AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

Add support for client-specific API keys

Browse Source 
Refactoring API. Added a contact update endpoint.
Small misc changes.
This commit is contained in:
Marcus Hill
2022-04-15 17:43:06 +01:00
parent bdd00c843d
commit e55622827d
26 changed files with 286 additions and 194 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
api/v1/assets/asset_model.php Normal file
View File

@@ -0,0 +1,27 @@
<?php
$type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_type'])));
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_name'])));
$make = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_make'])));
$model = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_model'])));
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_serial'])));
$os = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_os'])));
$asset_ip = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_ip'])));
$mac = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_mac'])));
$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_purchase_date'])));
if(empty($purchase_date)){
$purchase_date = "0000-00-00";
}
$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_warranty_expire'])));
if(empty($warranty_expire)){
$warranty_expire = "0000-00-00";
}
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_install_date'])));
if(empty($install_date)){
$install_date = "0000-00-00";
}
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_notes'])));
$meshcentral_id = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_meshcentral_id'])));
$vendor = intval($_POST['asset_vendor_id']);
$location = intval($_POST['asset_location_id']);
$contact = intval($_POST['asset_contact_id']);
$network = intval($_POST['asset_network_id']);

52
api/v1/assets/create.php
View File

@@ -1,57 +1,25 @@
<?php
require('../validate_api_key.php');
if($_SERVER['REQUEST_METHOD'] !== "POST"){
header("HTTP/1.1 405 Method Not Allowed");
$return_arr['success'] = "False";
$return_arr['message'] = "Can only send POST requests to this endpoint.";
echo json_encode($return_arr);
exit();
}
require('../require_post_method.php');
// Parse info
$type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_type'])));
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_name'])));
$make = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_make'])));
$model = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_model'])));
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_serial'])));
$os = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_os'])));
$ip = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_ip'])));
$mac = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_mac'])));
$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_purchase_date'])));
if(empty($purchase_date)){
$purchase_date = "0000-00-00";
}
$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_warranty_expire'])));
if(empty($warranty_expire)){
$warranty_expire = "0000-00-00";
}
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['install_date'])));
if(empty($install_date)){
$install_date = "0000-00-00";
}
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_notes'])));
$meshcentral_id = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_meshcentral_id'])));
$location = intval($_POST['location']);
$vendor = intval($_POST['vendor']);
$contact = intval($_POST['contact']);
$network = intval($_POST['network']);
$client_id = intval(json_decode($_POST['client_id']));
require('asset_model.php');
if(!empty($name)){
// Default
$insert_id = FALSE;
if(!empty($name) && !empty($client_id)){
// Insert into Database
$insert_sql = mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$ip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
$insert_sql = mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$asset_ip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
if($insert_sql){
$insert_id = $mysqli->insert_id;
$insert_id = mysqli_insert_id($mysqli);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
}
}
else{
$insert_id = FALSE;
}
// Output
include('../create_output.php');

24
api/v1/assets/read.php
View File

@@ -5,37 +5,37 @@ require('../require_get_method.php');
// Asset via ID (single)
if(isset($_GET['asset_id'])){
$id = intval($_GET['asset_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$id' AND company_id = '$company_id'");
$id = intval($_GET['asset_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$id' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// Asset query via type
elseif(isset($_GET['asset_type'])){
$type = mysqli_real_escape_string($mysqli,ucfirst($_GET['asset_type']));
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_type = '$type' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
$type = mysqli_real_escape_string($mysqli,ucfirst($_GET['asset_type']));
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_type = '$type' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}
// Asset query via name
elseif(isset($_GET['asset_name'])){
$name = mysqli_real_escape_string($mysqli,$_GET['asset_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_name = '$name' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
$name = mysqli_real_escape_string($mysqli,$_GET['asset_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_name = '$name' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}
// Asset query via serial
elseif(isset($_GET['asset_serial'])){
$serial = mysqli_real_escape_string($mysqli,$_GET['asset_serial']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_serial = '$serial' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
$serial = mysqli_real_escape_string($mysqli,$_GET['asset_serial']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_serial = '$serial' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}
// Asset query via client ID
elseif(isset($_GET['asset_client_id'])){
$client = intval($_GET['asset_client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id = '$client' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
elseif(isset($_GET['client_id']) && $client_id == "%"){
$client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}
// All assets
else{
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}
// Output

18
api/v1/certificates/read.php
View File

@@ -5,25 +5,25 @@ require('../require_get_method.php');
// Specific certificate via ID (single)
if(isset($_GET['certificate_id'])){
$id = intval($_GET['certificate_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = '$id' AND company_id = '$company_id'");
$id = intval($_GET['certificate_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = '$id' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// Certificate by name
elseif(isset($_GET['certificate_name'])){
$name = mysqli_real_escape_string($mysqli,$_GET['certificate_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_name = '$name' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
$name = mysqli_real_escape_string($mysqli,$_GET['certificate_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_name = '$name' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
}
// Certificate via client ID
elseif(isset($_GET['certificate_client_id'])){
$client = intval($_GET['certificate_client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
// Certificate via client ID (if allowed)
elseif(isset($_GET['client_id']) && $client_id == "%"){
$client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
}
// All certificates
else{
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
}
// Output

