Add clients/read.php API endpoint.

Adjust asset create/update so that they function without all attributes being provided. Update will default to using the value currently in the database, rather than overwriting blank.

api/v1/assets/asset_model.php

@@ -1,27 +0,0 @@
-<?php
-$type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_type'])));
-$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_name'])));
-$make = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_make'])));
-$model = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_model'])));
-$serial = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_serial'])));
-$os = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_os'])));
-$asset_ip = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_ip'])));
-$mac = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_mac'])));
-$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_purchase_date'])));
-if(empty($purchase_date)){
-  $purchase_date = "0000-00-00";
-}
-$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_warranty_expire'])));
-if(empty($warranty_expire)){
-  $warranty_expire = "0000-00-00";
-}
-$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_install_date'])));
-if(empty($install_date)){
-  $install_date = "0000-00-00";
-}
-$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_notes'])));
-$meshcentral_id = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_meshcentral_id'])));
-$vendor = intval($_POST['asset_vendor_id']);
-$location = intval($_POST['asset_location_id']);
-$contact = intval($_POST['asset_contact_id']);
-$network = intval($_POST['asset_network_id']);

api/v1/assets/create.php

@@ -4,14 +4,101 @@ require('../validate_api_key.php');
 require('../require_post_method.php');
 
 // Parse info
-require('asset_model.php');
+
+// Variable assignment - assigning blank if a value is not provided
+if(isset($_POST['asset_name'])){
+  $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_name'])));
+} else{
+  $name = '';
+}
+if(isset($_POST['asset_type'])){
+  $type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_type'])));
+} else{
+  $type = '';
+}
+if(isset($_POST['asset_make'])){
+  $make = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_make'])));
+} else{
+  $make = '';
+}
+if(isset($_POST['asset_model'])){
+  $model = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_model'])));
+} else{
+  $model = '';
+}
+if(isset($_POST['asset_serial'])){
+  $serial = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_serial'])));
+} else{
+  $serial = '';
+}
+if(isset($_POST['asset_os'])){
+  $os = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_os'])));
+} else{
+  $os = '';
+}
+if(isset($_POST['asset_ip'])){
+  $aip = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_ip'])));
+} else{
+  $aip = '';
+}
+if(isset($_POST['asset_mac'])){
+  $mac = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_mac'])));
+} else{
+  $mac = '';
+}
+if(isset($_POST['asset_purchase_date'])){
+  $purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_purchase_date'])));
+} else{
+  $purchase_date = "0000-00-00";
+}
+if(isset($_POST['asset_warranty_expire'])){
+  $warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_warranty_expire'])));
+} else{
+  $warranty_expire = "0000-00-00";
+}
+if(isset($_POST['asset_install_date'])){
+  $install_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_install_date'])));
+} else{
+  $install_date = "0000-00-00";
+}
+if(isset($_POST['asset_notes'])){
+  $notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_notes'])));
+} else{
+  $notes = '';
+}
+if(isset($_POST['asset_meshcentral_id'])){
+  $meshcentral_id = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_meshcentral_id'])));
+} else{
+  $meshcentral_id = '';
+}
+if(isset($_POST['asset_vendor_id'])){
+  $vendor = intval($_POST['asset_vendor_id']);
+} else{
+  $vendor = '0';
+}
+if(isset($_POST['asset_location_id'])){
+  $location = intval($_POST['asset_location_id']);
+} else{
+  $location = '0';
+}
+if(isset($_POST['asset_contact_id'])){
+  $contact = intval($_POST['asset_contact_id']);
+} else{
+  $contact = '0';
+}
+if(isset($_POST['asset_network_id'])){
+  $network = intval($_POST['asset_network_id']);
+} else{
+  $network = '0';
+}
 
 // Default
 $insert_id = FALSE;
 
 if(!empty($name) && !empty($client_id)){
   // Insert into Database
-  $insert_sql = mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$asset_ip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
+  $insert_sql = mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
+
   if($insert_sql){
     $insert_id = mysqli_insert_id($mysqli);
 

