pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

CMXX - First candidate

Browse Source
This commit is contained in:
“VeLiTi”
2025-03-05 20:45:35 +01:00
parent 3a52632d61
commit faf5a5156b
29 changed files with 588 additions and 1053 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
api/v2/authorization.php
View File

@@ -76,7 +76,8 @@ if ($stmt->rowCount() == 1) {
'clientID' => $user_data['username'],
'token' => $token,
'token_valid' => date('Y-m-d H:i:s',time() + 1800),
'userkey' => $user_data['userkey']
'userkey' => $user_data['userkey'],
'language' => $user_data['language']
);
//Reset login count after succesfull attempt

34
api/v2/get/equipments.php
View File

@@ -81,8 +81,38 @@ if(isset($get_content) && $get_content!=''){
$clause .= ' AND (serialnumber like :'.$v[0].' OR e.rowID like :'.$v[0].')';
}
elseif ($v[0] == 'partnerid') {
//build up accounthierarchy
$clause .= ' AND e.accounthierarchy like :'.$v[0];
//PARTNER INFORMATION
$api_url = '/v2/partners/partnerID='.$v[1] ;
$partner_return = ioApi($api_url,'',$clientsecret);
$partner_return = json_decode($partner_return ,true);
$partner_return = $partner_return[0];
if ($partner_return){
//PARTNER FOUND
switch ($partner_return['partnertype']) {
case 'SalesID':
$clause .= ' AND e.accounthierarchy like "%_salesid_:_'.$v[1].'-%"';
break;
case 'SoldTo':
$clause .= ' AND e.accounthierarchy like "%_soldto_:_'.$v[1].'-%"';
break;
case 'ShipTo':
$clause .= ' AND e.accounthierarchy like "%_shipto_:_'.$v[1].'-%"';
break;
case 'Location':
$clause .= ' AND e.accounthierarchy like "%_location_:_'.$v[1].'-%"';
break;
}
} else {
//Partner not found
//Partner not found return empty
$clause .= ' AND e.accounthierarchy =""';
}
//remove original key/value from array
unset($criterias[$v[0]]);
}
elseif ($v[0] == 'serialnumber') {
//build up serialnumber

5
api/v2/get/invoice.php
View File

@@ -49,11 +49,12 @@ if(isset($criterias['totals']) && $criterias['totals'] ==''){
}
elseif (isset($criterias['list']) && $criterias['list'] =='invoice'){
//SQL for Paging
$sql = 'SELECT tx.*, txi.item_id as item_id,txi.item_price as item_price, txi.item_quantity as item_quantity, txi.item_options as item_options, p.productcode, p.productname, inv.id as invoice, inv.created as invoice_created
$sql = 'SELECT tx.*, txi.item_id as item_id,txi.item_price as item_price, txi.item_quantity as item_quantity, txi.item_options as item_options, p.productcode, p.productname, inv.id as invoice, inv.created as invoice_created, i.language as user_language
FROM transactions tx
left join invoice inv ON tx.id = inv.txn_id
left join transactions_items txi ON tx.id = txi.txn_id
left join products p ON p.rowID = txi.item_id '.$whereclause;
left join products p ON p.rowID = txi.item_id
left join identity i ON i.userkey = tx.account_id '.$whereclause;
}
else {
//SQL for Paging

