jukka/intra.cuitunet.fi
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
b927cd2bf5c1bba55f27feccdbc8ff4e62fd1317
intra.cuitunet.fi/api.php
Jukka Lampikoski b927cd2bf5 Fix missing mbstring: replace mb_strtolower with strtolower 
Production server (PHP 8.4) doesn't have mbstring extension,
causing 500 error on saatavuus endpoint.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-10 02:39:04 +02:00

1034 lines
39 KiB
PHP
Raw Blame History

<?php
// Turvalliset session-asetukset
ini_set('session.cookie_httponly', 1);
ini_set('session.cookie_secure', 1);
ini_set('session.use_strict_mode', 1);
ini_set('session.cookie_samesite', 'Strict');
session_start();
header('Content-Type: application/json');
header('X-Content-Type-Options: nosniff');
define('DATA_DIR', __DIR__ . '/data');
define('DATA_FILE', DATA_DIR . '/customers.json');
define('USERS_FILE', DATA_DIR . '/users.json');
define('CHANGELOG_FILE', DATA_DIR . '/changelog.json');
define('ARCHIVE_FILE', DATA_DIR . '/archive.json');
define('LEADS_FILE', DATA_DIR . '/leads.json');
define('TOKENS_FILE', DATA_DIR . '/reset_tokens.json');
define('RATE_FILE', DATA_DIR . '/login_attempts.json');
define('CONFIG_FILE', DATA_DIR . '/config.json');
define('SITE_URL', 'https://intra.cuitunet.fi');
// Sähköpostiasetukset
define('MAIL_FROM', 'sivusto@cuitunet.fi');
define('MAIL_FROM_NAME', 'CuituNet Intra');
// Varmista data-kansio ja tiedostot
if (!file_exists(DATA_DIR)) mkdir(DATA_DIR, 0755, true);
foreach ([DATA_FILE, USERS_FILE, CHANGELOG_FILE, ARCHIVE_FILE, LEADS_FILE, TOKENS_FILE, RATE_FILE] as $f) {
if (!file_exists($f)) file_put_contents($f, '[]');
}
initUsers();
$method = $_SERVER['REQUEST_METHOD'];
$action = $_GET['action'] ?? '';
// ==================== HELPERS ====================
function requireAuth() {
if (!isset($_SESSION['user_id'])) {
http_response_code(401);
echo json_encode(['error' => 'Kirjaudu sisään']);
exit;
}
}
function requireAdmin() {
requireAuth();
if (($_SESSION['role'] ?? '') !== 'admin') {
http_response_code(403);
echo json_encode(['error' => 'Vain ylläpitäjä voi tehdä tämän']);
exit;
}
}
function currentUser(): string {
return $_SESSION['username'] ?? 'tuntematon';
}
function generateId(): string {
return bin2hex(random_bytes(8));
}
function generateToken(): string {
return bin2hex(random_bytes(32));
}
// ==================== RATE LIMITING ====================
function checkRateLimit(string $ip): bool {
$attempts = json_decode(file_get_contents(RATE_FILE), true) ?: [];
$now = time();
// Siivoa vanhat (yli 15 min)
$attempts = array_filter($attempts, fn($a) => ($now - $a['time']) < 900);
file_put_contents(RATE_FILE, json_encode(array_values($attempts)));
// Laske tämän IP:n yritykset viimeisen 15 min aikana
$ipAttempts = array_filter($attempts, fn($a) => $a['ip'] === $ip);
return count($ipAttempts) < 10; // Max 10 yritystä / 15 min
}
function recordLoginAttempt(string $ip): void {
$attempts = json_decode(file_get_contents(RATE_FILE), true) ?: [];
$attempts[] = ['ip' => $ip, 'time' => time()];
file_put_contents(RATE_FILE, json_encode($attempts));
}
function getClientIp(): string {
return $_SERVER['HTTP_X_FORWARDED_FOR'] ?? $_SERVER['REMOTE_ADDR'] ?? '0.0.0.0';
}
// ==================== CONFIG ====================
function loadConfig(): array {
if (!file_exists(CONFIG_FILE)) return [];
return json_decode(file_get_contents(CONFIG_FILE), true) ?: [];
}
function saveConfig(array $config): void {
file_put_contents(CONFIG_FILE, json_encode($config, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE));
}
function normalizeAddress(string $addr): string {
$addr = strtolower(trim($addr));
$addr = preg_replace('/\s+/', ' ', $addr);
return $addr;
}
// ==================== EMAIL ====================
function sendMail(string $to, string $subject, string $htmlBody): bool {
$headers = "MIME-Version: 1.0\r\n";
$headers .= "Content-Type: text/html; charset=UTF-8\r\n";
$headers .= "From: " . MAIL_FROM_NAME . " <" . MAIL_FROM . ">\r\n";
