CMXX - First candidate
This commit is contained in:
“VeLiTi”
@@ -14,7 +14,7 @@ $post_content = json_decode($input,true);
|
||||
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
|
||||
|
||||
//default whereclause
|
||||
list($whereclause,$condition) = getWhereclause('equipment',$permission,$partner,'');
|
||||
list($whereclause,$condition) = getWhereclause('',$permission,$partner,'');
|
||||
|
||||
//SET PARAMETERS FOR QUERY
|
||||
$id = $post_content['rowID'] ?? ''; //check for rowID
|
||||
|
||||
@@ -14,8 +14,7 @@ $post_content = json_decode($input,true);
|
||||
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
|
||||
|
||||
//default whereclause
|
||||
list($whereclause,$condition) = getWhereclauselvl2("categories",$permission,$partner,'');
|
||||
|
||||
list($whereclause,$condition) = getWhereclauselvl2("",$permission,$partner,'');
|
||||
|
||||
//BUILD UP PARTNERHIERARCHY FROM USER
|
||||
$partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$partner->soldto), JSON_UNESCAPED_UNICODE);
|
||||
@@ -72,7 +71,9 @@ elseif ($command == 'insert' && isAllowed('categories',$profile,$permission,'C')
|
||||
$stmt->execute($execute_input);
|
||||
}
|
||||
elseif ($command == 'delete' && isAllowed('categories',$profile,$permission,'D') === 1){
|
||||
$stmt = $pdo->prepare('DELETE c, pc FROM categories c LEFT JOIN products_categories pc ON pc.category_id = c.rowID WHERE c.rowID = ? '.$whereclause.'');
|
||||
list($whereclause_alt,$condition_alt) = getWhereclauselvl2("categories",$permission,$partner,'');
|
||||
|
||||
$stmt = $pdo->prepare('DELETE c, pc FROM categories c LEFT JOIN products_categories pc ON pc.category_id = c.rowID WHERE c.rowID = ? '.$whereclause_alt.'');
|
||||
$stmt->execute([ $id ]);
|
||||
|
||||
//Add deletion to changelog
|
||||
|
||||
@@ -16,8 +16,6 @@ if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} el
|
||||
//default whereclause
|
||||
list($whereclause,$condition) = getWhereclause('',$permission,$partner,'');
|
||||
|
||||
|
||||
|
||||
//SET PARAMETERS FOR QUERY
|
||||
$id = (isset($post_content['userkey'])) ? $post_content['userkey']: ''; //check for rowID
|
||||
$command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT
|
||||
@@ -37,7 +35,6 @@ $partner_product = json_encode(array("salesid"=>$partner->salesid,"soldto"=>$par
|
||||
//FIXED VARIABLES
|
||||
$post_content['updatedby'] = $userrname; //initial = interface user
|
||||
$post_content['accounthierarchy'] = $partner_product; // related to interface user
|
||||
$post_content['userkey'] = bin2hex(random_bytes(25));
|
||||
//Create or update resetkey
|
||||
$headers = array('alg'=>'HS256','typ'=>'JWT');
|
||||
$payload = array('key'=> bin2hex(random_bytes(25)), 'exp'=>(time() + 1800));
|
||||
@@ -52,7 +49,7 @@ if ($id != '' && $command == 'reset'){
|
||||
$consumer_data = $stmt->fetch();
|
||||
|
||||
//STEP 2- Store resetkey
|
||||
$sql = 'UPDATE users SET resetkey = ?, updatedby = ? WHERE id = ? '.$whereclause.'';
|
||||
$sql = 'UPDATE identity SET resetkey = ?, updatedby = ? WHERE userkey = ? '.$whereclause.'';
|
||||
$stmt = $pdo->prepare($sql);
|
||||
$stmt->execute([$resetkey,$post_content['updatedby'],$id]);
|
||||
|
||||
@@ -73,7 +70,7 @@ if ($command == 'update'){
|
||||
$post_content['updatedby'] = $consumer_data['email'];
|
||||
|
||||
