AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-21 21:15:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fix Broken API due to incorrect named function https://forum.itflow.org/d/119-api-broken

Browse Source
This commit is contained in:
johnnyq
2023-03-14 18:59:43 -04:00
parent 37e21e963b
commit 3f028e8560
3 changed files with 18 additions and 11 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
api/v1/validate_api_key.php
View File

@@ -17,8 +17,8 @@ header('Content-Type: application/json');
$_POST = json_decode(file_get_contents('php://input'), true); $_POST = json_decode(file_get_contents('php://input'), true);
// Get IP & UA // Get IP & UA
$ip = santizeInput(getIP()); $ip = sanitizeInput(getIP());
$user_agent = santizeInput($_SERVER['HTTP_USER_AGENT']); $user_agent = sanitizeInput($_SERVER['HTTP_USER_AGENT']);
// Setup return array // Setup return array
$return_arr = array(); $return_arr = array();
@@ -56,15 +56,15 @@ if (!isset($_GET['api_key']) && !isset($_POST['api_key'])) {
// Set API key variable // Set API key variable
if (isset($_GET['api_key'])) { if (isset($_GET['api_key'])) {
$api_key = santizeInput($_GET['api_key']); $api_key = sanitizeInput($_GET['api_key']);
} }
if (isset($_POST['api_key'])) { if (isset($_POST['api_key'])) {
$api_key = santizeInput($_POST['api_key']); $api_key = sanitizeInput($_POST['api_key']);
} }
// Validate API key // Validate API key
if (isset($api_key)) { if (isset($api_key)) {
$api_key = santizeInput($api_key); $api_key = sanitizeInput($api_key);
$sql = mysqli_query($mysqli, "SELECT * FROM api_keys WHERE api_key_secret = '$api_key' AND api_key_expire > NOW() LIMIT 1"); $sql = mysqli_query($mysqli, "SELECT * FROM api_keys WHERE api_key_secret = '$api_key' AND api_key_expire > NOW() LIMIT 1");

17
cron_ticket_email_parser.php
View File

@@ -61,10 +61,11 @@ function addTicket($contact_id, $contact_name, $contact_email, $client_id, $date
mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1"); mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = 1");
// Prep ticket details // Prep ticket details
$message = nl2br(htmlentities(strip_tags($message))); //$message = nl2br(htmlentities(strip_tags($message)));
$message = trim(mysqli_real_escape_string($mysqli, "<i>Email from: $contact_email at $date:-</i> <br><br>$message")); $message = mysqli_real_escape_string($mysqli, nl2br($message));
$message = mysqli_real_escape_string($mysqli, "<i>Email from: $contact_email at $date:-</i> <br><br>$message");
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$message', ticket_priority = 'Low', ticket_status = 'Open', ticket_created_by = '0', ticket_contact_id = $contact_id, ticket_client_id = $client_id");
mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$message', ticket_priority = 'Low', ticket_status = 'Open', ticket_created_by = 0, ticket_contact_id = $contact_id, ticket_client_id = $client_id");
$id = mysqli_insert_id($mysqli); $id = mysqli_insert_id($mysqli);
// Logging // Logging
@@ -234,8 +235,14 @@ if ($emails) {
$subject = sanitizeInput($parser->getHeader('subject')); $subject = sanitizeInput($parser->getHeader('subject'));
$date = trim(mysqli_real_escape_string($mysqli, htmlentities(strip_tags($parser->getHeader('date'))))); $date = trim(mysqli_real_escape_string($mysqli, htmlentities(strip_tags($parser->getHeader('date')))));
$message = $parser->getMessageBody('text'); $message = $parser->getMessageBody('text');
//$message .= $parser->getMessageBody('htmlEmbedded');
//$text = "Some Text";
//$message = str_replace("</body>", "<p>{$text}</p></body>", $message);
// Check if we can identify a ticket number (in square brackets) // Check if we can identify a ticket number (in square brackets)

2
portal/tickets.php
View File

@@ -45,7 +45,7 @@ $total_tickets = intval($row['total_tickets']);
<div class="row"> <div class="row">
<div class="col-md-1 text-center"> <div class="col-md-1 text-center">
<?php if (!empty($session_contact_photo)) { ?> <?php if (!empty($session_contact_photo)) { ?>
<img src="<?php echo "../uploads/clients/$session_company_id/$session_client_id/$session_contact_photo"; ?>" alt="..." height="50" width="50" class="img-circle img-responsive"> <img src="<?php echo "../uploads/clients/$session_client_id/$session_contact_photo"; ?>" alt="..." height="50" width="50" class="img-circle img-responsive">
<?php } else { ?> <?php } else { ?>