$headers .= "Reply-To: " . MAIL_FROM . "\r\n";
return mail($to, $subject, $htmlBody, $headers, '-f ' . MAIL_FROM);
}
// ==================== USERS ====================
function initUsers(): void {
$users = json_decode(file_get_contents(USERS_FILE), true) ?: [];
if (empty($users)) {
$users[] = [
'id' => generateId(),
'username' => 'admin',
'password_hash' => password_hash('cuitunet2024', PASSWORD_DEFAULT),
'nimi' => 'Ylläpitäjä',
'email' => '',
'role' => 'admin',
'luotu' => date('Y-m-d H:i:s'),
];
file_put_contents(USERS_FILE, json_encode($users, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE));
}
}
function loadUsers(): array {
return json_decode(file_get_contents(USERS_FILE), true) ?: [];
}
function saveUsers(array $users): void {
file_put_contents(USERS_FILE, json_encode($users, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE));
}
// ==================== RESET TOKENS ====================
function saveToken(string $userId, string $token): void {
$tokens = json_decode(file_get_contents(TOKENS_FILE), true) ?: [];
// Poista vanhat tokenit tälle käyttäjälle
$tokens = array_filter($tokens, fn($t) => $t['user_id'] !== $userId);
$tokens[] = [
'user_id' => $userId,
'token' => hash('sha256', $token),
'expires' => time() + 3600, // 1 tunti
];
file_put_contents(TOKENS_FILE, json_encode(array_values($tokens)));
}
function validateToken(string $token): ?string {
$tokens = json_decode(file_get_contents(TOKENS_FILE), true) ?: [];
$hashed = hash('sha256', $token);
$now = time();
foreach ($tokens as $t) {
if ($t['token'] === $hashed && $t['expires'] > $now) {
return $t['user_id'];
}
}
return null;
}
function removeToken(string $token): void {
$tokens = json_decode(file_get_contents(TOKENS_FILE), true) ?: [];
$hashed = hash('sha256', $token);
$tokens = array_filter($tokens, fn($t) => $t['token'] !== $hashed);
file_put_contents(TOKENS_FILE, json_encode(array_values($tokens)));
}
// ==================== CHANGELOG ====================
function addLog(string $action, string $customerId = '', string $customerName = '', string $details = ''): void {
$log = json_decode(file_get_contents(CHANGELOG_FILE), true) ?: [];
array_unshift($log, [
'id' => generateId(),
'timestamp' => date('Y-m-d H:i:s'),
'user' => currentUser(),
'action' => $action,
'customer_id' => $customerId,
'customer_name' => $customerName,
'details' => $details,
]);
if (count($log) > 500) $log = array_slice($log, 0, 500);
file_put_contents(CHANGELOG_FILE, json_encode($log, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE));
}
// ==================== CUSTOMERS ====================
function loadCustomers(): array {
$data = file_get_contents(DATA_FILE);
$customers = json_decode($data, true) ?: [];
$migrated = false;
foreach ($customers as &$c) {
if (!isset($c['liittymat'])) {
$c['liittymat'] = [[
'asennusosoite' => $c['asennusosoite'] ?? '',
'postinumero' => $c['postinumero'] ?? '',
'kaupunki' => $c['kaupunki'] ?? '',
'liittymanopeus' => $c['liittymanopeus'] ?? '',
'hinta' => floatval($c['hinta'] ?? 0),
'sopimuskausi' => '',
'alkupvm' => '',
]];
unset($c['asennusosoite'], $c['postinumero'], $c['kaupunki'], $c['liittymanopeus'], $c['hinta']);
$migrated = true;
}
}
unset($c);
if ($migrated) {
file_put_contents(DATA_FILE, json_encode($customers, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE));
}
return $customers;
}
function saveCustomers(array $customers): void {
if (file_exists(DATA_FILE) && filesize(DATA_FILE) > 2) {
$backupDir = DATA_DIR . '/backups';
if (!file_exists($backupDir)) mkdir($backupDir, 0755, true);
copy(DATA_FILE, $backupDir . '/customers_' . date('Y-m-d_His') . '.json');
$backups = glob($backupDir . '/customers_*.json');
if (count($backups) > 30) {
sort($backups);
array_map('unlink', array_slice($backups, 0, count($backups) - 30));
}
}
file_put_contents(DATA_FILE, json_encode($customers, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE));
}
function loadArchive(): array {
