· 5 years ago · Aug 27, 2020, 10:44 PM
1<?php
2// -------------------------------------------------------------------------- //
3// TNL-ERP - Tanalahy ERP //
4// Copyright (C) 2002-2020 Ludwig Noujarret <ludwig@noujarret.com> //
5// -------------------------------------------------------------------------- //
6// This script is part of the TNL-ERP project, any unauthorized duplication //
7// in whole or in part of this product is STRICTLY PROHIBITED. //
8// Please see https://ludwig.noujarret.com for further informations. //
9// -------------------------------------------------------------------------- //
10// This project is NOT free software; you can't redistribute it and/or //
11// modify it under the terms of any license but the stricly copyright laws. //
12// -------------------------------------------------------------------------- //
13
14/**
15 * TNL-ERP Web API
16 *
17 * Provide all resources to the mobile app
18 *
19 * TabSize: 2
20 *
21 * @package TNL-ERP
22 * @subpackage web
23 * @author Ludwig Noujarret <ludwig@noujarret.com>
24 * @version 1.0.0
25 * @license Private
26 */
27
28// This script must be executed in Apache mode only
29if ( php_sapi_name() !== 'apache2handler' ) {
30 exit;
31}
32
33session_start();
34
35/**
36 * Configuration script
37 * @link config.inc.php
38 */
39require_once dirname( __FILE__ ).'/../../conf/config.inc.php';
40
41/**
42 * Brand informations
43 * @link brand.inc.php
44 */
45require_once dirname( __FILE__ ).'/../../inc/brand.inc.php';
46
47/**
48 * php[dot]lib libraries
49 * @link phpdotlib.inc.php
50 */
51require_once dirname( __FILE__ ).'/../../inc/shared/phpdotlib/phpdotlib.inc.php';
52
53/**
54 * Common libraries
55 * @link libs.inc.php
56 */
57require_once dirname( __FILE__ ).'/../../inc/libs/libs.inc.php';
58
59/**
60 * TNL framework
61 * @link tnl.class.php
62 */
63require_once dirname( __FILE__ ).'/../../inc/classes/tnl.class.php';
64
65
66/**
67 * TNL-ERP configuration
68 * @link config.class.php
69 */
70require_once dirname( __FILE__ ).'/../../inc/classes/config.class.php';
71
72/**
73 * PHPMailer
74 * @link PHPMailer.php
75 */
76require_once dirname( __FILE__ ).'/../../inc/shared/phpmailer/PHPMailer.php';
77
78/**
79 * PHPMailer - SMTP
80 * @link SMTP.php
81 */
82require_once dirname( __FILE__ ).'/../../inc/shared/phpmailer/SMTP.php';
83
84/**
85 * PHPMailer - Exception
86 * @link Exception.php
87 */
88require_once dirname( __FILE__ ).'/../../inc/shared/phpmailer/Exception.php';
89
90
91/**
92 * TNL-ERP mail
93 * @link mail.class.php
94 */
95require_once dirname( __FILE__ ).'/../../inc/classes/mail.class.php';
96
97// Define TNL-ERP web path
98define(
99 'TNL_WEB_PATH' ,
100 preg_replace(
101 '/\/([a-z0-9]+)\/([a-z0-9]+)\/([a-z_-])+\.php$/' , '/' , $_SERVER['PHP_SELF'] ) );
102define(
103 'TNL_WEB_URL' ,
104 ( isset( $_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] ? 'https' : 'http' ).'://'
105 .$_SERVER['SERVER_NAME']
106 .( $_SERVER['SERVER_PORT'] != 80 && $_SERVER['SERVER_PORT'] != 443 ?
107 ':'.$_SERVER['SERVER_PORT'] : '' )
108 .TNL_WEB_PATH );
109
110// Define TNL-ERP instance
111define( 'TNL_INSTANCE' , md5( 'ID:'.TNL_WEB_PATH ) );
112
113function image_resize( $blob , $width , $height , $crop=0 ) {
114 $src = imagecreatefromstring( $blob );
115 $imagesize = getimagesizefromstring( $blob );
116 $w = $imagesize[0];
117 $h = $imagesize[1];
118 $format = $imagesize['mime'];
119
120 // Check MIME type
121 if ( $format == 'image/jpeg' ) {
122 $format = 'image/jpg';
123 }
124 if ( !in_array( $format , array( 'image/bmp' , 'image/gif' , 'image/jpg' , 'image/png' ) ) ) {
125 return false;
126 }
127
128 // Resize
129 if ( $crop ) {
130 if ( $w < $width || $h < $height ) {
131 return 'Picture is too small!';
132 }
133 $ratio = max( $width / $w , $height / $h );
134 $h = $height / $ratio;
135 $x = ( $w - $width / $ratio) / 2;
136 $w = $width / $ratio;
137 }
138 else {
139 if ( $w < $width && $h < $height) {
140 return 'Picture is too small!';
141 }
142 $ratio = min( $width / $w , $height / $h );
143 $width = $w * $ratio;
144 $height = $h * $ratio;
145 $x = 0;
146 }
147
148 // Create new image
149 $dst = imagecreatetruecolor( $width , $height );
150
151 // Preserve transparency
152 if ( $format == 'image/gif' || $format == 'image/png' ) {
153 imagecolortransparent( $dst , imagecolorallocatealpha( $dst , 0 , 0 , 0 , 127 ) );
154 imagealphablending( $dst , false );
155 imagesavealpha( $dst , true );
156 }
157
158 // Resample image
159 imagecopyresampled( $dst , $src , 0 , 0 , $x , 0 , $width , $height , $w , $h );
160
161 // Create image according to the original MIME type
162 ob_start();
163 switch( $format ){
164 case 'image/bmp':
165 imagewbmp( $dst );
166 break;
167 case 'image/gif':
168 imagegif( $dst );
169 break;
170 case 'image/jpg':
171 imagejpeg( $dst );
172 break;
173 case 'image/png':
174 imagepng( $dst );
175 break;
176 }
177 $image_data = ob_get_contents();
178 ob_end_clean();
179 return $image_data;
180}
181
182/**
183 * API for mobile phone application
184 *
185 * @package TNL-ERP
186 * @subpackage mobileapp
187 */
188class API_v1 {
189
190 /****************************************************************************
191 * OBJECT DEFINITION
192 ****************************************************************************/
193
194 /**
195 * AES key for encryption/decryption
196 *
197 * @var string $AESKey
198 */
199 private $AESKey;
200
201 /**
202 * PostgreSQL object
203 *
204 * @var object $db
205 */
206 private $db;
207
208 /**
209 * Unique Device Identifier
210 *
211 * @var string $UDID
212 */
213 private $UDID;
214
215 /**
216 * Language
217 *
218 * @var string $Lang
219 */
220 private $Lang;
221
222 /**
223 * Authentication Token
224 *
225 * @var string $Token
226 */
227 private $Token;
228
229 /**
230 * Reply messages
231 *
232 * @var array $Reply
233 */
234 private $Reply;
235
236 /****************************************************************************
237 * PUBLIC ACCESS METHODS
238 ****************************************************************************/
239
240 /**
241 * Constructor which executes appropriate action
242 */
243 public function __construct() {
244 $headers = apache_request_headers();
245 $this->UDID =
246 isset( $headers['UDID'] ) ?
247 strtolower( $headers['UDID'] ) : NULL;
248 $this->Lang =
249 isset( $headers['Locale'] ) ?
250 strtolower( $headers['Locale'] ) : NULL;
251 $this->Token =
252 isset( $headers['Token'] ) ?
