AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'master' into asset-csv

This commit is contained in:
Johnny 2022-01-07 14:38:04 -05:00 committed by GitHub
parent 3eff9e3d48 1df39836fd
commit 96510364e2
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 214 additions and 186 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
README.md
View File

@ -109,7 +109,9 @@
* XML Phonebook Download - /api.php?api_key=[API_KEY]&phonebook
* Client Email (great for mailing lists) - /api.php?api_key=[API_KEY]&client_emails - Returns Client Name - Email Address
* Account Balance for Client (can be integrated into multiple places for example in FreePBX Press 3 to check account balance, please enter your client ID your balance is) - /api.php?api_key=[API_KEY]&client_id=[CLIENT_ID] - Returns Account Balance
NOTE: [API_KEY] - is auto generated when a company is created and shows up in General Settings, this can also be changed manually.
* Add new asset for a client - /api.php?api_key=[API_KEY]&add_asset=Name&type=[Desktop|Laptop|Server]&make=Make&model=Model&serial=Serial&os=OS
* Required: api_key, add_asset (name)
* NOTE: [API_KEY] - is auto generated when a company is created and shows up in General Settings, this can also be changed manually.
### Future Todo
* MeshCentral / TacticalRMM (Export Assets Info to ITFlow, Exports common software applications to Software)