return json_decode(file_get_contents(ARCHIVE_FILE), true) ?: [];
}
function saveArchive(array $archive): void {
file_put_contents(ARCHIVE_FILE, json_encode($archive, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE));
}
function parseLiittymat(array $input): array {
$liittymat = [];
foreach (($input['liittymat'] ?? []) as $l) {
$liittymat[] = [
'asennusosoite' => trim($l['asennusosoite'] ?? ''),
'postinumero' => trim($l['postinumero'] ?? ''),
'kaupunki' => trim($l['kaupunki'] ?? ''),
'liittymanopeus' => trim($l['liittymanopeus'] ?? ''),
'hinta' => floatval($l['hinta'] ?? 0),
'sopimuskausi' => trim($l['sopimuskausi'] ?? ''),
'alkupvm' => trim($l['alkupvm'] ?? ''),
];
}
if (empty($liittymat)) {
$liittymat[] = ['asennusosoite' => '', 'postinumero' => '', 'kaupunki' => '', 'liittymanopeus' => '', 'hinta' => 0, 'sopimuskausi' => '', 'alkupvm' => ''];
}
return $liittymat;
}
// ==================== ROUTES ====================
switch ($action) {
// ---------- SAATAVUUS (julkinen API) ----------
case 'saatavuus':
// CORS - salli cuitunet.fi
$config = loadConfig();
$allowedOrigins = $config['cors_origins'] ?? ['https://cuitunet.fi', 'https://www.cuitunet.fi'];
$origin = $_SERVER['HTTP_ORIGIN'] ?? '';
if (in_array($origin, $allowedOrigins)) {
header("Access-Control-Allow-Origin: $origin");
header('Access-Control-Allow-Methods: GET, OPTIONS');
header('Access-Control-Allow-Headers: Content-Type, X-Api-Key');
}
if ($method === 'OPTIONS') { http_response_code(204); break; }
// API-avain tarkistus
$apiKey = $config['api_key'] ?? '';
$providedKey = $_GET['key'] ?? ($_SERVER['HTTP_X_API_KEY'] ?? '');
if (empty($apiKey) || $providedKey !== $apiKey) {
http_response_code(403);
echo json_encode(['error' => 'Virheellinen API-avain']);
break;
}
$query = normalizeAddress($_GET['osoite'] ?? '');
$postinumero = trim($_GET['postinumero'] ?? '');
if (empty($query) && empty($postinumero)) {
http_response_code(400);
echo json_encode(['error' => 'Anna osoite tai postinumero']);
break;
}
$customers = loadCustomers();
$matches = [];
foreach ($customers as $c) {
foreach ($c['liittymat'] ?? [] as $l) {
$addr = normalizeAddress($l['asennusosoite'] ?? '');
$zip = trim($l['postinumero'] ?? '');
$city = strtolower(trim($l['kaupunki'] ?? ''));
$hit = false;
// Postinumero-haku
if (!empty($postinumero) && $zip === $postinumero) {
$hit = true;
}
// Osoitehaku (sisältää haun)
if (!empty($query) && !empty($addr)) {
if (strpos($addr, $query) !== false || strpos($query, $addr) !== false) {
$hit = true;
}
// Kadunnimi-match (ilman numeroa)
$queryStreet = trim(preg_replace('/\d+.*$/', '', $query));
$addrStreet = trim(preg_replace('/\d+.*$/', '', $addr));
if (!empty($queryStreet) && !empty($addrStreet) && strpos($addrStreet, $queryStreet) !== false) {
$hit = true;
}
}
if ($hit) {
// Palauta VAIN osoitetieto ja nopeus - ei asiakastietoja
$matches[] = [
'osoite' => $l['asennusosoite'] ?? '',
'postinumero' => $zip,
'kaupunki' => $l['kaupunki'] ?? '',
'nopeus' => $l['liittymanopeus'] ?? '',
];
}
}
}
// Poista duplikaatit (sama osoite eri asiakkailla)
$unique = [];
$seen = [];
foreach ($matches as $m) {
$key = normalizeAddress($m['osoite'] . $m['postinumero']);
if (!isset($seen[$key])) {
$unique[] = $m;
$seen[$key] = true;
}
}
echo json_encode([
'saatavilla' => count($unique) > 0,
'kohteet' => $unique,
'maara' => count($unique),
]);
break;
// ---------- CONFIG (admin) ----------
case 'config':
requireAdmin();
echo json_encode(loadConfig());
break;
case 'config_update':
requireAdmin();
if ($method !== 'POST') break;
$input = json_decode(file_get_contents('php://input'), true);
$config = loadConfig();
if (isset($input['api_key'])) $config['api_key'] = trim($input['api_key']);
if (isset($input['cors_origins'])) {
$origins = array_filter(array_map('trim', explode("\n", $input['cors_origins'])));
$config['cors_origins'] = array_values($origins);
}
saveConfig($config);
addLog('config_update', '', '', 'Päivitti asetukset');
echo json_encode($config);
break;
case 'generate_api_key':
