API: Add some missing end points

2026-05-05 18:57:47 +00:00 · 2026-04-11 18:21:03 -04:00
parent 1e02322382
commit c4ba2bc326
45 changed files with 1570 additions and 0 deletions
--- a/api/v1/quotes/create.php
+++ b/api/v1/quotes/create.php
@@ -0,0 +1,27 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+$quote_row = false; // Creation, not an update
+require_once 'quote_model.php';
+
+// Default
+$insert_id = false;
+
+if (!empty($subject) && !empty($client_id)) {
+
+    $insert_sql = mysqli_query($mysqli, "INSERT INTO quotes SET quote_subject = '$subject', quote_date = '$date', quote_expire = '$expire', quote_notes = '$notes', quote_footer = '$footer', quote_currency_code = '$currency_code', quote_client_id = $client_id, quote_status = 'Draft'");
+
+    if ($insert_sql) {
+        $insert_id = mysqli_insert_id($mysqli);
+
+        // Logging
+        logAction("Quote", "Create", "Created quote $subject via API ($api_key_name)", $client_id, $insert_id);
+        logAction("API", "Success", "Created quote $subject via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../create_output.php';
--- a/api/v1/quotes/delete.php
+++ b/api/v1/quotes/delete.php
@@ -0,0 +1,31 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$quote_id = intval($_POST['quote_id']);
+
+// Default
+$delete_count = false;
+
+if (!empty($quote_id)) {
+    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id = $quote_id AND quote_client_id LIKE '$client_id' LIMIT 1"));
+    $quote_subject = $row['quote_subject'];
+
+    $delete_sql = mysqli_query($mysqli, "DELETE FROM quotes WHERE quote_id = $quote_id AND quote_client_id LIKE '$client_id' LIMIT 1");
+
+    if ($delete_sql && !empty($quote_subject)) {
+        $delete_count = mysqli_affected_rows($mysqli);
+
+        // Also delete quote items
+        mysqli_query($mysqli, "DELETE FROM quote_items WHERE quote_item_quote_id = $quote_id");
+
+        // Logging
+        logAction("Quote", "Delete", "$quote_subject via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../delete_output.php';
--- a/api/v1/quotes/quote_model.php
+++ b/api/v1/quotes/quote_model.php
@@ -0,0 +1,51 @@
+<?php
+
+// Variable assignment from POST (or: blank/from DB is updating)
+
+if (isset($_POST['quote_subject'])) {
+    $subject = sanitizeInput($_POST['quote_subject']);
+} elseif ($quote_row) {
+    $subject = mysqli_real_escape_string($mysqli, $quote_row['quote_subject']);
+} else {
+    $subject = '';
+}
+
+if (isset($_POST['quote_date'])) {
+    $date = sanitizeInput($_POST['quote_date']);
+} elseif ($quote_row) {
+    $date = $quote_row['quote_date'];
+} else {
+    $date = date('Y-m-d');
+}
+
+if (isset($_POST['quote_expire'])) {
+    $expire = sanitizeInput($_POST['quote_expire']);
+} elseif ($quote_row) {
+    $expire = $quote_row['quote_expire'];
+} else {
+    $expire = date('Y-m-d', strtotime('+30 days'));
+}
+
+if (isset($_POST['quote_notes'])) {
+    $notes = sanitizeInput($_POST['quote_notes']);
+} elseif ($quote_row) {
+    $notes = mysqli_real_escape_string($mysqli, $quote_row['quote_notes']);
+} else {
+    $notes = '';
+}
+
+if (isset($_POST['quote_footer'])) {
+    $footer = sanitizeInput($_POST['quote_footer']);
+} elseif ($quote_row) {
+    $footer = mysqli_real_escape_string($mysqli, $quote_row['quote_footer']);
+} else {
+    $footer = '';
+}
+
+if (isset($_POST['quote_currency_code'])) {
+    $currency_code = sanitizeInput($_POST['quote_currency_code']);
+} elseif ($quote_row) {
+    $currency_code = mysqli_real_escape_string($mysqli, $quote_row['quote_currency_code']);
+} else {
+    $currency_code = '';
+}
--- a/api/v1/quotes/update.php
+++ b/api/v1/quotes/update.php
@@ -0,0 +1,31 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse ID
+$quote_id = intval($_POST['quote_id']);
+
+// Default
+$update_count = false;
+
+if (!empty($quote_id)) {
+
+    $quote_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM quotes WHERE quote_id = '$quote_id' AND quote_client_id LIKE '$client_id' LIMIT 1"));
+
+    require_once 'quote_model.php';
+
+    $update_sql = mysqli_query($mysqli, "UPDATE quotes SET quote_subject = '$subject', quote_date = '$date', quote_expire = '$expire', quote_notes = '$notes', quote_footer = '$footer', quote_currency_code = '$currency_code' WHERE quote_id = $quote_id AND quote_client_id LIKE '$client_id' LIMIT 1");
+
+    if ($update_sql) {
+        $update_count = mysqli_affected_rows($mysqli);
+
+        // Logging
+        logAction("Quote", "Edit", "$subject via API ($api_key_name)", $client_id);
+        logAction("API", "Success", "Edited quote $subject via API ($api_key_name)", $client_id);
+    }
+}
+
+// Output
+require_once '../update_output.php';