POST code for AI and Payment Providers

2026-02-28 02:44:53 +00:00 · 2025-07-06 17:01:28 -04:00
parent fa9acef279
commit a011dc4dea
5 changed files with 258 additions and 77 deletions
--- a/post/admin/admin_ai.php
+++ b/post/admin/admin_ai.php
@@ -0,0 +1,137 @@
+<?php
+
+/*
+ * ITFlow - GET/POST request handler for AI Providers ('ai_providers')
+ */
+
+defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
+
+if (isset($_POST['add_ai_provider'])) {
+
+    validateCSRFToken($_GET['csrf_token']);
+
+    $provider = sanitizeInput($_POST['provider']);
+    $url = sanitizeInput($_POST['url']);
+    $model = sanitizeInput($_POST['model']);
+    $api_key = sanitizeInput($_POST['api_key']);
+
+
+    mysqli_query($mysqli,"INSERT INTO ai_providers SET ai_provider_name = '$name', ai_provider_url = '$url', ai_provider_api_key = '$api_key'");
+
+    $ai_provider_id = mysqli_insert_id($mysqli);
+
+    if ($model) {
+        mysqli_query($mysqli,"INSERT INTO ai_models SET ai_model_name = '$model'");
+    }
+
+    // Logging
+    logAction("AI Provider", "Create", "$session_name created AI Provider $provider");
+
+    $_SESSION['alert_message'] = "AI Model <strong>$provider</strong> created";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_POST['edit_ai_provider'])) {
+
+    validateCSRFToken($_GET['csrf_token']);
+
+    $provider_id intval($_POST['provider_id'])
+    $provider = sanitizeInput($_POST['provider']);
+    $url = sanitizeInput($_POST['url']);
+    $api_key = sanitizeInput($_POST['api_key']);
+
+    mysqli_query($mysqli,"UPDATE ai_providers SET ai_provider_name = '$name', ai_provider_url = '$url', ai_provider_api_key = '$api_key' WHERE ai_provider_id = $provider_id");
+
+    // Logging
+    logAction("AI Provider", "Edit", "$session_name edited AI Provider $provider");
+
+    $_SESSION['alert_message'] = "AI Model <strong>$provider</strong> edited";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_GET['delete_ai_provider'])) {
+    
+    $provider_id = intval($_GET['delete_ai_provider']);
+
+    $sql = mysqli_query($mysqli,"SELECT ai_provider_name FROM ai_providers WHERE ai_provider_id = $provider_id");
+    $row = mysqli_fetch_array($sql);
+    $provider_name = sanitizeInput($row['ai_provider_name']);
+
+    mysqli_query($mysqli,"DELETE FROM ai_providers WHERE ai_provider_id = $provider_id");
+
+    // Logging
+    logAction("AI Provider", "Delete", "$session_name deleted AI Provider $provider_name");
+
+    $_SESSION['alert_type'] = "error";
+    $_SESSION['alert_message'] = "AI Provider <strong>$provider_name</strong> deleted";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_POST['add_ai_model'])) {
+
+    validateCSRFToken($_GET['csrf_token']);
+
+    $provider_id = intval($_POST['provider_id']);
+    $model = sanitizeInput($_POST['model']);
+    $prompt = sanitizeInput($_POST['prompt']);
+    $use_case = sanitizeInput($_POST['use_case']);
+
+    mysqli_query($mysqli,"INSERT INTO ai_models SET ai_model_name = '$model', ai_model_prompt = '$prompt', ai_model_use_case = '$use_case', ai_model_ai_provider_id = $provider_id");
+
+    $ai_model_id = mysqli_insert_id($mysqli);
+
+    // Logging
+    logAction("AI Model", "Create", "$session_name created AI Model $model");
+
+    $_SESSION['alert_message'] = "AI Model <strong>$model</strong> created";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_POST['edit_ai_model'])) {
+
+    validateCSRFToken($_GET['csrf_token']);
+
+    $model_id = intval($_POST['model_id']);
+    $model = sanitizeInput($_POST['model']);
+    $prompt = sanitizeInput($_POST['prompt']);
+    $use_case = sanitizeInput($_POST['use_case']);
+
+    mysqli_query($mysqli,"UPDATE ai_models SET ai_model_name = '$model', ai_model_prompt = '$prompt', ai_model_use_case = '$use_case' WHERE ai_model_id = $model_id");
+
+    // Logging
+    logAction("AI Model", "Edit", "$session_name edited AI Model $model");
+
+    $_SESSION['alert_message'] = "AI Model <strong>$model</strong> edited";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_GET['delete_ai_model'])) {
+    
+    $model_id = intval($_GET['delete_ai_model']);
+
+    $sql = mysqli_query($mysqli,"SELECT ai_model_name FROM ai_models WHERE ai_model_id = $model_id");
+    $row = mysqli_fetch_array($sql);
+    $model_name = sanitizeInput($row['ai_model_name']);
+
+    mysqli_query($mysqli,"DELETE FROM ai_models WHERE ai_model_id = $model_id");
+
+    // Logging
+    logAction("AI Model", "Delete", "$session_name deleted AI Model $model_name");
+
+    $_SESSION['alert_type'] = "error";
+    $_SESSION['alert_message'] = "AI Model <strong>$model_name</strong> deleted";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
--- a/post/admin/admin_payment_provider.php
+++ b/post/admin/admin_payment_provider.php
@@ -0,0 +1,107 @@
+<?php
+
+/*
+ * ITFlow - GET/POST request handler for AI Providers ('ai_providers')
+ */
+
+defined('FROM_POST_HANDLER') || die("Direct file access is not allowed");
+
+if (isset($_POST['add_payment_provider'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $provider = sanitizeInput($_POST['provider']);
+    $public_key = sanitizeInput($_POST['public_key']);
+    $private_key = sanitizeInput($_POST['private_key']);
+    $threshold = floatval($_POST['threshold']);
+    $enable_expense = intval($_POST['enable_expense'] ?? 0);
+    $percentage_fee = floatval($_POST['percentage_fee']) / 100;
+    $flat_fee = floatval($_POST['flat_fee']);
+
+    // Check for Stripe Account if not create it
+    $sql_account = mysqli_query($mysqli,"SELECT account_id FROM accounts WHERE account_name = '$provider' AND account_archived_at IS NULL LIMIT 1");
+    if (mysqli_num_rows($sql_account) == 0) {
+        $account_id = mysqli_insert_id($mysqli);
+    } else {
+        $row = mysqli_fetch_array($sql_account);
+        $account_id = intval($row['account_id']);
+    }
+
+    if ($enable_expense) {
+        // Category
+        $sql_category = mysqli_query($mysqli,"SELECT category_id FROM categories WHERE category_name = 'Payment Processing' AND category_type = 'Expense' AND category_archived_at IS NULL LIMIT 1");
+        if (mysqli_num_rows($sql_category) == 0) {
+            mysqli_query($mysqli,"INSERT INTO categories SET category_name = 'Processing Fee', category_type = 'Payment Processing', category_color = 'gray'");
+            $category_id = mysqli_insert_id($mysqli);
+        } else {
+            $row = mysqli_fetch_array($sql_category);
+            $category_id = intval($row['category_id']);
+        }
+        //Vendor
+        $sql_vendor = mysqli_query($mysqli,"SELECT vendor_id FROM vendors WHERE vendor_name = '$provider' AND vendor_client_id = 0 AND vendor_archived_at IS NULL LIMIT 1");
+        if (mysqli_num_rows($sql_vendor) == 0) {
+            mysqli_query($mysqli,"INSERT INTO vendors SET vendor_name = '$provider', vendor_descripion = 'Payment Processor Provider', vendor_client_id = 0");
+            $vendor_id = mysqli_insert_id($mysqli);
+        } else {
+            $row = mysqli_fetch_array($sql_vendor);
+            $vendor_id = intval($row['vendor_id']);
+        }
+    }
+
+    mysqli_query($mysqli,"INSERT INTO payment_providers SET payment_provider_name = '$provider', payment_provider_public_key = '$public_key', payment_provider_private_key = '$private_key', payment_provider_account = $account_id, payment_provider_expense_vendor = $vendor_id, payment_provider_expense_category = $category_id, payment_provider_expense_percentage_fee = $percentage_fee, payment_provider_expense_flat_fee = $flat_fee");
+
+    $provider_id = mysqli_insert_id($mysqli);
+
+    // Logging
+    logAction("Payment Provider", "Create", "$session_name created AI Provider $provider");
+
+    $_SESSION['alert_message'] = "AI Model <strong>$provider</strong> created";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_POST['edit_payment_provider'])) {
+
+    validateCSRFToken($_POST['csrf_token']);
+
+    $provider_id = intval($_POST['provider_id']);
+    $provider = sanitizeInput($_POST['provider']);
+    $description = sanitizeInput($_POST['description']);
+    $public_key = sanitizeInput($_POST['public_key']);
+    $private_key = sanitizeInput($_POST['private_key']);
+    $threshold = floatval($_POST['threshold']);
+    $enable_expense = intval($_POST['enable_expense'] ?? 0);
+    $percentage_fee = floatval($_POST['percentage_fee']) / 100;
+    $flat_fee = floatval($_POST['flat_fee']);
+
+    mysqli_query($mysqli,"UPDATE payment_providers SET payment_provider_name = '$name', payment_provider_url = '$url', payment_provider_api_key = '$api_key', payment_provider_percentage_fee = $percentage_fee, payment_provider_flat_fee = $flat_fee WHERE payment_provider_id = $provider_id");
+
+    // Logging
+    logAction("Payment Provider", "Edit", "$session_name edited Payment Provider $provider");
+
+    $_SESSION['alert_message'] = "Payment Provider <strong>$provider</strong> edited";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if (isset($_GET['delete_payment_provider'])) {
+    
+    $provider_id = intval($_GET['delete_payment_provider']);
+
+    $sql = mysqli_query($mysqli,"SELECT payment_provider_name FROM payment_providers WHERE payment_provider_id = $provider_id");
+    $row = mysqli_fetch_array($sql);
+    $provider_name = sanitizeInput($row['payment_provider_name']);
+
+    mysqli_query($mysqli,"DELETE FROM payment_providers WHERE payment_provider_id = $provider_id");
+
+    // Logging
+    logAction("Payment Provider", "Delete", "$session_name deleted Payment Provider $provider_name");
+
+    $_SESSION['alert_type'] = "error";
+    $_SESSION['alert_message'] = "Payment Provider <strong>$provider_name</strong> deleted";
+
+    header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}