mirror of
https://github.com/itflow-org/itflow
synced 2026-05-26 20:58:19 +00:00
API: Add some missing end points
This commit is contained in:
johnnyq
27
api/v1/vendors/create.php
vendored
Normal file
27
api/v1/vendors/create.php
vendored
Normal file
@@ -0,0 +1,27 @@
|
||||
<?php
|
||||
|
||||
require_once '../validate_api_key.php';
|
||||
|
||||
require_once '../require_post_method.php';
|
||||
|
||||
$vendor_row = false; // Creation, not an update
|
||||
require_once 'vendor_model.php';
|
||||
|
||||
// Default
|
||||
$insert_id = false;
|
||||
|
||||
if (!empty($name)) {
|
||||
|
||||
$insert_sql = mysqli_query($mysqli, "INSERT INTO vendors SET vendor_name = '$name', vendor_description = '$description', vendor_website = '$website', vendor_phone = '$phone', vendor_notes = '$notes', vendor_client_id = $client_id");
|
||||
|
||||
if ($insert_sql) {
|
||||
$insert_id = mysqli_insert_id($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("Vendor", "Create", "Created vendor $name via API ($api_key_name)", $client_id, $insert_id);
|
||||
logAction("API", "Success", "Created vendor $name via API ($api_key_name)", $client_id);
|
||||
}
|
||||
}
|
||||
|
||||
// Output
|
||||
require_once '../create_output.php';
|
||||
28
api/v1/vendors/delete.php
vendored
Normal file
28
api/v1/vendors/delete.php
vendored
Normal file
@@ -0,0 +1,28 @@
|
||||
<?php
|
||||
|
||||
require_once '../validate_api_key.php';
|
||||
|
||||
require_once '../require_post_method.php';
|
||||
|
||||
// Parse ID
|
||||
$vendor_id = intval($_POST['vendor_id']);
|
||||
|
||||
// Default
|
||||
$delete_count = false;
|
||||
|
||||
if (!empty($vendor_id)) {
|
||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_id = $vendor_id AND vendor_client_id = $client_id LIMIT 1"));
|
||||
$vendor_name = $row['vendor_name'];
|
||||
|
||||
$delete_sql = mysqli_query($mysqli, "DELETE FROM vendors WHERE vendor_id = $vendor_id AND vendor_client_id = $client_id LIMIT 1");
|
||||
|
||||
if ($delete_sql && !empty($vendor_name)) {
|
||||
$delete_count = mysqli_affected_rows($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("Vendor", "Delete", "$vendor_name via API ($api_key_name)", $client_id);
|
||||
}
|
||||
}
|
||||
|
||||
// Output
|
||||
require_once '../delete_output.php';
|
||||
31
api/v1/vendors/update.php
vendored
Normal file
31
api/v1/vendors/update.php
vendored
Normal file
@@ -0,0 +1,31 @@
|
||||
<?php
|
||||
|
||||
require_once '../validate_api_key.php';
|
||||
|
||||
require_once '../require_post_method.php';
|
||||
|
||||
// Parse ID
|
||||
$vendor_id = intval($_POST['vendor_id']);
|
||||
|
||||
// Default
|
||||
$update_count = false;
|
||||
|
||||
if (!empty($vendor_id)) {
|
||||
|
||||
$vendor_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM vendors WHERE vendor_id = '$vendor_id' AND vendor_client_id = $client_id LIMIT 1"));
|
||||
|
||||
require_once 'vendor_model.php';
|
||||
|
||||
$update_sql = mysqli_query($mysqli, "UPDATE vendors SET vendor_name = '$name', vendor_description = '$description', vendor_website = '$website', vendor_phone = '$phone', vendor_notes = '$notes' WHERE vendor_id = $vendor_id AND vendor_client_id = $client_id LIMIT 1");
|
||||
|
||||
if ($update_sql) {
|
||||
$update_count = mysqli_affected_rows($mysqli);
|
||||
|
||||
// Logging
|
||||
logAction("Vendor", "Edit", "$name via API ($api_key_name)", $client_id);
|
||||
logAction("API", "Success", "Edited vendor $name via API ($api_key_name)", $client_id);
|
||||
}
|
||||
}
|
||||
|
||||
// Output
|
||||
require_once '../update_output.php';
|
||||
43
api/v1/vendors/vendor_model.php
vendored
Normal file
43
api/v1/vendors/vendor_model.php
vendored
Normal file
@@ -0,0 +1,43 @@
|
||||
<?php
|
||||
|
||||
// Variable assignment from POST (or: blank/from DB is updating)
|
||||
|
||||
if (isset($_POST['vendor_name'])) {
|
||||
$name = sanitizeInput($_POST['vendor_name']);
|
||||
} elseif ($vendor_row) {
|
||||
$name = mysqli_real_escape_string($mysqli, $vendor_row['vendor_name']);
|
||||
} else {
|
||||
$name = '';
|
||||
}
|
||||
|
||||
if (isset($_POST['vendor_description'])) {
|
||||
$description = sanitizeInput($_POST['vendor_description']);
|
||||
} elseif ($vendor_row) {
|
||||
$description = mysqli_real_escape_string($mysqli, $vendor_row['vendor_description']);
|
||||
} else {
|
||||
$description = '';
|
||||
}
|
||||
|
||||
if (isset($_POST['vendor_website'])) {
|
||||
$website = preg_replace("(^https?://)", "", sanitizeInput($_POST['vendor_website']));
|
||||
} elseif ($vendor_row) {
|
||||
$website = mysqli_real_escape_string($mysqli, $vendor_row['vendor_website']);
|
||||
} else {
|
||||
$website = '';
|
||||
}
|
||||
|
||||
if (isset($_POST['vendor_phone'])) {
|
||||
$phone = sanitizeInput($_POST['vendor_phone']);
|
||||
} elseif ($vendor_row) {
|
||||
$phone = mysqli_real_escape_string($mysqli, $vendor_row['vendor_phone']);
|
||||
} else {
|
||||
$phone = '';
|
||||
}
|
||||
|
||||
if (isset($_POST['vendor_notes'])) {
|
||||
$notes = sanitizeInput($_POST['vendor_notes']);
|
||||
} elseif ($vendor_row) {
|
||||
$notes = mysqli_real_escape_string($mysqli, $vendor_row['vendor_notes']);
|
||||
} else {
|
||||
$notes = '';
|
||||
}
|
||||
Reference in New Issue
Block a user