AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

API code style tidy

This commit is contained in:
Marcus Hill 2023-01-01 16:00:07 +00:00
parent 6746edda1a
commit ff741c223e
22 changed files with 461 additions and 461 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

154
api/v1/assets/create.php
View File

@ -1,107 +1,107 @@
<?php
require('../validate_api_key.php');
require('../require_post_method.php');
require_once('../validate_api_key.php');
require_once('../require_post_method.php');
// Parse info
// Variable assignment - assigning blank if a value is not provided
if(isset($_POST['asset_name'])){
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_name'])));
} else{
$name = '';
if (isset($_POST['asset_name'])) {
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_name'])));
} else {
$name = '';
}
if(isset($_POST['asset_type'])){
$type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_type'])));
} else{
$type = '';
if (isset($_POST['asset_type'])) {
$type = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_type'])));
} else {
$type = '';
}
if(isset($_POST['asset_make'])){
$make = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_make'])));
} else{
$make = '';
if (isset($_POST['asset_make'])) {
$make = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_make'])));
} else {
$make = '';
}
if(isset($_POST['asset_model'])){
$model = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_model'])));
} else{
$model = '';
if (isset($_POST['asset_model'])) {
$model = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_model'])));
} else {
$model = '';
}
if(isset($_POST['asset_serial'])){
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_serial'])));
} else{
$serial = '';
if (isset($_POST['asset_serial'])) {
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_serial'])));
} else {
$serial = '';
}
if(isset($_POST['asset_os'])){
$os = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_os'])));
} else{
$os = '';
if (isset($_POST['asset_os'])) {
$os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
} else {
$os = '';
}
if(isset($_POST['asset_ip'])){
$aip = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_ip'])));
} else{
$aip = '';
if (isset($_POST['asset_ip'])) {
$aip = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_ip'])));
} else {
$aip = '';
}
if(isset($_POST['asset_mac'])){
$mac = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_mac'])));
} else{
$mac = '';
if (isset($_POST['asset_mac'])) {
$mac = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_mac'])));
} else {
$mac = '';
}
if(isset($_POST['asset_purchase_date'])){
$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_purchase_date'])));
} else{
$purchase_date = "0000-00-00";
if (isset($_POST['asset_purchase_date'])) {
$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_purchase_date'])));
} else {
$purchase_date = "0000-00-00";
}
if(isset($_POST['asset_warranty_expire'])){
$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_warranty_expire'])));
} else{
$warranty_expire = "0000-00-00";
if (isset($_POST['asset_warranty_expire'])) {
$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_warranty_expire'])));
} else {
$warranty_expire = "0000-00-00";
}
if(isset($_POST['asset_install_date'])){
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_install_date'])));
} else{
$install_date = "0000-00-00";
if (isset($_POST['asset_install_date'])) {
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_install_date'])));
} else {
$install_date = "0000-00-00";
}
if(isset($_POST['asset_notes'])){
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_notes'])));
} else{
$notes = '';
if (isset($_POST['asset_notes'])) {
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_notes'])));
} else {
$notes = '';
}
if(isset($_POST['asset_vendor_id'])){
$vendor = intval($_POST['asset_vendor_id']);
} else{
$vendor = '0';
if (isset($_POST['asset_vendor_id'])) {
$vendor = intval($_POST['asset_vendor_id']);
} else {
$vendor = '0';
}
if(isset($_POST['asset_location_id'])){
$location = intval($_POST['asset_location_id']);
} else{
$location = '0';
if (isset($_POST['asset_location_id'])) {
$location = intval($_POST['asset_location_id']);
} else {
$location = '0';
}
if(isset($_POST['asset_contact_id'])){
$contact = intval($_POST['asset_contact_id']);
} else{
$contact = '0';
if (isset($_POST['asset_contact_id'])) {
$contact = intval($_POST['asset_contact_id']);
} else {
$contact = '0';
}
if(isset($_POST['asset_network_id'])){
$network = intval($_POST['asset_network_id']);
} else{
$network = '0';
if (isset($_POST['asset_network_id'])) {
$network = intval($_POST['asset_network_id']);
} else {
$network = '0';
}
// Default
$insert_id = FALSE;
$insert_id = false;
if(!empty($name) && !empty($client_id)){
// Insert into Database
$insert_sql = mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
if (!empty($name) && !empty($client_id)) {
// Insert into Database
$insert_sql = mysqli_query($mysqli, "INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
if($insert_sql){
$insert_id = mysqli_insert_id($mysqli);
if ($insert_sql) {
$insert_id = mysqli_insert_id($mysqli);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
}
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
}
}
// Output
include('../create_output.php');
require_once('../create_output.php');