requireAdmin();
if ($method !== 'POST') break;
$config = loadConfig();
$config['api_key'] = bin2hex(random_bytes(16));
saveConfig($config);
addLog('config_update', '', '', 'Generoi uuden API-avaimen');
echo json_encode($config);
break;
// ---------- CAPTCHA ----------
case 'captcha':
$a = rand(1, 20);
$b = rand(1, 20);
$_SESSION['captcha_answer'] = $a + $b;
echo json_encode(['question' => "$a + $b = ?"]);
break;
// ---------- AUTH ----------
case 'login':
if ($method !== 'POST') break;
$ip = getClientIp();
if (!checkRateLimit($ip)) {
http_response_code(429);
echo json_encode(['error' => 'Liian monta kirjautumisyritystä. Yritä uudelleen 15 minuutin kuluttua.']);
break;
}
$input = json_decode(file_get_contents('php://input'), true);
// Captcha-tarkistus
$captchaAnswer = intval($input['captcha'] ?? 0);
if (!isset($_SESSION['captcha_answer']) || $captchaAnswer !== $_SESSION['captcha_answer']) {
recordLoginAttempt($ip);
http_response_code(400);
echo json_encode(['error' => 'Virheellinen captcha-vastaus']);
unset($_SESSION['captcha_answer']);
break;
}
unset($_SESSION['captcha_answer']);
$username = trim($input['username'] ?? '');
$password = $input['password'] ?? '';
$users = loadUsers();
$found = false;
foreach ($users as $u) {
if ($u['username'] === $username && password_verify($password, $u['password_hash'])) {
session_regenerate_id(true);
$_SESSION['user_id'] = $u['id'];
$_SESSION['username'] = $u['username'];
$_SESSION['nimi'] = $u['nimi'];
$_SESSION['role'] = $u['role'];
echo json_encode(['success' => true, 'username' => $u['username'], 'nimi' => $u['nimi'], 'role' => $u['role']]);
$found = true;
break;
}
}
if (!$found) {
recordLoginAttempt($ip);
http_response_code(401);
echo json_encode(['error' => 'Väärä käyttäjätunnus tai salasana']);
}
break;
case 'logout':
session_destroy();
echo json_encode(['success' => true]);
break;
case 'check_auth':
if (isset($_SESSION['user_id'])) {
echo json_encode([
'authenticated' => true,
'username' => $_SESSION['username'],
'nimi' => $_SESSION['nimi'],
'role' => $_SESSION['role'],
]);
} else {
echo json_encode(['authenticated' => false]);
}
break;
// ---------- PASSWORD RESET ----------
case 'password_reset_request':
if ($method !== 'POST') break;
$ip = getClientIp();
if (!checkRateLimit($ip)) {
http_response_code(429);
echo json_encode(['error' => 'Liian monta yritystä. Yritä uudelleen myöhemmin.']);
break;
}
recordLoginAttempt($ip);
$input = json_decode(file_get_contents('php://input'), true);
$username = trim($input['username'] ?? '');
$users = loadUsers();
$user = null;
foreach ($users as $u) {
if ($u['username'] === $username) { $user = $u; break; }
}
// Palauta aina sama viesti (ei paljasta onko tunnus olemassa)
if ($user && !empty($user['email'])) {
$token = generateToken();
saveToken($user['id'], $token);
$resetUrl = SITE_URL . '/?reset=' . $token;
$html = '<div style="font-family:sans-serif;max-width:500px;margin:0 auto;">';
$html .= '<h2 style="color:#0f3460;">CuituNet Intra</h2>';
$html .= '<p>Hei ' . htmlspecialchars($user['nimi'] ?: $user['username']) . ',</p>';
$html .= '<p>Sait tämän viestin koska salasanan palautusta pyydettiin tilillesi.</p>';
$html .= '<p><a href="' . $resetUrl . '" style="display:inline-block;background:#0f3460;color:#fff;padding:12px 24px;border-radius:8px;text-decoration:none;font-weight:600;">Vaihda salasana</a></p>';
$html .= '<p style="color:#888;font-size:0.9em;">Linkki on voimassa 1 tunnin. Jos et pyytänyt salasanan vaihtoa, voit jättää tämän viestin huomiotta.</p>';
$html .= '</div>';
sendMail($user['email'], 'Salasanan palautus - CuituNet Intra', $html);
}
echo json_encode(['success' => true, 'message' => 'Jos käyttäjätunnus löytyy ja sillä on sähköposti, palautuslinkki lähetetään.']);
break;
case 'password_reset':
if ($method !== 'POST') break;
$input = json_decode(file_get_contents('php://input'), true);
$token = $input['token'] ?? '';
$newPassword = $input['password'] ?? '';
if (strlen($newPassword) < 4) {