115
api/v2/get/partners.php Normal file
View File

@@ -0,0 +1,115 @@
<?php
defined($security_key) or exit;
//------------------------------------------
// Products
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
list($whereclause,$condition) = getWhereclauselvl2('partners',$permission,$partner,'get');
//NEW ARRAY
$criterias = [];
$clause = '';
//Check for $_GET variables and build up clause
if(isset($get_content) && $get_content!=''){
//GET VARIABLES FROM URL
$requests = explode("&", $get_content);
//Check for keys and values
foreach ($requests as $y){
$v = explode("=", $y);
//INCLUDE VARIABLES IN ARRAY
$criterias[$v[0]] = $v[1];
if ($v[0] == 'page' || $v[0] =='p' || $v[0] =='totals' || $v[0] =='list'|| $v[0] =='success_msg'){
//do nothing
}
elseif ($v[0] == 'search') {
//build up search
$clause .= ' AND partnername like :'.$v[0];
}
else {//create clause
$clause .= ' AND '.$v[0].' = :'.$v[0];
}
}
if ($whereclause == '' && $clause !=''){
$whereclause = 'WHERE '.substr($clause, 4);
} else {
$whereclause .= $clause;
}
}
//Define Query
if(isset($criterias['totals']) && $criterias['totals'] ==''){
//Request for total rows
$sql = 'SELECT count(*) as count FROM partner '.$whereclause.'';
}
elseif(isset($criterias['list']) && $criterias['list'] ==''){
//Request for total rows
$sql = 'SELECT * FROM partner '.$whereclause.'';
}
else {
//SQL for Paging
$sql = 'SELECT * FROM partner '.$whereclause.' LIMIT :page,:num_products';
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;
if (str_contains($whereclause, $key_condition)){
if ($key == 'search'){
$search_value = '%'.$value.'%';
$stmt->bindValue($key, $search_value, PDO::PARAM_STR);
}
else {
$stmt->bindValue($key, $value, PDO::PARAM_STR);
}
}
}
}
//Add paging details
if(isset($criterias['totals']) && $criterias['totals']==''){
$stmt->execute();
$messages = $stmt->fetch();
$messages = $messages[0];
}
elseif(isset($criterias['list']) && $criterias['list']==''){
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
else {
$current_page = isset($criterias['p']) && is_numeric($criterias['p']) ? (int)$criterias['p'] : 1;
$stmt->bindValue('page', ($current_page - 1) * $page_rows_partners, PDO::PARAM_INT);
$stmt->bindValue('num_products', $page_rows_partners, PDO::PARAM_INT);
//Excute Query
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
}
//------------------------------------------
//JSON_ENCODE
//------------------------------------------
$messages = json_encode($messages, JSON_UNESCAPED_UNICODE);
//Send results
echo $messages;
?>

2
api/v2/get/pricelists.php
View File

@@ -12,7 +12,7 @@ $pdo = dbConnect($dbname);
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
list($whereclause,$condition) = getWhereclause('pricelist',$permission,$partner,'get');
list($whereclause,$condition) = getWhereclause('pricelists',$permission,$partner,'get');
//NEW ARRAY
$criterias = [];

17
api/v2/get/products.php
View File

@@ -90,7 +90,9 @@ elseif (isset($criterias['list']) && $criterias['list'] =='price'){
$whereclause_2 = 'WHERE pat.item_status = 1';
} else {
$whereclause_1 = $whereclause .' AND p.salesflag = 1 AND p.status = 1 ';
$whereclause_2 = $whereclause .' AND pat.item_status = 1';
list($whereclause_alt,$condition_alt) = getWhereclause('products_attributes_items',$permission,$partner,'get');
$whereclause_2 = $whereclause_alt .' AND pat.item_status = 1';
}
//GET ALL PRODUCTS AND PRODUCT ATTRIBUTES FOR PRICING
@@ -104,11 +106,14 @@ elseif (isset($criterias['list']) && $criterias['list'] =='config'){
$whereclause_2 = 'WHERE pag.group_status = 1';
} else {
$whereclause_1 = $whereclause .' AND p.salesflag = 1 AND p.status = 1 AND p.configurable = 0 ';
$whereclause_2 = $whereclause .' AND pag.group_status = 1';
list($whereclause_alt2,$condition_alt2) = getWhereclause('products_attributes_groups',$permission,$partner,'get');
$whereclause_2 = $whereclause_alt2 .' AND pag.group_status = 1';
}
//GET ALL PRODUCTS AND PRODUCT ATTRIBUTES FOR PRICING
$sql = '(SELECT p.rowID as product_id, p.productname as product_name FROM products p '.$whereclause_1.' ) UNION (SELECT pag.group_id as product_id, pag.group_name as product_name FROM products_attributes_groups pag '.$whereclause_2.' )';
$sql = '(SELECT p.rowID as product_id, p.productname as product_name FROM products p '.$whereclause_1.' ) UNION (SELECT pag.group_id as product_id, CONCAT(pag.group_name, " (", pag.group_name_internal,")") as product_name FROM products_attributes_groups pag '.$whereclause_2.' )';
}
else {
//SQL for Paging
@@ -121,6 +126,12 @@ $stmt = $pdo->prepare($sql);
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (str_contains($whereclause_alt, ':condition')){
$stmt->bindValue('condition', $condition_alt, PDO::PARAM_STR);
}
if (str_contains($whereclause_alt2, ':condition')){
$stmt->bindValue('condition', $condition_alt2, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){

