Update for BeWellWell my account en media_upload
This commit is contained in:
“VeLiTi”
137
api/v2/post/appointment.php
Normal file
137
api/v2/post/appointment.php
Normal file
@@ -0,0 +1,137 @@
|
||||
<?php
|
||||
defined($security_key) or exit;
|
||||
|
||||
//------------------------------------------
|
||||
// Appointment
|
||||
//------------------------------------------
|
||||
//Connect to DB
|
||||
$pdo = dbConnect($dbname);
|
||||
|
||||
//CONTENT FROM API (POST)
|
||||
$post_content = json_decode($input,true);
|
||||
|
||||
//SET PARAMETERS FOR QUERY
|
||||
$id = $post_content['id'] ?? ''; //check for rowID
|
||||
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
|
||||
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
|
||||
$date = date('Y-m-d H:i:s');
|
||||
|
||||
//CREATE EMPTY STRINGS
|
||||
$clause = '';
|
||||
$clause_insert ='';
|
||||
$input_insert = '';
|
||||
|
||||
if(isset($post_content['action']) && $post_content['action'] == 'book_appointment'){
|
||||
|
||||
//APPOINTMENT BOOKING
|
||||
$dealer_id = $post_content['dealer_id'];
|
||||
$name = $post_content['name'] ?? '';
|
||||
$email = $post_content['email'] ?? '';
|
||||
$phone = $post_content['phone'] ?? '';
|
||||
$starttime = $post_content['starttime'] ?? '';
|
||||
$endtime = $post_content['endtime'] ?? '';
|
||||
|
||||
// First check if the slot is still available
|
||||
$sql = "SELECT start_time, end_time, is_available FROM appointment_slots WHERE start_time = ? AND end_time = ? AND is_available = ? AND dealer_id = ?";
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute([$starttime,$endtime,1,$dealer_id]);
|
||||
$result = $stmt->fetch(PDO::FETCH_ASSOC);
|
||||
|
||||
if (isset($result['id'])){
|
||||
$messages = ['success' => false, 'message' => 'This slot is no longer available'];
|
||||
}
|
||||
else {
|
||||
try {
|
||||
//INSERT TIMESLOT
|
||||
$sql = "INSERT INTO appointment_slots (dealer_id, start_time, end_time, is_available,createdby) VALUES (?,?, ?, ?, ?)";
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute([$dealer_id,$starttime,$endtime,0,'system']);
|
||||
|
||||
$appointment_id = $pdo->lastInsertId();
|
||||
|
||||
//INSERT APPOINTMENT
|
||||
$sql = "INSERT INTO appointments (appointment_slot_id, client_name, client_email, client_phone, appointment_status,createdby, dealer_id) VALUES (?,?,?,?,?,?,?)";
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute([$appointment_id,$name, $email, $phone,0,'system', $dealer_id]);
|
||||
|
||||
$messages = [
|
||||
'success' => true,
|
||||
'message' => 'Appointment requested successfully',
|
||||
'appointment_id' => $appointment_id
|
||||
];
|
||||
} catch (Exception $e) {
|
||||
// Roll back transaction on error
|
||||
$pdo->rollback();
|
||||
$messages = ['success' => false, 'message' => 'Error: ' . $e->getMessage()];
|
||||
}
|
||||
}
|
||||
|
||||
//------------------------------------------
|
||||
//JSON_ENCODE
|
||||
//------------------------------------------
|
||||
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
|
||||
|
||||
//Send results
|
||||
echo $messages;
|
||||
}
|
||||
else {
|
||||
|
||||
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
|
||||
if ($command == 'update'){
|
||||
$post_content['updatedby'] = $username ;
|
||||
|
||||
}
|
||||
elseif ($command == 'insert'){