374
api.php
View File

@ -1,183 +1,207 @@
<?php include("config.php"); ?>
<?php
//Check Key
if(isset($_GET['api_key'])){
$config_api_key = mysqli_real_escape_string($mysqli,$_GET['api_key']);
$sql = mysqli_query($mysqli,"SELECT * FROM settings, companies WHERE settings.company_id = companies.company_id AND settings.config_api_key = '$config_api_key'");
if(mysqli_num_rows($sql) == 1){
$row = mysqli_fetch_array($sql);
$company_id = $row['company_id'];
if(isset($_GET['cid'])){
$cid = intval($_GET['cid']);
$sql = mysqli_query($mysqli,"SELECT client_name AS name FROM clients WHERE client_phone = $cid AND company_id = $company_id UNION SELECT contact_name AS name FROM contacts WHERE contact_phone = $cid AND company_id = $company_id UNION SELECT contact_name AS name FROM contacts WHERE contact_mobile = $cid AND company_id = $company_id UNION SELECT location_name AS name FROM locations WHERE location_phone = $cid AND company_id = $company_id UNION SELECT vendor_name AS name FROM vendors WHERE vendor_phone = $cid AND company_id = $company_id");
$row = mysqli_fetch_array($sql);
$name = $row['name'];
echo "$name - $cid";
//Alert whern call comes through
mysqli_query($mysqli,"INSERT INTO alerts SET alert_type = 'Inbound Call', alert_message = 'Inbound call from $name - $cid', alert_date = NOW(), company_id = $company_id");
//Log When call comes through
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Call', log_action = 'Inbound', log_description = 'Inbound call from $name - $cid', log_created_at = NOW(), company_id = $company_id");
}
if(isset($_GET['incoming_call'])){
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'call', log_description = 'incoming', log_created_at = NOW(), company_id = $company_id");
}
if(isset($_GET['client_numbers'])){
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $company_id");
while($row = mysqli_fetch_array($sql)){
$client_name = $row['client_name'];
$client_phone = $row['client_phone'];
echo "$client_name - $client_phone<br>";
}
//Log
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Client Numbers', log_description = 'Client Phone Numbers were pulled', log_created_at = NOW(), company_id = $company_id");
}
if(isset($_GET['phonebook'])){
header('Content-type: text/xml');
header('Pragma: public');
header('Cache-control: private');
header('Expires: -1');
echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>";
echo '<AddressBook>';
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $company_id");
while($row = mysqli_fetch_array($sql)){
$client_name = $row['client_name'];
$client_phone = $row['client_phone'];
?>
<Contact>
<LastName><?php echo $client_name; ?></LastName>
<Phone>
<phonenumber><?php echo $client_phone; ?></phonenumber>
</Phone>
<Groups>
<groupid>0</groupid>
</Groups>
</Contact>
<?php
}
$sql = mysqli_query($mysqli,"SELECT * FROM contacts WHERE company_id = $company_id");
while($row = mysqli_fetch_array($sql)){
$vendor_name = $row['contact_name'];
$vendor_phone = $row['contact_phone'];
?>
<Contact>
<LastName><?php echo $contact_name; ?></LastName>
<Phone>
<phonenumber><?php echo $contact_phone; ?></phonenumber>
</Phone>
<Groups>
<groupid>1</groupid>
</Groups>
</Contact>
<?php
}
$sql = mysqli_query($mysqli,"SELECT * FROM vendors WHERE company_id = $company_id");
while($row = mysqli_fetch_array($sql)){
$vendor_name = $row['vendor_name'];
$vendor_phone = $row['vendor_phone'];
?>
<Contact>
<LastName><?php echo $vendor_name; ?></LastName>
<Phone>
<phonenumber><?php echo $vendor_phone; ?></phonenumber>
</Phone>
<Groups>
<groupid>2</groupid>
</Groups>
</Contact>
<?php
}
echo '</AddressBook>';
//Log
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Phonebook', log_description = 'XML Phonebook Downloaded', log_created_at = NOW(), company_id = $company_id");
}
if(isset($_GET['client_emails'])){
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $company_id");
while($row = mysqli_fetch_array($sql)){
$client_name = $row['client_name'];
$client_email = $row['client_email'];
echo "$client_name - $client_email<br>";
}
//Log
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Client Emails', log_description = 'Client Emails were pulled', log_created_at = NOW(), company_id = $company_id");
}
if(isset($_GET['account_balance'])){
$client_id = intval($_GET['account_balance']);
//Add up all the payments for the invoice and get the total amount paid to the invoice
$sql_invoice_amounts = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS invoice_amounts FROM invoices WHERE client_id = $client_id AND invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Cancelled' AND company_id = $company_id");
$row = mysqli_fetch_array($sql_invoice_amounts);
$invoice_amounts = $row['invoice_amounts'];
$sql_amount_paid = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS amount_paid FROM payments, invoices WHERE payments.invoice_id = invoices.invoice_id AND invoices.client_id = $client_id AND payments.company_id = $company_id");
$row = mysqli_fetch_array($sql_amount_paid);
$amount_paid = $row['amount_paid'];
$balance = $invoice_amounts - $amount_paid;
echo $balance;
//Log
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Account Balance', log_description = 'Client $client_id checked their balance which had a balance of $balance', log_created_at = NOW(), company_id = $company_id");
}
}else{
echo "Incorrect API Key";
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Incorrect Key', log_description = 'Failed', log_created_at = NOW()");
}
}else{
echo "Missing the API Key";
// Check API key is provided in GET request as 'api_key'
if(!isset($_GET['api_key']) OR empty($_GET['api_key'])) {
// Missing key
header("HTTP/1.1 401 Unauthorized");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'No Key', log_description = 'No API Key specified', log_created_at = NOW()");
echo "Missing the API Key.";
exit();
}
// Validate API key from GET request
$config_api_key = mysqli_real_escape_string($mysqli,$_GET['api_key']);
$sql = mysqli_query($mysqli,"SELECT * FROM settings, companies WHERE settings.company_id = companies.company_id AND settings.config_api_key = '$config_api_key'");
