From f3456ead674046aa71ccc65ee35d64655441fd10 Mon Sep 17 00:00:00 2001
From: Marcus Hill <bcf8c9f2@opayq.com>
Date: Sun, 5 Feb 2023 15:07:41 +0000
Subject: [PATCH] API

- Add PHP logging when API queries fail because of SQL errors
- Add user agent to logging
- Enhance asset update endpoint
---
 api/v1/assets/asset_model.php     | 129 ++++++++++++++++++++++++++++++
 api/v1/assets/create.php          |  89 +--------------------
 api/v1/assets/delete.php          |   2 +-
 api/v1/assets/update.php          |  96 ++--------------------
 api/v1/contacts/contact_model.php | 117 ++++++++++++++++++++++++---
 api/v1/contacts/create.php        |   4 +-
 api/v1/contacts/delete.php        |   4 +-
 api/v1/contacts/update.php        |  12 ++-
 api/v1/create_output.php          |   7 +-
 api/v1/delete_output.php          |   7 +-
 api/v1/read_output.php            |   8 +-
 api/v1/update_output.php          |   9 ++-
 api/v1/validate_api_key.php       |  21 ++---
 13 files changed, 290 insertions(+), 215 deletions(-)
 create mode 100644 api/v1/assets/asset_model.php

diff --git a/api/v1/assets/asset_model.php b/api/v1/assets/asset_model.php
new file mode 100644
index 00000000..ffbfa6df
--- /dev/null
+++ b/api/v1/assets/asset_model.php
@@ -0,0 +1,129 @@
+<?php
+
+// Variable assignment from POST (or: blank/from DB is updating)
+if (isset($_POST['asset_name'])) {
+    $name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_name'])));
+} elseif ($asset_row) {
+    $name = $asset_row['asset_name'];
+} else {
+    $name = '';
+}
+
+if (isset($_POST['asset_type'])) {
+    $type = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_type'])));
+} elseif ($asset_row) {
+    $type = $asset_row['asset_type'];
+} else {
+    $type = '';
+}
+
+if (isset($_POST['asset_make'])) {
+    $make = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_make'])));
+} elseif ($asset_row) {
+    $make = $asset_row['asset_make'];
+} else {
+    $make = '';
+}
+if (isset($_POST['asset_model'])) {
+    $model = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_model'])));
+} elseif ($asset_row) {
+    $model = $asset_row['asset_model'];
+} else {
+    $model = '';
+}
+
+if (isset($_POST['asset_serial'])) {
+    $serial = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_serial'])));
+} elseif ($asset_row) {
+    $serial = $asset_row['asset_serial'];
+} else {
+    $serial = '';
+}
+
+if (isset($_POST['asset_os'])) {
+    $os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
+} elseif ($asset_row) {
+    $os = $asset_row['asset_os'];
+} else {
+    $os = '';
+}
+
+if (isset($_POST['asset_ip'])) {
+    $aip = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_ip'])));
+} elseif ($asset_row) {
+    $aip = $asset_row['asset_ip'];
+} else {
+    $aip = '';
+}
+
+if (isset($_POST['asset_mac'])) {
+    $mac = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_mac'])));
+} elseif ($asset_row) {
+    $mac = $asset_row['asset_mac'];
+} else {
+    $mac = '';
+}
+
+if (isset($_POST['asset_purchase_date']) && !empty($_POST['asset_purchase_date'])) {
+    $purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_purchase_date'])));
+} elseif ($asset_row) {
+    $purchase_date = $asset_row['asset_purchase_date'];
+} else {
+    $purchase_date = "0000-00-00";
+}
+
+if (isset($_POST['asset_warranty_expire']) && !empty($_POST['asset_warranty_expire'])) {
+    $warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_warranty_expire'])));
+} elseif ($asset_row) {
+    $warranty_expire = $asset_row['asset_warranty_expire'];
+} else {
+    $warranty_expire = "0000-00-00";
+}
+
+if (isset($_POST['asset_install_date']) && !empty($_POST['asset_install_date'])) {
+    $install_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_install_date'])));
+} elseif ($asset_row) {
+    $install_date = $asset_row['asset_install_date'];
+} else {
+    $install_date = "0000-00-00";
+}
+
+if (isset($_POST['asset_notes'])) {
+    $notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_notes'])));
+} elseif ($asset_row) {
+    $notes = $asset_row['asset_notes'];
+} else {
+    $notes = '';
+}
+
+if (isset($_POST['asset_vendor_id'])) {
+    $vendor = intval($_POST['asset_vendor_id']);
+} elseif ($asset_row) {
+    $vendor = $asset_row['asset_vendor_id'];
+} else {
+    $vendor = '0';
+}
+
+if (isset($_POST['asset_location_id'])) {
+    $location = intval($_POST['asset_location_id']);
+} elseif ($asset_row) {
+    $location = $asset_row['asset_location_id'];
+} else {
+    $location = '0';
+}
+
+if (isset($_POST['asset_contact_id'])) {
+    $contact = intval($_POST['asset_contact_id']);
+} elseif ($asset_row) {
+    $contact = $asset_row['asset_contact_id'];
+} else {
+    $contact = '0';
+}
+
+if (isset($_POST['asset_network_id'])) {
+    $network = intval($_POST['asset_network_id']);
+} elseif ($asset_row) {
+    $network = $asset_row['asset_network_id'];
+} else {
+    $network = '0';
+}
diff --git a/api/v1/assets/create.php b/api/v1/assets/create.php
index 7a63d58b..9b8a7eed 100644
--- a/api/v1/assets/create.php
+++ b/api/v1/assets/create.php
@@ -3,89 +3,8 @@
 require_once('../validate_api_key.php');
 require_once('../require_post_method.php');
 
