From b99e033860b9a10a345d26fae156e51630c8ef4c Mon Sep 17 00:00:00 2001
From: Dave Umrysh <dave@umrysh.com>
Date: Mon, 22 Mar 2021 07:53:02 -0600
Subject: [PATCH] sigs/search

---
 get_sign.php   | 119 +++++++++++++++++++++++++++++++++++++
 qr_search.html | 142 ++++++++++++++++++++++++++++++++++++++++++++
 save_sign.php  | 155 +++++++++++++++++++++++++++++++++++++++++++++++++
 signature.html | 129 ++++++++++++++++++++++++++++++++++++++++
 4 files changed, 545 insertions(+)
 create mode 100644 get_sign.php
 create mode 100644 qr_search.html
 create mode 100644 save_sign.php
 create mode 100644 signature.html

diff --git a/get_sign.php b/get_sign.php
new file mode 100644
index 0000000..a508f65
--- /dev/null
+++ b/get_sign.php
@@ -0,0 +1,119 @@
+<?php
+ini_set("log_errors", 1);
+ini_set("error_log", "/tmp/php-error.log");
+
+header('Access-Control-Allow-Origin: *');
+
+$path = '/var/www/uploads/servicesignatures/';
+
+if( isset($_REQUEST['apiKey']) && isset($_REQUEST['service_id']) ){
+	$apiKey = urldecode($_REQUEST['apiKey']);
+	$service_id = urldecode($_REQUEST['service_id']);
+
+	$host		=	'127.0.0.1';
+	$user		=	'';
+	$pass		=	'';
+	$database	=	'';
+	// connect to the mysql database server.
+	$connect = mysqli_connect ( $host, $user, $pass ) ;
+	if ( ! $connect )
+	{
+		trigger_error ( mysqli_error(), E_USER_ERROR );
+	}
+	mysqli_select_db ( $connect,$database);
+
+	// Is there a record that matches this api_key?
+	$query='SELECT user_id FROM devices WHERE api_key="' . mysqli_real_escape_string($connect, $apiKey) . '"';
+	$result = mysqli_query ( $connect, $query );
+	if ( ! $result )
+	{
+		echo '{ "message": "Database error", "data": {}}';
+		exit();
+	}
+	if(mysqli_num_rows($result)>0)
+	{
+
+		// Update last active
+		$query='UPDATE devices SET last_active = "'.date('Y-m-d').'" WHERE api_key="' . mysqli_real_escape_string($connect, $apiKey) . '"';
+		$result2 = mysqli_query ( $connect, $query );
+
+
+		$row = mysqli_fetch_assoc($result);
+		$user_id = $row["user_id"];
+
+		// Is this a Matrix employee?
+		$query='SELECT user_type FROM users WHERE user_id="' . mysqli_real_escape_string($connect, $user_id) . '"';
+		$result = mysqli_query ( $connect, $query );
+		if ( ! $result )
+		{
+			echo '{ "message": "Database error", "data": {}}';
+			exit();
+		}
+		if(mysqli_num_rows($result)>0)
+		{
+			$row = mysqli_fetch_assoc($result);
+			$user_type = $row["user_type"];
+
+			if(!($user_type=="0" || $user_type=="1")){
+				// Else, are they allowed to see this document?
