mirror of
https://github.com/itflow-org/itflow
synced 2026-03-11 00:04:50 +00:00
API code style tidy
This commit is contained in:
Marcus Hill
@@ -1,107 +1,107 @@
|
|||||||
<?php
|
<?php
|
||||||
require('../validate_api_key.php');
|
|
||||||
|
|
||||||
require('../require_post_method.php');
|
require_once('../validate_api_key.php');
|
||||||
|
require_once('../require_post_method.php');
|
||||||
|
|
||||||
// Parse info
|
// Parse info
|
||||||
|
|
||||||
// Variable assignment - assigning blank if a value is not provided
|
// Variable assignment - assigning blank if a value is not provided
|
||||||
if(isset($_POST['asset_name'])){
|
if (isset($_POST['asset_name'])) {
|
||||||
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_name'])));
|
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_name'])));
|
||||||
} else{
|
} else {
|
||||||
$name = '';
|
$name = '';
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_type'])){
|
if (isset($_POST['asset_type'])) {
|
||||||
$type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_type'])));
|
$type = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_type'])));
|
||||||
} else{
|
} else {
|
||||||
$type = '';
|
$type = '';
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_make'])){
|
if (isset($_POST['asset_make'])) {
|
||||||
$make = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_make'])));
|
$make = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_make'])));
|
||||||
} else{
|
} else {
|
||||||
$make = '';
|
$make = '';
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_model'])){
|
if (isset($_POST['asset_model'])) {
|
||||||
$model = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_model'])));
|
$model = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_model'])));
|
||||||
} else{
|
} else {
|
||||||
$model = '';
|
$model = '';
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_serial'])){
|
if (isset($_POST['asset_serial'])) {
|
||||||
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_serial'])));
|
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_serial'])));
|
||||||
} else{
|
} else {
|
||||||
$serial = '';
|
$serial = '';
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_os'])){
|
if (isset($_POST['asset_os'])) {
|
||||||
$os = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_os'])));
|
$os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
|
||||||
} else{
|
} else {
|
||||||
$os = '';
|
$os = '';
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_ip'])){
|
if (isset($_POST['asset_ip'])) {
|
||||||
$aip = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_ip'])));
|
$aip = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_ip'])));
|
||||||
} else{
|
} else {
|
||||||
$aip = '';
|
$aip = '';
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_mac'])){
|
if (isset($_POST['asset_mac'])) {
|
||||||
$mac = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_mac'])));
|
$mac = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_mac'])));
|
||||||
} else{
|
} else {
|
||||||
$mac = '';
|
$mac = '';
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_purchase_date'])){
|
if (isset($_POST['asset_purchase_date'])) {
|
||||||
$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_purchase_date'])));
|
$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_purchase_date'])));
|
||||||
} else{
|
} else {
|
||||||
$purchase_date = "0000-00-00";
|
$purchase_date = "0000-00-00";
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_warranty_expire'])){
|
if (isset($_POST['asset_warranty_expire'])) {
|
||||||
$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_warranty_expire'])));
|
$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_warranty_expire'])));
|
||||||
} else{
|
} else {
|
||||||
$warranty_expire = "0000-00-00";
|
$warranty_expire = "0000-00-00";
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_install_date'])){
|
if (isset($_POST['asset_install_date'])) {
|
||||||
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_install_date'])));
|
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_install_date'])));
|
||||||
} else{
|
} else {
|
||||||
$install_date = "0000-00-00";
|
$install_date = "0000-00-00";
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_notes'])){
|
if (isset($_POST['asset_notes'])) {
|
||||||
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_notes'])));
|
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_notes'])));
|
||||||
} else{
|
} else {
|
||||||
$notes = '';
|
$notes = '';
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_vendor_id'])){
|
if (isset($_POST['asset_vendor_id'])) {
|
||||||
$vendor = intval($_POST['asset_vendor_id']);
|
$vendor = intval($_POST['asset_vendor_id']);
|
||||||
} else{
|
} else {
|
||||||
$vendor = '0';
|
$vendor = '0';
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_location_id'])){
|
if (isset($_POST['asset_location_id'])) {
|
||||||
$location = intval($_POST['asset_location_id']);
|
$location = intval($_POST['asset_location_id']);
|
||||||
} else{
|
} else {
|
||||||
$location = '0';
|
$location = '0';
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_contact_id'])){
|
if (isset($_POST['asset_contact_id'])) {
|
||||||
$contact = intval($_POST['asset_contact_id']);
|
$contact = intval($_POST['asset_contact_id']);
|
||||||
} else{
|
} else {
|
||||||
$contact = '0';
|
$contact = '0';
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_network_id'])){
|
if (isset($_POST['asset_network_id'])) {
|
||||||
$network = intval($_POST['asset_network_id']);
|
$network = intval($_POST['asset_network_id']);
|
||||||
} else{
|
} else {
|
||||||
$network = '0';
|
$network = '0';
|
||||||
}
|
}
|
||||||
|
|
||||||
// Default
|
// Default
|
||||||
$insert_id = FALSE;
|
$insert_id = false;
|
||||||
|
|
||||||
if(!empty($name) && !empty($client_id)){
|
if (!empty($name) && !empty($client_id)) {
|
||||||
// Insert into Database
|
// Insert into Database
|
||||||
$insert_sql = mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
|
$insert_sql = mysqli_query($mysqli, "INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_created_at = NOW(), asset_network_id = $network, asset_client_id = $client_id, company_id = '$company_id'");
|
||||||
|
|
||||||
if($insert_sql){
|
if ($insert_sql) {
|
||||||
$insert_id = mysqli_insert_id($mysqli);
|
$insert_id = mysqli_insert_id($mysqli);
|
||||||
|
|
||||||
//Logging
|
//Logging
|
||||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
|
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
|
||||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
