diff --git a/api/v1/credentials/create.php b/api/v1/credentials/create.php index ba4c6e0e..5fb2b224 100644 --- a/api/v1/credentials/create.php +++ b/api/v1/credentials/create.php @@ -13,7 +13,7 @@ $insert_id = false; if (!empty($api_key_decrypt_password) && !empty($name) && !(empty($password))) { // Add credential - $insert_sql = mysqli_query($mysqli,"INSERT INTO logins SET login_name = '$name', login_description = '$description', login_uri = '$uri', login_uri_2 = '$uri_2', login_username = '$username', login_password = '$password', login_otp_secret = '$otp_secret', login_note = '$note', login_important = $important, login_contact_id = $contact_id, login_vendor_id = $vendor_id, login_asset_id = $asset_id, login_software_id = $software_id, login_client_id = $client_id"); + $insert_sql = mysqli_query($mysqli,"INSERT INTO credentials SET credential_name = '$name', credential_description = '$description', credential_uri = '$uri', credential_uri_2 = '$uri_2', credential_username = '$username', credential_password = '$password', credential_otp_secret = '$otp_secret', credential_note = '$note', credential_important = $important, credential_contact_id = $contact_id, credential_vendor_id = $vendor_id, credential_asset_id = $asset_id, credential_software_id = $software_id, credential_client_id = $client_id"); // Check insert & get insert ID if ($insert_sql) { diff --git a/api/v1/credentials/read.php b/api/v1/credentials/read.php index 7ee70e0a..39cc2331 100644 --- a/api/v1/credentials/read.php +++ b/api/v1/credentials/read.php @@ -13,17 +13,17 @@ if (isset($_GET['api_key_decrypt_password'])) { } // Specific credential/login via ID (single) -if (isset($_GET['login_id']) && !empty($api_key_decrypt_password)) { +if (isset($_GET['credential_id']) && !empty($api_key_decrypt_password)) { - $id = intval($_GET['login_id']); + $id = intval($_GET['credential_id']); - $sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_id = '$id' AND login_client_id LIKE '$client_id' LIMIT 1"); + $sql = mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_id = '$id' AND credential_client_id LIKE '$client_id' LIMIT 1"); } elseif (!empty($api_key_decrypt_password)) { - // All credentials ("logins") + // All credentials ("credentials") - $sql = mysqli_query($mysqli, "SELECT * FROM logins WHERE login_client_id LIKE '$client_id' ORDER BY login_id LIMIT $limit OFFSET $offset"); + $sql = mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_client_id LIKE '$client_id' ORDER BY credential_id LIMIT $limit OFFSET $offset"); } @@ -37,8 +37,8 @@ if ($sql && mysqli_num_rows($sql) > 0) { $row = array(); while ($row = mysqli_fetch_array($sql)) { - $row['login_username'] = apiDecryptLoginEntry($row['login_username'], $api_key_decrypt_hash, $api_key_decrypt_password); - $row['login_password'] = apiDecryptLoginEntry($row['login_password'], $api_key_decrypt_hash, $api_key_decrypt_password); + $row['credential_username'] = apiDecryptCredentialEntry($row['credential_username'], $api_key_decrypt_hash, $api_key_decrypt_password); + $row['credential_password'] = apiDecryptCredentialEntry($row['credential_password'], $api_key_decrypt_hash, $api_key_decrypt_password); $return_arr['data'][] = $row; } diff --git a/api/v1/credentials/update.php b/api/v1/credentials/update.php index dfe59c45..78c4f296 100644 --- a/api/v1/credentials/update.php +++ b/api/v1/credentials/update.php @@ -5,30 +5,30 @@ require_once '../validate_api_key.php'; require_once '../require_post_method.php'; // Parse ID -$login_id = intval($_POST['login_id']); +$credential_id = intval($_POST['credential_id']); // Default $update_count = false; -if (!empty($_POST['api_key_decrypt_password']) && !empty($login_id)) { +if (!empty($_POST['api_key_decrypt_password']) && !empty($credential_id)) { - $credential_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM logins WHERE login_id = '$login_id' AND login_client_id = $client_id LIMIT 1")); + $credential_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM credentials WHERE credential_id = '$credential_id' AND credential_client_id = $client_id LIMIT 1")); // Variable assignment from POST - assigning the current database value if a value is not provided require_once 'credential_model.php'; - $update_sql = mysqli_query($mysqli,"UPDATE logins SET login_name = '$name', login_description = '$description', login_uri = '$uri', login_uri_2 = '$uri_2', login_username = '$username', login_password = '$password', login_otp_secret = '$otp_secret', login_note = '$note', login_important = $important, login_contact_id = $contact_id, login_vendor_id = $vendor_id, login_asset_id = $asset_id, login_software_id = $software_id, login_client_id = $client_id WHERE login_id = '$login_id' AND login_client_id = $client_id LIMIT 1"); + $update_sql = mysqli_query($mysqli,"UPDATE credentials SET credential_name = '$name', credential_description = '$description', credential_uri = '$uri', credential_uri_2 = '$uri_2', credential_username = '$username', credential_password = '$password', credential_otp_secret = '$otp_secret', credential_note = '$note', credential_important = $important, credential_contact_id = $contact_id, credential_vendor_id = $vendor_id, credential_asset_id = $asset_id, credential_software_id = $software_id, credential_client_id = $client_id WHERE credential_id = '$credential_id' AND credential_client_id = $client_id LIMIT 1"); // Check insert & get insert ID if ($update_sql) { $update_count = mysqli_affected_rows($mysqli); if ($password_changed) { - mysqli_query($mysqli, "UPDATE logins SET login_password_changed_at = NOW() WHERE login_id = $login_id LIMIT 1"); + mysqli_query($mysqli, "UPDATE credentials SET credential_password_changed_at = NOW() WHERE credential_id = $credential_id LIMIT 1"); } // Logging - logAction("Credential", "Edit", "$name via API ($api_key_name)", $client_id, $login_id); + logAction("Credential", "Edit", "$name via API ($api_key_name)", $client_id, $credential_id); logAction("API", "Success", "Updated credential $name via API ($api_key_name)", $client_id); }