+				$query='SELECT site_id FROM serviceorder WHERE service_id = "'.mysqli_real_escape_string($connect, $service_id).'"';
+				$result = mysqli_query ( $connect, $query );
+				if ( ! $result )
+				{
+					echo '{ "message": "Database error", "data": {}}';
+					exit();
+				}
+				if(mysqli_num_rows($result)>0)
+				{
+
+					$row2 = mysqli_fetch_assoc($result);
+
+					$query='SELECT site_id FROM siteaccess WHERE user_id="' . mysqli_real_escape_string($connect, $user_id) . '" AND site_id = "'.mysqli_real_escape_string($connect, $row2["site_id"]).'"';
+					$result = mysqli_query ( $connect, $query );
+					if ( ! $result )
+					{
+						echo '{ "message": "Database error", "data": {}}';
+						exit();
+					}
+					if(mysqli_num_rows($result)<1)
+					{
+						echo '{ "message": "You do not have access to this site", "data": {}}';
+						exit();
+					}
+				}else{
+					echo '{ "message": "Invalid Site", "data": {}}';
+					exit();
+				}
+
+			}
+
+
+			$query='SELECT file_id FROM servicesignatures WHERE service_id="' . mysqli_real_escape_string($connect, $service_id) . '"';
+			$result = mysqli_query ( $connect, $query );
+			if ( ! $result )
+			{
+				echo '{ "message": "Database error", "data": {}}';
+				exit();
+			}
+			if(mysqli_num_rows($result)>0)
+			{
+				$row = mysqli_fetch_assoc($result);
+				$file_id = $row["file_id"];
+
+				$file = $path . $file_id;
+
+				echo '{ "message": "", "data": {"img":"data:image/png;base64,'.base64_encode(file_get_contents($file)).'"}}';
+
+			}else{
+				echo '{ "message": "", "data": {"img":""}}';
+			}
+		}else{
+			echo '{ "message": "Database error", "data": {}}';
+		}
+	}else{
+		echo '{ "message": "Incorrect API credentials", "data": {}}';
+	}
+}else{
+	echo '{ "message": "Invalid post variables", "data": {}}';
+}
+?>
\ No newline at end of file
diff --git a/qr_search.html b/qr_search.html
new file mode 100644
index 0000000..270b558
--- /dev/null
+++ b/qr_search.html
@@ -0,0 +1,142 @@
+<!DOCTYPE html>
+<html lang="en">
+	<head>
+
+
+		<!- QR code scan -->
+		<script src="js/html5-qrcode.min.js"></script>
+	</head>
+
+
+
+	<!-- Begin Page Content -->
+	<div class="container-fluid">
+		<!-- Breadcrumbs-->
+		<!--<ol class="breadcrumb">
+		<li class="breadcrumb-item active">
+			Sites
+		</li>
+		</ol>-->
+		<div class="row">
+		<div class="col-12">
+
+			<p><button id="scanButton" class="btn btn-primary" onClick="scanQR()">Scan code</button></p>
+			<div id="reader" width="0px"></div>
+
+
+
+
+
+
+
+
+
+
+	<script type="text/javascript">
+		var cameraId = "";
+		var currentlyScanning = false;
+		var html5QrCode;
+		function scanQR(){
+			if(currentlyScanning){
+				stopScan("");
+			}else{
+				$("#scanButton").html("Stop scanning");
+				currentlyScanning = true;
+				if(cameraId==""){
+					html5QrCode = Html5Qrcode.getCameras().then(devices => {
+						if (devices && devices.length) {
+							if(devices.length > 1){
+								var options_list = "";
+								for (i = 0; i < devices.length; i++) {
+									if(devices[i].label.indexOf("front") !== -1){
+										options_list = options_list + '<option value="'+devices[i].id+'">Front</option>';
+									}else if(devices[i].label.indexOf("back") !== -1){
+										options_list = options_list + '<option value="'+devices[i].id+'">Back</option>';
+									}else{
+										options_list = options_list + '<option value="'+devices[i].id+'">'+devices[i].label+'</option>';
+									}
+								}
+
+								vex.dialog.open({
+									message: "Which camera would you like to use?",
+									input: [
+										'<style>',
+											'.vex-custom-field-wrapper {',
+												'margin: 1em 0;',
+											'}',
+											'.vex-custom-field-wrapper > label {',
+												'display: inline-block;',
+												'margin-bottom: .2em;',
+											'}',
+										'</style>',
+										'<div class="vex-custom-field-wrapper">',
+											'<label for="camera_id">Cameras available:</label>',
+											'<div class="vex-custom-input-wrapper">',
+												'<select name="camera_id" id="camera_id">',
+												options_list,
+												'</select>',
+											'</div>',
+										'</div>',
+
+									].join(''),
+									callback: function (data) {
+										if (!data) {
+											$("#scanButton").html("Scan code");
+											currentlyScanning = false;
+										}else{
+											cameraId = data.camera_id;
+											readQR();
+										}
+									}
+								});
+							}else{
+								cameraId = devices[0].id;
+								readQR();
+							}
+						}
+					}).catch(err => {
+						console.log(err);
+					});
+				}else{
+					readQR();
+				}
+			}
+		}
+
+		function readQR(){
+			html5QrCode = new Html5Qrcode("reader");
+			html5QrCode.start(
+				cameraId,
+				{
+					fps: 10,    // Optional frame per seconds for qr code scanning
+					qrbox: 250  // Optional if you want bounded box UI
+				},
+				qrCodeMessage => {
+					// do something when code is read
+					stopScan(qrCodeMessage);
+				},
+				errorMessage => {
+					console.log(errorMessage);
+			 	})
+			.catch(err => {
+			 	console.log(err);
+			});
+		}
+
+		function stopScan(message){
+			html5QrCode.stop().then(ignore => {
+				// QR Code scanning is stopped.