28
api/v1/assets/delete.php
View File

@ -1,28 +1,28 @@
<?php
require('../validate_api_key.php');
require_once('../validate_api_key.php');
require('../require_post_method.php');
require_once('../require_post_method.php');
// Parse ID
$asset_id = intval($_POST['asset_id']);
// Default
$delete_count = FALSE;
$delete_count = false;
if(!empty($asset_id)){
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
$asset_name = $row['asset_name'];
if (!empty($asset_id)) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
$asset_name = $row['asset_name'];
$delete_sql = mysqli_query($mysqli, "DELETE FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
$delete_sql = mysqli_query($mysqli, "DELETE FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
// Check delete & get affected rows
if($delete_sql && !empty($asset_name)){
$delete_count = mysqli_affected_rows($mysqli);
// Check delete & get affected rows
if ($delete_sql && !empty($asset_name)) {
$delete_count = mysqli_affected_rows($mysqli);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Deleted', log_description = '$asset_name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
}
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Deleted', log_description = '$asset_name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
}
}
// Output
include('../delete_output.php');
require_once('../delete_output.php');

40
api/v1/assets/read.php
View File

@ -1,42 +1,42 @@
<?php
require('../validate_api_key.php');
require('../require_get_method.php');
require_once('../validate_api_key.php');
require_once('../require_get_method.php');
// Asset via ID (single)
if(isset($_GET['asset_id'])){
$id = intval($_GET['asset_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$id' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id'");
if (isset($_GET['asset_id'])) {
$id = intval($_GET['asset_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$id' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// Asset query via type
elseif(isset($_GET['asset_type'])){
$type = mysqli_real_escape_string($mysqli,ucfirst($_GET['asset_type']));
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_type = '$type' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
elseif (isset($_GET['asset_type'])) {
$type = mysqli_real_escape_string($mysqli,ucfirst($_GET['asset_type']));
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_type = '$type' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}
// Asset query via name
elseif(isset($_GET['asset_name'])){
$name = mysqli_real_escape_string($mysqli,$_GET['asset_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_name = '$name' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
elseif (isset($_GET['asset_name'])) {
$name = mysqli_real_escape_string($mysqli, $_GET['asset_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_name = '$name' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}
// Asset query via serial
elseif(isset($_GET['asset_serial'])){
$serial = mysqli_real_escape_string($mysqli,$_GET['asset_serial']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_serial = '$serial' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
elseif (isset($_GET['asset_serial'])) {
$serial = mysqli_real_escape_string($mysqli, $_GET['asset_serial']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_serial = '$serial' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}
// Asset query via client ID
elseif(isset($_GET['client_id']) && $client_id == "%"){
$client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
elseif (isset($_GET['client_id']) && $client_id == "%") {
$client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}
// All assets
else{
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
else {
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}
// Output
include("../read_output.php");
require_once("../read_output.php");

