AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Added a helper if no tags exist when attempting to add them to a client, Added some santizeInput tags to API

This commit is contained in:
johnnyq 2023-02-28 11:58:08 -05:00
parent 2acb5e0b7b
commit cdfb61b294
6 changed files with 43 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
api/v1/assets/asset_model.php
View File

@ -2,7 +2,7 @@
// Variable assignment from POST (or: blank/from DB is updating)
if (isset($_POST['asset_name'])) {
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_name'])));
$name = sanitizeInput(_POST['asset_name']);
} elseif (isset($asset_row) && isset($asset_row['asset_name'])) {
$name = $asset_row['asset_name'];
} else {
@ -10,7 +10,7 @@ if (isset($_POST['asset_name'])) {
}
if (isset($_POST['asset_type'])) {
$type = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_type'])));
$type = sanitizeInput($_POST['asset_type']);
} elseif (isset($asset_row) && isset($asset_row['asset_type'])) {
$type = $asset_row['asset_type'];
} else {
@ -18,14 +18,14 @@ if (isset($_POST['asset_type'])) {
}
if (isset($_POST['asset_make'])) {
$make = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_make'])));
$make = sanitizeInput($_POST['asset_make']);
} elseif (isset($asset_row) && isset($asset_row['asset_make'])) {
$make = $asset_row['asset_make'];
} else {
$make = '';
}
if (isset($_POST['asset_model'])) {
$model = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_model'])));
$model = sanitizeInput($_POST['asset_model']);
} elseif (isset($asset_row) && isset($asset_row['asset_model'])) {
$model = $asset_row['asset_model'];
} else {
@ -33,7 +33,7 @@ if (isset($_POST['asset_model'])) {
}
if (isset($_POST['asset_serial'])) {
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_serial'])));
$serial = sanitizeInput($_POST['asset_serial']);
} elseif (isset($asset_row) && isset($asset_row['asset_serial'])) {
$serial = $asset_row['asset_serial'];
} else {
@ -41,7 +41,7 @@ if (isset($_POST['asset_serial'])) {
}
if (isset($_POST['asset_os'])) {
$os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
$os = sanitizeInput($_POST['asset_os']);
} elseif (isset($asset_row) && isset($asset_row['asset_os'])) {
$os = $asset_row['asset_os'];
} else {
@ -49,7 +49,7 @@ if (isset($_POST['asset_os'])) {
}
if (isset($_POST['asset_ip'])) {
$aip = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_ip'])));
$aip = sanitizeInput($_POST['asset_ip']);
} elseif (isset($asset_row) && isset($asset_row['asset_ip'])) {
$aip = $asset_row['asset_ip'];
} else {
@ -57,7 +57,7 @@ if (isset($_POST['asset_ip'])) {
}
if (isset($_POST['asset_mac'])) {
$mac = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_mac'])));
$mac = sanitizeInput($_POST['asset_mac']);
} elseif (isset($asset_row) && isset($asset_row['asset_mac'])) {
$mac = $asset_row['asset_mac'];
} else {
@ -65,7 +65,7 @@ if (isset($_POST['asset_mac'])) {
}
if (isset($_POST['asset_status'])) {
$status = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_status'])));
$status = sanitizeInput($_POST['asset_status']);
} elseif (isset($asset_row) && isset($asset_row['asset_status'])) {
$status = $asset_row['asset_status'];
} else {
@ -73,7 +73,7 @@ if (isset($_POST['asset_status'])) {
}
if (isset($_POST['asset_purchase_date']) && !empty($_POST['asset_purchase_date'])) {
$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_purchase_date'])));
$purchase_date = sanitizeInput($_POST['asset_purchase_date']);
} elseif (isset($asset_row) && isset($asset_row['asset_purchase_date'])) {
$purchase_date = $asset_row['asset_purchase_date'];
} else {
@ -81,7 +81,7 @@ if (isset($_POST['asset_purchase_date']) && !empty($_POST['asset_purchase_date']
}
if (isset($_POST['asset_warranty_expire']) && !empty($_POST['asset_warranty_expire'])) {
$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_warranty_expire'])));
$warranty_expire = sanitizeInput($_POST['asset_warranty_expire']);
} elseif (isset($asset_row) && isset($asset_row['asset_warranty_expire'])) {
$warranty_expire = $asset_row['asset_warranty_expire'];
} else {
@ -89,7 +89,7 @@ if (isset($_POST['asset_warranty_expire']) && !empty($_POST['asset_warranty_expi
}
if (isset($_POST['asset_install_date']) && !empty($_POST['asset_install_date'])) {
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_install_date'])));
$install_date = sanitizeInput($_POST['asset_install_date']);
} elseif (isset($asset_row) && isset($asset_row['asset_install_date'])) {
$install_date = $asset_row['asset_install_date'];
} else {
@ -97,7 +97,7 @@ if (isset($_POST['asset_install_date']) && !empty($_POST['asset_install_date']))
}
if (isset($_POST['asset_notes'])) {
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_notes'])));
$notes = sanitizeInput($_POST['asset_notes']);
} elseif (isset($asset_row) && isset($asset_row['asset_notes'])) {
$notes = $asset_row['asset_notes'];
} else {

