pcwvanbeers/assetmgt
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
c39a5ca648a18bf7e06e1bede4ad1cd81b4fe776
assetmgt/api/v2/post/software.php

202 lines
6.8 KiB
PHP
Raw Blame History

<?php
defined($security_key) or exit;
//------------------------------------------
// Software Versions Management
//------------------------------------------
//Connect to DB
$pdo = dbConnect($dbname);
//CONTENT FROM API (POST)
$post_content = json_decode($input,true);
//SoldTo is empty
if (empty($partner->soldto) || $partner->soldto == ''){$soldto_search = '%';} else {$soldto_search = '-%';}
//default whereclause
list($whereclause,$condition) = getWhereclause('',$permission,$partner,'');
// Handle different actions
$action = $post_content['action'] ?? '';
switch ($action) {
case 'download':
// Handle secure download request
require_once './includes/version_access.php';
$versionId = $post_content['version_id'] ?? null;
if (!$versionId) {
http_response_code(400);
echo json_encode(['error' => 'Missing version_id']);
exit;
}
$userId = $user_data['id'];
// Validate user has access to this version
if (!validateUserAccess($userId, $versionId)) {
http_response_code(403);
echo json_encode(['error' => 'Access denied. Payment required or insufficient permissions.']);
exit;
}
// Get version details
$stmt = $pdo->prepare("SELECT * FROM software_versions WHERE rowID = ?");
$stmt->execute([$versionId]);
$version = $stmt->fetch(PDO::FETCH_ASSOC);
if (!$version) {
http_response_code(404);
echo json_encode(['error' => 'Version not found']);
exit;
}
// Log the download
logDownload($pdo, $userId, $versionId);
// Generate temporary signed URL
$downloadToken = generateSecureDownloadToken($pdo, $userId, $versionId);
echo json_encode([
'download_url' => '/api/v2/get/software_download.php?token=' . $downloadToken,
'expires_in' => 300 // 5 minutes
]);
break;
case 'purchase':
// Handle purchase/license grant
require_once './includes/version_access.php';
$versionId = $post_content['version_id'] ?? null;
$transactionId = $post_content['transaction_id'] ?? null;
if (!$versionId) {
http_response_code(400);
echo json_encode(['error' => 'Missing version_id']);
exit;
}
$userId = $user_data['id'];
// Verify payment was successful (integrate with your payment processor)
$paymentVerified = true; // For testing - integrate with actual payment verification
if (!$paymentVerified) {
http_response_code(400);
echo json_encode(['error' => 'Payment verification failed']);
exit;
}
// Check access requirements
$accessInfo = checkVersionAccess($userId, $versionId);
if ($accessInfo['accessible']) {
// Already has access
echo json_encode([
'success' => true,
'message' => 'You already have access to this version',
'license_granted' => false
]);
exit;
}
if (!$accessInfo['requires_payment']) {
// Shouldn't need payment
http_response_code(400);
echo json_encode(['error' => 'This version does not require payment']);
exit;
}
// Grant license
$success = grantLicense($pdo, $userId, $versionId, $transactionId);
if ($success) {
echo json_encode([
'success' => true,
'message' => 'License granted successfully',
'license_granted' => true
]);
} else {
http_response_code(500);
echo json_encode(['error' => 'Failed to grant license']);
}
break;
default:
// Handle CRUD operations for software versions (admin only)
if (!isAllowed('software', $profile, $permission, 'C') &&
!isAllowed('software', $profile, $permission, 'U') &&
!isAllowed('software', $profile, $permission, 'D')) {
http_response_code(403);
echo json_encode(['error' => 'Insufficient permissions']);
exit;
}
//SET PARAMETERS FOR QUERY
$id = $post_content['id'] ?? ''; //check for id
$command = ($id == '')? 'insert' : 'update'; //IF id = empty then INSERT
if (isset($post_content['delete'])){$command = 'delete';} //change command to delete
$date = date('Y-m-d H:i:s');
//CREATE EMPTY STRINGS
$clause = '';
$clause_insert ='';
$input_insert = '';
//ADD STANDARD PARAMETERS TO ARRAY BASED ON INSERT OR UPDATE
if ($command == 'update'){
$post_content['updated'] = $date;
$post_content['updatedby'] = $username;
}
elseif ($command == 'insert'){
$post_content['created'] = $date;
$post_content['createdby'] = $username;
}
//BUILD UP CLAUSE
$execute_input = [];
foreach ($post_content as $key => $value) {
if ($key == 'action' || $key == 'id' || $key == 'delete') continue;
if ($command == 'insert') {
$clause_insert .= $key.',';
$input_insert .= '?,';
$execute_input[] = $value;
} elseif ($command == 'update') {
$clause .= $key.'=?,';
$execute_input[] = $value;
}
}
//CLEAN UP INPUT
$clause = substr($clause, 0, -1); //Clean clause - remove last comma
$clause_insert = substr($clause_insert, 0, -1); //Clean clause - remove last comma
$input_insert = substr($input_insert, 0, -1); //Clean clause - remove last comma
//QUERY AND VERIFY ALLOWED
if ($command == 'update' && isAllowed('software',$profile,$permission,'U') === 1){
$sql = 'UPDATE software_versions SET '.$clause.' WHERE rowID = ?';
$execute_input[] = $id;
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'insert' && isAllowed('software',$profile,$permission,'C') === 1){
$sql = 'INSERT INTO software_versions ('.$clause_insert.') VALUES ('.$input_insert.')';
$stmt = $pdo->prepare($sql);
$stmt->execute($execute_input);
}
elseif ($command == 'delete' && isAllowed('software',$profile,$permission,'D') === 1){
$stmt = $pdo->prepare('DELETE FROM software_versions WHERE rowID = ?');
$stmt->execute([$id]);
//Add deletion to changelog
changelog($dbname,'software_versions',$id,'Delete','Delete',$username);
} else {
http_response_code(403);
echo json_encode(['error' => 'Operation not allowed']);
}
break;
}
?>
Reference in New Issue View Git Blame Copy Permalink