AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-26 23:35:39 +00:00
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #545 from wrongecho/tidy

Browse Source 
Code Style Tidying
This commit is contained in:
Johnny
2023-01-01 15:56:34 -05:00
committed by GitHub
parent 94d8ec5360 dd00f48e5b
commit 3fd62cd16e
43 changed files with 1552 additions and 1561 deletions
Download Patch File Download Diff File Expand all files Collapse all files

94
ajax.php
View File

@@ -6,17 +6,17 @@
* Always returns data in JSON format, unless otherwise specified * Always returns data in JSON format, unless otherwise specified
*/ */
include("config.php"); require_once("config.php");
include("functions.php"); require_once("functions.php");
include("check_login.php"); require_once("check_login.php");
require_once("rfc6238.php"); require_once("rfc6238.php");
/* /*
* Fetches SSL certificates from remote hosts & returns the relevant info (issuer, expiry, public key) * Fetches SSL certificates from remote hosts & returns the relevant info (issuer, expiry, public key)
*/ */
if(isset($_GET['certificate_fetch_parse_json_details'])){ if (isset($_GET['certificate_fetch_parse_json_details'])) {
// PHP doesn't appreciate attempting SSL sockets to non-existent domains // PHP doesn't appreciate attempting SSL sockets to non-existent domains
if(empty($_GET['domain'])){ if (empty($_GET['domain'])) {
exit(); exit();
} }
$domain = $_GET['domain']; $domain = $_GET['domain'];
@@ -28,7 +28,7 @@ if(isset($_GET['certificate_fetch_parse_json_details'])){
$url = parse_url($domain, PHP_URL_HOST); $url = parse_url($domain, PHP_URL_HOST);
$port = parse_url($domain, PHP_URL_PORT); $port = parse_url($domain, PHP_URL_PORT);
// Default port // Default port
if(!$port){ if (!$port) {
$port = "443"; $port = "443";
} }
@@ -41,13 +41,12 @@ if(isset($_GET['certificate_fetch_parse_json_details'])){
openssl_x509_export($cert['options']['ssl']['peer_certificate'], $export); openssl_x509_export($cert['options']['ssl']['peer_certificate'], $export);
// Process data // Process data
if($cert_public_key_obj){ if ($cert_public_key_obj) {
$response['success'] = "TRUE"; $response['success'] = "TRUE";
$response['expire'] = date('Y-m-d', $cert_public_key_obj['validTo_time_t']); $response['expire'] = date('Y-m-d', $cert_public_key_obj['validTo_time_t']);
$response['issued_by'] = strip_tags($cert_public_key_obj['issuer']['O']); $response['issued_by'] = strip_tags($cert_public_key_obj['issuer']['O']);
$response['public_key'] = $export; //nl2br $response['public_key'] = $export; //nl2br
} } else {
else{
$response['success'] = "FALSE"; $response['success'] = "FALSE";
} }
@@ -58,21 +57,21 @@ if(isset($_GET['certificate_fetch_parse_json_details'])){
/* /*
* Looks up info for a given certificate ID from the database, used to dynamically populate modal fields * Looks up info for a given certificate ID from the database, used to dynamically populate modal fields
*/ */
if(isset($_GET['certificate_get_json_details'])){ if (isset($_GET['certificate_get_json_details'])) {
validateTechRole(); validateTechRole();
$certificate_id = intval($_GET['certificate_id']); $certificate_id = intval($_GET['certificate_id']);
$client_id = intval($_GET['client_id']); $client_id = intval($_GET['client_id']);
// Individual certificate lookup // Individual certificate lookup
$cert_sql = mysqli_query($mysqli,"SELECT * FROM certificates WHERE certificate_id = $certificate_id AND certificate_client_id = $client_id"); $cert_sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = $certificate_id AND certificate_client_id = $client_id");
while($row = mysqli_fetch_array($cert_sql)){ while ($row = mysqli_fetch_array($cert_sql)) {
$response['certificate'][] = $row; $response['certificate'][] = $row;
} }
// Get all domains for this client that could be linked to this certificate // Get all domains for this client that could be linked to this certificate
$domains_sql = mysqli_query($mysqli, "SELECT domain_id, domain_name FROM domains WHERE domain_client_id = '$client_id' AND company_id = '$session_company_id'"); $domains_sql = mysqli_query($mysqli, "SELECT domain_id, domain_name FROM domains WHERE domain_client_id = '$client_id' AND company_id = '$session_company_id'");
while($row = mysqli_fetch_array($domains_sql)){ while ($row = mysqli_fetch_array($domains_sql)) {
$response['domains'][] = $row; $response['domains'][] = $row;
} }
@@ -82,21 +81,21 @@ if(isset($_GET['certificate_get_json_details'])){
/* /*
* Looks up info for a given domain ID from the database, used to dynamically populate modal fields * Looks up info for a given domain ID from the database, used to dynamically populate modal fields
*/ */
if(isset($_GET['domain_get_json_details'])){ if (isset($_GET['domain_get_json_details'])) {
validateTechRole(); validateTechRole();
$domain_id = intval($_GET['domain_id']); $domain_id = intval($_GET['domain_id']);
$client_id = intval($_GET['client_id']); $client_id = intval($_GET['client_id']);
// Individual domain lookup // Individual domain lookup
$cert_sql = mysqli_query($mysqli,"SELECT * FROM domains WHERE domain_id = $domain_id AND domain_client_id = $client_id"); $cert_sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = $domain_id AND domain_client_id = $client_id");
while($row = mysqli_fetch_array($cert_sql)){ while ($row = mysqli_fetch_array($cert_sql)) {
$response['domain'][] = $row; $response['domain'][] = $row;
} }
// Get all registrars/webhosts (vendors) for this client that could be linked to this domain // Get all registrars/webhosts (vendors) for this client that could be linked to this domain
$vendor_sql = mysqli_query($mysqli, "SELECT vendor_id, vendor_name FROM vendors WHERE vendor_client_id = $client_id"); $vendor_sql = mysqli_query($mysqli, "SELECT vendor_id, vendor_name FROM vendors WHERE vendor_client_id = $client_id");
while($row = mysqli_fetch_array($vendor_sql)){ while ($row = mysqli_fetch_array($vendor_sql)) {
$response['vendors'][] = $row; $response['vendors'][] = $row;
} }
@@ -106,20 +105,19 @@ if(isset($_GET['domain_get_json_details'])){
/* /*
* Looks up info on the ticket number provided, used to populate the ticket merge modal * Looks up info on the ticket number provided, used to populate the ticket merge modal
*/ */
if(isset($_GET['merge_ticket_get_json_details'])){ if (isset($_GET['merge_ticket_get_json_details'])) {
validateTechRole(); validateTechRole();
$merge_into_ticket_number = intval($_GET['merge_into_ticket_number']); $merge_into_ticket_number = intval($_GET['merge_into_ticket_number']);
$sql = mysqli_query($mysqli,"SELECT * FROM tickets $sql = mysqli_query($mysqli, "SELECT * FROM tickets
LEFT JOIN clients ON ticket_client_id = client_id LEFT JOIN clients ON ticket_client_id = client_id
LEFT JOIN contacts ON ticket_contact_id = contact_id LEFT JOIN contacts ON ticket_contact_id = contact_id
WHERE ticket_number = '$merge_into_ticket_number' AND tickets.company_id = '$session_company_id'"); WHERE ticket_number = '$merge_into_ticket_number' AND tickets.company_id = '$session_company_id'");
if(mysqli_num_rows($sql) == 0){ if (mysqli_num_rows($sql) == 0) {
//Do nothing. //Do nothing.
} } else {
else {
//Return ticket, client and contact details for the given ticket number //Return ticket, client and contact details for the given ticket number
$response = mysqli_fetch_array($sql); $response = mysqli_fetch_array($sql);
echo json_encode($response); echo json_encode($response);
@@ -129,15 +127,15 @@ if(isset($_GET['merge_ticket_get_json_details'])){
/* /*
* Looks up info for a given network ID from the database, used to dynamically populate modal fields * Looks up info for a given network ID from the database, used to dynamically populate modal fields
*/ */
if(isset($_GET['network_get_json_details'])){ if (isset($_GET['network_get_json_details'])) {
validateTechRole(); validateTechRole();
$network_id = intval($_GET['network_id']); $network_id = intval($_GET['network_id']);
$client_id = intval($_GET['client_id']); $client_id = intval($_GET['client_id']);
// Individual network lookup // Individual network lookup
$network_sql = mysqli_query($mysqli,"SELECT * FROM networks WHERE network_id = $network_id AND network_client_id = $client_id"); $network_sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = $network_id AND network_client_id = $client_id");
while($row = mysqli_fetch_array($network_sql)){ while ($row = mysqli_fetch_array($network_sql)) {
$response['network'][] = $row; $response['network'][] = $row;
} }
@@ -145,14 +143,14 @@ if(isset($_GET['network_get_json_details'])){
$locations_sql = mysqli_query($mysqli, "SELECT location_id, location_name FROM locations $locations_sql = mysqli_query($mysqli, "SELECT location_id, location_name FROM locations
WHERE location_client_id = '$client_id' AND company_id = '$session_company_id'" WHERE location_client_id = '$client_id' AND company_id = '$session_company_id'"
); );
while($row = mysqli_fetch_array($locations_sql)){ while ($row = mysqli_fetch_array($locations_sql)) {
$response['locations'][] = $row; $response['locations'][] = $row;
} }
echo json_encode($response); echo json_encode($response);
} }
if(isset($_POST['client_set_notes'])){ if (isset($_POST['client_set_notes'])) {
$client_id = intval($_POST['client_id']); $client_id = intval($_POST['client_id']);
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['notes']))); $notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['notes'])));
@@ -160,7 +158,7 @@ if(isset($_POST['client_set_notes'])){
mysqli_query($mysqli, "UPDATE clients SET client_notes = '$notes' WHERE client_id = '$client_id'"); mysqli_query($mysqli, "UPDATE clients SET client_notes = '$notes' WHERE client_id = '$client_id'");
// Logging // Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Client', log_action = 'Modify', log_description = '$session_name modified client notes', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client', log_action = 'Modify', log_description = '$session_name modified client notes', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $client_id, log_user_id = $session_user_id, company_id = $session_company_id");
} }
@@ -169,7 +167,7 @@ if(isset($_POST['client_set_notes'])){
* Called upon loading a ticket, and every 2 mins thereafter * Called upon loading a ticket, and every 2 mins thereafter
* Is used in conjunction with ticket_query_views to show who is currently viewing a ticket * Is used in conjunction with ticket_query_views to show who is currently viewing a ticket
*/ */
if(isset($_GET['ticket_add_view'])){ if (isset($_GET['ticket_add_view'])) {
$ticket_id = intval($_GET['ticket_id']); $ticket_id = intval($_GET['ticket_id']);
mysqli_query($mysqli, "INSERT INTO ticket_views SET view_ticket_id = '$ticket_id', view_user_id = '$session_user_id', view_timestamp = NOW()"); mysqli_query($mysqli, "INSERT INTO ticket_views SET view_ticket_id = '$ticket_id', view_user_id = '$session_user_id', view_timestamp = NOW()");
@@ -180,35 +178,35 @@ if(isset($_GET['ticket_add_view'])){
* Returns formatted text of the agents currently viewing a ticket * Returns formatted text of the agents currently viewing a ticket
* Called upon loading a ticket, and every 2 mins thereafter * Called upon loading a ticket, and every 2 mins thereafter
*/ */
if(isset($_GET['ticket_query_views'])){ if (isset($_GET['ticket_query_views'])) {
$ticket_id = intval($_GET['ticket_id']); $ticket_id = intval($_GET['ticket_id']);
$query = mysqli_query($mysqli, "SELECT user_name FROM ticket_views LEFT JOIN users ON view_user_id = user_id WHERE view_ticket_id = '$ticket_id' AND view_user_id != '$session_user_id' AND view_timestamp > DATE_SUB(NOW(), INTERVAL 2 MINUTE)"); $query = mysqli_query($mysqli, "SELECT user_name FROM ticket_views LEFT JOIN users ON view_user_id = user_id WHERE view_ticket_id = '$ticket_id' AND view_user_id != '$session_user_id' AND view_timestamp > DATE_SUB(NOW(), INTERVAL 2 MINUTE)");
while($row = mysqli_fetch_array($query)){ while ($row = mysqli_fetch_array($query)) {
$users[] = $row['user_name']; $users[] = $row['user_name'];
} }
if(!empty($users)){
if (!empty($users)) {
$users = array_unique($users); $users = array_unique($users);
if(count($users) > 1){ if (count($users) > 1) {
// Multiple viewers // Multiple viewers
$response['message'] = implode(", ", $users) . " are viewing this ticket."; $response['message'] = implode(", ", $users) . " are viewing this ticket.";
} } else {
else{
// Single viewer // Single viewer
$response['message'] = implode("", $users) . " is viewing this ticket."; $response['message'] = implode("", $users) . " is viewing this ticket.";
} }
} } else {
else{
// No viewers // No viewers
$response['message'] = ""; $response['message'] = "";
} }
echo json_encode($response); echo json_encode($response);
} }
/* /*
* Generates public/guest links for sharing logins/docs * Generates public/guest links for sharing logins/docs
*/ */
if(isset($_GET['share_generate_link'])){ if (isset($_GET['share_generate_link'])) {
validateTechRole(); validateTechRole();
$item_encrypted_credential = ''; // Default empty $item_encrypted_credential = ''; // Default empty
@@ -221,17 +219,17 @@ if(isset($_GET['share_generate_link'])){
$item_expires = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['expires']))); $item_expires = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['expires'])));
$item_key = bin2hex(random_bytes(78)); $item_key = bin2hex(random_bytes(78));
if($item_type == "Document"){ if ($item_type == "Document") {
$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = '$item_id' AND document_client_id = '$client_id' LIMIT 1")); $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT document_name FROM documents WHERE document_id = '$item_id' AND document_client_id = '$client_id' LIMIT 1"));
$item_name = $row['document_name']; $item_name = $row['document_name'];
} }
if($item_type == "File"){ if ($item_type == "File") {
$row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT file_name FROM files WHERE file_id = '$item_id' AND file_client_id = '$client_id' LIMIT 1")); $row = mysqli_fetch_array(mysqli_query($mysqli, "SELECT file_name FROM files WHERE file_id = '$item_id' AND file_client_id = '$client_id' LIMIT 1"));
$item_name = $row['file_name']; $item_name = $row['file_name'];
} }
if($item_type == "Login"){ if ($item_type == "Login") {
$login = mysqli_query($mysqli, "SELECT login_name, login_password FROM logins WHERE login_id = '$item_id' AND login_client_id = '$client_id' LIMIT 1"); $login = mysqli_query($mysqli, "SELECT login_name, login_password FROM logins WHERE login_id = '$item_id' AND login_client_id = '$client_id' LIMIT 1");
$row = mysqli_fetch_array($login); $row = mysqli_fetch_array($login);
@@ -251,23 +249,23 @@ if(isset($_GET['share_generate_link'])){
$share_id = $mysqli->insert_id; $share_id = $mysqli->insert_id;
// Return URL // Return URL
if($item_type == "Login"){ if ($item_type == "Login") {
$url = "$config_base_url/guest_view_item.php?id=$share_id&key=$item_key&ek=$login_encryption_key"; $url = "$config_base_url/guest_view_item.php?id=$share_id&key=$item_key&ek=$login_encryption_key";
} }
else{ else {
$url = "$config_base_url/guest_view_item.php?id=$share_id&key=$item_key"; $url = "$config_base_url/guest_view_item.php?id=$share_id&key=$item_key";
} }
echo json_encode($url); echo json_encode($url);
// Logging // Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Sharing', log_action = 'Create', log_description = '$session_name created shared link for $item_type - $item_name', log_client_id = '$client_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Sharing', log_action = 'Create', log_description = '$session_name created shared link for $item_type - $item_name', log_client_id = '$client_id', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_user_id = $session_user_id, company_id = $session_company_id");
} }
/* /*
* Looks up info for a given scheduled ticket ID from the database, used to dynamically populate modal edit fields * Looks up info for a given scheduled ticket ID from the database, used to dynamically populate modal edit fields
*/ */
if(isset($_GET['scheduled_ticket_get_json_details'])){ if (isset($_GET['scheduled_ticket_get_json_details'])) {
validateTechRole(); validateTechRole();
$client_id = intval($_GET['client_id']); $client_id = intval($_GET['client_id']);
@@ -276,12 +274,12 @@ if(isset($_GET['scheduled_ticket_get_json_details'])){
$ticket_sql = mysqli_query($mysqli, "SELECT * FROM scheduled_tickets $ticket_sql = mysqli_query($mysqli, "SELECT * FROM scheduled_tickets
WHERE scheduled_ticket_id = $ticket_id WHERE scheduled_ticket_id = $ticket_id
AND scheduled_ticket_client_id = $client_id LIMIT 1"); AND scheduled_ticket_client_id = $client_id LIMIT 1");
while($row = mysqli_fetch_array($ticket_sql)){ while ($row = mysqli_fetch_array($ticket_sql)) {
$response['ticket'][] = $row; $response['ticket'][] = $row;
} }
$asset_sql = mysqli_query($mysqli, "SELECT asset_id, asset_name FROM assets WHERE asset_client_id = $client_id AND asset_archived_at IS NULL"); $asset_sql = mysqli_query($mysqli, "SELECT asset_id, asset_name FROM assets WHERE asset_client_id = $client_id AND asset_archived_at IS NULL");
while($row = mysqli_fetch_array($asset_sql)){ while ($row = mysqli_fetch_array($asset_sql)) {
$response['assets'][] = $row; $response['assets'][] = $row;
} }
@@ -293,7 +291,7 @@ if(isset($_GET['scheduled_ticket_get_json_details'])){
* Dynamic TOTP for client login page * Dynamic TOTP for client login page
* When provided with a TOTP secret, returns a 6-digit code * When provided with a TOTP secret, returns a 6-digit code
*/ */
if(isset($_GET['get_totp_token'])){ if (isset($_GET['get_totp_token'])) {
$otp = TokenAuth6238::getTokenCode($_GET['totp_secret']); $otp = TokenAuth6238::getTokenCode($_GET['totp_secret']);
echo json_encode($otp); echo json_encode($otp);

