>