2
api/v2/get/products_categories.php
View File

@@ -14,8 +14,6 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
//default whereclause
$whereclause = '';
list($whereclause,$condition) = getWhereclause('',$permission,$partner,'get');
//NEW ARRAY
$criterias = [];
$clause = '';

20
api/v2/get/products_configurations.php
View File

@@ -11,11 +11,9 @@ $pdo = dbConnect($dbname);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
list($whereclause,$condition) = getWhereclauselvl2("config",$permission,$partner,'get');
//NEW ARRAY
$criterias = [];
$whereclause = '';
$clause = '';
//Check for $_GET variables and build up clause
@@ -48,12 +46,15 @@ if(isset($get_content) && $get_content!=''){
if (isset($criterias['productrowid']) && $criterias['productrowid'] != ''){
//CHECK IF ALLOWED TO CRUD VERSIONS
$sql = "SELECT * FROM products WHERE rowID = ? '.$whereclause.'";
list($whereclause_alt,$condition_alt) = getWhereclause('',$permission,$partner,'get');
$sql = "SELECT * FROM products WHERE rowID = ? '.$whereclause_alt.'";
$stmt = $pdo->prepare($sql);
$stmt->execute([$criterias['productrowid']]);
$product_data = $stmt->fetch();
$product_owner = ($product_data['rowID'])? 1 : 0;
//IF PRODUCT IS OWNED THEN CRUD is ALLOWED
if ($product_owner === 1 ){
@@ -78,16 +79,11 @@ if (isset($criterias['productrowid']) && $criterias['productrowid'] != ''){
FROM products_configurations pc
LEFT JOIN products p ON p.rowID = pc.assignment
LEFT JOIN products_attributes_groups pag ON pag.group_id = pc.assignment
LEFT JOIN products_versions pv ON pv.rowID = pc.version '.$whereclause.'';
LEFT JOIN products_versions pv ON pv.rowID = pc.version '.$whereclause;
}
$stmt = $pdo->prepare($sql);
//Bind to query
if (str_contains($whereclause, ':condition')){
$stmt->bindValue('condition', $condition, PDO::PARAM_STR);
}
if (!empty($criterias)){
foreach ($criterias as $key => $value){
$key_condition = ':'.$key;

2
api/v2/get/taxes.php
View File

@@ -14,8 +14,6 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
//default whereclause
$whereclause = '';
list($whereclause,$condition) = getWhereclause('',$permission,$partner,'get');
//NEW ARRAY
$criterias = [];
$clause = '';

3
api/v2/get/transactions.php
View File

@@ -58,10 +58,11 @@ elseif (isset($criterias['list']) && $criterias['list'] =='order'){
left join invoice inv ON tx.id = inv.txn_id
left join transactions_items txi ON tx.id = txi.txn_id
left join products p ON p.rowID = txi.item_id '.$whereclause;
}
else {
//SQL for Paging
$sql = 'SELECT * FROM transactions tx '.$whereclause.' LIMIT :page,:num_products';
$sql = 'SELECT * FROM transactions tx '.$whereclause.' ORDER BY tx.created DESC LIMIT :page,:num_products';
}
$stmt = $pdo->prepare($sql);

