| Server IP : 13.126.101.145 / Your IP : 216.73.216.131 Web Server : Apache/2.4.52 (Ubuntu) System : Linux ip-11-115-0-196 6.8.0-1039-aws #41~22.04.1-Ubuntu SMP Thu Sep 11 10:54:48 UTC 2025 x86_64 User : www-data ( 33) PHP Version : 8.3.17 Disable Function : NONE MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /var/www/html/rentals_updated/wp-content/plugins/api-phone/ |
Upload File : |
<?php
// -------------------------------------------------------------------------------------------------------TP
// ----------------------------------------------------------------------------- Uplaod Images
function upload_global_images($request)
{
global $wpdb;
$table_name = $wpdb->prefix . 'app_uploads'; // Table for storing metadata
// Create table if not exists (optional safety check)
$charset_collate = $wpdb->get_charset_collate();
$sql = "CREATE TABLE IF NOT EXISTS $table_name (
id BIGINT UNSIGNED AUTO_INCREMENT PRIMARY KEY,
filename VARCHAR(255),
url TEXT,
path TEXT,
uploaded_at DATETIME DEFAULT CURRENT_TIMESTAMP
) $charset_collate;";
require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
dbDelta($sql);
$uploaded_files = $_FILES['images'] ?? null;
if (!$uploaded_files) {
return new WP_REST_Response(['message' => 'No files uploaded.', 'success' => 0], 400);
}
$upload_dir = wp_upload_dir();
$custom_dir = $upload_dir['basedir'] . '/app-uploads/';
$custom_url = $upload_dir['baseurl'] . '/app-uploads/';
if (!file_exists($custom_dir)) {
wp_mkdir_p($custom_dir);
}
$response = [];
$total_files = is_array($uploaded_files['name']) ? count($uploaded_files['name']) : 1;
for ($i = 0; $i < $total_files; $i++) {
$tmp_name = is_array($uploaded_files['tmp_name']) ? $uploaded_files['tmp_name'][$i] : $uploaded_files['tmp_name'];
$original_name = is_array($uploaded_files['name']) ? $uploaded_files['name'][$i] : $uploaded_files['name'];
$ext = pathinfo($original_name, PATHINFO_EXTENSION);
// Generate unique filename
$safe_name = sanitize_file_name(pathinfo($original_name, PATHINFO_FILENAME));
$unique_name = wp_unique_filename($custom_dir, $safe_name . '.' . $ext);
$target_path = $custom_dir . $unique_name;
$url = $custom_url . $unique_name;
if (move_uploaded_file($tmp_name, $target_path)) {
// Insert into DB
$wpdb->insert($table_name, [
'filename' => $unique_name,
'url' => $url,
'path' => $target_path
]);
$insert_id = $wpdb->insert_id;
$response[] = [
'success' => 1,
'id' => $insert_id,
'filename' => $unique_name,
'url' => $url,
'path' => $target_path
];
} else {
$response[] = [
'success' => 0,
'error' => 'Failed to move uploaded file.',
'file' => $original_name
];
}
}
return new WP_REST_Response(['results' => $response, 'success' => 1], 200);
}
// Register API
add_action('rest_api_init', function () {
register_rest_route('api/operator', 'upload-images', [
'methods' => 'POST',
'callback' => 'upload_global_images',
'permission_callback' => '__return_true' // Add real auth in production
]);
});
// curl -X POST https://gmmco-rms.teampumpkin.in/wp-json/api/operator/upload-images \
// -F "images[]=@/full/path/to/image1.jpg" \
// ----------------------------------------------------------------------- Get Images
function get_app_images_by_id_or_name($request)
{
global $wpdb;
$table_name = $wpdb->prefix . 'app_uploads';
$items = $request->get_param('items'); // Array of IDs or filenames
if (!is_array($items) || empty($items)) {
return new WP_REST_Response(['message' => 'Items array is required.', 'success' => 0], 400);
}
$results = [];
foreach ($items as $item) {
$row = null;
if (is_numeric($item)) {
$row = $wpdb->get_row($wpdb->prepare("SELECT * FROM $table_name WHERE id = %d", intval($item)), ARRAY_A);
} else {
$safe_name = sanitize_file_name($item);
$row = $wpdb->get_row($wpdb->prepare("SELECT * FROM $table_name WHERE filename = %s", $safe_name), ARRAY_A);
}
if ($row) {
$results[] = [
'id' => $row['id'],
'filename' => $row['filename'],
'url' => $row['url'],
'uploaded_at' => $row['uploaded_at']
];
} else {
$results[] = [
'input' => $item,
'error' => 'Image not found in database.'