11
api/v1/contacts/contact_model.php Normal file
View File

@@ -0,0 +1,11 @@
<?php
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_name'])));
$title = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_title'])));
$department = intval($_POST['contact_department']);
$phone = preg_replace("/[^0-9]/", '',$_POST['contact_phone']);
$extension = preg_replace("/[^0-9]/", '',$_POST['contact_extension']);
$mobile = preg_replace("/[^0-9]/", '',$_POST['contact_mobile']);
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_email'])));
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_notes'])));
$auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_auth_method'])));
$location_id = intval($_POST['contact_location_id']);

51
api/v1/contacts/create.php
View File

@@ -1,41 +1,34 @@
<?php
require('../validate_api_key.php');
if($_SERVER['REQUEST_METHOD'] !== "POST"){
header("HTTP/1.1 405 Method Not Allowed");
$return_arr['success'] = "False";
$return_arr['message'] = "Can only send POST requests to this endpoint.";
echo json_encode($return_arr);
exit();
}
require('../require_post_method.php');
// Parse Info
$client_id = intval($_POST['client_id']);
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_name'])));
$title = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_title'])));
$department = intval($_POST['contact_department']);
$phone = preg_replace("/[^0-9]/", '',$_POST['contact_phone']);
$extension = preg_replace("/[^0-9]/", '',$_POST['contact_extension']);
$mobile = preg_replace("/[^0-9]/", '',$_POST['contact_mobile']);
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_email'])));
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_notes'])));
$auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_auth_method'])));
$location_id = intval($_POST['location']);
include('contact_model.php');
if(!empty($name)){
// Insert contact
$insert_sql = mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_created_at = NOW(), contact_department_id = $department, contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id");
if($insert_sql){
$insert_id = $mysqli->insert_id;
// Default
$insert_id = FALSE;
if(!empty($name) && !empty($email) && !empty($client_id)){
// Check contact with $email doesn't already exist
$email_duplication_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id = '$client_id'");
if(mysqli_num_rows($email_duplication_sql) == 0){
// Insert contact
$insert_sql = mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_created_at = NOW(), contact_department_id = $department, contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id");
// Check insert & get insert ID
if($insert_sql){
$insert_id = mysqli_insert_id($mysqli);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
}
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), company_id = $company_id");
}
}
else{
$insert_id = FALSE;
}
// Output
include('../create_output.php');

6
api/v1/contacts/read.php
View File

@@ -6,18 +6,18 @@ require('../require_get_method.php');
// Specific contact via ID (single)
if(isset($_GET['contact_id'])){
$id = intval($_GET['contact_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$id' AND company_id = '$company_id'");
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$id' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// Specific contact via email (single)
elseif(isset($_GET['contact_email'])){
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['contact_email'])));
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND company_id = '$company_id'");
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// All contacts
else{
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE company_id = '$company_id' ORDER BY contact_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY contact_id LIMIT $limit OFFSET $offset");
}
// Output

28
api/v1/contacts/update.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
require('../validate_api_key.php');
require('../require_post_method.php');
// Parse Info
$contact_id = intval($_POST['contact_id']);
include('contact_model.php');
// Default
$update_id = FALSE;
if(!empty($name) && !empty($email)){
$update_sql = mysqli_query($mysqli,"UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_updated_at = NOW(), contact_department_id = $department, contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id WHERE contact_id = $contact_id LIMIT 1");
// Check insert & get insert ID
if($update_sql){
$update_id = mysqli_affected_rows($mysqli);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
}
}
// Output
include('../update_output.php');

4
api/v1/create_output.php
View File

@@ -16,10 +16,10 @@ if(isset($insert_id) && is_numeric($insert_id)){
];
}
// Query returned false, something went wrong or it was declined due to required variables missing
// Query returned false: something went wrong, or it was declined due to required variables missing
else{
$return_arr['success'] = "False";
$return_arr['message'] = "Auth success but insert query failed, ensure ALL required variables are provided and database schema is up-to-date. Turn on error logging and look for 'undefined index'";
$return_arr['message'] = "Auth success but insert query failed, ensure ALL required variables are provided (and aren't duplicates where applicable) and database schema is up-to-date. Turn on error logging and look for 'undefined index'.";
}
echo json_encode($return_arr);

18
api/v1/domains/read.php
View File

@@ -5,25 +5,25 @@ require('../require_get_method.php');
// Specific domain via ID (single)
if(isset($_GET['domain_id'])){
$id = intval($_GET['domain_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = '$id' AND company_id = '$company_id'");
$id = intval($_GET['domain_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = '$id' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// Domain by name
elseif(isset($_GET['domain_name'])){
$name = mysqli_real_escape_string($mysqli,$_GET['domain_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
$name = mysqli_real_escape_string($mysqli,$_GET['domain_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}
// Domain via client ID
elseif(isset($_GET['domain_client_id'])){
$client = intval($_GET['domain_client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id = '$client' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
// Domain via client ID (if allowed)
elseif(isset($_GET['client_id']) && $client_id == "%"){
$client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
}
// All domains
else{
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
}
// Output

