d7b9b91bb6
- Changed variable name from `$stmt_service` to `$stmt_refreshkey` for clarity in `authorization.php` and `token_refresh.php`. - Added null coalescing operator to ensure criteria are set to an empty string if not provided in `products_software_versions.php`. - Modified SQL script to add `eu` column to `taxes` table and update tax rates based on EU membership. - Enhanced invoice generation logic in `functions.php` to include VAT notes based on customer country and VAT number. - Updated email and PDF templates to display VAT notes and percentages correctly. - Adjusted JavaScript tax calculation logic to handle VAT based on country and VAT number. - Fixed API URL in `index.php` for token refresh endpoint. - Updated countries data structure in `countries.php` to include EU membership status.
93 lines
2.9 KiB
PHP
93 lines
2.9 KiB
PHP
<?php
|
|
defined($security_key) or exit;
|
|
|
|
//------------------------------------------
|
|
// User Role Assignments
|
|
//------------------------------------------
|
|
//Connect to DB
|
|
$pdo = dbConnect($dbname);
|
|
|
|
//------------------------------------------
|
|
//NEW ARRAY
|
|
//------------------------------------------
|
|
$criterias = [];
|
|
$user_permissions = [];
|
|
|
|
//------------------------------------------
|
|
//Check for $_GET variables and build up clause
|
|
//------------------------------------------
|
|
if(isset($get_content) && $get_content!=''){
|
|
//GET VARIABLES FROM URL
|
|
$requests = explode("&", $get_content);
|
|
//Check for keys and values
|
|
foreach ($requests as $y){
|
|
$v = explode("=", $y);
|
|
//INCLUDE VARIABLES IN ARRAY
|
|
$criterias[$v[0]] = $v[1];
|
|
}
|
|
}
|
|
|
|
$token_refresh = $criterias['refreshkey'] ?? null;
|
|
|
|
if (!$token_refresh) {
|
|
http_response_code(400);
|
|
exit(json_encode(['error_code' => 'API_INPUT_1','error' => 'refreshkey is required']));
|
|
}
|
|
|
|
//GET USER_DATA
|
|
$stmt = $pdo->prepare('SELECT * FROM users WHERE refreshkey = ?');
|
|
$stmt->execute([$token_refresh]);
|
|
|
|
if ($stmt->rowCount() == 1) {
|
|
//Get results
|
|
$user_data = $stmt->fetch();
|
|
|
|
//Check valid userkey
|
|
$valid_key = strtotime('+30 minutes',strtotime($user_data['lastlogin']));
|
|
$valid = ($valid_key <= time())?0:1;
|
|
|
|
//REFRESH USERKEY
|
|
if ($user_data['userkey'] != '' && $valid == 0){
|
|
$user_data['userkey'] = bin2hex(random_bytes(25));
|
|
$sql_userkey = 'UPDATE users SET userkey = ? WHERE id = ?';
|
|
$stmt_userkey = $pdo->prepare($sql_userkey);
|
|
$stmt_userkey->execute([$user_data['userkey'], $user_data['id']]);
|
|
}
|
|
|
|
//REFRESH USERKEY
|
|
if ($user_data['service'] != '' && $valid == 0){
|
|
$user_data['service'] = bin2hex(random_bytes(25));
|
|
$sql_service = 'UPDATE users SET service = ? WHERE id = ?';
|
|
$stmt_service = $pdo->prepare($sql_service);
|
|
$stmt_service->execute([$user_data['service'], $user_data['id']]);
|
|
}
|
|
|
|
//Refresh REFRESHKEY
|
|
$user_data['refreshkey'] = bin2hex(random_bytes(25));
|
|
$sql_refreshkey = 'UPDATE users SET refreshkey = ? WHERE id = ?';
|
|
$stmt_refreshkey = $pdo->prepare($sql_refreshkey);
|
|
$stmt_refreshkey->execute([$user_data['refreshkey'], $user_data['id']]);
|
|
|
|
$token = createCommunicationToken($user_data['userkey']);
|
|
|
|
//RETURN JWT AND CLIENTSECRET
|
|
$user = array(
|
|
'clientID' => $user_data['username'],
|
|
'token' => $token,
|
|
'token_valid' => date('Y-m-d H:i:s',time() + 1800),
|
|
'userkey' => $user_data['userkey'],
|
|
'refreshkey' => $user_data['refreshkey'],
|
|
'language' => $user_data['language']
|
|
);
|
|
|
|
//+++++++++++++++++++++++++++++++++++++++++++
|
|
//Return as JSON
|
|
//+++++++++++++++++++++++++++++++++++++++++++
|
|
echo json_encode($user, JSON_UNESCAPED_UNICODE);
|
|
}
|
|
else {
|
|
http_response_code(404);
|
|
exit(json_encode(['error_code' => 'API_NOT_FOUND','error' => 'Refresh not succesfull']));
|
|
}
|
|
|
|
?>
|