6
api/v1/assets/create.php
View File

@ -11,14 +11,14 @@ $insert_id = false;
if (!empty($name) && !empty($client_id)) {
// Insert into Database
$insert_sql = mysqli_query($mysqli, "INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
$insert_sql = mysqli_query($mysqli, "INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
if ($insert_sql) {
$insert_id = mysqli_insert_id($mysqli);
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = '$client_id', company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = '$client_id', company_id = $company_id");
}
}

2
api/v1/assets/update.php
View File

@ -16,7 +16,7 @@ if (!empty($asset_id)) {
// Variable assignment from POST - assigning the current database value if a value is not provided
require_once('asset_model.php');
$update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_updated_at = NOW(), asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
$update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_status = '$status', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
// Check insert & get insert ID
if ($update_sql) {

12
api/v1/contacts/contact_model.php
View File

@ -3,7 +3,7 @@ define('number_regex', '/[^0-9]/');
// Variable assignment from POST (or: blank/from DB is updating)
if (isset($_POST['contact_name'])) {
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_name'])));
$name = sanitizeInput($_POST['contact_name']);
} elseif ($contact_row) {
$name = $contact_row['contact_name'];
} else {
@ -11,7 +11,7 @@ if (isset($_POST['contact_name'])) {
}
if (isset($_POST['contact_title'])) {
$title = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_title'])));
$title = sanitizeInput($_POST['contact_title']);
} elseif ($contact_row) {
$title = $contact_row['contact_title'];
} else {
@ -19,7 +19,7 @@ if (isset($_POST['contact_title'])) {
}
if (isset($_POST['contact_department'])) {
$department = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_department'])));
$department = sanitizeInput($_POST['contact_department']);
} elseif ($contact_row) {
$department = $contact_row['contact_department'];
} else {
@ -27,7 +27,7 @@ if (isset($_POST['contact_department'])) {
}
if (isset($_POST['contact_email'])) {
$email = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_email'])));
$email = sanitizeInput($_POST['contact_email']);
} elseif ($contact_row) {
$email = $contact_row['contact_email'];
} else {
@ -59,7 +59,7 @@ if (isset($_POST['contact_mobile'])) {
}
if (isset($_POST['contact_notes'])) {
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_notes'])));
$notes = sanitizeInput($_POST['contact_notes']);
} elseif ($contact_row) {
$notes = $contact_row['contact_notes'];
} else {
@ -67,7 +67,7 @@ if (isset($_POST['contact_notes'])) {
}
if (isset($_POST['contact_auth_method'])) {
$auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_auth_method'])));
$auth_method = sanitizeInput($_POST['contact_auth_method']);
} elseif ($contact_row) {
$auth_method = $contact_row['contact_auth_method'];
} else {

10
client_add_modal.php
View File

@ -295,6 +295,16 @@
</ul>
<?php if (mysqli_num_rows($sql_tags_select) == 0){ ?>
<div class='my-3 text-center'>
<i class='fa fa-fw fa-6x fa-tags text-secondary'></i>
<h3 class='text-secondary mt-3'>No Tags Found!</h3>
<a href="settings_tags.php">Try adding a few <b>Settings > Tags</b></a>
</div>
<?php } ?>
</div>
</div>

10
client_edit_modal.php
View File

@ -161,6 +161,16 @@
</ul>
<?php if (mysqli_num_rows($sql_tags_select) == 0){ ?>
<div class='my-3 text-center'>
<i class='fa fa-fw fa-6x fa-tags text-secondary'></i>
<h3 class='text-secondary mt-3'>No Tags Found!</h3>
<a href="settings_tags.php">Try adding a few <b>Settings > Tags</b></a>
</div>
<?php } ?>
</div>
</div>