];
}
}
return new WP_REST_Response(['success' => 1, 'results' => $results], 200);
}
add_action('rest_api_init', function () {
register_rest_route('api/operator', '/get-app-images', [
'methods' => 'POST',
'callback' => 'get_app_images_by_id_or_name',
'permission_callback' => '__return_true'
]);
});
// curl -X POST https://gmmco-rms.teampumpkin.in/wp-json/api/operator/get-app-images \
// -H "Content-Type: application/json" \
// -d '{
// "items": [1, 2]
// }'
//---------------------------------------- or
// curl -X POST https://gmmco-rms.teampumpkin.in/wp-json/api/operator/get-app-images \
// -H "Content-Type: application/json" \
// -d '{
// "items": ["name1", "name2"]
// }'
// --------------------------------------------------------------- Delete Images
function delete_app_images_by_id_or_name($request){
global $wpdb;
$table_name = $wpdb->prefix . 'app_uploads';
$items = $request->get_param('items'); // Accepts array of ids or filenames
if (!is_array($items) || empty($items)) {
return new WP_REST_Response(['message' => 'Items array is required.', 'success' => 0], 400);
}
$upload_dir = wp_upload_dir();
$base_path = $upload_dir['basedir'] . '/app-uploads/';
$results = [];
foreach ($items as $item) {
$row = null;
if (is_numeric($item)) {
// Find by ID
$row = $wpdb->get_row($wpdb->prepare("SELECT * FROM $table_name WHERE id = %d", intval($item)));
} else {
// Find by filename
$safe_name = sanitize_file_name($item);
$row = $wpdb->get_row($wpdb->prepare("SELECT * FROM $table_name WHERE filename = %s", $safe_name));
}
if ($row) {
$file_path = $row->path;
if (file_exists($file_path)) {
if (unlink($file_path)) {
$wpdb->delete($table_name, ['id' => $row->id]);
$results[] = [
'id' => $row->id,
'filename' => $row->filename,
'deleted' => true,
'message' => 'File and database record deleted.'
];
} else {
$results[] = [
'id' => $row->id,
'filename' => $row->filename,
'deleted' => false,
'error' => 'Failed to delete file from disk.'
];
}
} else {
// File doesn't exist, still delete DB row
$wpdb->delete($table_name, ['id' => $row->id]);
$results[] = [
'id' => $row->id,
'filename' => $row->filename,
'deleted' => true,
'message' => 'File not found, but DB record deleted.'
];
}
} else {
$results[] = [
'input' => $item,
'deleted' => false,
'error' => 'Image not found in database.'
