Merge pull request #874 from wrongecho/api-clients-create

Api - clients create

api/v1/clients/client_model.php

@@ -0,0 +1,83 @@
+<?php
+
+// Variable assignment from POST (or: blank/from DB is updating)
+
+if (isset($_POST['client_name'])) {
+    $name = sanitizeInput($_POST['client_name']);
+} elseif ($client_row) {
+    $name = $client_row['client_name'];
+} else {
+    $name = '';
+}
+
+if (isset($_POST['client_type'])) {
+    $type = sanitizeInput($_POST['client_type']);
+} elseif ($client_row) {
+    $type = $client_row['client_type'];
+} else {
+    $type = '';
+}
+
+if (isset($_POST['client_website'])) {
+    $website = preg_replace("(^https?://)", "", sanitizeInput($_POST['client_website']));
+} elseif ($client_row) {
+    $website = $client_row['client_website'];
+} else {
+    $website = '';
+}
+
+if (isset($_POST['client_referral'])) {
+    $referral = sanitizeInput($_POST['client_referral']);
+} elseif ($client_row) {
+    $referral = $client_row['client_referral'];
+} else {
+    $referral = '';
+}
+
+if (isset($_POST['client_rate'])) {
+    $rate = floatval($_POST['client_rate']);
+} elseif ($client_row) {
+    $rate = $client_row['client_rate'];
+} else {
+    $rate = '';
+}
+
+if (isset($_POST['client_currency_code'])) {
+    $currency_code = sanitizeInput($_POST['client_currency_code']);
+} elseif ($client_row) {
+    $currency_code = $client_row['client_currency_code'];
+} else {
+    $currency_code = '';
+}
+
+if (isset($_POST['client_net_terms'])) {
+    $net_terms = intval($_POST['client_net_terms']);
+} elseif ($client_row) {
+    $net_terms = $client_row['client_net_terms'];
+} else {
+    $net_terms = '';
+}
+
+if (isset($_POST['client_tax_id_number'])) {
+    $tax_id_number = sanitizeInput($_POST['client_tax_id_number']);
+} elseif ($client_row) {
+    $tax_id_number = $client_row['client_tax_id_number'];
+} else {
+    $tax_id_number = '';
+}
+
+if (isset($_POST['client_is_lead'])) {
+    $lead = intval($_POST['client_is_lead']);
+} elseif ($client_row) {
+    $lead = $client_row['client_is_lead'];
+} else {
+    $lead = 0; // Default: Not a lead
+}
+
+if (isset($_POST['client_notes'])) {
+    $notes = sanitizeInput($_POST['client_notes']);
+} elseif ($client_row) {
+    $notes = $client_row['client_notes'];
+} else {
+    $notes = '';
+}

api/v1/clients/create.php

@@ -0,0 +1,31 @@
+<?php
+
+require_once '../validate_api_key.php';
+
+require_once '../require_post_method.php';
+
+// Parse Info
+require_once 'client_model.php';
+
+
+// Default
+$insert_id = false;
+
+// To add a client, we just need a name and an "ANY CLIENT" API key
+if (!empty($name) && $client_id == 0) {
+
+    // Insert client
+    $insert_sql = mysqli_query($mysqli, "INSERT INTO clients SET client_name = '$name', client_type = '$type', client_website = '$website', client_referral = '$referral', client_rate = $rate, client_currency_code = '$currency_code', client_net_terms = $net_terms, client_tax_id_number = '$tax_id_number', client_lead = $lead, client_notes = '$notes', client_accessed_at = NOW()");
+
+    // Check insert & get insert ID
+    if ($insert_sql) {
+        $insert_id = mysqli_insert_id($mysqli);
+        //Logging
+        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Client', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $insert_id");
+        mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created client $name via API ($api_key_name)', log_ip = '$ip', log_user_agent = '$user_agent', log_client_id = $insert_id");
+    }
+
+}
+
+// Output
+require_once '../create_output.php';

api/v1/require_post_method.php

@@ -9,6 +9,6 @@ if ($_SERVER['REQUEST_METHOD'] !== "POST") {
 
 // Client ID must be specific for INSERT/UPDATE/DELETE queries
 // If this API key allows any client, set $client_id to the one specified, else leave it
-if ($client_id == 0) {
+if ($client_id == 0 && isset($_POST['client_id'])) {
     $client_id = intval($_POST['client_id']);
-}
+}

functions.php

@@ -201,7 +201,7 @@ function truncate($text, $chars) {
 }
 
 function formatPhoneNumber($phoneNumber) {
-    $phoneNumber = preg_replace('/[^0-9]/', '', $phoneNumber);
+    $phoneNumber = $phoneNumber ? preg_replace('/[^0-9]/', '', $phoneNumber): "";
 
     if (strlen($phoneNumber) > 10) {
         $countryCode = substr($phoneNumber, 0, strlen($phoneNumber)-10);
@@ -853,7 +853,7 @@ function calculateAccountBalance($mysqli, $account_id) {
     $row = mysqli_fetch_array($sql_account);
     $opening_balance = floatval($row['opening_balance']);
     $account_id = intval($row['account_id']);
-    
+
     $sql_payments = mysqli_query($mysqli, "SELECT SUM(payment_amount) AS total_payments FROM payments WHERE payment_account_id = $account_id");
     $row = mysqli_fetch_array($sql_payments);
     $total_payments = floatval($row['total_payments']);
@@ -928,7 +928,7 @@ function generateReadablePassword($security_level) {
 }
 
 function addToMailQueue($mysqli, $data) {
-    
+
     foreach ($data as $email) {
         $from = strval($email['from']);
         $from_name = strval($email['from_name']);
@@ -963,7 +963,7 @@ function calculateInvoiceBalance($mysqli, $invoice_id) {
         "SELECT SUM(payment_amount) AS total_payments FROM payments
         WHERE payment_invoice_id = $invoice_id
         ");
-        
+
     $row = mysqli_fetch_array($sql_payments);
     $total_payments = floatval($row['total_payments']);
 
@@ -976,4 +976,4 @@ function calculateInvoiceBalance($mysqli, $invoice_id) {
     return $balance;
 
 
-}
+}