http_response_code(400);
echo json_encode(['error' => 'Salasanan pitää olla vähintään 4 merkkiä']);
break;
}
$userId = validateToken($token);
if (!$userId) {
http_response_code(400);
echo json_encode(['error' => 'Palautuslinkki on vanhentunut tai virheellinen']);
break;
}
$users = loadUsers();
foreach ($users as &$u) {
if ($u['id'] === $userId) {
$u['password_hash'] = password_hash($newPassword, PASSWORD_DEFAULT);
break;
}
}
unset($u);
saveUsers($users);
removeToken($token);
echo json_encode(['success' => true, 'message' => 'Salasana vaihdettu onnistuneesti']);
break;
case 'validate_reset_token':
$token = $_GET['token'] ?? '';
$userId = validateToken($token);
echo json_encode(['valid' => $userId !== null]);
break;
// ---------- USERS ----------
case 'users':
requireAdmin();
$users = loadUsers();
$safe = array_map(function($u) {
unset($u['password_hash']);
return $u;
}, $users);
echo json_encode(array_values($safe));
break;
case 'user_create':
requireAdmin();
if ($method !== 'POST') break;
$input = json_decode(file_get_contents('php://input'), true);
$username = trim($input['username'] ?? '');
$password = $input['password'] ?? '';
$nimi = trim($input['nimi'] ?? '');
$email = trim($input['email'] ?? '');
$role = ($input['role'] ?? 'user') === 'admin' ? 'admin' : 'user';
if (empty($username) || empty($password)) {
http_response_code(400);
echo json_encode(['error' => 'Käyttäjätunnus ja salasana vaaditaan']);
break;
}
if (strlen($password) < 4) {
http_response_code(400);
echo json_encode(['error' => 'Salasanan pitää olla vähintään 4 merkkiä']);
break;
}
$users = loadUsers();
foreach ($users as $u) {
if ($u['username'] === $username) {
http_response_code(400);
echo json_encode(['error' => 'Käyttäjätunnus on jo käytössä']);
break 2;
}
}
$newUser = [
'id' => generateId(),
'username' => $username,
'password_hash' => password_hash($password, PASSWORD_DEFAULT),
'nimi' => $nimi ?: $username,
'email' => $email,
'role' => $role,
'luotu' => date('Y-m-d H:i:s'),
];
$users[] = $newUser;
saveUsers($users);
addLog('user_create', '', '', "Lisäsi käyttäjän: {$username} ({$role})");
unset($newUser['password_hash']);
echo json_encode($newUser);
break;
case 'user_update':
requireAdmin();
if ($method !== 'POST') break;
$input = json_decode(file_get_contents('php://input'), true);
$id = $input['id'] ?? '';
$users = loadUsers();
$found = false;
foreach ($users as &$u) {
if ($u['id'] === $id) {
if (isset($input['nimi'])) $u['nimi'] = trim($input['nimi']);
if (isset($input['email'])) $u['email'] = trim($input['email']);
if (isset($input['role'])) $u['role'] = $input['role'] === 'admin' ? 'admin' : 'user';
if (!empty($input['password'])) {
$u['password_hash'] = password_hash($input['password'], PASSWORD_DEFAULT);
}
$found = true;
addLog('user_update', '', '', "Muokkasi käyttäjää: {$u['username']}");
$safe = $u;
unset($safe['password_hash']);
echo json_encode($safe);
break;
}
}
unset($u);
if (!$found) {
http_response_code(404);
echo json_encode(['error' => 'Käyttäjää ei löydy']);
break;
}
saveUsers($users);
break;
case 'user_delete':
requireAdmin();
if ($method !== 'POST') break;
$input = json_decode(file_get_contents('php://input'), true);
$id = $input['id'] ?? '';
if ($id === $_SESSION['user_id']) {
http_response_code(400);
echo json_encode(['error' => 'Et voi poistaa itseäsi']);
break;
}
$users = loadUsers();
$deleted = null;
foreach ($users as $u) {
if ($u['id'] === $id) { $deleted = $u; break; }
}
$users = array_values(array_filter($users, fn($u) => $u['id'] !== $id));
saveUsers($users);
if ($deleted) addLog('user_delete', '', '', "Poisti käyttäjän: {$deleted['username']}");
echo json_encode(['success' => true]);
break;
// ---------- CHANGELOG ----------
case 'changelog':
requireAuth();
$log = json_decode(file_get_contents(CHANGELOG_FILE), true) ?: [];
$limit = intval($_GET['limit'] ?? 100);
echo json_encode(array_slice($log, 0, $limit));
break;
// ---------- CUSTOMERS ----------
case 'customers':