106
api/v1/assets/create.php
View File

@@ -1,107 +1,107 @@
<?php <?php
require('../validate_api_key.php');
require('../require_post_method.php'); require_once('../validate_api_key.php');
require_once('../require_post_method.php');
// Parse info // Parse info
// Variable assignment - assigning blank if a value is not provided // Variable assignment - assigning blank if a value is not provided
if(isset($_POST['asset_name'])){ if (isset($_POST['asset_name'])) {
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_name']))); $name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_name'])));
} else{ } else {
$name = ''; $name = '';
} }
if(isset($_POST['asset_type'])){ if (isset($_POST['asset_type'])) {
$type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_type']))); $type = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_type'])));
} else{ } else {
$type = ''; $type = '';
} }
if(isset($_POST['asset_make'])){ if (isset($_POST['asset_make'])) {
$make = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_make']))); $make = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_make'])));
} else{ } else {
$make = ''; $make = '';
} }
if(isset($_POST['asset_model'])){ if (isset($_POST['asset_model'])) {
$model = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_model']))); $model = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_model'])));
} else{ } else {
$model = ''; $model = '';
} }
if(isset($_POST['asset_serial'])){ if (isset($_POST['asset_serial'])) {
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_serial']))); $serial = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_serial'])));
} else{ } else {
$serial = ''; $serial = '';
} }
if(isset($_POST['asset_os'])){ if (isset($_POST['asset_os'])) {
$os = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_os']))); $os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
} else{ } else {
$os = ''; $os = '';
} }
if(isset($_POST['asset_ip'])){ if (isset($_POST['asset_ip'])) {
$aip = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_ip']))); $aip = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_ip'])));
} else{ } else {
$aip = ''; $aip = '';
} }
if(isset($_POST['asset_mac'])){ if (isset($_POST['asset_mac'])) {
$mac = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_mac']))); $mac = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_mac'])));
} else{ } else {
$mac = ''; $mac = '';
} }
if(isset($_POST['asset_purchase_date'])){ if (isset($_POST['asset_purchase_date'])) {
$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_purchase_date']))); $purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_purchase_date'])));
} else{ } else {
$purchase_date = "0000-00-00"; $purchase_date = "0000-00-00";
} }
if(isset($_POST['asset_warranty_expire'])){ if (isset($_POST['asset_warranty_expire'])) {
$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_warranty_expire']))); $warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_warranty_expire'])));
} else{ } else {
$warranty_expire = "0000-00-00"; $warranty_expire = "0000-00-00";
} }
if(isset($_POST['asset_install_date'])){ if (isset($_POST['asset_install_date'])) {
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_install_date']))); $install_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_install_date'])));
} else{ } else {
$install_date = "0000-00-00"; $install_date = "0000-00-00";
} }
if(isset($_POST['asset_notes'])){ if (isset($_POST['asset_notes'])) {
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_notes']))); $notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_notes'])));
} else{ } else {
$notes = ''; $notes = '';
} }
if(isset($_POST['asset_vendor_id'])){ if (isset($_POST['asset_vendor_id'])) {
$vendor = intval($_POST['asset_vendor_id']); $vendor = intval($_POST['asset_vendor_id']);
} else{ } else {
$vendor = '0'; $vendor = '0';
} }
if(isset($_POST['asset_location_id'])){ if (isset($_POST['asset_location_id'])) {
$location = intval($_POST['asset_location_id']); $location = intval($_POST['asset_location_id']);
} else{ } else {
$location = '0'; $location = '0';
} }
if(isset($_POST['asset_contact_id'])){ if (isset($_POST['asset_contact_id'])) {
$contact = intval($_POST['asset_contact_id']); $contact = intval($_POST['asset_contact_id']);
} else{ } else {
$contact = '0'; $contact = '0';
} }
if(isset($_POST['asset_network_id'])){ if (isset($_POST['asset_network_id'])) {
$network = intval($_POST['asset_network_id']); $network = intval($_POST['asset_network_id']);
} else{ } else {
$network = '0'; $network = '0';
} }
// Default // Default
$insert_id = FALSE; $insert_id = false;
if(!empty($name) && !empty($client_id)){ if (!empty($name) && !empty($client_id)) {
// Insert into Database // Insert into Database
$insert_sql = mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'"); $insert_sql = mysqli_query($mysqli, "INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
if($insert_sql){ if ($insert_sql) {
$insert_id = mysqli_insert_id($mysqli); $insert_id = mysqli_insert_id($mysqli);
//Logging //Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
} }
} }
// Output // Output
include('../create_output.php'); require_once('../create_output.php');

14
api/v1/assets/delete.php
View File

@@ -1,28 +1,28 @@
<?php <?php
require('../validate_api_key.php'); require_once('../validate_api_key.php');
require('../require_post_method.php'); require_once('../require_post_method.php');
// Parse ID // Parse ID
$asset_id = intval($_POST['asset_id']); $asset_id = intval($_POST['asset_id']);
// Default // Default
$delete_count = FALSE; $delete_count = false;
if(!empty($asset_id)){ if (!empty($asset_id)) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1")); $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
$asset_name = $row['asset_name']; $asset_name = $row['asset_name'];
$delete_sql = mysqli_query($mysqli, "DELETE FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"); $delete_sql = mysqli_query($mysqli, "DELETE FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
// Check delete & get affected rows // Check delete & get affected rows
if($delete_sql && !empty($asset_name)){ if ($delete_sql && !empty($asset_name)) {
$delete_count = mysqli_affected_rows($mysqli); $delete_count = mysqli_affected_rows($mysqli);
//Logging //Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Deleted', log_description = '$asset_name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Deleted', log_description = '$asset_name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
} }
} }
// Output // Output
include('../delete_output.php'); require_once('../delete_output.php');

22
api/v1/assets/read.php
View File

@@ -1,42 +1,42 @@
<?php <?php
require('../validate_api_key.php');
require('../require_get_method.php'); require_once('../validate_api_key.php');
require_once('../require_get_method.php');
// Asset via ID (single) // Asset via ID (single)
if(isset($_GET['asset_id'])){ if (isset($_GET['asset_id'])) {
$id = intval($_GET['asset_id']); $id = intval($_GET['asset_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$id' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$id' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id'");
} }
// Asset query via type // Asset query via type
elseif(isset($_GET['asset_type'])){ elseif (isset($_GET['asset_type'])) {
$type = mysqli_real_escape_string($mysqli,ucfirst($_GET['asset_type'])); $type = mysqli_real_escape_string($mysqli,ucfirst($_GET['asset_type']));
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_type = '$type' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_type = '$type' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
} }
// Asset query via name // Asset query via name
elseif(isset($_GET['asset_name'])){ elseif (isset($_GET['asset_name'])) {
$name = mysqli_real_escape_string($mysqli,$_GET['asset_name']); $name = mysqli_real_escape_string($mysqli, $_GET['asset_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_name = '$name' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_name = '$name' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
} }
// Asset query via serial // Asset query via serial
elseif(isset($_GET['asset_serial'])){ elseif (isset($_GET['asset_serial'])) {
$serial = mysqli_real_escape_string($mysqli,$_GET['asset_serial']); $serial = mysqli_real_escape_string($mysqli, $_GET['asset_serial']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_serial = '$serial' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_serial = '$serial' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
} }
// Asset query via client ID // Asset query via client ID
elseif(isset($_GET['client_id']) && $client_id == "%"){ elseif (isset($_GET['client_id']) && $client_id == "%") {
$client_id = intval($_GET['client_id']); $client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
} }
// All assets // All assets
else{ else {
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
} }
// Output // Output
include("../read_output.php"); require_once("../read_output.php");