|
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created asset $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = '$client_id', company_id = $company_id");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Output
|
// Output
|
||||||
include('../create_output.php');
|
require_once('../create_output.php');
|
||||||
|
|||||||
@@ -1,28 +1,28 @@
|
|||||||
<?php
|
<?php
|
||||||
require('../validate_api_key.php');
|
require_once('../validate_api_key.php');
|
||||||
|
|
||||||
require('../require_post_method.php');
|
require_once('../require_post_method.php');
|
||||||
|
|
||||||
// Parse ID
|
// Parse ID
|
||||||
$asset_id = intval($_POST['asset_id']);
|
$asset_id = intval($_POST['asset_id']);
|
||||||
|
|
||||||
// Default
|
// Default
|
||||||
$delete_count = FALSE;
|
$delete_count = false;
|
||||||
|
|
||||||
if(!empty($asset_id)){
|
if (!empty($asset_id)) {
|
||||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
|
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
|
||||||
$asset_name = $row['asset_name'];
|
$asset_name = $row['asset_name'];
|
||||||
|
|
||||||
$delete_sql = mysqli_query($mysqli, "DELETE FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
|
$delete_sql = mysqli_query($mysqli, "DELETE FROM assets WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
|
||||||
|
|
||||||
// Check delete & get affected rows
|
// Check delete & get affected rows
|
||||||
if($delete_sql && !empty($asset_name)){
|
if ($delete_sql && !empty($asset_name)) {
|
||||||
$delete_count = mysqli_affected_rows($mysqli);
|
$delete_count = mysqli_affected_rows($mysqli);
|
||||||
|
|
||||||
//Logging
|
//Logging
|
||||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Deleted', log_description = '$asset_name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
|
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Deleted', log_description = '$asset_name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Output
|
// Output
|
||||||
include('../delete_output.php');
|
require_once('../delete_output.php');
|
||||||
@@ -1,42 +1,42 @@
|
|||||||
<?php
|
<?php
|
||||||
require('../validate_api_key.php');
|
|
||||||
|
|
||||||
require('../require_get_method.php');
|
require_once('../validate_api_key.php');
|
||||||
|
require_once('../require_get_method.php');
|
||||||
|
|
||||||
// Asset via ID (single)
|
// Asset via ID (single)
|
||||||
if(isset($_GET['asset_id'])){
|
if (isset($_GET['asset_id'])) {
|
||||||
$id = intval($_GET['asset_id']);
|
$id = intval($_GET['asset_id']);
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$id' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$id' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Asset query via type
|
// Asset query via type
|
||||||
elseif(isset($_GET['asset_type'])){
|
elseif (isset($_GET['asset_type'])) {
|
||||||
$type = mysqli_real_escape_string($mysqli,ucfirst($_GET['asset_type']));
|
$type = mysqli_real_escape_string($mysqli,ucfirst($_GET['asset_type']));
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_type = '$type' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_type = '$type' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Asset query via name
|
// Asset query via name
|
||||||
elseif(isset($_GET['asset_name'])){
|
elseif (isset($_GET['asset_name'])) {
|
||||||
$name = mysqli_real_escape_string($mysqli,$_GET['asset_name']);
|
$name = mysqli_real_escape_string($mysqli, $_GET['asset_name']);
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_name = '$name' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_name = '$name' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Asset query via serial
|
// Asset query via serial
|
||||||
elseif(isset($_GET['asset_serial'])){
|
elseif (isset($_GET['asset_serial'])) {
|
||||||
$serial = mysqli_real_escape_string($mysqli,$_GET['asset_serial']);
|
$serial = mysqli_real_escape_string($mysqli, $_GET['asset_serial']);
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_serial = '$serial' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_serial = '$serial' AND asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Asset query via client ID
|
// Asset query via client ID
|
||||||
elseif(isset($_GET['client_id']) && $client_id == "%"){
|
elseif (isset($_GET['client_id']) && $client_id == "%") {
|
||||||
$client_id = intval($_GET['client_id']);
|
$client_id = intval($_GET['client_id']);
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||||
}
|
}
|
||||||
|
|
||||||
// All assets
|
// All assets
|
||||||
else{
|
else {
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
$sql = mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Output
|
// Output
|
||||||
include("../read_output.php");
|
require_once("../read_output.php");
|
||||||
@@ -1,116 +1,116 @@
|
|||||||
<?php
|
<?php
|
||||||
require('../validate_api_key.php');
|
|
||||||
|
|
||||||
require('../require_post_method.php');
|
require_once('../validate_api_key.php');
|
||||||
|
require_once('../require_post_method.php');
|
||||||
|
|
||||||
// Parse ID
|
// Parse ID
|
||||||
$asset_id = intval($_POST['asset_id']);
|
$asset_id = intval($_POST['asset_id']);
|
||||||
|
|
||||||
// Default
|
// Default
|
||||||
$update_count = FALSE;
|
$update_count = false;
|
||||||
|
|
||||||
if(!empty($asset_id)){
|
if (!empty($asset_id)) {
|
||||||
|
|
||||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$asset_id' AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
|
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM assets WHERE asset_id = '$asset_id' AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
|
||||||
|
|
||||||
// Variable assignment - assigning the current database value if a value is not provided
|
// Variable assignment - assigning the current database value if a value is not provided
|
||||||
if(isset($_POST['asset_name'])){
|
if (isset($_POST['asset_name'])) {
|
||||||
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_name'])));
|
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_name'])));
|
||||||
} else{
|
} else {
|
||||||
$name = $row['asset_name'];
|
$name = $row['asset_name'];
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_type'])){
|
if (isset($_POST['asset_type'])) {
|
||||||
$type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_type'])));
|
$type = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_type'])));
|
||||||
} else{
|
} else {
|
||||||
$type = $row['asset_type'];
|
$type = $row['asset_type'];
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_make'])){
|
if (isset($_POST['asset_make'])) {
|
||||||
$make = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_make'])));
