API - Add client create endpoint

api/v1/clients/client_model.php

@@ -0,0 +1,83 @@
+<?php
+
+// Variable assignment from POST (or: blank/from DB is updating)
+
+if (isset($_POST['client_name'])) {
+    $name = sanitizeInput($_POST['client_name']);
+} elseif ($client_row) {
+    $name = $client_row['client_name'];
+} else {
+    $name = '';
+}
+
+if (isset($_POST['client_type'])) {
+    $type = sanitizeInput($_POST['client_type']);
+} elseif ($client_row) {
+    $type = $client_row['client_type'];
+} else {
+    $type = '';
+}
+
+if (isset($_POST['client_website'])) {
+    $website = preg_replace("(^https?://)", "", sanitizeInput($_POST['client_website']));
+} elseif ($client_row) {
+    $website = $client_row['client_website'];
+} else {
+    $website = '';
+}
+
+if (isset($_POST['client_referral'])) {
+    $referral = sanitizeInput($_POST['client_referral']);
+} elseif ($client_row) {
+    $referral = $client_row['client_referral'];
+} else {
+    $referral = '';
+}
+
+if (isset($_POST['client_rate'])) {
+    $rate = floatval($_POST['client_rate']);
+} elseif ($client_row) {
+    $rate = $client_row['client_rate'];
+} else {
+    $rate = '';
+}
+
+if (isset($_POST['client_currency_code'])) {
+    $currency_code = sanitizeInput($_POST['client_currency_code']);
+} elseif ($client_row) {
+    $currency_code = $client_row['client_currency_code'];
+} else {
+    $currency_code = '';
+}
+
+if (isset($_POST['client_net_terms'])) {
+    $net_terms = intval($_POST['client_net_terms']);
+} elseif ($client_row) {
+    $net_terms = $client_row['client_net_terms'];
+} else {
+    $net_terms = '';
+}
+
+if (isset($_POST['client_tax_id_number'])) {
+    $tax_id_number = sanitizeInput($_POST['client_tax_id_number']);
+} elseif ($client_row) {
+    $tax_id_number = $client_row['client_tax_id_number'];
+} else {
+    $tax_id_number = '';
+}
+
+if (isset($_POST['client_is_lead'])) {
+    $lead = intval($_POST['client_is_lead']);
+} elseif ($client_row) {
+    $lead = $client_row['client_is_lead'];
+} else {
+    $lead = 0; // Default: Not a lead
+}
+
+if (isset($_POST['client_notes'])) {
+    $notes = sanitizeInput($_POST['client_notes']);
+} elseif ($client_row) {
+    $notes = $client_row['client_notes'];
+} else {
+    $notes = '';
+}

api/v1/clients/create.php

@@ -0,0 +1,31 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse Info
+require_once 'client_model.php';
+
+
+// Default
+$insert_id = false;
+
+// To add a client, we just need a name and an "ANY CLIENT" API key
+if (!empty($name) && $client_id == 0) {
+
+    // Insert client
+    $insert_sql = mysqli_query($mysqli, "INSERT INTO clients SET client_name = '$name', client_type = '$type', client_website = '$website', client_referral = '$referral', client_rate = $rate, client_currency_code = '$currency_code', client_net_terms = $net_terms, client_tax_id_number = '$tax_id_number', client_lead = $lead, client_notes = '$notes', client_accessed_at = NOW()");
+
+    // Check insert & get insert ID
+    if ($insert_sql) {
+        $insert_id = mysqli_insert_id($mysqli);
+        //Logging
+        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $insert_id");
+        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created client $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $insert_id");
+    }
+
+}
+
+// Output
+require_once '../create_output.php';

api/v1/require_post_method.php

@@ -9,6 +9,6 @@ if ($_SERVER['REQUEST_METHOD'] !== "POST") {
 
 // Client ID must be specific for INSERT/UPDATE/DELETE queries
 // If this API key allows any client, set $client_id to the one specified, else leave it
-if ($client_id == 0) {
+if ($client_id == 0 && isset($_POST['client_id'])) {
     $client_id = intval($_POST['client_id']);
 }