253 strtolower( $headers['Token'] ) : NULL;
254 $this->Reply = array();
255 if ( !ctype_xdigit( $this->UDID ) ) {
256 $this->Reply['result']['state'] = false;
257 $this->Reply['result']['message'] = __('Invalid UDID format');
258 $this->sendReply();
259 }
260 if ( $this->Token && !ctype_xdigit( $this->Token ) ) {
261 $this->Reply['result']['state'] = false;
262 $this->Reply['result']['message'] = __('Invalid token format');
263 $this->sendReply();
264 }
265
266 $action = isset( $_GET['action'] ) ? $_GET['action'] : NULL;
267 $action_list =
268 array(
269 'login',
270 'forgotPassword' );
271 $auth_action_list =
272 array(
273 'logout',
274 'registerDevice',
275 'getOrderList',
276 'getOrderProducts',
277 'getCategories',
278 'getSellers',
279 'createRequest',
280 'getRequests',
281 'getRequestMessages',
282 'sendMessage',
283 'getInvoices',
284 'getInvoicePayments',
285 'getPayments',
286 'getPaymentInvoices',
287 'getDocuments',
288 'getPicture',
289 'getDocument' );
290 if ( !in_array( $action , $action_list ) &&
291 !in_array( $action , $auth_action_list ) ) {
292 $this->Reply['result']['state'] = false;
293 $this->Reply['result']['message'] = __('Invalid request');
294 $this->sendReply();
295 }
296
297 if ( in_array( $action , $auth_action_list ) &&
298 !$this->Token ) {
299 $this->Reply['result']['state'] = false;
300 $this->Reply['result']['message'] = __('Access denied');
301 $this->sendReply();
302 }
303
304 // Set language
305 if ( isset( $this->Lang ) &&
306 $this->Lang &&
307 in_array( $action , array( 'en', 'fr' ) ) ) {
308 define( 'TNL_LANG' , $this->Lang );
309 }
310 else {
311 define( 'TNL_LANG' , TNL_DEFAULT_LANG );
312 }
313 $l10n = new l10n( strtolower( TNL_CHARSET ) );
314 $l10n->load( dirname( __FILE__ ).'/../../l10n/'.TNL_LANG.'/main.lang.php' );
315
316 // Open database connection
317 $this->openDatabase();
318
319 // Get AES key
320 $this->AESKey = $this->getAESKey();
321
322 $this->{$action}();
323 }
324
325 /****************************************************************************
326 * PRIVATE ACCESS METHODS
327 ****************************************************************************/
328
329 private function encrypt( $data ) {
330 $result = @openssl_encrypt( $data , 'AES-256-CBC' , $this->AESKey );
331 return $result ? $result : NULL;
332 }
333
334 private function decrypt( $data ) {
335 $result = @openssl_decrypt( $data , 'AES-256-CBC' , $this->AESKey );
336 return $result ? $result : NULL;
337 }
338
339 private function getAESKey() {
340 $query =
341 "SELECT web_config.aes_key "
342 ."FROM web_config "
343 ."WHERE web_config.ets IS NULL;";
344 if ( !$this->db->query( $query ) ) {
345 $this->Reply['result']['state'] = false;
346 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
347 $this->sendReply();
348 }
349 $result = $this->db->fetchrowset();
350 if ( !$result ) {
351 $result = array();
352 }
353 // TODO: Will be added in production environment
354 /*if ( !isset( $result[0][0] ) ) {
355 $this->Reply['result']['state'] = false;
356 $this->Reply['result']['message'] = __('AES key not found');
357 $this->sendReply();
358 }
359 $AESKey = TNL::decode( $result[0][0] );*/
360 $AESKey = isset( $result[0][0] ) ? TNL::decode( $result[0][0] ) : NULL;
361 return $AESKey;
362 }
363
364 private function openDatabase() {
365 $this->db =
366 new db( 'pgsql',
367 TNL_PG_HOST,
368 TNL_PG_USER,
369 TNL_PG_PASSWORD,
370 TNL_PG_DATABASE,
371 false,
372 NULL );
373 if ( !$this->db->conn_id ) {
374 $this->Reply['result']['state'] = false;
375 $this->Reply['result']['message'] = __('Unable to connect to database');
376 $this->sendReply();
377 }
378 }
379
380 private function closeDatabase() {
381 if ( isset( $this->db->conn_id ) &&
382 $this->db->conn_id ) {
383 $this->db->close();
384 }
385 }
386
387 private function sendReply() {
388 $data = json_encode( $this->Reply );
389 if ( $this->AESKey ) {
390 $data = $this->encrypt( $data );
391 }
392 echo $data;
393 $this->closeDatabase();
394 exit;
395 }
396
397 private function getUserID() {
398 $query =
399 "SELECT \"user\".id, "
400 ."\"user\".enabled "
401 ."FROM user_token, "
402 ."\"user\" "
403 ."WHERE user_token.udid='".$this->UDID."' "
404 ."AND user_token.value='".$this->Token."' "
405 ."AND user_token.ets IS NULL "
406 ."AND \"user\".id=user_token.user_id "
407 ."AND \"user\".customer_id<>0 "
408 ."AND \"user\".ets IS NULL;";
409 if ( !$this->db->query( $query ) ) {
410 $this->Reply['result']['state'] = false;
411 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
412 $this->sendReply();
413 }
414 $result = $this->db->fetchrowset();
415 if ( !$result ) {
416 $result = array();
417 }
418 if ( isset( $result[0][0] ) ) {
419 $user_id = (int)$result[0][0];
420 $user_enabled = TNL::fo_filter( $result[0][1] , 'bool' );
421 if ( $user_enabled === true ) {
422 return $user_id;
423 }
424 else {
425 $this->Reply['result']['state'] = false;
426 $this->Reply['result']['message'] = __('User disabled');
427 $this->sendReply();
428 }
429 }
430 else {
431 $this->Reply['result']['state'] = false;
432 $this->Reply['result']['message'] = __('Invalid token');
433 $this->sendReply();
434 }
435 }
436
437 private function getConfig() {
438 $query =
439 "SELECT config.id, "
440 ."config.timezone, "
441 ."config.date_format, "
442 ."config.time_format, "
443 ."config.real_format, "
444 ."config.real_round, "
445 ."config.int_format, "
446 ."config.int_round, "
447 ."config.rate_format, "
448 ."config.rate_round, "
449 ."config.changerate_format, "
450 ."config.changerate_round, "
451 ."default_currency.round AS currency_round, "
452 ."default_currency.tolerance AS currency_tolerance, "
453 ."config.mail_method, "
454 ."config.mail_smtp_host, "
455 ."config.mail_smtp_port, "
456 ."config.mail_smtp_encryption, "
457 ."config.mail_smtp_username, "
458 ."config.mail_smtp_password, "
459 ."config.mail_sendmail_path, "
460 ."config.mail_sender_email, "
461 ."config.mail_sender_name "
462 ."FROM config "
463 ."LEFT JOIN currency AS default_currency "
464 ."ON default_currency.id=config.currency_id "
465 ."AND default_currency.ets IS NULL "
466 ."WHERE config.ets IS NULL;";
467 if ( !$this->db->query( $query ) ) {
468 $this->Reply['result']['state'] = false;
469 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
470 $this->sendReply();
471 }
472 $result = $this->db->fetchassocrowset();
473 if ( !$result ) {
474 $result = array();
475 }
476 if ( !isset( $result[0]['id'] ) ) {
477 $this->Reply['result']['state'] = false;
478 $this->Reply['result']['message'] = __('Configuration not found');
479 $this->sendReply();
480 }
481 $config = array();
482 foreach ( $result as $k => $values ) {
483 foreach ( $values as $var_name => $value ) {
484 if ( $var_name == 'mail_smtp_password' &&
485 $value ) {
486 $config[$var_name] = TNL::decode( $value );
487 }
488 else {
489 $config[$var_name] = $value;
490 }
491 }
492 }
493 return $config;
494 }
495
496 private function login() {
497 global $_POST;
498 $login = isset( $_POST['login'] ) ? $_POST['login'] : NULL;
499 $password = isset( $_POST['password'] ) ? $_POST['password'] : NULL;
500 if ( $this->AESKey ) {
501 $login = $this->decrypt( $login );
502 $password = $this->decrypt( $password );
503 }
504 $login = strtolower( $login );
505 if ( $login &&
506 !filter_var( $login , FILTER_VALIDATE_EMAIL ) ) {
507 $this->Reply['result']['state'] = false;
508 $this->Reply['result']['message'] = __('The username format is invalid');
509 $this->sendReply();
510 }
511 if ( !$login ||
512 !$password ) {
513 $this->Reply['result']['state'] = false;
514 $this->Reply['result']['message'] = __('Username or password is missing');
515 $this->sendReply();
516 }
517 $query =
518 "SELECT \"user\".id, "
519 ."\"user\".name AS first_name, "
520 ."\"user\".surname AS last_name, "
521 ."user_token.value AS token "
522 ."FROM \"user\" "
523 ."LEFT JOIN user_token "
524 ."ON user_token.user_id=\"user\".id "
525 ."AND user_token.udid='".$this->UDID."' "
526 ."AND user_token.ets IS NULL "
527 ."WHERE \"user\".customer_id<>0 "
528 ."AND \"user\".email=".TNL::sql_filter( $login , 'text' )." "
529 ."AND \"user\".password="
530 ."encode( "
531 ."digest( "
532 ."salt||".TNL::sql_filter( $password , 'text' )." , 'sha256' ) , 'hex' ) "
533 ."AND \"user\".enabled=TRUE "
534 ."AND \"user\".ets IS NULL;";
535 if ( !$this->db->query( $query ) ) {
536 $this->Reply['result']['state'] = false;
537 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
538 $this->sendReply();
539 }
540 $result = $this->db->fetchassocrowset();
541 if ( !$result ) {
542 $result = array();
543 }
544 if ( isset( $result[0]['id'] ) ) {
545 $this->Reply['user'] = array();
546 $this->Reply['user']['user_id'] = (int)$result[0]['id'];
547 $this->Reply['user']['user_first_name'] = $result[0]['first_name'];
548 $this->Reply['user']['user_last_name'] = $result[0]['last_name'];
549 $this->Reply['user']['user_token'] = $result[0]['token'];
550 if ( !$this->Reply['user']['user_token'] ) {
551 $this->Reply['user']['user_token'] = md5( uniqid( mt_rand() , true ) );
552 $query =
553 "INSERT INTO user_token ( uid, "
554 ."rip, "
555 ."user_id, "
556 ."udid, "
557 ."value ) "
558 ."VALUES ( ".$this->Reply['user']['user_id'].", "
559 ."'".getenv( 'REMOTE_ADDR' )."', "
560 .$this->Reply['user']['user_id'].", "
561 ."'".$this->UDID."', "