112
api/v1/assets/update.php
View File

@@ -1,116 +1,116 @@
<?php <?php
require('../validate_api_key.php');
require('../require_post_method.php'); require_once('../validate_api_key.php');
require_once('../require_post_method.php');
// Parse ID // Parse ID
$asset_id = intval($_POST['asset_id']); $asset_id = intval($_POST['asset_id']);
// Default // Default
$update_count = FALSE; $update_count = false;
if(!empty($asset_id)){ if (!empty($asset_id)) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$asset_id' AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1")); $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$asset_id' AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
// Variable assignment - assigning the current database value if a value is not provided // Variable assignment - assigning the current database value if a value is not provided
if(isset($_POST['asset_name'])){ if (isset($_POST['asset_name'])) {
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_name']))); $name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_name'])));
} else{ } else {
$name = $row['asset_name']; $name = $row['asset_name'];
} }
if(isset($_POST['asset_type'])){ if (isset($_POST['asset_type'])) {
$type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_type']))); $type = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_type'])));
} else{ } else {
$type = $row['asset_type']; $type = $row['asset_type'];
} }
if(isset($_POST['asset_make'])){ if (isset($_POST['asset_make'])) {
$make = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_make']))); $make = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_make'])));
} else{ } else {
$make = $row['asset_make']; $make = $row['asset_make'];
} }
if(isset($_POST['asset_model'])){ if (isset($_POST['asset_model'])) {
$model = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_model']))); $model = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_model'])));
} else{ } else {
$model = $row['asset_model']; $model = $row['asset_model'];
} }
if(isset($_POST['asset_serial'])){ if (isset($_POST['asset_serial'])) {
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_serial']))); $serial = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_serial'])));
} else{ } else {
$serial = $row['asset_serial']; $serial = $row['asset_serial'];
} }
if(isset($_POST['asset_os'])){ if (isset($_POST['asset_os'])) {
$os = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_os']))); $os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
} else{ } else {
$os = $row['asset_os']; $os = $row['asset_os'];
} }
if(isset($_POST['asset_os'])){ if (isset($_POST['asset_os'])) {
$os = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_os']))); $os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
} else{ } else {
$os = $row['asset_os']; $os = $row['asset_os'];
} }
if(isset($_POST['asset_ip'])){ if (isset($_POST['asset_ip'])) {
$aip = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_ip']))); $aip = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_ip'])));
} else{ } else {
$aip = $row['asset_ip']; $aip = $row['asset_ip'];
} }
if(isset($_POST['asset_mac'])){ if (isset($_POST['asset_mac'])) {
$mac = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_mac']))); $mac = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_mac'])));
} else{ } else {
$mac = $row['asset_mac']; $mac = $row['asset_mac'];
} }
if(isset($_POST['asset_purchase_date'])){ if (isset($_POST['asset_purchase_date'])) {
$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_purchase_date']))); $purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_purchase_date'])));
} else{ } else {
$purchase_date = $row['asset_purchase_date']; $purchase_date = $row['asset_purchase_date'];
} }
if(isset($_POST['asset_warranty_expire'])){ if (isset($_POST['asset_warranty_expire'])) {
$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_warranty_expire']))); $warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_warranty_expire'])));
} else{ } else {
$warranty_expire = $row['asset_warranty_expire']; $warranty_expire = $row['asset_warranty_expire'];
} }
if(isset($_POST['asset_install_date'])){ if (isset($_POST['asset_install_date'])) {
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_install_date']))); $install_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_install_date'])));
} else{ } else {
$install_date = $row['asset_install_date']; $install_date = $row['asset_install_date'];
} }
if(isset($_POST['asset_notes'])){ if (isset($_POST['asset_notes'])) {
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_notes']))); $notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_notes'])));
} else{ } else {
$notes = $row['asset_notes']; $notes = $row['asset_notes'];
} }
if(isset($_POST['asset_vendor_id'])){ if (isset($_POST['asset_vendor_id'])) {
$vendor = intval($_POST['asset_vendor_id']); $vendor = intval($_POST['asset_vendor_id']);
} else{ } else {
$vendor = $row['asset_vendor_id']; $vendor = $row['asset_vendor_id'];
} }
if(isset($_POST['asset_location_id'])){ if (isset($_POST['asset_location_id'])) {
$location = intval($_POST['asset_location_id']); $location = intval($_POST['asset_location_id']);
} else{ } else {
$location = $row['asset_location_id']; $location = $row['asset_location_id'];
} }
if(isset($_POST['asset_contact_id'])){ if (isset($_POST['asset_contact_id'])) {
$contact = intval($_POST['asset_contact_id']); $contact = intval($_POST['asset_contact_id']);
} else{ } else {
$contact = $row['asset_contact_id']; $contact = $row['asset_contact_id'];
} }
if(isset($_POST['asset_network_id'])){ if (isset($_POST['asset_network_id'])) {
$network = intval($_POST['asset_network_id']); $network = intval($_POST['asset_network_id']);
} else{ } else {
$network = $row['asset_network_id']; $network = $row['asset_network_id'];
} }
$update_sql = mysqli_query($mysqli,"UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_updated_at = NOW(), asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"); $update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_updated_at = NOW(), asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
// Check insert & get insert ID // Check insert & get insert ID
if($update_sql){ if ($update_sql) {
$update_count = mysqli_affected_rows($mysqli); $update_count = mysqli_affected_rows($mysqli);
//Logging //Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated asset $name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated asset $name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
} }
} }
// Output // Output
include('../update_output.php'); require_once('../update_output.php');

16
api/v1/certificates/read.php
View File

@@ -1,30 +1,30 @@
<?php <?php
require('../validate_api_key.php');
require('../require_get_method.php'); require_once('../validate_api_key.php');
require_once('../require_get_method.php');
// Specific certificate via ID (single) // Specific certificate via ID (single)
if(isset($_GET['certificate_id'])){ if (isset($_GET['certificate_id'])) {
$id = intval($_GET['certificate_id']); $id = intval($_GET['certificate_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = '$id' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = '$id' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id'");
} }
// Certificate by name // Certificate by name
elseif(isset($_GET['certificate_name'])){ elseif (isset($_GET['certificate_name'])) {
$name = mysqli_real_escape_string($mysqli,$_GET['certificate_name']); $name = mysqli_real_escape_string($mysqli, $_GET['certificate_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_name = '$name' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_name = '$name' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
} }
// Certificate via client ID (if allowed) // Certificate via client ID (if allowed)
elseif(isset($_GET['client_id']) && $client_id == "%"){ elseif (isset($_GET['client_id']) && $client_id == "%") {
$client_id = intval($_GET['client_id']); $client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
} }
// All certificates // All certificates
else{ else {
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
} }
// Output // Output
include("../read_output.php"); require_once("../read_output.php");

14
api/v1/clients/read.php
View File

@@ -1,24 +1,24 @@
<?php <?php
require('../validate_api_key.php');
require('../require_get_method.php'); require_once('../validate_api_key.php');
require_once('../require_get_method.php');
// Specific client via ID (single) // Specific client via ID (single)
if(isset($_GET['client_id'])){ if (isset($_GET['client_id'])) {
$id = intval($_GET['client_id']); $id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = '$id' AND client_id LIKE '$client_id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = '$id' AND client_id LIKE '$client_id' AND company_id = '$company_id'");
} }
// Specific client via name (single) // Specific client via name (single)
elseif(isset($_GET['client_name'])){ elseif (isset($_GET['client_name'])) {
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['client_name']))); $name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_GET['client_name'])));
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_name = '$name' AND client_id LIKE '$client_id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_name = '$name' AND client_id LIKE '$client_id' AND company_id = '$company_id'");
} }
// All clients // All clients
else{ else {
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY client_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY client_id LIMIT $limit OFFSET $offset");
} }
// Output // Output
include("../read_output.php"); require_once("../read_output.php");

12
api/v1/contacts/contact_model.php
View File

@@ -1,13 +1,13 @@
<?php <?php
define('number_regex', '/[^0-9]/'); define('number_regex', '/[^0-9]/');
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_name']))); $name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_name'])));
$title = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_title']))); $title = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_title'])));
$department = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_department']))); $department = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_department'])));
$phone = preg_replace(number_regex, '', $_POST['contact_phone']); $phone = preg_replace(number_regex, '', $_POST['contact_phone']);
$extension = preg_replace(number_regex, '', $_POST['contact_extension']); $extension = preg_replace(number_regex, '', $_POST['contact_extension']);
$mobile = preg_replace(number_regex, '', $_POST['contact_mobile']); $mobile = preg_replace(number_regex, '', $_POST['contact_mobile']);
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_email']))); $email = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_email'])));
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_notes']))); $notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_notes'])));
$auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_auth_method']))); $auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_auth_method'])));
$location_id = intval($_POST['contact_location_id']); $location_id = intval($_POST['contact_location_id']);

20
api/v1/contacts/create.php
View File

@@ -1,34 +1,34 @@
<?php <?php
require('../validate_api_key.php');
require('../require_post_method.php'); require_once('../validate_api_key.php');
require_once('../require_post_method.php');
// Parse Info // Parse Info
include('contact_model.php'); require_once('contact_model.php');
// Default // Default
$insert_id = FALSE; $insert_id = FALSE;
if(!empty($name) && !empty($email) && !empty($client_id)){ if (!empty($name) && !empty($email) && !empty($client_id)) {
// Check contact with $email doesn't already exist // Check contact with $email doesn't already exist
$email_duplication_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id = '$client_id'"); $email_duplication_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id = '$client_id'");
if(mysqli_num_rows($email_duplication_sql) == 0){ if (mysqli_num_rows($email_duplication_sql) == 0) {
// Insert contact // Insert contact
$insert_sql = mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_created_at = NOW(), contact_department = '$department', contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id"); $insert_sql = mysqli_query($mysqli, "INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_created_at = NOW(), contact_department = '$department', contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id");
// Check insert & get insert ID // Check insert & get insert ID
if($insert_sql){ if ($insert_sql) {
$insert_id = mysqli_insert_id($mysqli); $insert_id = mysqli_insert_id($mysqli);
//Logging //Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
} }
} }
} }
// Output // Output
include('../create_output.php'); require_once('../create_output.php');

12
api/v1/contacts/delete.php
View File

@@ -1,7 +1,7 @@
<?php <?php
require('../validate_api_key.php');
require('../require_post_method.php'); require_once('../validate_api_key.php');
require_once('../require_post_method.php');
// Parse ID // Parse ID
$contact_id = intval($_POST['contact_id']); $contact_id = intval($_POST['contact_id']);
@@ -9,20 +9,20 @@ $contact_id = intval($_POST['contact_id']);
// Default // Default
$delete_count = FALSE; $delete_count = FALSE;
if(!empty($contact_id)){ if (!empty($contact_id)) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1")); $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
$contact_name = $row['contact_name']; $contact_name = $row['contact_name'];
$delete_sql = mysqli_query($mysqli, "DELETE FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1"); $delete_sql = mysqli_query($mysqli, "DELETE FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
// Check delete & get affected rows // Check delete & get affected rows
if($delete_sql && !empty($contact_name)){ if ($delete_sql && !empty($contact_name)) {
$delete_count = mysqli_affected_rows($mysqli); $delete_count = mysqli_affected_rows($mysqli);
//Logging //Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Deleted', log_description = '$contact_name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Deleted', log_description = '$contact_name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
} }
} }
// Output // Output
include('../delete_output.php'); require_once('../delete_output.php');

14
api/v1/contacts/read.php
View File

@@ -1,24 +1,24 @@
<?php <?php
require('../validate_api_key.php');
require('../require_get_method.php'); require_once('../validate_api_key.php');
require_once('../require_get_method.php');
// Specific contact via ID (single) // Specific contact via ID (single)
if(isset($_GET['contact_id'])){ if (isset($_GET['contact_id'])) {
$id = intval($_GET['contact_id']); $id = intval($_GET['contact_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$id' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$id' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
} }
// Specific contact via email (single) // Specific contact via email (single)
elseif(isset($_GET['contact_email'])){ elseif (isset($_GET['contact_email'])) {
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['contact_email']))); $email = trim(strip_tags(mysqli_real_escape_string($mysqli, $_GET['contact_email'])));
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
} }
// All contacts // All contacts
else{ else {
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY contact_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY contact_id LIMIT $limit OFFSET $offset");
} }
// Output // Output
include("../read_output.php"); require_once("../read_output.php");

18
api/v1/contacts/update.php
View File

@@ -1,28 +1,28 @@
<?php <?php
require('../validate_api_key.php');
require('../require_post_method.php'); require_once('../validate_api_key.php');
require_once('../require_post_method.php');
// Parse Info // Parse Info
$contact_id = intval($_POST['contact_id']); $contact_id = intval($_POST['contact_id']);
include('contact_model.php'); require_once('contact_model.php');
// Default // Default
$update_count = FALSE; $update_count = FALSE;
if(!empty($name) && !empty($email)){ if (!empty($name) && !empty($email)) {
$update_sql = mysqli_query($mysqli,"UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_updated_at = NOW(), contact_department_id = $department, contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id WHERE contact_id = $contact_id LIMIT 1"); $update_sql = mysqli_query($mysqli, "UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_updated_at = NOW(), contact_department_id = $department, contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id WHERE contact_id = $contact_id LIMIT 1");
// Check insert & get insert ID // Check insert & get insert ID
if($update_sql){ if ($update_sql) {
$update_count = mysqli_affected_rows($mysqli); $update_count = mysqli_affected_rows($mysqli);
//Logging //Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
} }
} }
// Output // Output
include('../update_output.php'); require_once('../update_output.php');

4
api/v1/create_output.php
View File

@@ -7,7 +7,7 @@
*/ */
// Check if the insert query was successful // Check if the insert query was successful
if(isset($insert_id) && is_numeric($insert_id)){ if (isset($insert_id) && is_numeric($insert_id)) {
// Insert successful // Insert successful
$return_arr['success'] = "True"; $return_arr['success'] = "True";
$return_arr['count'] = '1'; $return_arr['count'] = '1';
@@ -17,7 +17,7 @@ if(isset($insert_id) && is_numeric($insert_id)){
} }
// Query returned false: something went wrong, or it was declined due to required variables missing // Query returned false: something went wrong, or it was declined due to required variables missing
else{ else {
$return_arr['success'] = "False"; $return_arr['success'] = "False";
$return_arr['message'] = "Auth success but insert query failed, ensure ALL required variables are provided (and aren't duplicates where applicable) and database schema is up-to-date. Turn on error logging and look for 'undefined index'."; $return_arr['message'] = "Auth success but insert query failed, ensure ALL required variables are provided (and aren't duplicates where applicable) and database schema is up-to-date. Turn on error logging and look for 'undefined index'.";
} }

4
api/v1/delete_output.php
View File

@@ -7,14 +7,14 @@
*/ */
// Check if delete query was successful // Check if delete query was successful
if(isset($delete_count) && is_numeric($delete_count) && $delete_count > 0){ if (isset($delete_count) && is_numeric($delete_count) && $delete_count > 0) {
// Delete was successful // Delete was successful
$return_arr['success'] = "True"; $return_arr['success'] = "True";
$return_arr['count'] = $delete_count; $return_arr['count'] = $delete_count;
} }
// Delete query returned false: something went wrong, or it was declined due to required variables missing // Delete query returned false: something went wrong, or it was declined due to required variables missing
else{ else {
$return_arr['success'] = "False"; $return_arr['success'] = "False";
$return_arr['message'] = "Auth success but delete query failed. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: asset/client/company ID mismatch."; $return_arr['message'] = "Auth success but delete query failed. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: asset/client/company ID mismatch.";
} }