requireAuth();
if ($method === 'GET') {
echo json_encode(loadCustomers());
}
break;
case 'customer':
requireAuth();
if ($method === 'POST') {
$input = json_decode(file_get_contents('php://input'), true);
$customers = loadCustomers();
$customer = [
'id' => generateId(),
'yritys' => trim($input['yritys'] ?? ''),
'yhteyshenkilö' => trim($input['yhteyshenkilö'] ?? ''),
'puhelin' => trim($input['puhelin'] ?? ''),
'sahkoposti' => trim($input['sahkoposti'] ?? ''),
'laskutusosoite' => trim($input['laskutusosoite'] ?? ''),
'laskutuspostinumero' => trim($input['laskutuspostinumero'] ?? ''),
'laskutuskaupunki' => trim($input['laskutuskaupunki'] ?? ''),
'laskutussahkoposti' => trim($input['laskutussahkoposti'] ?? ''),
'elaskuosoite' => trim($input['elaskuosoite'] ?? ''),
'elaskuvalittaja' => trim($input['elaskuvalittaja'] ?? ''),
'ytunnus' => trim($input['ytunnus'] ?? ''),
'lisatiedot' => trim($input['lisatiedot'] ?? ''),
'liittymat' => parseLiittymat($input),
'luotu' => date('Y-m-d H:i:s'),
];
if (empty($customer['yritys'])) {
http_response_code(400);
echo json_encode(['error' => 'Yrityksen nimi vaaditaan']);
break;
}
$customers[] = $customer;
saveCustomers($customers);
addLog('customer_create', $customer['id'], $customer['yritys'], 'Lisäsi asiakkaan');
echo json_encode($customer);
}
break;
case 'customer_update':
requireAuth();
if ($method !== 'POST') break;
$input = json_decode(file_get_contents('php://input'), true);
$id = $input['id'] ?? '';
$customers = loadCustomers();
$found = false;
foreach ($customers as &$c) {
if ($c['id'] === $id) {
$changes = [];
$fields = ['yritys','yhteyshenkilö','puhelin','sahkoposti','laskutusosoite','laskutuspostinumero','laskutuskaupunki','laskutussahkoposti','elaskuosoite','elaskuvalittaja','ytunnus','lisatiedot'];
foreach ($fields as $f) {
if (isset($input[$f])) {
$old = $c[$f] ?? '';
$new = trim($input[$f]);
if ($old !== $new) $changes[] = $f;
$c[$f] = $new;
}
}
if (isset($input['liittymat'])) {
$c['liittymat'] = parseLiittymat($input);
$changes[] = 'liittymat';
}
$c['muokattu'] = date('Y-m-d H:i:s');
$found = true;
addLog('customer_update', $c['id'], $c['yritys'], 'Muokkasi: ' . implode(', ', $changes));
echo json_encode($c);
break;
}
}
unset($c);
if (!$found) {
http_response_code(404);
echo json_encode(['error' => 'Asiakasta ei löydy']);
break;
}
saveCustomers($customers);
break;
case 'customer_delete':
requireAuth();
if ($method !== 'POST') break;
$input = json_decode(file_get_contents('php://input'), true);
$id = $input['id'] ?? '';
$customers = loadCustomers();
$archived = null;
$remaining = [];
foreach ($customers as $c) {
if ($c['id'] === $id) {
$c['arkistoitu'] = date('Y-m-d H:i:s');
$c['arkistoija'] = currentUser();
$archived = $c;
} else {
$remaining[] = $c;
}
}
if ($archived) {
$archive = loadArchive();
$archive[] = $archived;
saveArchive($archive);
saveCustomers($remaining);
addLog('customer_archive', $archived['id'], $archived['yritys'], 'Arkistoi asiakkaan');
}
echo json_encode(['success' => true]);
break;
// ---------- ARCHIVE ----------
case 'archived_customers':
requireAuth();
echo json_encode(loadArchive());
break;
case 'customer_restore':
requireAuth();
if ($method !== 'POST') break;
$input = json_decode(file_get_contents('php://input'), true);
$id = $input['id'] ?? '';
$archive = loadArchive();
$restored = null;
$remaining = [];
foreach ($archive as $c) {
if ($c['id'] === $id) {
unset($c['arkistoitu'], $c['arkistoija']);
$restored = $c;
} else {
$remaining[] = $c;
}
}
if ($restored) {
$customers = loadCustomers();
$customers[] = $restored;
saveCustomers($customers);
saveArchive($remaining);
addLog('customer_restore', $restored['id'], $restored['yritys'], 'Palautti asiakkaan arkistosta');
}
echo json_encode(['success' => true]);
break;
case 'customer_permanent_delete':
requireAdmin();
if ($method !== 'POST') break;
$input = json_decode(file_get_contents('php://input'), true);
$id = $input['id'] ?? '';
$archive = loadArchive();
$deleted = null;