|
$make = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_make'])));
|
||||||
} else{
|
} else {
|
||||||
$make = $row['asset_make'];
|
$make = $row['asset_make'];
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_model'])){
|
if (isset($_POST['asset_model'])) {
|
||||||
$model = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_model'])));
|
$model = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_model'])));
|
||||||
} else{
|
} else {
|
||||||
$model = $row['asset_model'];
|
$model = $row['asset_model'];
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_serial'])){
|
if (isset($_POST['asset_serial'])) {
|
||||||
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_serial'])));
|
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_serial'])));
|
||||||
} else{
|
} else {
|
||||||
$serial = $row['asset_serial'];
|
$serial = $row['asset_serial'];
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_os'])){
|
if (isset($_POST['asset_os'])) {
|
||||||
$os = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_os'])));
|
$os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
|
||||||
} else{
|
} else {
|
||||||
$os = $row['asset_os'];
|
$os = $row['asset_os'];
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_os'])){
|
if (isset($_POST['asset_os'])) {
|
||||||
$os = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_os'])));
|
$os = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_os'])));
|
||||||
} else{
|
} else {
|
||||||
$os = $row['asset_os'];
|
$os = $row['asset_os'];
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_ip'])){
|
if (isset($_POST['asset_ip'])) {
|
||||||
$aip = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_ip'])));
|
$aip = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_ip'])));
|
||||||
} else{
|
} else {
|
||||||
$aip = $row['asset_ip'];
|
$aip = $row['asset_ip'];
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_mac'])){
|
if (isset($_POST['asset_mac'])) {
|
||||||
$mac = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_mac'])));
|
$mac = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_mac'])));
|
||||||
} else{
|
} else {
|
||||||
$mac = $row['asset_mac'];
|
$mac = $row['asset_mac'];
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_purchase_date'])){
|
if (isset($_POST['asset_purchase_date'])) {
|
||||||
$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_purchase_date'])));
|
$purchase_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_purchase_date'])));
|
||||||
} else{
|
} else {
|
||||||
$purchase_date = $row['asset_purchase_date'];
|
$purchase_date = $row['asset_purchase_date'];
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_warranty_expire'])){
|
if (isset($_POST['asset_warranty_expire'])) {
|
||||||
$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_warranty_expire'])));
|
$warranty_expire = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_warranty_expire'])));
|
||||||
} else{
|
} else {
|
||||||
$warranty_expire = $row['asset_warranty_expire'];
|
$warranty_expire = $row['asset_warranty_expire'];
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_install_date'])){
|
if (isset($_POST['asset_install_date'])) {
|
||||||
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_install_date'])));
|
$install_date = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_install_date'])));
|
||||||
} else{
|
} else {
|
||||||
$install_date = $row['asset_install_date'];
|
$install_date = $row['asset_install_date'];
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_notes'])){
|
if (isset($_POST['asset_notes'])) {
|
||||||
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['asset_notes'])));
|
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['asset_notes'])));
|
||||||
} else{
|
} else {
|
||||||
$notes = $row['asset_notes'];
|
$notes = $row['asset_notes'];
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_vendor_id'])){
|
if (isset($_POST['asset_vendor_id'])) {
|
||||||
$vendor = intval($_POST['asset_vendor_id']);
|
$vendor = intval($_POST['asset_vendor_id']);
|
||||||
} else{
|
} else {
|
||||||
$vendor = $row['asset_vendor_id'];
|
$vendor = $row['asset_vendor_id'];
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_location_id'])){
|
if (isset($_POST['asset_location_id'])) {
|
||||||
$location = intval($_POST['asset_location_id']);
|
$location = intval($_POST['asset_location_id']);
|
||||||
} else{
|
} else {
|
||||||
$location = $row['asset_location_id'];
|
$location = $row['asset_location_id'];
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_contact_id'])){
|
if (isset($_POST['asset_contact_id'])) {
|
||||||
$contact = intval($_POST['asset_contact_id']);
|
$contact = intval($_POST['asset_contact_id']);
|
||||||
} else{
|
} else {
|
||||||
$contact = $row['asset_contact_id'];
|
$contact = $row['asset_contact_id'];
|
||||||
}
|
}
|
||||||
if(isset($_POST['asset_network_id'])){
|
if (isset($_POST['asset_network_id'])) {
|
||||||
$network = intval($_POST['asset_network_id']);
|
$network = intval($_POST['asset_network_id']);
|
||||||
} else{
|
} else {
|
||||||
$network = $row['asset_network_id'];
|
$network = $row['asset_network_id'];
|
||||||
}
|
}
|
||||||
|
|
||||||
$update_sql = mysqli_query($mysqli,"UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_updated_at = NOW(), asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
|
$update_sql = mysqli_query($mysqli, "UPDATE assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_ip = '$aip', asset_mac = '$mac', asset_location_id = $location, asset_vendor_id = $vendor, asset_contact_id = $contact, asset_purchase_date = '$purchase_date', asset_warranty_expire = '$warranty_expire', asset_install_date = '$install_date', asset_notes = '$notes', asset_updated_at = NOW(), asset_network_id = $network WHERE asset_id = $asset_id AND asset_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
|
||||||
|
|
||||||
// Check insert & get insert ID
|
// Check insert & get insert ID
|
||||||
if($update_sql){
|
if ($update_sql) {
|
||||||
$update_count = mysqli_affected_rows($mysqli);
|
$update_count = mysqli_affected_rows($mysqli);
|
||||||
|
|
||||||
//Logging
|
//Logging
|
||||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Asset', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
|
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Asset', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
|
||||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated asset $name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
|
