9673d9be7b
- Added software.php for managing software versions, including download and purchase actions. - Created upgrade_paths.php for handling upgrade paths management. - Developed user_licenses.php for managing user licenses. - Introduced version_access_rules.php for managing access rules for software versions. - Implemented frontend functions in functions.js for interacting with the software upgrade API. - Added version_access.php for user access validation and license management. - Created upgrades.php for displaying available upgrades and handling user interactions. - Enhanced UI with responsive design and progress indicators for downloads and purchases.
84 lines
2.6 KiB
PHP
84 lines
2.6 KiB
PHP
<?php
|
|
defined($security_key) or exit;
|
|
|
|
//------------------------------------------
|
|
// User Licenses Management
|
|
//------------------------------------------
|
|
|
|
//Connect to DB
|
|
$pdo = dbConnect($dbname);
|
|
|
|
//CONTENT FROM API (POST)
|
|
$post_content = json_decode($input,true);
|
|
|
|
//SoldTo is empty
|
|
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
|
|
|
|
//default whereclause
|
|
list($whereclause,$condition) = getWhereclause('',$permission,$partner,'');
|
|
|
|
//SET PARAMETERS FOR QUERY
|
|
$id = $post_content['id'] ?? ''; //check for id
|
|
$command = ($id == '')? 'insert' : 'update'; //IF id = empty then INSERT
|
|
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
|
|
$date = date('Y-m-d H:i:s');
|
|
|
|
//CREATE EMPTY STRINGS
|
|
$clause = '';
|
|
$clause_insert ='';
|
|
$input_insert = '';
|
|
|
|
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
|
|
if ($command == 'update'){
|
|
$post_content['updated'] = $date;
|
|
$post_content['updatedby'] = $username;
|
|
}
|
|
elseif ($command == 'insert'){
|
|
$post_content['created'] = $date;
|
|
$post_content['createdby'] = $username;
|
|
}
|
|
|
|
//BUILD UP CLAUSE
|
|
$execute_input = [];
|
|
foreach ($post_content as $key => $value) {
|
|
if ($key == 'id' || $key == 'delete') continue;
|
|
|
|
if ($command == 'insert') {
|
|
$clause_insert .= $key.',';
|
|
$input_insert .= '?,';
|
|
$execute_input[] = $value;
|
|
} elseif ($command == 'update') {
|
|
$clause .= $key.'=?,';
|
|
$execute_input[] = $value;
|
|
}
|
|
}
|
|
|
|
//CLEAN UP INPUT
|
|
$clause = substr($clause, 0, -1); //Clean clause - remove last comma
|
|
$clause_insert = substr($clause_insert, 0, -1); //Clean clause - remove last comma
|
|
$input_insert = substr($input_insert, 0, -1); //Clean clause - remove last comma
|
|
|
|
//QUERY AND VERIFY ALLOWED
|
|
if ($command == 'update' && isAllowed('user_licenses',$profile,$permission,'U') === 1){
|
|
$sql = 'UPDATE user_licenses SET '.$clause.' WHERE id = ?';
|
|
$execute_input[] = $id;
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute($execute_input);
|
|
}
|
|
elseif ($command == 'insert' && isAllowed('user_licenses',$profile,$permission,'C') === 1){
|
|
$sql = 'INSERT INTO user_licenses ('.$clause_insert.') VALUES ('.$input_insert.')';
|
|
$stmt = $pdo->prepare($sql);
|
|
$stmt->execute($execute_input);
|
|
}
|
|
elseif ($command == 'delete' && isAllowed('user_licenses',$profile,$permission,'D') === 1){
|
|
$stmt = $pdo->prepare('DELETE FROM user_licenses WHERE id = ?');
|
|
$stmt->execute([$id]);
|
|
|
|
//Add deletion to changelog
|
|
changelog($dbname,'user_licenses',$id,'Delete','Delete',$username);
|
|
} else {
|
|
http_response_code(403);
|
|
echo json_encode(['error' => 'Operation not allowed']);
|
|
}
|
|
|
|
?>
|