9
api/v2/get/transactions_items.php
View File

@@ -14,7 +14,7 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
//default whereclause
$whereclause = '';
list($whereclause,$condition) = getWhereclause('',$permission,$partner,'get');
list($whereclause,$condition) = getWhereclauselvl2('transactions',$permission,$partner,'get');
//NEW ARRAY
$criterias = [];
@@ -37,6 +37,9 @@ if(isset($get_content) && $get_content!=''){
//build up search
$clause .= ' AND name like :'.$v[0];
}
elseif (($v[0] == 'account_id')){//create clause
$clause .= ' AND tx.'.$v[0].' = :'.$v[0];
}
else {//create clause
$clause .= ' AND tai.'.$v[0].' = :'.$v[0];
}
@@ -55,7 +58,8 @@ if(isset($criterias['totals']) && $criterias['totals'] ==''){
}
else {
//SQL for Paging
$sql = 'SELECT ta.*, tai.* FROM transactions ta left join transactions_items tai ON ta.id = tai.txn_id '.$whereclause;
//$sql = 'SELECT ta.*, tai.* FROM transactions ta left join transactions_items tai ON ta.id = tai.txn_id '.$whereclause;
$sql ='SELECT tx.*, tai.*, p.productname as item_name, m.full_path FROM transactions tx left join transactions_items tai ON tx.id = tai.txn_id LEFT JOIN media m ON tai.item_id = m.rowID LEFT JOIN products p ON tai.item_id = p.rowID '.$whereclause;
}
$stmt = $pdo->prepare($sql);
@@ -94,6 +98,7 @@ else {
$stmt->execute();
//Get results
$messages = $stmt->fetchAll(PDO::FETCH_ASSOC);
$messages = transformOrders($messages);
}
//------------------------------------------

2
api/v2/post/accounts.php
View File

@@ -14,7 +14,7 @@ $post_content = json_decode($input,true);
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
list($whereclause,$condition) = getWhereclause('equipment',$permission,$partner,'');
list($whereclause,$condition) = getWhereclause('',$permission,$partner,'');
//SET PARAMETERS FOR QUERY
$id = $post_content['rowID'] ?? ''; //check for rowID

7
api/v2/post/categories.php
View File

@@ -14,8 +14,7 @@ $post_content = json_decode($input,true);
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
list($whereclause,$condition) = getWhereclauselvl2("categories",$permission,$partner,'');
list($whereclause,$condition) = getWhereclauselvl2("",$permission,$partner,'');
//BUILD UP PARTNERHIERARCHY FROM USER
$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
@@ -72,7 +71,9 @@ elseif ($command == 'insert' && isAllowed('categories',$profile,$permission,'C')
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('categories',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE c, pc FROM categories c LEFT JOIN products_categories pc ON pc.category_id = c.rowID WHERE c.rowID = ? '.$whereclause.'');
list($whereclause_alt,$condition_alt) = getWhereclauselvl2("categories",$permission,$partner,'');
$stmt = $pdo->prepare('DELETE c, pc FROM categories c LEFT JOIN products_categories pc ON pc.category_id = c.rowID WHERE c.rowID = ? '.$whereclause_alt.'');
$stmt->execute([ $id ]);
//Add deletion to changelog

