AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

API

Browse Source 
- Add PHP logging when API queries fail because of SQL errors
- Add user agent to logging
- Enhance asset update endpoint
This commit is contained in:
Marcus Hill
2023-02-05 15:07:41 +00:00
parent aad1351dcb
commit f3456ead67
13 changed files with 290 additions and 215 deletions
Download Patch File Download Diff File Expand all files Collapse all files

129
api/v1/assets/asset_model.php Normal file
View File

@@ -0,0 +1,129 @@
<?php
// Variable assignment from POST (or: blank/from DB is updating)
if (isset($_POST['asset_name'])) {
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_name'])));
} elseif ($asset_row) {
$name = $asset_row['asset_name'];
} else {
$name = '';
}
if (isset($_POST['asset_type'])) {
$type = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_type'])));
} elseif ($asset_row) {
$type = $asset_row['asset_type'];
} else {
$type = '';
}
if (isset($_POST['asset_make'])) {
$make = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_make'])));
} elseif ($asset_row) {
$make = $asset_row['asset_make'];
} else {
$make = '';
}
if (isset($_POST['asset_model'])) {
$model = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_model'])));
} elseif ($asset_row) {
$model = $asset_row['asset_model'];
} else {
$model = '';
}
if (isset($_POST['asset_serial'])) {
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_serial'])));
} elseif ($asset_row) {
$serial = $asset_row['asset_serial'];
} else {
$serial = '';
}
if (isset($_POST['asset_os'])) {
$os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
} elseif ($asset_row) {
$os = $asset_row['asset_os'];
} else {
$os = '';
}
if (isset($_POST['asset_ip'])) {
$aip = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_ip'])));
} elseif ($asset_row) {
$aip = $asset_row['asset_ip'];
} else {
$aip = '';
}
if (isset($_POST['asset_mac'])) {
$mac = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_mac'])));
} elseif ($asset_row) {
$mac = $asset_row['asset_mac'];
} else {
$mac = '';
}
if (isset($_POST['asset_purchase_date']) && !empty($_POST['asset_purchase_date'])) {
$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_purchase_date'])));
} elseif ($asset_row) {
$purchase_date = $asset_row['asset_purchase_date'];
} else {
$purchase_date = "0000-00-00";
}
if (isset($_POST['asset_warranty_expire']) && !empty($_POST['asset_warranty_expire'])) {
$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_warranty_expire'])));
} elseif ($asset_row) {
$warranty_expire = $asset_row['asset_warranty_expire'];
} else {
$warranty_expire = "0000-00-00";
}
if (isset($_POST['asset_install_date']) && !empty($_POST['asset_install_date'])) {
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_install_date'])));
} elseif ($asset_row) {
$install_date = $asset_row['asset_install_date'];
} else {
$install_date = "0000-00-00";
}
if (isset($_POST['asset_notes'])) {
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_notes'])));
} elseif ($asset_row) {
$notes = $asset_row['asset_notes'];
} else {
$notes = '';
}
if (isset($_POST['asset_vendor_id'])) {
$vendor = intval($_POST['asset_vendor_id']);
} elseif ($asset_row) {
$vendor = $asset_row['asset_vendor_id'];
} else {
$vendor = '0';
}
if (isset($_POST['asset_location_id'])) {
$location = intval($_POST['asset_location_id']);
} elseif ($asset_row) {
$location = $asset_row['asset_location_id'];
} else {
$location = '0';
}
if (isset($_POST['asset_contact_id'])) {
$contact = intval($_POST['asset_contact_id']);
} elseif ($asset_row) {
$contact = $asset_row['asset_contact_id'];
} else {
$contact = '0';
}
if (isset($_POST['asset_network_id'])) {
$network = intval($_POST['asset_network_id']);
} elseif ($asset_row) {
$network = $asset_row['asset_network_id'];
} else {
$network = '0';
}