562 ."'".$this->Reply['user']['user_token']."' );";
563 if ( !$this->db->query( $query ) ) {
564 unset( $this->Reply['user'] );
565 $this->Reply['result']['state'] = false;
566 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
567 $this->sendReply();
568 }
569 }
570 $this->Reply['result']['state'] = true;
571 $this->Reply['result']['message'] = __('OK');
572 $this->sendReply();
573 }
574 else {
575 $this->Reply['result']['state'] = false;
576 $this->Reply['result']['message'] = __('Username or password incorrect');
577 $this->sendReply();
578 }
579 }
580
581 private function logout() {
582 $user_id = $this->getUserID();
583 $query =
584 "UPDATE user_token "
585 ."SET uid=".$user_id.", "
586 ."rip='".getenv( 'REMOTE_ADDR' )."', "
587 ."ets=DATE_TRUNC( 'second' , NOW() ) "
588 ."WHERE user_id=".$user_id." "
589 ."AND udid='".$this->UDID."' "
590 ."AND ets IS NULL;";
591 if ( !$this->db->query( $query ) ) {
592 $this->Reply['result']['state'] = false;
593 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
594 $this->sendReply();
595 }
596 $this->Reply['result']['state'] = true;
597 $this->Reply['result']['message'] = __('OK');
598 $this->sendReply();
599 }
600
601 public function forgotPassword() {
602 global $_POST;
603 $email = $_POST['email'];
604 if ( $this->AESKey ) {
605 $email = $this->decrypt( $email );
606 }
607 $email = strtolower( $email );
608 if ( !$email ) {
609 $this->Reply['result']['state'] = false;
610 $this->Reply['result']['message'] = __('Email is required');
611 $this->sendReply();
612 }
613 elseif ( $email &&
614 !filter_var( $email , FILTER_VALIDATE_EMAIL ) ) {
615 $this->Reply['result']['state'] = false;
616 $this->Reply['result']['message'] = __('The email format is invalid');
617 $this->sendReply();
618 }
619 $query_user =
620 "SELECT \"user\".id, "
621 ."\"user\".surname, "
622 ."\"user\".name "
623 ."FROM \"user\" "
624 ."WHERE \"user\".customer_id<>0 "
625 ."AND \"user\".email=".TNL::sql_filter( $email , 'text' )." "
626 ."AND enabled=TRUE "
627 ."AND \"user\".ets IS NULL;";
628 if ( !$this->db->query( $query_user ) ) {
629 $this->Reply['result']['state'] = false;
630 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
631 $this->sendReply();
632 }
633 $result_user = $this->db->fetchrowset();
634 if ( !$result_user ) {
635 $result_user = array();
636 }
637 if ( isset( $result_user[0][0] ) ) {
638 $user_id = (int)$result_user[0][0];
639 $fullname = trim( $result_user[0][2].' '.$result_user[0][1] );
640 }
641 else {
642 $this->Reply['result']['state'] = false;
643 $this->Reply['result']['message'] =
644 __('No account is associated with this email');
645 $this->sendReply();
646 }
647
648 // Look for a token created less than 5 minutes ago to prevent abuse
649 $query =
650 "SELECT id "
651 ."FROM user_recovery "
652 ."WHERE user_id=".$user_id." "
653 ."AND expiration_date>( DATE_TRUNC( 'second' , NOW() ) "
654 ."+ INTERVAL '24 hours' "
655 ."- INTERVAL '5 minutes' );";
656 if ( !$this->db->query( $query ) ) {
657 $this->Reply['result']['state'] = false;
658 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
659 $this->sendReply();
660 }
661 $result = $this->db->fetchrowset();
662 if ( !$result ) {
663 $result = array();
664 }
665 if ( isset( $result[0][0] ) ) {
666 $this->Reply['result']['state'] = true;
667 $this->Reply['result']['message'] =
668 __('Another account recovery request was already sent less than 5 minutes ago, please wait before renewing your request');
669 $this->sendReply();
670 }
671
672 // Delete all expired tokens and create a new token with 24h validity
673 $recover_token = md5( uniqid( mt_rand() , true ) );
674 $query =
675 "DELETE FROM user_recovery "
676 ."WHERE expiration_date<DATE_TRUNC( 'second' , NOW() ) "
677 ."OR user_id=".$user_id.";"
678 ."UPDATE user_token "
679 ."SET uid=".$user_id.", "
680 ."rip='".getenv( 'REMOTE_ADDR' )."', "
681 ."ets=DATE_TRUNC( 'second' , NOW() ) "
682 ."WHERE user_id=".$user_id." "
683 ."AND ets IS NULL;"
684 ."INSERT INTO user_recovery ( user_id, "
685 ."token, "
686 ."expiration_date ) "
687 ."VALUES ( ".$user_id.", "
688 .TNL::sql_filter( $recover_token , 'text' ).", "
689 ."DATE_TRUNC( 'second' , NOW() ) + INTERVAL '24 hours' );";
690 if ( !$this->db->query( $query ) ) {
691 $this->Reply['result']['state'] = false;
692 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
693 $this->sendReply();
694 }
695
696 // Select mail configuration
697 global $config_mail_method;
698 global $config_mail_smtp_host;
699 global $config_mail_smtp_port;
700 global $config_mail_smtp_encryption;
701 global $config_mail_smtp_username;
702 global $config_mail_smtp_password;
703 global $config_mail_sendmail_path;
704 global $config_mail_sender_email;
705 global $config_mail_sender_name;
706 $query =
707 "SELECT config.id AS config_id, "
708 ."config.mail_method, "
709 ."config.mail_smtp_host, "
710 ."config.mail_smtp_port, "
711 ."config.mail_smtp_encryption, "
712 ."config.mail_smtp_username, "
713 ."config.mail_smtp_password, "
714 ."config.mail_sendmail_path, "
715 ."config.mail_sender_email, "
716 ."config.mail_sender_name "
717 ."FROM config "
718 ."WHERE config.ets IS NULL;";
719 if ( !$this->db->query( $query ) ) {
720 $this->Reply['result']['state'] = false;
721 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
722 $this->sendReply();
723 }
724 $result = $this->db->fetchassocrowset();
725 if ( !$result ) {
726 $result = array();
727 }
728 if ( !empty( $result ) ) {
729 foreach ( $result[0] as $var_name => $value ) {
730 global ${'config_'.$var_name};
731 if ( $var_name == 'mail_smtp_password' &&
732 $value ) {
733 ${'config_'.$var_name} = TNL::decode( $value );
734 }
735 else {
736 ${'config_'.$var_name} = $value;
737 }
738 }
739 }
740 else {
741 $this->Reply['result']['state'] = false;
742 $this->Reply['result']['message'] = __('Getting mail configuration failed');
743 $this->sendReply();
744 }
745
746 $from_name = $config_mail_sender_name;
747 $from_mail = $config_mail_sender_email;
748 $to_name = $fullname;
749 $to_mail = $email;
750 $subject = '['.TNL_TITLE.'] '.__('Account recovery instructions');
751 $body = array();
752 $body[] = sprintf( __('Hi, %s!') , $fullname );
753 $body[] = '';
754 $body[] =
755 sprintf(
756 __('You are receiving this email because you have forgotten your password. If you did, please click the link below or copy/paste it into your browser\'s address window to go back to %s and reset your password.') ,
757 TNL_PRODUCT_CODE );
758 $body[] = '';
759 $body[] =
760 __('This link is valid for 24 hours. After 24 hours, you will need to submit a new password reset request.');
761 $body[] = '';
762 $body[] = TNL_WEB_URL.'act/recover.php?token='.$recover_token;
763 $body[] = '';
764 $body[] =
765 __('If you did not forget your password, you can simply ignore or delete this email; your password will not change, and you will still be able to access your account.');
766 $body[] = '';
767 $body[] = sprintf( __('Thanks for using %s,') , TNL_PRODUCT_CODE );
768 $body[] = sprintf( __('The %s team') , TNL_PRODUCT_CODE );
769 $body = implode( "\r\n" , $body );
770
771 $mail_success =
772 mail::send( $from_mail ,
773 $from_name ,
774 $to_mail ,
775 $to_name ,
776 $subject ,
777 $body );
778
779 if ( $mail_success ) {
780 $this->Reply['result']['state'] = true;
781 $this->Reply['result']['message'] =
782 __('We just sent you an email, please check your inbox to retrieve the validation instructions.');
783 $this->sendReply();
784 }
785 else {
786 // Delete token if email is not sent
787 $query =
788 "DELETE FROM user_recovery "
789 ."WHERE user_id=".(int)$user_id." "
790 ."AND token=".TNL::sql_filter( $recover_token , 'text' );
791 if ( !$this->db->query( $query ) ) {
792 $this->Reply['result']['state'] = false;
793 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
794 $this->sendReply();
795 }
796 $this->Reply['result']['state'] = false;
797 $this->Reply['result']['message'] = __('Sending failed');
798 $this->sendReply();
799 }
800 }
801
802 private function registerDevice() {
803 $user_id = $this->getUserID();
804 $app_name = $_POST['app_name'];
805 $app_identifier = $_POST['app_identifier'];
806 $app_version = $_POST['app_version'];
807 $os_name = $_POST['os_name'];
808 $os_version = $_POST['os_version'];
809 $firebase_token = $_POST['firebase_token'];
810 if ( $this->AESKey ) {
811 $app_name = $this->decrypt( $app_name );
812 $app_identifier = $this->decrypt( $app_identifier );
813 $app_version = $this->decrypt( $app_version );
814 $os_name = $this->decrypt( $os_name );
815 $os_version = $this->decrypt( $os_version );
816 $firebase_token = $this->decrypt( $firebase_token );
817 }
818 $query =
819 "SELECT user_device.id "
820 ."FROM user_device "
821 ."WHERE user_device.user_id=".$user_id." "
822 ."AND user_device.udid='".$this->UDID."' "
823 ."AND user_device.ets IS NULL;";
824 if ( !$this->db->query( $query ) ) {
825 $this->Reply['result']['state'] = false;
826 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
827 $this->sendReply();
828 }
829 $result = $this->db->fetchrowset();
830 if ( !$result ) {
831 $result = array();
832 }
833 if ( isset( $result[0][0] ) ) {
834 $query =
835 "UPDATE user_device "
836 ."SET uid=".$user_id.", "
837 ."rip='".getenv( 'REMOTE_ADDR' )."', "
838 ."app_name=".TNL::sql_filter( $app_name , 'text' ).", "