200
api/v1/assets/update.php
View File

@ -1,116 +1,116 @@
<?php
require('../validate_api_key.php');
require('../require_post_method.php');
require_once('../validate_api_key.php');
require_once('../require_post_method.php');
// Parse ID
$asset_id = intval($_POST['asset_id']);
// Default
$update_count = FALSE;
$update_count = false;
if(!empty($asset_id)){
if (!empty($asset_id)) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$asset_id' AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$asset_id' AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
// Variable assignment - assigning the current database value if a value is not provided
if(isset($_POST['asset_name'])){
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_name'])));
} else{
$name = $row['asset_name'];
}
if(isset($_POST['asset_type'])){
$type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_type'])));
} else{
$type = $row['asset_type'];
}
if(isset($_POST['asset_make'])){
$make = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_make'])));
} else{
$make = $row['asset_make'];
}
if(isset($_POST['asset_model'])){
$model = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_model'])));
} else{
$model = $row['asset_model'];
}
if(isset($_POST['asset_serial'])){
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_serial'])));
} else{
$serial = $row['asset_serial'];
}
if(isset($_POST['asset_os'])){
$os = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_os'])));
} else{
$os = $row['asset_os'];
}
if(isset($_POST['asset_os'])){
$os = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_os'])));
} else{
$os = $row['asset_os'];
}
if(isset($_POST['asset_ip'])){
$aip = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_ip'])));
} else{
$aip = $row['asset_ip'];
}
if(isset($_POST['asset_mac'])){
$mac = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_mac'])));
} else{
$mac = $row['asset_mac'];
}
if(isset($_POST['asset_purchase_date'])){
$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_purchase_date'])));
} else{
$purchase_date = $row['asset_purchase_date'];
}
if(isset($_POST['asset_warranty_expire'])){
$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_warranty_expire'])));
} else{
$warranty_expire = $row['asset_warranty_expire'];
}
if(isset($_POST['asset_install_date'])){
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_install_date'])));
} else{
$install_date = $row['asset_install_date'];
}
if(isset($_POST['asset_notes'])){
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_notes'])));
} else{
$notes = $row['asset_notes'];
}
if(isset($_POST['asset_vendor_id'])){
$vendor = intval($_POST['asset_vendor_id']);
} else{
$vendor = $row['asset_vendor_id'];
}
if(isset($_POST['asset_location_id'])){
$location = intval($_POST['asset_location_id']);
} else{
$location = $row['asset_location_id'];
}
if(isset($_POST['asset_contact_id'])){
$contact = intval($_POST['asset_contact_id']);
} else{
$contact = $row['asset_contact_id'];
}
if(isset($_POST['asset_network_id'])){
$network = intval($_POST['asset_network_id']);
} else{
$network = $row['asset_network_id'];
}
// Variable assignment - assigning the current database value if a value is not provided
if (isset($_POST['asset_name'])) {
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_name'])));
} else {
$name = $row['asset_name'];
}
if (isset($_POST['asset_type'])) {
$type = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_type'])));
} else {
$type = $row['asset_type'];
}
if (isset($_POST['asset_make'])) {
$make = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_make'])));
} else {
$make = $row['asset_make'];
}
if (isset($_POST['asset_model'])) {
$model = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_model'])));
} else {
$model = $row['asset_model'];
}
if (isset($_POST['asset_serial'])) {
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_serial'])));
} else {
$serial = $row['asset_serial'];
}
if (isset($_POST['asset_os'])) {
$os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
} else {
$os = $row['asset_os'];
}
if (isset($_POST['asset_os'])) {
$os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
} else {
$os = $row['asset_os'];
}
if (isset($_POST['asset_ip'])) {
$aip = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_ip'])));
} else {
$aip = $row['asset_ip'];
}
if (isset($_POST['asset_mac'])) {
$mac = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_mac'])));
} else {
$mac = $row['asset_mac'];
}
if (isset($_POST['asset_purchase_date'])) {
$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_purchase_date'])));
} else {
$purchase_date = $row['asset_purchase_date'];
}
if (isset($_POST['asset_warranty_expire'])) {
$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_warranty_expire'])));
} else {
$warranty_expire = $row['asset_warranty_expire'];
}
if (isset($_POST['asset_install_date'])) {
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_install_date'])));
} else {
$install_date = $row['asset_install_date'];
}
if (isset($_POST['asset_notes'])) {
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_notes'])));
} else {
$notes = $row['asset_notes'];
}
if (isset($_POST['asset_vendor_id'])) {
$vendor = intval($_POST['asset_vendor_id']);
} else {
$vendor = $row['asset_vendor_id'];
}
if (isset($_POST['asset_location_id'])) {
$location = intval($_POST['asset_location_id']);
} else {
$location = $row['asset_location_id'];
}
if (isset($_POST['asset_contact_id'])) {
$contact = intval($_POST['asset_contact_id']);
} else {
$contact = $row['asset_contact_id'];
}
if (isset($_POST['asset_network_id'])) {
$network = intval($_POST['asset_network_id']);
} else {
$network = $row['asset_network_id'];
}
$update_sql = mysqli_query($mysqli,"UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_updated_at = NOW(), asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
$update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_updated_at = NOW(), asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
// Check insert & get insert ID
if($update_sql){
$update_count = mysqli_affected_rows($mysqli);
// Check insert & get insert ID
if ($update_sql) {
$update_count = mysqli_affected_rows($mysqli);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated asset $name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
}
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated asset $name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
}
}
// Output
include('../update_output.php');
require_once('../update_output.php');

28
api/v1/certificates/read.php
View File

@ -1,30 +1,30 @@
<?php
require('../validate_api_key.php');
require('../require_get_method.php');
require_once('../validate_api_key.php');
require_once('../require_get_method.php');
// Specific certificate via ID (single)
if(isset($_GET['certificate_id'])){
$id = intval($_GET['certificate_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = '$id' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id'");
if (isset($_GET['certificate_id'])) {
$id = intval($_GET['certificate_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = '$id' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// Certificate by name
elseif(isset($_GET['certificate_name'])){
$name = mysqli_real_escape_string($mysqli,$_GET['certificate_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_name = '$name' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
elseif (isset($_GET['certificate_name'])) {
$name = mysqli_real_escape_string($mysqli, $_GET['certificate_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_name = '$name' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
}
// Certificate via client ID (if allowed)
elseif(isset($_GET['client_id']) && $client_id == "%"){
$client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
elseif (isset($_GET['client_id']) && $client_id == "%") {
$client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
}
// All certificates
else{
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
else {
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
}
// Output
include("../read_output.php");
require_once("../read_output.php");

22
api/v1/clients/read.php
View File

@ -1,24 +1,24 @@
<?php
require('../validate_api_key.php');
require('../require_get_method.php');
require_once('../validate_api_key.php');
require_once('../require_get_method.php');
// Specific client via ID (single)
if(isset($_GET['client_id'])){
$id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = '$id' AND client_id LIKE '$client_id' AND company_id = '$company_id'");
if (isset($_GET['client_id'])) {
$id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = '$id' AND client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// Specific client via name (single)
elseif(isset($_GET['client_name'])){
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['client_name'])));
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_name = '$name' AND client_id LIKE '$client_id' AND company_id = '$company_id'");
elseif (isset($_GET['client_name'])) {
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_GET['client_name'])));
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_name = '$name' AND client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// All clients
else{
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY client_id LIMIT $limit OFFSET $offset");
else {
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY client_id LIMIT $limit OFFSET $offset");
}
// Output
include("../read_output.php");
require_once("../read_output.php");

12
api/v1/contacts/contact_model.php
View File

@ -1,13 +1,13 @@
<?php
define('number_regex', '/[^0-9]/');
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_name'])));
$title = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_title'])));
$department = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_department'])));
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_name'])));
$title = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_title'])));
$department = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_department'])));
$phone = preg_replace(number_regex, '', $_POST['contact_phone']);
$extension = preg_replace(number_regex, '', $_POST['contact_extension']);
$mobile = preg_replace(number_regex, '', $_POST['contact_mobile']);
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_email'])));
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_notes'])));
$auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_auth_method'])));
$email = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_email'])));
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_notes'])));
$auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_auth_method'])));
$location_id = intval($_POST['contact_location_id']);

36
api/v1/contacts/create.php
View File

@ -1,34 +1,34 @@
<?php
require('../validate_api_key.php');
require('../require_post_method.php');
require_once('../validate_api_key.php');
require_once('../require_post_method.php');
// Parse Info
include('contact_model.php');
require_once('contact_model.php');
// Default
$insert_id = FALSE;
if(!empty($name) && !empty($email) && !empty($client_id)){
if (!empty($name) && !empty($email) && !empty($client_id)) {
// Check contact with $email doesn't already exist
$email_duplication_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id = '$client_id'");
// Check contact with $email doesn't already exist
$email_duplication_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id = '$client_id'");
if(mysqli_num_rows($email_duplication_sql) == 0){
if (mysqli_num_rows($email_duplication_sql) == 0) {
// Insert contact
$insert_sql = mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_created_at = NOW(), contact_department = '$department', contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id");
// Insert contact
$insert_sql = mysqli_query($mysqli, "INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_created_at = NOW(), contact_department = '$department', contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id");
// Check insert & get insert ID
if ($insert_sql) {
$insert_id = mysqli_insert_id($mysqli);
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
}
// Check insert & get insert ID
if($insert_sql){
$insert_id = mysqli_insert_id($mysqli);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
}
}
}
// Output
include('../create_output.php');
require_once('../create_output.php');

26
api/v1/contacts/delete.php
View File

@ -1,7 +1,7 @@
<?php
require('../validate_api_key.php');
require('../require_post_method.php');
require_once('../validate_api_key.php');
require_once('../require_post_method.php');
// Parse ID
$contact_id = intval($_POST['contact_id']);
@ -9,20 +9,20 @@ $contact_id = intval($_POST['contact_id']);
// Default
$delete_count = FALSE;
if(!empty($contact_id)){
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
$contact_name = $row['contact_name'];
if (!empty($contact_id)) {
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
$contact_name = $row['contact_name'];
$delete_sql = mysqli_query($mysqli, "DELETE FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
$delete_sql = mysqli_query($mysqli, "DELETE FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
// Check delete & get affected rows
if($delete_sql && !empty($contact_name)){
$delete_count = mysqli_affected_rows($mysqli);
// Check delete & get affected rows
if ($delete_sql && !empty($contact_name)) {
$delete_count = mysqli_affected_rows($mysqli);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Deleted', log_description = '$contact_name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
}
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Deleted', log_description = '$contact_name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
}
}
// Output
include('../delete_output.php');
require_once('../delete_output.php');

14
api/v1/contacts/read.php
View File

@ -1,24 +1,24 @@
<?php
require('../validate_api_key.php');
require('../require_get_method.php');
require_once('../validate_api_key.php');
require_once('../require_get_method.php');
// Specific contact via ID (single)
if(isset($_GET['contact_id'])){
if (isset($_GET['contact_id'])) {
$id = intval($_GET['contact_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$id' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// Specific contact via email (single)
elseif(isset($_GET['contact_email'])){
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['contact_email'])));
elseif (isset($_GET['contact_email'])) {
$email = trim(strip_tags(mysqli_real_escape_string($mysqli, $_GET['contact_email'])));
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// All contacts
else{
else {
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY contact_id LIMIT $limit OFFSET $offset");
}
// Output
include("../read_output.php");
require_once("../read_output.php");

26
api/v1/contacts/update.php
View File

@ -1,28 +1,28 @@
<?php
require('../validate_api_key.php');
require('../require_post_method.php');
require_once('../validate_api_key.php');
require_once('../require_post_method.php');
// Parse Info
$contact_id = intval($_POST['contact_id']);
include('contact_model.php');
require_once('contact_model.php');
// Default
$update_count = FALSE;
if(!empty($name) && !empty($email)){
if (!empty($name) && !empty($email)) {
$update_sql = mysqli_query($mysqli,"UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_updated_at = NOW(), contact_department_id = $department, contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id WHERE contact_id = $contact_id LIMIT 1");
$update_sql = mysqli_query($mysqli, "UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_updated_at = NOW(), contact_department_id = $department, contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id WHERE contact_id = $contact_id LIMIT 1");
// Check insert & get insert ID
if($update_sql){
$update_count = mysqli_affected_rows($mysqli);
// Check insert & get insert ID
if ($update_sql) {
$update_count = mysqli_affected_rows($mysqli);
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
}
//Logging
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
}
}
// Output
include('../update_output.php');
require_once('../update_output.php');

20
api/v1/create_output.php
View File

@ -7,19 +7,19 @@
*/
// Check if the insert query was successful
if(isset($insert_id) && is_numeric($insert_id)){
// Insert successful
$return_arr['success'] = "True";
$return_arr['count'] = '1';
$return_arr['data'][] = [
'insert_id' => $insert_id
];
if (isset($insert_id) && is_numeric($insert_id)) {
// Insert successful
$return_arr['success'] = "True";
$return_arr['count'] = '1';
$return_arr['data'][] = [
'insert_id' => $insert_id
];
}
// Query returned false: something went wrong, or it was declined due to required variables missing
else{
$return_arr['success'] = "False";
$return_arr['message'] = "Auth success but insert query failed, ensure ALL required variables are provided (and aren't duplicates where applicable) and database schema is up-to-date. Turn on error logging and look for 'undefined index'.";
else {
$return_arr['success'] = "False";
$return_arr['message'] = "Auth success but insert query failed, ensure ALL required variables are provided (and aren't duplicates where applicable) and database schema is up-to-date. Turn on error logging and look for 'undefined index'.";
}
echo json_encode($return_arr);

14
api/v1/delete_output.php
View File

@ -7,16 +7,16 @@
*/
// Check if delete query was successful
if(isset($delete_count) && is_numeric($delete_count) && $delete_count > 0){
// Delete was successful
$return_arr['success'] = "True";
$return_arr['count'] = $delete_count;
if (isset($delete_count) && is_numeric($delete_count) && $delete_count > 0) {
// Delete was successful
$return_arr['success'] = "True";
$return_arr['count'] = $delete_count;
}
// Delete query returned false: something went wrong, or it was declined due to required variables missing
else{
$return_arr['success'] = "False";
$return_arr['message'] = "Auth success but delete query failed. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: asset/client/company ID mismatch.";
else {
$return_arr['success'] = "False";
$return_arr['message'] = "Auth success but delete query failed. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: asset/client/company ID mismatch.";
}
echo json_encode($return_arr);

28
api/v1/domains/read.php
View File

@ -1,30 +1,30 @@
<?php
require('../validate_api_key.php');
require('../require_get_method.php');
require_once('../validate_api_key.php');
require_once('../require_get_method.php');
// Specific domain via ID (single)
if(isset($_GET['domain_id'])){
$id = intval($_GET['domain_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = '$id' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id'");
if (isset($_GET['domain_id'])) {
$id = intval($_GET['domain_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = '$id' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// Domain by name
elseif(isset($_GET['domain_name'])){
$name = mysqli_real_escape_string($mysqli,$_GET['domain_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
elseif (isset($_GET['domain_name'])) {
$name = mysqli_real_escape_string($mysqli, $_GET['domain_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}
// Domain via client ID (if allowed)
elseif(isset($_GET['client_id']) && $client_id == "%"){
$client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
elseif (isset($_GET['client_id']) && $client_id == "%") {
$client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
}
// All domains
else{
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
else {
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
}
// Output
include("../read_output.php");
require_once("../read_output.php");

28
api/v1/networks/read.php
View File

@ -1,30 +1,30 @@
<?php
require('../validate_api_key.php');
require('../require_get_method.php');
require_once('../validate_api_key.php');
require_once('../require_get_method.php');
// Specific network via ID (single)
if(isset($_GET['network_id'])){
$id = intval($_GET['network_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = '$id' AND network_client_id LIKE '$client_id' AND company_id = '$company_id'");
if (isset($_GET['network_id'])) {
$id = intval($_GET['network_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = '$id' AND network_client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// Network by name
elseif(isset($_GET['network_name'])){
$name = mysqli_real_escape_string($mysqli,$_GET['network_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_name = '$name' AND network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
elseif (isset($_GET['network_name'])) {
$name = mysqli_real_escape_string($mysqli, $_GET['network_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_name = '$name' AND network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
}
// Network via client ID (if allowed)
elseif(isset($_GET['client_id']) && $client_id == "%"){
$client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
elseif (isset($_GET['client_id']) && $client_id == "%") {
$client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
}
// All networks
else{
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
else {
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
}
// Output
include("../read_output.php");
require_once("../read_output.php");

28
api/v1/read_output.php
View File

@ -6,21 +6,21 @@
* Returns success & data messages
*/
if($sql && mysqli_num_rows($sql) > 0){
$return_arr['success'] = "True";
$return_arr['count'] = mysqli_num_rows($sql);
if ($sql && mysqli_num_rows($sql) > 0) {
$return_arr['success'] = "True";
$return_arr['count'] = mysqli_num_rows($sql);
$row = array();
while($row = mysqli_fetch_array($sql)){
$return_arr['data'][] = $row;
}
$row = array();
while ($row = mysqli_fetch_array($sql)) {
$return_arr['data'][] = $row;
}
echo json_encode($return_arr);
exit();
echo json_encode($return_arr);
exit();
}
else{
$return_arr['success'] = "False";
$return_arr['message'] = "No resource (for this client and company) with the specified parameter(s).";
echo json_encode($return_arr);
exit();
else {
$return_arr['success'] = "False";
$return_arr['message'] = "No resource (for this client and company) with the specified parameter(s).";
echo json_encode($return_arr);
exit();
}

16
api/v1/require_get_method.php
View File

@ -1,13 +1,13 @@
<?php
if($_SERVER['REQUEST_METHOD'] !== "GET"){
header("HTTP/1.1 405 Method Not Allowed");
$return_arr['success'] = "False";
$return_arr['message'] = "Can only send GET requests to this endpoint.";
echo json_encode($return_arr);
exit();
if ($_SERVER['REQUEST_METHOD'] !== "GET") {
header("HTTP/1.1 405 Method Not Allowed");
$return_arr['success'] = "False";
$return_arr['message'] = "Can only send GET requests to this endpoint.";
echo json_encode($return_arr);
exit();
}
// Wildcard client ID for most SELECT queries
if($client_id == 0){
$client_id = "%";
if ($client_id == 0) {
$client_id = "%";
}

16
api/v1/require_post_method.php
View File

@ -1,14 +1,14 @@
<?php
if($_SERVER['REQUEST_METHOD'] !== "POST"){
header("HTTP/1.1 405 Method Not Allowed");
$return_arr['success'] = "False";
$return_arr['message'] = "Can only send POST requests to this endpoint.";
echo json_encode($return_arr);
exit();
if ($_SERVER['REQUEST_METHOD'] !== "POST") {
header("HTTP/1.1 405 Method Not Allowed");
$return_arr['success'] = "False";
$return_arr['message'] = "Can only send POST requests to this endpoint.";
echo json_encode($return_arr);
exit();
}
// Client ID must be specific for INSERT/UPDATE/DELETE queries
// If this API key allows any client, set $client_id to the one specified, else leave it
if($client_id == 0){
$client_id = intval($_POST['client_id']);
if ($client_id == 0) {
$client_id = intval($_POST['client_id']);
}

40
api/v1/software/read.php
View File

@ -1,42 +1,42 @@
<?php
require('../validate_api_key.php');
require('../require_get_method.php');
require_once('../validate_api_key.php');
require_once('../require_get_method.php');
// Specific software via ID (single)
if(isset($_GET['software_id'])){
$id = intval($_GET['software_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$id' AND software_client_id LIKE '$client_id' AND company_id = '$company_id'");
if (isset($_GET['software_id'])) {
$id = intval($_GET['software_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$id' AND software_client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// Specific software via License ID
if(isset($_GET['software_license'])){
$license = mysqli_real_escape_string($mysqli,$_GET['software_license']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_license_type = '$license' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
if (isset($_GET['software_license'])) {
$license = mysqli_real_escape_string($mysqli, $_GET['software_license']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_license_type = '$license' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
}
// Software by name
elseif(isset($_GET['software_name'])){
$name = mysqli_real_escape_string($mysqli,$_GET['software_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_name = '$name' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
elseif (isset($_GET['software_name'])) {
$name = mysqli_real_escape_string($mysqli, $_GET['software_name']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_name = '$name' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
}
// Software via type
elseif(isset($_GET['software_type'])){
$type = intval($_GET['software_type']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_type = '$type' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
elseif (isset($_GET['software_type'])) {
$type = intval($_GET['software_type']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_type = '$type' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
}
// Software via client ID (if allowed)
elseif(isset($_GET['client_id']) && $client_id == "%"){
$client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
elseif (isset($_GET['client_id']) && $client_id == "%") {
$client_id = intval($_GET['client_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
}
// All software(s)
else{
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
else {
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
}
// Output
include("../read_output.php");
require_once("../read_output.php");

16
api/v1/tickets/read.php
View File

@ -1,18 +1,18 @@
<?php
require('../validate_api_key.php');
require('../require_get_method.php');
require_once('../validate_api_key.php');
require_once('../require_get_method.php');
// Specific ticket via ID (single)
if(isset($_GET['ticket_id'])){
$id = intval($_GET['ticket_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$id' AND ticket_client_id LIKE '$client_id' AND company_id = '$company_id'");
if (isset($_GET['ticket_id'])) {
$id = intval($_GET['ticket_id']);
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$id' AND ticket_client_id LIKE '$client_id' AND company_id = '$company_id'");
}
// All tickets
else{
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset");
else {
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset");
}
// Output
include("../read_output.php");
require_once("../read_output.php");

14
api/v1/update_output.php
View File

@ -7,16 +7,16 @@
*/
// Check if the insert query was successful
if(isset($update_count) && is_numeric($update_count) && $update_count > 0){
// Insert successful
$return_arr['success'] = "True";
$return_arr['count'] = $update_count;
if (isset($update_count) && is_numeric($update_count) && $update_count > 0) {
// Insert successful
$return_arr['success'] = "True";
$return_arr['count'] = $update_count;
}
// Query returned false: something went wrong, or it was declined due to required variables missing
else{
$return_arr['success'] = "False";
$return_arr['message'] = "Auth success but update query failed/returned no results. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: non-existent module ID (contact ID/ticket ID/etc)";
else {
$return_arr['success'] = "False";
$return_arr['message'] = "Auth success but update query failed/returned no results. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: non-existent module ID (contact ID/ticket ID/etc)";
}
echo json_encode($return_arr);

116
api/v1/validate_api_key.php
View File

@ -7,8 +7,8 @@
*/
// Includes
include( __DIR__ . '../../../functions.php');
include(__DIR__ . "../../../config.php");
require_once( __DIR__ . '../../../functions.php');
require_once(__DIR__ . "../../../config.php");
// JSON header
header('Content-Type: application/json');
@ -17,9 +17,9 @@ header('Content-Type: application/json');
$_POST = json_decode(file_get_contents('php://input'), true);
// Get user IP
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
$ip = strip_tags(mysqli_real_escape_string($mysqli, get_ip()));
// Get user agent
$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
$user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
// Setup return array
$return_arr = array();
@ -43,75 +43,75 @@ DEFINE("WORDING_UNAUTHORIZED", "HTTP/1.1 401 Unauthorized");
*/
// Decline methods other than GET/POST
if($_SERVER['REQUEST_METHOD'] !== "GET" && $_SERVER['REQUEST_METHOD'] !== "POST"){
header("HTTP/1.1 405 Method Not Allowed");
var_dump($_SERVER['REQUEST_METHOD']);
exit();
if ($_SERVER['REQUEST_METHOD'] !== "GET" && $_SERVER['REQUEST_METHOD'] !== "POST") {
header("HTTP/1.1 405 Method Not Allowed");
var_dump($_SERVER['REQUEST_METHOD']);
exit();
}
// Check API key is provided
if(!isset($_GET['api_key']) && !isset($_POST['api_key'])){
header(WORDING_UNAUTHORIZED);
exit();
if (!isset($_GET['api_key']) && !isset($_POST['api_key'])) {
header(WORDING_UNAUTHORIZED);
exit();
}
// Set API key variable
if(isset($_GET['api_key'])){
$api_key = $_GET['api_key'];
if (isset($_GET['api_key'])) {
$api_key = $_GET['api_key'];
}
if(isset($_POST['api_key'])){
$api_key = $_POST['api_key'];
if (isset($_POST['api_key'])) {
$api_key = $_POST['api_key'];
}
// Validate API key
if(isset($api_key)){
$api_key = mysqli_real_escape_string($mysqli,$api_key);
if (isset($api_key)) {
$api_key = mysqli_real_escape_string($mysqli, $api_key);
$sql = mysqli_query($mysqli,"SELECT * FROM api_keys WHERE api_key_secret = '$api_key' AND api_key_expire > NOW() LIMIT 1");
$sql = mysqli_query($mysqli, "SELECT * FROM api_keys WHERE api_key_secret = '$api_key' AND api_key_expire > NOW() LIMIT 1");
// Failed
if(mysqli_num_rows($sql) !== 1){
// Invalid Key
header(WORDING_UNAUTHORIZED);
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired Key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
// Failed
if (mysqli_num_rows($sql) !== 1) {
// Invalid Key
header(WORDING_UNAUTHORIZED);
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired Key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
$return_arr['success'] = "False";
$return_arr['message'] = "API Key authentication failure or expired.";
$return_arr['success'] = "False";
$return_arr['message'] = "API Key authentication failure or expired.";
header(WORDING_UNAUTHORIZED);
echo json_encode($return_arr);
exit();
}
// Success
else{
// Set client ID, company ID & key name
$row = mysqli_fetch_array($sql);
$api_key_name = $row['api_key_name'];
$client_id = $row['api_key_client_id'];
$company_id = $row['company_id'];
// Set limit & offset for queries
if(isset($_GET['limit'])){
$limit = intval($_GET['limit']);
}
elseif(isset($_POST['limit'])){
$limit = intval($_POST['limit']);
}
else{
$limit = 50;
header(WORDING_UNAUTHORIZED);
echo json_encode($return_arr);
exit();
}
if(isset($_GET['offset'])){
$offset = intval($_GET['offset']);
}
elseif(isset($_POST['offset'])){
$offset = intval($_POST['offset']);
}
else{
$offset = 0;
}
// Success
else {
}
// Set client ID, company ID & key name
$row = mysqli_fetch_array($sql);
$api_key_name = $row['api_key_name'];
$client_id = $row['api_key_client_id'];
$company_id = $row['company_id'];
// Set limit & offset for queries
if (isset($_GET['limit'])) {
$limit = intval($_GET['limit']);
}
elseif (isset($_POST['limit'])) {
$limit = intval($_POST['limit']);
}
else {
$limit = 50;
}
if (isset($_GET['offset'])) {
$offset = intval($_GET['offset']);
}
elseif (isset($_POST['offset'])) {
$offset = intval($_POST['offset']);
}
else {
$offset = 0;
}
}
}