AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-04-18 02:25:40 +00:00
Code Issues Packages Projects Releases Wiki Activity

Revert "API: Add some missing end points"

Browse Source 
This reverts commit c4ba2bc326.
This commit is contained in:
johnnyq
2026-04-16 15:16:08 -04:00
parent 4e862053e8
commit 319ccbad01
41 changed files with 0 additions and 1427 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
api/v1/certificates/delete.php
View File

@@ -1,28 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse ID
$certificate_id = intval($_POST['certificate_id']);
// Default
$delete_count = false;
if (!empty($certificate_id)) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = $certificate_id AND certificate_client_id = $client_id LIMIT 1"));
$certificate_name = $row['certificate_name'];
$delete_sql = mysqli_query($mysqli, "DELETE FROM certificates WHERE certificate_id = $certificate_id AND certificate_client_id = $client_id LIMIT 1");
if ($delete_sql && !empty($certificate_name)) {
$delete_count = mysqli_affected_rows($mysqli);
// Logging
logAction("Certificate", "Delete", "$certificate_name via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../delete_output.php';

32
api/v1/certificates/update.php
View File

@@ -1,32 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse ID
$certificate_id = intval($_POST['certificate_id']);
// Default
$update_count = false;
if (!empty($certificate_id)) {
$certificate_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = '$certificate_id' AND certificate_client_id = $client_id LIMIT 1"));
// Variable assignment from POST - assigning the current database value if a value is not provided
require_once 'certificate_model.php';
$update_sql = mysqli_query($mysqli, "UPDATE certificates SET certificate_name = '$name', certificate_description = '$description', certificate_domain = '$domain', certificate_issued_by = '$issued_by', certificate_expire = '$expire', certificate_public_key = '$public_key', certificate_notes = '$notes', certificate_domain_id = $domain_id WHERE certificate_id = $certificate_id AND certificate_client_id = $client_id LIMIT 1");
if ($update_sql) {
$update_count = mysqli_affected_rows($mysqli);
// Logging
logAction("Certificate", "Edit", "$name via API ($api_key_name)", $client_id);
logAction("API", "Success", "Edited certificate $name via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../update_output.php';

29
api/v1/clients/delete.php
View File

@@ -1,29 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse ID
$delete_client_id = intval($_POST['client_id']);
// Default
$delete_count = false;
// Require All Clients scope to delete clients
if (!empty($delete_client_id) && $client_id == 0) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = $delete_client_id LIMIT 1"));
$client_name = $row['client_name'];
$delete_sql = mysqli_query($mysqli, "DELETE FROM clients WHERE client_id = $delete_client_id LIMIT 1");
if ($delete_sql && !empty($client_name)) {
$delete_count = mysqli_affected_rows($mysqli);
// Logging
logAction("Client", "Delete", "$client_name via API ($api_key_name)", $delete_client_id);
}
}
// Output
require_once '../delete_output.php';

28
api/v1/credentials/delete.php
View File

@@ -1,28 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse ID
$credential_id = intval($_POST['credential_id']);
// Default
$delete_count = false;
if (!empty($credential_id)) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_id = $credential_id AND credential_client_id = $client_id LIMIT 1"));
$credential_name = $row['credential_name'];
$delete_sql = mysqli_query($mysqli, "DELETE FROM credentials WHERE credential_id = $credential_id AND credential_client_id = $client_id LIMIT 1");
if ($delete_sql && !empty($credential_name)) {
$delete_count = mysqli_affected_rows($mysqli);
// Logging
logAction("Credential", "Delete", "$credential_name via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../delete_output.php';

28
api/v1/documents/delete.php
View File

@@ -1,28 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse ID
$document_id = intval($_POST['document_id']);
// Default
$delete_count = false;
if (!empty($document_id)) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = $document_id AND document_client_id = $client_id LIMIT 1"));
$document_name = $row['document_name'];
$delete_sql = mysqli_query($mysqli, "DELETE FROM documents WHERE document_id = $document_id AND document_client_id = $client_id LIMIT 1");
if ($delete_sql && !empty($document_name)) {
$delete_count = mysqli_affected_rows($mysqli);
// Logging
logAction("Document", "Delete", "$document_name via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../delete_output.php';

28
api/v1/domains/create.php
View File

@@ -1,28 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse Info
$domain_row = false; // Creation, not an update
require_once 'domain_model.php';
// Default
$insert_id = false;
if (!empty($name)) {
$insert_sql = mysqli_query($mysqli, "INSERT INTO domains SET domain_name = '$name', domain_description = '$description', domain_registrar = '$registrar', domain_expire = '$expire', domain_notes = '$notes', domain_vendor_id = $vendor_id, domain_client_id = $client_id");
if ($insert_sql) {
$insert_id = mysqli_insert_id($mysqli);
// Logging
logAction("Domain", "Create", "Created domain $name via API ($api_key_name)", $client_id, $insert_id);
logAction("API", "Success", "Created domain $name via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../create_output.php';

