soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';} //default whereclause list($whereclause,$condition) = getWhereclause('',$permission,$partner,''); // Handle different actions $action = $post_content['action'] ?? ''; switch ($action) { case 'download': // Handle secure download request require_once './includes/version_access.php'; $versionId = $post_content['version_id'] ?? null; if (!$versionId) { http_response_code(400); echo json_encode(['error' => 'Missing version_id']); exit; } $userId = $user_data['id']; // Validate user has access to this version if (!validateUserAccess($userId, $versionId)) { http_response_code(403); echo json_encode(['error' => 'Access denied. Payment required or insufficient permissions.']); exit; } // Get version details $stmt = $pdo->prepare("SELECT * FROM software_versions WHERE rowID = ?"); $stmt->execute([$versionId]); $version = $stmt->fetch(PDO::FETCH_ASSOC); if (!$version) { http_response_code(404); echo json_encode(['error' => 'Version not found']); exit; } // Log the download logDownload($pdo, $userId, $versionId); // Generate temporary signed URL $downloadToken = generateSecureDownloadToken($pdo, $userId, $versionId); echo json_encode([ 'download_url' => '/api/v2/get/software_download.php?token=' . $downloadToken, 'expires_in' => 300 // 5 minutes ]); break; case 'purchase': // Handle purchase/license grant require_once './includes/version_access.php'; $versionId = $post_content['version_id'] ?? null; $transactionId = $post_content['transaction_id'] ?? null; if (!$versionId) { http_response_code(400); echo json_encode(['error' => 'Missing version_id']); exit; } $userId = $user_data['id']; // Verify payment was successful (integrate with your payment processor) $paymentVerified = true; // For testing - integrate with actual payment verification if (!$paymentVerified) { http_response_code(400); echo json_encode(['error' => 'Payment verification failed']); exit; } // Check access requirements $accessInfo = checkVersionAccess($userId, $versionId); if ($accessInfo['accessible']) { // Already has access echo json_encode([ 'success' => true, 'message' => 'You already have access to this version', 'license_granted' => false ]); exit; } if (!$accessInfo['requires_payment']) { // Shouldn't need payment http_response_code(400); echo json_encode(['error' => 'This version does not require payment']); exit; } // Grant license $success = grantLicense($pdo, $userId, $versionId, $transactionId); if ($success) { echo json_encode([ 'success' => true, 'message' => 'License granted successfully', 'license_granted' => true ]); } else { http_response_code(500); echo json_encode(['error' => 'Failed to grant license']); } break; default: // Handle CRUD operations for software versions (admin only) if (!isAllowed('software', $profile, $permission, 'C') && !isAllowed('software', $profile, $permission, 'U') && !isAllowed('software', $profile, $permission, 'D')) { http_response_code(403); echo json_encode(['error' => 'Insufficient permissions']); exit; } //SET PARAMETERS FOR QUERY $id = $post_content['id'] ?? ''; //check for id $command = ($id == '')? 'insert' : 'update'; //IF id = empty then INSERT if (isset($post_content['delete'])){$command = 'delete';} //change command to delete $date = date('Y-m-d H:i:s'); //CREATE EMPTY STRINGS $clause = ''; $clause_insert =''; $input_insert = ''; //ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE if ($command == 'update'){ $post_content['updated'] = $date; $post_content['updatedby'] = $username; } elseif ($command == 'insert'){ $post_content['created'] = $date; $post_content['createdby'] = $username; } //BUILD UP CLAUSE $execute_input = []; foreach ($post_content as $key => $value) { if ($key == 'action' || $key == 'id' || $key == 'delete') continue; if ($command == 'insert') { $clause_insert .= $key.','; $input_insert .= '?,'; $execute_input[] = $value; } elseif ($command == 'update') { $clause .= $key.'=?,'; $execute_input[] = $value; } } //CLEAN UP INPUT $clause = substr($clause, 0, -1); //Clean clause - remove last comma $clause_insert = substr($clause_insert, 0, -1); //Clean clause - remove last comma $input_insert = substr($input_insert, 0, -1); //Clean clause - remove last comma //QUERY AND VERIFY ALLOWED if ($command == 'update' && isAllowed('software',$profile,$permission,'U') === 1){ $sql = 'UPDATE software_versions SET '.$clause.' WHERE rowID = ?'; $execute_input[] = $id; $stmt = $pdo->prepare($sql); $stmt->execute($execute_input); } elseif ($command == 'insert' && isAllowed('software',$profile,$permission,'C') === 1){ $sql = 'INSERT INTO software_versions ('.$clause_insert.') VALUES ('.$input_insert.')'; $stmt = $pdo->prepare($sql); $stmt->execute($execute_input); } elseif ($command == 'delete' && isAllowed('software',$profile,$permission,'D') === 1){ $stmt = $pdo->prepare('DELETE FROM software_versions WHERE rowID = ?'); $stmt->execute([$id]); //Add deletion to changelog changelog($dbname,'software_versions',$id,'Delete','Delete',$username); } else { http_response_code(403); echo json_encode(['error' => 'Operation not allowed']); } break; } ?>