839 ."app_identifier=".TNL::sql_filter( $app_identifier , 'text' ).", "
840 ."app_version=".TNL::sql_filter( $app_version , 'text' ).", "
841 ."os_name=".TNL::sql_filter( $os_name , 'text' ).", "
842 ."os_version=".TNL::sql_filter( $os_version , 'text' ).", "
843 ."firebase_token=".TNL::sql_filter( $firebase_token , 'text' )." "
844 ."WHERE user_id=".$user_id." "
845 ."AND udid='".$this->UDID."' "
846 ."AND ( app_name<>".TNL::sql_filter( $app_name , 'text' )." OR "
847 ."app_identifier<>".TNL::sql_filter( $app_identifier , 'text' )." OR "
848 ."app_version<>".TNL::sql_filter( $app_version , 'text' )." OR "
849 ."os_name<>".TNL::sql_filter( $os_name , 'text' )." OR "
850 ."os_version<>".TNL::sql_filter( $os_version , 'text' )." OR "
851 ."firebase_token<>".TNL::sql_filter( $firebase_token , 'text' )." ) "
852 ."AND ets IS NULL;";
853 if ( !$this->db->query( $query ) ) {
854 $this->Reply['result']['state'] = false;
855 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
856 $this->sendReply();
857 }
858 $this->Reply['result']['state'] = true;
859 $this->Reply['result']['message'] = __('OK');
860 $this->sendReply();
861 }
862 else {
863 $query =
864 "INSERT INTO user_device ( uid, "
865 ."rip, "
866 ."user_id, "
867 ."udid, "
868 ."app_name, "
869 ."app_identifier, "
870 ."app_version, "
871 ."os_name, "
872 ."os_version, "
873 ."firebase_token ) "
874 ."VALUES ( ".$user_id.", "
875 ."'".getenv( 'REMOTE_ADDR' )."', "
876 .$user_id.", "
877 ."'".$this->UDID."', "
878 .TNL::sql_filter( $app_name , 'text' ).", "
879 .TNL::sql_filter( $app_identifier , 'text' ).", "
880 .TNL::sql_filter( $app_version , 'text' ).", "
881 .TNL::sql_filter( $os_name , 'text' ).", "
882 .TNL::sql_filter( $os_version , 'text' ).", "
883 .TNL::sql_filter( $firebase_token , 'text' )." );";
884 if ( !$this->db->query( $query ) ) {
885 $this->Reply['result']['state'] = false;
886 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
887 $this->sendReply();
888 }
889 $this->Reply['result']['state'] = true;
890 $this->Reply['result']['message'] = __('OK');
891 $this->sendReply();
892 }
893 }
894
895 private function getCategories() {
896 $user_id = $this->getUserID();
897 $query =
898 "SELECT web_category.id AS cat_id, "
899 ."web_category.title AS cat_name "
900 ."FROM web_category "
901 ."WHERE web_category.archived=FALSE "
902 ."AND web_category.ets IS NULL "
903 ."ORDER BY web_category.title ASC;";
904 if ( !$this->db->query( $query ) ) {
905 $this->Reply['result']['state'] = false;
906 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
907 $this->sendReply();
908 }
909 $result = $this->db->fetchassocrowset();
910 if ( !$result ) {
911 $result = array();
912 }
913 $this->Reply['result']['state'] = true;
914 $this->Reply['result']['message'] = __('OK');
915 $this->Reply['categories'] = array();
916 foreach ( $result as $k => $v ) {
917 $this->Reply['categories'][$k] = array();
918 $this->Reply['categories'][$k]['cat_id'] = (int)$v['cat_id'];
919 $this->Reply['categories'][$k]['cat_name'] = $v['cat_name'];
920 }
921 $this->sendReply();
922 }
923
924 private function getSellers() {
925 $user_id = $this->getUserID();
926 $query =
927 "SELECT \"user\".id AS seller_id, "
928 ."\"user\".name AS seller_first_name, "
929 ."\"user\".surname AS seller_last_name, "
930 ."\"user\".email AS seller_mail, "
931 ."\"user\".phone AS seller_phone "
932 ."FROM \"user\" "
933 ."WHERE \"user\".customer_id=0 "
934 ."AND \"user\".enabled=TRUE "
935 ."AND \"user\".archived=FALSE "
936 ."AND \"user\".ets IS NULL "
937 ."AND \"user\".id IN "
938 ."( SELECT DISTINCT web_category_user.user_id "
939 ."FROM web_category_user "
940 ."WHERE web_category_user.ets IS NULL ) "
941 ."ORDER BY \"user\".name ASC, "
942 ."\"user\".surname ASC;";
943 if ( !$this->db->query( $query ) ) {
944 $this->Reply['result']['state'] = false;
945 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
946 $this->sendReply();
947 }
948 $result = $this->db->fetchassocrowset();
949 if ( !$result ) {
950 $result = array();
951 }
952 $this->Reply['result']['state'] = true;
953 $this->Reply['result']['message'] = __('OK');
954 $this->Reply['sellers'] = array();
955 foreach ( $result as $k => $v ) {
956 $this->Reply['sellers'][$k] = array();
957 $this->Reply['sellers'][$k]['seller_id'] = (int)$v['seller_id'];
958 $this->Reply['sellers'][$k]['seller_first_name'] = $v['seller_first_name'];
959 $this->Reply['sellers'][$k]['seller_last_name'] = $v['seller_last_name'];
960 $this->Reply['sellers'][$k]['seller_mail'] = $v['seller_mail'];
961 $this->Reply['sellers'][$k]['seller_phone'] = $v['seller_phone'];
962 }
963 $this->sendReply();
964 }
965
966 private function createRequest() {
967 $user_id = $this->getUserID();
968 $request_cat_id = $_POST['request_cat_id'];
969 $request_object = $_POST['request_object'];
970 $request_message = $_POST['request_message'];
971 if ( $this->AESKey ) {
972 $request_cat_id = $this->decrypt( $request_cat_id );
973 $request_object = $this->decrypt( $request_object );
974 $request_message = $this->decrypt( $request_message );
975 }
976 $query =
977 "SELECT web_category.id "
978 ."FROM web_category "
979 ."WHERE web_category.id=".(int)$request_cat_id." "
980 ."AND web_category.ets IS NULL;";
981 if ( !$this->db->query( $query ) ) {
982 $this->Reply['result']['state'] = false;
983 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
984 $this->sendReply();
985 }
986 $result = $this->db->fetchrowset();
987 if ( !$result ) {
988 $result = array();
989 }
990 if ( !isset( $result[0][0] ) ) {
991 $this->Reply['result']['state'] = false;
992 $this->Reply['result']['message'] = __('Invalid category');
993 $this->sendReply();
994 }
995 if ( !$request_object ) {
996 $this->Reply['result']['state'] = true;
997 $this->Reply['result']['message'] = __('Object is missing');
998 $this->sendReply();
999 }
1000 if ( !$request_message ) {
1001 $this->Reply['result']['state'] = true;
1002 $this->Reply['result']['message'] = __('Message is missing');
1003 $this->sendReply();
1004 }
1005 $query ="INSERT INTO web_request ( uid, "
1006 ."rip, "
1007 ."user_id, "
1008 ."web_category_id, "
1009 ."object ) "
1010 ."VALUES ( ".$user_id.", "
1011 ."'".getenv( 'REMOTE_ADDR' )."', "
1012 .$user_id.", "
1013 .(int)$request_cat_id.", "
1014 .TNL::sql_filter( $request_object , 'text' )." );";
1015 if ( !$this->db->query( $query ) ) {
1016 $this->Reply['result']['state'] = false;
1017 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
1018 $this->sendReply();
1019 }
1020 $web_request_id = $this->db->nextid();
1021 $query =
1022 "INSERT INTO web_request_message ( uid, "
1023 ."rip, "
1024 ."web_request_id, "
1025 ."sender_id, "
1026 ."value ) "
1027 ."VALUES ( ".$user_id.", "
1028 ."'".getenv( 'REMOTE_ADDR' )."', "
1029 .$web_request_id.", "
1030 .$user_id.", "
1031 .TNL::sql_filter( $request_message , 'text' )." );";
1032 if ( !$this->db->query( $query ) ) {
1033 $query =
1034 "UPDATE web_request "
1035 ."SET uid=".$user_id.", "
1036 ."rip='".getenv( 'REMOTE_ADDR' )."', "
1037 ."ets=DATE_TRUNC( 'second' , NOW() ) "
1038 ."WHERE id=".$web_request_id." "
1039 ."AND ets IS NULL;";
1040 if ( !$this->db->query( $query ) ) {
1041 $this->Reply['result']['state'] = false;
1042 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
1043 $this->sendReply();
1044 }
1045 $this->Reply['result']['state'] = false;
1046 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
1047 $this->sendReply();
1048 }
1049 else {
1050 $query =
1051 "SELECT web_request.id AS request_id, "
1052 ."web_request.web_category_id AS request_cat_id, "
1053 ."web_request.object AS request_object, "
1054 ."web_request.cts AS request_creation_date, "
1055 ."( SELECT MAX( web_request_message.bts ) "
1056 ."FROM web_request_message "
1057 ."WHERE web_request_message.web_request_id=web_request.id "
1058 ."AND web_request_message.ets IS NULL ) AS request_update_date, "
1059 ."( SELECT COUNT( web_request_message.id ) "
1060 ."FROM web_request_message "
1061 ."WHERE web_request_message.web_request_id=web_request.id "
1062 ."AND web_request_message.receiver_id=".$user_id." "
1063 ."AND web_request_message.read=FALSE "
1064 ."AND web_request_message.ets IS NULL ) AS request_badge "
1065 ."FROM web_request "
1066 ."WHERE web_request.id=".$web_request_id." "
1067 ."AND web_request.ets IS NULL;";
1068 if ( !$this->db->query( $query ) ) {
1069 $this->Reply['result']['state'] = false;
1070 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
1071 $this->sendReply();
1072 }
1073 $result = $this->db->fetchassocrowset();
1074 if ( !$result ) {
1075 $result = array();
1076 }
1077 $this->Reply['result']['state'] = true;
1078 $this->Reply['result']['message'] = __('OK');
1079 $this->Reply['request'] = array();
1080 $this->Reply['request']['request_id'] = (int)$result[0]['request_id'];
1081 $this->Reply['request']['request_cat_id'] = (int)$result[0]['request_cat_id'];
1082 $this->Reply['request']['request_object'] = $result[0]['request_object'];
1083 $this->Reply['request']['request_creation_date'] = $result[0]['request_creation_date'];
1084 $this->Reply['request']['request_update_date'] = $result[0]['request_update_date'];
1085 $this->Reply['request']['request_badge'] = $result[0]['request_badge'];
1086 $this->sendReply();
1087 }
1088 }
1089
1090 private function getRequests() {
1091 // TODO: Badges?
