soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause $whereclause = ''; switch ($permission) { case '4': $whereclause = ''; break; case '3': $whereclause = ''; break; case '2': $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search; $whereclause = ' AND accounthierarchy like "'.$condition.'"'; break; default: $condition = '__salesid___'.$partner->salesid.'___soldto___'.substr($partner->soldto, 0, strpos($partner->soldto, "-")).$soldto_search.'___shipto___'.substr($partner->shipto, 0, strpos($partner->shipto, "-")).'%___location___'.substr($partner->location, 0, strpos($partner->location, "-")).'%'; $whereclause = ' AND accounthierarchy like "'.$condition.'"'; break; } //SET PARAMETERS FOR QUERY $id = $post_content['rowID'] ?? ''; //check for rowID $command = ($id == '')? 'insert' : 'update'; //IF rowID = empty then INSERT if (isset($post_content['delete'])){$command = 'delete';} //change command to delete $date = date('Y-m-d H:i:s'); //CREATE EMPTY STRINGS $owner_equipment = 0; $clause = ''; $clause_insert =''; $input_insert = ''; if ($id != ''){ //DEFINE ACCOUNTHIERARCHY $stmt = $pdo->prepare('SELECT * FROM equipment WHERE rowID = ?'); $stmt->execute([$id]); $equipment_data = $stmt->fetch(); $equipment_old = json_decode($equipment_data['accounthierarchy']); $salesid_new = (($post_content['salesid'] != '' && $post_content['salesid'] != $equipment_old->salesid)? $post_content['salesid'] : $equipment_old->salesid); $soldto_new = (($post_content['soldto'] != '' && $post_content['soldto'] != $equipment_old->soldto)? $post_content['soldto'] : $equipment_old->soldto); $shipto_new = (($post_content['shipto'] != '' && $post_content['shipto'] != $equipment_old->shipto)? $post_content['shipto'] : $equipment_old->shipto); $location_new = (($post_content['location'] != '' && $post_content['location'] != $equipment_old->location)? $post_content['location'] : $equipment_old->location); $section_new = (($post_content['section'] != '' && $post_content['section'] != $equipment_old->section)? $post_content['section'] : $equipment_old->section); $owner_equipment = (($equipment_data['createdby'] == $username)? 1 : 0); if ($permission == 3 || $permission == 4){ //ADMIN ONLY ARE ALLOWED TO CHANGE SALES AND SOLD $account = array( "salesid"=>$salesid_new, "soldto"=>$soldto_new, "shipto"=>$shipto_new, "location"=>$location_new, "section"=>$section_new ); } else { $account = array( "salesid"=>$equipment_old->salesid, "soldto"=>$equipment_old->soldto, "shipto"=>$shipto_new, "location"=>$location_new, "section"=>$section_new ); } } else { //ID is empty => INSERT / NEW RECORD if ($permission == 3 || $permission == 4){ $account = array( "salesid"=>$post_content['salesid'], "soldto"=>$post_content['soldto'], "shipto"=>$post_content['shipto'], "location"=>$post_content['location'], "section"=>$post_content['section'] ); } else { $account = array( "salesid"=>$partner->salesid, "soldto"=>$partner->soldto, "shipto"=>$post_content['shipto'], "location"=>$post_content['location'], "section"=>$post_content['section'] ); } } //CHECK IF PARTNER HAS PARTNER RECORD - IF NOT CREATE AND USE foreach ($account as $key => $value){ if ($key != "section"){ //CHECK for id- pattern if (preg_match('/\-.