-// Parse info
-
-// Variable assignment - assigning blank if a value is not provided
-if (isset($_POST['asset_name'])) {
-    $name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_name'])));
-} else {
-    $name = '';
-}
-if (isset($_POST['asset_type'])) {
-    $type = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_type'])));
-} else {
-    $type = '';
-}
-if (isset($_POST['asset_make'])) {
-    $make = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_make'])));
-} else {
-    $make = '';
-}
-if (isset($_POST['asset_model'])) {
-    $model = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_model'])));
-} else {
-    $model = '';
-}
-if (isset($_POST['asset_serial'])) {
-    $serial = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_serial'])));
-} else {
-    $serial = '';
-}
-if (isset($_POST['asset_os'])) {
-    $os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
-} else {
-    $os = '';
-}
-if (isset($_POST['asset_ip'])) {
-    $aip = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_ip'])));
-} else {
-    $aip = '';
-}
-if (isset($_POST['asset_mac'])) {
-    $mac = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_mac'])));
-} else {
-    $mac = '';
-}
-if (isset($_POST['asset_purchase_date'])) {
-    $purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_purchase_date'])));
-} else {
-    $purchase_date = "0000-00-00";
-}
-if (isset($_POST['asset_warranty_expire'])) {
-    $warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_warranty_expire'])));
-} else {
-    $warranty_expire = "0000-00-00";
-}
-if (isset($_POST['asset_install_date'])) {
-    $install_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_install_date'])));
-} else {
-    $install_date = "0000-00-00";
-}
-if (isset($_POST['asset_notes'])) {
-    $notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_notes'])));
-} else {
-    $notes = '';
-}
-if (isset($_POST['asset_vendor_id'])) {
-    $vendor = intval($_POST['asset_vendor_id']);
-} else {
-    $vendor = '0';
-}
-if (isset($_POST['asset_location_id'])) {
-    $location = intval($_POST['asset_location_id']);
-} else {
-    $location = '0';
-}
-if (isset($_POST['asset_contact_id'])) {
-    $contact = intval($_POST['asset_contact_id']);
-} else {
-    $contact = '0';
-}
-if (isset($_POST['asset_network_id'])) {
-    $network = intval($_POST['asset_network_id']);
-} else {
-    $network = '0';
-}
+// Parse POST info
+require_once('asset_model.php');
 