api/v1/assets/update.php

@@ -0,0 +1,121 @@
+<?php
+require('../validate_api_key.php');
+
+require('../require_post_method.php');
+
+// Parse ID
+$asset_id = intval($_POST['asset_id']);
+
+// Default
+$update_id = FALSE;
+
+if(!empty($asset_id)){
+
+  $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$asset_id' AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
+
+  // Variable assignment - assigning the current database value if a value is not provided
+  if(isset($_POST['asset_name'])){
+    $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_name'])));
+  } else{
+    $name = $row['asset_name'];
+  }
+  if(isset($_POST['asset_type'])){
+    $type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_type'])));
+  } else{
+    $type = $row['asset_type'];
+  }
+  if(isset($_POST['asset_make'])){
+    $make = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_make'])));
+  } else{
+    $make = $row['asset_make'];
+  }
+  if(isset($_POST['asset_model'])){
+    $model = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_model'])));
+  } else{
+    $model = $row['asset_model'];
+  }
+  if(isset($_POST['asset_serial'])){
+    $serial = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_serial'])));
+  } else{
+    $serial = $row['asset_serial'];
+  }
+  if(isset($_POST['asset_os'])){
+    $os = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_os'])));
+  } else{
+    $os = $row['asset_os'];
+  }
+  if(isset($_POST['asset_os'])){
+    $os = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_os'])));
+  } else{
+    $os = $row['asset_os'];
+  }
+  if(isset($_POST['asset_ip'])){
+    $aip = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_ip'])));
+  } else{
+    $aip = $row['asset_ip'];
+  }
+  if(isset($_POST['asset_mac'])){
+    $mac = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_mac'])));
+  } else{
+    $mac = $row['asset_mac'];
+  }
+  if(isset($_POST['asset_purchase_date'])){
+    $purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_purchase_date'])));
+  } else{
+    $purchase_date = $row['asset_purchase_date'];
+  }
+  if(isset($_POST['asset_warranty_expire'])){
+    $warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_warranty_expire'])));
+  } else{
+    $warranty_expire = $row['asset_warranty_expire'];
+  }
+  if(isset($_POST['asset_install_date'])){
+    $install_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_install_date'])));
+  } else{
+    $install_date = $row['asset_install_date'];
+  }
+  if(isset($_POST['asset_notes'])){
+    $notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_notes'])));
+  } else{
+    $notes = $row['asset_notes'];
+  }
+  if(isset($_POST['asset_meshcentral_id'])){
+    $meshcentral_id = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_meshcentral_id'])));
+  } else{
+    $meshcentral_id = $row['asset_meshcentral_id'];
+  }
+  if(isset($_POST['asset_vendor_id'])){
+    $vendor = intval($_POST['asset_vendor_id']);
+  } else{
+    $vendor = $row['asset_vendor_id'];
+  }
+  if(isset($_POST['asset_location_id'])){
+    $location = intval($_POST['asset_location_id']);
+  } else{
+    $location = $row['asset_location_id'];
+  }
+  if(isset($_POST['asset_contact_id'])){
+    $contact = intval($_POST['asset_contact_id']);
+  } else{
+    $contact = $row['asset_contact_id'];
+  }
+  if(isset($_POST['asset_network_id'])){
+    $network = intval($_POST['asset_network_id']);
+  } else{
+    $network = $row['asset_network_id'];
+  }
+
+  $update_sql = mysqli_query($mysqli,"UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_updated_at = NOW(), asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
+
+  // Check insert & get insert ID
+  if($update_sql){
+    $update_id = mysqli_affected_rows($mysqli);
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated asset $name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
+  }
+}
+
+// Output
+include('../update_output.php');

api/v1/clients/read.php

@@ -0,0 +1,24 @@
+<?php
+require('../validate_api_key.php');
+
+require('../require_get_method.php');
+
+// Specific client via ID (single)
+if(isset($_GET['client_id'])){
+  $id = intval($_GET['client_id']);
+  $sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = '$id' AND client_id LIKE '$client_id' AND company_id = '$company_id'");
+}
+
+// Specific client via name (single)
+elseif(isset($_GET['client_name'])){
+  $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['client_name'])));
+  $sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_name = '$name' AND client_id LIKE '$client_id' AND company_id = '$company_id'");
+}
+
+// All clients
+else{
+  $sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY client_id LIMIT $limit OFFSET $offset");
+}
+
+// Output
+include("../read_output.php");

api/v1/update_output.php

@@ -16,7 +16,7 @@ if(isset($update_id) && is_numeric($update_id) && $update_id > 0){
 // Query returned false: something went wrong, or it was declined due to required variables missing
 else{
   $return_arr['success'] = "False";
-  $return_arr['message'] = "Auth success but update query failed/returned no results. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: non-existent module (contact/ticket/etc) id";
+  $return_arr['message'] = "Auth success but update query failed/returned no results. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: non-existent module ID (contact ID/ticket ID/etc)";
 }
 
 echo json_encode($return_arr);