28
api/v1/domains/delete.php
View File

@@ -1,28 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse ID
$domain_id = intval($_POST['domain_id']);
// Default
$delete_count = false;
if (!empty($domain_id)) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = $domain_id AND domain_client_id = $client_id LIMIT 1"));
$domain_name = $row['domain_name'];
$delete_sql = mysqli_query($mysqli, "DELETE FROM domains WHERE domain_id = $domain_id AND domain_client_id = $client_id LIMIT 1");
if ($delete_sql && !empty($domain_name)) {
$delete_count = mysqli_affected_rows($mysqli);
// Logging
logAction("Domain", "Delete", "$domain_name via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../delete_output.php';

51
api/v1/domains/domain_model.php
View File

@@ -1,51 +0,0 @@
<?php
// Variable assignment from POST (or: blank/from DB is updating)
if (isset($_POST['domain_name'])) {
$name = sanitizeInput($_POST['domain_name']);
} elseif ($domain_row) {
$name = mysqli_real_escape_string($mysqli, $domain_row['domain_name']);
} else {
$name = '';
}
if (isset($_POST['domain_description'])) {
$description = sanitizeInput($_POST['domain_description']);
} elseif ($domain_row) {
$description = mysqli_real_escape_string($mysqli, $domain_row['domain_description']);
} else {
$description = '';
}
if (isset($_POST['domain_registrar'])) {
$registrar = sanitizeInput($_POST['domain_registrar']);
} elseif ($domain_row) {
$registrar = mysqli_real_escape_string($mysqli, $domain_row['domain_registrar']);
} else {
$registrar = '';
}
if (isset($_POST['domain_expire'])) {
$expire = sanitizeInput($_POST['domain_expire']);
} elseif ($domain_row) {
$expire = $domain_row['domain_expire'];
} else {
$expire = 'NULL';
}
if (isset($_POST['domain_notes'])) {
$notes = sanitizeInput($_POST['domain_notes']);
} elseif ($domain_row) {
$notes = mysqli_real_escape_string($mysqli, $domain_row['domain_notes']);
} else {
$notes = '';
}
if (isset($_POST['domain_vendor_id'])) {
$vendor_id = intval($_POST['domain_vendor_id']);
} elseif ($domain_row) {
$vendor_id = $domain_row['domain_vendor_id'];
} else {
$vendor_id = 0;
}

31
api/v1/domains/update.php
View File

@@ -1,31 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse ID
$domain_id = intval($_POST['domain_id']);
// Default
$update_count = false;
if (!empty($domain_id)) {
$domain_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = '$domain_id' AND domain_client_id = $client_id LIMIT 1"));
require_once 'domain_model.php';
$update_sql = mysqli_query($mysqli, "UPDATE domains SET domain_name = '$name', domain_description = '$description', domain_registrar = '$registrar', domain_expire = '$expire', domain_notes = '$notes', domain_vendor_id = $vendor_id WHERE domain_id = $domain_id AND domain_client_id = $client_id LIMIT 1");
if ($update_sql) {
$update_count = mysqli_affected_rows($mysqli);
// Logging
logAction("Domain", "Edit", "$name via API ($api_key_name)", $client_id);
logAction("API", "Success", "Edited domain $name via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../update_output.php';

30
api/v1/expenses/create.php
View File

@@ -1,30 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Expenses require All Clients scope
$insert_id = false;
if ($client_id == 0) {
$expense_row = false; // Creation, not an update
require_once 'expense_model.php';
if (!empty($description)) {
$insert_sql = mysqli_query($mysqli, "INSERT INTO expenses SET expense_description = '$description', expense_amount = $amount, expense_date = '$date', expense_tax = $tax, expense_notes = '$notes', expense_vendor_id = $vendor_id, expense_category_id = $category_id");
if ($insert_sql) {
$insert_id = mysqli_insert_id($mysqli);
// Logging
logAction("Expense", "Create", "Created expense $description via API ($api_key_name)", 0, $insert_id);
logAction("API", "Success", "Created expense $description via API ($api_key_name)", 0);
}
}
}
// Output
require_once '../create_output.php';

29
api/v1/expenses/delete.php
View File

@@ -1,29 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse ID
$expense_id = intval($_POST['expense_id']);
// Default
$delete_count = false;
// Expenses require All Clients scope
if (!empty($expense_id) && $client_id == 0) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM expenses WHERE expense_id = $expense_id LIMIT 1"));
$expense_description = $row['expense_description'];
$delete_sql = mysqli_query($mysqli, "DELETE FROM expenses WHERE expense_id = $expense_id LIMIT 1");
if ($delete_sql && !empty($expense_description)) {
$delete_count = mysqli_affected_rows($mysqli);
// Logging
logAction("Expense", "Delete", "$expense_description via API ($api_key_name)", 0);
}
}
// Output
require_once '../delete_output.php';