16
api/v1/domains/read.php
View File

@@ -1,30 +1,30 @@
<?php <?php
require('../validate_api_key.php');
require('../require_get_method.php'); require_once('../validate_api_key.php');
require_once('../require_get_method.php');
// Specific domain via ID (single) // Specific domain via ID (single)
if(isset($_GET['domain_id'])){ if (isset($_GET['domain_id'])) {
$id = intval($_GET['domain_id']); $id = intval($_GET['domain_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = '$id' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = '$id' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id'");
} }
// Domain by name // Domain by name
elseif(isset($_GET['domain_name'])){ elseif (isset($_GET['domain_name'])) {
$name = mysqli_real_escape_string($mysqli,$_GET['domain_name']); $name = mysqli_real_escape_string($mysqli, $_GET['domain_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
} }
// Domain via client ID (if allowed) // Domain via client ID (if allowed)
elseif(isset($_GET['client_id']) && $client_id == "%"){ elseif (isset($_GET['client_id']) && $client_id == "%") {
$client_id = intval($_GET['client_id']); $client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
} }
// All domains // All domains
else{ else {
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
} }
// Output // Output
include("../read_output.php"); require_once("../read_output.php");

16
api/v1/networks/read.php
View File

@@ -1,30 +1,30 @@
<?php <?php
require('../validate_api_key.php');
require('../require_get_method.php'); require_once('../validate_api_key.php');
require_once('../require_get_method.php');
// Specific network via ID (single) // Specific network via ID (single)
if(isset($_GET['network_id'])){ if (isset($_GET['network_id'])) {
$id = intval($_GET['network_id']); $id = intval($_GET['network_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = '$id' AND network_client_id LIKE '$client_id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = '$id' AND network_client_id LIKE '$client_id' AND company_id = '$company_id'");
} }
// Network by name // Network by name
elseif(isset($_GET['network_name'])){ elseif (isset($_GET['network_name'])) {
$name = mysqli_real_escape_string($mysqli,$_GET['network_name']); $name = mysqli_real_escape_string($mysqli, $_GET['network_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_name = '$name' AND network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_name = '$name' AND network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
} }
// Network via client ID (if allowed) // Network via client ID (if allowed)
elseif(isset($_GET['client_id']) && $client_id == "%"){ elseif (isset($_GET['client_id']) && $client_id == "%") {
$client_id = intval($_GET['client_id']); $client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
} }
// All networks // All networks
else{ else {
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
} }
// Output // Output
include("../read_output.php"); require_once("../read_output.php");

6
api/v1/read_output.php
View File

@@ -6,19 +6,19 @@
* Returns success & data messages * Returns success & data messages
*/ */
if($sql && mysqli_num_rows($sql) > 0){ if ($sql && mysqli_num_rows($sql) > 0) {
$return_arr['success'] = "True"; $return_arr['success'] = "True";
$return_arr['count'] = mysqli_num_rows($sql); $return_arr['count'] = mysqli_num_rows($sql);
$row = array(); $row = array();
while($row = mysqli_fetch_array($sql)){ while ($row = mysqli_fetch_array($sql)) {
$return_arr['data'][] = $row; $return_arr['data'][] = $row;
} }
echo json_encode($return_arr); echo json_encode($return_arr);
exit(); exit();
} }
else{ else {
$return_arr['success'] = "False"; $return_arr['success'] = "False";
$return_arr['message'] = "No resource (for this client and company) with the specified parameter(s)."; $return_arr['message'] = "No resource (for this client and company) with the specified parameter(s).";
echo json_encode($return_arr); echo json_encode($return_arr);

4
api/v1/require_get_method.php
View File

@@ -1,5 +1,5 @@
<?php <?php
if($_SERVER['REQUEST_METHOD'] !== "GET"){ if ($_SERVER['REQUEST_METHOD'] !== "GET") {
header("HTTP/1.1 405 Method Not Allowed"); header("HTTP/1.1 405 Method Not Allowed");
$return_arr['success'] = "False"; $return_arr['success'] = "False";
$return_arr['message'] = "Can only send GET requests to this endpoint."; $return_arr['message'] = "Can only send GET requests to this endpoint.";
@@ -8,6 +8,6 @@ if($_SERVER['REQUEST_METHOD'] !== "GET"){
} }
// Wildcard client ID for most SELECT queries // Wildcard client ID for most SELECT queries
if($client_id == 0){ if ($client_id == 0) {
$client_id = "%"; $client_id = "%";
} }

4
api/v1/require_post_method.php
View File

@@ -1,5 +1,5 @@
<?php <?php
if($_SERVER['REQUEST_METHOD'] !== "POST"){ if ($_SERVER['REQUEST_METHOD'] !== "POST") {
header("HTTP/1.1 405 Method Not Allowed"); header("HTTP/1.1 405 Method Not Allowed");
$return_arr['success'] = "False"; $return_arr['success'] = "False";
$return_arr['message'] = "Can only send POST requests to this endpoint."; $return_arr['message'] = "Can only send POST requests to this endpoint.";
@@ -9,6 +9,6 @@ if($_SERVER['REQUEST_METHOD'] !== "POST"){
// Client ID must be specific for INSERT/UPDATE/DELETE queries // Client ID must be specific for INSERT/UPDATE/DELETE queries
// If this API key allows any client, set $client_id to the one specified, else leave it // If this API key allows any client, set $client_id to the one specified, else leave it
if($client_id == 0){ if ($client_id == 0) {
$client_id = intval($_POST['client_id']); $client_id = intval($_POST['client_id']);
} }

22
api/v1/software/read.php
View File

@@ -1,42 +1,42 @@
<?php <?php
require('../validate_api_key.php');
require('../require_get_method.php'); require_once('../validate_api_key.php');
require_once('../require_get_method.php');
// Specific software via ID (single) // Specific software via ID (single)
if(isset($_GET['software_id'])){ if (isset($_GET['software_id'])) {
$id = intval($_GET['software_id']); $id = intval($_GET['software_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$id' AND software_client_id LIKE '$client_id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$id' AND software_client_id LIKE '$client_id' AND company_id = '$company_id'");
} }
// Specific software via License ID // Specific software via License ID
if(isset($_GET['software_license'])){ if (isset($_GET['software_license'])) {
$license = mysqli_real_escape_string($mysqli,$_GET['software_license']); $license = mysqli_real_escape_string($mysqli, $_GET['software_license']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_license_type = '$license' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_license_type = '$license' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
} }
// Software by name // Software by name
elseif(isset($_GET['software_name'])){ elseif (isset($_GET['software_name'])) {
$name = mysqli_real_escape_string($mysqli,$_GET['software_name']); $name = mysqli_real_escape_string($mysqli, $_GET['software_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_name = '$name' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_name = '$name' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
} }
// Software via type // Software via type
elseif(isset($_GET['software_type'])){ elseif (isset($_GET['software_type'])) {
$type = intval($_GET['software_type']); $type = intval($_GET['software_type']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_type = '$type' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_type = '$type' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
} }
// Software via client ID (if allowed) // Software via client ID (if allowed)
elseif(isset($_GET['client_id']) && $client_id == "%"){ elseif (isset($_GET['client_id']) && $client_id == "%") {
$client_id = intval($_GET['client_id']); $client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
} }
// All software(s) // All software(s)
else{ else {
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
} }
// Output // Output
include("../read_output.php"); require_once("../read_output.php");

10
api/v1/tickets/read.php
View File

@@ -1,18 +1,18 @@
<?php <?php
require('../validate_api_key.php');
require('../require_get_method.php'); require_once('../validate_api_key.php');
require_once('../require_get_method.php');
// Specific ticket via ID (single) // Specific ticket via ID (single)
if(isset($_GET['ticket_id'])){ if (isset($_GET['ticket_id'])) {
$id = intval($_GET['ticket_id']); $id = intval($_GET['ticket_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$id' AND ticket_client_id LIKE '$client_id' AND company_id = '$company_id'"); $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$id' AND ticket_client_id LIKE '$client_id' AND company_id = '$company_id'");
} }
// All tickets // All tickets
else{ else {
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset"); $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset");
} }
// Output // Output
include("../read_output.php"); require_once("../read_output.php");

4
api/v1/update_output.php
View File

@@ -7,14 +7,14 @@
*/ */
// Check if the insert query was successful // Check if the insert query was successful
if(isset($update_count) && is_numeric($update_count) && $update_count > 0){ if (isset($update_count) && is_numeric($update_count) && $update_count > 0) {
// Insert successful // Insert successful
$return_arr['success'] = "True"; $return_arr['success'] = "True";
$return_arr['count'] = $update_count; $return_arr['count'] = $update_count;
} }
// Query returned false: something went wrong, or it was declined due to required variables missing // Query returned false: something went wrong, or it was declined due to required variables missing
else{ else {
$return_arr['success'] = "False"; $return_arr['success'] = "False";
$return_arr['message'] = "Auth success but update query failed/returned no results. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: non-existent module ID (contact ID/ticket ID/etc)"; $return_arr['message'] = "Auth success but update query failed/returned no results. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: non-existent module ID (contact ID/ticket ID/etc)";
} }

40
api/v1/validate_api_key.php
View File

@@ -7,8 +7,8 @@
*/ */
// Includes // Includes
include( __DIR__ . '../../../functions.php'); require_once( __DIR__ . '../../../functions.php');
include(__DIR__ . "../../../config.php"); require_once(__DIR__ . "../../../config.php");
// JSON header // JSON header
header('Content-Type: application/json'); header('Content-Type: application/json');
@@ -17,9 +17,9 @@ header('Content-Type: application/json');
$_POST = json_decode(file_get_contents('php://input'), true); $_POST = json_decode(file_get_contents('php://input'), true);
// Get user IP // Get user IP
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip())); $ip = strip_tags(mysqli_real_escape_string($mysqli, get_ip()));
// Get user agent // Get user agent
$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT'])); $user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
// Setup return array // Setup return array
$return_arr = array(); $return_arr = array();
@@ -43,37 +43,37 @@ DEFINE("WORDING_UNAUTHORIZED", "HTTP/1.1 401 Unauthorized");
*/ */
// Decline methods other than GET/POST // Decline methods other than GET/POST
if($_SERVER['REQUEST_METHOD'] !== "GET" && $_SERVER['REQUEST_METHOD'] !== "POST"){ if ($_SERVER['REQUEST_METHOD'] !== "GET" && $_SERVER['REQUEST_METHOD'] !== "POST") {
header("HTTP/1.1 405 Method Not Allowed"); header("HTTP/1.1 405 Method Not Allowed");
var_dump($_SERVER['REQUEST_METHOD']); var_dump($_SERVER['REQUEST_METHOD']);
exit(); exit();
} }
// Check API key is provided // Check API key is provided
if(!isset($_GET['api_key']) && !isset($_POST['api_key'])){ if (!isset($_GET['api_key']) && !isset($_POST['api_key'])) {
header(WORDING_UNAUTHORIZED); header(WORDING_UNAUTHORIZED);
exit(); exit();
} }
// Set API key variable // Set API key variable
if(isset($_GET['api_key'])){ if (isset($_GET['api_key'])) {
$api_key = $_GET['api_key']; $api_key = $_GET['api_key'];
} }
if(isset($_POST['api_key'])){ if (isset($_POST['api_key'])) {
$api_key = $_POST['api_key']; $api_key = $_POST['api_key'];
} }
// Validate API key // Validate API key
if(isset($api_key)){ if (isset($api_key)) {
$api_key = mysqli_real_escape_string($mysqli,$api_key); $api_key = mysqli_real_escape_string($mysqli, $api_key);
$sql = mysqli_query($mysqli,"SELECT * FROM api_keys WHERE api_key_secret = '$api_key' AND api_key_expire > NOW() LIMIT 1"); $sql = mysqli_query($mysqli, "SELECT * FROM api_keys WHERE api_key_secret = '$api_key' AND api_key_expire > NOW() LIMIT 1");
// Failed // Failed
if(mysqli_num_rows($sql) !== 1){ if (mysqli_num_rows($sql) !== 1) {
// Invalid Key // Invalid Key
header(WORDING_UNAUTHORIZED); header(WORDING_UNAUTHORIZED);
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired Key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired Key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
$return_arr['success'] = "False"; $return_arr['success'] = "False";
$return_arr['message'] = "API Key authentication failure or expired."; $return_arr['message'] = "API Key authentication failure or expired.";
@@ -84,7 +84,7 @@ if(isset($api_key)){
} }
// Success // Success
else{ else {
// Set client ID, company ID & key name // Set client ID, company ID & key name
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
@@ -93,23 +93,23 @@ if(isset($api_key)){
$company_id = $row['company_id']; $company_id = $row['company_id'];
// Set limit & offset for queries // Set limit & offset for queries
if(isset($_GET['limit'])){ if (isset($_GET['limit'])) {
$limit = intval($_GET['limit']); $limit = intval($_GET['limit']);
} }
elseif(isset($_POST['limit'])){ elseif (isset($_POST['limit'])) {
$limit = intval($_POST['limit']); $limit = intval($_POST['limit']);
} }
else{ else {
$limit = 50; $limit = 50;
} }
if(isset($_GET['offset'])){ if (isset($_GET['offset'])) {
$offset = intval($_GET['offset']); $offset = intval($_GET['offset']);
} }
elseif(isset($_POST['offset'])){ elseif (isset($_POST['offset'])) {
$offset = intval($_POST['offset']); $offset = intval($_POST['offset']);
} }
else{ else {
$offset = 0; $offset = 0;
} }

