API: Add some missing end points

api/v1/certificates/delete.php

@@ -0,0 +1,28 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$certificate_id = intval($_POST['certificate_id']);
+
+// Default
+$delete_count = false;
+
+if (!empty($certificate_id)) {
+    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = $certificate_id AND certificate_client_id = $client_id LIMIT 1"));
+    $certificate_name = $row['certificate_name'];
+
+    $delete_sql = mysqli_query($mysqli, "DELETE FROM certificates WHERE certificate_id = $certificate_id AND certificate_client_id = $client_id LIMIT 1");
+
+    if ($delete_sql && !empty($certificate_name)) {
+        $delete_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Certificate", "Delete", "$certificate_name via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../delete_output.php';

api/v1/certificates/update.php

@@ -0,0 +1,32 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$certificate_id = intval($_POST['certificate_id']);
+
+// Default
+$update_count = false;
+
+if (!empty($certificate_id)) {
+
+    $certificate_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = '$certificate_id' AND certificate_client_id = $client_id LIMIT 1"));
+
+    // Variable assignment from POST - assigning the current database value if a value is not provided
+    require_once 'certificate_model.php';
+
+    $update_sql = mysqli_query($mysqli, "UPDATE certificates SET certificate_name = '$name', certificate_description = '$description', certificate_domain = '$domain', certificate_issued_by = '$issued_by', certificate_expire = '$expire', certificate_public_key = '$public_key', certificate_notes = '$notes', certificate_domain_id = $domain_id WHERE certificate_id = $certificate_id AND certificate_client_id = $client_id LIMIT 1");
+
+    if ($update_sql) {
+        $update_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Certificate", "Edit", "$name via API ($api_key_name)", $client_id);
+        logAction("API", "Success", "Edited certificate $name via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../update_output.php';

api/v1/clients/delete.php

@@ -0,0 +1,29 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$delete_client_id = intval($_POST['client_id']);
+
+// Default
+$delete_count = false;
+
+// Require All Clients scope to delete clients
+if (!empty($delete_client_id) && $client_id == 0) {
+    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = $delete_client_id LIMIT 1"));
+    $client_name = $row['client_name'];
+
+    $delete_sql = mysqli_query($mysqli, "DELETE FROM clients WHERE client_id = $delete_client_id LIMIT 1");
+
+    if ($delete_sql && !empty($client_name)) {
+        $delete_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Client", "Delete", "$client_name via API ($api_key_name)", $delete_client_id);
+    }
+}
+
+// Output
+require_once '../delete_output.php';

api/v1/credentials/delete.php

@@ -0,0 +1,28 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$credential_id = intval($_POST['credential_id']);
+
+// Default
+$delete_count = false;
+
+if (!empty($credential_id)) {
+    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_id = $credential_id AND credential_client_id = $client_id LIMIT 1"));
+    $credential_name = $row['credential_name'];
+
+    $delete_sql = mysqli_query($mysqli, "DELETE FROM credentials WHERE credential_id = $credential_id AND credential_client_id = $client_id LIMIT 1");
+
+    if ($delete_sql && !empty($credential_name)) {
+        $delete_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Credential", "Delete", "$credential_name via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../delete_output.php';

api/v1/documents/delete.php

@@ -0,0 +1,28 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$document_id = intval($_POST['document_id']);
+
+// Default
+$delete_count = false;
+
+if (!empty($document_id)) {
+    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM documents WHERE document_id = $document_id AND document_client_id = $client_id LIMIT 1"));
+    $document_name = $row['document_name'];
+
+    $delete_sql = mysqli_query($mysqli, "DELETE FROM documents WHERE document_id = $document_id AND document_client_id = $client_id LIMIT 1");
+
+    if ($delete_sql && !empty($document_name)) {
+        $delete_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Document", "Delete", "$document_name via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../delete_output.php';

api/v1/domains/create.php

@@ -0,0 +1,28 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse Info
+$domain_row = false; // Creation, not an update
+require_once 'domain_model.php';
+
+// Default
+$insert_id = false;
+
+if (!empty($name)) {
+
+    $insert_sql = mysqli_query($mysqli, "INSERT INTO domains SET domain_name = '$name', domain_description = '$description', domain_registrar = '$registrar', domain_expire = '$expire', domain_notes = '$notes', domain_vendor_id = $vendor_id, domain_client_id = $client_id");
+
+    if ($insert_sql) {
+        $insert_id = mysqli_insert_id($mysqli);
+
+        // Logging
+        logAction("Domain", "Create", "Created domain $name via API ($api_key_name)", $client_id, $insert_id);
+        logAction("API", "Success", "Created domain $name via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../create_output.php';

api/v1/domains/delete.php

@@ -0,0 +1,28 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$domain_id = intval($_POST['domain_id']);
+
+// Default
+$delete_count = false;
+
+if (!empty($domain_id)) {
+    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = $domain_id AND domain_client_id = $client_id LIMIT 1"));
+    $domain_name = $row['domain_name'];
+
+    $delete_sql = mysqli_query($mysqli, "DELETE FROM domains WHERE domain_id = $domain_id AND domain_client_id = $client_id LIMIT 1");
+
+    if ($delete_sql && !empty($domain_name)) {
+        $delete_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Domain", "Delete", "$domain_name via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../delete_output.php';

