mirror of
https://github.com/itflow-org/itflow
synced 2026-02-28 02:44:53 +00:00
BREAKING CHANGES - MAKE FULL BACKUP BEFORE PROCEEDING - Requires Manual Intervention on files see Forum Post Make sure you run the Database update directly after update. This Removes Multi-Company Functionality. Fixes issues with Reponsive tables and bunch of other UI and small Fixes
This commit is contained in:
johnnyq
@@ -11,14 +11,14 @@ $insert_id = false;
|
||||
|
||||
if (!empty($name) && !empty($client_id)) {
|
||||
// Insert into Database
|
||||
$insert_sql = mysqli_query($mysqli, "INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes', asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
|
||||
$insert_sql = mysqli_query($mysqli, "INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes', asset_network_id = $network, asset_client_id = $client_id");
|
||||
|
||||
if ($insert_sql) {
|
||||
$insert_id = mysqli_insert_id($mysqli);
|
||||
|
||||
//Logging
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = '$client_id', company_id = $company_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = '$client_id', company_id = $company_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = '$client_id'");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = '$client_id'");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -10,17 +10,17 @@ $asset_id = intval($_POST['asset_id']);
|
||||
$delete_count = false;
|
||||
|
||||
if (!empty($asset_id)) {
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id LIMIT 1"));
|
||||
$asset_name = $row['asset_name'];
|
||||
|
||||
$delete_sql = mysqli_query($mysqli, "DELETE FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
|
||||
$delete_sql = mysqli_query($mysqli, "DELETE FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id LIMIT 1");
|
||||
|
||||
// Check delete & get affected rows
|
||||
if ($delete_sql && !empty($asset_name)) {
|
||||
$delete_count = mysqli_affected_rows($mysqli);
|
||||
|
||||
//Logging
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Deleted', log_description = '$asset_name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Deleted', log_description = '$asset_name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -1,41 +0,0 @@
|
||||
<?php
|
||||
|
||||
require_once('../validate_api_key.php');
|
||||
require_once('../require_get_method.php');
|
||||
|
||||
// Asset via ID (single)
|
||||
if (isset($_GET['asset_id'])) {
|
||||
$id = intval($_GET['asset_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$id' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||
|
||||
} elseif (isset($_GET['asset_type'])) {
|
||||
// Asset query via type
|
||||
|
||||
$type = mysqli_real_escape_string($mysqli, ucfirst($_GET['asset_type']));
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_type = '$type' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} elseif (isset($_GET['asset_name'])) {
|
||||
// Asset query via name
|
||||
|
||||
$name = mysqli_real_escape_string($mysqli, $_GET['asset_name']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_name = '$name' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} elseif (isset($_GET['asset_serial'])) {
|
||||
// Asset query via serial
|
||||
|
||||
$serial = mysqli_real_escape_string($mysqli, $_GET['asset_serial']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_serial = '$serial' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} elseif (isset($_GET['client_id'])) {
|
||||
// Asset query via client ID
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
// All assets
|
||||
else {
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
// Output
|
||||
require_once("../read_output.php");
|
||||
|
||||
@@ -11,20 +11,20 @@ $update_count = false;
|
||||
|
||||
if (!empty($asset_id)) {
|
||||
|
||||
$asset_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$asset_id' AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
|
||||
$asset_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$asset_id' AND asset_client_id = $client_id LIMIT 1"));
|
||||
|
||||
// Variable assignment from POST - assigning the current database value if a value is not provided
|
||||
require_once('asset_model.php');
|
||||
|
||||
$update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes', asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
|
||||
$update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = $purchase_date, asset_warranty_expire = $warranty_expire, asset_install_date = $install_date, asset_notes = '$notes', asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id LIMIT 1");
|
||||
|
||||
// Check insert & get insert ID
|
||||
if ($update_sql) {
|
||||
$update_count = mysqli_affected_rows($mysqli);
|
||||
|
||||
//Logging
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -6,23 +6,23 @@ require_once('../require_get_method.php');
|
||||
// Specific certificate via ID (single)
|
||||
if (isset($_GET['certificate_id'])) {
|
||||
$id = intval($_GET['certificate_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = '$id' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = '$id' AND certificate_client_id LIKE '$client_id'");
|
||||
|
||||
} elseif (isset($_GET['certificate_name'])) {
|
||||
// Certificate by name
|
||||
|
||||
$name = mysqli_real_escape_string($mysqli, $_GET['certificate_name']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_name = '$name' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_name = '$name' AND certificate_client_id LIKE '$client_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} elseif (isset($_GET['client_id'])) {