60
api/v1/expenses/expense_model.php
View File

@@ -1,60 +0,0 @@
<?php
// Variable assignment from POST (or: blank/from DB is updating)
// Note: expenses are not scoped to a client_id
if (isset($_POST['expense_description'])) {
$description = sanitizeInput($_POST['expense_description']);
} elseif ($expense_row) {
$description = mysqli_real_escape_string($mysqli, $expense_row['expense_description']);
} else {
$description = '';
}
if (isset($_POST['expense_amount'])) {
$amount = floatval($_POST['expense_amount']);
} elseif ($expense_row) {
$amount = $expense_row['expense_amount'];
} else {
$amount = 0;
}
if (isset($_POST['expense_date'])) {
$date = sanitizeInput($_POST['expense_date']);
} elseif ($expense_row) {
$date = $expense_row['expense_date'];
} else {
$date = date('Y-m-d');
}
if (isset($_POST['expense_tax'])) {
$tax = floatval($_POST['expense_tax']);
} elseif ($expense_row) {
$tax = $expense_row['expense_tax'];
} else {
$tax = 0;
}
if (isset($_POST['expense_notes'])) {
$notes = sanitizeInput($_POST['expense_notes']);
} elseif ($expense_row) {
$notes = mysqli_real_escape_string($mysqli, $expense_row['expense_notes']);
} else {
$notes = '';
}
if (isset($_POST['expense_vendor_id'])) {
$vendor_id = intval($_POST['expense_vendor_id']);
} elseif ($expense_row) {
$vendor_id = $expense_row['expense_vendor_id'];
} else {
$vendor_id = 0;
}
if (isset($_POST['expense_category_id'])) {
$category_id = intval($_POST['expense_category_id']);
} elseif ($expense_row) {
$category_id = $expense_row['expense_category_id'];
} else {
$category_id = 0;
}

32
api/v1/expenses/update.php
View File

@@ -1,32 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse ID
$expense_id = intval($_POST['expense_id']);
// Default
$update_count = false;
// Expenses require All Clients scope
if (!empty($expense_id) && $client_id == 0) {
$expense_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM expenses WHERE expense_id = '$expense_id' LIMIT 1"));
require_once 'expense_model.php';
$update_sql = mysqli_query($mysqli, "UPDATE expenses SET expense_description = '$description', expense_amount = $amount, expense_date = '$date', expense_tax = $tax, expense_notes = '$notes', expense_vendor_id = $vendor_id, expense_category_id = $category_id WHERE expense_id = $expense_id LIMIT 1");
if ($update_sql) {
$update_count = mysqli_affected_rows($mysqli);
// Logging
logAction("Expense", "Edit", "$description via API ($api_key_name)", 0);
logAction("API", "Success", "Edited expense $description via API ($api_key_name)", 0);
}
}
// Output
require_once '../update_output.php';

28
api/v1/invoices/create.php
View File

@@ -1,28 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
$invoice_row = false; // Creation, not an update
require_once 'invoice_model.php';
// Default
$insert_id = false;
// client_id is required for invoices
if (!empty($client_id)) {
$insert_sql = mysqli_query($mysqli, "INSERT INTO invoices SET invoice_date = '$date', invoice_due_date = '$due_date', invoice_notes = '$notes', invoice_footer = '$footer', invoice_currency_code = '$currency_code', invoice_client_id = $client_id, invoice_status = 'Draft'");
if ($insert_sql) {
$insert_id = mysqli_insert_id($mysqli);
// Logging
logAction("Invoice", "Create", "Created invoice via API ($api_key_name)", $client_id, $insert_id);
logAction("API", "Success", "Created invoice via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../create_output.php';

31
api/v1/invoices/delete.php
View File

@@ -1,31 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse ID
$invoice_id = intval($_POST['invoice_id']);
// Default
$delete_count = false;
if (!empty($invoice_id)) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_id = $invoice_id AND invoice_client_id LIKE '$client_id' LIMIT 1"));
$invoice_exists = $row['invoice_id'];
$delete_sql = mysqli_query($mysqli, "DELETE FROM invoices WHERE invoice_id = $invoice_id AND invoice_client_id LIKE '$client_id' LIMIT 1");
if ($delete_sql && !empty($invoice_exists)) {
$delete_count = mysqli_affected_rows($mysqli);
// Also delete invoice items
mysqli_query($mysqli, "DELETE FROM invoice_items WHERE invoice_item_invoice_id = $invoice_id");
// Logging
logAction("Invoice", "Delete", "Invoice $invoice_id via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../delete_output.php';

43
api/v1/invoices/invoice_model.php
View File

@@ -1,43 +0,0 @@
<?php
// Variable assignment from POST (or: blank/from DB is updating)
if (isset($_POST['invoice_date'])) {
$date = sanitizeInput($_POST['invoice_date']);
} elseif ($invoice_row) {
$date = $invoice_row['invoice_date'];
} else {
$date = date('Y-m-d');
}
if (isset($_POST['invoice_due_date'])) {
$due_date = sanitizeInput($_POST['invoice_due_date']);
} elseif ($invoice_row) {
$due_date = $invoice_row['invoice_due_date'];
} else {
$due_date = date('Y-m-d');
}
if (isset($_POST['invoice_notes'])) {
$notes = sanitizeInput($_POST['invoice_notes']);
} elseif ($invoice_row) {
$notes = mysqli_real_escape_string($mysqli, $invoice_row['invoice_notes']);
} else {
$notes = '';
}
if (isset($_POST['invoice_footer'])) {
$footer = sanitizeInput($_POST['invoice_footer']);
} elseif ($invoice_row) {
$footer = mysqli_real_escape_string($mysqli, $invoice_row['invoice_footer']);
} else {
$footer = '';
}
if (isset($_POST['invoice_currency_code'])) {
$currency_code = sanitizeInput($_POST['invoice_currency_code']);
} elseif ($invoice_row) {
$currency_code = mysqli_real_escape_string($mysqli, $invoice_row['invoice_currency_code']);
} else {
$currency_code = '';
}

31
api/v1/invoices/update.php
View File

@@ -1,31 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse ID
$invoice_id = intval($_POST['invoice_id']);
// Default
$update_count = false;
if (!empty($invoice_id)) {
$invoice_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_id = '$invoice_id' AND invoice_client_id LIKE '$client_id' LIMIT 1"));
require_once 'invoice_model.php';
$update_sql = mysqli_query($mysqli, "UPDATE invoices SET invoice_date = '$date', invoice_due_date = '$due_date', invoice_notes = '$notes', invoice_footer = '$footer', invoice_currency_code = '$currency_code' WHERE invoice_id = $invoice_id AND invoice_client_id LIKE '$client_id' LIMIT 1");
if ($update_sql) {
$update_count = mysqli_affected_rows($mysqli);
// Logging
logAction("Invoice", "Edit", "Invoice $invoice_id via API ($api_key_name)", $client_id);
logAction("API", "Success", "Edited invoice $invoice_id via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../update_output.php';

28
api/v1/locations/delete.php
View File

@@ -1,28 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse ID
$location_id = intval($_POST['location_id']);
// Default
$delete_count = false;
if (!empty($location_id)) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM locations WHERE location_id = $location_id AND location_client_id = $client_id LIMIT 1"));
$location_name = $row['location_name'];
$delete_sql = mysqli_query($mysqli, "DELETE FROM locations WHERE location_id = $location_id AND location_client_id = $client_id LIMIT 1");
if ($delete_sql && !empty($location_name)) {
$delete_count = mysqli_affected_rows($mysqli);
// Logging
logAction("Location", "Delete", "$location_name via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../delete_output.php';

31
api/v1/locations/update.php
View File

@@ -1,31 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse ID
$location_id = intval($_POST['location_id']);
// Default
$update_count = false;
if (!empty($location_id)) {
$location_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM locations WHERE location_id = '$location_id' AND location_client_id = $client_id LIMIT 1"));
require_once 'location_model.php';
$update_sql = mysqli_query($mysqli, "UPDATE locations SET location_name = '$name', location_description = '$description', location_country = '$country', location_address = '$address', location_city = '$city', location_state = '$state', location_zip = '$zip', location_hours = '$hours', location_notes = '$notes', location_primary = $primary WHERE location_id = $location_id AND location_client_id = $client_id LIMIT 1");
if ($update_sql) {
$update_count = mysqli_affected_rows($mysqli);
// Logging
logAction("Location", "Edit", "$name via API ($api_key_name)", $client_id);
logAction("API", "Success", "Edited location $name via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../update_output.php';

27
api/v1/networks/create.php
View File

@@ -1,27 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
$network_row = false; // Creation, not an update
require_once 'network_model.php';
// Default
$insert_id = false;
if (!empty($name)) {
$insert_sql = mysqli_query($mysqli, "INSERT INTO networks SET network_name = '$name', network_description = '$description', network_address = '$address', network_dns = '$dns', network_gateway = '$gateway', network_vlan = '$vlan', network_notes = '$notes', network_location_id = $location_id, network_client_id = $client_id");
if ($insert_sql) {
$insert_id = mysqli_insert_id($mysqli);
// Logging
logAction("Network", "Create", "Created network $name via API ($api_key_name)", $client_id, $insert_id);
logAction("API", "Success", "Created network $name via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../create_output.php';

28
api/v1/networks/delete.php
View File

@@ -1,28 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse ID
$network_id = intval($_POST['network_id']);
// Default
$delete_count = false;
if (!empty($network_id)) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = $network_id AND network_client_id = $client_id LIMIT 1"));
$network_name = $row['network_name'];
$delete_sql = mysqli_query($mysqli, "DELETE FROM networks WHERE network_id = $network_id AND network_client_id = $client_id LIMIT 1");
if ($delete_sql && !empty($network_name)) {
$delete_count = mysqli_affected_rows($mysqli);
// Logging
logAction("Network", "Delete", "$network_name via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../delete_output.php';