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated asset $name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Output
|
// Output
|
||||||
include('../update_output.php');
|
require_once('../update_output.php');
|
||||||
@@ -1,30 +1,30 @@
|
|||||||
<?php
|
<?php
|
||||||
require('../validate_api_key.php');
|
|
||||||
|
|
||||||
require('../require_get_method.php');
|
require_once('../validate_api_key.php');
|
||||||
|
require_once('../require_get_method.php');
|
||||||
|
|
||||||
// Specific certificate via ID (single)
|
// Specific certificate via ID (single)
|
||||||
if(isset($_GET['certificate_id'])){
|
if (isset($_GET['certificate_id'])) {
|
||||||
$id = intval($_GET['certificate_id']);
|
$id = intval($_GET['certificate_id']);
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = '$id' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_id = '$id' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Certificate by name
|
// Certificate by name
|
||||||
elseif(isset($_GET['certificate_name'])){
|
elseif (isset($_GET['certificate_name'])) {
|
||||||
$name = mysqli_real_escape_string($mysqli,$_GET['certificate_name']);
|
$name = mysqli_real_escape_string($mysqli, $_GET['certificate_name']);
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_name = '$name' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
|
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_name = '$name' AND certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Certificate via client ID (if allowed)
|
// Certificate via client ID (if allowed)
|
||||||
elseif(isset($_GET['client_id']) && $client_id == "%"){
|
elseif (isset($_GET['client_id']) && $client_id == "%") {
|
||||||
$client_id = intval($_GET['client_id']);
|
$client_id = intval($_GET['client_id']);
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
|
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id = '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
|
||||||
}
|
}
|
||||||
|
|
||||||
// All certificates
|
// All certificates
|
||||||
else{
|
else {
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
|
$sql = mysqli_query($mysqli, "SELECT * FROM certificates WHERE certificate_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY certificate_id LIMIT $limit OFFSET $offset");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Output
|
// Output
|
||||||
include("../read_output.php");
|
require_once("../read_output.php");
|
||||||
@@ -1,24 +1,24 @@
|
|||||||
<?php
|
<?php
|
||||||
require('../validate_api_key.php');
|
|
||||||
|
|
||||||
require('../require_get_method.php');
|
require_once('../validate_api_key.php');
|
||||||
|
require_once('../require_get_method.php');
|
||||||
|
|
||||||
// Specific client via ID (single)
|
// Specific client via ID (single)
|
||||||
if(isset($_GET['client_id'])){
|
if (isset($_GET['client_id'])) {
|
||||||
$id = intval($_GET['client_id']);
|
$id = intval($_GET['client_id']);
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = '$id' AND client_id LIKE '$client_id' AND company_id = '$company_id'");
|
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id = '$id' AND client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Specific client via name (single)
|
// Specific client via name (single)
|
||||||
elseif(isset($_GET['client_name'])){
|
elseif (isset($_GET['client_name'])) {
|
||||||
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['client_name'])));
|
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_GET['client_name'])));
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_name = '$name' AND client_id LIKE '$client_id' AND company_id = '$company_id'");
|
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_name = '$name' AND client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||||
}
|
}
|
||||||
|
|
||||||
// All clients
|
// All clients
|
||||||
else{
|
else {
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY client_id LIMIT $limit OFFSET $offset");
|
$sql = mysqli_query($mysqli, "SELECT * FROM clients WHERE client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY client_id LIMIT $limit OFFSET $offset");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Output
|
// Output
|
||||||
include("../read_output.php");
|
require_once("../read_output.php");
|
||||||
@@ -1,13 +1,13 @@
|
|||||||
<?php
|
<?php
|
||||||
define('number_regex', '/[^0-9]/');
|
define('number_regex', '/[^0-9]/');
|
||||||
|
|
||||||
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_name'])));
|
$name = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_name'])));
|
||||||
$title = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_title'])));
|
$title = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_title'])));
|
||||||
$department = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_department'])));
|
$department = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_department'])));
|
||||||
$phone = preg_replace(number_regex, '', $_POST['contact_phone']);
|
$phone = preg_replace(number_regex, '', $_POST['contact_phone']);
|
||||||
$extension = preg_replace(number_regex, '', $_POST['contact_extension']);
|
$extension = preg_replace(number_regex, '', $_POST['contact_extension']);
|
||||||
$mobile = preg_replace(number_regex, '', $_POST['contact_mobile']);
|
$mobile = preg_replace(number_regex, '', $_POST['contact_mobile']);
|
||||||
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_email'])));
|
$email = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_email'])));
|
||||||
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_notes'])));
|
$notes = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_notes'])));
|
||||||
$auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['contact_auth_method'])));
|
$auth_method = trim(strip_tags(mysqli_real_escape_string($mysqli, $_POST['contact_auth_method'])));
|
||||||
$location_id = intval($_POST['contact_location_id']);
|
$location_id = intval($_POST['contact_location_id']);
|
||||||
@@ -1,34 +1,34 @@
|
|||||||
<?php
|
<?php
|
||||||
require('../validate_api_key.php');
|
|
||||||
|
|
||||||
require('../require_post_method.php');
|
require_once('../validate_api_key.php');
|
||||||
|
require_once('../require_post_method.php');
|
||||||
|
|
||||||
// Parse Info
|
// Parse Info
|
||||||
include('contact_model.php');
|
require_once('contact_model.php');
|
||||||
|
|
||||||
// Default
|
// Default
|
||||||
$insert_id = FALSE;
|
$insert_id = FALSE;
|
||||||
|
|
||||||
if(!empty($name) && !empty($email) && !empty($client_id)){
|
if (!empty($name) && !empty($email) && !empty($client_id)) {
|
||||||
|
|
||||||
// Check contact with $email doesn't already exist
|
