File: /home/mostafedeg/public_html/erp/controllers/api.php
<?php
/*
* erp api
* created by fatma younis 24-09-2020
*/
//require_once("_fire/_fire.php");
require_once("../public/con_reedbean.php");
//require_once("_fire/_autho.php"); //general functions
//require_once("_fire/push_notif.php"); //general functionss
#################################
//convert all request to json
if (isset($_SERVER['HTTP_ORIGIN'])) {
header("Access-Control-Allow-Origin: *");
//header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true');
header('Access-Control-Max-Age: 86400'); // cache for 1 day
}
// Access-Control headers are received during OPTIONS requests
if ($_SERVER['REQUEST_METHOD'] == 'OPTIONS') {
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_METHOD']))
header("Access-Control-Allow-Methods: GET, POST, OPTIONS");
if (isset($_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']))
header("Access-Control-Allow-Headers: {$_SERVER['HTTP_ACCESS_CONTROL_REQUEST_HEADERS']}");
exit(0);
}
$post_data = file_get_contents("php://input");
if (empty($post_data)) {
//for ios
$get_request = json_decode(json_encode($_POST));
} else {
//for android
$get_request = json_decode($post_data);
}
########################################################
$do = $_GET['do'];
if (empty($do)) {
//
}
##recive, 'id' =====> output, userid and name
##recive, 'group' =====> output, userid and name for all users in a group
##recive, NoThing =====> output, userid and name for users
elseif ($do == "user") {
$id = isset($get_request->id) ? $get_request->id : '';
$usergroupid = isset($get_request->group) ? $get_request->group : '';
if (isset($id) && !empty($id)) {
//single
$user = R::findOne('user', 'userid = ?', [$id]);
// send data
$send_data = array(
"id" => $user->userid,
"name" => $user->employeename,
//"username" => $val->username,
);
} elseif (isset($usergroupid) && !empty($usergroupid)) {
//by group
$users = R::findAll('user', "usergroupid = $usergroupid and conditions = 0 and userid > 0");
$send_data = array();
foreach ($users as $val) {
$item = array(
"id" => $val->userid,
"name" => $val->employeename,
);
array_push($send_data, $item);
}
} else {
//all
$users = R::findAll('user', 'conditions = 0 and userid > 0');
$send_data = array();
foreach ($users as $val) {
$item = array(
"id" => $val->userid,
"name" => $val->employeename,
);
array_push($send_data, $item);
}
}
echo json_encode($send_data);
}
##recive, 'username','password' =====> output, userid and name
elseif ($do == "login") {
$username = isset($get_request->username) ? $get_request->username : '';
$password = isset($get_request->password) ? $get_request->password : '';
if (!empty($username) && !empty($password)) {
// $user = R::findOne('user', 'username = "' . $username . '" AND password = "' . $password . '" and user.conditions=0');
$user = R::findOne('user', "username = '" . $username . "' and password = '" . $password . "' and user.conditions=0");
if ($user->userid) {
$send_data = array("status" => 1, "reason" => 'sucess'
, "id" => $user->userid, "name" => $user->employeename);
} else {
$send_data = array("status" => 2, "reason" => 'error'
, "id" => 0, "name" => '');
}
} else {
$send_data = array("status" => 3, "reason" => 'missing required data'
, "id" => 0, "name" => '');
}
echo json_encode($send_data);
}
##save collected parcodes to make it as sellbill later from casher computer
##recive, 'userid','casherid','parcodes' =====> output, status and id of inseted row