|
||||
// Certificate via client ID
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} else {
|
||||
// All certificates
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id LIKE '$client_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
// Output
|
||||
|
||||
@@ -6,18 +6,18 @@ require_once('../require_get_method.php');
|
||||
// Specific client via ID (single)
|
||||
if (isset($_GET['client_id'])) {
|
||||
$id = intval($_GET['client_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = '$id' AND client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = '$id' AND client_id LIKE '$client_id'");
|
||||
|
||||
} elseif (isset($_GET['client_name'])) {
|
||||
// Specific client via name (single)
|
||||
|
||||
$name = mysqli_real_escape_string($mysqli, $_GET['client_name']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_name = '$name' AND client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_name = '$name' AND client_id LIKE '$client_id'");
|
||||
|
||||
} else {
|
||||
// All clients
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY client_id LIMIT $limit OFFSET $offset");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id LIKE '$client_id' ORDER BY client_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
// Output
|
||||
|
||||
@@ -17,14 +17,14 @@ if (!empty($name) && !empty($email) && !empty($client_id)) {
|
||||
if (mysqli_num_rows($email_duplication_sql) == 0) {
|
||||
|
||||
// Insert contact
|
||||
$insert_sql = mysqli_query($mysqli, "INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_department = '$department', contact_email = '$email', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_important = '$important', contact_billing = '$billing', contact_technical = '$technical', contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id");
|
||||
$insert_sql = mysqli_query($mysqli, "INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_department = '$department', contact_email = '$email', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_important = '$important', contact_billing = '$billing', contact_technical = '$technical', contact_location_id = $location_id, contact_client_id = $client_id");
|
||||
|
||||
// Check insert & get insert ID
|
||||
if ($insert_sql) {
|
||||
$insert_id = mysqli_insert_id($mysqli);
|
||||
//Logging
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -10,17 +10,17 @@ $contact_id = intval($_POST['contact_id']);
|
||||
$delete_count = false;
|
||||
|
||||
if (!empty($contact_id)) {
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id LIMIT 1"));
|
||||
$contact_name = $row['contact_name'];
|
||||
|
||||
$delete_sql = mysqli_query($mysqli, "DELETE FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
|
||||
$delete_sql = mysqli_query($mysqli, "DELETE FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id LIMIT 1");
|
||||
|
||||
// Check delete & get affected rows
|
||||
if ($delete_sql && !empty($contact_name)) {
|
||||
$delete_count = mysqli_affected_rows($mysqli);
|
||||
|
||||
//Logging
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Deleted', log_description = '$contact_name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Deleted', log_description = '$contact_name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -6,18 +6,18 @@ require_once('../require_get_method.php');
|
||||
// Specific contact via ID (single)
|
||||
if (isset($_GET['contact_id'])) {
|
||||
$id = intval($_GET['contact_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$id' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$id' AND contact_client_id LIKE '$client_id'");
|
||||
|
||||
} elseif (isset($_GET['contact_email'])) {
|
||||
// Specific contact via email (single)
|
||||
|
||||
$email = mysqli_real_escape_string($mysqli, $_GET['contact_email']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id LIKE '$client_id'");
|
||||
|
||||
} else {
|
||||
// All contacts
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY contact_id LIMIT $limit OFFSET $offset");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id LIKE '$client_id' ORDER BY contact_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
// Output
|
||||
|
||||
@@ -11,20 +11,20 @@ $update_count = false;
|
||||
|
||||
if (!empty($contact_id)) {
|
||||
|
||||
$contact_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$contact_id' AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
|
||||
$contact_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$contact_id' AND contact_client_id = $client_id LIMIT 1"));
|
||||
|
||||
// Variable assignment from POST - assigning the current database value if a value is not provided
|
||||
require_once('contact_model.php');
|
||||
|
||||
$update_sql = mysqli_query($mysqli, "UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_department = '$department', contact_email = '$email', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_important = '$important', contact_billing = '$billing', contact_technical = '$technical', contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id WHERE contact_id = $contact_id LIMIT 1");
|
||||
$update_sql = mysqli_query($mysqli, "UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_department = '$department', contact_email = '$email', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_important = '$important', contact_billing = '$billing', contact_technical = '$technical', contact_location_id = $location_id, contact_client_id = $client_id WHERE contact_id = $contact_id LIMIT 1");