1092 $user_id = $this->getUserID();
1093 $query =
1094 "SELECT web_request.id AS request_id, "
1095 ."web_request.web_category_id AS request_cat_id, "
1096 ."web_request.cts AS request_creation_date, "
1097 ."( SELECT MAX( web_request_message.bts ) "
1098 ."FROM web_request_message "
1099 ."WHERE web_request_message.web_request_id=web_request.id "
1100 ."AND web_request_message.ets IS NULL ) AS request_update_date, "
1101 ."web_request.object AS request_object, "
1102 ."( SELECT COUNT( web_request_message.id ) "
1103 ."FROM web_request_message "
1104 ."WHERE web_request_message.web_request_id=web_request.id "
1105 ."AND web_request_message.receiver_id=web_request.user_id "
1106 ."AND web_request_message.read=FALSE "
1107 ."AND web_request_message.ets IS NULL ) AS request_badge "
1108 ."FROM web_request "
1109 ."WHERE web_request.user_id=".$user_id." "
1110 ."AND web_request.ets IS NULL "
1111 ."AND web_request.bts::date "
1112 ."BETWEEN ( CURRENT_DATE - INTERVAL '1 year' )::date "
1113 ."AND CURRENT_DATE::date "
1114 ."ORDER BY web_request.bts DESC;";
1115 if ( !$this->db->query( $query ) ) {
1116 $this->Reply['result']['state'] = false;
1117 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
1118 $this->sendReply();
1119 }
1120 $result = $this->db->fetchassocrowset();
1121 if ( !$result ) {
1122 $result = array();
1123 }
1124 $this->Reply['result']['state'] = true;
1125 $this->Reply['result']['message'] = __('OK');
1126 $this->Reply['requests'] = array();
1127 foreach ( $result as $k => $v ) {
1128 $this->Reply['requests'][$k]['request_id'] = (int)$v['request_id'];
1129 $this->Reply['requests'][$k]['request_cat_id'] = (int)$v['request_cat_id'];
1130 $this->Reply['requests'][$k]['request_creation_date'] = $v['request_creation_date'];
1131 $this->Reply['requests'][$k]['request_update_date'] = $v['request_update_date'];
1132 $this->Reply['requests'][$k]['request_object'] = $v['request_object'];
1133 $this->Reply['requests'][$k]['request_badge'] = $v['request_badge'];
1134 }
1135 $this->sendReply();
1136 }
1137
1138 private function getRequestMessages() {
1139 $user_id = $this->getUserID();
1140 $request_id = isset( $_GET['id'] ) ? $_GET['id'] : NULL;
1141 if ( !$request_id ) {
1142 $this->Reply['result']['state'] = false;
1143 $this->Reply['result']['message'] = __('Invalid ID');
1144 $this->sendReply();
1145 }
1146 $query =
1147 "SELECT web_request_message.web_request_id AS message_request_id, "
1148 ."web_request_message.id AS message_id, "
1149 ."web_request_message.cts AS message_send_date, "
1150 ."web_request_message.bts AS message_read_date, "
1151 ."web_request_message.sender_id AS message_sender_id, "
1152 ."web_request_message.receiver_id AS message_receiver_id, "
1153 ."web_request_message.value AS message_value, "
1154 ."web_request_message.read AS message_state "
1155 ."FROM web_request, "
1156 ."web_request_message "
1157 ."WHERE web_request.id=".$request_id." "
1158 ."AND web_request.user_id=".$user_id." "
1159 ."AND web_request.ets IS NULL "
1160 ."AND web_request_message.web_request_id=web_request.id "
1161 ."AND web_request_message.ets IS NULL "
1162 ."AND web_request_message.cts::date "
1163 ."BETWEEN ( CURRENT_DATE - INTERVAL '1 year' )::date "
1164 ."AND CURRENT_DATE::date "
1165 ."ORDER BY web_request_message.cts ASC;";
1166 if ( !$this->db->query( $query ) ) {
1167 $this->Reply['result']['state'] = false;
1168 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
1169 $this->sendReply();
1170 }
1171 $result = $this->db->fetchassocrowset();
1172 if ( !$result ) {
1173 $result = array();
1174 }
1175 $this->Reply['result']['state'] = true;
1176 $this->Reply['result']['message'] = __('OK');
1177 $this->Reply['messages'] = array();
1178 foreach ( $result as $k => $v ) {
1179 $this->Reply['messages'][$k]['message_request_id'] = (int)$v['message_request_id'];
1180 $this->Reply['messages'][$k]['message_id'] = (int)$v['message_id'];
1181 $this->Reply['messages'][$k]['message_send_date'] = $v['message_send_date'];
1182 $this->Reply['messages'][$k]['message_read_date'] = $v['message_read_date'];
1183 $this->Reply['messages'][$k]['message_sender_id'] = (int)$v['message_sender_id'];
1184 $this->Reply['messages'][$k]['message_receiver_id'] = (int)$v['message_receiver_id'];
1185 $this->Reply['messages'][$k]['message_value'] = $v['message_value'];
1186 $this->Reply['messages'][$k]['message_state'] = TNL::fo_filter( $v['message_state'] , 'bool' );
1187 }
1188 $this->sendReply();
1189 }
1190
1191 private function sendMessage() {
1192 $user_id = $this->getUserID();
1193 $this->sendReply();
1194 }
1195
1196 private function getOrderList() {
1197 $user_id = $this->getUserID();
1198 $config = $this->getConfig();
1199 $query =
1200 "SELECT customer_order.id AS order_id, "
1201 ."LPAD( customer_order.code , 8 , '0' ) AS order_ref, "
1202 ."customer_order.date::date AS order_creation_date, "
1203 ."customer_order.bts::date AS order_update_date, "
1204 ."ROUND( customer_order.amount_ti , ".$config['real_round']." ) AS order_amount "
1205 ."FROM \"user\", "
1206 ."customer_order "
1207 ."WHERE \"user\".id=".$user_id." "
1208 ."AND \"user\".ets IS NULL "
1209 ."AND customer_order.customer_id=\"user\".customer_id "
1210 ."AND customer_order.ets IS NULL "
1211 ."AND customer_order.date::date "
1212 ."BETWEEN ( CURRENT_DATE - INTERVAL '1 year' )::date "
1213 ."AND CURRENT_DATE::date "
1214 ."ORDER BY customer_order.id DESC;";
1215 if ( !$this->db->query( $query ) ) {
1216 $this->Reply['result']['state'] = false;
1217 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
1218 $this->sendReply();
1219 }
1220 $result = $this->db->fetchassocrowset();
1221 if ( !$result ) {
1222 $result = array();
1223 }
1224 $this->Reply['result']['state'] = true;
1225 $this->Reply['result']['message'] = __('OK');
1226 $this->Reply['orders'] = array();
1227 foreach ( $result as $k => $v ) {
1228 $this->Reply['orders'][$k] = array();
1229 $this->Reply['orders'][$k]['order_id'] = (int)$v['order_id'];
1230 $this->Reply['orders'][$k]['order_ref'] = $v['order_ref'];
1231 $this->Reply['orders'][$k]['order_creation_date'] = $v['order_creation_date'];
1232 $this->Reply['orders'][$k]['order_update_date'] = $v['order_update_date'];
1233 $this->Reply['orders'][$k]['order_amount'] = $v['order_amount'];
1234 }
1235 $this->sendReply();
1236 }
1237
1238 private function getOrderProducts() {
1239 $user_id = $this->getUserID();
1240 $order_id = isset( $_GET['id'] ) ? $_GET['id'] : NULL;
1241 if ( !$order_id ) {
1242 $this->Reply['result']['state'] = false;
1243 $this->Reply['result']['message'] = __('Invalid ID');
1244 $this->sendReply();
1245 }
1246 $config = $this->getConfig();
1247 $query =
1248 "SELECT customer_order_content.product_id AS product_id, "
1249 ."customer_order_content.product_title AS product_name, "
1250 ."customer_order_content.product_code AS product_ref, "
1251 ."ROUND( customer_order_content.quantity , ".$config['real_round']." ) AS product_quantity, "
1252 ."ROUND( "
1253 ."customer_order_content.unit_price_te "
1254 ."* ( 1 - ( customer_order_content.discount_rate / 100 ) ) "
1255 ."* ( 1 + ( customer_order_content.vat_value / 100 ) ) , ".$config['real_round']." ) AS product_price, "
1256 ."( CASE "
1257 ."WHEN product.pic_content IS NOT NULL "
1258 ."AND product.pic_content<>'' "
1259 ."THEN '".addSlashes( TNL_WEB_URL )."api/v1/getPicture/Product/'||product.id "
1260 ."ELSE NULL "
1261 ."END ) AS product_pic_url "
1262 ."FROM \"user\", "
1263 ."customer_order, "
1264 ."customer_order_content, "
1265 ."product "
1266 ."WHERE \"user\".id=".$user_id." "
1267 ."AND \"user\".ets IS NULL "
1268 ."AND customer_order.customer_id=\"user\".customer_id "
1269 ."AND customer_order.id=".(int)$order_id." "
1270 ."AND customer_order.ets IS NULL "