elseif ($do == "collectparcodes") {
$userid = isset($get_request->userid) ? $get_request->userid : '';
$sellerid = isset($get_request->casherid) ? $get_request->casherid : '';
$parcodes = isset($get_request->parcodes) ? $get_request->parcodes : ''; //like 00001,00002,00003
$status;
if (!empty($userid) && !empty($sellerid) && !empty($parcodes)) {
$obj = R::dispense('collectedparcodestemp');
$obj->userid = $userid;
$obj->sellerid = $sellerid;
$obj->parcodes = $parcodes;
$obj->sysdate = date('Y-m-d H:i:s');
$obj->conditions = 0;
try {
$insert_id = R::store($obj);
if (!empty($insert_id)) {
$status = 1;
$reason = 'sucess';
} else {
$reason = 'error';
$status = 2;
}
} catch (Exception $e) {
$reason = 'error';
$status = 2;
}
} else {
$reason = 'missing required data';
$status = 3;
}
$send_data = array("status" => $status, "reason" => $reason, "id" => $id);
echo json_encode($send_data);
}
elseif ($do == "clientlogin") {
$phone = isset($get_request->phone) ? $get_request->phone : '';
$password = isset($get_request->password) ? $get_request->password : '';
if (!empty($phone) && !empty($password)) {
$client = R::findOne('client', "clientphone = '" . $phone . "' and password = '" . $password . "' and client.conditions=0");
if ($client->clientid) {
$send_data = array("status" => 1, "reason" => 'تم تسجيل الدخول'
, "clientid" => $client->clientid, "clientname" => $client->clientname);
} else {
$send_data = array("status" => 2, "reason" => 'حدث خطأ'
, "clientid" => 0, "clientname" => '');
}
} else {
$send_data = array("status" => 3, "reason" => 'البيانات المطلوبة مفقودة'
, "clientid" => 0, "clientname" => '');
}
echo json_encode($send_data);
}
elseif ($do == "product") {
$id = isset($get_request->id) ? $get_request->id : '';
$text = isset($get_request->search) ? $get_request->search : '';
$start_item = isset($get_request->start_item) ? $get_request->start_item : '';
$page_no = isset($get_request->page_no) ? $get_request->page_no : '';
$show_all = isset($get_request->show_all) ? $get_request->show_all : '';
$search = '';
if ($text != '') {
$search .= " and product.productName LIKE '%" . trim($text) . "%' ";
}
if (!$page_no) {
$page_no = 20;
}
if (!$start_item) {
$start_item = 0;
}
if (isset($id) && !empty($id)) {
$send_data = R::getRow("SELECT * FROM `product` WHERE productId = ? and conditions = 0 ", [$id]);
} else if($show_all){
$send_data = R::getAll("SELECT * FROM `product` WHERE conditions = 0 $search ");
}else{
$send_data = R::getAll("SELECT * FROM `product` WHERE conditions = 0 $search limit $start_item , $page_no");
}
echo json_encode($send_data);
}
elseif ($do == "clientreport") {
$clientid = isset($get_request->clientid) ? $get_request->clientid : '';
$startDate = isset($get_request->id) ? $get_request->from : '';
$endDate = isset($get_request->to) ? $get_request->to : '';
$order = isset($get_request->order) ? $get_request->order : '';
$queryString = '';
if ($clientid > 0) {
$queryString .= ' AND clientdebtchange.clientid =' . $clientid . ' ';
}else{
//$queryString .= ' AND clientdebtchange.clientid = 0 ';
}
if (!empty($startDate) && !empty($endDate)) {
$queryString .= ' AND clientdebtchange.clientdebtchangedate >= "' . $startDate . '" AND clientdebtchange.clientdebtchangedate <= "' . $endDate . '" ';
}
if ($order) {
$orderBy = ' order by "'.$order.'" desc ';
}else{
$orderBy = ' order by clientdebtchangedate desc ,clientdebtchangeid desc ';
}