|
||||
$post_content['createdby'] = $username;
|
||||
}
|
||||
else {
|
||||
//do nothing
|
||||
}
|
||||
|
||||
//CREAT NEW ARRAY AND MAP TO CLAUSE
|
||||
if(isset($post_content) && $post_content!=''){
|
||||
foreach ($post_content as $key => $var){
|
||||
if ($key == 'submit' || $key == 'id'){
|
||||
//do nothing
|
||||
}
|
||||
else {
|
||||
$criterias[$key] = $var;
|
||||
$clause .= ' , '.$key.' = ?';
|
||||
$clause_insert .= ' , '.$key.'';
|
||||
$input_insert .= ', ?'; // ? for each insert item
|
||||
$execute_input[]= $var; // Build array for input
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
//CLEAN UP INPUT
|
||||
$clause = substr($clause, 2); //Clean clause - remove first comma
|
||||
$clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma
|
||||
$input_insert = substr($input_insert, 1); //Clean clause - remove first comma
|
||||
|
||||
//QUERY AND VERIFY ALLOWED
|
||||
if ($command == 'update' && isAllowed('appointment',$profile,$permission,'U') === 1){
|
||||
$sql = 'UPDATE appointment SET '.$clause.' WHERE rowID = ? '.$whereclause.'';
|
||||
$execute_input[] = $id;
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute($execute_input);
|
||||
}
|
||||
elseif ($command == 'insert' && isAllowed('appointment',$profile,$permission,'C') === 1){
|
||||
$sql = 'INSERT INTO appointment ('.$clause_insert.') VALUES ('.$input_insert.')';
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute($execute_input);
|
||||
// Return ID
|
||||
echo json_encode(array('rowID'=> $pdo->lastInsertId()));
|
||||
}
|
||||
elseif ($command == 'delete' && isAllowed('appointment',$profile,$permission,'D') === 1){
|
||||
$stmt = $pdo->prepare('DELETE FROM appointment WHERE rowID = ? '.$whereclause.'');
|
||||
$stmt->execute([ $id ]);
|
||||
|
||||
//Add deletion to changelog
|
||||
changelog($dbname,'appointment',$id,'Delete','Delete',$username);
|
||||
} else
|
||||
{
|
||||
//do nothing
|
||||
}
|
||||
}
|
||||
?>
|
||||
@@ -1,9 +1,6 @@
|
||||
<?php
|
||||
defined($security_key) or exit;
|
||||
ini_set('display_errors', '1');
|
||||
ini_set('display_startup_errors', '1');
|
||||
error_reporting(E_ALL);
|
||||
|
||||
|
||||
//------------------------------------------
|
||||
// dealers
|
||||
//------------------------------------------
|
||||
|
||||
@@ -96,8 +96,8 @@ elseif ($command == 'login'){
|
||||
|
||||
if (count($account) != 0){
|
||||
|
||||
//CHECK NUMBER OF LOGIN ATTEMPTS IS BELOW 5
|
||||
if($account['login_count'] < 5 || $account['isverified'] == 0 ){
|
||||
//CHECK NUMBER OF LOGIN ATTEMPTS IS BELOW 5 and account isverified
|
||||
if($account['login_count'] < 5 && $account['isverified'] == 1 ){
|
||||
// If account exists verify password
|
||||
if ($account && password_verify($post_content['password'], $account['password'])) {
|
||||
|
||||
|
||||
@@ -1,6 +1,8 @@
|
||||
<?php
|
||||
defined($security_key) or exit;
|
||||
|
||||
ini_set('display_errors', '1');
|
||||
ini_set('display_startup_errors', '1');
|
||||
error_reporting(E_ALL);
|
||||
//------------------------------------------
|
||||
// Products attributes
|
||||
//------------------------------------------
|
||||
@@ -34,6 +36,13 @@ if (isset($post_content['type']) && $post_content['type'] !=''){
|
||||
echo json_encode(array('status' => 'send'));
|
||||
break;
|