];
}
}
return new WP_REST_Response(['success' => 1, 'results' => $results], 200);
}
add_action('rest_api_init', function () {
register_rest_route('api/operator', '/delete-app-images', [
'methods' => 'POST',
'callback' => 'delete_app_images_by_id_or_name',
'permission_callback' => '__return_true'
]);
});
// curl -X POST https://gmmco-rms.teampumpkin.in/wp-json/api/operator/delete-app-images \
// -H "Content-Type: application/json" \
// -d '{
// "items": [1, 2]
// }'
//---------------------------------------- or
// curl -X POST https://gmmco-rms.teampumpkin.in/wp-json/api/operator/delete-app-images \
// -H "Content-Type: application/json" \
// -d '{
// "items": ["name1", "name2"]
// }'
// ----------------------------------------------------------------------------------------------- Operational Status
/** Save Operational Status Log: Note, Date, Total Hours, Image URLs, User ID */
function saveOperationalStatus($request){
global $wpdb;
// Table name
$table = $wpdb->prefix . 'operational_status';
// Create table if it doesn't exist
$charset_collate = $wpdb->get_charset_collate();
$create_table_sql = "
CREATE TABLE IF NOT EXISTS $table (
id BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT,
user_id BIGINT(20) NOT NULL,
note TEXT NOT NULL,
log_date DATE NOT NULL,
total_hours FLOAT DEFAULT 0,
images TEXT,
created_on DATETIME DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (id)
) $charset_collate;
";
require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
dbDelta($create_table_sql);
// Get raw body content and decode JSON
$raw_body = $request->get_body();
$json_data = json_decode($raw_body, true);
$params = $json_data['params'] ?? [];
// Sanitize and validate
$user_id = intval($params['user_id'] ?? 0);
$note = sanitize_text_field($params['note'] ?? '');
$date = sanitize_text_field($params['date'] ?? '');
$total_hours = floatval($params['total_hours'] ?? 0);
$images = isset($params['images']) ? sanitize_textarea_field($params['images']) : ''; // image IDs (comma-separated or JSON)
if ($user_id === 0 || empty($note) || empty($date)) {
return new WP_REST_Response([
'message' => 'Note, Date, and User ID are required.',
'success' => 0
], 400);
}
$now = current_time('mysql');
$insert = $wpdb->insert($table, [
'user_id' => $user_id,
'note' => $note,
'log_date' => $date,
'total_hours' => $total_hours,
'images' => $images,
'created_on' => $now,
]);
if (!$insert) {
return new WP_REST_Response([
'message' => 'Failed to save log.',
'error' => $wpdb->last_error,
'success' => 0
], 500);
}
return new WP_REST_Response([
'message' => 'Log saved successfully.',
'log_id' => $wpdb->insert_id,
'success' => 1
], 200);
}
add_action('rest_api_init', function () {
register_rest_route('api/operator', '/save-operational-status', [
'methods' => 'POST',
'callback' => 'saveOperationalStatus',
'permission_callback' => '__return_true'
]);
});
// curl -X POST https://gmmco-rms.teampumpkin.in/wp-json/api/operator/save-operational-status \
// -H "Content-Type: application/json" \
// -d '{
// "params": {
// "user_id": 12,
// "note": "Daily site maintenance completed.",
// "date": "2025-06-28",
// "total_hours": 4.5,
// "images": "21,22,23"
// }
// }'
// ----------------------------------------------------------- Edit Operational Status
function updateOperationalStatus($request){
global $wpdb;
$table = $wpdb->prefix . 'operational_status';
// Decode JSON request body
$raw_body = $request->get_body();
$json_data = json_decode($raw_body, true);
$params = $json_data['params'] ?? [];
// Required fields
$log_id = intval($params['id'] ?? 0);
$user_id = intval($params['user_id'] ?? 0);
$note = sanitize_text_field($params['note'] ?? '');
$date = sanitize_text_field($params['date'] ?? '');
$total_hours = floatval($params['total_hours'] ?? 0);
$images = isset($params['images']) ? sanitize_textarea_field($params['images']) : '';