+			}).catch(err => {
+				console.log(err);
+			});
+
+			currentlyScanning = false;
+			$("#scanButton").html("Scan code");
+
+			if(message!=""){
+				var table = $('#dataTable').DataTable();
+				table.search( message ).draw();
+			}
+		}
+
+	</script>
\ No newline at end of file
diff --git a/save_sign.php b/save_sign.php
new file mode 100644
index 0000000..5e98d77
--- /dev/null
+++ b/save_sign.php
@@ -0,0 +1,155 @@
+<?php
+ini_set("log_errors", 1);
+ini_set("error_log", "/tmp/php-error.log");
+
+header('Access-Control-Allow-Origin: *');
+
+$path = '/var/www/uploads/servicesignatures/';
+
+if( isset($_REQUEST['apiKey']) && isset($_REQUEST['service_id']) && isset($_REQUEST['img_data']) ){
+	$apiKey = urldecode($_REQUEST['apiKey']);
+	$service_id = urldecode($_REQUEST['service_id']);
+	$imagedata = base64_decode($_REQUEST['img_data']);
+
+	$host		=	'127.0.0.1';
+	$user		=	'';
+	$pass		=	'';
+	$database	=	'';
+	// connect to the mysql database server.
+	$connect = mysqli_connect ( $host, $user, $pass ) ;
+	if ( ! $connect )
+	{
+		trigger_error ( mysqli_error(), E_USER_ERROR );
+	}
+	mysqli_select_db ( $connect,$database);
+
+	// Is there a record that matches this api_key?
+	$query='SELECT user_id FROM devices WHERE api_key="' . mysqli_real_escape_string($connect, $apiKey) . '"';
+	$result = mysqli_query ( $connect, $query );
+	if ( ! $result )
+	{
+		echo '{ "message": "Database error", "data": {}}';
+		exit();
+	}
+	if(mysqli_num_rows($result)>0)
+	{
+
+		// Update last active
+		$query='UPDATE devices SET last_active = "'.date('Y-m-d').'" WHERE api_key="' . mysqli_real_escape_string($connect, $apiKey) . '"';
+		$result2 = mysqli_query ( $connect, $query );
+
+
+		$row = mysqli_fetch_assoc($result);
+		$user_id = $row["user_id"];
+
+		// Is this a Matrix employee?
+		$query='SELECT user_type FROM users WHERE user_id="' . mysqli_real_escape_string($connect, $user_id) . '"';
+		$result = mysqli_query ( $connect, $query );
+		if ( ! $result )
+		{
+			echo '{ "message": "Database error", "data": {}}';
+			exit();
+		}
+		if(mysqli_num_rows($result)>0)
+		{
+			$row = mysqli_fetch_assoc($result);
+			$user_type = $row["user_type"];
+
+			// Is this a valid Service ID
+			$query='SELECT service_id FROM serviceorder WHERE service_id="' . mysqli_real_escape_string($connect, $service_id) . '"';
+			$result = mysqli_query ( $connect, $query );
+			if ( ! $result )
+			{
+				echo '{ "message": "Database error", "data": {}}';
+				exit();
+			}
+			if(mysqli_num_rows($result)>0)
+			{
+
+
+				if(!($user_type=="0" || $user_type=="1")){
+					// Else, are they allowed to save this signature?