foreach ($archive as $c) {
if ($c['id'] === $id) { $deleted = $c; break; }
}
$archive = array_values(array_filter($archive, fn($c) => $c['id'] !== $id));
saveArchive($archive);
$filesDir = DATA_DIR . '/files/' . $id;
if (is_dir($filesDir)) {
array_map('unlink', glob($filesDir . '/*'));
rmdir($filesDir);
}
if ($deleted) addLog('customer_permanent_delete', $id, $deleted['yritys'] ?? '', 'Poisti pysyvästi');
echo json_encode(['success' => true]);
break;
// ---------- LEADS ----------
case 'leads':
requireAuth();
$leads = json_decode(file_get_contents(LEADS_FILE), true) ?: [];
echo json_encode($leads);
break;
case 'lead_create':
requireAuth();
if ($method !== 'POST') break;
$input = json_decode(file_get_contents('php://input'), true);
$lead = [
'id' => generateId(),
'yritys' => trim($input['yritys'] ?? ''),
'yhteyshenkilo' => trim($input['yhteyshenkilo'] ?? ''),
'puhelin' => trim($input['puhelin'] ?? ''),
'sahkoposti' => trim($input['sahkoposti'] ?? ''),
'osoite' => trim($input['osoite'] ?? ''),
'kaupunki' => trim($input['kaupunki'] ?? ''),
'tila' => trim($input['tila'] ?? 'uusi'),
'muistiinpanot' => trim($input['muistiinpanot'] ?? ''),
'luotu' => date('Y-m-d H:i:s'),
'luoja' => currentUser(),
];
if (empty($lead['yritys'])) {
http_response_code(400);
echo json_encode(['error' => 'Yrityksen nimi vaaditaan']);
break;
}
$leads = json_decode(file_get_contents(LEADS_FILE), true) ?: [];
$leads[] = $lead;
file_put_contents(LEADS_FILE, json_encode($leads, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE));
addLog('lead_create', $lead['id'], $lead['yritys'], 'Lisäsi liidin');
echo json_encode($lead);
break;
case 'lead_update':
requireAuth();
if ($method !== 'POST') break;
$input = json_decode(file_get_contents('php://input'), true);
$id = $input['id'] ?? '';
$leads = json_decode(file_get_contents(LEADS_FILE), true) ?: [];
$found = false;
foreach ($leads as &$l) {
if ($l['id'] === $id) {
$fields = ['yritys','yhteyshenkilo','puhelin','sahkoposti','osoite','kaupunki','tila','muistiinpanot'];
foreach ($fields as $f) {
if (isset($input[$f])) $l[$f] = trim($input[$f]);
}
$l['muokattu'] = date('Y-m-d H:i:s');
$l['muokkaaja'] = currentUser();
$found = true;
addLog('lead_update', $l['id'], $l['yritys'], 'Muokkasi liidiä');
echo json_encode($l);
break;
}
}
unset($l);
if (!$found) {
http_response_code(404);
echo json_encode(['error' => 'Liidiä ei löydy']);
break;
}
file_put_contents(LEADS_FILE, json_encode($leads, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE));
break;
case 'lead_delete':
requireAuth();
if ($method !== 'POST') break;
$input = json_decode(file_get_contents('php://input'), true);
$id = $input['id'] ?? '';
$leads = json_decode(file_get_contents(LEADS_FILE), true) ?: [];
$deleted = null;
foreach ($leads as $l) {
if ($l['id'] === $id) { $deleted = $l; break; }
}
$leads = array_values(array_filter($leads, fn($l) => $l['id'] !== $id));
file_put_contents(LEADS_FILE, json_encode($leads, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE));
if ($deleted) addLog('lead_delete', $id, $deleted['yritys'] ?? '', 'Poisti liidin');
echo json_encode(['success' => true]);
break;
case 'lead_to_customer':
requireAuth();
if ($method !== 'POST') break;
$input = json_decode(file_get_contents('php://input'), true);
$id = $input['id'] ?? '';
$leads = json_decode(file_get_contents(LEADS_FILE), true) ?: [];
$lead = null;
foreach ($leads as $l) {
if ($l['id'] === $id) { $lead = $l; break; }
}
if (!$lead) {
http_response_code(404);
echo json_encode(['error' => 'Liidiä ei löydy']);
break;
}
// Luo asiakas liidistä
$customer = [
'id' => generateId(),
'yritys' => $lead['yritys'],
'yhteyshenkilö' => $lead['yhteyshenkilo'] ?? '',
'puhelin' => $lead['puhelin'] ?? '',
'sahkoposti' => $lead['sahkoposti'] ?? '',
'laskutusosoite' => '',
'laskutuspostinumero' => '',
'laskutuskaupunki' => '',
'laskutussahkoposti' => '',
'elaskuosoite' => '',
'elaskuvalittaja' => '',
'ytunnus' => '',
'lisatiedot' => $lead['muistiinpanot'] ?? '',