$send_data = R::getAll('SELECT clientdebtchange.*, client.clientname , CONCAT(`tablename`,`clientdebtchangemodelid`,clientdebtchangeamount,`clientdebtchangetype`) AS finalstring FROM clientdebtchange JOIN client
ON client.clientid = clientdebtchange.clientid WHERE 1 ' . $queryString . '' . $orderBy . '');
$send_data = json_decode(json_encode($send_data), FALSE);
foreach ($send_data as $data) {
if ($data->clientdebtchangetype == 0) {
$total = $total + $data->clientdebtchangeamount;
} else {
$total = $total - $data->clientdebtchangeamount;
}
if ($data->clientdebtchangemodelid != -1) {
// إجمالي الفاتورة و إجمالى المستحق من فاتورة المبيعات
if ($data->tablename == "sellbillController.php") {
$data->tablename = "sellbillController.php";
$data->link_id = $data->clientdebtchangemodelid;
$sellBillData = R::load('sellbill',$data->clientdebtchangemodelid);
$data->totalbill = $sellBillData->sellbilltotalbill; // إجمالي الفاتورة
$data->finalbill = $returnSellBillData->sellbillaftertotalbill; //إجمالى المستحق
$data->totalOperationCost = $sellBillData->sellbillaftertotalbill;
} else if ($data->tablename == "returnsellbillController.php") {
$data->tablename = "returnsellbillController.php";
$data->link_id = $data->clientdebtchangemodelid;
$returnSellBillData = R::load('returnsellbill',$data->clientdebtchangemodelid);
$data->totalbill = $returnSellBillData->returnsellbilltotalbill; // إجمالي الفاتورة
$data->finalbill = $returnSellBillData->returnsellbillaftertotalbill; //إجمالى المستحق
$data->totalOperationCost = $returnSellBillData->returnsellbillaftertotalbill;
} else if ($data->tablename == "sellbillandruternController.php") {
$data->tablename = "sellbillandruternController.php";
$data->link_id = $data->clientdebtchangemodelid;
$sellAndReturnBillData = R::load('sellbillandrutern',$data->clientdebtchangemodelid);
$data->totalOperationCost = $sellAndReturnBillData->sellbillaftertotalbill;
} else if ($data->tablename == "bills.php") {
$data->tablename = "bills.php";
$data->link_id = $data->clientdebtchangemodelid;
$BillsData = R::load('bills',$data->clientdebtchangemodelid);
$data->totalbill = $BillsData->productstotalprice; // إجمالي الفاتورة
$data->finalbill = $BillsData->finalnetbillvalue; //إجمالى المستحق
$data->totalOperationCost = $BillsData->finalnetbillvalue;
} else if ($data->tablename == "billsreturn.php") {
$data->tablename = "billsreturn.php";
$data->link_id = $data->clientdebtchangemodelid;
$BillsData = R::load('bills',$data->clientdebtchangemodelid);
$data->totalbill = $BillsData->productstotalprice; // إجمالي الفاتورة
$data->finalbill = $BillsData->finalnetbillvalue; //إجمالى المستحق
$data->totalOperationCost = $BillsData->finalnetbillvalue;
} else if ($data->tablename == "kempialaController.php") {
$data->tablename = "kempialaController.php";
$data->link_id = $data->clientdebtchangemodelid;
} else if ($data->tablename == "depositcheckController.php") {
$data->tablename = "depositcheckController.php";
$data->link_id = $data->clientdebtchangemodelid;
$checkdata = R::getRow('SELECT checkdeposit.*,bankaccount.accountnumber,bankaccount.accountbeginingbalance,
checkdeposit.bankaccountid, checkdeposit.clientid, bankaccount.accountname, bank.bankname, client.clientname
FROM checkdeposit JOIN client ON checkdeposit.clientid=client.clientid JOIN bankaccount ON checkdeposit.bankaccountid=bankaccount.accountid JOIN bank ON bankaccount.bankid=bank.bankid where checkdeposit.checkdepositid =' . $data->clientdebtchangemodelid . '');
$data->bankname = $checkdata['bankname'];