49
get_credential.php
View File

@@ -18,17 +18,16 @@
// Headers to allow extensions access (CORS) // Headers to allow extensions access (CORS)
$chrome_id = "chrome-extension://afgpakhonllnmnomchjhidealcpmnegc"; $chrome_id = "chrome-extension://afgpakhonllnmnomchjhidealcpmnegc";
//$firefox_id = "moz-extension://857479e9-3992-4e99-9a5e-b514d2ad0a82"; // Firefox rejected the extension. They are still using manifest v2 so will just focus on Chrome/Edge with v3 for now until Mozilla catches up
if (isset($_SERVER['HTTP_ORIGIN'])) { if (isset($_SERVER['HTTP_ORIGIN'])) {
if($_SERVER['HTTP_ORIGIN'] == $chrome_id){ if ($_SERVER['HTTP_ORIGIN'] == $chrome_id) {
header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}"); header("Access-Control-Allow-Origin: {$_SERVER['HTTP_ORIGIN']}");
header('Access-Control-Allow-Credentials: true'); header('Access-Control-Allow-Credentials: true');
} }
} }
include("config.php"); include_once("config.php");
include("functions.php"); include_once("functions.php");
// IP & User Agent for logging // IP & User Agent for logging
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip())); $ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
@@ -41,13 +40,13 @@ DEFINE("WORDING_BAD_EXT_COOKIE_KEY", "ITFlow - You are not logged into ITFlow, d
// Check user is logged in & has extension access // Check user is logged in & has extension access
// We're not using the PHP session as we don't want to potentially expose the session cookie with SameSite None // We're not using the PHP session as we don't want to potentially expose the session cookie with SameSite None
if(!isset($_COOKIE['user_extension_key'])){ if (!isset($_COOKIE['user_extension_key'])) {
$data['found'] = "FALSE"; $data['found'] = "FALSE";
$data['message'] = WORDING_BAD_EXT_COOKIE_KEY; $data['message'] = WORDING_BAD_EXT_COOKIE_KEY;
echo(json_encode($data)); echo json_encode($data);
//Logging // Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent'"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent'");
exit(); exit();
} }
@@ -56,13 +55,13 @@ if(!isset($_COOKIE['user_extension_key'])){
$user_extension_key = $_COOKIE['user_extension_key']; $user_extension_key = $_COOKIE['user_extension_key'];
// Check the key isn't empty, less than 17 characters or the word "disabled". // Check the key isn't empty, less than 17 characters or the word "disabled".
if(empty($user_extension_key) || strlen($user_extension_key) < 16 || strtolower($user_extension_key) == "disabled"){ if (empty($user_extension_key) || strlen($user_extension_key) < 16 || strtolower($user_extension_key) == "disabled") {
$data['found'] = "FALSE"; $data['found'] = "FALSE";
$data['message'] = WORDING_BAD_EXT_COOKIE_KEY; $data['message'] = WORDING_BAD_EXT_COOKIE_KEY;
echo(json_encode($data)); echo json_encode($data);
//Logging // Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent'"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent'");
exit(); exit();
} }
@@ -74,25 +73,25 @@ $auth_user = mysqli_query($mysqli, "SELECT * FROM users LEFT JOIN user_settings
$row = mysqli_fetch_array($auth_user); $row = mysqli_fetch_array($auth_user);
// Check SQL query state // Check SQL query state
if(mysqli_num_rows($auth_user) < 1 || !$auth_user){ if (mysqli_num_rows($auth_user) < 1 || !$auth_user) {
$data['found'] = "FALSE"; $data['found'] = "FALSE";
$data['message'] = WORDING_BAD_EXT_COOKIE_KEY; $data['message'] = WORDING_BAD_EXT_COOKIE_KEY;
echo(json_encode($data)); echo json_encode($data);
//Logging //Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent'"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent'");
exit(); exit();
} }
// Sanity check // Sanity check
if(hash('sha256', $row['user_extension_key']) !== hash('sha256', $_COOKIE['user_extension_key'])){ if (hash('sha256', $row['user_extension_key']) !== hash('sha256', $_COOKIE['user_extension_key'])) {
$data['found'] = "FALSE"; $data['found'] = "FALSE";
$data['message'] = WORDING_BAD_EXT_COOKIE_KEY; $data['message'] = WORDING_BAD_EXT_COOKIE_KEY;
echo(json_encode($data)); echo json_encode($data);
//Logging //Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent'"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = 'Failed login attempt using extension (get_credential.php)', log_ip = '$ip', log_user_agent = '$user_agent'");
exit(); exit();
} }
@@ -110,28 +109,28 @@ $session_company_id = $row['user_default_company'];
$session_user_role = $row['user_role']; $session_user_role = $row['user_role'];
// Check user access level is correct (not an accountant) // Check user access level is correct (not an accountant)
if($session_user_role < 1){ if ($session_user_role < 1) {
$data['found'] = "FALSE"; $data['found'] = "FALSE";
$data['message'] = WORDING_ROLECHECK_FAILED; $data['message'] = WORDING_ROLECHECK_FAILED;
echo(json_encode($data)); echo json_encode($data);
//Logging //Logging
$user_name = mysqli_real_escape_string($mysqli, $session_name); $user_name = mysqli_real_escape_string($mysqli, $session_name);
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = '$user_name not authorised to use extension', log_ip = '$ip', log_user_agent = '$user_agent', log_user_id = $session_user_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Login', log_action = 'Extension Failed', log_description = '$user_name not authorised to use extension', log_ip = '$ip', log_user_agent = '$user_agent', log_user_id = $session_user_id");
exit(); exit();
} }
// Lets go! // Lets go!
if(isset($_GET['host'])){ if (isset($_GET['host'])) {
if(!empty($_GET['host'])){ if (!empty($_GET['host'])) {
$url = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['host']))); $url = trim(strip_tags(mysqli_real_escape_string($mysqli, $_GET['host'])));
$sql_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE (login_uri = '$url' AND company_id = '$session_company_id') LIMIT 1"); $sql_logins = mysqli_query($mysqli, "SELECT * FROM logins WHERE (login_uri = '$url' AND company_id = '$session_company_id') LIMIT 1");
if(mysqli_num_rows($sql_logins) > 0){ if (mysqli_num_rows($sql_logins) > 0) {
$row = mysqli_fetch_array($sql_logins); $row = mysqli_fetch_array($sql_logins);
$data['found'] = "TRUE"; $data['found'] = "TRUE";
$data['username'] = htmlentities($row['login_username']); $data['username'] = htmlentities($row['login_username']);

12
portal/check_login.php
View File

@@ -5,27 +5,27 @@
* Checks if the client is logged in or not * Checks if the client is logged in or not
*/ */
if(!isset($_SESSION)){ if (!isset($_SESSION)) {
// HTTP Only cookies // HTTP Only cookies
ini_set("session.cookie_httponly", True); ini_set("session.cookie_httponly", True);
if($config_https_only){ if ($config_https_only) {
// Tell client to only send cookie(s) over HTTPS // Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", True); ini_set("session.cookie_secure", True);
} }
session_start(); session_start();
} }
if(!$_SESSION['client_logged_in']){ if (!$_SESSION['client_logged_in']) {
header("Location: login.php"); header("Location: login.php");
die; die;
} }
// SESSION FINGERPRINT // SESSION FINGERPRINT
$session_ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip())); $session_ip = strip_tags(mysqli_real_escape_string($mysqli, get_ip()));
$session_os = strip_tags(mysqli_real_escape_string($mysqli,get_os())); $session_os = strip_tags(mysqli_real_escape_string($mysqli, get_os()));
// Get user agent // Get user agent
$session_user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT'])); $session_user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
// Get info from session // Get info from session
$session_client_id = $_SESSION['client_id']; $session_client_id = $_SESSION['client_id'];

14
portal/inc_portal.php
View File

@@ -4,19 +4,19 @@
* Includes for all pages (except login) * Includes for all pages (except login)
*/ */
include('../config.php'); require_once('../config.php');
include('../functions.php'); require_once('../functions.php');
include('check_login.php'); require_once('check_login.php');
include('portal_functions.php'); require_once('portal_functions.php');
if(!isset($_SESSION)){ if (!isset($_SESSION)) {
// HTTP Only cookies // HTTP Only cookies
ini_set("session.cookie_httponly", True); ini_set("session.cookie_httponly", True);
if($config_https_only){ if ($config_https_only) {
// Tell client to only send cookie(s) over HTTPS // Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", True); ini_set("session.cookie_secure", True);
} }
session_start(); session_start();
} }
include("portal_header.php"); require_once("portal_header.php");

18
portal/index.php
View File

@@ -41,13 +41,13 @@ $total_tickets = $row['total_tickets'];
?> ?>
<table> <table>
<tr> <tr>
<th class="text-center"> <th class="text-center">
<?php if(!empty($session_contact_photo)){ ?> <?php if (!empty($session_contact_photo)) { ?>
<img src="<?php echo "../uploads/clients/$session_company_id/$session_client_id/$session_contact_photo"; ?>" alt="..." class=" img-size-50 img-circle"> <img src="<?php echo "../uploads/clients/$session_company_id/$session_client_id/$session_contact_photo"; ?>" alt="..." class=" img-size-50 img-circle">
<?php }else{ ?> <?php } else { ?>
<span class="fa-stack fa-2x rounded-left"> <span class="fa-stack fa-2x rounded-left">
<i class="fa fa-circle fa-stack-2x text-secondary"></i> <i class="fa fa-circle fa-stack-2x text-secondary"></i>
@@ -66,11 +66,11 @@ $total_tickets = $row['total_tickets'];
</div> </div>
</th> </th>
</tr> </tr>
</table> </table>
<br> <br>
<div class="row"> <div class="row">
<div class="col-10"> <div class="col-10">
<div class="card"> <div class="card">
@@ -86,7 +86,7 @@ $total_tickets = $row['total_tickets'];
<tbody> <tbody>
<?php <?php
while($ticket = mysqli_fetch_array($contact_tickets)){ while ($ticket = mysqli_fetch_array($contact_tickets)) {
echo "<tr>"; echo "<tr>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_prefix]$ticket[ticket_number]</a></td>"; echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_prefix]$ticket[ticket_number]</a></td>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_subject]</a></td>"; echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_subject]</a></td>";
@@ -126,6 +126,6 @@ $total_tickets = $row['total_tickets'];
</a> </a>
</div> </div>
</div> </div>
<?php include("portal_footer.php"); ?> <?php require_once("portal_footer.php"); ?>

28
portal/login.php
View File

@@ -9,10 +9,10 @@ require_once('../config.php');
require_once('../functions.php'); require_once('../functions.php');
require_once ('../get_settings.php'); require_once ('../get_settings.php');
if(!isset($_SESSION)){ if (!isset($_SESSION)) {
// HTTP Only cookies // HTTP Only cookies
ini_set("session.cookie_httponly", True); ini_set("session.cookie_httponly", True);
if($config_https_only){ if ($config_https_only) {
// Tell client to only send cookie(s) over HTTPS // Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", True); ini_set("session.cookie_secure", True);
} }
@@ -20,9 +20,9 @@ if(!isset($_SESSION)){
} }
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip())); $ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT'])); $user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
$sql_settings = mysqli_query($mysqli,"SELECT config_azure_client_id FROM settings WHERE company_id = '1'"); $sql_settings = mysqli_query($mysqli, "SELECT config_azure_client_id FROM settings WHERE company_id = '1'");
$settings = mysqli_fetch_array($sql_settings); $settings = mysqli_fetch_array($sql_settings);
$client_id = $settings['config_azure_client_id']; $client_id = $settings['config_azure_client_id'];
@@ -30,19 +30,19 @@ $company_sql = mysqli_query($mysqli, "SELECT company_name FROM companies WHERE c
$company_results = mysqli_fetch_array($company_sql); $company_results = mysqli_fetch_array($company_sql);
$company_name = $company_results['company_name']; $company_name = $company_results['company_name'];
if($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])){ if ($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])) {
$email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email'])); $email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
$password = $_POST['password']; $password = $_POST['password'];
if(!filter_var($email, FILTER_VALIDATE_EMAIL)){ if (!filter_var($email, FILTER_VALIDATE_EMAIL)) {
$_SESSION['login_message'] = 'Invalid e-mail'; $_SESSION['login_message'] = 'Invalid e-mail';
} }
else{ else {
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' LIMIT 1"); $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' LIMIT 1");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
if($row['contact_auth_method'] == 'local'){ if ($row['contact_auth_method'] == 'local') {
if(password_verify($password, $row['contact_password_hash'])){ if (password_verify($password, $row['contact_password_hash'])) {
$_SESSION['client_logged_in'] = TRUE; $_SESSION['client_logged_in'] = TRUE;
$_SESSION['client_id'] = $row['contact_client_id']; $_SESSION['client_id'] = $row['contact_client_id'];
@@ -55,13 +55,13 @@ if($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])){
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $row[contact_email] successfully logged in locally', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $row[contact_client_id]"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Success', log_description = 'Client contact $row[contact_email] successfully logged in locally', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $row[contact_client_id]");
} }
else{ else {
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
$_SESSION['login_message'] = 'Incorrect username or password.'; $_SESSION['login_message'] = 'Incorrect username or password.';
} }
} }
else{ else {
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client Login', log_action = 'Failed', log_description = 'Failed client portal login attempt using $email', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
$_SESSION['login_message'] = 'Incorrect username or password.'; $_SESSION['login_message'] = 'Incorrect username or password.';
} }
@@ -97,7 +97,7 @@ if($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])){
<div class="card-body login-card-body"> <div class="card-body login-card-body">
<p class="login-box-msg text-danger"> <p class="login-box-msg text-danger">
<?php <?php
if(!empty($_SESSION['login_message'])){ if (!empty($_SESSION['login_message'])) {
echo $_SESSION['login_message']; echo $_SESSION['login_message'];
unset($_SESSION['login_message']); unset($_SESSION['login_message']);
} }
@@ -131,7 +131,7 @@ if($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])){
</form> </form>
<?php <?php
if(!empty($client_id)){ ?> if (!empty($client_id)) { ?>
<hr> <hr>
<div class="col text-center"> <div class="col text-center">
<button type="button" class="btn btn-secondary" onclick="location.href = 'login_microsoft.php';">Login with Microsoft Azure AD</button> <button type="button" class="btn btn-secondary" onclick="location.href = 'login_microsoft.php';">Login with Microsoft Azure AD</button>
@@ -158,7 +158,7 @@ if($_SERVER['REQUEST_METHOD'] == 'POST' && isset($_POST['login'])){
<!-- Prevents resubmit on refresh or back --> <!-- Prevents resubmit on refresh or back -->
<script> <script>
if(window.history.replaceState){ if (window.history.replaceState) {
window.history.replaceState(null,null,window.location.href); window.history.replaceState(null,null,window.location.href);
} }
</script> </script>