'liittymat' => [['asennusosoite' => $lead['osoite'] ?? '', 'postinumero' => '', 'kaupunki' => $lead['kaupunki'] ?? '', 'liittymanopeus' => '', 'hinta' => 0, 'sopimuskausi' => '', 'alkupvm' => '']],
'luotu' => date('Y-m-d H:i:s'),
];
$customers = loadCustomers();
$customers[] = $customer;
saveCustomers($customers);
// Poista liidi
$leads = array_values(array_filter($leads, fn($l) => $l['id'] !== $id));
file_put_contents(LEADS_FILE, json_encode($leads, JSON_PRETTY_PRINT | JSON_UNESCAPED_UNICODE));
addLog('lead_to_customer', $customer['id'], $customer['yritys'], 'Muutti liidin asiakkaaksi');
echo json_encode($customer);
break;
// ---------- FILES ----------
case 'file_upload':
requireAuth();
if ($method !== 'POST') break;
$customerId = $_POST['customer_id'] ?? '';
if (!$customerId || !preg_match('/^[a-f0-9]+$/', $customerId)) {
http_response_code(400);
echo json_encode(['error' => 'Virheellinen asiakas-ID']);
break;
}
if (empty($_FILES['file'])) {
http_response_code(400);
echo json_encode(['error' => 'Tiedosto puuttuu']);
break;
}
$file = $_FILES['file'];
if ($file['error'] !== UPLOAD_ERR_OK) {
http_response_code(400);
echo json_encode(['error' => 'Tiedoston lähetys epäonnistui']);
break;
}
if ($file['size'] > 20 * 1024 * 1024) {
http_response_code(400);
echo json_encode(['error' => 'Tiedosto on liian suuri (max 20 MB)']);
break;
}
$uploadDir = DATA_DIR . '/files/' . $customerId;
if (!file_exists($uploadDir)) mkdir($uploadDir, 0755, true);
$safeName = preg_replace('/[^a-zA-Z0-9._-]/', '_', basename($file['name']));
$dest = $uploadDir . '/' . $safeName;
if (file_exists($dest)) {
$ext = pathinfo($safeName, PATHINFO_EXTENSION);
$base = pathinfo($safeName, PATHINFO_FILENAME);
$safeName = $base . '_' . date('His') . ($ext ? '.' . $ext : '');
$dest = $uploadDir . '/' . $safeName;
}
if (move_uploaded_file($file['tmp_name'], $dest)) {
echo json_encode(['success' => true, 'filename' => $safeName, 'size' => $file['size']]);
} else {
http_response_code(500);
echo json_encode(['error' => 'Tallennusvirhe']);
}
break;
case 'file_list':
requireAuth();
$customerId = $_GET['customer_id'] ?? '';
if (!$customerId || !preg_match('/^[a-f0-9]+$/', $customerId)) {
echo json_encode([]);
break;
}
$dir = DATA_DIR . '/files/' . $customerId;
$files = [];
if (is_dir($dir)) {
foreach (scandir($dir) as $f) {
if ($f === '.' || $f === '..') continue;
$path = $dir . '/' . $f;
$files[] = ['filename' => $f, 'size' => filesize($path), 'modified' => date('Y-m-d H:i', filemtime($path))];
}
}
usort($files, fn($a, $b) => strcmp($b['modified'], $a['modified']));
echo json_encode($files);
break;
case 'file_download':
requireAuth();
$customerId = $_GET['customer_id'] ?? '';
$filename = $_GET['filename'] ?? '';
if (!$customerId || !preg_match('/^[a-f0-9]+$/', $customerId) || !$filename) {
http_response_code(400);
echo json_encode(['error' => 'Virheelliset parametrit']);
break;
}
$safeName = basename($filename);
$path = DATA_DIR . '/files/' . $customerId . '/' . $safeName;
if (!file_exists($path)) {
http_response_code(404);
echo json_encode(['error' => 'Tiedostoa ei löydy']);
break;
}
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . $safeName . '"');
header('Content-Length: ' . filesize($path));
readfile($path);
exit;
case 'file_delete':
requireAuth();
if ($method !== 'POST') break;
$input = json_decode(file_get_contents('php://input'), true);
$customerId = $input['customer_id'] ?? '';
$filename = $input['filename'] ?? '';
if (!$customerId || !preg_match('/^[a-f0-9]+$/', $customerId) || !$filename) {
http_response_code(400);
echo json_encode(['error' => 'Virheelliset parametrit']);
break;
}
$safeName = basename($filename);
$path = DATA_DIR . '/files/' . $customerId . '/' . $safeName;
if (file_exists($path)) unlink($path);
echo json_encode(['success' => true]);
break;
default:
http_response_code(404);
echo json_encode(['error' => 'Tuntematon toiminto']);
break;
}
Reference in New Issue View Git Blame Copy Permalink