AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 02:44:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

API

Browse Source 
- Add PHP logging when API queries fail because of SQL errors
- Add user agent to logging
- Enhance asset update endpoint
This commit is contained in:
Marcus Hill
2023-02-05 15:07:41 +00:00
parent aad1351dcb
commit f3456ead67
13 changed files with 290 additions and 215 deletions
Download Patch File Download Diff File Expand all files Collapse all files

96
api/v1/assets/update.php
View File

@@ -11,94 +11,10 @@ $update_count = false;
if (!empty($asset_id)) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$asset_id' AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
$asset_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$asset_id' AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
// Variable assignment - assigning the current database value if a value is not provided
if (isset($_POST['asset_name'])) {
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_name'])));
} else {
$name = $row['asset_name'];
}
if (isset($_POST['asset_type'])) {
$type = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_type'])));
} else {
$type = $row['asset_type'];
}
if (isset($_POST['asset_make'])) {
$make = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_make'])));
} else {
$make = $row['asset_make'];
}
if (isset($_POST['asset_model'])) {
$model = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_model'])));
} else {
$model = $row['asset_model'];
}
if (isset($_POST['asset_serial'])) {
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_serial'])));
} else {
$serial = $row['asset_serial'];
}
if (isset($_POST['asset_os'])) {
$os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
} else {
$os = $row['asset_os'];
}
if (isset($_POST['asset_os'])) {
$os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
} else {
$os = $row['asset_os'];
}
if (isset($_POST['asset_ip'])) {
$aip = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_ip'])));
} else {
$aip = $row['asset_ip'];
}
if (isset($_POST['asset_mac'])) {
$mac = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_mac'])));
} else {
$mac = $row['asset_mac'];
}
if (isset($_POST['asset_purchase_date'])) {
$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_purchase_date'])));
} else {
$purchase_date = $row['asset_purchase_date'];
}
if (isset($_POST['asset_warranty_expire'])) {
$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_warranty_expire'])));
} else {
$warranty_expire = $row['asset_warranty_expire'];
}
if (isset($_POST['asset_install_date'])) {
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_install_date'])));
} else {
$install_date = $row['asset_install_date'];
}
if (isset($_POST['asset_notes'])) {
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_notes'])));
} else {
$notes = $row['asset_notes'];
}
if (isset($_POST['asset_vendor_id'])) {
$vendor = intval($_POST['asset_vendor_id']);
} else {
$vendor = $row['asset_vendor_id'];
}
if (isset($_POST['asset_location_id'])) {
$location = intval($_POST['asset_location_id']);
} else {
$location = $row['asset_location_id'];
}
if (isset($_POST['asset_contact_id'])) {
$contact = intval($_POST['asset_contact_id']);
} else {
$contact = $row['asset_contact_id'];
}
if (isset($_POST['asset_network_id'])) {
$network = intval($_POST['asset_network_id']);
} else {
$network = $row['asset_network_id'];
}
// Variable assignment from POST - assigning the current database value if a value is not provided
require_once('asset_model.php');
$update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_updated_at = NOW(), asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
@@ -107,10 +23,10 @@ if (!empty($asset_id)) {
$update_count = mysqli_affected_rows($mysqli);
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated asset $name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
}
}
// Output
require_once('../update_output.php');
require_once('../update_output.php');