57
portal/login_microsoft.php
View File

@@ -4,20 +4,20 @@
* OAuth Login via Microsoft IDP * OAuth Login via Microsoft IDP
*/ */
include('../config.php'); require_once('../config.php');
include('../functions.php'); require_once('../functions.php');
if(!isset($_SESSION)){ if (!isset($_SESSION)) {
// HTTP Only cookies // HTTP Only cookies
ini_set("session.cookie_httponly", True); ini_set("session.cookie_httponly", true);
if($config_https_only){ if ($config_https_only) {
// Tell client to only send cookie(s) over HTTPS // Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", True); ini_set("session.cookie_secure", true);
} }
session_start(); session_start();
} }
$sql_settings = mysqli_query($mysqli,"SELECT config_azure_client_id, config_azure_client_secret FROM settings WHERE company_id = '1'"); $sql_settings = mysqli_query($mysqli, "SELECT config_azure_client_id, config_azure_client_secret FROM settings WHERE company_id = '1'");
$settings = mysqli_fetch_array($sql_settings); $settings = mysqli_fetch_array($sql_settings);
$client_id = $settings['config_azure_client_id']; $client_id = $settings['config_azure_client_id'];
@@ -31,7 +31,7 @@ $token_grant_url = "https://login.microsoftonline.com/organizations/oauth2/v2.0/
// Initial Login Request, via Microsoft // Initial Login Request, via Microsoft
// Returns a authorization code if login was successful // Returns a authorization code if login was successful
if ($_SERVER['REQUEST_METHOD'] == "GET"){ if ($_SERVER['REQUEST_METHOD'] == "GET") {
$params = array ( $params = array (
'client_id' => $client_id, 'client_id' => $client_id,
@@ -41,13 +41,13 @@ if ($_SERVER['REQUEST_METHOD'] == "GET"){
'scope' => 'https://graph.microsoft.com/User.Read', 'scope' => 'https://graph.microsoft.com/User.Read',
'state' => session_id()); 'state' => session_id());
header ('Location: '.$auth_code_url.'?'.http_build_query ($params)); header('Location: '.$auth_code_url.'?'.http_build_query($params));
} }
// Login was successful, Microsoft has returned us a authorization code via POST // Login was successful, Microsoft has returned us a authorization code via POST
// Request an access token using authorization code (& client secret) (server side) // Request an access token using authorization code (& client secret) (server side)
if (isset($_POST['code']) && $_POST['state'] == session_id()){ if (isset($_POST['code']) && $_POST['state'] == session_id()) {
$params = array ( $params = array (
'client_id' =>$client_id, 'client_id' =>$client_id,
@@ -59,42 +59,41 @@ if (isset($_POST['code']) && $_POST['state'] == session_id()){
// Send request via CURL (server side) so user cannot see the client secret // Send request via CURL (server side) so user cannot see the client secret
$ch = curl_init(); $ch = curl_init();
curl_setopt($ch, CURLOPT_URL,$token_grant_url); curl_setopt($ch, CURLOPT_URL, $token_grant_url);
curl_setopt($ch, CURLOPT_POST, 1); curl_setopt($ch, CURLOPT_POST, 1);
curl_setopt($ch, CURLOPT_POSTFIELDS, curl_setopt($ch, CURLOPT_POSTFIELDS,
http_build_query($params)); http_build_query($params));
curl_setopt($ch, CURLOPT_RETURNTRANSFER,1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
#curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // DEBUG ONLY - WAMP #curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // DEBUG ONLY - WAMP
$access_token_response = json_decode(curl_exec($ch),1); $access_token_response = json_decode(curl_exec($ch), 1);
// Check if we have an access token // Check if we have an access token
// If we do, send a request to Microsoft Graph API to get user info // If we do, send a request to Microsoft Graph API to get user info
if (isset($access_token_response['access_token'])){ if (isset($access_token_response['access_token'])) {
$ch = curl_init(); $ch = curl_init();
curl_setopt ($ch, CURLOPT_HTTPHEADER, array ('Authorization: Bearer '.$access_token_response['access_token'], curl_setopt($ch, CURLOPT_HTTPHEADER, array ('Authorization: Bearer '.$access_token_response['access_token'],
'Content-type: application/json')); 'Content-type: application/json'));
curl_setopt ($ch, CURLOPT_URL, "https://graph.microsoft.com/v1.0/me/"); curl_setopt($ch, CURLOPT_URL, "https://graph.microsoft.com/v1.0/me/");
curl_setopt ($ch, CURLOPT_RETURNTRANSFER, 1); curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);
#curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // DEBUG ONLY - WAMP #curl_setopt($ch, CURLOPT_SSL_VERIFYPEER, 0); // DEBUG ONLY - WAMP
$msgraph_response = json_decode (curl_exec ($ch), 1); $msgraph_response = json_decode(curl_exec($ch), 1);
if (isset($msgraph_response['error'])){ if (isset($msgraph_response['error'])) {
// Something went wrong verifying the token/using the Graph API - quit // Something went wrong verifying the token/using the Graph API - quit
echo "Error with MS Graph API. Details:"; echo "Error with MS Graph API. Details:";
var_dump ($msgraph_response['error']); var_dump($msgraph_response['error']);
exit(); exit();
}
elseif(isset($msgraph_response['id'])){ } elseif (isset($msgraph_response['id'])) {
$upn = mysqli_real_escape_string($mysqli, $msgraph_response["userPrincipalName"]); $upn = mysqli_real_escape_string($mysqli, $msgraph_response["userPrincipalName"]);
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$upn' LIMIT 1"); $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$upn' LIMIT 1");
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
if($row['contact_auth_method'] == 'azure'){ if ($row['contact_auth_method'] == 'azure') {
$_SESSION['client_logged_in'] = TRUE; $_SESSION['client_logged_in'] = TRUE;
$_SESSION['client_id'] = $row['contact_client_id']; $_SESSION['client_id'] = $row['contact_client_id'];
@@ -106,21 +105,19 @@ if (isset($_POST['code']) && $_POST['state'] == session_id()){
header("Location: index.php"); header("Location: index.php");
} } else {
else{
$_SESSION['login_message'] = 'Something went wrong with login. Ensure you are setup for SSO.'; $_SESSION['login_message'] = 'Something went wrong with login. Ensure you are setup for SSO.';
header("Location: index.php"); header("Location: index.php");
} }
} }
header ('Location: index.php'); header('Location: index.php');
} } else {
else{
echo "Error getting access_token"; echo "Error getting access_token";
} }
} }
// If the user is just sat on the page, redirect them to login to try again // If the user is just sat on the page, redirect them to login to try again
if(empty($_GET)){ if (empty($_GET)) {
echo "<script> setTimeout(function(){ window.location = \"login.php\"; },1000);</script>"; echo "<script> setTimeout(function() { window.location = \"login.php\"; },1000);</script>";
} }

35
portal/login_reset.php
View File

@@ -7,25 +7,25 @@
$session_company_id = 1; $session_company_id = 1;
require_once('../config.php'); require_once('../config.php');
require_once('../functions.php'); require_once('../functions.php');
require_once ('../get_settings.php'); require_once('../get_settings.php');
if (empty($config_smtp_host)) { if (empty($config_smtp_host)) {
header("Location: login.php"); header("Location: login.php");
exit(); exit();
} }
if(!isset($_SESSION)){ if (!isset($_SESSION)) {
// HTTP Only cookies // HTTP Only cookies
ini_set("session.cookie_httponly", True); ini_set("session.cookie_httponly", true);
if($config_https_only){ if ($config_https_only) {
// Tell client to only send cookie(s) over HTTPS // Tell client to only send cookie(s) over HTTPS
ini_set("session.cookie_secure", True); ini_set("session.cookie_secure", true);
} }
session_start(); session_start();
} }
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip())); $ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT'])); $user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
$company_sql = mysqli_query($mysqli, "SELECT company_name FROM companies WHERE company_id = '1'"); $company_sql = mysqli_query($mysqli, "SELECT company_name FROM companies WHERE company_id = '1'");
$company_results = mysqli_fetch_array($company_sql); $company_results = mysqli_fetch_array($company_sql);
@@ -38,7 +38,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
/* /*
* Send password reset email * Send password reset email
*/ */
if(isset($_POST['password_reset_email_request'])){ if (isset($_POST['password_reset_email_request'])) {
$email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email'])); $email = strip_tags(mysqli_real_escape_string($mysqli, $_POST['email']));
@@ -54,7 +54,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
$token = key32gen(); $token = key32gen();
$url = "https://$config_base_url/portal/login_reset.php?email=$email&token=$token&client=$client"; $url = "https://$config_base_url/portal/login_reset.php?email=$email&token=$token&client=$client";
mysqli_query($mysqli, "UPDATE contacts SET contact_password_reset_token = '$token' WHERE contact_id = $id LIMIT 1"); mysqli_query($mysqli, "UPDATE contacts SET contact_password_reset_token = '$token' WHERE contact_id = $id LIMIT 1");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Sent a portal password reset e-mail for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Sent a portal password reset e-mail for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company");
// Send reset email // Send reset email
@@ -68,8 +68,8 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
// Error handling // Error handling
if ($mail !== true) { if ($mail !== true) {
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', notification_timestamp = NOW(), company_id = $company"); mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', notification_timestamp = NOW(), company_id = $company");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', company_id = $company"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', company_id = $company");
} }
//End Mail IF //End Mail IF
@@ -82,10 +82,9 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
/* /*
* Do password reset * Do password reset
*/ */
} } elseif (isset($_POST['password_reset_set_password'])) {
elseif(isset($_POST['password_reset_set_password'])){
if(!isset($_POST['new_password']) || !isset($_POST['email']) || !isset($_POST['token']) || !isset($_POST['client'])) { if (!isset($_POST['new_password']) || !isset($_POST['email']) || !isset($_POST['token']) || !isset($_POST['client'])) {
$_SESSION['login_message'] = WORDING_ERROR; $_SESSION['login_message'] = WORDING_ERROR;
} }
@@ -106,7 +105,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
// Set password, invalidate token, logging // Set password, invalidate token, logging
$password = mysqli_real_escape_string($mysqli, password_hash($_POST['new_password'], PASSWORD_DEFAULT)); $password = mysqli_real_escape_string($mysqli, password_hash($_POST['new_password'], PASSWORD_DEFAULT));
mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password', contact_password_reset_token = NULL WHERE contact_id = $contact_id LIMIT 1"); mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password', contact_password_reset_token = NULL WHERE contact_id = $contact_id LIMIT 1");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Reset portal password for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Reset portal password for $email.', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client, company_id = $company");
// Send confirmation email // Send confirmation email
$subject = "Password reset confirmation for $company_name ITFlow Portal"; $subject = "Password reset confirmation for $company_name ITFlow Portal";
@@ -120,8 +119,8 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
// Error handling // Error handling
if ($mail !== true) { if ($mail !== true) {
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', notification_timestamp = NOW(), company_id = $company"); mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Mail', notification = 'Failed to send email to $email', notification_timestamp = NOW(), company_id = $company");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', company_id = $company"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Mail', log_action = 'Error', log_description = 'Failed to send email to $email regarding $subject. $mail', company_id = $company");
} }
// Redirect to login page // Redirect to login page
@@ -232,7 +231,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
<p class="login-box-msg text-danger"> <p class="login-box-msg text-danger">
<?php <?php
// Show feedback from session // Show feedback from session
if(!empty($_SESSION['login_message'])){ if (!empty($_SESSION['login_message'])) {
echo $_SESSION['login_message']; echo $_SESSION['login_message'];
unset($_SESSION['login_message']); unset($_SESSION['login_message']);
} }
@@ -262,7 +261,7 @@ if ($_SERVER['REQUEST_METHOD'] == "POST") {
<!-- Prevents resubmit on refresh or back --> <!-- Prevents resubmit on refresh or back -->
<script> <script>
if(window.history.replaceState){ if (window.history.replaceState) {
window.history.replaceState(null,null,window.location.href); window.history.replaceState(null,null,window.location.href);
} }
</script> </script>

8
portal/portal_functions.php
View File

@@ -7,17 +7,17 @@
/* /*
* Verifies a contact has access to a particular ticket ID, and that the ticket is in the correct state (open/closed) to perform an action * Verifies a contact has access to a particular ticket ID, and that the ticket is in the correct state (open/closed) to perform an action
*/ */
function verifyContactTicketAccess($requested_ticket_id, $expected_ticket_state){ function verifyContactTicketAccess($requested_ticket_id, $expected_ticket_state) {
// Access the global variables // Access the global variables
global $mysqli, $session_contact_id, $session_client_primary_contact_id, $session_client_id; global $mysqli, $session_contact_id, $session_client_primary_contact_id, $session_client_id;
// Setup // Setup
if($expected_ticket_state == "Closed"){ if ($expected_ticket_state == "Closed") {
// Closed tickets // Closed tickets
$ticket_state_snippet = "ticket_status = 'Closed'"; $ticket_state_snippet = "ticket_status = 'Closed'";
} }
else{ else {
// Open (working/hold) tickets // Open (working/hold) tickets
$ticket_state_snippet = "ticket_status != 'Closed'"; $ticket_state_snippet = "ticket_status != 'Closed'";
} }
@@ -27,7 +27,7 @@ function verifyContactTicketAccess($requested_ticket_id, $expected_ticket_state)
$row = mysqli_fetch_array($sql); $row = mysqli_fetch_array($sql);
$ticket_id = $row['ticket_id']; $ticket_id = $row['ticket_id'];
if(intval($ticket_id) && ($session_contact_id == $row['ticket_contact_id'] || $session_contact_id == $session_client_primary_contact_id)) { if (intval($ticket_id) && ($session_contact_id == $row['ticket_contact_id'] || $session_contact_id == $session_client_primary_contact_id)) {
// Client is ticket owner, or primary contact // Client is ticket owner, or primary contact
return TRUE; return TRUE;
} }