 // Default
 $insert_id = false;
@@ -98,8 +17,8 @@ if (!empty($name) && !empty($client_id)) {
         $insert_id = mysqli_insert_id($mysqli);
 
         //Logging
-        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
-        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
+        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
+        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
     }
 }
 
diff --git a/api/v1/assets/delete.php b/api/v1/assets/delete.php
index 3c0a7b72..8ce2e912 100644
--- a/api/v1/assets/delete.php
+++ b/api/v1/assets/delete.php
@@ -20,7 +20,7 @@ if (!empty($asset_id)) {
         $delete_count = mysqli_affected_rows($mysqli);
 
         //Logging
-        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Deleted', log_description = '$asset_name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
+        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Deleted', log_description = '$asset_name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
     }
 }
 
diff --git a/api/v1/assets/update.php b/api/v1/assets/update.php
index b12f6551..3a1abcaf 100644
--- a/api/v1/assets/update.php
+++ b/api/v1/assets/update.php
@@ -11,94 +11,10 @@ $update_count = false;
 
 if (!empty($asset_id)) {
 
-    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$asset_id' AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
+    $asset_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$asset_id' AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
 
-    // Variable assignment - assigning the current database value if a value is not provided
-    if (isset($_POST['asset_name'])) {
-        $name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_name'])));
-    } else {
-        $name = $row['asset_name'];
-    }
-    if (isset($_POST['asset_type'])) {
-        $type = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_type'])));
-    } else {
-        $type = $row['asset_type'];
-    }
-    if (isset($_POST['asset_make'])) {
-        $make = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_make'])));
-    } else {
-        $make = $row['asset_make'];
-    }
-    if (isset($_POST['asset_model'])) {
-        $model = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_model'])));
-    } else {
-        $model = $row['asset_model'];
-    }
-    if (isset($_POST['asset_serial'])) {
-        $serial = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_serial'])));
-    } else {
-        $serial = $row['asset_serial'];
-    }
-    if (isset($_POST['asset_os'])) {
-        $os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
-    } else {
-        $os = $row['asset_os'];
-    }
-    if (isset($_POST['asset_os'])) {
-        $os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
-    } else {
-        $os = $row['asset_os'];
-    }
-    if (isset($_POST['asset_ip'])) {
-        $aip = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_ip'])));
-    } else {
-        $aip = $row['asset_ip'];
-    }
-    if (isset($_POST['asset_mac'])) {
-        $mac = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_mac'])));
-    } else {
-        $mac = $row['asset_mac'];
-    }
-    if (isset($_POST['asset_purchase_date'])) {
-        $purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_purchase_date'])));
-    } else {
-        $purchase_date = $row['asset_purchase_date'];
-    }
-    if (isset($_POST['asset_warranty_expire'])) {
-        $warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_warranty_expire'])));
-    } else {
-        $warranty_expire = $row['asset_warranty_expire'];
-    }
-    if (isset($_POST['asset_install_date'])) {
-        $install_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_install_date'])));
-    } else {
-        $install_date = $row['asset_install_date'];
-    }
-    if (isset($_POST['asset_notes'])) {
-        $notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_notes'])));
-    } else {
-        $notes = $row['asset_notes'];
-    }
-    if (isset($_POST['asset_vendor_id'])) {
-        $vendor = intval($_POST['asset_vendor_id']);
-    } else {
-        $vendor = $row['asset_vendor_id'];
-    }
-    if (isset($_POST['asset_location_id'])) {
-        $location = intval($_POST['asset_location_id']);
-    } else {
-        $location = $row['asset_location_id'];
-    }
-    if (isset($_POST['asset_contact_id'])) {
-        $contact = intval($_POST['asset_contact_id']);
-    } else {
-        $contact = $row['asset_contact_id'];
-    }
-    if (isset($_POST['asset_network_id'])) {
-        $network = intval($_POST['asset_network_id']);
-    } else {
-        $network = $row['asset_network_id'];
-    }
+    // Variable assignment from POST - assigning the current database value if a value is not provided
+    require_once('asset_model.php');
 