*/',$value)){ //Do Nothing } else { //No partner ID found switch ($key) { case 'salesid': $p_type = 'SalesID'; break; case 'soldto': $p_type = 'SoldTo'; break; case 'shipto': $p_type = 'ShipTo'; break; case 'location': $p_type = 'Location'; break; } //Create partner and push to array account $account[$key] = createPartner($partner->salesid,$partner->soldto,$value,$p_type,$userkey); } } } // CREATE ACCOUNTHIERARCHY JSON FROM ACCOUNT ARRAY $accounthierarchy = json_encode($account, JSON_UNESCAPED_UNICODE); //ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE if ($command == 'update'){ //RESET WARRANTY AND SERVICE DATES WHEN STATUS IS CHANGED TO SEND(3) if (isset($post_content['status']) && $post_content['status'] == 3 && $equipment_data['status'] != 3) { $post_content['service_date'] = $date; $post_content['warranty_date'] = $date; } //UPDATE CHANGELOG BASED ON STATUS CHANGE if (isset($post_content['status']) && $post_content['status'] != $equipment_data['status']) { changelog($dbname,'equipment',$equipment_data['rowID'],'status',$post_content['status'],$username); } //UPDATE CHANGELOG BASED ON ORDER_REF change if (isset($post_content['order_ref']) && $post_content['order_ref'] != $equipment_data['order_ref']) { changelog($dbname,'equipment',$equipment_data['rowID'],'order_ref',$post_content['order_ref'],$username); } $post_content['accounthierarchy'] = $accounthierarchy; //CHECK for special permissions if (isAllowed('equipment_manage_edit',$profile,$permission,'U') === 0 && $owner_equipment === 0 ){ $post_content['status'] = $equipment_data['status']; $post_content['serialnumber'] = $equipment_data['serialnumber']; $post_content['service_date'] = $equipment_data['service_date']; $post_content['warranty_date'] = $equipment_data['warranty_date']; } } elseif ($command == 'insert'){ $post_content['created'] = $date; $post_content['createdby'] = $username; $post_content['accounthierarchy'] = $accounthierarchy; $post_content['service_date'] = $date; $post_content['warranty_date'] = $date; } else { //do nothing } //CREAT NEW ARRAY AND MAP TO CLAUSE if(isset($post_content) && $post_content!=''){ foreach ($post_content as $key => $var){ if ($key == 'submit' || $key == 'rowID' || str_contains($key, 'old_') || $key == 'salesid' || $key == 'soldto' || $key == 'shipto' || $key == 'location' || $key == 'section' || str_contains($key, 'productcode') || str_contains($key, 'productname')){ //do nothing } else { $criterias[$key] = $var; $clause .= ' , '.$key.' = ?'; $clause_insert .= ' , '.$key.''; $input_insert .= ', ?'; // ? for each insert item $execute_input[]= $var; // Build array for input } } } //CLEAN UP INPUT $clause = substr($clause, 2); //Clean clause - remove first comma $clause_insert = substr($clause_insert, 2); //Clean clause - remove first comma $input_insert = substr($input_insert, 1); //Clean clause - remove first comma //QUERY AND VERIFY ALLOWED if ($command == 'update' && (isAllowed('equipment_manage',$profile,$permission,'U') === 1 || isAllowed('equipments_mass_update',$profile,$permission,'U') === 1 || $owner_equipment === 1)){ $sql = 'UPDATE equipment SET '.$clause.' WHERE rowID = ? '.$whereclause.''; $execute_input[] = $id; $stmt = $pdo->prepare($sql); $stmt->execute($execute_input); } elseif ($command == 'insert' && isAllowed('equipment_manage',$profile,$permission,'C') === 1){ $sql = 'INSERT INTO equipment ('.$clause_insert.') VALUES ('.$input_insert.')'; $stmt = $pdo->prepare($sql); $stmt->execute($execute_input); } elseif ($command == 'delete' && (isAllowed('equipment_manage',$profile,$permission,'D') === 1 || $owner_equipment === 1)){ //delete equipment $stmt = $pdo->prepare('DELETE FROM equipment WHERE rowID = ? '.$whereclause.''); $stmt->execute([ $id ]); //delete history related to equipment $stmt = $pdo->prepare('DELETE FROM history WHERE equipmentid = ?'); $stmt->execute([ $id ]); } else { //do nothing } ?>