||||
|
||||
case 'register_identity':
|
||||
|
||||
//SEND MAIL
|
||||
send_mail($mail_to,$mail_subject,$mail_content,'','');
|
||||
echo json_encode(array('status' => 'send'));
|
||||
break;
|
||||
|
||||
case 'reset':
|
||||
|
||||
//GET TEMPLATE
|
||||
@@ -43,6 +52,20 @@ if (isset($post_content['type']) && $post_content['type'] !=''){
|
||||
//SEND MAIL
|
||||
send_mail($mail_to,$subject,$message,'','');
|
||||
break;
|
||||
|
||||
case 'sendInvite':
|
||||
|
||||
// Get appointment data from mail_content
|
||||
$appointment = $post_content['content'];
|
||||
|
||||
if ($appointment && isset($appointment['starttime']) && isset($appointment['endtime'])) {
|
||||
sendIcsCalendar($appointment, $post_content['to'], $post_content['subject']);
|
||||
echo json_encode(array('status' => 'send'));
|
||||
} else {
|
||||
echo json_encode(array('status' => 'error', 'message' => 'Invalid appointment data'));
|
||||
}
|
||||
|
||||
break;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
60
api/v2/post/media_upload.php
Normal file
60
api/v2/post/media_upload.php
Normal file
@@ -0,0 +1,60 @@
|
||||
<?php
|
||||
defined($security_key) or exit;
|
||||
|
||||
//------------------------------------------
|
||||
// Media_upload
|
||||
//------------------------------------------
|
||||
//Connect to DB
|
||||
$pdo = dbConnect($dbname);
|
||||
|
||||
if (!isset($_FILES['image'])) {
|
||||
echo json_encode(['error' => 'No file uploaded']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$file = $_FILES['image'];
|
||||
|
||||
// Validate file type
|
||||
$allowedTypes = ['jpg', 'jpeg', 'png', 'gif', 'webp'];
|
||||
$filename = $file['name'];
|
||||
$ext = strtolower(pathinfo($filename, PATHINFO_EXTENSION));
|
||||
|
||||
if (!in_array($ext, $allowedTypes)) {
|
||||
http_response_code(400);
|
||||
echo json_encode(['error' => 'Invalid file type. Only JPEG, PNG, GIF, and WebP allowed.']);
|
||||
exit;
|
||||
}
|
||||
|
||||
$target_dir = dirname(__FILE__, 4)."/assets/images/media/";
|
||||
|
||||
$title = uniqid().'_'.time().'_'.$input['title'];
|
||||
$full_path = $target_dir . $title;
|
||||
$logical_dir = "assets/images/media/".$title;
|
||||
|
||||
if (move_uploaded_file($file['tmp_name'], $full_path)) {
|
||||
//BUILD UP PARTNERHIERARCHY FROM USER
|
||||
$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
|
||||
|
||||
//If succesfull recvieved store in DB
|
||||
$insert_media_sql = 'INSERT INTO `media`(`title`, `full_path`, `createdby`,`accounthierarchy`) VALUES (?,?,?,?)';
|
||||
$stmt = $pdo->prepare( $insert_media_sql);
|
||||
$stmt->execute([$title,$logical_dir,$username,$partner_product]);
|
||||
// Return ID
|
||||
$media_rowID = $pdo->lastInsertId();
|
||||
|
||||
//assign picture to dealer
|
||||
if(isset($input['dealer_id']) && !empty($input['dealer_id'])){
|
||||
$dealer_id = decodeUuid($input['dealer_id']);
|
||||
$update_dealer = 'UPDATE dealers SET dealer_media = ? , updatedby = ? WHERE rowID = ?';
|
||||
$stmt = $pdo->prepare( $update_dealer);
|
||||
$stmt->execute([$media_rowID,$username,$dealer_id]);
|
||||
}
|
||||
|
||||
echo json_encode(['success' => true, 'path' => $logical_dir]);
|
||||
|
||||
}
|
||||
else {
|
||||
echo json_encode(['error' => 'Failed to move file']);
|
||||
}
|
||||
|
||||
?>
|
||||
Reference in New Issue
Block a user