28
portal/portal_header.php
View File

@@ -8,22 +8,22 @@
<!DOCTYPE html> <!DOCTYPE html>
<html> <html>
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<meta http-equiv="X-UA-Compatible" content="IE=edge"> <meta http-equiv="X-UA-Compatible" content="IE=edge">
<title><?php echo $config_app_name; ?> | Client Portal - Tickets</title> <title><?php echo $config_app_name; ?> | Client Portal - Tickets</title>
<!-- Tell the browser to be responsive to screen width --> <!-- Tell the browser to be responsive to screen width -->
<meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="viewport" content="width=device-width, initial-scale=1">
<meta name="robots" content="noindex"> <meta name="robots" content="noindex">
<!-- Font Awesome --> <!-- Font Awesome -->
<link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css"> <link rel="stylesheet" href="../plugins/fontawesome-free/css/all.min.css">
<!-- Theme style --> <!-- Theme style -->
<link rel="stylesheet" href="../dist/css/adminlte.min.css"> <link rel="stylesheet" href="../dist/css/adminlte.min.css">
<!-- Google Font: Source Sans Pro --> <!-- Google Font: Source Sans Pro -->
<link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet"> <link href="https://fonts.googleapis.com/css?family=Source+Sans+Pro:300,400,400i,700" rel="stylesheet">
</head> </head>
<!-- Navbar --> <!-- Navbar -->
@@ -37,10 +37,10 @@
<div class="collapse navbar-collapse" id="navbarSupportedContent"> <div class="collapse navbar-collapse" id="navbarSupportedContent">
<ul class="navbar-nav mr-auto"> <ul class="navbar-nav mr-auto">
<li class="nav-item <?php if(basename($_SERVER['PHP_SELF']) == "index.php") {echo "active";} ?>"> <li class="nav-item <?php if (basename($_SERVER['PHP_SELF']) == "index.php") {echo "active";} ?>">
<a class="nav-link" href="index.php">Home</a> <a class="nav-link" href="index.php">Home</a>
</li> </li>
<?php if($session_contact_id == $session_client_primary_contact_id) { ?> <?php if ($session_contact_id == $session_client_primary_contact_id) { ?>
<li class="nav-item"> <li class="nav-item">
<a class="nav-link" href="ticket_view_all.php">All Tickets</a> <a class="nav-link" href="ticket_view_all.php">All Tickets</a>
</li> </li>

77
portal/portal_post.php
View File

@@ -6,51 +6,50 @@
require_once("inc_portal.php"); require_once("inc_portal.php");
if(isset($_POST['add_ticket'])){ if (isset($_POST['add_ticket'])) {
// Get ticket prefix/number // Get ticket prefix/number
$sql_settings = mysqli_query($mysqli,"SELECT * FROM settings WHERE company_id = $session_company_id"); $sql_settings = mysqli_query($mysqli, "SELECT * FROM settings WHERE company_id = $session_company_id");
$row = mysqli_fetch_array($sql_settings); $row = mysqli_fetch_array($sql_settings);
$config_ticket_prefix = $row['config_ticket_prefix']; $config_ticket_prefix = $row['config_ticket_prefix'];
$config_ticket_next_number = $row['config_ticket_next_number']; $config_ticket_next_number = $row['config_ticket_next_number'];
// HTML Purifier // HTML Purifier
require("../plugins/htmlpurifier/HTMLPurifier.standalone.php"); require_once("../plugins/htmlpurifier/HTMLPurifier.standalone.php");
$purifier_config = HTMLPurifier_Config::createDefault(); $purifier_config = HTMLPurifier_Config::createDefault();
$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]); $purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
$purifier = new HTMLPurifier($purifier_config); $purifier = new HTMLPurifier($purifier_config);
$client_id = $session_client_id; $client_id = $session_client_id;
$contact = $session_contact_id; $contact = $session_contact_id;
$subject = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['subject']))); $subject = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['subject'])));
$details = trim(mysqli_real_escape_string($mysqli,$purifier->purify(html_entity_decode(nl2br($_POST['details']))))); $details = trim(mysqli_real_escape_string($mysqli, $purifier->purify(html_entity_decode(nl2br($_POST['details'])))));
// Ensure priority is low/med/high (as can be user defined) // Ensure priority is low/med/high (as can be user defined)
if($_POST['priority'] !== "Low" && $_POST['priority'] !== "Medium" && $_POST['priority'] !== "High"){ if ($_POST['priority'] !== "Low" && $_POST['priority'] !== "Medium" && $_POST['priority'] !== "High") {
$priority = "Low"; $priority = "Low";
} } else {
else{ $priority = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['priority'])));
$priority = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['priority'])));
} }
// Get the next Ticket Number and add 1 for the new ticket number // Get the next Ticket Number and add 1 for the new ticket number
$ticket_number = $config_ticket_next_number; $ticket_number = $config_ticket_next_number;
$new_config_ticket_next_number = $config_ticket_next_number + 1; $new_config_ticket_next_number = $config_ticket_next_number + 1;
mysqli_query($mysqli,"UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = $session_company_id"); mysqli_query($mysqli, "UPDATE settings SET config_ticket_next_number = $new_config_ticket_next_number WHERE company_id = $session_company_id");
mysqli_query($mysqli,"INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = 'Open', ticket_created_at = NOW(), ticket_created_by = '0', ticket_contact_id = $contact, ticket_client_id = $client_id, company_id = $session_company_id"); mysqli_query($mysqli, "INSERT INTO tickets SET ticket_prefix = '$config_ticket_prefix', ticket_number = $ticket_number, ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_status = 'Open', ticket_created_at = NOW(), ticket_created_by = '0', ticket_contact_id = $contact, ticket_client_id = $client_id, company_id = $session_company_id");
$id = mysqli_insert_id($mysqli); $id = mysqli_insert_id($mysqli);
// Logging // Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = 'Client contact $session_contact_name created ticket $subject', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $session_company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket', log_action = 'Create', log_description = 'Client contact $session_contact_name created ticket $subject', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $session_company_id");
header("Location: ticket.php?id=" . $id); header("Location: ticket.php?id=" . $id);
} }
if(isset($_POST['add_ticket_comment'])){ if (isset($_POST['add_ticket_comment'])) {
// HTML Purifier // HTML Purifier
require("../plugins/htmlpurifier/HTMLPurifier.standalone.php"); require_once("../plugins/htmlpurifier/HTMLPurifier.standalone.php");
$purifier_config = HTMLPurifier_Config::createDefault(); $purifier_config = HTMLPurifier_Config::createDefault();
$purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]); $purifier_config->set('URI.AllowedSchemes', ['data' => true, 'src' => true, 'http' => true, 'https' => true]);
$purifier = new HTMLPurifier($purifier_config); $purifier = new HTMLPurifier($purifier_config);
@@ -60,52 +59,50 @@ if(isset($_POST['add_ticket_comment'])){
// Not currently providing the client portal with a full summer note editor, but need to maintain line breaks. // Not currently providing the client portal with a full summer note editor, but need to maintain line breaks.
// In order to maintain line breaks consistently with the agent side, we need to allow HTML tags. // In order to maintain line breaks consistently with the agent side, we need to allow HTML tags.
// So, we need to convert line breaks to HTML and clean HTML with HTML Purifier // So, we need to convert line breaks to HTML and clean HTML with HTML Purifier
$comment = trim(mysqli_real_escape_string($mysqli,$purifier->purify(html_entity_decode(nl2br($_POST['comment']))))); $comment = trim(mysqli_real_escape_string($mysqli, $purifier->purify(html_entity_decode(nl2br($_POST['comment'])))));
// After stripping bad HTML, check the comment isn't just empty // After stripping bad HTML, check the comment isn't just empty
if(empty($comment)){ if (empty($comment)) {
header("Location: " . $_SERVER["HTTP_REFERER"]); header("Location: " . $_SERVER["HTTP_REFERER"]);
exit; exit;
} }
// Verify the contact has access to the provided ticket ID // Verify the contact has access to the provided ticket ID
if(verifyContactTicketAccess($ticket_id, "Open")) { if (verifyContactTicketAccess($ticket_id, "Open")) {
// Add the comment // Add the comment
mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$comment', ticket_reply_type = 'Client', ticket_reply_created_at = NOW(), ticket_reply_by = '$session_contact_id', ticket_reply_ticket_id = '$ticket_id', company_id = '$session_company_id'"); mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = '$comment', ticket_reply_type = 'Client', ticket_reply_created_at = NOW(), ticket_reply_by = '$session_contact_id', ticket_reply_ticket_id = '$ticket_id', company_id = '$session_company_id'");
// Update Ticket Last Response Field & set ticket to open as client has replied // Update Ticket Last Response Field & set ticket to open as client has replied
mysqli_query($mysqli,"UPDATE tickets SET ticket_status = 'Open', ticket_updated_at = NOW() WHERE ticket_id = $ticket_id AND ticket_client_id = '$session_client_id' LIMIT 1"); mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 'Open', ticket_updated_at = NOW() WHERE ticket_id = $ticket_id AND ticket_client_id = '$session_client_id' LIMIT 1");
// Redirect // Redirect
header("Location: " . $_SERVER["HTTP_REFERER"]); header("Location: " . $_SERVER["HTTP_REFERER"]);
} } else {
else {
// The client does not have access to this ticket // The client does not have access to this ticket
header("Location: portal_post.php?logout"); header("Location: portal_post.php?logout");
exit(); exit();
} }
} }
if(isset($_POST['add_ticket_feedback'])){ if (isset($_POST['add_ticket_feedback'])) {
$ticket_id = intval($_POST['ticket_id']); $ticket_id = intval($_POST['ticket_id']);
$feedback = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['add_ticket_feedback']))); $feedback = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['add_ticket_feedback'])));
// Verify the contact has access to the provided ticket ID // Verify the contact has access to the provided ticket ID
if(verifyContactTicketAccess($ticket_id, "Closed")) { if (verifyContactTicketAccess($ticket_id, "Closed")) {
// Add feedback // Add feedback
mysqli_query($mysqli, "UPDATE tickets SET ticket_feedback = '$feedback' WHERE ticket_id = '$ticket_id' AND ticket_client_id = '$session_client_id' LIMIT 1"); mysqli_query($mysqli, "UPDATE tickets SET ticket_feedback = '$feedback' WHERE ticket_id = '$ticket_id' AND ticket_client_id = '$session_client_id' LIMIT 1");
// Notify on bad feedback // Notify on bad feedback
if($feedback == "Bad"){ if ($feedback == "Bad") {
mysqli_query($mysqli,"INSERT INTO notifications SET notification_type = 'Feedback', notification = '$session_contact_name rated ticket ID $ticket_id as bad', notification_timestamp = NOW(), notification_client_id = '$session_client_id', company_id = '$session_company_id'"); mysqli_query($mysqli, "INSERT INTO notifications SET notification_type = 'Feedback', notification = '$session_contact_name rated ticket ID $ticket_id as bad', notification_timestamp = NOW(), notification_client_id = '$session_client_id', company_id = '$session_company_id'");
} }
// Redirect // Redirect
header("Location: " . $_SERVER["HTTP_REFERER"]); header("Location: " . $_SERVER["HTTP_REFERER"]);
} } else {
else {
// The client does not have access to this ticket // The client does not have access to this ticket
header("Location: portal_post.php?logout"); header("Location: portal_post.php?logout");
exit(); exit();
@@ -113,32 +110,30 @@ if(isset($_POST['add_ticket_feedback'])){
} }
if(isset($_GET['close_ticket'])){ if (isset($_GET['close_ticket'])) {
$ticket_id = intval($_GET['close_ticket']); $ticket_id = intval($_GET['close_ticket']);
// Verify the contact has access to the provided ticket ID // Verify the contact has access to the provided ticket ID
if(verifyContactTicketAccess($ticket_id, "Open")) { if (verifyContactTicketAccess($ticket_id, "Open")) {
// Close ticket // Close ticket
mysqli_query($mysqli,"UPDATE tickets SET ticket_status = 'Closed', ticket_updated_at = NOW(), ticket_closed_at = NOW() WHERE ticket_id = $ticket_id AND ticket_client_id = '$session_client_id'"); mysqli_query($mysqli, "UPDATE tickets SET ticket_status = 'Closed', ticket_updated_at = NOW(), ticket_closed_at = NOW() WHERE ticket_id = $ticket_id AND ticket_client_id = '$session_client_id'");
// Add reply // Add reply
mysqli_query($mysqli,"INSERT INTO ticket_replies SET ticket_reply = 'Ticket closed by $session_contact_name.', ticket_reply_type = 'Client', ticket_reply_created_at = NOW(), ticket_reply_by = '$session_contact_id', ticket_reply_ticket_id = '$ticket_id', company_id = $session_company_id"); mysqli_query($mysqli, "INSERT INTO ticket_replies SET ticket_reply = 'Ticket closed by $session_contact_name.', ticket_reply_type = 'Client', ticket_reply_created_at = NOW(), ticket_reply_by = '$session_contact_id', ticket_reply_ticket_id = '$ticket_id', company_id = $session_company_id");
//Logging //Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Ticket', log_action = 'Closed', log_description = '$ticket_id Closed by client', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), company_id = $session_company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Ticket', log_action = 'Closed', log_description = '$ticket_id Closed by client', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), company_id = $session_company_id");
header("Location: ticket.php?id=" . $ticket_id); header("Location: ticket.php?id=" . $ticket_id);
} } else {
else { // The client does not have access to this ticket - send them home
// The client does not have access to this ticket
// This is only a GET request, might just be a mistake
header("Location: index.php"); header("Location: index.php");
exit(); exit();
} }
} }
if(isset($_GET['logout'])){ if (isset($_GET['logout'])) {
setcookie("PHPSESSID", '', time() - 3600, "/"); setcookie("PHPSESSID", '', time() - 3600, "/");
unset($_COOKIE['PHPSESSID']); unset($_COOKIE['PHPSESSID']);
@@ -148,14 +143,14 @@ if(isset($_GET['logout'])){
header('Location: login.php'); header('Location: login.php');
} }
if(isset($_POST['edit_profile'])){ if (isset($_POST['edit_profile'])) {
$new_password = $_POST['new_password']; $new_password = $_POST['new_password'];
if(!empty($new_password)){ if (!empty($new_password)) {
$password_hash = password_hash($new_password, PASSWORD_DEFAULT); $password_hash = password_hash($new_password, PASSWORD_DEFAULT);
mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password_hash' WHERE contact_id = '$session_contact_id' AND contact_client_id = '$session_client_id'"); mysqli_query($mysqli, "UPDATE contacts SET contact_password_hash = '$password_hash' WHERE contact_id = '$session_contact_id' AND contact_client_id = '$session_client_id'");
//Logging // Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Client contact $session_contact_name modified their profile/password.', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $session_client_id, company_id = $session_company_id"); mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Modify', log_description = 'Client contact $session_contact_name modified their profile/password.', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_client_id = $session_client_id, company_id = $session_company_id");
} }
header('Location: index.php'); header('Location: index.php');
} }