     $update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_updated_at = NOW(), asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
 
@@ -107,10 +23,10 @@ if (!empty($asset_id)) {
         $update_count = mysqli_affected_rows($mysqli);
 
         //Logging
-        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
-        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated asset $name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
+        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
+        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
     }
 }
 
 // Output
-require_once('../update_output.php');
\ No newline at end of file
+require_once('../update_output.php');
diff --git a/api/v1/contacts/contact_model.php b/api/v1/contacts/contact_model.php
index f38320c1..fab66f8a 100644
--- a/api/v1/contacts/contact_model.php
+++ b/api/v1/contacts/contact_model.php
@@ -1,16 +1,107 @@
 <?php
 define('number_regex', '/[^0-9]/');
 
-$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_name'])));
-$title = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_title'])));
-$department = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_department'])));
-$email = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_email'])));
-$phone = preg_replace(number_regex, '', $_POST['contact_phone']);
-$extension = preg_replace(number_regex, '', $_POST['contact_extension']);
-$mobile = preg_replace(number_regex, '', $_POST['contact_mobile']);
-$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_notes'])));
-$auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_auth_method'])));
-$important = intval($_POST['contact_important']);
-$billing = intval($_POST['contact_billing']);
-$technical = intval($_POST['contact_technical']);
-$location_id = intval($_POST['contact_location_id']);
+// Variable assignment from POST (or: blank/from DB is updating)
+if (isset($_POST['contact_name'])) {
+    $name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_name'])));
+} elseif ($contact_row) {
+    $name = $contact_row['contact_name'];
+} else {
+    $name = '';
+}
+
+if (isset($_POST['contact_title'])) {
+    $title = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_title'])));
+} elseif ($contact_row) {
+    $title = $contact_row['contact_title'];
+} else {
+    $title = '';
+}
+
+if (isset($_POST['contact_department'])) {
+    $department = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_department'])));
+} elseif ($contact_row) {
+    $department = $contact_row['contact_department'];
+} else {
+    $department = '';
+}
+
+if (isset($_POST['contact_email'])) {
+    $email = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_email'])));
+} elseif ($contact_row) {
+    $email = $contact_row['contact_email'];
+} else {
+    $email = '';
+}
+
+if (isset($_POST['contact_phone'])) {
+    $phone = preg_replace(number_regex, '', $_POST['contact_phone']);
+} elseif ($contact_row) {
+    $phone = $contact_row['contact_phone'];
+} else {
+    $phone = '';
+}
+
+if (isset($_POST['contact_extension'])) {
+    $extension = preg_replace(number_regex, '', $_POST['contact_extension']);
+} elseif ($contact_row) {
+    $extension = $contact_row['contact_extension'];
+} else {
+    $extension = '';
+}
+
+if (isset($_POST['contact_mobile'])) {
+    $mobile = preg_replace(number_regex, '', $_POST['contact_mobile']);
+} elseif ($contact_row) {
+    $mobile = $contact_row['contact_mobile'];
+} else {
+    $mobile = '';
+}
+
+if (isset($_POST['contact_notes'])) {
+    $notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_notes'])));
+} elseif ($contact_row) {
+    $notes = $contact_row['contact_notes'];
+} else {
+    $notes = '';
+}
+
+if (isset($_POST['contact_auth_method'])) {
+    $auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_auth_method'])));
+} elseif ($contact_row) {
+    $auth_method = $contact_row['contact_auth_method'];
+} else {
+    $auth_method = '';
+}
+
+if (isset($_POST['contact_important'])) {
+    $important = intval($_POST['contact_important']);
+} elseif ($contact_row) {
+    $important = $contact_row['contact_important'];
+} else {
+    $important = '0';
+}
+
+if (isset($_POST['contact_billing'])) {
+    $billing = intval($_POST['contact_billing']);
+} elseif ($contact_row) {
+    $billing = $contact_row['contact_billing'];
+} else {
+    $billing = '0';
+}
+
+if (isset($_POST['contact_technical'])) {
+    $technical = intval($_POST['contact_technical']);
+} elseif ($contact_row) {
+    $technical = $contact_row['contact_technical'];
+} else {
+    $technical = '0';
+}
+
+if (isset($_POST['contact_location_id'])) {
+    $location_id = intval($_POST['contact_location_id']);
+} elseif ($contact_row) {
+    $location_id = $contact_row['contact_location_id'];
+} else {
+    $location_id = '';
+}
diff --git a/api/v1/contacts/create.php b/api/v1/contacts/create.php
index eeb5640c..6919b013 100644
--- a/api/v1/contacts/create.php
+++ b/api/v1/contacts/create.php
@@ -23,8 +23,8 @@ if (!empty($name) && !empty($email) && !empty($client_id)) {
         if ($insert_sql) {
             $insert_id = mysqli_insert_id($mysqli);
             //Logging
-            mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
-            mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
+            mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
+            mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
         }
 