api/v1/domains/domain_model.php

@@ -0,0 +1,51 @@
+<?php
+
+// Variable assignment from POST (or: blank/from DB is updating)
+
+if (isset($_POST['domain_name'])) {
+    $name = sanitizeInput($_POST['domain_name']);
+} elseif ($domain_row) {
+    $name = mysqli_real_escape_string($mysqli, $domain_row['domain_name']);
+} else {
+    $name = '';
+}
+
+if (isset($_POST['domain_description'])) {
+    $description = sanitizeInput($_POST['domain_description']);
+} elseif ($domain_row) {
+    $description = mysqli_real_escape_string($mysqli, $domain_row['domain_description']);
+} else {
+    $description = '';
+}
+
+if (isset($_POST['domain_registrar'])) {
+    $registrar = sanitizeInput($_POST['domain_registrar']);
+} elseif ($domain_row) {
+    $registrar = mysqli_real_escape_string($mysqli, $domain_row['domain_registrar']);
+} else {
+    $registrar = '';
+}
+
+if (isset($_POST['domain_expire'])) {
+    $expire = sanitizeInput($_POST['domain_expire']);
+} elseif ($domain_row) {
+    $expire = $domain_row['domain_expire'];
+} else {
+    $expire = 'NULL';
+}
+
+if (isset($_POST['domain_notes'])) {
+    $notes = sanitizeInput($_POST['domain_notes']);
+} elseif ($domain_row) {
+    $notes = mysqli_real_escape_string($mysqli, $domain_row['domain_notes']);
+} else {
+    $notes = '';
+}
+
+if (isset($_POST['domain_vendor_id'])) {
+    $vendor_id = intval($_POST['domain_vendor_id']);
+} elseif ($domain_row) {
+    $vendor_id = $domain_row['domain_vendor_id'];
+} else {
+    $vendor_id = 0;
+}

api/v1/domains/update.php

@@ -0,0 +1,31 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$domain_id = intval($_POST['domain_id']);
+
+// Default
+$update_count = false;
+
+if (!empty($domain_id)) {
+
+    $domain_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = '$domain_id' AND domain_client_id = $client_id LIMIT 1"));
+
+    require_once 'domain_model.php';
+
+    $update_sql = mysqli_query($mysqli, "UPDATE domains SET domain_name = '$name', domain_description = '$description', domain_registrar = '$registrar', domain_expire = '$expire', domain_notes = '$notes', domain_vendor_id = $vendor_id WHERE domain_id = $domain_id AND domain_client_id = $client_id LIMIT 1");
+
+    if ($update_sql) {
+        $update_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Domain", "Edit", "$name via API ($api_key_name)", $client_id);
+        logAction("API", "Success", "Edited domain $name via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../update_output.php';

api/v1/expenses/create.php

@@ -0,0 +1,30 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Expenses require All Clients scope
+$insert_id = false;
+
+if ($client_id == 0) {
+
+    $expense_row = false; // Creation, not an update
+    require_once 'expense_model.php';
+
+    if (!empty($description)) {
+
+        $insert_sql = mysqli_query($mysqli, "INSERT INTO expenses SET expense_description = '$description', expense_amount = $amount, expense_date = '$date', expense_tax = $tax, expense_notes = '$notes', expense_vendor_id = $vendor_id, expense_category_id = $category_id");
+
+        if ($insert_sql) {
+            $insert_id = mysqli_insert_id($mysqli);
+
+            // Logging
+            logAction("Expense", "Create", "Created expense $description via API ($api_key_name)", 0, $insert_id);
+            logAction("API", "Success", "Created expense $description via API ($api_key_name)", 0);
+        }
+    }
+}
+
+// Output
+require_once '../create_output.php';

api/v1/expenses/delete.php

@@ -0,0 +1,29 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$expense_id = intval($_POST['expense_id']);
+
+// Default
+$delete_count = false;
+
+// Expenses require All Clients scope
+if (!empty($expense_id) && $client_id == 0) {
+    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM expenses WHERE expense_id = $expense_id LIMIT 1"));
+    $expense_description = $row['expense_description'];
+
+    $delete_sql = mysqli_query($mysqli, "DELETE FROM expenses WHERE expense_id = $expense_id LIMIT 1");
+
+    if ($delete_sql && !empty($expense_description)) {
+        $delete_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Expense", "Delete", "$expense_description via API ($api_key_name)", 0);
+    }
+}
+
+// Output
+require_once '../delete_output.php';

api/v1/expenses/expense_model.php

@@ -0,0 +1,60 @@
+<?php
+
+// Variable assignment from POST (or: blank/from DB is updating)
+// Note: expenses are not scoped to a client_id
+
+if (isset($_POST['expense_description'])) {
+    $description = sanitizeInput($_POST['expense_description']);
+} elseif ($expense_row) {
+    $description = mysqli_real_escape_string($mysqli, $expense_row['expense_description']);
+} else {
+    $description = '';
+}
+
+if (isset($_POST['expense_amount'])) {
+    $amount = floatval($_POST['expense_amount']);
+} elseif ($expense_row) {
+    $amount = $expense_row['expense_amount'];
+} else {
+    $amount = 0;
+}
+
+if (isset($_POST['expense_date'])) {
+    $date = sanitizeInput($_POST['expense_date']);
+} elseif ($expense_row) {
+    $date = $expense_row['expense_date'];
+} else {
+    $date = date('Y-m-d');
+}
+
+if (isset($_POST['expense_tax'])) {
+    $tax = floatval($_POST['expense_tax']);
+} elseif ($expense_row) {
+    $tax = $expense_row['expense_tax'];
+} else {
+    $tax = 0;
+}
+
+if (isset($_POST['expense_notes'])) {
+    $notes = sanitizeInput($_POST['expense_notes']);
+} elseif ($expense_row) {
+    $notes = mysqli_real_escape_string($mysqli, $expense_row['expense_notes']);
+} else {
+    $notes = '';
+}
+
+if (isset($_POST['expense_vendor_id'])) {
+    $vendor_id = intval($_POST['expense_vendor_id']);
+} elseif ($expense_row) {
+    $vendor_id = $expense_row['expense_vendor_id'];
+} else {
+    $vendor_id = 0;
+}
+
+if (isset($_POST['expense_category_id'])) {
+    $category_id = intval($_POST['expense_category_id']);
+} elseif ($expense_row) {
+    $category_id = $expense_row['expense_category_id'];
+} else {
+    $category_id = 0;
+}

