From 69c1fc6cae0d45c9c105977f8a781f8eacd4584d Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sun, 1 May 2022 10:30:04 +0100
Subject: [PATCH 1/3] Add asset API delete endpoint

---
 api/v1/assets/delete.php       | 28 ++++++++++++++++++++++++++++
 api/v1/delete_output.php       | 23 +++++++++++++++++++++++
 api/v1/require_post_method.php |  1 -
 3 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 api/v1/assets/delete.php
 create mode 100644 api/v1/delete_output.php

diff --git a/api/v1/assets/delete.php b/api/v1/assets/delete.php
new file mode 100644
index 00000000..2ad4fc51
--- /dev/null
+++ b/api/v1/assets/delete.php
@@ -0,0 +1,28 @@
+<?php
+require('../validate_api_key.php');
+
+require('../require_post_method.php');
+
+// Parse ID
+$asset_id = intval($_POST['asset_id']);
+
+// Default
+$delete_count = FALSE;
+
+if(!empty($asset_id)){
+  $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
+  $asset_name = $row['asset_name'];
+
+  $delete_sql = mysqli_query($mysqli, "DELETE FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
+
+  // Check delete & get affected rows
+  if($delete_sql && !empty($asset_name)){
+    $delete_count = mysqli_affected_rows($mysqli);
+
+    //Logging
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Deleted', log_description = '$asset_name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
+  }
+}
+
+// Output
+include('../delete_output.php');
\ No newline at end of file
diff --git a/api/v1/delete_output.php b/api/v1/delete_output.php
new file mode 100644
index 00000000..23fcfd64
--- /dev/null
+++ b/api/v1/delete_output.php
@@ -0,0 +1,23 @@
+<?php
+
+/*
+ * API - delete_output.php
+ * Included on calls to delete.php endpoints
+ * Returns success/failure messages
+ */
+
+// Check if delete query was successful
+if(isset($delete_count) && is_numeric($delete_count) && $delete_count > 0){
+  // Insert successful
+  $return_arr['success'] = "True";
+  $return_arr['count'] = $delete_count;
+}
+
+// Query returned false: something went wrong, or it was declined due to required variables missing
+else{
+  $return_arr['success'] = "False";
+  $return_arr['message'] = "Auth success but delete query failed. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: asset/client/company ID mismatch.";
+}
+
+echo json_encode($return_arr);
+exit();
\ No newline at end of file
diff --git a/api/v1/require_post_method.php b/api/v1/require_post_method.php
index cb13d64b..45686e3a 100644
--- a/api/v1/require_post_method.php
+++ b/api/v1/require_post_method.php
@@ -10,6 +10,5 @@ if($_SERVER['REQUEST_METHOD'] !== "POST"){
 // Client ID must be specific for INSERT/UPDATE/DELETE queries
 // If this API key allows any client, set $client_id to the one specified, else leave it
 if($client_id == 0){
-  //
   $client_id = intval($_POST['client_id']);
 }
\ No newline at end of file

From 25c610e96373c7b77434aa39ed51e5c75e2be166 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sun, 1 May 2022 10:34:21 +0100
Subject: [PATCH 2/3] Rename update_id to update_count - as it's a count, not
 the insert ID

---
 api/v1/assets/update.php   | 4 ++--
 api/v1/contacts/update.php | 4 ++--
 api/v1/update_output.php   | 4 ++--
 3 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/api/v1/assets/update.php b/api/v1/assets/update.php
index c56549a4..a0724d16 100644
--- a/api/v1/assets/update.php
+++ b/api/v1/assets/update.php
@@ -7,7 +7,7 @@ require('../require_post_method.php');
 $asset_id = intval($_POST['asset_id']);
 
 // Default
-$update_id = FALSE;
+$update_count = FALSE;
 
 if(!empty($asset_id)){
 
@@ -109,7 +109,7 @@ if(!empty($asset_id)){
 
   // Check insert & get insert ID
   if($update_sql){
-    $update_id = mysqli_affected_rows($mysqli);
+    $update_count = mysqli_affected_rows($mysqli);
 
     //Logging
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
diff --git a/api/v1/contacts/update.php b/api/v1/contacts/update.php
index bf5c3152..31a42271 100644
--- a/api/v1/contacts/update.php
+++ b/api/v1/contacts/update.php
@@ -8,7 +8,7 @@ $contact_id = intval($_POST['contact_id']);
 include('contact_model.php');
 
 // Default
-$update_id = FALSE;
+$update_count = FALSE;
 
 if(!empty($name) && !empty($email)){
 
@@ -16,7 +16,7 @@ if(!empty($name) && !empty($email)){
 
   // Check insert & get insert ID
   if($update_sql){
-    $update_id = mysqli_affected_rows($mysqli);
+    $update_count = mysqli_affected_rows($mysqli);
 
     //Logging
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
diff --git a/api/v1/update_output.php b/api/v1/update_output.php
index f46ab173..942b71fa 100644
--- a/api/v1/update_output.php
+++ b/api/v1/update_output.php
@@ -7,10 +7,10 @@
  */
 
 // Check if the insert query was successful
-if(isset($update_id) && is_numeric($update_id) && $update_id > 0){
+if(isset($update_count) && is_numeric($update_count) && $update_count > 0){
   // Insert successful
   $return_arr['success'] = "True";
-  $return_arr['count'] = $update_id;
+  $return_arr['count'] = $update_count;
 }
 
 // Query returned false: something went wrong, or it was declined due to required variables missing

From c19328f3d8b1b8a35c3a1a897a5d52812f00c2ff Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sun, 1 May 2022 10:37:07 +0100
Subject: [PATCH 3/3] Typo

---
 api/v1/delete_output.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api/v1/delete_output.php b/api/v1/delete_output.php
index 23fcfd64..d1ffe44c 100644
--- a/api/v1/delete_output.php
+++ b/api/v1/delete_output.php
@@ -8,12 +8,12 @@
 
 // Check if delete query was successful
 if(isset($delete_count) && is_numeric($delete_count) && $delete_count > 0){
-  // Insert successful
+  // Delete was successful
   $return_arr['success'] = "True";
   $return_arr['count'] = $delete_count;
 }
 
-// Query returned false: something went wrong, or it was declined due to required variables missing
+// Delete query returned false: something went wrong, or it was declined due to required variables missing
 else{
   $return_arr['success'] = "False";
   $return_arr['message'] = "Auth success but delete query failed. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: asset/client/company ID mismatch.";