$data->accountname = $checkdata['accountname'];
} else if ($data->tablename == "clientPayedDeptController.php") {
$data->tablename = "clientPayedDeptController.php";
$data->link_id = $data->clientdebtchangeid;
} else if ($data->tablename == "clientPayedDeptReportController.php") {
$data->tablename = "clientPayedDeptReportController.php";
$data->link_id = $data->clientdebtchangeid;
} else if ($data->tablename == "clientController.php") {
$data->tablename = "clientController.php";
$data->link_id = $data->clientdebtchangemodelid;
} else if ($data->tablename == "billreceiptController.php") {
$data->tablename = "billreceiptController.php";
$data->link_id = $data->clientdebtchangemodelid;
} else if ($data->tablename == "rb_kashf.php") {
$data->tablename = "rb_kashf.php";
$data->link_id = $data->clientdebtchangemodelid;
}else if ($data->tablename == "premiumController.php") {
$data->tablename = "premiumController.php";
$data->link_id = $data->clientdebtchangemodelid;
}
} else {
$data->link_id = "#";
}
}
echo json_encode($send_data);
}
elseif ($do == "createsellbillid") {
$clientid = isset($get_request->clientid) ? $get_request->clientid : '';
if(!$clientid){
$reason = 'العميل غير موجود ';
$status = 2;
echo json_encode(array('status' => $status, 'reason' => $reason, 'sellbillid' => 0), JSON_NUMERIC_CHECK);
exit();
}
try {
$client = R::getRow("SELECT * FROM `client` WHERE clientid = ? and conditions = 0 ", [$clientid]);
$date = date('Y-m-d');
$datetime = date("Y-m-d H:i:s");
$sellbillSerial = uniqid("0");
R::exec("INSERT INTO `sellbilloffer`(`sellbilldate`, `sellbillserial`, `sellbillclientid`, `sellbilltotaldeptbefor`, `sellbilltotaldeptafter`,
`sellbilldiscount`, `sellbilldiscounttype`, `sellbilltotalbill`, `sellbillaftertotalbill`, `sellbilltotalpayed`, `sellbillfinalbill`,
`sellbillstoreid`, `sellbillsysdate`, `userid`, `conditions`, `sellbillclientname`, `sellbillsaveid`,
`sellbildirectpayment`, `billnameid`, `sellerid`, `tempclientName`, `sellQuantity`, `deletedsellid`,
`controlname`, `tax`, `totalafterdelivery`, `orderSavedBillId`) VALUES ('$datetime','$sellbillSerial ', $clientid, 0.00, 0.00, 0,
1, 0, 0, 0, 0, 1,'$datetime', 1, 0, '0', 1, 1, 7, 0, '$clientname', 0, 0, '', 15.00, 0, 0)");
$sellbilloffer = R::getRow("SELECT * FROM `sellbilloffer` WHERE sellbillclientid = ? and conditions = 0 order by sellbillid desc ", [$clientid]);
$reason = 'تم بنجاح';
$status = 1;
echo json_encode(array('status' => $status, 'reason' => $reason, 'sellbillid' => (int)$sellbilloffer['sellbillid']), JSON_NUMERIC_CHECK);
} catch (Exception $e) {
$reason = 'sql_error';
$status = -5;
echo json_encode(array('status' => $status, 'reason' => $reason, 'sellbillid' => 0), JSON_NUMERIC_CHECK);
}
}
elseif ($do == "addsellbilloffer") {
$productid = isset($get_request->productid) ? $get_request->productid : '';
$quantity = isset($get_request->quantity) ? $get_request->quantity : 1;
$sellbillid = isset($get_request->sellbillid) ? $get_request->sellbillid : 0;
$date = date('Y-m-d');
$datetime = date("Y-m-d H:i:s");
try {
$sellbilloffer = R::getRow("SELECT * FROM `sellbilloffer` WHERE sellbillid = ? and conditions = 0 order by sellbillid desc ", [$sellbillid]);
if($sellbilloffer['orderSavedBillId'] > 0){
$reason = 'غير متاح الاضافه او التعديل';
$status = 2;
echo json_encode(array('status' => $status, 'reason' => $reason), JSON_NUMERIC_CHECK);
exit();
}
$product = R::getRow("SELECT * FROM `product` WHERE productId = ? and conditions = 0 ", [$productid]);