// Validate
if ($log_id <= 0 || $user_id === 0 || empty($note) || empty($date)) {
return new WP_REST_Response([
'message' => 'Log ID, Note, Date, and User ID are required.',
'success' => 0
], 400);
}
// Update the row
$updated = $wpdb->update(
$table,
[
'user_id' => $user_id,
'note' => $note,
'log_date' => $date,
'total_hours' => $total_hours,
'images' => $images
],
['id' => $log_id]
);
if ($updated === false) {
return new WP_REST_Response([
'message' => 'Failed to update log.',
'error' => $wpdb->last_error,
'success' => 0
], 500);
}
return new WP_REST_Response([
'message' => 'Log updated successfully.',
'updated' => $updated,
'success' => 1
], 200);
}
add_action('rest_api_init', function () {
register_rest_route('api/operator', '/update-operational-status', [
'methods' => 'POST',
'callback' => 'updateOperationalStatus',
'permission_callback' => '__return_true'
]);
});
// curl -X POST https://gmmco-rms.teampumpkin.in/wp-json/api/operator/update-operational-status \
// -H "Content-Type: application/json" \
// -d '{
// "params": {
// "id": 5,
// "user_id": 12,
// "note": "Updated note",
// "date": "2025-06-28",
// "total_hours": 7.5,
// "images": "123,124"
// }
// }'
// ----------------------------------------------------------- Get Operational Status
/** Get All Operational Logs for a User via POST */
function getOperationalStatusByUser($request){
global $wpdb;
// Get raw JSON body
$raw_body = $request->get_body();
$decoded = json_decode($raw_body, true);
$params = $decoded['params'] ?? [];
$user_id = intval($params['user_id'] ?? 0);
if ($user_id <= 0) {
return new WP_REST_Response(['message' => 'Invalid or missing User ID', 'success' => 0], 400);
}
$table = 'wp_operational_status';
$results = $wpdb->get_results(
$wpdb->prepare("SELECT * FROM $table WHERE user_id = %d ORDER BY log_date DESC", $user_id),
ARRAY_A
);
return new WP_REST_Response([
'data' => $results,
'success' => 1
], 200);
}
add_action('rest_api_init', function () {
register_rest_route('api/operator', '/get-operational-status', [
'methods' => 'POST',
'callback' => 'getOperationalStatusByUser',
'permission_callback' => '__return_true'
]);
});
// curl -X POST https://gmmco-rms.teampumpkin.in/wp-json/api/operator/get-operational-status \
// -H "Content-Type: application/json" \
// -d '{
// "params": {
// "user_id": 12
// }
// }'
// ----------------------------------------------------------- Delete Operational Status
function deleteOperationalStatusByUser($request){
global $wpdb;
$raw_body = $request->get_body();
$decoded = json_decode($raw_body, true);
$params = $decoded['params'] ?? [];
$user_id = intval($params['user_id'] ?? 0);
$id_string = $params['id'] ?? '';
if ($user_id <= 0 || empty($id_string)) {
return new WP_REST_Response(['message' => 'Missing user_id or id(s)', 'success' => 0], 400);
}
// Convert comma-separated string to array and sanitize
$ids = array_filter(array_map('intval', explode(',', $id_string)));
if (empty($ids)) {
return new WP_REST_Response(['message' => 'No valid IDs provided', 'success' => 0], 400);
}
$table = 'wp_operational_status';
$placeholders = implode(',', array_fill(0, count($ids), '%d'));
// Delete rows by user_id and ids
$query = "DELETE FROM $table WHERE user_id = %d AND id IN ($placeholders)";
$prepared_query = $wpdb->prepare($query, array_merge([$user_id], $ids));
$deleted = $wpdb->query($prepared_query);
return new WP_REST_Response([
'message' => "$deleted record(s) deleted",
'success' => 1
], 200);
}
add_action('rest_api_init', function () {
register_rest_route('api/operator', '/delete-operational-status', [
'methods' => 'POST',
'callback' => 'deleteOperationalStatusByUser',
'permission_callback' => '__return_true'
]);
});
// curl -X POST https://gmmco-rms.teampumpkin.in/wp-json/api/operator/delete-operational-status \
// -H "Content-Type: application/json" \
// -d '{
// "params": {