89
api/v1/assets/create.php
View File

@@ -3,89 +3,8 @@
require_once('../validate_api_key.php');
require_once('../require_post_method.php');
// Parse info
// Variable assignment - assigning blank if a value is not provided
if (isset($_POST['asset_name'])) {
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_name'])));
} else {
$name = '';
}
if (isset($_POST['asset_type'])) {
$type = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_type'])));
} else {
$type = '';
}
if (isset($_POST['asset_make'])) {
$make = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_make'])));
} else {
$make = '';
}
if (isset($_POST['asset_model'])) {
$model = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_model'])));
} else {
$model = '';
}
if (isset($_POST['asset_serial'])) {
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_serial'])));
} else {
$serial = '';
}
if (isset($_POST['asset_os'])) {
$os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
} else {
$os = '';
}
if (isset($_POST['asset_ip'])) {
$aip = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_ip'])));
} else {
$aip = '';
}
if (isset($_POST['asset_mac'])) {
$mac = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_mac'])));
} else {
$mac = '';
}
if (isset($_POST['asset_purchase_date'])) {
$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_purchase_date'])));
} else {
$purchase_date = "0000-00-00";
}
if (isset($_POST['asset_warranty_expire'])) {
$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_warranty_expire'])));
} else {
$warranty_expire = "0000-00-00";
}
if (isset($_POST['asset_install_date'])) {
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_install_date'])));
} else {
$install_date = "0000-00-00";
}
if (isset($_POST['asset_notes'])) {
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_notes'])));
} else {
$notes = '';
}
if (isset($_POST['asset_vendor_id'])) {
$vendor = intval($_POST['asset_vendor_id']);
} else {
$vendor = '0';
}
if (isset($_POST['asset_location_id'])) {
$location = intval($_POST['asset_location_id']);
} else {
$location = '0';
}
if (isset($_POST['asset_contact_id'])) {
$contact = intval($_POST['asset_contact_id']);
} else {
$contact = '0';
}
if (isset($_POST['asset_network_id'])) {
$network = intval($_POST['asset_network_id']);
} else {
$network = '0';
}
// Parse POST info
require_once('asset_model.php');
// Default
$insert_id = false;
@@ -98,8 +17,8 @@ if (!empty($name) && !empty($client_id)) {
$insert_id = mysqli_insert_id($mysqli);
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
}
}

2
api/v1/assets/delete.php
View File

@@ -20,7 +20,7 @@ if (!empty($asset_id)) {
$delete_count = mysqli_affected_rows($mysqli);
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Deleted', log_description = '$asset_name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Deleted', log_description = '$asset_name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
}
}

96
api/v1/assets/update.php
View File

@@ -11,94 +11,10 @@ $update_count = false;
if (!empty($asset_id)) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$asset_id' AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
$asset_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$asset_id' AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
// Variable assignment - assigning the current database value if a value is not provided
if (isset($_POST['asset_name'])) {
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_name'])));
} else {
$name = $row['asset_name'];
}
if (isset($_POST['asset_type'])) {
$type = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_type'])));
} else {
$type = $row['asset_type'];
}
if (isset($_POST['asset_make'])) {
$make = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_make'])));
} else {
$make = $row['asset_make'];
}
if (isset($_POST['asset_model'])) {
$model = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_model'])));
} else {
$model = $row['asset_model'];
}
if (isset($_POST['asset_serial'])) {
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_serial'])));
} else {
$serial = $row['asset_serial'];
}
if (isset($_POST['asset_os'])) {
$os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
} else {
$os = $row['asset_os'];
}
if (isset($_POST['asset_os'])) {
$os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
} else {
$os = $row['asset_os'];
}
if (isset($_POST['asset_ip'])) {
$aip = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_ip'])));
} else {
$aip = $row['asset_ip'];
}
if (isset($_POST['asset_mac'])) {
$mac = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_mac'])));
} else {
$mac = $row['asset_mac'];
}
if (isset($_POST['asset_purchase_date'])) {
$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_purchase_date'])));
} else {
$purchase_date = $row['asset_purchase_date'];
}
if (isset($_POST['asset_warranty_expire'])) {
$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_warranty_expire'])));
} else {
$warranty_expire = $row['asset_warranty_expire'];
}
if (isset($_POST['asset_install_date'])) {
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_install_date'])));
} else {
$install_date = $row['asset_install_date'];
}
if (isset($_POST['asset_notes'])) {
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_notes'])));
} else {
$notes = $row['asset_notes'];
}
if (isset($_POST['asset_vendor_id'])) {
$vendor = intval($_POST['asset_vendor_id']);
} else {
$vendor = $row['asset_vendor_id'];
}
if (isset($_POST['asset_location_id'])) {
$location = intval($_POST['asset_location_id']);
} else {
$location = $row['asset_location_id'];
}
if (isset($_POST['asset_contact_id'])) {
$contact = intval($_POST['asset_contact_id']);
} else {
$contact = $row['asset_contact_id'];
}
if (isset($_POST['asset_network_id'])) {
$network = intval($_POST['asset_network_id']);
} else {
$network = $row['asset_network_id'];
}
// Variable assignment from POST - assigning the current database value if a value is not provided
require_once('asset_model.php');
$update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_updated_at = NOW(), asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
@@ -107,10 +23,10 @@ if (!empty($asset_id)) {
$update_count = mysqli_affected_rows($mysqli);
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated asset $name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
}
}
// Output
require_once('../update_output.php');
require_once('../update_output.php');