AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

API 

- Add PHP logging when API queries fail because of SQL errors
- Add user agent to logging
- Enhance asset update endpoint
This commit is contained in:
Marcus Hill 2023-02-05 15:07:41 +00:00
parent aad1351dcb
commit f3456ead67
13 changed files with 290 additions and 215 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

129
api/v1/assets/asset_model.php Normal file
View File

@ -0,0 +1,129 @@
<?php
// Variable assignment from POST (or: blank/from DB is updating)
if (isset($_POST['asset_name'])) {
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_name'])));
} elseif ($asset_row) {
$name = $asset_row['asset_name'];
} else {
$name = '';
}
if (isset($_POST['asset_type'])) {
$type = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_type'])));
} elseif ($asset_row) {
$type = $asset_row['asset_type'];
} else {
$type = '';
}
if (isset($_POST['asset_make'])) {
$make = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_make'])));
} elseif ($asset_row) {
$make = $asset_row['asset_make'];
} else {
$make = '';
}
if (isset($_POST['asset_model'])) {
$model = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_model'])));
} elseif ($asset_row) {
$model = $asset_row['asset_model'];
} else {
$model = '';
}
if (isset($_POST['asset_serial'])) {
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_serial'])));
} elseif ($asset_row) {
$serial = $asset_row['asset_serial'];
} else {
$serial = '';
}
if (isset($_POST['asset_os'])) {
$os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
} elseif ($asset_row) {
$os = $asset_row['asset_os'];
} else {
$os = '';
}
if (isset($_POST['asset_ip'])) {
$aip = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_ip'])));
} elseif ($asset_row) {
$aip = $asset_row['asset_ip'];
} else {
$aip = '';
}
if (isset($_POST['asset_mac'])) {
$mac = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_mac'])));
} elseif ($asset_row) {
$mac = $asset_row['asset_mac'];
} else {
$mac = '';
}
if (isset($_POST['asset_purchase_date']) && !empty($_POST['asset_purchase_date'])) {
$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_purchase_date'])));
} elseif ($asset_row) {
$purchase_date = $asset_row['asset_purchase_date'];
} else {
$purchase_date = "0000-00-00";
}
if (isset($_POST['asset_warranty_expire']) && !empty($_POST['asset_warranty_expire'])) {
$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_warranty_expire'])));
} elseif ($asset_row) {
$warranty_expire = $asset_row['asset_warranty_expire'];
} else {
$warranty_expire = "0000-00-00";
}
if (isset($_POST['asset_install_date']) && !empty($_POST['asset_install_date'])) {
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_install_date'])));
} elseif ($asset_row) {
$install_date = $asset_row['asset_install_date'];
} else {
$install_date = "0000-00-00";
}
if (isset($_POST['asset_notes'])) {
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_notes'])));
} elseif ($asset_row) {
$notes = $asset_row['asset_notes'];
} else {
$notes = '';
}
if (isset($_POST['asset_vendor_id'])) {
$vendor = intval($_POST['asset_vendor_id']);
} elseif ($asset_row) {
$vendor = $asset_row['asset_vendor_id'];
} else {
$vendor = '0';
}
if (isset($_POST['asset_location_id'])) {
$location = intval($_POST['asset_location_id']);
} elseif ($asset_row) {
$location = $asset_row['asset_location_id'];
} else {
$location = '0';
}
if (isset($_POST['asset_contact_id'])) {
$contact = intval($_POST['asset_contact_id']);
} elseif ($asset_row) {
$contact = $asset_row['asset_contact_id'];
} else {
$contact = '0';
}
if (isset($_POST['asset_network_id'])) {
$network = intval($_POST['asset_network_id']);
} elseif ($asset_row) {
$network = $asset_row['asset_network_id'];
} else {
$network = '0';
}