8
portal/profile.php
View File

@@ -12,12 +12,12 @@ require('inc_portal.php');
<p>Name: <?php echo $session_contact_name ?></p> <p>Name: <?php echo $session_contact_name ?></p>
<p>Email: <?php echo $session_contact_email ?></p> <p>Email: <?php echo $session_contact_email ?></p>
<p>Client: <?php echo $session_client_name ?></p> <p>Client: <?php echo $session_client_name ?></p>
<p>Client Primary Contact: <?php if($session_client_primary_contact_id == $session_contact_id) {echo "Yes"; } else {echo "No";} ?></p> <p>Client Primary Contact: <?php if ($session_client_primary_contact_id == $session_contact_id) {echo "Yes"; } else {echo "No";} ?></p>
<p>Login via: <?php echo $_SESSION['login_method'] ?> </p> <p>Login via: <?php echo $_SESSION['login_method'] ?> </p>
<!-- // Show option to change password if auth provider is local --> <!-- // Show option to change password if auth provider is local -->
<?php if($_SESSION['login_method'] == 'local'): ?> <?php if ($_SESSION['login_method'] == 'local'): ?>
<hr> <hr>
<div class="col-md-6"> <div class="col-md-6">
<h4>Password</h4> <h4>Password</h4>
@@ -38,4 +38,4 @@ require('inc_portal.php');
<?php endif ?> <?php endif ?>
<?php <?php
include('portal_footer.php'); require_once('portal_footer.php');

39
portal/ticket.php
View File

@@ -6,13 +6,12 @@
require_once("inc_portal.php"); require_once("inc_portal.php");
if(isset($_GET['id']) && intval($_GET['id'])) { if (isset($_GET['id']) && intval($_GET['id'])) {
$ticket_id = intval($_GET['id']); $ticket_id = intval($_GET['id']);
if($session_contact_id == $session_client_primary_contact_id){ if ($session_contact_id == $session_client_primary_contact_id) {
$ticket_sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_client_id = '$session_client_id'"); $ticket_sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_client_id = '$session_client_id'");
} } else {
else{
$ticket_sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_client_id = '$session_client_id' AND ticket_contact_id = '$session_contact_id'"); $ticket_sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_client_id = '$session_client_id' AND ticket_contact_id = '$session_contact_id'");
} }
@@ -27,7 +26,7 @@ if(isset($_GET['id']) && intval($_GET['id'])) {
<span class="navbar-text"> <span class="navbar-text">
<?php <?php
if($ticket['ticket_status'] !== "Closed"){ ?> if ($ticket['ticket_status'] !== "Closed") { ?>
<button class="btn btn-sm btn-outline-success my-2 my-sm-0 form-inline my-2 my-lg-0" type="submit"><a href="portal_post.php?close_ticket=<?php echo $ticket_id; ?>"><i class="fas fa-fw fa-check text-secondary text-success"></i> Close ticket</a></button> <button class="btn btn-sm btn-outline-success my-2 my-sm-0 form-inline my-2 my-lg-0" type="submit"><a href="portal_post.php?close_ticket=<?php echo $ticket_id; ?>"><i class="fas fa-fw fa-check text-secondary text-success"></i> Close ticket</a></button>
<?php } ?> <?php } ?>
</span> </span>
@@ -51,7 +50,7 @@ if(isset($_GET['id']) && intval($_GET['id'])) {
<!-- Either show the reply comments box, ticket smiley feedback, or thanks for feedback --> <!-- Either show the reply comments box, ticket smiley feedback, or thanks for feedback -->
<?php if($ticket['ticket_status'] !== "Closed") { ?> <?php if ($ticket['ticket_status'] !== "Closed") { ?>
<div class="form-group"> <div class="form-group">
<form action="portal_post.php" method="post"> <form action="portal_post.php" method="post">
<div class="form-group"> <div class="form-group">
@@ -63,7 +62,7 @@ if(isset($_GET['id']) && intval($_GET['id'])) {
</div> </div>
<?php } <?php }
elseif(empty($ticket['ticket_feedback'])) { ?> elseif (empty($ticket['ticket_feedback'])) { ?>
<h4>Rate your ticket</h4> <h4>Rate your ticket</h4>
@@ -81,7 +80,7 @@ if(isset($_GET['id']) && intval($_GET['id'])) {
<?php } <?php }
else{ ?> else { ?>
<h4>Rated <?php echo $ticket['ticket_feedback'] ?> -- Thanks for your feedback!</h4> <h4>Rated <?php echo $ticket['ticket_feedback'] ?> -- Thanks for your feedback!</h4>
@@ -92,9 +91,9 @@ if(isset($_GET['id']) && intval($_GET['id'])) {
<hr><br> <hr><br>
<?php <?php
$sql = mysqli_query($mysqli,"SELECT * FROM ticket_replies LEFT JOIN users ON ticket_reply_by = user_id LEFT JOIN contacts ON ticket_reply_by = contact_id WHERE ticket_reply_ticket_id = $ticket_id AND ticket_reply_archived_at IS NULL AND ticket_reply_type != 'Internal' ORDER BY ticket_reply_id DESC"); $sql = mysqli_query($mysqli, "SELECT * FROM ticket_replies LEFT JOIN users ON ticket_reply_by = user_id LEFT JOIN contacts ON ticket_reply_by = contact_id WHERE ticket_reply_ticket_id = $ticket_id AND ticket_reply_archived_at IS NULL AND ticket_reply_type != 'Internal' ORDER BY ticket_reply_id DESC");
while($row = mysqli_fetch_array($sql)){ while ($row = mysqli_fetch_array($sql)) {
$ticket_reply_id = $row['ticket_reply_id']; $ticket_reply_id = $row['ticket_reply_id'];
$ticket_reply = $row['ticket_reply']; $ticket_reply = $row['ticket_reply'];
$ticket_reply_created_at = $row['ticket_reply_created_at']; $ticket_reply_created_at = $row['ticket_reply_created_at'];
@@ -102,13 +101,12 @@ if(isset($_GET['id']) && intval($_GET['id'])) {
$ticket_reply_by = $row['ticket_reply_by']; $ticket_reply_by = $row['ticket_reply_by'];
$ticket_reply_type = $row['ticket_reply_type']; $ticket_reply_type = $row['ticket_reply_type'];
if($ticket_reply_type == "Client"){ if ($ticket_reply_type == "Client") {
$ticket_reply_by_display = $row['contact_name']; $ticket_reply_by_display = $row['contact_name'];
$user_initials = initials($row['contact_name']); $user_initials = initials($row['contact_name']);
$user_avatar = $row['contact_photo']; $user_avatar = $row['contact_photo'];
$avatar_link = "../uploads/clients/$session_company_id/$session_client_id/$user_avatar"; $avatar_link = "../uploads/clients/$session_company_id/$session_client_id/$user_avatar";
} } else {
else{
$ticket_reply_by_display = $row['user_name']; $ticket_reply_by_display = $row['user_name'];
$user_id = $row['user_id']; $user_id = $row['user_id'];
$user_avatar = $row['user_avatar']; $user_avatar = $row['user_avatar'];
@@ -117,13 +115,13 @@ if(isset($_GET['id']) && intval($_GET['id'])) {
} }
?> ?>
<div class="card card-outline <?php if($ticket_reply_type == 'Client') {echo "card-warning"; } else{ echo "card-info"; } ?> mb-3"> <div class="card card-outline <?php if ($ticket_reply_type == 'Client') { echo "card-warning"; } else { echo "card-info"; } ?> mb-3">
<div class="card-header"> <div class="card-header">
<h3 class="card-title"> <h3 class="card-title">
<div class="media"> <div class="media">
<?php if(!empty($user_avatar)){ ?> <?php if (!empty($user_avatar)) { ?>
<img src="<?php echo $avatar_link ?>" alt="User Avatar" class="img-size-50 mr-3 img-circle"> <img src="<?php echo $avatar_link ?>" alt="User Avatar" class="img-size-50 mr-3 img-circle">
<?php }else{ ?> <?php } else { ?>
<span class="fa-stack fa-2x"> <span class="fa-stack fa-2x">
<i class="fa fa-circle fa-stack-2x text-secondary"></i> <i class="fa fa-circle fa-stack-2x text-secondary"></i>
<span class="fa fa-stack-1x text-white"><?php echo $user_initials; ?></span> <span class="fa fa-stack-1x text-white"><?php echo $user_initials; ?></span>
@@ -135,7 +133,7 @@ if(isset($_GET['id']) && intval($_GET['id'])) {
<div class="media-body"> <div class="media-body">
<?php echo $ticket_reply_by_display; ?> <?php echo $ticket_reply_by_display; ?>
<br> <br>
<small class="text-muted"><?php echo $ticket_reply_created_at; ?> <?php if(!empty($ticket_reply_updated_at)){ echo "(edited: $ticket_reply_updated_at)"; } ?></small> <small class="text-muted"><?php echo $ticket_reply_created_at; ?> <?php if (!empty($ticket_reply_updated_at)) { echo "(edited: $ticket_reply_updated_at)"; } ?></small>
</div> </div>
</div> </div>
</h3> </h3>
@@ -153,12 +151,11 @@ if(isset($_GET['id']) && intval($_GET['id'])) {
?> ?>
<?php <?php
} } else {
else{
echo "Ticket ID not found!"; echo "Ticket ID not found!";
} }
}
else{ } else {
header("Location: index.php"); header("Location: index.php");
} }

8
portal/ticket_add.php
View File

@@ -7,9 +7,9 @@
require('inc_portal.php'); require('inc_portal.php');
?> ?>
<h2>Raise a new ticket</h2> <h2>Raise a new ticket</h2>
<div class="col-8"> <div class="col-8">
<form action="portal_post.php" method="post"> <form action="portal_post.php" method="post">
<div class="form-group"> <div class="form-group">
@@ -44,7 +44,7 @@ require('inc_portal.php');
<button class="btn btn-primary" name="add_ticket">Raise ticket</button> <button class="btn btn-primary" name="add_ticket">Raise ticket</button>
</form> </form>
</div> </div>
<?php <?php
include('portal_footer.php'); require_once('portal_footer.php');

12
portal/ticket_view_all.php
View File

@@ -6,7 +6,7 @@
require('inc_portal.php'); require('inc_portal.php');
if($session_contact_id !== $session_client_primary_contact_id){ if ($session_contact_id !== $session_client_primary_contact_id) {
header("Location: portal_post.php?logout"); header("Location: portal_post.php?logout");
exit(); exit();
} }
@@ -36,9 +36,9 @@ $all_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts O
<form method="get"> <form method="get">
<label>Ticket Status</label> <label>Ticket Status</label>
<select class="form-control" name="status" onchange="this.form.submit()"> <select class="form-control" name="status" onchange="this.form.submit()">
<option value="%" <?php if($status == "%"){echo "selected";}?> >Any</option> <option value="%" <?php if ($status == "%") {echo "selected";}?> >Any</option>
<option value="Open" <?php if($status == "Open"){echo "selected";}?> >Open</option> <option value="Open" <?php if ($status == "Open") {echo "selected";}?> >Open</option>
<option value="Closed" <?php if($status == "Closed"){echo "selected";}?> >Closed</option> <option value="Closed" <?php if ($status == "Closed") {echo "selected";}?> >Closed</option>
</select> </select>
</form> </form>
</div> </div>
@@ -55,7 +55,7 @@ $all_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts O
<tbody> <tbody>
<?php <?php
while($ticket = mysqli_fetch_array($all_tickets)){ while ($ticket = mysqli_fetch_array($all_tickets)) {
echo "<tr>"; echo "<tr>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_prefix]$ticket[ticket_id]</a></td>"; echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_prefix]$ticket[ticket_id]</a></td>";
echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_subject]</a></td>"; echo "<td> <a href='ticket.php?id=$ticket[ticket_id]'> $ticket[ticket_subject]</a></td>";
@@ -69,4 +69,4 @@ $all_tickets = mysqli_query($mysqli, "SELECT * FROM tickets LEFT JOIN contacts O
</div> </div>
<?php <?php
include('portal_footer.php'); require_once('portal_footer.php');

1
uploads/clients/index.php
View File

@@ -0,0 +1 @@

1
uploads/expenses/index.php
View File

@@ -0,0 +1 @@

1
uploads/index.php
View File

@@ -0,0 +1 @@

1
uploads/settings/index.php
View File

@@ -0,0 +1 @@

1
uploads/tmp/index.php
View File

@@ -0,0 +1 @@

1
uploads/users/index.php
View File

@@ -0,0 +1 @@