api/v1/expenses/update.php

@@ -0,0 +1,32 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$expense_id = intval($_POST['expense_id']);
+
+// Default
+$update_count = false;
+
+// Expenses require All Clients scope
+if (!empty($expense_id) && $client_id == 0) {
+
+    $expense_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM expenses WHERE expense_id = '$expense_id' LIMIT 1"));
+
+    require_once 'expense_model.php';
+
+    $update_sql = mysqli_query($mysqli, "UPDATE expenses SET expense_description = '$description', expense_amount = $amount, expense_date = '$date', expense_tax = $tax, expense_notes = '$notes', expense_vendor_id = $vendor_id, expense_category_id = $category_id WHERE expense_id = $expense_id LIMIT 1");
+
+    if ($update_sql) {
+        $update_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Expense", "Edit", "$description via API ($api_key_name)", 0);
+        logAction("API", "Success", "Edited expense $description via API ($api_key_name)", 0);
+    }
+}
+
+// Output
+require_once '../update_output.php';

api/v1/invoices/create.php

@@ -0,0 +1,28 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+$invoice_row = false; // Creation, not an update
+require_once 'invoice_model.php';
+
+// Default
+$insert_id = false;
+
+// client_id is required for invoices
+if (!empty($client_id)) {
+
+    $insert_sql = mysqli_query($mysqli, "INSERT INTO invoices SET invoice_date = '$date', invoice_due_date = '$due_date', invoice_notes = '$notes', invoice_footer = '$footer', invoice_currency_code = '$currency_code', invoice_client_id = $client_id, invoice_status = 'Draft'");
+
+    if ($insert_sql) {
+        $insert_id = mysqli_insert_id($mysqli);
+
+        // Logging
+        logAction("Invoice", "Create", "Created invoice via API ($api_key_name)", $client_id, $insert_id);
+        logAction("API", "Success", "Created invoice via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../create_output.php';

api/v1/invoices/delete.php

@@ -0,0 +1,31 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$invoice_id = intval($_POST['invoice_id']);
+
+// Default
+$delete_count = false;
+
+if (!empty($invoice_id)) {
+    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_id = $invoice_id AND invoice_client_id LIKE '$client_id' LIMIT 1"));
+    $invoice_exists = $row['invoice_id'];
+
+    $delete_sql = mysqli_query($mysqli, "DELETE FROM invoices WHERE invoice_id = $invoice_id AND invoice_client_id LIKE '$client_id' LIMIT 1");
+
+    if ($delete_sql && !empty($invoice_exists)) {
+        $delete_count = mysqli_affected_rows($mysqli);
+
+        // Also delete invoice items
+        mysqli_query($mysqli, "DELETE FROM invoice_items WHERE invoice_item_invoice_id = $invoice_id");
+
+        // Logging
+        logAction("Invoice", "Delete", "Invoice $invoice_id via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../delete_output.php';

api/v1/invoices/invoice_model.php

@@ -0,0 +1,43 @@
+<?php
+
+// Variable assignment from POST (or: blank/from DB is updating)
+
+if (isset($_POST['invoice_date'])) {
+    $date = sanitizeInput($_POST['invoice_date']);
+} elseif ($invoice_row) {
+    $date = $invoice_row['invoice_date'];
+} else {
+    $date = date('Y-m-d');
+}
+
+if (isset($_POST['invoice_due_date'])) {
+    $due_date = sanitizeInput($_POST['invoice_due_date']);
+} elseif ($invoice_row) {
+    $due_date = $invoice_row['invoice_due_date'];
+} else {
+    $due_date = date('Y-m-d');
+}
+
+if (isset($_POST['invoice_notes'])) {
+    $notes = sanitizeInput($_POST['invoice_notes']);
+} elseif ($invoice_row) {
+    $notes = mysqli_real_escape_string($mysqli, $invoice_row['invoice_notes']);
+} else {
+    $notes = '';
+}
+
+if (isset($_POST['invoice_footer'])) {
+    $footer = sanitizeInput($_POST['invoice_footer']);
+} elseif ($invoice_row) {
+    $footer = mysqli_real_escape_string($mysqli, $invoice_row['invoice_footer']);
+} else {
+    $footer = '';
+}
+
+if (isset($_POST['invoice_currency_code'])) {
+    $currency_code = sanitizeInput($_POST['invoice_currency_code']);
+} elseif ($invoice_row) {
+    $currency_code = mysqli_real_escape_string($mysqli, $invoice_row['invoice_currency_code']);
+} else {
+    $currency_code = '';
+}

api/v1/invoices/update.php

@@ -0,0 +1,31 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$invoice_id = intval($_POST['invoice_id']);
+
+// Default
+$update_count = false;
+
+if (!empty($invoice_id)) {
+
+    $invoice_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM invoices WHERE invoice_id = '$invoice_id' AND invoice_client_id LIKE '$client_id' LIMIT 1"));
+
+    require_once 'invoice_model.php';
+
+    $update_sql = mysqli_query($mysqli, "UPDATE invoices SET invoice_date = '$date', invoice_due_date = '$due_date', invoice_notes = '$notes', invoice_footer = '$footer', invoice_currency_code = '$currency_code' WHERE invoice_id = $invoice_id AND invoice_client_id LIKE '$client_id' LIMIT 1");
+
+    if ($update_sql) {
+        $update_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Invoice", "Edit", "Invoice $invoice_id via API ($api_key_name)", $client_id);
+        logAction("API", "Success", "Edited invoice $invoice_id via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../update_output.php';

api/v1/locations/delete.php

@@ -0,0 +1,28 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$location_id = intval($_POST['location_id']);
+
+// Default
+$delete_count = false;
+
+if (!empty($location_id)) {
+    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM locations WHERE location_id = $location_id AND location_client_id = $client_id LIMIT 1"));
+    $location_name = $row['location_name'];
+
+    $delete_sql = mysqli_query($mysqli, "DELETE FROM locations WHERE location_id = $location_id AND location_client_id = $client_id LIMIT 1");
+
+    if ($delete_sql && !empty($location_name)) {
+        $delete_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Location", "Delete", "$location_name via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../delete_output.php';