67
api/v1/networks/network_model.php
View File

@@ -1,67 +0,0 @@
<?php
// Variable assignment from POST (or: blank/from DB is updating)
if (isset($_POST['network_name'])) {
$name = sanitizeInput($_POST['network_name']);
} elseif ($network_row) {
$name = mysqli_real_escape_string($mysqli, $network_row['network_name']);
} else {
$name = '';
}
if (isset($_POST['network_description'])) {
$description = sanitizeInput($_POST['network_description']);
} elseif ($network_row) {
$description = mysqli_real_escape_string($mysqli, $network_row['network_description']);
} else {
$description = '';
}
if (isset($_POST['network_address'])) {
$address = sanitizeInput($_POST['network_address']);
} elseif ($network_row) {
$address = mysqli_real_escape_string($mysqli, $network_row['network_address']);
} else {
$address = '';
}
if (isset($_POST['network_dns'])) {
$dns = sanitizeInput($_POST['network_dns']);
} elseif ($network_row) {
$dns = mysqli_real_escape_string($mysqli, $network_row['network_dns']);
} else {
$dns = '';
}
if (isset($_POST['network_gateway'])) {
$gateway = sanitizeInput($_POST['network_gateway']);
} elseif ($network_row) {
$gateway = mysqli_real_escape_string($mysqli, $network_row['network_gateway']);
} else {
$gateway = '';
}
if (isset($_POST['network_vlan'])) {
$vlan = sanitizeInput($_POST['network_vlan']);
} elseif ($network_row) {
$vlan = mysqli_real_escape_string($mysqli, $network_row['network_vlan']);
} else {
$vlan = '';
}
if (isset($_POST['network_notes'])) {
$notes = sanitizeInput($_POST['network_notes']);
} elseif ($network_row) {
$notes = mysqli_real_escape_string($mysqli, $network_row['network_notes']);
} else {
$notes = '';
}
if (isset($_POST['network_location_id'])) {
$location_id = intval($_POST['network_location_id']);
} elseif ($network_row) {
$location_id = $network_row['network_location_id'];
} else {
$location_id = 0;
}

31
api/v1/networks/update.php
View File

@@ -1,31 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse ID
$network_id = intval($_POST['network_id']);
// Default
$update_count = false;
if (!empty($network_id)) {
$network_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = '$network_id' AND network_client_id = $client_id LIMIT 1"));
require_once 'network_model.php';
$update_sql = mysqli_query($mysqli, "UPDATE networks SET network_name = '$name', network_description = '$description', network_address = '$address', network_dns = '$dns', network_gateway = '$gateway', network_vlan = '$vlan', network_notes = '$notes', network_location_id = $location_id WHERE network_id = $network_id AND network_client_id = $client_id LIMIT 1");
if ($update_sql) {
$update_count = mysqli_affected_rows($mysqli);
// Logging
logAction("Network", "Edit", "$name via API ($api_key_name)", $client_id);
logAction("API", "Success", "Edited network $name via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../update_output.php';

30
api/v1/products/create.php
View File

@@ -1,30 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Products require All Clients scope
$insert_id = false;
if ($client_id == 0) {
$product_row = false; // Creation, not an update
require_once 'product_model.php';
if (!empty($name)) {
$insert_sql = mysqli_query($mysqli, "INSERT INTO products SET product_name = '$name', product_description = '$description', product_price = $price, product_cost = $cost, product_taxable = $taxable, product_type = '$type', product_identifier = '$identifier', product_notes = '$notes'");
if ($insert_sql) {
$insert_id = mysqli_insert_id($mysqli);
// Logging
logAction("Product", "Create", "Created product $name via API ($api_key_name)", 0, $insert_id);
logAction("API", "Success", "Created product $name via API ($api_key_name)", 0);
}
}
}
// Output
require_once '../create_output.php';

29
api/v1/products/delete.php
View File

@@ -1,29 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse ID
$product_id = intval($_POST['product_id']);
// Default
$delete_count = false;
// Products require All Clients scope
if (!empty($product_id) && $client_id == 0) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM products WHERE product_id = $product_id LIMIT 1"));
$product_name = $row['product_name'];
$delete_sql = mysqli_query($mysqli, "DELETE FROM products WHERE product_id = $product_id LIMIT 1");
if ($delete_sql && !empty($product_name)) {
$delete_count = mysqli_affected_rows($mysqli);
// Logging
logAction("Product", "Delete", "$product_name via API ($api_key_name)", 0);
}
}
// Output
require_once '../delete_output.php';

68
api/v1/products/product_model.php
View File

@@ -1,68 +0,0 @@
<?php
// Variable assignment from POST (or: blank/from DB is updating)
// Note: products are not scoped to a client_id
if (isset($_POST['product_name'])) {
$name = sanitizeInput($_POST['product_name']);
} elseif ($product_row) {
$name = mysqli_real_escape_string($mysqli, $product_row['product_name']);
} else {
$name = '';
}
if (isset($_POST['product_description'])) {
$description = sanitizeInput($_POST['product_description']);
} elseif ($product_row) {
$description = mysqli_real_escape_string($mysqli, $product_row['product_description']);
} else {
$description = '';
}
if (isset($_POST['product_price'])) {
$price = floatval($_POST['product_price']);
} elseif ($product_row) {
$price = $product_row['product_price'];
} else {
$price = 0;
}
if (isset($_POST['product_cost'])) {
$cost = floatval($_POST['product_cost']);
} elseif ($product_row) {
$cost = $product_row['product_cost'];
} else {
$cost = 0;
}
if (isset($_POST['product_taxable'])) {
$taxable = intval($_POST['product_taxable']);
} elseif ($product_row) {
$taxable = $product_row['product_taxable'];
} else {
$taxable = 0;
}
if (isset($_POST['product_type'])) {
$type = sanitizeInput($_POST['product_type']);
} elseif ($product_row) {
$type = mysqli_real_escape_string($mysqli, $product_row['product_type']);
} else {
$type = '';
}
if (isset($_POST['product_identifier'])) {
$identifier = sanitizeInput($_POST['product_identifier']);
} elseif ($product_row) {
$identifier = mysqli_real_escape_string($mysqli, $product_row['product_identifier']);
} else {
$identifier = '';
}
if (isset($_POST['product_notes'])) {
$notes = sanitizeInput($_POST['product_notes']);
} elseif ($product_row) {
$notes = mysqli_real_escape_string($mysqli, $product_row['product_notes']);
} else {
$notes = '';
}