if(mysqli_num_rows($sql) != 1){
// Invalid Key
header("HTTP/1.1 401 Unauthorized");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Incorrect Key', log_description = 'Failed', log_created_at = NOW()");
echo "Incorrect API Key.";
exit();
}
// API Key is valid.
$row = mysqli_fetch_array($sql);
$company_id = $row['company_id'];
if(isset($_GET['cid'])){
$cid = intval($_GET['cid']);
$sql = mysqli_query($mysqli,"SELECT client_name AS name FROM clients WHERE client_phone = $cid AND company_id = $company_id UNION SELECT contact_name AS name FROM contacts WHERE contact_phone = $cid AND company_id = $company_id UNION SELECT contact_name AS name FROM contacts WHERE contact_mobile = $cid AND company_id = $company_id UNION SELECT location_name AS name FROM locations WHERE location_phone = $cid AND company_id = $company_id UNION SELECT vendor_name AS name FROM vendors WHERE vendor_phone = $cid AND company_id = $company_id");
$row = mysqli_fetch_array($sql);
$name = $row['name'];
echo "$name - $cid";
//Alert when call comes through
mysqli_query($mysqli,"INSERT INTO alerts SET alert_type = 'Inbound Call', alert_message = 'Inbound call from $name - $cid', alert_date = NOW(), company_id = $company_id");
//Log When call comes through
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Call', log_action = 'Inbound', log_description = 'Inbound call from $name - $cid', log_created_at = NOW(), company_id = $company_id");
}
if(isset($_GET['incoming_call'])){
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'call', log_description = 'incoming', log_created_at = NOW(), company_id = $company_id");
}
if(isset($_GET['client_numbers'])){
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $company_id");
while($row = mysqli_fetch_array($sql)){
$client_name = $row['client_name'];
$client_phone = $row['client_phone'];
echo "$client_name - $client_phone<br>";
}
//Log
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Client Numbers', log_description = 'Client Phone Numbers were pulled', log_created_at = NOW(), company_id = $company_id");
}
if(isset($_GET['phonebook'])){
header('Content-type: text/xml');
header('Pragma: public');
header('Cache-control: private');
header('Expires: -1');
echo "<?xml version=\"1.0\" encoding=\"utf-8\"?>";
echo '<AddressBook>';
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $company_id");
while($row = mysqli_fetch_array($sql)){
$client_name = $row['client_name'];
$client_phone = $row['client_phone'];
?>
<Contact>
<LastName><?php echo $client_name; ?></LastName>
<Phone>
<phonenumber><?php echo $client_phone; ?></phonenumber>
</Phone>
<Groups>
<groupid>0</groupid>
</Groups>
</Contact>
<?php
}
$sql = mysqli_query($mysqli,"SELECT * FROM contacts WHERE company_id = $company_id");
while($row = mysqli_fetch_array($sql)){
$vendor_name = $row['contact_name'];
$vendor_phone = $row['contact_phone'];
?>
<Contact>
<LastName><?php echo $contact_name; ?></LastName>
<Phone>
<phonenumber><?php echo $contact_phone; ?></phonenumber>
</Phone>
<Groups>
<groupid>1</groupid>
</Groups>
</Contact>
<?php
}
$sql = mysqli_query($mysqli,"SELECT * FROM vendors WHERE company_id = $company_id");
while($row = mysqli_fetch_array($sql)){
$vendor_name = $row['vendor_name'];
$vendor_phone = $row['vendor_phone'];
?>
<Contact>
<LastName><?php echo $vendor_name; ?></LastName>
<Phone>
<phonenumber><?php echo $vendor_phone; ?></phonenumber>
</Phone>
<Groups>
<groupid>2</groupid>
</Groups>
</Contact>
<?php
}
echo '</AddressBook>';
//Log
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Phonebook', log_description = 'XML Phonebook Downloaded', log_created_at = NOW(), company_id = $company_id");
}
if(isset($_GET['client_emails'])){
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $company_id");
while($row = mysqli_fetch_array($sql)){
$client_name = $row['client_name'];
$client_email = $row['client_email'];
echo "$client_name - $client_email<br>";
}
//Log
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Client Emails', log_description = 'Client Emails were pulled', log_created_at = NOW(), company_id = $company_id");
}
if(isset($_GET['account_balance'])){
$client_id = intval($_GET['account_balance']);
//Add up all the payments for the invoice and get the total amount paid to the invoice
$sql_invoice_amounts = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS invoice_amounts FROM invoices WHERE client_id = $client_id AND invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Cancelled' AND company_id = $company_id");
$row = mysqli_fetch_array($sql_invoice_amounts);
$invoice_amounts = $row['invoice_amounts'];
$sql_amount_paid = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS amount_paid FROM payments, invoices WHERE payments.invoice_id = invoices.invoice_id AND invoices.client_id = $client_id AND payments.company_id = $company_id");
$row = mysqli_fetch_array($sql_amount_paid);
$amount_paid = $row['amount_paid'];
$balance = $invoice_amounts - $amount_paid;
echo $balance;
//Log
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Account Balance', log_description = 'Client $client_id checked their balance which had a balance of $balance', log_created_at = NOW(), company_id = $company_id");
}
if(isset($_GET['add_asset']) && isset($_GET['client_id'])) {
$client_id = intval($_GET['client_id']);
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['add_asset'])));
$type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['type'])));
$make = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['make'])));
$model = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['model'])));
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['serial'])));
$os = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['os'])));
// Add
mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_created_at = NOW(), asset_client_id = $client_id, company_id = $company_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Asset Created', log_description = '$name', log_created_at = NOW(), company_id = $company_id");
echo "Asset added!";
}
?>