$client = R::getRow("SELECT * FROM `client` WHERE clientid = ? and conditions = 0 ", [$sellbilloffer['sellbillclientid']]);
$clientname = $client['clientname'];
if ($client['priceTypeId'] == -1) {
$price = $product['productSellAllPrice'];
$pricetype = 0;
}else if ($client['priceTypeId'] == 0) {
$price = $product['productSellAllPrice'];
$pricetype = 0;
}else if($client['priceTypeId'] == 2){
$price = $product['productSellHalfPrice'];
$pricetype = 2;
}else{
$price = $product['productSellUnitPrice'];
$pricetype = 1;
}
$countpro = R::getRow("SELECT * FROM sellbilldetailoffer WHERE sellbillid = ? and sellbilldetailproductid = ? ", [$sellbilloffer['sellbillid'], $productid]);
if (!$countpro) {
R::exec("INSERT INTO `sellbilldetailoffer`(`buyprice`, `parcode`, `sellbillid`, `sellbilldetailcatid`, `sellbilldetailproductid`, `sellbilldetailquantity`, `sellbilldetailprice`, `sellbilldetailtotalprice`, `discountvalue`, `note`, `pricetype`, `sellbilldetaildate`, `productunitid`, `buydiscount`, `buydiscounttype`, `storeid`, `discounttype`, `localdonw`, `lastbuyprice`, `meanbuyprice`, `lastbuyprice_withDiscount`, `meanbuyprice_withDiscount`, `scunitqty`, `otherdetailquantity`, `sizeid`, `colorid`, `onlineOrderId`, `pricetypepro`) VALUES (".$product['productBuyPrice'].",
'".$product['parcode']."', ".$sellbilloffer['sellbillid'].", ".$product['productCatId'].",$productid,$quantity,$price,$price*$quantity, 0.00, '', $pricetype,'$date',0,0.00, -1, 1, 0,'', 0.00, 0.00, 0.00, 0.00, 0, 0, 0, 0, 0, $pricetype)");
}else{
R::exec("UPDATE `sellbilldetailoffer` SET `buyprice`= ".$product['productBuyPrice'].",`parcode`='".$product['parcode']."'
,`sellbilldetailcatid`=".$product['productCatId']." ,`sellbilldetailquantity`=$quantity,`sellbilldetailprice`=$price,`sellbilldetailtotalprice`=$price*$quantity ,`pricetype`=$pricetype ,`pricetypepro`=$pricetype WHERE sellbilldetailid = '" . $countpro['sellbilldetailid'] . "' ");
}
$sum = R::getRow("SELECT sum(sellbilldetailtotalprice) as sellbilldetailtotalprice, sum(sellbilldetailquantity) as sellbilldetailquantity FROM `sellbilldetailoffer` WHERE sellbillid = ? ", [$sellbillid]);
$sellbilldetailtotalprice = $sum['sellbilldetailtotalprice'];
$sellbilldetailquantity = $sum['sellbilldetailquantity'];
$vatValue = R::getCell("SELECT vatValue FROM programsettings WHERE programsettingsid = 1");
$taxPer = $vatValue / 100;
$taxPerPlusOne = $taxPer + 1;
$sellbilltotalbill = $sellbilldetailtotalprice - (($sellbilldetailtotalprice * $taxPer) / $taxPerPlusOne);
R::exec("UPDATE `sellbilloffer` SET `sellbilltotaldeptafter`=$sellbilldetailtotalprice,`sellbilltotalbill`=0,
`sellbillaftertotalbill`=$sellbilldetailtotalprice,`sellbilltotalbill`=$sellbilltotalbill,`sellbillfinalbill`=$sellbilldetailtotalprice,
`sellQuantity`=$sellbilldetailquantity, `tax`= $vatValue,`totalafterdelivery`=$sellbilldetailtotalprice WHERE sellbillid = '" . $sellbilloffer['sellbillid'] . "' ");
$reason = 'تم بنجاح';
$status = 1;
} catch (Exception $e) {
$reason = 'sql_error';
$status = -5;
}
echo json_encode(array('status' => $status, 'reason' => $reason), JSON_NUMERIC_CHECK);
}
elseif ($do == "sellbilloffer") {
$clientid = isset($get_request->clientid) ? $get_request->clientid : '';
$sellbilloffers = R::getAll("SELECT sellbilloffer.*, clientname FROM `sellbilloffer` LEFT JOIN client ON sellbilloffer.sellbillclientid = client.clientid WHERE sellbillclientid = ? and sellbilloffer.conditions = 0 ", [$clientid]);