32
api/v1/products/update.php
View File

@@ -1,32 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse ID
$product_id = intval($_POST['product_id']);
// Default
$update_count = false;
// Products require All Clients scope
if (!empty($product_id) && $client_id == 0) {
$product_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM products WHERE product_id = '$product_id' LIMIT 1"));
require_once 'product_model.php';
$update_sql = mysqli_query($mysqli, "UPDATE products SET product_name = '$name', product_description = '$description', product_price = $price, product_cost = $cost, product_taxable = $taxable, product_type = '$type', product_identifier = '$identifier', product_notes = '$notes' WHERE product_id = $product_id LIMIT 1");
if ($update_sql) {
$update_count = mysqli_affected_rows($mysqli);
// Logging
logAction("Product", "Edit", "$name via API ($api_key_name)", 0);
logAction("API", "Success", "Edited product $name via API ($api_key_name)", 0);
}
}
// Output
require_once '../update_output.php';

27
api/v1/quotes/create.php
View File

@@ -1,27 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
$quote_row = false; // Creation, not an update
require_once 'quote_model.php';
// Default
$insert_id = false;
if (!empty($subject) && !empty($client_id)) {
$insert_sql = mysqli_query($mysqli, "INSERT INTO quotes SET quote_subject = '$subject', quote_date = '$date', quote_expire = '$expire', quote_notes = '$notes', quote_footer = '$footer', quote_currency_code = '$currency_code', quote_client_id = $client_id, quote_status = 'Draft'");
if ($insert_sql) {
$insert_id = mysqli_insert_id($mysqli);
// Logging
logAction("Quote", "Create", "Created quote $subject via API ($api_key_name)", $client_id, $insert_id);
logAction("API", "Success", "Created quote $subject via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../create_output.php';

31
api/v1/quotes/delete.php
View File

@@ -1,31 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse ID
$quote_id = intval($_POST['quote_id']);
// Default
$delete_count = false;
if (!empty($quote_id)) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id = $quote_id AND quote_client_id LIKE '$client_id' LIMIT 1"));
$quote_subject = $row['quote_subject'];
$delete_sql = mysqli_query($mysqli, "DELETE FROM quotes WHERE quote_id = $quote_id AND quote_client_id LIKE '$client_id' LIMIT 1");
if ($delete_sql && !empty($quote_subject)) {
$delete_count = mysqli_affected_rows($mysqli);
// Also delete quote items
mysqli_query($mysqli, "DELETE FROM quote_items WHERE quote_item_quote_id = $quote_id");
// Logging
logAction("Quote", "Delete", "$quote_subject via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../delete_output.php';

51
api/v1/quotes/quote_model.php
View File

@@ -1,51 +0,0 @@
<?php
// Variable assignment from POST (or: blank/from DB is updating)
if (isset($_POST['quote_subject'])) {
$subject = sanitizeInput($_POST['quote_subject']);
} elseif ($quote_row) {
$subject = mysqli_real_escape_string($mysqli, $quote_row['quote_subject']);
} else {
$subject = '';
}
if (isset($_POST['quote_date'])) {
$date = sanitizeInput($_POST['quote_date']);
} elseif ($quote_row) {
$date = $quote_row['quote_date'];
} else {
$date = date('Y-m-d');
}
if (isset($_POST['quote_expire'])) {
$expire = sanitizeInput($_POST['quote_expire']);
} elseif ($quote_row) {
$expire = $quote_row['quote_expire'];
} else {
$expire = date('Y-m-d', strtotime('+30 days'));
}
if (isset($_POST['quote_notes'])) {
$notes = sanitizeInput($_POST['quote_notes']);
} elseif ($quote_row) {
$notes = mysqli_real_escape_string($mysqli, $quote_row['quote_notes']);
} else {
$notes = '';
}
if (isset($_POST['quote_footer'])) {
$footer = sanitizeInput($_POST['quote_footer']);
} elseif ($quote_row) {
$footer = mysqli_real_escape_string($mysqli, $quote_row['quote_footer']);
} else {
$footer = '';
}
if (isset($_POST['quote_currency_code'])) {
$currency_code = sanitizeInput($_POST['quote_currency_code']);
} elseif ($quote_row) {
$currency_code = mysqli_real_escape_string($mysqli, $quote_row['quote_currency_code']);
} else {
$currency_code = '';
}

31
api/v1/quotes/update.php
View File

@@ -1,31 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse ID
$quote_id = intval($_POST['quote_id']);
// Default
$update_count = false;
if (!empty($quote_id)) {
$quote_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id = '$quote_id' AND quote_client_id LIKE '$client_id' LIMIT 1"));
require_once 'quote_model.php';
$update_sql = mysqli_query($mysqli, "UPDATE quotes SET quote_subject = '$subject', quote_date = '$date', quote_expire = '$expire', quote_notes = '$notes', quote_footer = '$footer', quote_currency_code = '$currency_code' WHERE quote_id = $quote_id AND quote_client_id LIKE '$client_id' LIMIT 1");
if ($update_sql) {
$update_count = mysqli_affected_rows($mysqli);
// Logging
logAction("Quote", "Edit", "$subject via API ($api_key_name)", $client_id);
logAction("API", "Success", "Edited quote $subject via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../update_output.php';