1271 ."AND customer_order_content.customer_order_id=customer_order.id "
1272 ."AND customer_order_content.ets IS NULL "
1273 ."AND product.id=customer_order_content.product_id "
1274 ."AND product.ets IS NULL "
1275 ."ORDER BY customer_order_content.id ASC;";
1276 if ( !$this->db->query( $query ) ) {
1277 $this->Reply['result']['state'] = false;
1278 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
1279 $this->sendReply();
1280 }
1281 $result = $this->db->fetchassocrowset();
1282 if ( !$result ) {
1283 $result = array();
1284 }
1285 $this->Reply['result']['state'] = true;
1286 $this->Reply['result']['message'] = __('OK');
1287 $this->Reply['products'] = array();
1288 foreach ( $result as $k => $v ) {
1289 $this->Reply['products'][$k] = array();
1290 $this->Reply['products'][$k]['product_id'] = (int)$v['product_id'];
1291 $this->Reply['products'][$k]['product_name'] = $v['product_name'];
1292 $this->Reply['products'][$k]['product_ref'] = $v['product_ref'];
1293 $this->Reply['products'][$k]['product_quantity'] = $v['product_quantity'];
1294 $this->Reply['products'][$k]['product_price'] = $v['product_price'];
1295 $this->Reply['products'][$k]['product_pic_url'] = $v['product_pic_url'];
1296 }
1297 $this->sendReply();
1298 }
1299
1300 private function getInvoices() {
1301 $user_id = $this->getUserID();
1302 $type = isset( $_GET['type'] ) ? $_GET['type'] : NULL;
1303 if ( $type &&
1304 !in_array( $type , array( 'paid' , 'unpaid' ) ) ) {
1305 $this->Reply['result']['state'] = false;
1306 $this->Reply['result']['message'] = __('Invalid type');
1307 $this->sendReply();
1308 }
1309 $config = $this->getConfig();
1310 $query =
1311 "SELECT customer_receipt.id AS invoice_id, "
1312 ."( CASE "
1313 ."WHEN customer_invoice.id IS NOT NULL "
1314 ."THEN LPAD( customer_invoice.code , 8 , '0' ) "
1315 ."ELSE LPAD( customer_receipt.code , 8 , '0' ) "
1316 ."END ) AS invoice_number, "
1317 ."LPAD( customer_order.code , 8 , '0' ) AS invoice_order_ref, "
1318 ."( CASE "
1319 ."WHEN customer_invoice.id IS NOT NULL "
1320 ."THEN customer_invoice.date::date "
1321 ."ELSE customer_receipt.date::date "
1322 ."END ) AS invoice_date, "
1323 ."( ( CASE "
1324 ."WHEN customer_invoice.id IS NOT NULL "
1325 ."THEN customer_invoice.date::date "
1326 ."ELSE customer_receipt.date::date "
1327 ."END ) + ( INTERVAL '1 day' * "
1328 ."( CASE "
1329 ."WHEN customer_account.id IS NOT NULL "
1330 ."THEN customer_account.due_limit_daynum "
1331 ."ELSE 0 "
1332 ."END ) ) )::date AS invoice_due_date, "
1333 ."ROUND( customer_receipt.amount_ti , ".$config['real_round']." ) AS invoice_amount, "
1334 ."ROUND( customer_receipt.outstanding , ".$config['real_round']." ) AS invoice_balance "
1335 ."FROM \"user\", "
1336 ."customer_receipt "
1337 ."LEFT JOIN customer_account "
1338 ."ON customer_account.branch_id=customer_receipt.branch_id "
1339 ."AND customer_account.customer_id=customer_receipt.customer_id "
1340 ."AND customer_account.ets IS NULL "
1341 ."LEFT JOIN customer_order "
1342 ."ON customer_order.customer_receipt_id=customer_receipt.id "
1343 ."AND customer_order.ets IS NULL "
1344 ."LEFT JOIN customer_invoice "
1345 ."ON customer_invoice.customer_receipt_id=customer_receipt.id "
1346 ."AND customer_invoice.ets IS NULL "
1347 ."WHERE \"user\".id=".$user_id." "
1348 ."AND \"user\".ets IS NULL "
1349 ."AND customer_receipt.customer_id=\"user\".customer_id "
1350 ."AND customer_receipt.ets IS NULL "
1351 ."AND ( CASE "
1352 ."WHEN customer_invoice.id IS NOT NULL "
1353 ."THEN customer_invoice.date::date "
1354 ."BETWEEN ( CURRENT_DATE - INTERVAL '1 year' )::date "
1355 ."AND CURRENT_DATE::date "
1356 ."ELSE customer_receipt.date::date "
1357 ."BETWEEN ( CURRENT_DATE - INTERVAL '1 year' )::date "
1358 ."AND CURRENT_DATE::date "
1359 ."END ) "
1360 .( $type == 'paid' ?
1361 "AND customer_receipt.outstanding=0.00 " : "" )
1362 .( $type == 'unpaid' ?
1363 "AND customer_receipt.outstanding>0.00 " : "" )
1364 ."ORDER BY customer_receipt.id DESC;";
1365 if ( !$this->db->query( $query ) ) {
1366 $this->Reply['result']['state'] = false;
1367 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
1368 $this->sendReply();
1369 }
1370 $result = $this->db->fetchassocrowset();
1371 if ( !$result ) {
1372 $result = array();
1373 }
1374 $this->Reply['result']['state'] = true;
1375 $this->Reply['result']['message'] = __('OK');
1376 $this->Reply['invoices'] = array();
1377 foreach ( $result as $k => $v ) {
1378 $this->Reply['invoices'][$k] = array();
1379 $this->Reply['invoices'][$k]['invoice_id'] = (int)$v['invoice_id'];
1380 $this->Reply['invoices'][$k]['invoice_number'] = $v['invoice_number'];
1381 $this->Reply['invoices'][$k]['invoice_order_ref'] = $v['invoice_order_ref'];
1382 $this->Reply['invoices'][$k]['invoice_date'] = $v['invoice_date'];
1383 $this->Reply['invoices'][$k]['invoice_due_date'] = $v['invoice_due_date'];
1384 $this->Reply['invoices'][$k]['invoice_amount'] = $v['invoice_amount'];
1385 $this->Reply['invoices'][$k]['invoice_balance'] = $v['invoice_balance'];
1386 }
1387 $this->sendReply();
1388 }
1389
1390 private function getInvoicePayments() {
1391 $user_id = $this->getUserID();
1392 $receipt_id = isset( $_GET['id'] ) ? $_GET['id'] : NULL;
1393 if ( !$receipt_id ) {
1394 $this->Reply['result']['state'] = false;
1395 $this->Reply['result']['message'] = __('Invalid ID');
1396 $this->sendReply();
1397 }
1398 $config = $this->getConfig();
1399 $query =
1400 "SELECT t.payment_category, "
1401 ."t.payment_id, "
1402 ."t.payment_date, "
1403 ."t.payment_amount, "
1404 ."t.payment_balance, "
1405 ."t.payment_type "
1406 ."FROM ( "
1407 ."SELECT 'CashIn' AS payment_category, "
1408 ."cash_in.id AS payment_id, "
1409 ."cash_in.date AS payment_date, "
1410 ."ROUND( cash_in_allocation.amount , ".$config['real_round']." ) AS payment_amount, "
1411 ."ROUND( cash_in.outstanding , ".$config['real_round']." ) AS payment_balance, "
1412 ."payment_type.title AS payment_type "
1413 ."FROM \"user\" "
1414 ."LEFT JOIN customer_receipt "
1415 ."ON customer_receipt.customer_id=\"user\".customer_id "
1416 ."AND customer_receipt.id=".(int)$receipt_id." "
1417 ."AND customer_receipt.ets IS NULL "
1418 ."LEFT JOIN cash_in_allocation "
1419 ."ON cash_in_allocation.object_table='customer_receipt' "
1420 ."AND cash_in_allocation.object_id=customer_receipt.id "
1421 ."AND cash_in_allocation.ets IS NULL "
1422 ."LEFT JOIN cash_in "
1423 ."ON cash_in.id=cash_in_allocation.cash_in_id "
1424 ."AND cash_in.ets IS NULL "
1425 ."LEFT JOIN payment_type "
1426 ."ON payment_type.id=cash_in.payment_type_id "
1427 ."AND payment_type.ets IS NULL "
1428 ."WHERE \"user\".id=".$user_id." "
1429 ."AND \"user\".ets IS NULL "
1430 ."AND cash_in.id IS NOT NULL "
1431 ."UNION "
1432 ."SELECT 'CreditNote' AS payment_category, "
1433 ."customer_creditnote.id AS payment_id, "
1434 ."customer_creditnote.date AS payment_date, "
1435 ."ROUND( customer_creditnote_allocation.amount , ".$config['real_round']." ) AS payment_amount, "
1436 ."ROUND( customer_creditnote.outstanding , ".$config['real_round']." ) AS payment_balance, "
1437 ."'".__('Avoir')."' AS payment_type "
1438 ."FROM \"user\" "
1439 ."LEFT JOIN customer_receipt "
1440 ."ON customer_receipt.customer_id=\"user\".customer_id "
1441 ."AND customer_receipt.id=".(int)$receipt_id." "
1442 ."AND customer_receipt.ets IS NULL "
1443 ."LEFT JOIN customer_creditnote_allocation "
1444 ."ON customer_creditnote_allocation.object_table='customer_receipt' "
1445 ."AND customer_creditnote_allocation.object_id=customer_receipt.id "
1446 ."AND customer_creditnote_allocation.ets IS NULL "
1447 ."LEFT JOIN customer_creditnote "
1448 ."ON customer_creditnote.id=customer_creditnote_allocation.customer_creditnote_id "
1449 ."AND customer_creditnote.ets IS NULL "
1450 ."WHERE \"user\".id=".$user_id." "
1451 ."AND \"user\".ets IS NULL "