// "user_id": 12,
// "id": "1,2,3"
// }
// }'
/** ----------------------------------------------------------- Save Initial Inspection */
function saveInitialInspection($request) {
global $wpdb;
// Table name
$table = $wpdb->prefix . 'initial_inspection';
// Create table if it doesn't exist
$charset_collate = $wpdb->get_charset_collate();
$create_table_sql = "
CREATE TABLE IF NOT EXISTS $table (
id BIGINT(20) UNSIGNED NOT NULL AUTO_INCREMENT,
user_id BIGINT(20) NOT NULL,
product_id BIGINT(20) NOT NULL,
assigned_id BIGINT(20) DEFAULT NULL,
comment TEXT NOT NULL,
inspection_date DATE NOT NULL,
images TEXT,
created_on DATETIME DEFAULT CURRENT_TIMESTAMP,
PRIMARY KEY (id)
) $charset_collate;
";
require_once(ABSPATH . 'wp-admin/includes/upgrade.php');
dbDelta($create_table_sql);
// Get raw body content and decode JSON
$raw_body = $request->get_body();
$json_data = json_decode($raw_body, true);
$params = $json_data['params'] ?? [];
// Sanitize and validate
$user_id = intval($params['user_id'] ?? 0);
$product_id = intval($params['product_id'] ?? 0);
$assigned_id = intval($params['assigned_id'] ?? 0);
$comment = sanitize_text_field($params['comment'] ?? '');
$inspection_date = sanitize_text_field($params['inspection_date'] ?? '');
$images = isset($params['images']) ? sanitize_textarea_field($params['images']) : '';
if ($user_id === 0 || $product_id === 0 || empty($comment) || empty($inspection_date)) {
return new WP_REST_Response([
'message' => 'User ID, Product ID, Comment, and Inspection Date are required.',
'success' => 0
], 400);
}
$now = current_time('mysql');
$insert = $wpdb->insert($table, [
'user_id' => $user_id,
'product_id' => $product_id,
'assigned_id' => $assigned_id,
'comment' => $comment,
'inspection_date' => $inspection_date,
'images' => $images,
'created_on' => $now,
]);
if (!$insert) {
return new WP_REST_Response([
'message' => 'Failed to save inspection log.',
'error' => $wpdb->last_error,
'success' => 0
], 500);
}
return new WP_REST_Response([
'message' => 'Inspection log saved successfully.',
'inspection_id' => $wpdb->insert_id,
'success' => 1
], 200);
}
add_action('rest_api_init', function () {
register_rest_route('api/operator', '/save-initial-inspection', [
'methods' => 'POST',
'callback' => 'saveInitialInspection',
'permission_callback' => '__return_true'
]);
});
// curl -X POST https://gmmco-rms.teampumpkin.in/wp-json/api/operator/save-initial-inspection \
// -H "Content-Type: application/json" \
// -d '{
// "params": {
// "user_id": 12,
// "product_id": 45,
// "assigned_id": 124,
// "comment": "Initial inspection completed. No major issues found.",
// "inspection_date": "2025-07-04",
// "images": "21,22,23"
// }
// }'
// ----------------------------------------------------------- Edit Initial Inspection
function updateInitialInspection($request){
global $wpdb;
$table = $wpdb->prefix . 'initial_inspection';
// Decode JSON request body
$raw_body = $request->get_body();
$json_data = json_decode($raw_body, true);
$params = $json_data['params'] ?? [];
// Required fields
$log_id = intval($params['id'] ?? 0);
$user_id = intval($params['user_id'] ?? 0);
$product_id = intval($params['product_id'] ?? 0);
$assigned_id = intval($params['assigned_id'] ?? 0);
$comment = sanitize_text_field($params['comment'] ?? '');
$inspection_date = sanitize_text_field($params['inspection_date'] ?? '');
$images = isset($params['images']) ? sanitize_textarea_field($params['images']) : '';
// Validate
if ($log_id <= 0 || $user_id === 0 || $product_id === 0 || empty($comment) || empty($inspection_date)) {
return new WP_REST_Response([
'message' => 'Log ID, User ID, Product ID, Comment, and Inspection Date are required.',
'success' => 0
], 400);
}
// Update the row
$updated = $wpdb->update(
$table,
[
'user_id' => $user_id,
'product_id' => $product_id,
'assigned_id' => $assigned_id,
'comment' => $comment,