api/v1/locations/update.php

@@ -0,0 +1,31 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$location_id = intval($_POST['location_id']);
+
+// Default
+$update_count = false;
+
+if (!empty($location_id)) {
+
+    $location_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM locations WHERE location_id = '$location_id' AND location_client_id = $client_id LIMIT 1"));
+
+    require_once 'location_model.php';
+
+    $update_sql = mysqli_query($mysqli, "UPDATE locations SET location_name = '$name', location_description = '$description', location_country = '$country', location_address = '$address', location_city = '$city', location_state = '$state', location_zip = '$zip', location_hours = '$hours', location_notes = '$notes', location_primary = $primary WHERE location_id = $location_id AND location_client_id = $client_id LIMIT 1");
+
+    if ($update_sql) {
+        $update_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Location", "Edit", "$name via API ($api_key_name)", $client_id);
+        logAction("API", "Success", "Edited location $name via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../update_output.php';

api/v1/networks/create.php

@@ -0,0 +1,27 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+$network_row = false; // Creation, not an update
+require_once 'network_model.php';
+
+// Default
+$insert_id = false;
+
+if (!empty($name)) {
+
+    $insert_sql = mysqli_query($mysqli, "INSERT INTO networks SET network_name = '$name', network_description = '$description', network_address = '$address', network_dns = '$dns', network_gateway = '$gateway', network_vlan = '$vlan', network_notes = '$notes', network_location_id = $location_id, network_client_id = $client_id");
+
+    if ($insert_sql) {
+        $insert_id = mysqli_insert_id($mysqli);
+
+        // Logging
+        logAction("Network", "Create", "Created network $name via API ($api_key_name)", $client_id, $insert_id);
+        logAction("API", "Success", "Created network $name via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../create_output.php';

api/v1/networks/delete.php

@@ -0,0 +1,28 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$network_id = intval($_POST['network_id']);
+
+// Default
+$delete_count = false;
+
+if (!empty($network_id)) {
+    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = $network_id AND network_client_id = $client_id LIMIT 1"));
+    $network_name = $row['network_name'];
+
+    $delete_sql = mysqli_query($mysqli, "DELETE FROM networks WHERE network_id = $network_id AND network_client_id = $client_id LIMIT 1");
+
+    if ($delete_sql && !empty($network_name)) {
+        $delete_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Network", "Delete", "$network_name via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../delete_output.php';

api/v1/networks/network_model.php

@@ -0,0 +1,67 @@
+<?php
+
+// Variable assignment from POST (or: blank/from DB is updating)
+
+if (isset($_POST['network_name'])) {
+    $name = sanitizeInput($_POST['network_name']);
+} elseif ($network_row) {
+    $name = mysqli_real_escape_string($mysqli, $network_row['network_name']);
+} else {
+    $name = '';
+}
+
+if (isset($_POST['network_description'])) {
+    $description = sanitizeInput($_POST['network_description']);
+} elseif ($network_row) {
+    $description = mysqli_real_escape_string($mysqli, $network_row['network_description']);
+} else {
+    $description = '';
+}
+
+if (isset($_POST['network_address'])) {
+    $address = sanitizeInput($_POST['network_address']);
+} elseif ($network_row) {
+    $address = mysqli_real_escape_string($mysqli, $network_row['network_address']);
+} else {
+    $address = '';
+}
+
+if (isset($_POST['network_dns'])) {
+    $dns = sanitizeInput($_POST['network_dns']);
+} elseif ($network_row) {
+    $dns = mysqli_real_escape_string($mysqli, $network_row['network_dns']);
+} else {
+    $dns = '';
+}
+
+if (isset($_POST['network_gateway'])) {
+    $gateway = sanitizeInput($_POST['network_gateway']);
+} elseif ($network_row) {
+    $gateway = mysqli_real_escape_string($mysqli, $network_row['network_gateway']);
+} else {
+    $gateway = '';
+}
+
+if (isset($_POST['network_vlan'])) {
+    $vlan = sanitizeInput($_POST['network_vlan']);
+} elseif ($network_row) {
+    $vlan = mysqli_real_escape_string($mysqli, $network_row['network_vlan']);
+} else {
+    $vlan = '';
+}
+
+if (isset($_POST['network_notes'])) {
+    $notes = sanitizeInput($_POST['network_notes']);
+} elseif ($network_row) {
+    $notes = mysqli_real_escape_string($mysqli, $network_row['network_notes']);
+} else {
+    $notes = '';
+}
+
+if (isset($_POST['network_location_id'])) {
+    $location_id = intval($_POST['network_location_id']);
+} elseif ($network_row) {
+    $location_id = $network_row['network_location_id'];
+} else {
+    $location_id = 0;
+}

api/v1/networks/update.php

@@ -0,0 +1,31 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$network_id = intval($_POST['network_id']);
+
+// Default
+$update_count = false;
+
+if (!empty($network_id)) {
+
+    $network_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = '$network_id' AND network_client_id = $client_id LIMIT 1"));
+
+    require_once 'network_model.php';
+
+    $update_sql = mysqli_query($mysqli, "UPDATE networks SET network_name = '$name', network_description = '$description', network_address = '$address', network_dns = '$dns', network_gateway = '$gateway', network_vlan = '$vlan', network_notes = '$notes', network_location_id = $location_id WHERE network_id = $network_id AND network_client_id = $client_id LIMIT 1");
+
+    if ($update_sql) {
+        $update_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Network", "Edit", "$name via API ($api_key_name)", $client_id);
+        logAction("API", "Success", "Edited network $name via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../update_output.php';

api/v1/payments/create.php

@@ -0,0 +1,30 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Payments require All Clients scope
+$insert_id = false;
+
+if ($client_id == 0) {
+
+    $payment_row = false; // Creation, not an update
+    require_once 'payment_model.php';
+
+    if (!empty($invoice_id) && !empty($amount)) {
+
+        $insert_sql = mysqli_query($mysqli, "INSERT INTO payments SET payment_invoice_id = $invoice_id, payment_amount = $amount, payment_date = '$date', payment_method = '$method', payment_reference = '$reference', payment_notes = '$notes'");
+
+        if ($insert_sql) {
+            $insert_id = mysqli_insert_id($mysqli);
+
+            // Logging
+            logAction("Payment", "Create", "Created payment for invoice $invoice_id via API ($api_key_name)", 0, $insert_id);
+            logAction("API", "Success", "Created payment for invoice $invoice_id via API ($api_key_name)", 0);
+        }
+    }
+}
+
+// Output
+require_once '../create_output.php';