1452 ."AND customer_creditnote.id IS NOT NULL "
1453 ." ) AS t "
1454 ."WHERE t.payment_date::date "
1455 ."BETWEEN ( CURRENT_DATE - INTERVAL '1 year' )::date "
1456 ."AND CURRENT_DATE::date "
1457 ."ORDER BY t.payment_date DESC;";
1458 if ( !$this->db->query( $query ) ) {
1459 $this->Reply['result']['state'] = false;
1460 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
1461 $this->sendReply();
1462 }
1463 $result = $this->db->fetchassocrowset();
1464 if ( !$result ) {
1465 $result = array();
1466 }
1467 $this->Reply['result']['state'] = true;
1468 $this->Reply['result']['message'] = __('OK');
1469 $this->Reply['payments'] = array();
1470 foreach ( $result as $k => $v ) {
1471 $this->Reply['payments'][$k] = array();
1472 $this->Reply['payments'][$k]['payment_category'] = $v['payment_category'];
1473 $this->Reply['payments'][$k]['payment_id'] = (int)$v['payment_id'];
1474 $this->Reply['payments'][$k]['payment_date'] = $v['payment_date'];
1475 $this->Reply['payments'][$k]['payment_amount'] = $v['payment_amount'];
1476 $this->Reply['payments'][$k]['payment_balance'] = $v['payment_balance'];
1477 $this->Reply['payments'][$k]['payment_type'] = $v['payment_type'];
1478 }
1479 $this->sendReply();
1480 }
1481
1482 private function getPayments() {
1483 $user_id = $this->getUserID();
1484 $config = $this->getConfig();
1485 $query =
1486 "SELECT t.payment_category, "
1487 ."t.payment_type, "
1488 ."t.payment_id, "
1489 ."t.payment_date, "
1490 ."t.payment_amount, "
1491 ."t.payment_balance "
1492 ."FROM ( "
1493 ."SELECT 'CashIn' AS payment_category, "
1494 ."payment_type.title AS payment_type, "
1495 ."cash_in.id AS payment_id, "
1496 ."cash_in.date AS payment_date, "
1497 ."ROUND( cash_in.amount , ".$config['real_round']." ) AS payment_amount, "
1498 ."ROUND( cash_in.outstanding , ".$config['real_round']." ) AS payment_balance "
1499 ."FROM \"user\", "
1500 ."cash_in, "
1501 ."payment_type "
1502 ."WHERE \"user\".id=".$user_id." "
1503 ."AND \"user\".ets IS NULL "
1504 ."AND cash_in.identity_id=\"user\".customer_id "
1505 ."AND ( cash_in.type=1 OR cash_in.type=2 ) "
1506 ."AND cash_in.ets IS NULL "
1507 ."AND payment_type.id=cash_in.payment_type_id "
1508 ."AND payment_type.ets IS NULL "
1509 ."UNION "
1510 ."SELECT 'CashOut' AS payment_category, "
1511 ."'".addSlashes( __('Remboursement') )." '||payment_type.title AS payment_type, "
1512 ."cash_out.id AS payment_id, "
1513 ."cash_out.date AS payment_date, "
1514 ."ROUND( cash_out.amount , ".$config['real_round']." ) AS payment_amount, "
1515 ."ROUND( cash_out.outstanding , ".$config['real_round']." ) AS payment_balance "
1516 ."FROM \"user\", "
1517 ."cash_out, "
1518 ."payment_type "
1519 ."WHERE \"user\".id=".$user_id." "
1520 ."AND \"user\".ets IS NULL "
1521 ."AND cash_out.identity_id=\"user\".customer_id "
1522 ."AND cash_out.type=5 "
1523 ."AND cash_out.ets IS NULL "
1524 ."AND payment_type.id=cash_out.payment_type_id "
1525 ."AND payment_type.ets IS NULL "
1526 ."UNION "
1527 ."SELECT 'CreditNote' AS payment_category, "
1528 ."'".__('Avoir')."' AS payment_type, "
1529 ."customer_creditnote.id AS payment_id, "
1530 ."customer_creditnote.date AS payment_date, "
1531 ."ROUND( customer_creditnote.amount_ti , ".$config['real_round']." ) AS payment_amount, "
1532 ."ROUND( customer_creditnote.outstanding , ".$config['real_round']." ) AS payment_balance "
1533 ."FROM \"user\", "
1534 ."customer_creditnote, "
1535 ."payment_type "
1536 ."WHERE \"user\".id=".$user_id." "
1537 ."AND \"user\".ets IS NULL "
1538 ."AND customer_creditnote.customer_id=\"user\".customer_id "
1539 ."AND customer_creditnote.ets IS NULL "
1540 ." ) AS t "
1541 ."WHERE t.payment_date::date "
1542 ."BETWEEN ( CURRENT_DATE - INTERVAL '1 year' )::date "
1543 ."AND CURRENT_DATE::date "
1544 ."ORDER BY t.payment_date DESC;";
1545 if ( !$this->db->query( $query ) ) {
1546 $this->Reply['result']['state'] = false;
1547 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
1548 $this->sendReply();
1549 }
1550 $result = $this->db->fetchassocrowset();
1551 if ( !$result ) {
1552 $result = array();
1553 }
1554 $this->Reply['result']['state'] = true;
1555 $this->Reply['result']['message'] = __('OK');
1556 $this->Reply['payments'] = array();
1557 foreach ( $result as $k => $v ) {
1558 $this->Reply['payments'][$k] = array();
1559 $this->Reply['payments'][$k]['payment_category'] = $v['payment_category'];
1560 $this->Reply['payments'][$k]['payment_type'] = $v['payment_type'];
1561 $this->Reply['payments'][$k]['payment_id'] = (int)$v['payment_id'];
1562 $this->Reply['payments'][$k]['payment_date'] = $v['payment_date'];
1563 $this->Reply['payments'][$k]['payment_amount'] = $v['payment_amount'];
1564 $this->Reply['payments'][$k]['payment_balance'] = $v['payment_balance'];
1565 }
1566 $this->sendReply();
1567 }
1568
1569 private function getPaymentInvoices() {
1570 $user_id = $this->getUserID();
1571 $payment_type = isset( $_GET['type'] ) ? $_GET['type'] : NULL;
1572 if ( $payment_type &&
1573 !in_array( $payment_type , array( 'CashIn' , 'CashOut' , 'CreditNote' ) ) ) {
1574 $this->Reply['result']['state'] = false;
1575 $this->Reply['result']['message'] = __('Invalid type');
1576 $this->sendReply();
1577 }
1578 $payment_id = isset( $_GET['id'] ) ? $_GET['id'] : NULL;
1579 if ( !$payment_id ) {
1580 $this->Reply['result']['state'] = false;
1581 $this->Reply['result']['message'] = __('Invalid ID');
1582 $this->sendReply();
1583 }
1584 $config = $this->getConfig();
1585 $query =
1586 ( $payment_type == 'CashOut' ?
1587 "SELECT 'CreditNote' AS doc_category, "
1588 ."'".addSlashes( __('Avoir') )."' AS doc_type, "
1589 ."document.id AS doc_id, "
1590 ."LPAD( document.code , 8 , '0' ) AS doc_number, "
1591 ."NULL AS doc_order_ref, "
1592 ."document.date::date AS doc_date, "
1593 ."ROUND( document.amount_ti , ".$config['real_round']." ) AS doc_amount, "
1594 ."ROUND( document.outstanding , ".$config['real_round']." ) AS doc_balance " :
1595 "SELECT 'Invoice' AS doc_category, "
1596 ."'".addSlashes( __('Facture') )."' AS doc_type, "
1597 ."document.id AS doc_id, "
1598 ."( CASE "
1599 ."WHEN customer_invoice.id IS NOT NULL "
1600 ."THEN LPAD( customer_invoice.code , 8 , '0' ) "
1601 ."ELSE LPAD( document.code , 8 , '0' ) "
1602 ."END ) AS doc_number, "
1603 ."LPAD( customer_order.code , 8 , '0' ) AS doc_order_ref, "
1604 ."( CASE "
1605 ."WHEN customer_invoice.id IS NOT NULL "
1606 ."THEN customer_invoice.date::date "
1607 ."ELSE document.date::date "
1608 ."END ) AS doc_date, "
1609 ."ROUND( document.amount_ti , ".$config['real_round']." ) AS doc_amount, "
1610 ."ROUND( document.outstanding , ".$config['real_round']." ) AS doc_balance " )
1611 ."FROM \"user\" "
1612 .( $payment_type == 'CashOut' ?
1613 "LEFT JOIN cash_out AS payment "
1614 ."ON payment.identity_id=\"user\".customer_id "
1615 ."AND payment.id=".(int)$payment_id." "
1616 ."AND payment.ets IS NULL "
1617 ."LEFT JOIN cash_out_allocation AS payment_allocation "
1618 ."ON payment_allocation.cash_out_id=payment.id "
1619 ."AND payment_allocation.object_table='customer_creditnote' "
1620 ."AND payment_allocation.ets IS NULL "
1621 ."LEFT JOIN customer_creditnote AS document "
1622 ."ON document.customer_id=\"user\".customer_id "
1623 ."AND document.id=payment_allocation.object_id "
1624 ."AND document.ets IS NULL " : "" )
1625 .( $payment_type == 'CashIn' ?
1626 "LEFT JOIN cash_in AS payment "
1627 ."ON payment.identity_id=\"user\".customer_id "
1628 ."AND payment.id=".(int)$payment_id." "
1629 ."AND payment.ets IS NULL "
1630 ."LEFT JOIN cash_in_allocation AS payment_allocation "
1631 ."ON payment_allocation.cash_in_id=payment.id "
1632 ."AND payment_allocation.object_table='customer_receipt' "
1633 ."AND payment_allocation.ets IS NULL " : "" )
1634 .( $payment_type == 'CreditNote' ?
