mirror of https://github.com/itflow-org/itflow
Marcus Hill
parent
a31c012487
commit
573eaf179b
|
|
@ -0,0 +1,34 @@
|
|||
<?php
|
||||
|
||||
require_once '../validate_api_key.php';
|
||||
|
||||
require_once '../require_post_method.php';
|
||||
|
||||
// Parse info
|
||||
require_once 'document_model.php';
|
||||
|
||||
// Default
|
||||
$insert_id = false;
|
||||
|
||||
if (!empty($name) && !(empty($content))) {
|
||||
|
||||
// Create document
|
||||
$insert_sql = mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$name', document_description = '$description', document_content = '$content', document_content_raw = '$content_raw', document_template = 0, document_folder_id = $folder, document_created_by = 0, document_client_id = $client_id");
|
||||
|
||||
// Check insert & get insert ID
|
||||
if ($insert_sql) {
|
||||
$insert_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Update field document_parent to be the same id as document ID as this is the only version of the document.
|
||||
mysqli_query($mysqli,"UPDATE documents SET document_parent = $insert_id WHERE document_id = $insert_id");
|
||||
|
||||
//Logging
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Document', log_action = 'Create', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created document $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
// Output
|
||||
require_once '../create_output.php';
|
||||
|
|
@ -0,0 +1,43 @@
|
|||
<?php
|
||||
// Variable assignment from POST (or: blank/from DB is updating)
|
||||
|
||||
if (isset($_POST['document_name'])) {
|
||||
$name = sanitizeInput($_POST['document_name']);
|
||||
} elseif (isset($document_row) && isset($document_row['document_name'])) {
|
||||
$name = $document_row['document_name'];
|
||||
} else {
|
||||
$name = '';
|
||||
}
|
||||
|
||||
if (isset($_POST['document_description'])) {
|
||||
$description = sanitizeInput($_POST['document_description']);
|
||||
} elseif (isset($document_row) && isset($document_row['document_description'])) {
|
||||
$description = $document_row['document_description'];
|
||||
} else {
|
||||
$description = '';
|
||||
}
|
||||
|
||||
if (isset($_POST['document_content'])) {
|
||||
$content = mysqli_real_escape_string($mysqli, $_POST['document_content']);
|
||||
} elseif (isset($document_row) && isset($document_row['document_content'])) {
|
||||
$content = $document_row['document_content'];
|
||||
} else {
|
||||
$content = '';
|
||||
}
|
||||
|
||||
// Raw content (used for FULL INDEX searching)
|
||||
if (isset($_POST['document_content'])) {
|
||||
$content_raw = sanitizeInput($_POST['document_name'] . $_POST['document_description'] . " " . str_replace("<", " <", $_POST['document_content']));
|
||||
} elseif (isset($document_row) && isset($document_row['document_content_raw'])) {
|
||||
$content_raw = $document_row['document_content_raw'];
|
||||
} else {
|
||||
$content_raw = '';
|
||||
}
|
||||
|
||||
if (isset($_POST['document_folder_id'])) {
|
||||
$folder = intval($_POST['document_content']);
|
||||
} elseif (isset($document_row) && isset($document_row['document_folder_id'])) {
|
||||
$folder = intval($document_row['document_folder_id']);
|
||||
} else {
|
||||
$folder = 0;
|
||||
}
|
||||
|
|
@ -7,13 +7,15 @@ require_once '../require_get_method.php';
|
|||
|
||||
if (isset($_GET['document_id'])) {
|
||||
// Document via ID (single)
|
||||
|
||||
$id = intval($_GET['document_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = '$id' AND document_client_id LIKE '$client_id'");
|
||||
|
||||
} elseif (isset($_GET['client_id'])) {
|
||||
// Documents via client ID (multiple)
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id LIKE '$client_id' AND document_archived_at IS NULL");
|
||||
|
||||
} else {
|
||||
// All documents
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id LIKE '$client_id' ORDER BY document_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,61 @@
|
|||
<?php
|
||||
|
||||
require_once '../validate_api_key.php';
|
||||
|
||||
require_once '../require_post_method.php';
|
||||
|
||||
// Parse ID
|
||||
$document_id = intval($_POST['document_id']);
|
||||
|
||||
// Default
|
||||
$update_count = false;
|
||||
|
||||
if (!empty($document_id)) {
|
||||
|
||||
$document_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = '$document_id' AND document_client_id = $client_id LIMIT 1"));
|
||||
|
||||
// Variable assignment from POST - assigning the current database value if a value is not provided
|
||||
require_once 'document_model.php';
|
||||
|
||||
// Documents are a little weird as we update them by *inserting* a new document row
|
||||
$update_insert_sql = mysqli_query($mysqli,"INSERT INTO documents SET document_name = '$name', document_description = '$description', document_content = '$content', document_content_raw = '$content_raw', document_template = 0, document_folder_id = $folder, document_created_by = 0, document_client_id = $client_id");
|
||||
|
||||
// Check insert & get insert ID
|
||||
if ($update_insert_sql) {
|
||||
$insert_id = $new_document_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Update the parent ID of the new document to match its new document ID
|
||||
mysqli_query($mysqli,"UPDATE documents SET document_parent = $new_document_id WHERE document_id = $new_document_id");
|
||||
|
||||
// Link all existing links with old document with new document
|
||||
mysqli_query($mysqli,"UPDATE documents SET document_parent = $new_document_id, document_archived_at = NOW() WHERE document_parent = $document_id");
|
||||
|
||||
// Update Links to the new parent document:-
|
||||
// Document files
|
||||
mysqli_query($mysqli,"UPDATE document_files SET document_id = $new_document_id WHERE document_id = $document_id");
|
||||
|
||||
// Contact documents
|
||||
mysqli_query($mysqli,"UPDATE contact_documents SET document_id = $new_document_id WHERE document_id = $document_id");
|
||||
|
||||
// Asset documents
|
||||
mysqli_query($mysqli,"UPDATE asset_documents SET document_id = $new_document_id WHERE document_id = $document_id");
|
||||
|
||||
// Software documents
|
||||
mysqli_query($mysqli,"UPDATE software_documents SET document_id = $new_document_id WHERE document_id = $document_id");
|
||||
|
||||
// Vendor documents
|
||||
mysqli_query($mysqli,"UPDATE vendor_documents SET document_id = $new_document_id WHERE document_id = $document_id");
|
||||
|
||||
//Logging
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Document', log_action = 'Modify', log_description = '$name via API ($api_key_name) previous version was kept', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Edited document $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id");
|
||||
|
||||
// Override update count to 1 for API to report a success (as we inserted a document, not "updated" an existing row)
|
||||
$update_count = 1;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
// Output
|
||||
require_once '../update_output.php';
|
||||
Loading…
Reference in New Issue