// Check contact with $email doesn't already exist
|
||||||
$email_duplication_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id = '$client_id'");
|
$email_duplication_sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id = '$client_id'");
|
||||||
|
|
||||||
if(mysqli_num_rows($email_duplication_sql) == 0){
|
if (mysqli_num_rows($email_duplication_sql) == 0) {
|
||||||
|
|
||||||
// Insert contact
|
// Insert contact
|
||||||
$insert_sql = mysqli_query($mysqli,"INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_created_at = NOW(), contact_department = '$department', contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id");
|
$insert_sql = mysqli_query($mysqli, "INSERT INTO contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_created_at = NOW(), contact_department = '$department', contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id");
|
||||||
|
|
||||||
|
// Check insert & get insert ID
|
||||||
|
if ($insert_sql) {
|
||||||
|
$insert_id = mysqli_insert_id($mysqli);
|
||||||
|
//Logging
|
||||||
|
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
|
||||||
|
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
|
||||||
|
}
|
||||||
|
|
||||||
// Check insert & get insert ID
|
|
||||||
if($insert_sql){
|
|
||||||
$insert_id = mysqli_insert_id($mysqli);
|
|
||||||
//Logging
|
|
||||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Created', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
|
|
||||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Created contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// Output
|
// Output
|
||||||
include('../create_output.php');
|
require_once('../create_output.php');
|
||||||
@@ -1,7 +1,7 @@
|
|||||||
<?php
|
<?php
|
||||||
require('../validate_api_key.php');
|
|
||||||
|
|
||||||
require('../require_post_method.php');
|
require_once('../validate_api_key.php');
|
||||||
|
require_once('../require_post_method.php');
|
||||||
|
|
||||||
// Parse ID
|
// Parse ID
|
||||||
$contact_id = intval($_POST['contact_id']);
|
$contact_id = intval($_POST['contact_id']);
|
||||||
@@ -9,20 +9,20 @@ $contact_id = intval($_POST['contact_id']);
|
|||||||
// Default
|
// Default
|
||||||
$delete_count = FALSE;
|
$delete_count = FALSE;
|
||||||
|
|
||||||
if(!empty($contact_id)){
|
if (!empty($contact_id)) {
|
||||||
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
|
$row = mysqli_fetch_assoc(mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1"));
|
||||||
$contact_name = $row['contact_name'];
|
$contact_name = $row['contact_name'];
|
||||||
|
|
||||||
$delete_sql = mysqli_query($mysqli, "DELETE FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
|
$delete_sql = mysqli_query($mysqli, "DELETE FROM contacts WHERE contact_id = $contact_id AND contact_client_id = $client_id AND company_id = '$company_id' LIMIT 1");
|
||||||
|
|
||||||
// Check delete & get affected rows
|
// Check delete & get affected rows
|
||||||
if($delete_sql && !empty($contact_name)){
|
if ($delete_sql && !empty($contact_name)) {
|
||||||
$delete_count = mysqli_affected_rows($mysqli);
|
$delete_count = mysqli_affected_rows($mysqli);
|
||||||
|
|
||||||
//Logging
|
//Logging
|
||||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Deleted', log_description = '$contact_name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
|
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Deleted', log_description = '$contact_name via API ($api_key_name)', log_ip = '$ip', log_client_id = $client_id, company_id = $company_id");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Output
|
// Output
|
||||||
include('../delete_output.php');
|
require_once('../delete_output.php');
|
||||||
@@ -1,24 +1,24 @@
|
|||||||
<?php
|
<?php
|
||||||
require('../validate_api_key.php');
|
|
||||||
|
|
||||||
require('../require_get_method.php');
|
require_once('../validate_api_key.php');
|
||||||
|
require_once('../require_get_method.php');
|
||||||
|
|
||||||
// Specific contact via ID (single)
|
// Specific contact via ID (single)
|
||||||
if(isset($_GET['contact_id'])){
|
if (isset($_GET['contact_id'])) {
|
||||||
$id = intval($_GET['contact_id']);
|
$id = intval($_GET['contact_id']);
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$id' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_id = '$id' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Specific contact via email (single)
|
// Specific contact via email (single)
|
||||||
elseif(isset($_GET['contact_email'])){
|
elseif (isset($_GET['contact_email'])) {
|
||||||
$email = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['contact_email'])));
|
$email = trim(strip_tags(mysqli_real_escape_string($mysqli, $_GET['contact_email'])));
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_email = '$email' AND contact_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||||
}
|
}
|
||||||
|
|
||||||
// All contacts
|
// All contacts
|
||||||
else{
|
else {
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY contact_id LIMIT $limit OFFSET $offset");
|
$sql = mysqli_query($mysqli, "SELECT * FROM contacts WHERE contact_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY contact_id LIMIT $limit OFFSET $offset");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Output
|
// Output
|
||||||
include("../read_output.php");
|
require_once("../read_output.php");
|
||||||
@@ -1,28 +1,28 @@
|
|||||||
<?php
|
<?php
|
||||||
require('../validate_api_key.php');
|
|
||||||
|
|
||||||
require('../require_post_method.php');
|
require_once('../validate_api_key.php');
|
||||||
|
require_once('../require_post_method.php');
|
||||||
|
|
||||||
// Parse Info
|
// Parse Info
|
||||||
$contact_id = intval($_POST['contact_id']);
|
$contact_id = intval($_POST['contact_id']);
|
||||||
include('contact_model.php');
|
require_once('contact_model.php');
|
||||||
|
|
||||||
// Default
|
// Default
|
||||||
$update_count = FALSE;
|
$update_count = FALSE;
|
||||||
|
|
||||||
if(!empty($name) && !empty($email)){
|
if (!empty($name) && !empty($email)) {
|
||||||
|
|
||||||
$update_sql = mysqli_query($mysqli,"UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_updated_at = NOW(), contact_department_id = $department, contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id WHERE contact_id = $contact_id LIMIT 1");
|
$update_sql = mysqli_query($mysqli, "UPDATE contacts SET contact_name = '$name', contact_title = '$title', contact_phone = '$phone', contact_extension = '$extension', contact_mobile = '$mobile', contact_email = '$email', contact_notes = '$notes', contact_auth_method = '$auth_method', contact_updated_at = NOW(), contact_department_id = $department, contact_location_id = $location_id, contact_client_id = $client_id, company_id = $company_id WHERE contact_id = $contact_id LIMIT 1");