1635 "LEFT JOIN customer_creditnote AS payment "
1636 ."ON payment.customer_id=\"user\".customer_id "
1637 ."AND payment.id=".(int)$payment_id." "
1638 ."AND payment.ets IS NULL "
1639 ."LEFT JOIN customer_creditnote_allocation AS payment_allocation "
1640 ."ON payment_allocation.customer_creditnote_id=payment.id "
1641 ."AND payment_allocation.object_table='customer_receipt' "
1642 ."AND payment_allocation.ets IS NULL " : "" )
1643 .( $payment_type == 'CashIn' ||
1644 $payment_type == 'CreditNote' ?
1645 "LEFT JOIN customer_receipt AS document "
1646 ."ON document.customer_id=\"user\".customer_id "
1647 ."AND document.id=payment_allocation.object_id "
1648 ."AND document.ets IS NULL "
1649 ."LEFT JOIN customer_order "
1650 ."ON customer_order.customer_receipt_id=document.id "
1651 ."AND customer_order.ets IS NULL "
1652 ."LEFT JOIN customer_invoice "
1653 ."ON customer_invoice.customer_receipt_id=document.id "
1654 ."AND customer_invoice.ets IS NULL " : "" )
1655 ."WHERE \"user\".id=".$user_id." "
1656 ."AND \"user\".ets IS NULL "
1657 ."AND document.id IS NOT NULL "
1658 ."AND document.date::date "
1659 ."BETWEEN ( CURRENT_DATE - INTERVAL '1 year' )::date "
1660 ."AND CURRENT_DATE::date "
1661 ."ORDER BY document.id DESC;";
1662 if ( !$this->db->query( $query ) ) {
1663 $this->Reply['result']['state'] = false;
1664 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
1665 $this->sendReply();
1666 }
1667 $result = $this->db->fetchassocrowset();
1668 if ( !$result ) {
1669 $result = array();
1670 }
1671 $this->Reply['result']['state'] = true;
1672 $this->Reply['result']['message'] = __('OK');
1673 $this->Reply['allocations'] = array();
1674 foreach ( $result as $k => $v ) {
1675 $this->Reply['allocations'][$k] = array();
1676 $this->Reply['allocations'][$k]['doc_category'] = $v['doc_category'];
1677 $this->Reply['allocations'][$k]['doc_type'] = $v['doc_type'];
1678 $this->Reply['allocations'][$k]['doc_id'] = (int)$v['doc_id'];
1679 $this->Reply['allocations'][$k]['doc_number'] = $v['doc_number'];
1680 $this->Reply['allocations'][$k]['doc_order_ref'] = $v['doc_order_ref'];
1681 $this->Reply['allocations'][$k]['doc_date'] = $v['doc_date'];
1682 $this->Reply['allocations'][$k]['doc_amount'] = $v['doc_amount'];
1683 $this->Reply['allocations'][$k]['doc_balance'] = $v['doc_balance'];
1684 }
1685 $this->sendReply();
1686 }
1687
1688 private function getDocuments() {
1689 $user_id = $this->getUserID();
1690 $query =
1691 "SELECT web_document.id AS document_id, "
1692 ."web_document.title AS document_name, "
1693 ."( CASE "
1694 ."WHEN web_document.type=1 "
1695 ."THEN web_document.url "
1696 ."ELSE '".addSlashes( TNL_WEB_URL )."api/v1/getDocument/Document/'||web_document.id "
1697 ."END ) AS document_url, "
1698 ."( CASE "
1699 ."WHEN web_document.pic_content IS NOT NULL "
1700 ."AND web_document.pic_content<>'' "
1701 ."THEN '".addSlashes( TNL_WEB_URL )."api/v1/getPicture/Document/'||web_document.id "
1702 ."ELSE NULL "
1703 ."END ) AS document_pic_url "
1704 ."FROM web_document "
1705 ."WHERE web_document.archived=FALSE "
1706 ."AND web_document.ets IS NULL "
1707 ."ORDER BY web_document.bts DESC;";
1708 if ( !$this->db->query( $query ) ) {
1709 $this->Reply['result']['state'] = false;
1710 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
1711 $this->sendReply();
1712 }
1713 $result = $this->db->fetchassocrowset();
1714 if ( !$result ) {
1715 $result = array();
1716 }
1717 $this->Reply['result']['state'] = true;
1718 $this->Reply['result']['message'] = __('OK');
1719 $this->Reply['documents'] = array();
1720 foreach ( $result as $k => $v ) {
1721 $this->Reply['documents'][$k] = array();
1722 $this->Reply['documents'][$k]['document_id'] = (int)$v['document_id'];
1723 $this->Reply['documents'][$k]['document_name'] = $v['document_name'];
1724 $this->Reply['documents'][$k]['document_url'] = $v['document_url'];
1725 $this->Reply['documents'][$k]['document_pic_url'] = $v['document_pic_url'];
1726 }
1727 $this->sendReply();
1728 }
1729
1730 private function getPicture() {
1731 $user_id = $this->getUserID();
1732 $type = isset( $_GET['type'] ) ? $_GET['type'] : NULL;
1733 if ( $type &&
1734 !in_array( $type , array( 'Document' , 'Product' ) ) ) {
1735 $this->Reply['result']['state'] = false;
1736 $this->Reply['result']['message'] = __('Invalid type');
1737 $this->sendReply();
1738 }
1739 $picture_id = isset( $_GET['id'] ) ? $_GET['id'] : NULL;
1740 if ( !$picture_id ) {
1741 $this->Reply['result']['state'] = false;
1742 $this->Reply['result']['message'] = __('Invalid ID');
1743 $this->sendReply();
1744 }
1745 $option = isset( $_GET['option'] ) ? $_GET['option'] : NULL;
1746 if ( preg_match( '/^([0-9]+),([0-9]+)$/' , $option , $reqs ) ) {
1747 $width = $reqs[1];
1748 $height = $reqs[2];
1749 }
1750 else {
1751 $width = 200;
1752 $height = 200;
1753 }
1754 if ( $type == 'Document' ) {
1755 $query =
1756 "SELECT web_document.id AS picture_id, "
1757 ."web_document.pic_format AS picture_format, "
1758 ."web_document.pic_content AS picture_content "
1759 ."FROM web_document "
1760 ."WHERE web_document.id=".(int)$picture_id." "
1761 ."AND web_document.archived=FALSE "
1762 ."AND web_document.ets IS NULL;";
1763 }
1764 elseif ( $type == 'Product' ) {
1765 $query =
1766 "SELECT product.id AS picture_id, "
1767 ."product.pic_format AS picture_format, "
1768 ."product.pic_content AS picture_content "
1769 ."FROM product "
1770 ."WHERE product.id=".(int)$picture_id." "
1771 ."AND product.archived=FALSE "
1772 ."AND product.ets IS NULL;";
1773 }
1774 if ( !$this->db->query( $query ) ) {
1775 $this->Reply['result']['state'] = false;
1776 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
1777 $this->sendReply();
1778 }
1779 $result = $this->db->fetchassocrowset();
1780 if ( !$result ) {
1781 $result = array();
1782 }
1783 if ( !isset( $result[0]['picture_id'] ) ) {
1784 $this->Reply['result']['state'] = false;
1785 $this->Reply['result']['message'] = __('Invalid ID');
1786 $this->sendReply();
1787 }
1788 header( 'Content-type: '.$result[0]['picture_format'] );
1789 header( 'Content-disposition: inline' );
1790 // Display resized image
1791 echo image_resize(
1792 TNL::fo_filter( $result[0]['picture_content'] , 'byte' ) , $width , $height , 0 );
1793 }
1794
1795 private function getDocument() {
1796 $user_id = $this->getUserID();
1797 $type = isset( $_GET['type'] ) ? $_GET['type'] : NULL;
1798 if ( $type &&
1799 !in_array( $type , array( 'Document' , 'Invoice' , 'Statement' ) ) ) {
1800 $this->Reply['result']['state'] = false;
1801 $this->Reply['result']['message'] = __('Invalid type');
1802 $this->sendReply();
1803 }
1804 $document_id = isset( $_GET['id'] ) ? $_GET['id'] : NULL;
1805 if ( !$document_id ) {
1806 $this->Reply['result']['state'] = false;
1807 $this->Reply['result']['message'] = __('Invalid ID');
1808 $this->sendReply();
1809 }
1810 if ( $type == 'Document' ) {
1811 $query =
1812 "SELECT web_document.id AS document_id, "
1813 ."web_document.name AS document_name, "
1814 ."web_document.format AS document_format, "
1815 ."web_document.content AS document_content "
1816 ."FROM web_document "
1817 ."WHERE web_document.id=".(int)$document_id." "
1818 ."AND web_document.archived=FALSE "
1819 ."AND web_document.ets IS NULL;";
1820 }
1821 if ( !$this->db->query( $query ) ) {
1822 $this->Reply['result']['state'] = false;
1823 $this->Reply['result']['message'] = __('Invalid query').': '.$this->db->error()['message'];
1824 $this->sendReply();
1825 }
1826 $result = $this->db->fetchassocrowset();
1827 if ( !$result ) {
1828 $result = array();
1829 }
1830 if ( !isset( $result[0]['document_id'] ) ) {
1831 $this->Reply['result']['state'] = false;
1832 $this->Reply['result']['message'] = __('Invalid ID');
1833 $this->sendReply();
1834 }
1835 header( 'Content-type: '.$result[0]['document_format'] );
1836 header( 'Content-disposition: attachment; filename="'.$result[0]['document_name'].'"' );
1837 // Display document
1838 echo TNL::fo_filter( $result[0]['document_content'] , 'byte' );
1839 }
1840}
1841
1842$api = new API_v1();
1843
1844?>
1845