if (isset($post_content['password'])){
|
||||
$post_content['password'] = password_hash($password, PASSWORD_DEFAULT);
|
||||
$post_content['password'] = password_hash($post_content['password'], PASSWORD_DEFAULT);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -82,14 +79,16 @@ elseif ($command == 'insert'){
|
||||
$post_content['language'] = isset($post_content['language']) ? $post_content['language'] : 'US';
|
||||
$post_content['profile'] = 0;
|
||||
$post_content['isverified'] = 0;
|
||||
$post_content['userkey'] = bin2hex(random_bytes(25));
|
||||
$post_content['createdby'] = $username;
|
||||
$post_content['updatedby'] = $username;
|
||||
}
|
||||
elseif ($command == 'login'){
|
||||
|
||||
//SETUP SQL FOR LOGIN_COUNT
|
||||
$sql_login = 'UPDATE identity SET login_count = ? WHERE id = ?';
|
||||
|
||||
$sql_login = 'UPDATE identity SET login_count = ?, lastlogin = ? WHERE id = ?';
|
||||
$lastlogin = date('Y-m-d H:i:s');
|
||||
|
||||
// Check if the account exists
|
||||
$stmt = $pdo->prepare('SELECT * FROM identity WHERE email = ?');
|
||||
$stmt->execute([ $post_content['email'] ]);
|
||||
@@ -113,7 +112,7 @@ elseif ($command == 'login'){
|
||||
$login_attempt = 0;
|
||||
|
||||
$stmt_login = $pdo->prepare($sql_login);
|
||||
$stmt_login->execute([$login_attempt, $account['id']]);
|
||||
$stmt_login->execute([$login_attempt,$lastlogin, $account['id']]);
|
||||
|
||||
//Encrypt results
|
||||
$messages = json_encode($consumer, JSON_UNESCAPED_UNICODE);
|
||||
@@ -125,7 +124,7 @@ elseif ($command == 'login'){
|
||||
//Update Login count with failed attempt
|
||||
$login_attempt = $account['login_count'] + 1;
|
||||
$stmt_login = $pdo->prepare($sql_login);
|
||||
$stmt_login->execute([$login_attempt, $account['id']]);
|
||||
$stmt_login->execute([$login_attempt,$lastlogin, $account['id']]);
|
||||
//Send Response
|
||||
http_response_code(403); //Not authorized
|
||||
exit;
|
||||
|
||||
@@ -37,7 +37,7 @@ if ($command == 'update'){
|
||||
elseif ($command == 'insert' && (isset($post_content['txn_id']) && $post_content['txn_id'] != '')){
|
||||
|
||||
//GET RELATED TRANSACTION DETAILS
|
||||
$sql = 'SELECT * FROM transactions WHERE id = ? AND payment_status = "0"';
|
||||
$sql = 'SELECT * FROM transactions WHERE id = ? ';
|
||||
$stmt = $pdo->prepare($sql);
|
||||
//Excute Query
|
||||
$stmt->execute([$post_content['txn_id']]);
|
||||
|
||||
@@ -55,16 +55,22 @@ if ($command == 'update'){
|
||||
|
||||
//CHECK IF PAYMENT STATUS is PAID (1)
|
||||
if(isset($post_content['payment_status']) && $post_content['payment_status'] == 1){
|
||||
|
||||
|
||||
//check if GIFTCARD ID IS PROVIDED AND NOT EMPTY
|
||||
if(isset($post_content['giftcard_categoryID']) && $post_content['giftcard_categoryID'] != ''){
|
||||
|
||||
|
||||
//CHECK FOR GIFTCARDS IN ORDER AND CREATE WHEN AVAILABLE AND NOT CREATED YET
|
||||
createGiftCart($pdo, $post_content['id'], $post_content['giftcard_categoryID'],$partner_product);
|
||||
|
||||
//remove giftcard_categoryID from $post_content array
|
||||
unset($post_content['giftcard_categoryID']);
|
||||
}
|
||||
|
||||
if(isset($post_content['giftcard_categoryID'])){
|
||||
//remove giftcard_categoryID from $post_content array
|
||||
unset($post_content['giftcard_categoryID']);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user