|
||||||
|
|
||||||
// Check insert & get insert ID
|
// Check insert & get insert ID
|
||||||
if($update_sql){
|
if ($update_sql) {
|
||||||
$update_count = mysqli_affected_rows($mysqli);
|
$update_count = mysqli_affected_rows($mysqli);
|
||||||
|
|
||||||
//Logging
|
//Logging
|
||||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Contact', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
|
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'Contact', log_action = 'Updated', log_description = '$name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
|
||||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
|
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Success', log_description = 'Updated contact $name via API ($api_key_name)', log_ip = '$ip', log_created_at = NOW(), log_client_id = $client_id, company_id = $company_id");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// Output
|
// Output
|
||||||
include('../update_output.php');
|
require_once('../update_output.php');
|
||||||
@@ -7,19 +7,19 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
// Check if the insert query was successful
|
// Check if the insert query was successful
|
||||||
if(isset($insert_id) && is_numeric($insert_id)){
|
if (isset($insert_id) && is_numeric($insert_id)) {
|
||||||
// Insert successful
|
// Insert successful
|
||||||
$return_arr['success'] = "True";
|
$return_arr['success'] = "True";
|
||||||
$return_arr['count'] = '1';
|
$return_arr['count'] = '1';
|
||||||
$return_arr['data'][] = [
|
$return_arr['data'][] = [
|
||||||
'insert_id' => $insert_id
|
'insert_id' => $insert_id
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
||||||
// Query returned false: something went wrong, or it was declined due to required variables missing
|
// Query returned false: something went wrong, or it was declined due to required variables missing
|
||||||
else{
|
else {
|
||||||
$return_arr['success'] = "False";
|
$return_arr['success'] = "False";
|
||||||
$return_arr['message'] = "Auth success but insert query failed, ensure ALL required variables are provided (and aren't duplicates where applicable) and database schema is up-to-date. Turn on error logging and look for 'undefined index'.";
|
$return_arr['message'] = "Auth success but insert query failed, ensure ALL required variables are provided (and aren't duplicates where applicable) and database schema is up-to-date. Turn on error logging and look for 'undefined index'.";
|
||||||
}
|
}
|
||||||
|
|
||||||
echo json_encode($return_arr);
|
echo json_encode($return_arr);
|
||||||
|
|||||||
@@ -7,16 +7,16 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
// Check if delete query was successful
|
// Check if delete query was successful
|
||||||
if(isset($delete_count) && is_numeric($delete_count) && $delete_count > 0){
|
if (isset($delete_count) && is_numeric($delete_count) && $delete_count > 0) {
|
||||||
// Delete was successful
|
// Delete was successful
|
||||||
$return_arr['success'] = "True";
|
$return_arr['success'] = "True";
|
||||||
$return_arr['count'] = $delete_count;
|
$return_arr['count'] = $delete_count;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Delete query returned false: something went wrong, or it was declined due to required variables missing
|
// Delete query returned false: something went wrong, or it was declined due to required variables missing
|
||||||
else{
|
else {
|
||||||
$return_arr['success'] = "False";
|
$return_arr['success'] = "False";
|
||||||
$return_arr['message'] = "Auth success but delete query failed. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: asset/client/company ID mismatch.";
|
$return_arr['message'] = "Auth success but delete query failed. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: asset/client/company ID mismatch.";
|
||||||
}
|
}
|
||||||
|
|
||||||
echo json_encode($return_arr);
|
echo json_encode($return_arr);
|
||||||
|
|||||||
@@ -1,30 +1,30 @@
|
|||||||
<?php
|
<?php
|
||||||
require('../validate_api_key.php');
|
|
||||||
|
|
||||||
require('../require_get_method.php');
|
require_once('../validate_api_key.php');
|
||||||
|
require_once('../require_get_method.php');
|
||||||
|
|
||||||
// Specific domain via ID (single)
|
// Specific domain via ID (single)
|
||||||
if(isset($_GET['domain_id'])){
|
if (isset($_GET['domain_id'])) {
|
||||||
$id = intval($_GET['domain_id']);
|
$id = intval($_GET['domain_id']);
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = '$id' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_id = '$id' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Domain by name
|
// Domain by name
|
||||||
elseif(isset($_GET['domain_name'])){
|
elseif (isset($_GET['domain_name'])) {
|
||||||
$name = mysqli_real_escape_string($mysqli,$_GET['domain_name']);
|
$name = mysqli_real_escape_string($mysqli, $_GET['domain_name']);
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_name = '$name' AND domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Domain via client ID (if allowed)
|
// Domain via client ID (if allowed)
|
||||||
elseif(isset($_GET['client_id']) && $client_id == "%"){
|
elseif (isset($_GET['client_id']) && $client_id == "%") {
|
||||||
$client_id = intval($_GET['client_id']);
|
$client_id = intval($_GET['client_id']);
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
|
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
|
||||||
}
|
}
|
||||||
|
|
||||||
// All domains
|
// All domains
|
||||||
else{
|
else {
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
|
$sql = mysqli_query($mysqli, "SELECT * FROM domains WHERE domain_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY domain_id LIMIT $limit OFFSET $offset");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Output
|
// Output
|
||||||
include("../read_output.php");
|
require_once("../read_output.php");
|
||||||
@@ -1,30 +1,30 @@
|
|||||||
<?php
|
<?php
|
||||||
require('../validate_api_key.php');
|
|
||||||
|
|
||||||
require('../require_get_method.php');
|
require_once('../validate_api_key.php');
|
||||||
|
require_once('../require_get_method.php');
|
||||||
|
|
||||||
// Specific network via ID (single)
|
// Specific network via ID (single)
|
||||||
if(isset($_GET['network_id'])){
|
if (isset($_GET['network_id'])) {
|
||||||
$id = intval($_GET['network_id']);
|
$id = intval($_GET['network_id']);