|
||||
|
||||
// Check insert & get insert ID
|
||||
if ($update_sql) {
|
||||
$update_count = mysqli_affected_rows($mysqli);
|
||||
|
||||
//Logging
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated contact $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated contact $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
@@ -7,12 +7,12 @@ if (isset($_GET['document_id'])) {
|
||||
// Document via ID (single)
|
||||
|
||||
$id = intval($_GET['document_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = '$id' AND document_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = '$id' AND document_client_id LIKE '$client_id'");
|
||||
|
||||
} else {
|
||||
// All documents
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY document_id LIMIT $limit OFFSET $offset");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id LIKE '$client_id' ORDER BY document_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
// Output
|
||||
|
||||
@@ -6,23 +6,23 @@ require_once('../require_get_method.php');
|
||||
// Specific domain via ID (single)
|
||||
if (isset($_GET['domain_id'])) {
|
||||
$id = intval($_GET['domain_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = '$id' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = '$id' AND domain_client_id LIKE '$client_id'");
|
||||
|
||||
} elseif (isset($_GET['domain_name'])) {
|
||||
// Domain by name
|
||||
|
||||
$name = mysqli_real_escape_string($mysqli, $_GET['domain_name']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} elseif (isset($_GET['client_id'])) {
|
||||
// Domain via client ID
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} else {
|
||||
// All domains
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
// Output
|
||||
|
||||
@@ -9,12 +9,12 @@ if (isset($_GET['expense_id']) && $client_id == "%") {
|
||||
// Expense via ID (single)
|
||||
|
||||
$id = intval($_GET['expense_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM expenses WHERE expense_id = '$id' AND company_id = '$company_id'");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM expenses WHERE expense_id = '$id'");
|
||||
|
||||
} elseif ($client_id == "%") {
|
||||
// All expenses
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM expenses WHERE company_id = '$company_id' ORDER BY expense_id LIMIT $limit OFFSET $offset");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM expenses ORDER BY expense_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
// Output
|
||||
|
||||
@@ -7,12 +7,12 @@ if (isset($_GET['invoice_id'])) {
|
||||
// Invoice via ID (single)
|
||||
|
||||
$id = intval($_GET['invoice_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_id = '$id' AND invoice_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_id = '$id' AND invoice_client_id LIKE '$client_id'");
|
||||
|
||||
} else {
|
||||
// All invoices
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY invoice_id LIMIT $limit OFFSET $offset");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id LIKE '$client_id' ORDER BY invoice_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
// Output
|
||||
|
||||
@@ -6,23 +6,23 @@ require_once('../require_get_method.php');
|
||||
// Specific network via ID (single)
|
||||
if (isset($_GET['network_id'])) {
|
||||
$id = intval($_GET['network_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = '$id' AND network_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = '$id' AND network_client_id LIKE '$client_id'");
|
||||
|
||||
} elseif (isset($_GET['network_name'])) {
|
||||
// Network by name
|
||||
|
||||
$name = mysqli_real_escape_string($mysqli, $_GET['network_name']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_name = '$name' AND network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_name = '$name' AND network_client_id LIKE '$client_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} elseif (isset($_GET['client_id'])) {
|
||||
// Network via client ID
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} else {
|
||||
// All networks
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
// Output
|
||||
|
||||
@@ -10,18 +10,18 @@ if (isset($_GET['payment_id']) && $client_id == "%") {
|
||||
// Payment via ID (single)
|
||||
|
||||
$id = intval($_GET['payment_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_id = '$id' AND company_id = '$company_id'");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_id = '$id'");
|
||||
|
||||
} elseif (isset($_GET['payment_invoice_id']) && $client_id == "%") {
|
||||
// Payments for an invoice
|
||||
|
||||
$id = intval($_GET['payment_invoice_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_invoice_id = '$id' AND company_id = '$company_id'");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_invoice_id = '$id'");
|
||||
|
||||
} elseif ($client_id == "%") {
|
||||
// All payments
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE company_id = '$company_id' ORDER BY payment_id LIMIT $limit OFFSET $offset");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM payments ORDER BY payment_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
// Output
|
||||
|
||||
@@ -9,12 +9,12 @@ if (isset($_GET['product_id']) && $client_id == "%") {
|
||||
// product via ID (single)
|
||||
|
||||
$id = intval($_GET['product_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM products WHERE product_id = '$id' AND company_id = '$company_id'");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM products WHERE product_id = '$id'");