+					$query='SELECT site_id FROM serviceorder WHERE service_id = "'.mysqli_real_escape_string($connect, $service_id).'"';
+					$result = mysqli_query ( $connect, $query );
+					if ( ! $result )
+					{
+						echo '{ "message": "Database error", "data": {}}';
+						exit();
+					}
+					if(mysqli_num_rows($result)>0)
+					{
+
+						$row2 = mysqli_fetch_assoc($result);
+
+						$query='SELECT site_id FROM siteaccess WHERE user_id="' . mysqli_real_escape_string($connect, $user_id) . '" AND site_id = "'.mysqli_real_escape_string($connect, $row2["site_id"]).'"';
+						$result = mysqli_query ( $connect, $query );
+						if ( ! $result )
+						{
+							echo '{ "message": "Database error", "data": {}}';
+							exit();
+						}
+						if(mysqli_num_rows($result)<1)
+						{
+							echo '{ "message": "You do not have access to this site", "data": {}}';
+							exit();
+						}
+					}else{
+						echo '{ "message": "Invalid Site", "data": {}}';
+						exit();
+					}
+
+				}
+
+
+				// Update or insert?
+				$query='SELECT file_id FROM servicesignatures WHERE service_id="' . mysqli_real_escape_string($connect, $service_id) . '"';
+				$result = mysqli_query ( $connect, $query );
+				if ( ! $result )
+				{
+					echo '{ "message": "Database error", "data": {}}';
+					exit();
+				}
+				if(mysqli_num_rows($result)>0)
+				{
+					$row = mysqli_fetch_assoc($result);
+					$file_id = $row["file_id"];
+
+					$query='UPDATE servicesignatures SET date = "'.date('Y-m-d').'" WHERE service_id = "'.mysqli_real_escape_string($connect, $service_id).'"';
+					$result = mysqli_query ( $connect, $query );
+					if ( ! $result )
+					{
+						echo '{ "message": "Database error", "data": {}}';
+						exit();
+					}
+				}else{
+					// Insert into the table
+					$query='INSERT INTO servicesignatures(service_id,date) VALUES("'.mysqli_real_escape_string($connect, $service_id).'","'.date('Y-m-d').'")';
+					$result = mysqli_query ( $connect, $query );
+					if ( ! $result )
+					{
+						echo '{ "message": "Database error", "data": {}}';
+						exit();
+					}
+					$file_id = mysqli_insert_id($connect);
+				}
+
+
+
+				$file = $path . $file_id;
+				file_put_contents($file, $imagedata);
+
+				echo '{ "message": "'.$error.'", "data": {}}';
+
+			}else{
+				echo '{ "message": "Invalid Service ID", "data": {}}';
+			}
+		}else{
+			echo '{ "message": "Database error", "data": {}}';
+		}
+	}else{
+		echo '{ "message": "Incorrect API credentials", "data": {}}';
+	}
+}else{
+	echo '{ "message": "Invalid post variables", "data": {}}';
+}
+?>
\ No newline at end of file
diff --git a/signature.html b/signature.html
new file mode 100644
index 0000000..c330882
--- /dev/null
+++ b/signature.html
@@ -0,0 +1,129 @@
+<!DOCTYPE html>
+<html lang="en">
+	<head>
+
+
+		<!-- signature stuff -->
+		<link href="css/jquery.signaturepad.css" rel="stylesheet">
+		<script src="js/numeric-1.2.6.min.js"></script>
+		<script src="js/bezier.js"></script>
+		<script src="js/jquery.signaturepad.js"></script>
+		<script type='text/javascript' src="js/html2canvas.js"></script>
+		<script src="js/json2.min.js"></script>
+	</head>
+
+
+
+
+
+
+
+
+
+
+					<div class="card shadow mb-4">
+						<div class="card-header py-3">
+							<div style="float: left;">
+								<div id="signArea" style="height:auto;width:304px;margin-left: 0px;margin-top: 10px;max-width: 90%">