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = '$id' AND network_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_id = '$id' AND network_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Network by name
|
// Network by name
|
||||||
elseif(isset($_GET['network_name'])){
|
elseif (isset($_GET['network_name'])) {
|
||||||
$name = mysqli_real_escape_string($mysqli,$_GET['network_name']);
|
$name = mysqli_real_escape_string($mysqli, $_GET['network_name']);
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_name = '$name' AND network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
|
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_name = '$name' AND network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Network via client ID (if allowed)
|
// Network via client ID (if allowed)
|
||||||
elseif(isset($_GET['client_id']) && $client_id == "%"){
|
elseif (isset($_GET['client_id']) && $client_id == "%") {
|
||||||
$client_id = intval($_GET['client_id']);
|
$client_id = intval($_GET['client_id']);
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
|
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
|
||||||
}
|
}
|
||||||
|
|
||||||
// All networks
|
// All networks
|
||||||
else{
|
else {
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
|
$sql = mysqli_query($mysqli, "SELECT * FROM networks WHERE network_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY network_id LIMIT $limit OFFSET $offset");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Output
|
// Output
|
||||||
include("../read_output.php");
|
require_once("../read_output.php");
|
||||||
@@ -6,21 +6,21 @@
|
|||||||
* Returns success & data messages
|
* Returns success & data messages
|
||||||
*/
|
*/
|
||||||
|
|
||||||
if($sql && mysqli_num_rows($sql) > 0){
|
if ($sql && mysqli_num_rows($sql) > 0) {
|
||||||
$return_arr['success'] = "True";
|
$return_arr['success'] = "True";
|
||||||
$return_arr['count'] = mysqli_num_rows($sql);
|
$return_arr['count'] = mysqli_num_rows($sql);
|
||||||
|
|
||||||
$row = array();
|
$row = array();
|
||||||
while($row = mysqli_fetch_array($sql)){
|
while ($row = mysqli_fetch_array($sql)) {
|
||||||
$return_arr['data'][] = $row;
|
$return_arr['data'][] = $row;
|
||||||
}
|
}
|
||||||
|
|
||||||
echo json_encode($return_arr);
|
echo json_encode($return_arr);
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
else{
|
else {
|
||||||
$return_arr['success'] = "False";
|
$return_arr['success'] = "False";
|
||||||
$return_arr['message'] = "No resource (for this client and company) with the specified parameter(s).";
|
$return_arr['message'] = "No resource (for this client and company) with the specified parameter(s).";
|
||||||
echo json_encode($return_arr);
|
echo json_encode($return_arr);
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
@@ -1,13 +1,13 @@
|
|||||||
<?php
|
<?php
|
||||||
if($_SERVER['REQUEST_METHOD'] !== "GET"){
|
if ($_SERVER['REQUEST_METHOD'] !== "GET") {
|
||||||
header("HTTP/1.1 405 Method Not Allowed");
|
header("HTTP/1.1 405 Method Not Allowed");
|
||||||
$return_arr['success'] = "False";
|
$return_arr['success'] = "False";
|
||||||
$return_arr['message'] = "Can only send GET requests to this endpoint.";
|
$return_arr['message'] = "Can only send GET requests to this endpoint.";
|
||||||
echo json_encode($return_arr);
|
echo json_encode($return_arr);
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
// Wildcard client ID for most SELECT queries
|
// Wildcard client ID for most SELECT queries
|
||||||
if($client_id == 0){
|
if ($client_id == 0) {
|
||||||
$client_id = "%";
|
$client_id = "%";
|
||||||
}
|
}
|
||||||
@@ -1,14 +1,14 @@
|
|||||||
<?php
|
<?php
|
||||||
if($_SERVER['REQUEST_METHOD'] !== "POST"){
|
if ($_SERVER['REQUEST_METHOD'] !== "POST") {
|
||||||
header("HTTP/1.1 405 Method Not Allowed");
|
header("HTTP/1.1 405 Method Not Allowed");
|
||||||
$return_arr['success'] = "False";
|
$return_arr['success'] = "False";
|
||||||
$return_arr['message'] = "Can only send POST requests to this endpoint.";
|
$return_arr['message'] = "Can only send POST requests to this endpoint.";
|
||||||
echo json_encode($return_arr);
|
echo json_encode($return_arr);
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
// Client ID must be specific for INSERT/UPDATE/DELETE queries
|
// Client ID must be specific for INSERT/UPDATE/DELETE queries
|
||||||
// If this API key allows any client, set $client_id to the one specified, else leave it
|
// If this API key allows any client, set $client_id to the one specified, else leave it
|
||||||
if($client_id == 0){
|
if ($client_id == 0) {
|
||||||
$client_id = intval($_POST['client_id']);
|
$client_id = intval($_POST['client_id']);
|
||||||
}
|
}
|
||||||
@@ -1,42 +1,42 @@
|
|||||||
<?php
|
<?php
|
||||||
require('../validate_api_key.php');
|
|
||||||
|
|
||||||
require('../require_get_method.php');
|
require_once('../validate_api_key.php');
|
||||||
|
require_once('../require_get_method.php');
|
||||||
|
|
||||||
// Specific software via ID (single)
|
// Specific software via ID (single)
|
||||||
if(isset($_GET['software_id'])){
|
if (isset($_GET['software_id'])) {
|
||||||
$id = intval($_GET['software_id']);
|
$id = intval($_GET['software_id']);
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$id' AND software_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_id = '$id' AND software_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Specific software via License ID
|
// Specific software via License ID
|
||||||
if(isset($_GET['software_license'])){
|
if (isset($_GET['software_license'])) {
|
||||||
$license = mysqli_real_escape_string($mysqli,$_GET['software_license']);
|
$license = mysqli_real_escape_string($mysqli, $_GET['software_license']);
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_license_type = '$license' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
|
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_license_type = '$license' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Software by name
|
// Software by name
|
||||||
elseif(isset($_GET['software_name'])){
|
elseif (isset($_GET['software_name'])) {
|
||||||
$name = mysqli_real_escape_string($mysqli,$_GET['software_name']);
|
$name = mysqli_real_escape_string($mysqli, $_GET['software_name']);
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_name = '$name' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_name = '$name' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY asset_id LIMIT $limit OFFSET $offset");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Software via type
|
// Software via type
|
||||||
elseif(isset($_GET['software_type'])){
|