     }
diff --git a/api/v1/contacts/delete.php b/api/v1/contacts/delete.php
index 64602ce6..9fd17cba 100644
--- a/api/v1/contacts/delete.php
+++ b/api/v1/contacts/delete.php
@@ -20,9 +20,9 @@ if (!empty($contact_id)) {
         $delete_count = mysqli_affected_rows($mysqli);
 
         //Logging
-        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Deleted', log_description = '$contact_name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
+        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Deleted', log_description = '$contact_name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
     }
 }
 
 // Output
-require_once('../delete_output.php');
\ No newline at end of file
+require_once('../delete_output.php');
diff --git a/api/v1/contacts/update.php b/api/v1/contacts/update.php
index 9e7071cf..d19d9521 100644
--- a/api/v1/contacts/update.php
+++ b/api/v1/contacts/update.php
@@ -5,12 +5,16 @@ require_once('../require_post_method.php');
 
 // Parse Info
 $contact_id = intval($_POST['contact_id']);
-require_once('contact_model.php');
 
 // Default
 $update_count = FALSE;
 
-if (!empty($name) && !empty($email)) {
+if (!empty($contact_id)) {
+
+    $contact_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$contact_id' AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
+
+    // Variable assignment from POST - assigning the current database value if a value is not provided
+    require_once('contact_model.php');
 
     $update_sql = mysqli_query($mysqli, "UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_department = '$department', contact_email = '$email', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile',  contact_notes = '$notes', contact_auth_method = '$auth_method', contact_important = '$important', contact_billing = '$billing', contact_technical = '$technical', contact_updated_at = NOW(), contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id WHERE contact_id = $contact_id LIMIT 1");
 
@@ -19,8 +23,8 @@ if (!empty($name) && !empty($email)) {
         $update_count = mysqli_affected_rows($mysqli);
 
         //Logging
-        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
-        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
+        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
+        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated contact $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
     }
 }
 
diff --git a/api/v1/create_output.php b/api/v1/create_output.php
index d4ef9615..3d158046 100644
--- a/api/v1/create_output.php
+++ b/api/v1/create_output.php
@@ -20,7 +20,12 @@ if (isset($insert_id) && is_numeric($insert_id)) {
 else {
     $return_arr['success'] = "False";
     $return_arr['message'] = "Auth success but insert query failed, ensure ALL required variables are provided (and aren't duplicates where applicable) and database schema is up-to-date. Turn on error logging and look for 'undefined index'.";
+
+    // Log any database/schema related errors to the PHP Error log
+    if (mysqli_error($mysqli)) {
+        error_log("API Database Error: " . mysqli_error($mysqli));
+    }
 }
 