18
api/v1/networks/read.php
View File

@@ -5,25 +5,25 @@ require('../require_get_method.php');
// Specific network via ID (single)
if(isset($_GET['network_id'])){
$id = intval($_GET['network_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = '$id' AND company_id = '$company_id'");
$id = intval($_GET['network_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = '$id' AND network_client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// Network by name
elseif(isset($_GET['network_name'])){
$name = mysqli_real_escape_string($mysqli,$_GET['network_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_name = '$name' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
$name = mysqli_real_escape_string($mysqli,$_GET['network_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_name = '$name' AND network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
}
// Network via client ID
elseif(isset($_GET['network_client_id'])){
$client = intval($_GET['network_client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id = '$client' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
// Network via client ID (if allowed)
elseif(isset($_GET['client_id']) && $client_id == "%"){
$client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
}
// All networks
else{
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
}
// Output

2
api/v1/read_output.php
View File

@@ -20,7 +20,7 @@ if($sql && mysqli_num_rows($sql) > 0){
}
else{
$return_arr['success'] = "False";
$return_arr['message'] = "No resource (for this company) with the specified parameter(s).";
$return_arr['message'] = "No resource (for this client and company) with the specified parameter(s).";
echo json_encode($return_arr);
exit();
}

5
api/v1/require_get_method.php
View File

@@ -5,4 +5,9 @@ if($_SERVER['REQUEST_METHOD'] !== "GET"){
$return_arr['message'] = "Can only send GET requests to this endpoint.";
echo json_encode($return_arr);
exit();
}
// Wildcard client ID for most SELECT queries
if($client_id == 0){
$client_id = "%";
}

7
api/v1/require_post_method.php
View File

@@ -5,4 +5,11 @@ if($_SERVER['REQUEST_METHOD'] !== "POST"){
$return_arr['message'] = "Can only send POST requests to this endpoint.";
echo json_encode($return_arr);
exit();
}
// Client ID must be specific for INSERT/UPDATE/DELETE queries
// If this API key allows any client, set $client_id to the one specified, else leave it
if($client_id == 0){
//
$client_id = intval($_POST['client_id']);
}

26
api/v1/software/read.php
View File

@@ -5,37 +5,37 @@ require('../require_get_method.php');
// Specific software via ID (single)
if(isset($_GET['software_id'])){
$id = intval($_GET['software_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$id' AND company_id = '$company_id'");
$id = intval($_GET['software_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$id' AND software_client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// Specific software via License ID
if(isset($_GET['software_license'])){
$license = mysqli_real_escape_string($mysqli,$_GET['software_license']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_license = '$license' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
$license = mysqli_real_escape_string($mysqli,$_GET['software_license']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_license_type = '$license' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
}
// Software by name
elseif(isset($_GET['software_name'])){
$name = mysqli_real_escape_string($mysqli,$_GET['software_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_name = '$name' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
$name = mysqli_real_escape_string($mysqli,$_GET['software_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_name = '$name' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}
// Software via type
elseif(isset($_GET['software_type'])){
$type = intval($_GET['software_type']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_type = '$type' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
$type = intval($_GET['software_type']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_type = '$type' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
}
// Software via client ID
elseif(isset($_GET['software_client_id'])){
$client = intval($_GET['software_client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id = '$client' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
// Software via client ID (if allowed)
elseif(isset($_GET['client_id']) && $client_id == "%"){
$client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
}
// All software(s)
else{
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
}
// Output

4
api/v1/tickets/read.php
View File

@@ -6,12 +6,12 @@ require('../require_get_method.php');
// Specific ticket via ID (single)
if(isset($_GET['ticket_id'])){
$id = intval($_GET['ticket_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$id' AND company_id = '$company_id'");
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$id' AND ticket_client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// All tickets
else{
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE company_id = '$company_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset");
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset");
}
// Output

23
api/v1/update_output.php Normal file
View File

@@ -0,0 +1,23 @@
<?php
/*
* API - update_output.php
* Included on calls to update.php endpoints
* Checks the status of the update SQL query ($update_sql)
* Returns success data / fail messages
*/
// Check if the insert query was successful
if(isset($update_id) && is_numeric($update_id) && $update_id > 0){
// Insert successful
$return_arr['success'] = "True";
$return_arr['count'] = $update_id;
}
// Query returned false: something went wrong, or it was declined due to required variables missing
else{
$return_arr['success'] = "False";
$return_arr['message'] = "Auth success but update query failed/returned no results. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: non-existent module (contact/ticket/etc) id";
}
echo json_encode($return_arr);
exit();

5
api/v1/validate_api_key.php
View File

@@ -86,10 +86,11 @@ if(isset($api_key)){
// Success
else{
// Set company ID & key name
// Set client ID, company ID & key name
$row = mysqli_fetch_array($sql);
$company_id = $row['company_id'];
$api_key_name = $row['api_key_name'];
$client_id = $row['api_key_client_id'];
$company_id = $row['company_id'];
// Set limit & offset for queries
if(isset($_GET['limit'])){