89
api/v1/assets/create.php
View File

@ -3,89 +3,8 @@
require_once('../validate_api_key.php');
require_once('../require_post_method.php');
// Parse info
// Variable assignment - assigning blank if a value is not provided
if (isset($_POST['asset_name'])) {
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_name'])));
} else {
$name = '';
}
if (isset($_POST['asset_type'])) {
$type = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_type'])));
} else {
$type = '';
}
if (isset($_POST['asset_make'])) {
$make = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_make'])));
} else {
$make = '';
}
if (isset($_POST['asset_model'])) {
$model = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_model'])));
} else {
$model = '';
}
if (isset($_POST['asset_serial'])) {
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_serial'])));
} else {
$serial = '';
}
if (isset($_POST['asset_os'])) {
$os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
} else {
$os = '';
}
if (isset($_POST['asset_ip'])) {
$aip = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_ip'])));
} else {
$aip = '';
}
if (isset($_POST['asset_mac'])) {
$mac = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_mac'])));
} else {
$mac = '';
}
if (isset($_POST['asset_purchase_date'])) {
$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_purchase_date'])));
} else {
$purchase_date = "0000-00-00";
}
if (isset($_POST['asset_warranty_expire'])) {
$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_warranty_expire'])));
} else {
$warranty_expire = "0000-00-00";
}
if (isset($_POST['asset_install_date'])) {
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_install_date'])));
} else {
$install_date = "0000-00-00";
}
if (isset($_POST['asset_notes'])) {
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_notes'])));
} else {
$notes = '';
}
if (isset($_POST['asset_vendor_id'])) {
$vendor = intval($_POST['asset_vendor_id']);
} else {
$vendor = '0';
}
if (isset($_POST['asset_location_id'])) {
$location = intval($_POST['asset_location_id']);
} else {
$location = '0';
}
if (isset($_POST['asset_contact_id'])) {
$contact = intval($_POST['asset_contact_id']);
} else {
$contact = '0';
}
if (isset($_POST['asset_network_id'])) {
$network = intval($_POST['asset_network_id']);
} else {
$network = '0';
}
// Parse POST info
require_once('asset_model.php');
// Default
$insert_id = false;
@ -98,8 +17,8 @@ if (!empty($name) && !empty($client_id)) {
$insert_id = mysqli_insert_id($mysqli);
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
}
}

2
api/v1/assets/delete.php
View File

@ -20,7 +20,7 @@ if (!empty($asset_id)) {
$delete_count = mysqli_affected_rows($mysqli);
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Deleted', log_description = '$asset_name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Deleted', log_description = '$asset_name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
}
}

94
api/v1/assets/update.php
View File

@ -11,94 +11,10 @@ $update_count = false;
if (!empty($asset_id)) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$asset_id' AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
$asset_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$asset_id' AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
// Variable assignment - assigning the current database value if a value is not provided
if (isset($_POST['asset_name'])) {
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_name'])));
} else {
$name = $row['asset_name'];
}
if (isset($_POST['asset_type'])) {
$type = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_type'])));
} else {
$type = $row['asset_type'];
}
if (isset($_POST['asset_make'])) {
$make = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_make'])));
} else {
$make = $row['asset_make'];
}
if (isset($_POST['asset_model'])) {
$model = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_model'])));
} else {
$model = $row['asset_model'];
}
if (isset($_POST['asset_serial'])) {
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_serial'])));
} else {
$serial = $row['asset_serial'];
}
if (isset($_POST['asset_os'])) {
$os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
} else {
$os = $row['asset_os'];
}
if (isset($_POST['asset_os'])) {
$os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
} else {
$os = $row['asset_os'];
}
if (isset($_POST['asset_ip'])) {
$aip = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_ip'])));
} else {
$aip = $row['asset_ip'];
}
if (isset($_POST['asset_mac'])) {
$mac = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_mac'])));
} else {
$mac = $row['asset_mac'];
}
if (isset($_POST['asset_purchase_date'])) {
$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_purchase_date'])));
} else {
$purchase_date = $row['asset_purchase_date'];
}
if (isset($_POST['asset_warranty_expire'])) {
$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_warranty_expire'])));
} else {
$warranty_expire = $row['asset_warranty_expire'];
}
if (isset($_POST['asset_install_date'])) {
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_install_date'])));
} else {
$install_date = $row['asset_install_date'];
}
if (isset($_POST['asset_notes'])) {
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_notes'])));
} else {
$notes = $row['asset_notes'];
}
if (isset($_POST['asset_vendor_id'])) {
$vendor = intval($_POST['asset_vendor_id']);
} else {
$vendor = $row['asset_vendor_id'];
}
if (isset($_POST['asset_location_id'])) {
$location = intval($_POST['asset_location_id']);
} else {
$location = $row['asset_location_id'];
}
if (isset($_POST['asset_contact_id'])) {
$contact = intval($_POST['asset_contact_id']);
} else {
$contact = $row['asset_contact_id'];
}
if (isset($_POST['asset_network_id'])) {
$network = intval($_POST['asset_network_id']);
} else {
$network = $row['asset_network_id'];
}
// Variable assignment from POST - assigning the current database value if a value is not provided
require_once('asset_model.php');
$update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_updated_at = NOW(), asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
@ -107,8 +23,8 @@ if (!empty($asset_id)) {
$update_count = mysqli_affected_rows($mysqli);
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated asset $name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated asset $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
}
}