|
||||
|
||||
} elseif ($client_id == "%") {
|
||||
// All products
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM products WHERE company_id = '$company_id' ORDER BY product_id LIMIT $limit OFFSET $offset");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM products ORDER BY product_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
// Output
|
||||
|
||||
@@ -7,12 +7,12 @@ if (isset($_GET['quote_id'])) {
|
||||
// quote via ID (single)
|
||||
|
||||
$id = intval($_GET['quote_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id LIKE '$id' AND quote_client_id = '$client_id' AND company_id = '$company_id'");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id LIKE '$id' AND quote_client_id = '$client_id'");
|
||||
|
||||
} else {
|
||||
// All quotes
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY quote_id LIMIT $limit OFFSET $offset");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_client_id LIKE '$client_id' ORDER BY quote_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
// Output
|
||||
|
||||
@@ -6,35 +6,35 @@ require_once('../require_get_method.php');
|
||||
// Specific software via ID (single)
|
||||
if (isset($_GET['software_id'])) {
|
||||
$id = intval($_GET['software_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$id' AND software_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$id' AND software_client_id LIKE '$client_id'");
|
||||
|
||||
} elseif (isset($_GET['software_key'])) {
|
||||
// Specific software via key
|
||||
|
||||
$key = mysqli_real_escape_string($mysqli, $_GET['software_license']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_key = '$key' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_key = '$key' AND software_client_id LIKE '$client_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} elseif (isset($_GET['software_name'])) {
|
||||
// Software by name
|
||||
|
||||
$name = mysqli_real_escape_string($mysqli, $_GET['software_name']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_name = '$name' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_name = '$name' AND software_client_id LIKE '$client_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} elseif (isset($_GET['software_type'])) {
|
||||
// Software via type
|
||||
|
||||
$type = intval($_GET['software_type']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_type = '$type' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_type = '$type' AND software_client_id LIKE '$client_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} elseif (isset($_GET['client_id'])) {
|
||||
// Software via client ID
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
|
||||
|
||||
} else {
|
||||
// All software(s)
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
// Output
|
||||
|
||||
@@ -6,12 +6,12 @@ require_once('../require_get_method.php');
|
||||
// Specific ticket via ID (single)
|
||||
if (isset($_GET['ticket_id'])) {
|
||||
$id = intval($_GET['ticket_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$id' AND ticket_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$id' AND ticket_client_id LIKE '$client_id'");
|
||||
|
||||
} else {
|
||||
// All tickets
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset");
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id LIKE '$client_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
// Output
|
||||
|
||||
@@ -17,8 +17,8 @@ header('Content-Type: application/json');
|
||||
$_POST = json_decode(file_get_contents('php://input'), true);
|
||||
|
||||
// Get IP & UA
|
||||
$ip = strip_tags(mysqli_real_escape_string($mysqli, getIP()));
|
||||
$user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
|
||||
$ip = santizeInput(getIP());
|
||||
$user_agent = santizeInput($_SERVER['HTTP_USER_AGENT']);
|
||||
|
||||
// Setup return array
|
||||
$return_arr = array();
|
||||
@@ -56,15 +56,15 @@ if (!isset($_GET['api_key']) && !isset($_POST['api_key'])) {
|
||||
|
||||
// Set API key variable
|
||||
if (isset($_GET['api_key'])) {
|
||||
$api_key = $_GET['api_key'];
|
||||
$api_key = santizeInput($_GET['api_key']);
|
||||
}
|
||||
if (isset($_POST['api_key'])) {
|
||||
$api_key = $_POST['api_key'];
|
||||
$api_key = santizeInput($_POST['api_key']);
|
||||
}
|
||||
|
||||
// Validate API key
|
||||
if (isset($api_key)) {
|
||||
$api_key = mysqli_real_escape_string($mysqli, $api_key);
|
||||
$api_key = santizeInput($api_key);
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM api_keys WHERE api_key_secret = '$api_key' AND api_key_expire > NOW() LIMIT 1");
|
||||
|
||||
@@ -72,7 +72,7 @@ if (isset($api_key)) {
|
||||
if (mysqli_num_rows($sql) !== 1) {
|
||||
// Invalid Key
|
||||
header(WORDING_UNAUTHORIZED);
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired key', log_ip = '$ip', log_user_agent = '$user_agent'");
|
||||
|
||||
$return_arr['success'] = "False";
|
||||
$return_arr['message'] = "Authentication failed. API key is invalid or has expired.";
|
||||
@@ -88,8 +88,7 @@ if (isset($api_key)) {
|
||||
// Set client ID, company ID & key name
|
||||
$row = mysqli_fetch_array($sql);
|
||||
$api_key_name = htmlentities($row['api_key_name']);
|
||||
$client_id = $row['api_key_client_id'];
|
||||
$company_id = $row['company_id'];
|
||||
$client_id = intval($row['api_key_client_id']);
|
||||
|
||||
// Set limit & offset for queries
|
||||
if (isset($_GET['limit'])) {
|
||||
|
||||
Reference in New Issue
Block a user