mirror of https://github.com/itflow-org/itflow
API
- Refactor comments/client id var - Add basic read endpoint for docs, products, expenses, quotes and invoices
This commit is contained in:
Marcus Hill
parent
3f06c10997
commit
68005723e6
|
|
@ -7,29 +7,28 @@ require_once('../require_get_method.php');
|
|||
if (isset($_GET['asset_id'])) {
|
||||
$id = intval($_GET['asset_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$id' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||
}
|
||||
|
||||
} elseif (isset($_GET['asset_type'])) {
|
||||
// Asset query via type
|
||||
elseif (isset($_GET['asset_type'])) {
|
||||
|
||||
$type = mysqli_real_escape_string($mysqli, ucfirst($_GET['asset_type']));
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_type = '$type' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
} elseif (isset($_GET['asset_name'])) {
|
||||
// Asset query via name
|
||||
elseif (isset($_GET['asset_name'])) {
|
||||
|
||||
$name = mysqli_real_escape_string($mysqli, $_GET['asset_name']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_name = '$name' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
} elseif (isset($_GET['asset_serial'])) {
|
||||
// Asset query via serial
|
||||
elseif (isset($_GET['asset_serial'])) {
|
||||
|
||||
$serial = mysqli_real_escape_string($mysqli, $_GET['asset_serial']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_serial = '$serial' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
} elseif (isset($_GET['client_id'])) {
|
||||
// Asset query via client ID
|
||||
elseif (isset($_GET['client_id']) && $client_id == "%") {
|
||||
$client_id = intval($_GET['client_id']);
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,22 +7,21 @@ require_once('../require_get_method.php');
|
|||
if (isset($_GET['certificate_id'])) {
|
||||
$id = intval($_GET['certificate_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = '$id' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||
}
|
||||
|
||||
} elseif (isset($_GET['certificate_name'])) {
|
||||
// Certificate by name
|
||||
elseif (isset($_GET['certificate_name'])) {
|
||||
|
||||
$name = mysqli_real_escape_string($mysqli, $_GET['certificate_name']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_name = '$name' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
// Certificate via client ID (if allowed)
|
||||
elseif (isset($_GET['client_id']) && $client_id == "%") {
|
||||
$client_id = intval($_GET['client_id']);
|
||||
} elseif (isset($_GET['client_id'])) {
|
||||
// Certificate via client ID
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
} else {
|
||||
// All certificates
|
||||
else {
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,16 +7,16 @@ require_once('../require_get_method.php');
|
|||
if (isset($_GET['client_id'])) {
|
||||
$id = intval($_GET['client_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = '$id' AND client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||
}
|
||||
|
||||
} elseif (isset($_GET['client_name'])) {
|
||||
// Specific client via name (single)
|
||||
elseif (isset($_GET['client_name'])) {
|
||||
|
||||
$name = mysqli_real_escape_string($mysqli, $_GET['client_name']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_name = '$name' AND client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||
}
|
||||
|
||||
} else {
|
||||
// All clients
|
||||
else {
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY client_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,16 +7,16 @@ require_once('../require_get_method.php');
|
|||
if (isset($_GET['contact_id'])) {
|
||||
$id = intval($_GET['contact_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$id' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||
}
|
||||
|
||||
} elseif (isset($_GET['contact_email'])) {
|
||||
// Specific contact via email (single)
|
||||
elseif (isset($_GET['contact_email'])) {
|
||||
|
||||
$email = mysqli_real_escape_string($mysqli, $_GET['contact_email']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||
}
|
||||
|
||||
} else {
|
||||
// All contacts
|
||||
else {
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY contact_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,19 @@
|
|||
<?php
|
||||
|
||||
require_once('../validate_api_key.php');
|
||||
require_once('../require_get_method.php');
|
||||
|
||||
if (isset($_GET['document_id'])) {
|
||||
// Document via ID (single)
|
||||
|
||||
$id = intval($_GET['document_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = '$id' AND document_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||
|
||||
} else {
|
||||
// All documents
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY document_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
// Output
|
||||
require_once("../read_output.php");
|
||||
|
|
@ -9,15 +9,18 @@ if (isset($_GET['domain_id'])) {
|
|||
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = '$id' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||
}
|
||||
|
||||
// Domain by name
|
||||
|
||||
elseif (isset($_GET['domain_name'])) {
|
||||
// Domain by name
|
||||
|
||||
$name = mysqli_real_escape_string($mysqli, $_GET['domain_name']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
// Domain via client ID (if allowed)
|
||||
elseif (isset($_GET['client_id']) && $client_id == "%") {
|
||||
$client_id = intval($_GET['client_id']);
|
||||
|
||||
elseif (isset($_GET['client_id'])) {
|
||||
// Domain via client ID
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,21 @@
|
|||
<?php
|
||||
|
||||
require_once('../validate_api_key.php');
|
||||
require_once('../require_get_method.php');
|
||||
|
||||
// Expenses aren't stored against client IDs, so we instead validate the API key is for All Clients
|
||||
|
||||
if (isset($_GET['expense_id']) && $client_id == "%") {
|
||||
// Expense via ID (single)
|
||||
|
||||