3
login.php
View File

@ -16,6 +16,9 @@ $browser = strip_tags(mysqli_real_escape_string($mysqli,get_web_browser()));
$user_agent = "$os - $browser";
// HTTP Only cookies
ini_set("session.cookie_httponly", True);
session_start();
if(isset($_POST['login'])){

19
post.php
View File

@ -3773,7 +3773,7 @@ if(isset($_POST['edit_contact'])){
$dest_path = $upload_file_dir . $new_file_name;
move_uploaded_file($file_tmp_path, $dest_path);
asset
//Delete old file
unlink("uploads/clients/$session_company_id/$client_id/$existing_file_name");
@ -4136,7 +4136,7 @@ if (isset($_POST["import_client_assets_csv"])) {
$client_id = intval($_POST['client_id']);
$file_name = $_FILES["file"]["tmp_name"];
if ($_FILES["file"]["size"] > 0) {
if($_FILES["file"]["size"] > 0){
$file = fopen($file_name, "r");
fgetcsv($file, 1000, ","); // Skip first line
$count = 0;
@ -4144,24 +4144,24 @@ if (isset($_POST["import_client_assets_csv"])) {
if (isset($column[0])) {
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $column[0])));
}
if (isset($column[1])) {
if(isset($column[1])){
$type = trim(strip_tags(mysqli_real_escape_string($mysqli, $column[1])));
}
if (isset($column[2])) {
if(isset($column[2])){
$make = trim(strip_tags(mysqli_real_escape_string($mysqli, $column[2])));
}
if (isset($column[3])) {
if(isset($column[3])){
$model = trim(strip_tags(mysqli_real_escape_string($mysqli, $column[3])));
}
if (isset($column[4])) {
if(isset($column[4])){
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli, $column[4])));
}
if (isset($column[5])) {
if(isset($column[5])){
$os = trim(strip_tags(mysqli_real_escape_string($mysqli, $column[5])));
}
// Potentially import the rest in the future?
// Add
//Add
mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_created_at = NOW(), asset_client_id = $client_id, company_id = $session_company_id");
//Logging
@ -4179,11 +4179,10 @@ if (isset($_POST["import_client_assets_csv"])) {
// The file was empty
$_SESSION['alert_type'] = "warning";
$_SESSION['alert_message'] = "Something went wrong";
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
header("Location: " . $_SERVER["HTTP_REFERER"]);
}
if(isset($_POST['edit_asset'])){
$asset_id = intval($_POST['asset_id']);