+									<h2 class="tag-ingo" style="font-size: 15px;text-align: left;font-style: oblique;">Enter your signature below: <span class="sign-pad-clear" style="font-size: 10px;color: black;cursor: pointer;">(<u>clear signature</u>)</span></h2>
+									<div class="sig sigWrapper" style="height:auto;max-width: 90%">
+										<div class="typed"></div>
+										<canvas class="sign-pad" id="sign-pad" name="sign-pad" style="width: 300px;height: auto;max-width: 100%"></canvas>
+									</div>
+								</div>
+								<button id="btnSaveSign" class="btn btn-primary" style="margin-left: 0px;margin-top: 10px;"" onclick="saveSig()">Save Signature</button>
+							</div>
+
+
+							<div style="float: left;margin-left: 0px;margin-top: 10px;max-width: 90%">
+								<h2 class="tag-ingo" style="font-size: 15px;text-align: left;font-style: oblique;">Currently saved signature:</h2>
+								<img src="" id="current_sig" style="margin-bottom: 5px;width: 300px;height: auto;max-width: 90%;">
+							</div>
+
+
+							<div style="clear: both;"></div>
+
+
+
+						</div>
+					</div>
+
+
+
+
+
+
+
+
+	<script>
+		$("#signArea").signaturePad({drawOnly:true, drawBezierCurves:true, lineTop:100,clear:".sign-pad-clear"});
+
+
+
+
+		function loadSig(){
+			var http = new XMLHttpRequest();
+			var url = hostUrl+"get_sign.php";
+			var params = "apiKey="+window.localStorage.getItem("api_key")+"&service_id="+service_id;
+			http.open("POST", url, true);
+
+			//Send the proper header information along with the request
+			http.setRequestHeader("Content-type", "application/x-www-form-urlencoded");
+
+			http.onreadystatechange = function() {//Call a function when the state changes.
+
+				if(http.readyState == 4 && http.status == 200) {
+					var obj = null;
+					try {
+						obj = JSON.parse(http.responseText);
+					}catch (e) {
+						vex.dialog.alert("Communication Error. Please try again later.");
+					}
+					if(obj!=null){
+						if(obj.message!=""){
+							if(obj.message=="Incorrect API credentials"){
+								performTheLogOut();
+							}else{
+								vex.dialog.alert(obj.message);
+							}
+						}else{
+							document.getElementById("current_sig").src = obj.data.img;
+						}
+					}
+				}
+			};
+			http.send(encodeURI(params));
+		}
+
+		function saveSig(){
+			vex.dialog.confirm({
+				message: 'By saving this signature you are confirming that the information contained in the work order is accurate to the best of your knowledge. Do you wish to proceed?',
+				callback: function (value) {
+					if (value) {
+						html2canvas([document.getElementById('sign-pad')], {
+							onrendered: function (canvas) {
+								var canvas_img_data = canvas.toDataURL('image/png');
+								var img_data = canvas_img_data.replace(/^data:image\/(png|jpg);base64,/, "");
+								//ajax call to save image inside folder
+								$.ajax({
+									url: hostUrl+'save_sign.php',
+									data: { img_data:img_data, service_id:service_id, apiKey: window.localStorage.getItem("api_key") },
+									type: 'post',
+									dataType: 'json',
+									success: function (response) {
+										if(response!=null){
+											if(response.message!=""){
+												console.log("Error: "+response.message);
+											}else{
+												$(".sign-pad-clear").trigger("click");
+												loadSig();
+											}
+										}
+									}
+								});
+							}
+						});
+					}
+				}
+			})
+		}
\ No newline at end of file