Rml workorder/v2 need improvements

lib/Helper/Helper.php

@@ -11,49 +11,75 @@ class Helper {
     public static function generateFilterCondition($filterValue, $columnName, bool $exactMatch = false): string {
         $sql = "";
 
+        $quotedColumn = (strpos($columnName, '.') === false && strpos($columnName, '|') === false)
+            ? "`$columnName`"
+            : $columnName;
+
         if (is_array($filterValue)) {
             if (isset($filterValue['from']) && isset($filterValue['to'])) {
-                $sql = " AND `$columnName` >= " . $filterValue['from'] . " AND `$columnName` <= " . $filterValue['to'];
+                $sql = " AND $quotedColumn >= " . $filterValue['from'] . " AND $quotedColumn <= " . $filterValue['to'];
             } elseif (isset($filterValue['from'])) {
-                $sql = " AND `$columnName` >= " . $filterValue['from'];
+                $sql = " AND $quotedColumn >= " . $filterValue['from'];
             } elseif (isset($filterValue['to'])) {
-                $sql = " AND `$columnName` <= " . $filterValue['to'];
+                $sql = " AND $quotedColumn <= " . $filterValue['to'];
             } else if (isset($filterValue['exact'])) {
-                $sql = " AND `$columnName` = " . "'{$filterValue['exact']}'";
+                $sql = " AND $quotedColumn = " . "'{$filterValue['exact']}'";
             } else if (!empty($filterValue)) {
-                $sql = " AND `$columnName` IN ('" . implode("','", $filterValue) . "')";
+                $sql = " AND $quotedColumn IN ('" . implode("','", $filterValue) . "')";
             }
         } else if ($filterValue === "0" || $filterValue === "1") {
-            $sql .= " AND `$columnName` = " . $filterValue;
+            $sql .= " AND $quotedColumn = " . $filterValue;
         } else if ($filterValue === null) {
-            $sql .= " AND `$columnName` IS NULL";
+            $sql .= " AND $quotedColumn IS NULL";
         } else if ($filterValue === '!NULL') {
-            $sql .= " AND `$columnName` IS NOT NULL";
+            $sql .= " AND $quotedColumn IS NOT NULL";
         } else if (!empty($filterValue)) {
             if ($exactMatch) {
-                $sql .= " AND `$columnName` = '" . $filterValue . "'";
+                $sql .= " AND $quotedColumn = '" . $filterValue . "'";
             } else if (strpos($columnName, "|") !== false) {
-                foreach (explode(" ", $filterValue) as $item)
-                    $sql .= " AND CONCAT(" . join(",", explode("|", $columnName)) . ") LIKE '%" . $item . "%'";
+                $columns = explode("|", $columnName);
+
+// Loop through each search term (e.g., "john", "doe")
+                foreach (explode(" ", $filterValue) as $item) {
+                    // Skip if the item is empty
+                    if (empty(trim($item))) {
+                        continue;
+                    }
+
+                    $escapedItem = addslashes($item); // Basic escaping
+
+                    // Build the list of OR conditions for the current item
+                    $orConditions = [];
+                    foreach ($columns as $column) {
+                        // e.g., "first_name LIKE '%john%'"
+                        $orConditions[] = "$column LIKE '%" . $escapedItem . "%'";
+                    }
+
+                    // Combine the OR conditions into a single block and add to the query
+                    // e.g., "AND (first_name LIKE '%john%' OR last_name LIKE '%john%')"
+                    if (!empty($orConditions)) {
+                        $sql .= " AND (" . implode(" OR ", $orConditions) . ")";
+                    }
+                }
             } else if ($filterValue[0] === "%") {
-                $sql .= " AND `$columnName` LIKE '" . $filterValue . "'";
+                $sql .= " AND $quotedColumn LIKE '" . addslashes($filterValue) . "'";
             } else if ($filterValue[strlen($filterValue) - 1] === "%") {
-                $sql .= " AND `$columnName` LIKE '" . $filterValue . "'";
+                $sql .= " AND $quotedColumn LIKE '" . addslashes($filterValue) . "'";
             } else if ($filterValue[0] === "!") {
-                $sql .= " AND `$columnName` NOT LIKE '%" . substr($filterValue, 1) . "%'";
+                $sql .= " AND $quotedColumn NOT LIKE '%" . addslashes(substr($filterValue, 1)) . "%'";
             } else {
                 $filterItems = explode(" ", $filterValue);
                 foreach ($filterItems as $item) {
-                    $sql .= " AND `$columnName` LIKE '%" . $item . "%'";
+                    $escapedItem = addslashes($item); // Basic escaping
+                    $sql .= " AND $quotedColumn LIKE '%" . $escapedItem . "%'";
                 }
             }
         } else if ($filterValue === 0) {
-            $sql .= " AND `$columnName` = 0";
+            $sql .= " AND $quotedColumn = 0";
         }
 
         return $sql;
     }
-
     /**
      * Validates an array of data based on a set of predefined rules.
      *
@@ -175,4 +201,16 @@ class Helper {
         return number_format($number, $decimals, $decPoint, $thousandsSep);
     }
 
+    public static function getPreorderCampaignFromUser($user, bool $returnObject = false): array {
+        if ($user->isAdmin()) $campaigns = PreordercampaignModel::getAll();
+        else {
+            $networkIDs = array_unique(array_merge(
+                array_column($user->myNetworks(["netowner", "salespartner"]), 'id'),
+                json_decode($user->getFlag("preorder_networks")->value() ?: '[]')
+            ));
+            $campaigns = PreordercampaignModel::search(['network_id' => $networkIDs]);
+        }
+
+        return $returnObject ? $campaigns : array_column($campaigns, 'id');
+    }
 }