$id = intval($_GET['expense_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM expenses WHERE expense_id = '$id' AND company_id = '$company_id'");
|
||||
|
||||
} elseif ($client_id == "%") {
|
||||
// All expenses
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM expenses WHERE company_id = '$company_id' ORDER BY expense_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
// Output
|
||||
require_once("../read_output.php");
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
<?php
|
||||
|
||||
require_once('../validate_api_key.php');
|
||||
require_once('../require_get_method.php');
|
||||
|
||||
if (isset($_GET['invoice_id'])) {
|
||||
// Invoice via ID (single)
|
||||
|
||||
$id = intval($_GET['invoice_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_id = '$id' AND invoice_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||
|
||||
} else {
|
||||
// All invoices
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY invoice_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
// Output
|
||||
require_once("../read_output.php");
|
||||
|
|
@ -7,22 +7,21 @@ require_once('../require_get_method.php');
|
|||
if (isset($_GET['network_id'])) {
|
||||
$id = intval($_GET['network_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = '$id' AND network_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||
}
|
||||
|
||||
} elseif (isset($_GET['network_name'])) {
|
||||
// Network by name
|
||||
elseif (isset($_GET['network_name'])) {
|
||||
|
||||
$name = mysqli_real_escape_string($mysqli, $_GET['network_name']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_name = '$name' AND network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
// Network via client ID (if allowed)
|
||||
elseif (isset($_GET['client_id']) && $client_id == "%") {
|
||||
$client_id = intval($_GET['client_id']);
|
||||
} elseif (isset($_GET['client_id'])) {
|
||||
// Network via client ID
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
} else {
|
||||
// All networks
|
||||
else {
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,21 @@
|
|||
<?php
|
||||
|
||||
require_once('../validate_api_key.php');
|
||||
require_once('../require_get_method.php');
|
||||
|
||||
// Products aren't stored against client IDs, so we instead validate the API key is for All Clients
|
||||
|
||||
if (isset($_GET['product_id']) && $client_id == "%") {
|
||||
// product via ID (single)
|
||||
|
||||
$id = intval($_GET['product_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM products WHERE product_id = '$id' AND company_id = '$company_id'");
|
||||
|
||||
} elseif ($client_id == "%") {
|
||||
// All products
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM products WHERE company_id = '$company_id' ORDER BY product_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
// Output
|
||||
require_once("../read_output.php");
|
||||
|
|
@ -0,0 +1,19 @@
|
|||
<?php
|
||||
|
||||
require_once('../validate_api_key.php');
|
||||
require_once('../require_get_method.php');
|
||||
|
||||
if (isset($_GET['quote_id'])) {
|
||||
// quote via ID (single)
|
||||
|
||||
$id = intval($_GET['quote_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id LIKE '$id' AND quote_client_id = '$client_id' AND company_id = '$company_id'");
|
||||
|
||||
} else {
|
||||
// All quotes
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY quote_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
// Output
|
||||
require_once("../read_output.php");
|
||||
|
|
@ -7,7 +7,11 @@ if ($_SERVER['REQUEST_METHOD'] !== "GET") {
|
|||
exit();
|
||||
}
|
||||
|
||||
// Wildcard client ID for most SELECT queries
|
||||
// Wildcard client ID for most SELECT queries, unless otherwise specified (and allowed)
|
||||
if ($client_id == 0) {
|
||||
if (isset($_GET['client_id'])) {
|
||||
$client_id = intval($_GET['client_id']);
|
||||
} else {
|
||||
$client_id = "%";
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -7,34 +7,33 @@ require_once('../require_get_method.php');
|
|||
if (isset($_GET['software_id'])) {
|
||||
$id = intval($_GET['software_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$id' AND software_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||
}
|
||||
|
||||
} elseif (isset($_GET['software_key'])) {
|
||||
// Specific software via key
|
||||
if (isset($_GET['software_key'])) {
|
||||
|
||||
$key = mysqli_real_escape_string($mysqli, $_GET['software_license']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_key = '$key' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
} elseif (isset($_GET['software_name'])) {
|
||||
// Software by name
|
||||
elseif (isset($_GET['software_name'])) {
|
||||
|
||||
$name = mysqli_real_escape_string($mysqli, $_GET['software_name']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_name = '$name' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
} elseif (isset($_GET['software_type'])) {
|
||||
// Software via type
|
||||
elseif (isset($_GET['software_type'])) {
|
||||
|
||||
$type = intval($_GET['software_type']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_type = '$type' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
// Software via client ID (if allowed)
|
||||
elseif (isset($_GET['client_id']) && $client_id == "%") {
|
||||
$client_id = intval($_GET['client_id']);
|
||||
} elseif (isset($_GET['client_id'])) {
|
||||
// Software via client ID
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
} else {
|
||||
// All software(s)
|
||||
else {
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -7,10 +7,10 @@ require_once('../require_get_method.php');
|
|||
if (isset($_GET['ticket_id'])) {
|
||||
$id = intval($_GET['ticket_id']);
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$id' AND ticket_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||
}
|
||||
|
||||
} else {
|
||||
// All tickets
|
||||
else {
|
||||
|
||||
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset");
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue