API: Remove Payment Endpoint for now

api/v1/payments/create.php

@@ -1,30 +0,0 @@
-<?php
-
-require_once '../validate_api_key.php';
-
-require_once '../require_post_method.php';
-
-// Payments require All Clients scope
-$insert_id = false;
-
-if ($client_id == 0) {
-
-    $payment_row = false; // Creation, not an update
-    require_once 'payment_model.php';
-
-    if (!empty($invoice_id) && !empty($amount)) {
-
-        $insert_sql = mysqli_query($mysqli, "INSERT INTO payments SET payment_invoice_id = $invoice_id, payment_amount = $amount, payment_date = '$date', payment_method = '$method', payment_reference = '$reference', payment_notes = '$notes'");
-
-        if ($insert_sql) {
-            $insert_id = mysqli_insert_id($mysqli);
-
-            // Logging
-            logAction("Payment", "Create", "Created payment for invoice $invoice_id via API ($api_key_name)", 0, $insert_id);
-            logAction("API", "Success", "Created payment for invoice $invoice_id via API ($api_key_name)", 0);
-        }
-    }
-}
-
-// Output
-require_once '../create_output.php';

api/v1/payments/delete.php

@@ -1,29 +0,0 @@
-<?php
-
-require_once '../validate_api_key.php';
-
-require_once '../require_post_method.php';
-
-// Parse ID
-$payment_id = intval($_POST['payment_id']);
-
-// Default
-$delete_count = false;
-
-// Payments require All Clients scope
-if (!empty($payment_id) && $client_id == 0) {
-    $row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_id = $payment_id LIMIT 1"));
-    $payment_exists = $row['payment_id'];
-
-    $delete_sql = mysqli_query($mysqli, "DELETE FROM payments WHERE payment_id = $payment_id LIMIT 1");
-
-    if ($delete_sql && !empty($payment_exists)) {
-        $delete_count = mysqli_affected_rows($mysqli);
-
-        // Logging
-        logAction("Payment", "Delete", "Payment $payment_id via API ($api_key_name)", 0);
-    }
-}
-
-// Output
-require_once '../delete_output.php';

api/v1/payments/payment_model.php

@@ -1,52 +0,0 @@
-<?php
-
-// Variable assignment from POST (or: blank/from DB is updating)
-// Note: payments are not scoped to a client_id directly
-
-if (isset($_POST['payment_invoice_id'])) {
-    $invoice_id = intval($_POST['payment_invoice_id']);
-} elseif ($payment_row) {
-    $invoice_id = $payment_row['payment_invoice_id'];
-} else {
-    $invoice_id = 0;
-}
-
-if (isset($_POST['payment_amount'])) {
-    $amount = floatval($_POST['payment_amount']);
-} elseif ($payment_row) {
-    $amount = $payment_row['payment_amount'];
-} else {
-    $amount = 0;
-}
-
-if (isset($_POST['payment_date'])) {
-    $date = sanitizeInput($_POST['payment_date']);
-} elseif ($payment_row) {
-    $date = $payment_row['payment_date'];
-} else {
-    $date = date('Y-m-d');
-}
-
-if (isset($_POST['payment_method'])) {
-    $method = sanitizeInput($_POST['payment_method']);
-} elseif ($payment_row) {
-    $method = mysqli_real_escape_string($mysqli, $payment_row['payment_method']);
-} else {
-    $method = '';
-}
-
-if (isset($_POST['payment_reference'])) {
-    $reference = sanitizeInput($_POST['payment_reference']);
-} elseif ($payment_row) {
-    $reference = mysqli_real_escape_string($mysqli, $payment_row['payment_reference']);
-} else {
-    $reference = '';
-}
-
-if (isset($_POST['payment_notes'])) {
-    $notes = sanitizeInput($_POST['payment_notes']);
-} elseif ($payment_row) {
-    $notes = mysqli_real_escape_string($mysqli, $payment_row['payment_notes']);
-} else {
-    $notes = '';
-}

api/v1/payments/read.php

@@ -1,31 +0,0 @@
-<?php
-
-require_once '../validate_api_key.php';
-
-require_once '../require_get_method.php';
-
-
-// Payments aren't stored against client IDs, so we instead validate the API key is for All Clients
-
-
-if (isset($_GET['payment_id']) && $client_id == "%") {
-    // Payment via ID (single)
-
-    $id = intval($_GET['payment_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_id = '$id'");
-
-} elseif (isset($_GET['payment_invoice_id']) && $client_id == "%") {
-    // Payments for an invoice
-
-    $id = intval($_GET['payment_invoice_id']);
-    $sql = mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_invoice_id = '$id'");
-
-} elseif ($client_id == "%") {
-    // All payments
-
-    $sql = mysqli_query($mysqli, "SELECT * FROM payments ORDER BY payment_id LIMIT $limit OFFSET $offset");
-}
-
-// Output
-require_once "../read_output.php";
-

api/v1/payments/update.php

@@ -1,32 +0,0 @@
-<?php
-
-require_once '../validate_api_key.php';
-
-require_once '../require_post_method.php';
-
-// Parse ID
-$payment_id = intval($_POST['payment_id']);
-
-// Default
-$update_count = false;
-
-// Payments require All Clients scope
-if (!empty($payment_id) && $client_id == 0) {
-
-    $payment_row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM payments WHERE payment_id = '$payment_id' LIMIT 1"));
-
-    require_once 'payment_model.php';
-
-    $update_sql = mysqli_query($mysqli, "UPDATE payments SET payment_invoice_id = $invoice_id, payment_amount = $amount, payment_date = '$date', payment_method = '$method', payment_reference = '$reference', payment_notes = '$notes' WHERE payment_id = $payment_id LIMIT 1");
-
-    if ($update_sql) {
-        $update_count = mysqli_affected_rows($mysqli);
-
-        // Logging
-        logAction("Payment", "Edit", "Payment $payment_id via API ($api_key_name)", 0);
-        logAction("API", "Success", "Edited payment $payment_id via API ($api_key_name)", 0);
-    }
-}
-
-// Output
-require_once '../update_output.php';