27
api/v1/software/create.php
View File

@@ -1,27 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
$software_row = false; // Creation, not an update
require_once 'software_model.php';
// Default
$insert_id = false;
if (!empty($name)) {
$insert_sql = mysqli_query($mysqli, "INSERT INTO software SET software_name = '$name', software_description = '$description', software_key = '$key', software_seats = $seats, software_version = '$version', software_expire = '$expire', software_notes = '$notes', software_type = $type, software_vendor_id = $vendor_id, software_client_id = $client_id");
if ($insert_sql) {
$insert_id = mysqli_insert_id($mysqli);
// Logging
logAction("Software", "Create", "Created software $name via API ($api_key_name)", $client_id, $insert_id);
logAction("API", "Success", "Created software $name via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../create_output.php';

28
api/v1/software/delete.php
View File

@@ -1,28 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse ID
$software_id = intval($_POST['software_id']);
// Default
$delete_count = false;
if (!empty($software_id)) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = $software_id AND software_client_id = $client_id LIMIT 1"));
$software_name = $row['software_name'];
$delete_sql = mysqli_query($mysqli, "DELETE FROM software WHERE software_id = $software_id AND software_client_id = $client_id LIMIT 1");
if ($delete_sql && !empty($software_name)) {
$delete_count = mysqli_affected_rows($mysqli);
// Logging
logAction("Software", "Delete", "$software_name via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../delete_output.php';

75
api/v1/software/software_model.php
View File

@@ -1,75 +0,0 @@
<?php
// Variable assignment from POST (or: blank/from DB is updating)
if (isset($_POST['software_name'])) {
$name = sanitizeInput($_POST['software_name']);
} elseif ($software_row) {
$name = mysqli_real_escape_string($mysqli, $software_row['software_name']);
} else {
$name = '';
}
if (isset($_POST['software_description'])) {
$description = sanitizeInput($_POST['software_description']);
} elseif ($software_row) {
$description = mysqli_real_escape_string($mysqli, $software_row['software_description']);
} else {
$description = '';
}
if (isset($_POST['software_key'])) {
$key = sanitizeInput($_POST['software_key']);
} elseif ($software_row) {
$key = mysqli_real_escape_string($mysqli, $software_row['software_key']);
} else {
$key = '';
}
if (isset($_POST['software_seats'])) {
$seats = intval($_POST['software_seats']);
} elseif ($software_row) {
$seats = $software_row['software_seats'];
} else {
$seats = 0;
}
if (isset($_POST['software_version'])) {
$version = sanitizeInput($_POST['software_version']);
} elseif ($software_row) {
$version = mysqli_real_escape_string($mysqli, $software_row['software_version']);
} else {
$version = '';
}
if (isset($_POST['software_expire'])) {
$expire = sanitizeInput($_POST['software_expire']);
} elseif ($software_row) {
$expire = $software_row['software_expire'];
} else {
$expire = 'NULL';
}
if (isset($_POST['software_notes'])) {
$notes = sanitizeInput($_POST['software_notes']);
} elseif ($software_row) {
$notes = mysqli_real_escape_string($mysqli, $software_row['software_notes']);
} else {
$notes = '';
}
if (isset($_POST['software_type'])) {
$type = intval($_POST['software_type']);
} elseif ($software_row) {
$type = $software_row['software_type'];
} else {
$type = 0;
}
if (isset($_POST['software_vendor_id'])) {
$vendor_id = intval($_POST['software_vendor_id']);
} elseif ($software_row) {
$vendor_id = $software_row['software_vendor_id'];
} else {
$vendor_id = 0;
}

31
api/v1/software/update.php
View File

@@ -1,31 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse ID
$software_id = intval($_POST['software_id']);
// Default
$update_count = false;
if (!empty($software_id)) {
$software_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$software_id' AND software_client_id = $client_id LIMIT 1"));
require_once 'software_model.php';
$update_sql = mysqli_query($mysqli, "UPDATE software SET software_name = '$name', software_description = '$description', software_key = '$key', software_seats = $seats, software_version = '$version', software_expire = '$expire', software_notes = '$notes', software_type = $type, software_vendor_id = $vendor_id WHERE software_id = $software_id AND software_client_id = $client_id LIMIT 1");
if ($update_sql) {
$update_count = mysqli_affected_rows($mysqli);
// Logging
logAction("Software", "Edit", "$name via API ($api_key_name)", $client_id);
logAction("API", "Success", "Edited software $name via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../update_output.php';

28
api/v1/tickets/delete.php
View File

@@ -1,28 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse ID
$ticket_id = intval($_POST['ticket_id']);
// Default
$delete_count = false;
if (!empty($ticket_id)) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id AND ticket_client_id = $client_id LIMIT 1"));
$ticket_subject = $row['ticket_subject'];
$delete_sql = mysqli_query($mysqli, "DELETE FROM tickets WHERE ticket_id = $ticket_id AND ticket_client_id = $client_id LIMIT 1");
if ($delete_sql && !empty($ticket_subject)) {
$delete_count = mysqli_affected_rows($mysqli);
// Logging
logAction("Ticket", "Delete", "$ticket_subject via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../delete_output.php';