'inspection_date' => $inspection_date,
'images' => $images
],
['id' => $log_id]
);
if ($updated === false) {
return new WP_REST_Response([
'message' => 'Failed to update inspection log.',
'error' => $wpdb->last_error,
'success' => 0
], 500);
}
return new WP_REST_Response([
'message' => 'Inspection log updated successfully.',
'updated' => $updated,
'success' => 1
], 200);
}
add_action('rest_api_init', function () {
register_rest_route('api/operator', '/update-initial-inspection', [
'methods' => 'POST',
'callback' => 'updateInitialInspection',
'permission_callback' => '__return_true'
]);
});
// curl -X POST https://gmmco-rms.teampumpkin.in/wp-json/api/operator/update-initial-inspection \
// -H "Content-Type: application/json" \
// -d '{
// "params": {
// "id": 5,
// "user_id": 12,
// "product_id": 45,
// "assigned_id": 124,
// "comment": "Updated initial inspection comment.",
// "inspection_date": "2025-07-04",
// "images": "123,124"
// }
// }'
// ----------------------------------------------------------- Get Initial Inspection Logs
/** Get All Initial Inspection Logs for a User via POST */
function getInitialInspectionByUser($request) {
global $wpdb;
// Get raw JSON body
$raw_body = $request->get_body();
$decoded = json_decode($raw_body, true);
$params = $decoded['params'] ?? [];
$user_id = intval($params['user_id'] ?? 0);
if ($user_id <= 0) {
return new WP_REST_Response([
'message' => 'Invalid or missing User ID',
'success' => 0
], 400);
}
$table = $wpdb->prefix . 'initial_inspection';
$results = $wpdb->get_results(
$wpdb->prepare("SELECT * FROM $table WHERE user_id = %d ORDER BY inspection_date DESC", $user_id),
ARRAY_A
);
return new WP_REST_Response([
'data' => $results,
'success' => 1
], 200);
}
add_action('rest_api_init', function () {
register_rest_route('api/operator', '/get-initial-inspection', [
'methods' => 'POST',
'callback' => 'getInitialInspectionByUser',
'permission_callback' => '__return_true'
]);
});
// curl -X POST https://gmmco-rms.teampumpkin.in/wp-json/api/operator/get-initial-inspection \
// -H "Content-Type: application/json" \
// -d '{
// "params": {
// "user_id": 12
// }
// }'
// ----------------------------------------------------------- Delete Initial Inspection
function deleteInitialInspectionByUser($request) {
global $wpdb;
$raw_body = $request->get_body();
$decoded = json_decode($raw_body, true);
$params = $decoded['params'] ?? [];
$user_id = intval($params['user_id'] ?? 0);
$id_string = $params['id'] ?? '';
if ($user_id <= 0 || empty($id_string)) {
return new WP_REST_Response([
'message' => 'Missing user_id or id(s)',
'success' => 0
], 400);
}
// Convert comma-separated string to array and sanitize
$ids = array_filter(array_map('intval', explode(',', $id_string)));
if (empty($ids)) {
return new WP_REST_Response([
'message' => 'No valid IDs provided',
'success' => 0
], 400);
}
$table = $wpdb->prefix . 'initial_inspection';
$placeholders = implode(',', array_fill(0, count($ids), '%d'));
// Delete rows by user_id and ids
$query = "DELETE FROM $table WHERE user_id = %d AND id IN ($placeholders)";
$prepared_query = $wpdb->prepare($query, array_merge([$user_id], $ids));
$deleted = $wpdb->query($prepared_query);
return new WP_REST_Response([
'message' => "$deleted record(s) deleted",
'success' => 1
], 200);
}
add_action('rest_api_init', function () {
register_rest_route('api/operator', '/delete-initial-inspection', [
'methods' => 'POST',
'callback' => 'deleteInitialInspectionByUser',
'permission_callback' => '__return_true'
]);
});
// curl -X POST https://gmmco-rms.teampumpkin.in/wp-json/api/operator/delete-initial-inspection \
// -H "Content-Type: application/json" \
// -d '{
// "params": {
// "user_id": 12,
// "id": "1,2,3"
// }
// }'
// --------------------------------------------------------------------------------------------------------------- TP
?>