17
api/v2/post/identity.php
View File

@@ -16,8 +16,6 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
//default whereclause
list($whereclause,$condition) = getWhereclause('',$permission,$partner,'');
//SET PARAMETERS FOR QUERY
$id = (isset($post_content['userkey'])) ? $post_content['userkey']: ''; //check for rowID
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
@@ -37,7 +35,6 @@ $partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$par
//FIXED VARIABLES
$post_content['updatedby'] = $userrname; //initial = interface user
$post_content['accounthierarchy'] = $partner_product; // related to interface user
$post_content['userkey'] = bin2hex(random_bytes(25));
//Create or update resetkey
$headers = array('alg'=>'HS256','typ'=>'JWT');
$payload = array('key'=> bin2hex(random_bytes(25)), 'exp'=>(time() + 1800));
@@ -52,7 +49,7 @@ if ($id != '' && $command == 'reset'){
$consumer_data = $stmt->fetch();
//STEP 2- Store resetkey
$sql = 'UPDATE users SET resetkey = ?, updatedby = ? WHERE id = ? '.$whereclause.'';
$sql = 'UPDATE identity SET resetkey = ?, updatedby = ? WHERE userkey = ? '.$whereclause.'';
$stmt = $pdo->prepare($sql);
$stmt->execute([$resetkey,$post_content['updatedby'],$id]);
@@ -73,7 +70,7 @@ if ($command == 'update'){
$post_content['updatedby'] = $consumer_data['email'];
if (isset($post_content['password'])){
$post_content['password'] = password_hash($password, PASSWORD_DEFAULT);
$post_content['password'] = password_hash($post_content['password'], PASSWORD_DEFAULT);
}
}
@@ -82,14 +79,16 @@ elseif ($command == 'insert'){
$post_content['language'] = isset($post_content['language']) ? $post_content['language'] : 'US';
$post_content['profile'] = 0;
$post_content['isverified'] = 0;
$post_content['userkey'] = bin2hex(random_bytes(25));
$post_content['createdby'] = $username;
$post_content['updatedby'] = $username;
}
elseif ($command == 'login'){
//SETUP SQL FOR LOGIN_COUNT
$sql_login = 'UPDATE identity SET login_count = ? WHERE id = ?';
$sql_login = 'UPDATE identity SET login_count = ?, lastlogin = ? WHERE id = ?';
$lastlogin = date('Y-m-d H:i:s');
// Check if the account exists
$stmt = $pdo->prepare('SELECT * FROM identity WHERE email = ?');
$stmt->execute([ $post_content['email'] ]);
@@ -113,7 +112,7 @@ elseif ($command == 'login'){
$login_attempt = 0;
$stmt_login = $pdo->prepare($sql_login);
$stmt_login->execute([$login_attempt, $account['id']]);
$stmt_login->execute([$login_attempt,$lastlogin, $account['id']]);
//Encrypt results
$messages = json_encode($consumer, JSON_UNESCAPED_UNICODE);
@@ -125,7 +124,7 @@ elseif ($command == 'login'){
//Update Login count with failed attempt
$login_attempt = $account['login_count'] + 1;
$stmt_login = $pdo->prepare($sql_login);
$stmt_login->execute([$login_attempt, $account['id']]);
$stmt_login->execute([$login_attempt,$lastlogin, $account['id']]);
//Send Response
http_response_code(403); //Not authorized
exit;

2
api/v2/post/invoice.php
View File

@@ -37,7 +37,7 @@ if ($command == 'update'){
elseif ($command == 'insert' && (isset($post_content['txn_id']) && $post_content['txn_id'] != '')){
//GET RELATED TRANSACTION DETAILS
$sql = 'SELECT * FROM transactions WHERE id = ? AND payment_status = "0"';
$sql = 'SELECT * FROM transactions WHERE id = ? ';
$stmt = $pdo->prepare($sql);
//Excute Query
$stmt->execute([$post_content['txn_id']]);

10
api/v2/post/transactions.php
View File

@@ -55,16 +55,22 @@ if ($command == 'update'){
//CHECK IF PAYMENT STATUS is PAID (1)
if(isset($post_content['payment_status']) && $post_content['payment_status'] == 1){
//check if GIFTCARD ID IS PROVIDED AND NOT EMPTY
if(isset($post_content['giftcard_categoryID']) && $post_content['giftcard_categoryID'] != ''){
//CHECK FOR GIFTCARDS IN ORDER AND CREATE WHEN AVAILABLE AND NOT CREATED YET
createGiftCart($pdo, $post_content['id'], $post_content['giftcard_categoryID'],$partner_product);
//remove giftcard_categoryID from $post_content array
unset($post_content['giftcard_categoryID']);
}
if(isset($post_content['giftcard_categoryID'])){
//remove giftcard_categoryID from $post_content array
unset($post_content['giftcard_categoryID']);
}
}
}