Merge pull request #620 from wrongecho/api

API
2023-02-12 16:58:27 +00:00 · 2023-02-12 16:58:27 +00:00 · 82068e1bf2
parent ded1819891 6f7f679682
commit 82068e1bf2
14 changed files with 182 additions and 84 deletions
--- a/api/v1/assets/read.php
+++ b/api/v1/assets/read.php
@ -7,29 +7,28 @@ require_once('../require_get_method.php');
 if (isset($_GET['asset_id'])) {
    $id = intval($_GET['asset_id']);
    $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$id' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id'");
 }
-// Asset query via type
+} elseif (isset($_GET['asset_type'])) {
-elseif (isset($_GET['asset_type'])) {
+    // Asset query via type
    $type = mysqli_real_escape_string($mysqli, ucfirst($_GET['asset_type']));
    $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_type = '$type' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
 }
-// Asset query via name
+} elseif (isset($_GET['asset_name'])) {
-elseif (isset($_GET['asset_name'])) {
+    // Asset query via name
    $name = mysqli_real_escape_string($mysqli, $_GET['asset_name']);
    $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_name = '$name' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
 }
-// Asset query via serial
+} elseif (isset($_GET['asset_serial'])) {
-elseif (isset($_GET['asset_serial'])) {
+    // Asset query via serial
    $serial = mysqli_real_escape_string($mysqli, $_GET['asset_serial']);
    $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_serial = '$serial' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
 }
-// Asset query via client ID
+} elseif (isset($_GET['client_id'])) {
-elseif (isset($_GET['client_id']) && $client_id == "%") {
+    // Asset query via client ID
-    $client_id = intval($_GET['client_id']);
+
    $sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
 }
--- a/api/v1/certificates/read.php
+++ b/api/v1/certificates/read.php
@ -7,24 +7,23 @@ require_once('../require_get_method.php');
 if (isset($_GET['certificate_id'])) {
    $id = intval($_GET['certificate_id']);
    $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = '$id' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id'");
 }
-// Certificate by name
+} elseif (isset($_GET['certificate_name'])) {
-elseif (isset($_GET['certificate_name'])) {
+    // Certificate by name
    $name = mysqli_real_escape_string($mysqli, $_GET['certificate_name']);
    $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_name = '$name' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
 }
-// Certificate via client ID (if allowed)
+} elseif (isset($_GET['client_id'])) {
-elseif (isset($_GET['client_id']) && $client_id == "%") {
+    // Certificate via client ID
-    $client_id = intval($_GET['client_id']);
+
    $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
 }
-// All certificates
+} else {
-else {
+    // All certificates
    $sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
 }
 // Output
-require_once("../read_output.php");
+require_once("../read_output.php");
--- a/api/v1/clients/read.php
+++ b/api/v1/clients/read.php
@ -7,18 +7,18 @@ require_once('../require_get_method.php');
 if (isset($_GET['client_id'])) {
    $id = intval($_GET['client_id']);
    $sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = '$id' AND client_id LIKE '$client_id' AND company_id = '$company_id'");
 }
-// Specific client via name (single)
+} elseif (isset($_GET['client_name'])) {
-elseif (isset($_GET['client_name'])) {
+    // Specific client via name (single)
    $name = mysqli_real_escape_string($mysqli, $_GET['client_name']);
    $sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_name = '$name' AND client_id LIKE '$client_id' AND company_id = '$company_id'");
 }
-// All clients
+} else {
-else {
+    // All clients
    $sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY client_id LIMIT $limit OFFSET $offset");
 }
 // Output
-require_once("../read_output.php");
+require_once("../read_output.php");
--- a/api/v1/contacts/read.php
+++ b/api/v1/contacts/read.php
@ -7,18 +7,18 @@ require_once('../require_get_method.php');
 if (isset($_GET['contact_id'])) {
    $id = intval($_GET['contact_id']);
    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$id' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
 }
-// Specific contact via email (single)
+} elseif (isset($_GET['contact_email'])) {
-elseif (isset($_GET['contact_email'])) {