echo json_encode($sellbilloffers);
}
elseif ($do == "sellbilldetailoffer") {
$sellbillid = isset($get_request->sellbillid) ? $get_request->sellbillid : '';
$sellbilloffer = R::getRow("SELECT sellbilloffer.*, clientname FROM `sellbilloffer` LEFT JOIN client ON sellbilloffer.sellbillclientid = client.clientid WHERE sellbillid = ? and sellbilloffer.conditions = 0 ", [$sellbillid]);
$sellbilldetailoffer = R::getAll("SELECT sellbilldetailoffer.* FROM `sellbilldetailoffer` LEFT JOIN product ON sellbilldetailoffer.sellbilldetailproductid = product.productId WHERE sellbillid = ? ", [$sellbillid]);
echo json_encode(array('sellbilloffer' => $sellbilloffer, 'sellbilldetailoffer' => $sellbilldetailoffer), JSON_NUMERIC_CHECK);
}
elseif ($do == "deletesellbilloffer") {
$sellbillid = isset($get_request->sellbillid) ? $get_request->sellbillid : '';
try {
$sellbilloffer = R::getRow("SELECT * FROM `sellbilloffer` WHERE sellbillid = ? order by sellbillid desc ", [$sellbillid]);
if($sellbilloffer['orderSavedBillId'] > 0){
$reason = 'غير متاح الحذف ';
$status = 2;
echo json_encode(array('status' => $status, 'reason' => $reason), JSON_NUMERIC_CHECK);
exit();
}
R::exec("DELETE FROM `sellbilloffer` WHERE sellbillid = '" . $sellbillid . "' ");
R::exec("DELETE FROM `sellbilldetailoffer` WHERE sellbillid = '" . $sellbillid . "' ");
$reason = 'تم الحذف بنجاح';
$status = 1;
} catch (Exception $e) {
$reason = 'sql_error';
$status = -5;
}
echo json_encode(array('status' => $status, 'reason' => $reason), JSON_NUMERIC_CHECK);
}
elseif ($do == "deletesellbilldetailoffer") {
$sellbilldetailid = isset($get_request->sellbilldetailid) ? $get_request->sellbilldetailid : '';
try {
$sellbilldetailoffer = R::getRow("SELECT sellbilldetailoffer.* FROM `sellbilldetailoffer` WHERE sellbilldetailid = ? ", [$sellbilldetailid]);
$sellbilloffer = R::getRow("SELECT * FROM `sellbilloffer` WHERE sellbillid = ? order by sellbillid desc ", [$sellbilldetailoffer['sellbillid']]);
if($sellbilloffer['orderSavedBillId'] > 0){
$reason = 'غير متاح الحذف ';
$status = 2;
echo json_encode(array('status' => $status, 'reason' => $reason), JSON_NUMERIC_CHECK);
exit();
}
R::exec("DELETE FROM `sellbilldetailoffer` WHERE sellbilldetailid = '" . $sellbilldetailid . "' ");
$sum = R::getRow("SELECT sum(sellbilldetailtotalprice) as sellbilldetailtotalprice, sum(sellbilldetailquantity) as sellbilldetailquantity FROM `sellbilldetailoffer` WHERE sellbillid = ? ", [$sellbillid]);
$sellbilldetailtotalprice = $sum['sellbilldetailtotalprice'];
$sellbilldetailquantity = $sum['sellbilldetailquantity'];
$vatValue = R::getCell("SELECT vatValue FROM programsettings WHERE programsettingsid = 1");
$taxPer = $vatValue / 100;
$taxPerPlusOne = $taxPer + 1;
$sellbilltotalbill = $sellbilldetailtotalprice - (($sellbilldetailtotalprice * $taxPer) / $taxPerPlusOne);
R::exec("UPDATE `sellbilloffer` SET `sellbilltotaldeptafter`=$sellbilldetailtotalprice,`sellbilltotalbill`=0,
`sellbillaftertotalbill`=$sellbilldetailtotalprice,`sellbilltotalbill`=$sellbilltotalbill,`sellbillfinalbill`=$sellbilldetailtotalprice,
`sellQuantity`=$sellbilldetailquantity, `tax`= $vatValue,`totalafterdelivery`=$sellbilldetailtotalprice WHERE sellbillid = '" . $sellbilloffer['sellbillid'] . "' ");
$reason = 'تم الجذف بنجاح';
$status = 1;
} catch (Exception $e) {
$reason = 'sql_error';
$status = -5;
}
echo json_encode(array('status' => $status, 'reason' => $reason), JSON_NUMERIC_CHECK);
}