117
api/v1/contacts/contact_model.php
View File

@ -1,16 +1,107 @@
<?php
define('number_regex', '/[^0-9]/');
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_name'])));
$title = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_title'])));
$department = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_department'])));
$email = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_email'])));
$phone = preg_replace(number_regex, '', $_POST['contact_phone']);
$extension = preg_replace(number_regex, '', $_POST['contact_extension']);
$mobile = preg_replace(number_regex, '', $_POST['contact_mobile']);
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_notes'])));
$auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_auth_method'])));
$important = intval($_POST['contact_important']);
$billing = intval($_POST['contact_billing']);
$technical = intval($_POST['contact_technical']);
$location_id = intval($_POST['contact_location_id']);
// Variable assignment from POST (or: blank/from DB is updating)
if (isset($_POST['contact_name'])) {
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_name'])));
} elseif ($contact_row) {
$name = $contact_row['contact_name'];
} else {
$name = '';
}
if (isset($_POST['contact_title'])) {
$title = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_title'])));
} elseif ($contact_row) {
$title = $contact_row['contact_title'];
} else {
$title = '';
}
if (isset($_POST['contact_department'])) {
$department = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_department'])));
} elseif ($contact_row) {
$department = $contact_row['contact_department'];
} else {
$department = '';
}
if (isset($_POST['contact_email'])) {
$email = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_email'])));
} elseif ($contact_row) {
$email = $contact_row['contact_email'];
} else {
$email = '';
}
if (isset($_POST['contact_phone'])) {
$phone = preg_replace(number_regex, '', $_POST['contact_phone']);
} elseif ($contact_row) {
$phone = $contact_row['contact_phone'];
} else {
$phone = '';
}
if (isset($_POST['contact_extension'])) {
$extension = preg_replace(number_regex, '', $_POST['contact_extension']);
} elseif ($contact_row) {
$extension = $contact_row['contact_extension'];
} else {
$extension = '';
}
if (isset($_POST['contact_mobile'])) {
$mobile = preg_replace(number_regex, '', $_POST['contact_mobile']);
} elseif ($contact_row) {
$mobile = $contact_row['contact_mobile'];
} else {
$mobile = '';
}
if (isset($_POST['contact_notes'])) {
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_notes'])));
} elseif ($contact_row) {
$notes = $contact_row['contact_notes'];
} else {
$notes = '';
}
if (isset($_POST['contact_auth_method'])) {
$auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_auth_method'])));
} elseif ($contact_row) {
$auth_method = $contact_row['contact_auth_method'];
} else {
$auth_method = '';
}
if (isset($_POST['contact_important'])) {
$important = intval($_POST['contact_important']);
} elseif ($contact_row) {
$important = $contact_row['contact_important'];
} else {
$important = '0';
}
if (isset($_POST['contact_billing'])) {
$billing = intval($_POST['contact_billing']);
} elseif ($contact_row) {
$billing = $contact_row['contact_billing'];
} else {
$billing = '0';
}
if (isset($_POST['contact_technical'])) {
$technical = intval($_POST['contact_technical']);
} elseif ($contact_row) {
$technical = $contact_row['contact_technical'];
} else {
$technical = '0';
}
if (isset($_POST['contact_location_id'])) {
$location_id = intval($_POST['contact_location_id']);
} elseif ($contact_row) {
$location_id = $contact_row['contact_location_id'];
} else {
$location_id = '';
}

4
api/v1/contacts/create.php
View File

@ -23,8 +23,8 @@ if (!empty($name) && !empty($email) && !empty($client_id)) {
if ($insert_sql) {
$insert_id = mysqli_insert_id($mysqli);
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
}
}

2
api/v1/contacts/delete.php
View File

@ -20,7 +20,7 @@ if (!empty($contact_id)) {
$delete_count = mysqli_affected_rows($mysqli);
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Deleted', log_description = '$contact_name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Deleted', log_description = '$contact_name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $client_id, company_id = $company_id");
}
}