 echo json_encode($return_arr);
-exit();
\ No newline at end of file
+exit();
diff --git a/api/v1/delete_output.php b/api/v1/delete_output.php
index c8139d92..c5748cec 100644
--- a/api/v1/delete_output.php
+++ b/api/v1/delete_output.php
@@ -17,7 +17,12 @@ if (isset($delete_count) && is_numeric($delete_count) && $delete_count > 0) {
 else {
     $return_arr['success'] = "False";
     $return_arr['message'] = "Auth success but delete query failed. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: asset/client/company ID mismatch.";
+
+    // Log any database/schema related errors to the PHP Error log
+    if (mysqli_error($mysqli)) {
+        error_log("API Database Error: " . mysqli_error($mysqli));
+    }
 }
 
 echo json_encode($return_arr);
-exit();
\ No newline at end of file
+exit();
diff --git a/api/v1/read_output.php b/api/v1/read_output.php
index 42c6cde9..97162ace 100644
--- a/api/v1/read_output.php
+++ b/api/v1/read_output.php
@@ -21,6 +21,12 @@ if ($sql && mysqli_num_rows($sql) > 0) {
 else {
     $return_arr['success'] = "False";
     $return_arr['message'] = "No resource (for this client and company) with the specified parameter(s).";
+
+    // Log any database/schema related errors to the PHP Error log
+    if (mysqli_error($mysqli)) {
+        error_log("API Database Error: " . mysqli_error($mysqli));
+    }
+
     echo json_encode($return_arr);
     exit();
-}
\ No newline at end of file
+}
diff --git a/api/v1/update_output.php b/api/v1/update_output.php
index 59e7c13c..da985b54 100644
--- a/api/v1/update_output.php
+++ b/api/v1/update_output.php
@@ -16,8 +16,13 @@ if (isset($update_count) && is_numeric($update_count) && $update_count > 0) {
 // Query returned false: something went wrong, or it was declined due to required variables missing
 else {
     $return_arr['success'] = "False";
-    $return_arr['message'] = "Auth success but update query failed/returned no results. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: non-existent module ID (contact ID/ticket ID/etc)";
+    $return_arr['message'] = "Auth success but update query failed/returned no results. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: non-existent module ID (i.e. bad contact ID/ticket ID/etc).";
+
+    // Log any database/schema related errors to the PHP Error log
+    if (mysqli_error($mysqli)) {
+        error_log("API Database Error: " . mysqli_error($mysqli));
+    }
 }
 
 echo json_encode($return_arr);
-exit();
\ No newline at end of file
+exit();
diff --git a/api/v1/validate_api_key.php b/api/v1/validate_api_key.php
index 6fa07065..e2f29590 100644
--- a/api/v1/validate_api_key.php
+++ b/api/v1/validate_api_key.php
@@ -16,9 +16,8 @@ header('Content-Type: application/json');
 // POST data
 $_POST = json_decode(file_get_contents('php://input'), true);
 
-// Get user IP
+// Get IP & UA
 $ip = strip_tags(mysqli_real_escape_string($mysqli, getIP()));
-// Get user agent
 $user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
 
 // Setup return array
@@ -81,10 +80,10 @@ if (isset($api_key)) {
         header(WORDING_UNAUTHORIZED);
         echo json_encode($return_arr);
         exit();
-    }
 
-    // Success
-    else {
+    } else {
+
+        // SUCCESS
 
         // Set client ID, company ID & key name
         $row = mysqli_fetch_array($sql);
@@ -95,21 +94,17 @@ if (isset($api_key)) {
         // Set limit & offset for queries
         if (isset($_GET['limit'])) {
             $limit = intval($_GET['limit']);
-        }
-        elseif (isset($_POST['limit'])) {
+        } elseif (isset($_POST['limit'])) {
             $limit = intval($_POST['limit']);
-        }
-        else {
+        } else {
             $limit = 50;
         }
 
         if (isset($_GET['offset'])) {
             $offset = intval($_GET['offset']);
-        }
-        elseif (isset($_POST['offset'])) {
+        } elseif (isset($_POST['offset'])) {
             $offset = intval($_POST['offset']);
-        }
-        else {
+        } else {
             $offset = 0;
         }