+    // Specific contact via email (single)
    $email = mysqli_real_escape_string($mysqli, $_GET['contact_email']);
    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
 }
-// All contacts
+} else {
-else {
+    // All contacts
    $sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY contact_id LIMIT $limit OFFSET $offset");
 }
 // Output
-require_once("../read_output.php");
+require_once("../read_output.php");
--- a/api/v1/documents/read.php
+++ b/api/v1/documents/read.php
@ -0,0 +1,19 @@
 <?php
 require_once('../validate_api_key.php');
 require_once('../require_get_method.php');
 if (isset($_GET['document_id'])) {
    // Document via ID (single)
    $id = intval($_GET['document_id']);
    $sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = '$id' AND document_client_id LIKE '$client_id' AND company_id = '$company_id'");
 } else {
    // All documents
    $sql = mysqli_query($mysqli, "SELECT * FROM documents WHERE document_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY document_id LIMIT $limit OFFSET $offset");
 }
 // Output
 require_once("../read_output.php");
--- a/api/v1/domains/read.php
+++ b/api/v1/domains/read.php
@ -7,24 +7,23 @@ require_once('../require_get_method.php');
 if (isset($_GET['domain_id'])) {
    $id = intval($_GET['domain_id']);
    $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = '$id' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id'");
 }
-// Domain by name
+} elseif (isset($_GET['domain_name'])) {
-elseif (isset($_GET['domain_name'])) {
+    // Domain by name
    $name = mysqli_real_escape_string($mysqli, $_GET['domain_name']);
    $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
 }
-// Domain via client ID (if allowed)
+} elseif (isset($_GET['client_id'])) {
-elseif (isset($_GET['client_id']) && $client_id == "%") {
+    // Domain via client ID
-    $client_id = intval($_GET['client_id']);
+
    $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
 }
-// All domains
+} else {
-else {
+    // All domains
    $sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
 }
 // Output
-require_once("../read_output.php");
+require_once("../read_output.php");
--- a/api/v1/expenses/read.php
+++ b/api/v1/expenses/read.php
@ -0,0 +1,21 @@
 <?php
 require_once('../validate_api_key.php');
 require_once('../require_get_method.php');
 // Expenses aren't stored against client IDs, so we instead validate the API key is for All Clients
 if (isset($_GET['expense_id']) && $client_id == "%") {
    // Expense via ID (single)
    $id = intval($_GET['expense_id']);
    $sql = mysqli_query($mysqli, "SELECT * FROM expenses WHERE expense_id = '$id' AND company_id = '$company_id'");
 } elseif ($client_id == "%") {
    // All expenses
    $sql = mysqli_query($mysqli, "SELECT * FROM expenses WHERE company_id = '$company_id' ORDER BY expense_id LIMIT $limit OFFSET $offset");
 }
 // Output
 require_once("../read_output.php");
--- a/api/v1/invoices/read.php
+++ b/api/v1/invoices/read.php
@ -0,0 +1,19 @@
 <?php
 require_once('../validate_api_key.php');
 require_once('../require_get_method.php');
 if (isset($_GET['invoice_id'])) {
    // Invoice via ID (single)
    $id = intval($_GET['invoice_id']);
    $sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_id = '$id' AND invoice_client_id LIKE '$client_id' AND company_id = '$company_id'");
 } else {
    // All invoices
    $sql = mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY invoice_id LIMIT $limit OFFSET $offset");
 }
 // Output
 require_once("../read_output.php");
--- a/api/v1/networks/read.php
+++ b/api/v1/networks/read.php
@ -7,24 +7,23 @@ require_once('../require_get_method.php');
 if (isset($_GET['network_id'])) {
    $id = intval($_GET['network_id']);
    $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = '$id' AND network_client_id LIKE '$client_id' AND company_id = '$company_id'");
 }
-// Network by name
+} elseif (isset($_GET['network_name'])) {
-elseif (isset($_GET['network_name'])) {
+    // Network by name
    $name = mysqli_real_escape_string($mysqli, $_GET['network_name']);
    $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_name = '$name' AND network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
 }
-// Network via client ID (if allowed)
+} elseif (isset($_GET['client_id'])) {
-elseif (isset($_GET['client_id']) && $client_id == "%") {
+    // Network via client ID
-    $client_id = intval($_GET['client_id']);
+
    $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
 }
-// All networks
+} else {
-else {
+    // All networks
    $sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
 }
 // Output
-require_once("../read_output.php");
+require_once("../read_output.php");
--- a/api/v1/products/read.php
+++ b/api/v1/products/read.php
@ -0,0 +1,21 @@
 <?php
 require_once('../validate_api_key.php');
 require_once('../require_get_method.php');
 // Products aren't stored against client IDs, so we instead validate the API key is for All Clients
 if (isset($_GET['product_id']) && $client_id == "%") {
    // product via ID (single)
    $id = intval($_GET['product_id']);
    $sql = mysqli_query($mysqli, "SELECT * FROM products WHERE product_id = '$id' AND company_id = '$company_id'");
 } elseif ($client_id == "%") {
    // All products
    $sql = mysqli_query($mysqli, "SELECT * FROM products WHERE company_id = '$company_id' ORDER BY product_id LIMIT $limit OFFSET $offset");
 }
 // Output
 require_once("../read_output.php");
--- a/api/v1/quotes/read.php
+++ b/api/v1/quotes/read.php
@ -0,0 +1,19 @@
 <?php
 require_once('../validate_api_key.php');
 require_once('../require_get_method.php');
 if (isset($_GET['quote_id'])) {
    // quote via ID (single)
    $id = intval($_GET['quote_id']);
    $sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id LIKE '$id' AND quote_client_id = '$client_id' AND company_id = '$company_id'");
 } else {
    // All quotes
    $sql = mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY quote_id LIMIT $limit OFFSET $offset");
 }
 // Output
 require_once("../read_output.php");
--- a/api/v1/require_get_method.php
+++ b/api/v1/require_get_method.php
@ -7,7 +7,11 @@ if ($_SERVER['REQUEST_METHOD'] !== "GET") {
    exit();
 }
-// Wildcard client ID for most SELECT queries
+// Wildcard client ID for most SELECT queries, unless otherwise specified (and allowed)
 if ($client_id == 0) {
-    $client_id = "%";
+    if (isset($_GET['client_id'])) {
-}
+        $client_id = intval($_GET['client_id']);
    } else {
        $client_id = "%";
    }
 }
--- a/api/v1/software/read.php
+++ b/api/v1/software/read.php
@ -7,36 +7,35 @@ require_once('../require_get_method.php');
 if (isset($_GET['software_id'])) {
    $id = intval($_GET['software_id']);
    $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$id' AND software_client_id LIKE '$client_id' AND company_id = '$company_id'");
 }
-// Specific software via key
+} elseif (isset($_GET['software_key'])) {
-if (isset($_GET['software_key'])) {
+    // Specific software via key
    $key = mysqli_real_escape_string($mysqli, $_GET['software_license']);
    $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_key = '$key' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
 }
-// Software by name
+} elseif (isset($_GET['software_name'])) {
-elseif (isset($_GET['software_name'])) {
+    // Software by name
    $name = mysqli_real_escape_string($mysqli, $_GET['software_name']);
    $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_name = '$name' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
 }
-// Software via type
+} elseif (isset($_GET['software_type'])) {
-elseif (isset($_GET['software_type'])) {
+    // Software via type
    $type = intval($_GET['software_type']);
    $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_type = '$type' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
 }
-// Software via client ID (if allowed)
+} elseif (isset($_GET['client_id'])) {
-elseif (isset($_GET['client_id']) && $client_id == "%") {
+    // Software via client ID
-    $client_id = intval($_GET['client_id']);
+
    $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
 }
-// All software(s)
+} else {
-else {
+    // All software(s)
    $sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
 }
 // Output
-require_once("../read_output.php");
+require_once("../read_output.php");
--- a/api/v1/tickets/read.php
+++ b/api/v1/tickets/read.php
@ -7,12 +7,12 @@ require_once('../require_get_method.php');
 if (isset($_GET['ticket_id'])) {
    $id = intval($_GET['ticket_id']);
    $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$id' AND ticket_client_id LIKE '$client_id' AND company_id = '$company_id'");
 }
-// All tickets
+} else {
-else {
+    // All tickets
    $sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset");
 }
 // Output
-require_once("../read_output.php");
+require_once("../read_output.php");