12
api/v1/contacts/update.php
View File

@ -5,12 +5,16 @@ require_once('../require_post_method.php');
// Parse Info
$contact_id = intval($_POST['contact_id']);
require_once('contact_model.php');
// Default
$update_count = FALSE;
if (!empty($name) && !empty($email)) {
if (!empty($contact_id)) {
$contact_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$contact_id' AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
// Variable assignment from POST - assigning the current database value if a value is not provided
require_once('contact_model.php');
$update_sql = mysqli_query($mysqli, "UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_department = '$department', contact_email = '$email', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_important = '$important', contact_billing = '$billing', contact_technical = '$technical', contact_updated_at = NOW(), contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id WHERE contact_id = $contact_id LIMIT 1");
@ -19,8 +23,8 @@ if (!empty($name) && !empty($email)) {
$update_count = mysqli_affected_rows($mysqli);
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated contact $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
}
}

5
api/v1/create_output.php
View File

@ -20,6 +20,11 @@ if (isset($insert_id) && is_numeric($insert_id)) {
else {
$return_arr['success'] = "False";
$return_arr['message'] = "Auth success but insert query failed, ensure ALL required variables are provided (and aren't duplicates where applicable) and database schema is up-to-date. Turn on error logging and look for 'undefined index'.";
// Log any database/schema related errors to the PHP Error log
if (mysqli_error($mysqli)) {
error_log("API Database Error: " . mysqli_error($mysqli));
}
}
echo json_encode($return_arr);

5
api/v1/delete_output.php
View File

@ -17,6 +17,11 @@ if (isset($delete_count) && is_numeric($delete_count) && $delete_count > 0) {
else {
$return_arr['success'] = "False";
$return_arr['message'] = "Auth success but delete query failed. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: asset/client/company ID mismatch.";
// Log any database/schema related errors to the PHP Error log
if (mysqli_error($mysqli)) {
error_log("API Database Error: " . mysqli_error($mysqli));
}
}
echo json_encode($return_arr);

6
api/v1/read_output.php
View File

@ -21,6 +21,12 @@ if ($sql && mysqli_num_rows($sql) > 0) {
else {
$return_arr['success'] = "False";
$return_arr['message'] = "No resource (for this client and company) with the specified parameter(s).";
// Log any database/schema related errors to the PHP Error log
if (mysqli_error($mysqli)) {
error_log("API Database Error: " . mysqli_error($mysqli));
}
echo json_encode($return_arr);
exit();
}

7
api/v1/update_output.php
View File

@ -16,7 +16,12 @@ if (isset($update_count) && is_numeric($update_count) && $update_count > 0) {
// Query returned false: something went wrong, or it was declined due to required variables missing
else {
$return_arr['success'] = "False";
$return_arr['message'] = "Auth success but update query failed/returned no results. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: non-existent module ID (contact ID/ticket ID/etc)";
$return_arr['message'] = "Auth success but update query failed/returned no results. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: non-existent module ID (i.e. bad contact ID/ticket ID/etc).";
// Log any database/schema related errors to the PHP Error log
if (mysqli_error($mysqli)) {
error_log("API Database Error: " . mysqli_error($mysqli));
}
}
echo json_encode($return_arr);

21
api/v1/validate_api_key.php
View File

@ -16,9 +16,8 @@ header('Content-Type: application/json');
// POST data
$_POST = json_decode(file_get_contents('php://input'), true);
// Get user IP
// Get IP & UA
$ip = strip_tags(mysqli_real_escape_string($mysqli, getIP()));
// Get user agent
$user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
// Setup return array
@ -81,10 +80,10 @@ if (isset($api_key)) {
header(WORDING_UNAUTHORIZED);
echo json_encode($return_arr);
exit();
}
// Success
else {
} else {
// SUCCESS
// Set client ID, company ID & key name
$row = mysqli_fetch_array($sql);
@ -95,21 +94,17 @@ if (isset($api_key)) {
// Set limit & offset for queries
if (isset($_GET['limit'])) {
$limit = intval($_GET['limit']);
}
elseif (isset($_POST['limit'])) {
} elseif (isset($_POST['limit'])) {
$limit = intval($_POST['limit']);
}
else {
} else {
$limit = 50;
}
if (isset($_GET['offset'])) {
$offset = intval($_GET['offset']);
}
elseif (isset($_POST['offset'])) {
} elseif (isset($_POST['offset'])) {
$offset = intval($_POST['offset']);
}
else {
} else {
$offset = 0;
}