api/v1/payments/delete.php

@@ -0,0 +1,29 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$payment_id = intval($_POST['payment_id']);
+
+// Default
+$delete_count = false;
+
+// Payments require All Clients scope
+if (!empty($payment_id) && $client_id == 0) {
+    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_id = $payment_id LIMIT 1"));
+    $payment_exists = $row['payment_id'];
+
+    $delete_sql = mysqli_query($mysqli, "DELETE FROM payments WHERE payment_id = $payment_id LIMIT 1");
+
+    if ($delete_sql && !empty($payment_exists)) {
+        $delete_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Payment", "Delete", "Payment $payment_id via API ($api_key_name)", 0);
+    }
+}
+
+// Output
+require_once '../delete_output.php';

api/v1/payments/payment_model.php

@@ -0,0 +1,52 @@
+<?php
+
+// Variable assignment from POST (or: blank/from DB is updating)
+// Note: payments are not scoped to a client_id directly
+
+if (isset($_POST['payment_invoice_id'])) {
+    $invoice_id = intval($_POST['payment_invoice_id']);
+} elseif ($payment_row) {
+    $invoice_id = $payment_row['payment_invoice_id'];
+} else {
+    $invoice_id = 0;
+}
+
+if (isset($_POST['payment_amount'])) {
+    $amount = floatval($_POST['payment_amount']);
+} elseif ($payment_row) {
+    $amount = $payment_row['payment_amount'];
+} else {
+    $amount = 0;
+}
+
+if (isset($_POST['payment_date'])) {
+    $date = sanitizeInput($_POST['payment_date']);
+} elseif ($payment_row) {
+    $date = $payment_row['payment_date'];
+} else {
+    $date = date('Y-m-d');
+}
+
+if (isset($_POST['payment_method'])) {
+    $method = sanitizeInput($_POST['payment_method']);
+} elseif ($payment_row) {
+    $method = mysqli_real_escape_string($mysqli, $payment_row['payment_method']);
+} else {
+    $method = '';
+}
+
+if (isset($_POST['payment_reference'])) {
+    $reference = sanitizeInput($_POST['payment_reference']);
+} elseif ($payment_row) {
+    $reference = mysqli_real_escape_string($mysqli, $payment_row['payment_reference']);
+} else {
+    $reference = '';
+}
+
+if (isset($_POST['payment_notes'])) {
+    $notes = sanitizeInput($_POST['payment_notes']);
+} elseif ($payment_row) {
+    $notes = mysqli_real_escape_string($mysqli, $payment_row['payment_notes']);
+} else {
+    $notes = '';
+}

api/v1/payments/update.php

@@ -0,0 +1,32 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$payment_id = intval($_POST['payment_id']);
+
+// Default
+$update_count = false;
+
+// Payments require All Clients scope
+if (!empty($payment_id) && $client_id == 0) {
+
+    $payment_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_id = '$payment_id' LIMIT 1"));
+
+    require_once 'payment_model.php';
+
+    $update_sql = mysqli_query($mysqli, "UPDATE payments SET payment_invoice_id = $invoice_id, payment_amount = $amount, payment_date = '$date', payment_method = '$method', payment_reference = '$reference', payment_notes = '$notes' WHERE payment_id = $payment_id LIMIT 1");
+
+    if ($update_sql) {
+        $update_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Payment", "Edit", "Payment $payment_id via API ($api_key_name)", 0);
+        logAction("API", "Success", "Edited payment $payment_id via API ($api_key_name)", 0);
+    }
+}
+
+// Output
+require_once '../update_output.php';

api/v1/products/create.php

@@ -0,0 +1,30 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Products require All Clients scope
+$insert_id = false;
+
+if ($client_id == 0) {
+
+    $product_row = false; // Creation, not an update
+    require_once 'product_model.php';
+
+    if (!empty($name)) {
+
+        $insert_sql = mysqli_query($mysqli, "INSERT INTO products SET product_name = '$name', product_description = '$description', product_price = $price, product_cost = $cost, product_taxable = $taxable, product_type = '$type', product_identifier = '$identifier', product_notes = '$notes'");
+
+        if ($insert_sql) {
+            $insert_id = mysqli_insert_id($mysqli);
+
+            // Logging
+            logAction("Product", "Create", "Created product $name via API ($api_key_name)", 0, $insert_id);
+            logAction("API", "Success", "Created product $name via API ($api_key_name)", 0);
+        }
+    }
+}
+
+// Output
+require_once '../create_output.php';

api/v1/products/delete.php

@@ -0,0 +1,29 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$product_id = intval($_POST['product_id']);
+
+// Default
+$delete_count = false;
+
+// Products require All Clients scope
+if (!empty($product_id) && $client_id == 0) {
+    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM products WHERE product_id = $product_id LIMIT 1"));
+    $product_name = $row['product_name'];
+
+    $delete_sql = mysqli_query($mysqli, "DELETE FROM products WHERE product_id = $product_id LIMIT 1");
+
+    if ($delete_sql && !empty($product_name)) {
+        $delete_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Product", "Delete", "$product_name via API ($api_key_name)", 0);
+    }
+}
+
+// Output
+require_once '../delete_output.php';

api/v1/products/product_model.php

@@ -0,0 +1,68 @@
+<?php
+
+// Variable assignment from POST (or: blank/from DB is updating)
+// Note: products are not scoped to a client_id
+
+if (isset($_POST['product_name'])) {
+    $name = sanitizeInput($_POST['product_name']);
+} elseif ($product_row) {
+    $name = mysqli_real_escape_string($mysqli, $product_row['product_name']);
+} else {
+    $name = '';
+}
+
+if (isset($_POST['product_description'])) {
+    $description = sanitizeInput($_POST['product_description']);
+} elseif ($product_row) {
+    $description = mysqli_real_escape_string($mysqli, $product_row['product_description']);
+} else {
+    $description = '';
+}
+
+if (isset($_POST['product_price'])) {
+    $price = floatval($_POST['product_price']);
+} elseif ($product_row) {
+    $price = $product_row['product_price'];
+} else {
+    $price = 0;
+}
+
+if (isset($_POST['product_cost'])) {
+    $cost = floatval($_POST['product_cost']);
+} elseif ($product_row) {
+    $cost = $product_row['product_cost'];
+} else {
+    $cost = 0;
+}
+
+if (isset($_POST['product_taxable'])) {
+    $taxable = intval($_POST['product_taxable']);
+} elseif ($product_row) {
+    $taxable = $product_row['product_taxable'];
+} else {
+    $taxable = 0;
+}
+
+if (isset($_POST['product_type'])) {
+    $type = sanitizeInput($_POST['product_type']);
+} elseif ($product_row) {
+    $type = mysqli_real_escape_string($mysqli, $product_row['product_type']);
+} else {
+    $type = '';
+}
+
+if (isset($_POST['product_identifier'])) {
+    $identifier = sanitizeInput($_POST['product_identifier']);
+} elseif ($product_row) {
+    $identifier = mysqli_real_escape_string($mysqli, $product_row['product_identifier']);
+} else {
+    $identifier = '';
+}
+
+if (isset($_POST['product_notes'])) {
+    $notes = sanitizeInput($_POST['product_notes']);
+} elseif ($product_row) {
+    $notes = mysqli_real_escape_string($mysqli, $product_row['product_notes']);
+} else {
+    $notes = '';
+}

api/v1/products/update.php

@@ -0,0 +1,32 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$product_id = intval($_POST['product_id']);
+
+// Default
+$update_count = false;
+
+// Products require All Clients scope
+if (!empty($product_id) && $client_id == 0) {
+
+    $product_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM products WHERE product_id = '$product_id' LIMIT 1"));
+
+    require_once 'product_model.php';
+
+    $update_sql = mysqli_query($mysqli, "UPDATE products SET product_name = '$name', product_description = '$description', product_price = $price, product_cost = $cost, product_taxable = $taxable, product_type = '$type', product_identifier = '$identifier', product_notes = '$notes' WHERE product_id = $product_id LIMIT 1");
+
+    if ($update_sql) {
+        $update_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Product", "Edit", "$name via API ($api_key_name)", 0);
+        logAction("API", "Success", "Edited product $name via API ($api_key_name)", 0);
+    }
+}
+
+// Output
+require_once '../update_output.php';

api/v1/quotes/create.php

@@ -0,0 +1,27 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+$quote_row = false; // Creation, not an update
+require_once 'quote_model.php';
+
+// Default
+$insert_id = false;
+
+if (!empty($subject) && !empty($client_id)) {
+
+    $insert_sql = mysqli_query($mysqli, "INSERT INTO quotes SET quote_subject = '$subject', quote_date = '$date', quote_expire = '$expire', quote_notes = '$notes', quote_footer = '$footer', quote_currency_code = '$currency_code', quote_client_id = $client_id, quote_status = 'Draft'");
+
+    if ($insert_sql) {
+        $insert_id = mysqli_insert_id($mysqli);
+
+        // Logging
+        logAction("Quote", "Create", "Created quote $subject via API ($api_key_name)", $client_id, $insert_id);
+        logAction("API", "Success", "Created quote $subject via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../create_output.php';

api/v1/quotes/delete.php

@@ -0,0 +1,31 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$quote_id = intval($_POST['quote_id']);
+
+// Default
+$delete_count = false;
+
+if (!empty($quote_id)) {
+    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id = $quote_id AND quote_client_id LIKE '$client_id' LIMIT 1"));
+    $quote_subject = $row['quote_subject'];
+
+    $delete_sql = mysqli_query($mysqli, "DELETE FROM quotes WHERE quote_id = $quote_id AND quote_client_id LIKE '$client_id' LIMIT 1");
+
+    if ($delete_sql && !empty($quote_subject)) {
+        $delete_count = mysqli_affected_rows($mysqli);
+
+        // Also delete quote items
+        mysqli_query($mysqli, "DELETE FROM quote_items WHERE quote_item_quote_id = $quote_id");
+
+        // Logging
+        logAction("Quote", "Delete", "$quote_subject via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../delete_output.php';

api/v1/quotes/quote_model.php

@@ -0,0 +1,51 @@
+<?php
+
+// Variable assignment from POST (or: blank/from DB is updating)
+
+if (isset($_POST['quote_subject'])) {
+    $subject = sanitizeInput($_POST['quote_subject']);
+} elseif ($quote_row) {
+    $subject = mysqli_real_escape_string($mysqli, $quote_row['quote_subject']);
+} else {
+    $subject = '';
+}
+
+if (isset($_POST['quote_date'])) {
+    $date = sanitizeInput($_POST['quote_date']);
+} elseif ($quote_row) {
+    $date = $quote_row['quote_date'];
+} else {
+    $date = date('Y-m-d');
+}
+
+if (isset($_POST['quote_expire'])) {
+    $expire = sanitizeInput($_POST['quote_expire']);
+} elseif ($quote_row) {
+    $expire = $quote_row['quote_expire'];
+} else {
+    $expire = date('Y-m-d', strtotime('+30 days'));
+}
+
+if (isset($_POST['quote_notes'])) {
+    $notes = sanitizeInput($_POST['quote_notes']);
+} elseif ($quote_row) {
+    $notes = mysqli_real_escape_string($mysqli, $quote_row['quote_notes']);
+} else {
+    $notes = '';
+}
+
+if (isset($_POST['quote_footer'])) {
+    $footer = sanitizeInput($_POST['quote_footer']);
+} elseif ($quote_row) {
+    $footer = mysqli_real_escape_string($mysqli, $quote_row['quote_footer']);
+} else {
+    $footer = '';
+}
+
+if (isset($_POST['quote_currency_code'])) {
+    $currency_code = sanitizeInput($_POST['quote_currency_code']);
+} elseif ($quote_row) {
+    $currency_code = mysqli_real_escape_string($mysqli, $quote_row['quote_currency_code']);
+} else {
+    $currency_code = '';
+}

api/v1/quotes/update.php

@@ -0,0 +1,31 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$quote_id = intval($_POST['quote_id']);
+
+// Default
+$update_count = false;
+
+if (!empty($quote_id)) {
+
+    $quote_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id = '$quote_id' AND quote_client_id LIKE '$client_id' LIMIT 1"));
+
+    require_once 'quote_model.php';
+
+    $update_sql = mysqli_query($mysqli, "UPDATE quotes SET quote_subject = '$subject', quote_date = '$date', quote_expire = '$expire', quote_notes = '$notes', quote_footer = '$footer', quote_currency_code = '$currency_code' WHERE quote_id = $quote_id AND quote_client_id LIKE '$client_id' LIMIT 1");
+
+    if ($update_sql) {
+        $update_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Quote", "Edit", "$subject via API ($api_key_name)", $client_id);
+        logAction("API", "Success", "Edited quote $subject via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../update_output.php';

api/v1/software/create.php

@@ -0,0 +1,27 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+$software_row = false; // Creation, not an update
+require_once 'software_model.php';
+
+// Default
+$insert_id = false;
+
+if (!empty($name)) {
+
+    $insert_sql = mysqli_query($mysqli, "INSERT INTO software SET software_name = '$name', software_description = '$description', software_key = '$key', software_seats = $seats, software_version = '$version', software_expire = '$expire', software_notes = '$notes', software_type = $type, software_vendor_id = $vendor_id, software_client_id = $client_id");
+
+    if ($insert_sql) {
+        $insert_id = mysqli_insert_id($mysqli);
+
+        // Logging
+        logAction("Software", "Create", "Created software $name via API ($api_key_name)", $client_id, $insert_id);
+        logAction("API", "Success", "Created software $name via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../create_output.php';

api/v1/software/delete.php

@@ -0,0 +1,28 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$software_id = intval($_POST['software_id']);
+
+// Default
+$delete_count = false;
+
+if (!empty($software_id)) {
+    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = $software_id AND software_client_id = $client_id LIMIT 1"));
+    $software_name = $row['software_name'];
+
+    $delete_sql = mysqli_query($mysqli, "DELETE FROM software WHERE software_id = $software_id AND software_client_id = $client_id LIMIT 1");
+
+    if ($delete_sql && !empty($software_name)) {
+        $delete_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Software", "Delete", "$software_name via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../delete_output.php';

api/v1/software/software_model.php

@@ -0,0 +1,75 @@
+<?php
+
+// Variable assignment from POST (or: blank/from DB is updating)
+
+if (isset($_POST['software_name'])) {
+    $name = sanitizeInput($_POST['software_name']);
+} elseif ($software_row) {
+    $name = mysqli_real_escape_string($mysqli, $software_row['software_name']);
+} else {
+    $name = '';
+}
+
+if (isset($_POST['software_description'])) {
+    $description = sanitizeInput($_POST['software_description']);
+} elseif ($software_row) {
+    $description = mysqli_real_escape_string($mysqli, $software_row['software_description']);
+} else {
+    $description = '';
+}
+
+if (isset($_POST['software_key'])) {
+    $key = sanitizeInput($_POST['software_key']);
+} elseif ($software_row) {
+    $key = mysqli_real_escape_string($mysqli, $software_row['software_key']);
+} else {
+    $key = '';
+}
+
+if (isset($_POST['software_seats'])) {
+    $seats = intval($_POST['software_seats']);
+} elseif ($software_row) {
+    $seats = $software_row['software_seats'];
+} else {
+    $seats = 0;
+}
+
+if (isset($_POST['software_version'])) {
+    $version = sanitizeInput($_POST['software_version']);
+} elseif ($software_row) {
+    $version = mysqli_real_escape_string($mysqli, $software_row['software_version']);
+} else {
+    $version = '';
+}
+
+if (isset($_POST['software_expire'])) {
+    $expire = sanitizeInput($_POST['software_expire']);
+} elseif ($software_row) {
+    $expire = $software_row['software_expire'];
+} else {
+    $expire = 'NULL';
+}
+
+if (isset($_POST['software_notes'])) {
+    $notes = sanitizeInput($_POST['software_notes']);
+} elseif ($software_row) {
+    $notes = mysqli_real_escape_string($mysqli, $software_row['software_notes']);
+} else {
+    $notes = '';
+}
+
+if (isset($_POST['software_type'])) {
+    $type = intval($_POST['software_type']);
+} elseif ($software_row) {
+    $type = $software_row['software_type'];
+} else {
+    $type = 0;
+}
+
+if (isset($_POST['software_vendor_id'])) {
+    $vendor_id = intval($_POST['software_vendor_id']);
+} elseif ($software_row) {
+    $vendor_id = $software_row['software_vendor_id'];
+} else {
+    $vendor_id = 0;
+}

api/v1/software/update.php

@@ -0,0 +1,31 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$software_id = intval($_POST['software_id']);
+
+// Default
+$update_count = false;
+
+if (!empty($software_id)) {
+
+    $software_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$software_id' AND software_client_id = $client_id LIMIT 1"));
+
+    require_once 'software_model.php';
+
+    $update_sql = mysqli_query($mysqli, "UPDATE software SET software_name = '$name', software_description = '$description', software_key = '$key', software_seats = $seats, software_version = '$version', software_expire = '$expire', software_notes = '$notes', software_type = $type, software_vendor_id = $vendor_id WHERE software_id = $software_id AND software_client_id = $client_id LIMIT 1");
+
+    if ($update_sql) {
+        $update_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Software", "Edit", "$name via API ($api_key_name)", $client_id);
+        logAction("API", "Success", "Edited software $name via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../update_output.php';

