mirror of
https://github.com/itflow-org/itflow
synced 2026-02-28 02:44:53 +00:00
API
- Add PHP logging when API queries fail because of SQL errors - Add user agent to logging - Enhance asset update endpoint
This commit is contained in:
Marcus Hill
@@ -1,16 +1,107 @@
|
||||
<?php
|
||||
define('number_regex', '/[^0-9]/');
|
||||
|
||||
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_name'])));
|
||||
$title = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_title'])));
|
||||
$department = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_department'])));
|
||||
$email = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_email'])));
|
||||
$phone = preg_replace(number_regex, '', $_POST['contact_phone']);
|
||||
$extension = preg_replace(number_regex, '', $_POST['contact_extension']);
|
||||
$mobile = preg_replace(number_regex, '', $_POST['contact_mobile']);
|
||||
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_notes'])));
|
||||
$auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_auth_method'])));
|
||||
$important = intval($_POST['contact_important']);
|
||||
$billing = intval($_POST['contact_billing']);
|
||||
$technical = intval($_POST['contact_technical']);
|
||||
$location_id = intval($_POST['contact_location_id']);
|
||||
// Variable assignment from POST (or: blank/from DB is updating)
|
||||
if (isset($_POST['contact_name'])) {
|
||||
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_name'])));
|
||||
} elseif ($contact_row) {
|
||||
$name = $contact_row['contact_name'];
|
||||
} else {
|
||||
$name = '';
|
||||
}
|
||||
|
||||
if (isset($_POST['contact_title'])) {
|
||||
$title = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_title'])));
|
||||
} elseif ($contact_row) {
|
||||
$title = $contact_row['contact_title'];
|
||||
} else {
|
||||
$title = '';
|
||||
}
|
||||
|
||||
if (isset($_POST['contact_department'])) {
|
||||
$department = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_department'])));
|
||||
} elseif ($contact_row) {
|
||||
$department = $contact_row['contact_department'];
|
||||
} else {
|
||||
$department = '';
|
||||
}
|
||||
|
||||
if (isset($_POST['contact_email'])) {
|
||||
$email = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_email'])));
|
||||
} elseif ($contact_row) {
|
||||
$email = $contact_row['contact_email'];
|
||||
} else {
|
||||
$email = '';
|
||||
}
|
||||
|
||||
if (isset($_POST['contact_phone'])) {
|
||||
$phone = preg_replace(number_regex, '', $_POST['contact_phone']);
|
||||
} elseif ($contact_row) {
|
||||
$phone = $contact_row['contact_phone'];
|
||||
} else {
|
||||
$phone = '';
|
||||
}
|
||||
|
||||
if (isset($_POST['contact_extension'])) {
|
||||
$extension = preg_replace(number_regex, '', $_POST['contact_extension']);
|
||||
} elseif ($contact_row) {
|
||||
$extension = $contact_row['contact_extension'];
|
||||
} else {
|
||||
$extension = '';
|
||||
}
|
||||
|
||||
if (isset($_POST['contact_mobile'])) {
|
||||
$mobile = preg_replace(number_regex, '', $_POST['contact_mobile']);
|
||||
} elseif ($contact_row) {
|
||||
$mobile = $contact_row['contact_mobile'];
|
||||
} else {
|
||||
$mobile = '';
|
||||
}
|
||||
|
||||
if (isset($_POST['contact_notes'])) {
|
||||
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_notes'])));
|
||||
} elseif ($contact_row) {
|
||||
$notes = $contact_row['contact_notes'];
|
||||
} else {
|
||||
$notes = '';
|
||||
}
|
||||
|
||||
if (isset($_POST['contact_auth_method'])) {
|
||||
$auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_auth_method'])));
|
||||
} elseif ($contact_row) {
|
||||
$auth_method = $contact_row['contact_auth_method'];
|
||||
} else {
|
||||
$auth_method = '';
|
||||
}
|
||||
|
||||
if (isset($_POST['contact_important'])) {
|
||||
$important = intval($_POST['contact_important']);
|
||||
} elseif ($contact_row) {
|
||||
$important = $contact_row['contact_important'];
|
||||
} else {
|
||||
$important = '0';
|
||||
}
|
||||
|
||||
if (isset($_POST['contact_billing'])) {
|
||||
$billing = intval($_POST['contact_billing']);
|
||||
} elseif ($contact_row) {
|
||||
$billing = $contact_row['contact_billing'];
|
||||
} else {
|
||||
$billing = '0';
|
||||
}
|
||||
|
||||
if (isset($_POST['contact_technical'])) {
|
||||
$technical = intval($_POST['contact_technical']);
|
||||
} elseif ($contact_row) {
|
||||
$technical = $contact_row['contact_technical'];
|
||||
} else {
|
||||
$technical = '0';
|
||||
}
|
||||
|
||||
if (isset($_POST['contact_location_id'])) {
|
||||
$location_id = intval($_POST['contact_location_id']);
|
||||
} elseif ($contact_row) {
|
||||
$location_id = $contact_row['contact_location_id'];
|
||||
} else {
|
||||
$location_id = '';
|
||||
}
|
||||
|
||||
@@ -23,8 +23,8 @@ if (!empty($name) && !empty($email) && !empty($client_id)) {
|
||||
if ($insert_sql) {
|
||||
$insert_id = mysqli_insert_id($mysqli);
|
||||
//Logging
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -20,9 +20,9 @@ if (!empty($contact_id)) {
|
||||
$delete_count = mysqli_affected_rows($mysqli);
|
||||
|
||||
//Logging
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Deleted', log_description = '$contact_name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Deleted', log_description = '$contact_name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
|
||||
}
|
||||
}
|
||||
|
||||
// Output
|
||||
require_once('../delete_output.php');
|
||||
require_once('../delete_output.php');
|
||||
|
||||
@@ -5,12 +5,16 @@ require_once('../require_post_method.php');
|
||||
|
||||
// Parse Info
|
||||
$contact_id = intval($_POST['contact_id']);
|
||||
require_once('contact_model.php');
|
||||
|
||||
// Default
|
||||
$update_count = FALSE;
|
||||
|
||||
if (!empty($name) && !empty($email)) {
|
||||
if (!empty($contact_id)) {
|
||||
|
||||
$contact_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$contact_id' AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
|
||||
|
||||
// Variable assignment from POST - assigning the current database value if a value is not provided
|
||||
require_once('contact_model.php');
|
||||
|
||||
$update_sql = mysqli_query($mysqli, "UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_department = '$department', contact_email = '$email', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_important = '$important', contact_billing = '$billing', contact_technical = '$technical', contact_updated_at = NOW(), contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id WHERE contact_id = $contact_id LIMIT 1");
|
||||
|
||||
@@ -19,8 +23,8 @@ if (!empty($name) && !empty($email)) {
|
||||
$update_count = mysqli_affected_rows($mysqli);
|
||||
|
||||
//Logging
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
|
||||
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated contact $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user