AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-26 15:25:38 +00:00
Code Issues Packages Projects Releases Wiki Activity

Initial API restructure

Browse Source
This commit is contained in:
Marcus Hill
2022-01-07 15:21:09 +00:00
parent 2bfb50616c
commit d420cd691d
1 changed files with 183 additions and 174 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
api.php
View File

@@ -2,16 +2,36 @@
<?php <?php
//Check Key //Check Key
if(isset($_GET['api_key'])){
$config_api_key = mysqli_real_escape_string($mysqli,$_GET['api_key']);
$sql = mysqli_query($mysqli,"SELECT * FROM settings, companies WHERE settings.company_id = companies.company_id AND settings.config_api_key = '$config_api_key'");
if(mysqli_num_rows($sql) == 1){ // Check API key is provided in GET request as 'api_key'
$row = mysqli_fetch_array($sql); if(!isset($_GET['api_key']) OR empty($_GET['api_key'])) {
$company_id = $row['company_id']; // Missing key
header("HTTP/1.1 401 Unauthorized");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'No Key', log_description = 'No API Key specified', log_created_at = NOW()");
if(isset($_GET['cid'])){ echo "Missing the API Key.";
exit();
}
// Validate API key from GET request
$config_api_key = mysqli_real_escape_string($mysqli,$_GET['api_key']);
$sql = mysqli_query($mysqli,"SELECT * FROM settings, companies WHERE settings.company_id = companies.company_id AND settings.config_api_key = '$config_api_key'");
if(mysqli_num_rows($sql) != 1){
// Invalid Key
header("HTTP/1.1 401 Unauthorized");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Incorrect Key', log_description = 'Failed', log_created_at = NOW()");
echo "Incorrect API Key.";
exit();
}
// API Key is valid.
$row = mysqli_fetch_array($sql);
$company_id = $row['company_id'];
if(isset($_GET['cid'])){
$cid = intval($_GET['cid']); $cid = intval($_GET['cid']);
@@ -26,15 +46,15 @@ if(isset($_GET['api_key'])){
//Log When call comes through //Log When call comes through
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Call', log_action = 'Inbound', log_description = 'Inbound call from $name - $cid', log_created_at = NOW(), company_id = $company_id"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Call', log_action = 'Inbound', log_description = 'Inbound call from $name - $cid', log_created_at = NOW(), company_id = $company_id");
} }
if(isset($_GET['incoming_call'])){ if(isset($_GET['incoming_call'])){
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'call', log_description = 'incoming', log_created_at = NOW(), company_id = $company_id"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'call', log_description = 'incoming', log_created_at = NOW(), company_id = $company_id");
} }
if(isset($_GET['client_numbers'])){ if(isset($_GET['client_numbers'])){
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $company_id"); $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $company_id");
@@ -48,9 +68,9 @@ if(isset($_GET['api_key'])){
//Log //Log
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Client Numbers', log_description = 'Client Phone Numbers were pulled', log_created_at = NOW(), company_id = $company_id"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Client Numbers', log_description = 'Client Phone Numbers were pulled', log_created_at = NOW(), company_id = $company_id");
} }
if(isset($_GET['phonebook'])){ if(isset($_GET['phonebook'])){
header('Content-type: text/xml'); header('Content-type: text/xml');
header('Pragma: public'); header('Pragma: public');
@@ -124,9 +144,9 @@ if(isset($_GET['api_key'])){
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Phonebook', log_description = 'XML Phonebook Downloaded', log_created_at = NOW(), company_id = $company_id"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Phonebook', log_description = 'XML Phonebook Downloaded', log_created_at = NOW(), company_id = $company_id");
} }
if(isset($_GET['client_emails'])){ if(isset($_GET['client_emails'])){
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $company_id"); $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $company_id");
@@ -141,9 +161,9 @@ if(isset($_GET['api_key'])){
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Client Emails', log_description = 'Client Emails were pulled', log_created_at = NOW(), company_id = $company_id"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Client Emails', log_description = 'Client Emails were pulled', log_created_at = NOW(), company_id = $company_id");
} }
if(isset($_GET['account_balance'])){ if(isset($_GET['account_balance'])){
$client_id = intval($_GET['account_balance']); $client_id = intval($_GET['account_balance']);
@@ -166,18 +186,7 @@ if(isset($_GET['api_key'])){
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Account Balance', log_description = 'Client $client_id checked their balance which had a balance of $balance', log_created_at = NOW(), company_id = $company_id"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Account Balance', log_description = 'Client $client_id checked their balance which had a balance of $balance', log_created_at = NOW(), company_id = $company_id");
}
}else{
echo "Incorrect API Key";
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Incorrect Key', log_description = 'Failed', log_created_at = NOW()");
}
}else{
echo "Missing the API Key";
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'No Key', log_description = 'No API Key specified', log_created_at = NOW()");
} }
?> ?>