31
api/v1/tickets/update.php
View File

@@ -1,31 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse ID
$ticket_id = intval($_POST['ticket_id']);
// Default
$update_count = false;
if (!empty($ticket_id)) {
$ticket_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_client_id = $client_id LIMIT 1"));
require_once 'ticket_model.php';
$update_sql = mysqli_query($mysqli, "UPDATE tickets SET ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_billable = $billable, ticket_vendor_ticket_number = '$vendor_ticket_number', ticket_vendor_id = $vendor_id, ticket_assigned_to = $assigned_to, ticket_contact_id = $contact, ticket_asset_id = $asset WHERE ticket_id = $ticket_id AND ticket_client_id = $client_id LIMIT 1");
if ($update_sql) {
$update_count = mysqli_affected_rows($mysqli);
// Logging
logAction("Ticket", "Edit", "$subject via API ($api_key_name)", $client_id);
logAction("API", "Success", "Edited ticket $subject via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../update_output.php';

27
api/v1/vendors/create.php vendored
View File

@@ -1,27 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
$vendor_row = false; // Creation, not an update
require_once 'vendor_model.php';
// Default
$insert_id = false;
if (!empty($name)) {
$insert_sql = mysqli_query($mysqli, "INSERT INTO vendors SET vendor_name = '$name', vendor_description = '$description', vendor_website = '$website', vendor_phone = '$phone', vendor_notes = '$notes', vendor_client_id = $client_id");
if ($insert_sql) {
$insert_id = mysqli_insert_id($mysqli);
// Logging
logAction("Vendor", "Create", "Created vendor $name via API ($api_key_name)", $client_id, $insert_id);
logAction("API", "Success", "Created vendor $name via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../create_output.php';

28
api/v1/vendors/delete.php vendored
View File

@@ -1,28 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse ID
$vendor_id = intval($_POST['vendor_id']);
// Default
$delete_count = false;
if (!empty($vendor_id)) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_id = $vendor_id AND vendor_client_id = $client_id LIMIT 1"));
$vendor_name = $row['vendor_name'];
$delete_sql = mysqli_query($mysqli, "DELETE FROM vendors WHERE vendor_id = $vendor_id AND vendor_client_id = $client_id LIMIT 1");
if ($delete_sql && !empty($vendor_name)) {
$delete_count = mysqli_affected_rows($mysqli);
// Logging
logAction("Vendor", "Delete", "$vendor_name via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../delete_output.php';

31
api/v1/vendors/update.php vendored
View File

@@ -1,31 +0,0 @@
<?php
require_once '../validate_api_key.php';
require_once '../require_post_method.php';
// Parse ID
$vendor_id = intval($_POST['vendor_id']);
// Default
$update_count = false;
if (!empty($vendor_id)) {
$vendor_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_id = '$vendor_id' AND vendor_client_id = $client_id LIMIT 1"));
require_once 'vendor_model.php';
$update_sql = mysqli_query($mysqli, "UPDATE vendors SET vendor_name = '$name', vendor_description = '$description', vendor_website = '$website', vendor_phone = '$phone', vendor_notes = '$notes' WHERE vendor_id = $vendor_id AND vendor_client_id = $client_id LIMIT 1");
if ($update_sql) {
$update_count = mysqli_affected_rows($mysqli);
// Logging
logAction("Vendor", "Edit", "$name via API ($api_key_name)", $client_id);
logAction("API", "Success", "Edited vendor $name via API ($api_key_name)", $client_id);
}
}
// Output
require_once '../update_output.php';

43
api/v1/vendors/vendor_model.php vendored
View File

@@ -1,43 +0,0 @@
<?php
// Variable assignment from POST (or: blank/from DB is updating)
if (isset($_POST['vendor_name'])) {
$name = sanitizeInput($_POST['vendor_name']);
} elseif ($vendor_row) {
$name = mysqli_real_escape_string($mysqli, $vendor_row['vendor_name']);
} else {
$name = '';
}
if (isset($_POST['vendor_description'])) {
$description = sanitizeInput($_POST['vendor_description']);
} elseif ($vendor_row) {
$description = mysqli_real_escape_string($mysqli, $vendor_row['vendor_description']);
} else {
$description = '';
}
if (isset($_POST['vendor_website'])) {
$website = preg_replace("(^https?://)", "", sanitizeInput($_POST['vendor_website']));
} elseif ($vendor_row) {
$website = mysqli_real_escape_string($mysqli, $vendor_row['vendor_website']);
} else {
$website = '';
}
if (isset($_POST['vendor_phone'])) {
$phone = sanitizeInput($_POST['vendor_phone']);
} elseif ($vendor_row) {
$phone = mysqli_real_escape_string($mysqli, $vendor_row['vendor_phone']);
} else {
$phone = '';
}
if (isset($_POST['vendor_notes'])) {
$notes = sanitizeInput($_POST['vendor_notes']);
} elseif ($vendor_row) {
$notes = mysqli_real_escape_string($mysqli, $vendor_row['vendor_notes']);
} else {
$notes = '';
}