Merge pull request #409 from wrongecho/api

API

api/v1/assets/create.php

@@ -42,13 +42,15 @@ if(!empty($name)){
   // Insert into Database
   $insert_sql = mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$ip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
   if($insert_sql){
+    $insert_id = $mysqli->insert_id;
+
     //Logging
-    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API', log_created_at = NOW(), company_id = $company_id");
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), company_id = $company_id");
-    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API', log_created_at = NOW(), company_id = $company_id");
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), company_id = $company_id");
   }
 }
 else{
-  $insert_sql = FALSE;
+  $insert_id = FALSE;
 }
 
 // Output

api/v1/contacts/create.php

@@ -0,0 +1,41 @@
+<?php
+require('../validate_api_key.php');
+
+if($_SERVER['REQUEST_METHOD'] !== "POST"){
+  header("HTTP/1.1 405 Method Not Allowed");
+  $return_arr['success'] = "False";
+  $return_arr['message'] = "Can only send POST requests to this endpoint.";
+  echo json_encode($return_arr);
+  exit();
+}
+
+// Parse Info
+$client_id = intval($_POST['client_id']);
+$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_name'])));
+$title = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_title'])));
+$department = intval($_POST['contact_department']);
+$phone = preg_replace("/[^0-9]/", '',$_POST['contact_phone']);
+$extension = preg_replace("/[^0-9]/", '',$_POST['contact_extension']);
+$mobile = preg_replace("/[^0-9]/", '',$_POST['contact_mobile']);
+$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_email'])));
+$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_notes'])));
+$auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_auth_method'])));
+$location_id = intval($_POST['location']);
+
+if(!empty($name)){
+  // Insert contact
+  $insert_sql = mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_created_at = NOW(), contact_department_id = $department, contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id");
+  if($insert_sql){
+    $insert_id = $mysqli->insert_id;
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), company_id = $company_id");
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), company_id = $company_id");
+  }
+}
+else{
+  $insert_id = FALSE;
+}
+
+// Output
+include('../create_output.php');

api/v1/create_output.php

@@ -7,27 +7,19 @@
  */
 
 // Check if the insert query was successful
-if($insert_sql){
+if(isset($insert_id) && is_numeric($insert_id)){
-  $insert_id = $mysqli->insert_id;
+  // Insert successful
-  if(isset($insert_id) && is_numeric($insert_id)){
+  $return_arr['success'] = "True";
-    // Insert successful
+  $return_arr['count'] = '1';
-    $return_arr['success'] = "True";
+  $return_arr['data'][] = [
-    $return_arr['count'] = '1';
+    'insert_id' => $insert_id
-    $return_arr['data'][] = [
+  ];
-      'insert_id' => $insert_id
-    ];
-  }
-  // We shouldn't get here
-  else{
-    $return_arr['success'] = "False";
-    $return_arr['message'] = "Auth success but insert failed, possibly database connection. Seek support if this error continues.";
-  }
 }
 
 // Query returned false, something went wrong or it was declined due to required variables missing
 else{
   $return_arr['success'] = "False";
-  $return_arr['message'] = "Auth success but insert query failed, ensure required variables are provided and database schema is up-to-date.";
+  $return_arr['message'] = "Auth success but insert query failed, ensure ALL required variables are provided and database schema is up-to-date. Turn on error logging and look for 'undefined index'";
 }
 
 echo json_encode($return_arr);

api/v1/validate_api_key.php

@@ -33,9 +33,9 @@ $return_arr = array();
  *
  * Data returned as json encoded $return_arr:-
      * Success - True/False
-     * Message - Brief into about a request / failure info
+     * Message - Brief info about a request / failure
      * Count - Count of rows affected/returned
-     * Data - Data from GET requests
+     * Data - Requested data
  *
  */
 
@@ -83,9 +83,10 @@ if(isset($api_key)){
   // Success
   else{
 
-    // Set company ID
+    // Set company ID & key name
     $row = mysqli_fetch_array($sql);
     $company_id = $row['company_id'];
+    $api_key_name = $row['api_key_name'];
 
     // Set limit & offset for queries
     if(isset($_GET['limit'])){