api/v1/tickets/delete.php

@@ -0,0 +1,28 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$ticket_id = intval($_POST['ticket_id']);
+
+// Default
+$delete_count = false;
+
+if (!empty($ticket_id)) {
+    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = $ticket_id AND ticket_client_id = $client_id LIMIT 1"));
+    $ticket_subject = $row['ticket_subject'];
+
+    $delete_sql = mysqli_query($mysqli, "DELETE FROM tickets WHERE ticket_id = $ticket_id AND ticket_client_id = $client_id LIMIT 1");
+
+    if ($delete_sql && !empty($ticket_subject)) {
+        $delete_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Ticket", "Delete", "$ticket_subject via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../delete_output.php';

api/v1/tickets/update.php

@@ -0,0 +1,31 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$ticket_id = intval($_POST['ticket_id']);
+
+// Default
+$update_count = false;
+
+if (!empty($ticket_id)) {
+
+    $ticket_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$ticket_id' AND ticket_client_id = $client_id LIMIT 1"));
+
+    require_once 'ticket_model.php';
+
+    $update_sql = mysqli_query($mysqli, "UPDATE tickets SET ticket_subject = '$subject', ticket_details = '$details', ticket_priority = '$priority', ticket_billable = $billable, ticket_vendor_ticket_number = '$vendor_ticket_number', ticket_vendor_id = $vendor_id, ticket_assigned_to = $assigned_to, ticket_contact_id = $contact, ticket_asset_id = $asset WHERE ticket_id = $ticket_id AND ticket_client_id = $client_id LIMIT 1");
+
+    if ($update_sql) {
+        $update_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Ticket", "Edit", "$subject via API ($api_key_name)", $client_id);
+        logAction("API", "Success", "Edited ticket $subject via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../update_output.php';

api/v1/vendors/create.php

@@ -0,0 +1,27 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+$vendor_row = false; // Creation, not an update
+require_once 'vendor_model.php';
+
+// Default
+$insert_id = false;
+
+if (!empty($name)) {
+
+    $insert_sql = mysqli_query($mysqli, "INSERT INTO vendors SET vendor_name = '$name', vendor_description = '$description', vendor_website = '$website', vendor_phone = '$phone', vendor_notes = '$notes', vendor_client_id = $client_id");
+
+    if ($insert_sql) {
+        $insert_id = mysqli_insert_id($mysqli);
+
+        // Logging
+        logAction("Vendor", "Create", "Created vendor $name via API ($api_key_name)", $client_id, $insert_id);
+        logAction("API", "Success", "Created vendor $name via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../create_output.php';

api/v1/vendors/delete.php

@@ -0,0 +1,28 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$vendor_id = intval($_POST['vendor_id']);
+
+// Default
+$delete_count = false;
+
+if (!empty($vendor_id)) {
+    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_id = $vendor_id AND vendor_client_id = $client_id LIMIT 1"));
+    $vendor_name = $row['vendor_name'];
+
+    $delete_sql = mysqli_query($mysqli, "DELETE FROM vendors WHERE vendor_id = $vendor_id AND vendor_client_id = $client_id LIMIT 1");
+
+    if ($delete_sql && !empty($vendor_name)) {
+        $delete_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Vendor", "Delete", "$vendor_name via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../delete_output.php';

api/v1/vendors/update.php

@@ -0,0 +1,31 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$vendor_id = intval($_POST['vendor_id']);
+
+// Default
+$update_count = false;
+
+if (!empty($vendor_id)) {
+
+    $vendor_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_id = '$vendor_id' AND vendor_client_id = $client_id LIMIT 1"));
+
+    require_once 'vendor_model.php';
+
+    $update_sql = mysqli_query($mysqli, "UPDATE vendors SET vendor_name = '$name', vendor_description = '$description', vendor_website = '$website', vendor_phone = '$phone', vendor_notes = '$notes' WHERE vendor_id = $vendor_id AND vendor_client_id = $client_id LIMIT 1");
+
+    if ($update_sql) {
+        $update_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Vendor", "Edit", "$name via API ($api_key_name)", $client_id);
+        logAction("API", "Success", "Edited vendor $name via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../update_output.php';

api/v1/vendors/vendor_model.php

@@ -0,0 +1,43 @@
+<?php
+
+// Variable assignment from POST (or: blank/from DB is updating)
+
+if (isset($_POST['vendor_name'])) {
+    $name = sanitizeInput($_POST['vendor_name']);
+} elseif ($vendor_row) {
+    $name = mysqli_real_escape_string($mysqli, $vendor_row['vendor_name']);
+} else {
+    $name = '';
+}
+
+if (isset($_POST['vendor_description'])) {
+    $description = sanitizeInput($_POST['vendor_description']);
+} elseif ($vendor_row) {
+    $description = mysqli_real_escape_string($mysqli, $vendor_row['vendor_description']);
+} else {
+    $description = '';
+}
+
+if (isset($_POST['vendor_website'])) {
+    $website = preg_replace("(^https?://)", "", sanitizeInput($_POST['vendor_website']));
+} elseif ($vendor_row) {
+    $website = mysqli_real_escape_string($mysqli, $vendor_row['vendor_website']);
+} else {
+    $website = '';
+}
+
+if (isset($_POST['vendor_phone'])) {
+    $phone = sanitizeInput($_POST['vendor_phone']);
+} elseif ($vendor_row) {
+    $phone = mysqli_real_escape_string($mysqli, $vendor_row['vendor_phone']);
+} else {
+    $phone = '';
+}
+
+if (isset($_POST['vendor_notes'])) {
+    $notes = sanitizeInput($_POST['vendor_notes']);
+} elseif ($vendor_row) {
+    $notes = mysqli_real_escape_string($mysqli, $vendor_row['vendor_notes']);
+} else {
+    $notes = '';
+}