elseif (isset($_GET['software_type'])) {
|
||||||
$type = intval($_GET['software_type']);
|
$type = intval($_GET['software_type']);
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_type = '$type' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
|
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_type = '$type' AND software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Software via client ID (if allowed)
|
// Software via client ID (if allowed)
|
||||||
elseif(isset($_GET['client_id']) && $client_id == "%"){
|
elseif (isset($_GET['client_id']) && $client_id == "%") {
|
||||||
$client_id = intval($_GET['client_id']);
|
$client_id = intval($_GET['client_id']);
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
|
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
|
||||||
}
|
}
|
||||||
|
|
||||||
// All software(s)
|
// All software(s)
|
||||||
else{
|
else {
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
|
$sql = mysqli_query($mysqli, "SELECT * FROM software WHERE software_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY software_id LIMIT $limit OFFSET $offset");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Output
|
// Output
|
||||||
include("../read_output.php");
|
require_once("../read_output.php");
|
||||||
@@ -1,18 +1,18 @@
|
|||||||
<?php
|
<?php
|
||||||
require('../validate_api_key.php');
|
|
||||||
|
|
||||||
require('../require_get_method.php');
|
require_once('../validate_api_key.php');
|
||||||
|
require_once('../require_get_method.php');
|
||||||
|
|
||||||
// Specific ticket via ID (single)
|
// Specific ticket via ID (single)
|
||||||
if(isset($_GET['ticket_id'])){
|
if (isset($_GET['ticket_id'])) {
|
||||||
$id = intval($_GET['ticket_id']);
|
$id = intval($_GET['ticket_id']);
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$id' AND ticket_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_id = '$id' AND ticket_client_id LIKE '$client_id' AND company_id = '$company_id'");
|
||||||
}
|
}
|
||||||
|
|
||||||
// All tickets
|
// All tickets
|
||||||
else{
|
else {
|
||||||
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset");
|
$sql = mysqli_query($mysqli, "SELECT * FROM tickets WHERE ticket_client_id LIKE '$client_id' AND company_id = '$company_id' ORDER BY ticket_id LIMIT $limit OFFSET $offset");
|
||||||
}
|
}
|
||||||
|
|
||||||
// Output
|
// Output
|
||||||
include("../read_output.php");
|
require_once("../read_output.php");
|
||||||
@@ -7,16 +7,16 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
// Check if the insert query was successful
|
// Check if the insert query was successful
|
||||||
if(isset($update_count) && is_numeric($update_count) && $update_count > 0){
|
if (isset($update_count) && is_numeric($update_count) && $update_count > 0) {
|
||||||
// Insert successful
|
// Insert successful
|
||||||
$return_arr['success'] = "True";
|
$return_arr['success'] = "True";
|
||||||
$return_arr['count'] = $update_count;
|
$return_arr['count'] = $update_count;
|
||||||
}
|
}
|
||||||
|
|
||||||
// Query returned false: something went wrong, or it was declined due to required variables missing
|
// Query returned false: something went wrong, or it was declined due to required variables missing
|
||||||
else{
|
else {
|
||||||
$return_arr['success'] = "False";
|
$return_arr['success'] = "False";
|
||||||
$return_arr['message'] = "Auth success but update query failed/returned no results. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: non-existent module ID (contact ID/ticket ID/etc)";
|
$return_arr['message'] = "Auth success but update query failed/returned no results. Ensure ALL required variables are provided and database schema is up-to-date. Most likely cause: non-existent module ID (contact ID/ticket ID/etc)";
|
||||||
}
|
}
|
||||||
|
|
||||||
echo json_encode($return_arr);
|
echo json_encode($return_arr);
|
||||||
|
|||||||
@@ -7,8 +7,8 @@
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
// Includes
|
// Includes
|
||||||
include( __DIR__ . '../../../functions.php');
|
require_once( __DIR__ . '../../../functions.php');
|
||||||
include(__DIR__ . "../../../config.php");
|
require_once(__DIR__ . "../../../config.php");
|
||||||
|
|
||||||
// JSON header
|
// JSON header
|
||||||
header('Content-Type: application/json');
|
header('Content-Type: application/json');
|
||||||
@@ -17,9 +17,9 @@ header('Content-Type: application/json');
|
|||||||
$_POST = json_decode(file_get_contents('php://input'), true);
|
$_POST = json_decode(file_get_contents('php://input'), true);
|
||||||
|
|
||||||
// Get user IP
|
// Get user IP
|
||||||
$ip = strip_tags(mysqli_real_escape_string($mysqli,get_ip()));
|
$ip = strip_tags(mysqli_real_escape_string($mysqli, get_ip()));
|
||||||
// Get user agent
|
// Get user agent
|
||||||
$user_agent = strip_tags(mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']));
|
$user_agent = strip_tags(mysqli_real_escape_string($mysqli, $_SERVER['HTTP_USER_AGENT']));
|
||||||
|
|
||||||
// Setup return array
|
// Setup return array
|
||||||
$return_arr = array();
|
$return_arr = array();
|
||||||
@@ -43,75 +43,75 @@ DEFINE("WORDING_UNAUTHORIZED", "HTTP/1.1 401 Unauthorized");
|
|||||||
*/
|
*/
|
||||||
|
|
||||||
// Decline methods other than GET/POST
|
// Decline methods other than GET/POST
|
||||||
if($_SERVER['REQUEST_METHOD'] !== "GET" && $_SERVER['REQUEST_METHOD'] !== "POST"){
|
if ($_SERVER['REQUEST_METHOD'] !== "GET" && $_SERVER['REQUEST_METHOD'] !== "POST") {
|
||||||
header("HTTP/1.1 405 Method Not Allowed");
|
header("HTTP/1.1 405 Method Not Allowed");
|
||||||
var_dump($_SERVER['REQUEST_METHOD']);
|
var_dump($_SERVER['REQUEST_METHOD']);
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
// Check API key is provided
|
// Check API key is provided
|
||||||
if(!isset($_GET['api_key']) && !isset($_POST['api_key'])){
|
if (!isset($_GET['api_key']) && !isset($_POST['api_key'])) {
|
||||||
header(WORDING_UNAUTHORIZED);
|
header(WORDING_UNAUTHORIZED);
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
// Set API key variable
|
// Set API key variable
|
||||||
if(isset($_GET['api_key'])){
|
if (isset($_GET['api_key'])) {
|
||||||
$api_key = $_GET['api_key'];
|
$api_key = $_GET['api_key'];
|
||||||
}
|
}
|
||||||
if(isset($_POST['api_key'])){
|
if (isset($_POST['api_key'])) {
|
||||||
$api_key = $_POST['api_key'];
|
$api_key = $_POST['api_key'];
|
||||||
}
|
}
|
||||||
|
|
||||||
// Validate API key
|
// Validate API key
|
||||||
if(isset($api_key)){
|
if (isset($api_key)) {
|
||||||
$api_key = mysqli_real_escape_string($mysqli,$api_key);
|
$api_key = mysqli_real_escape_string($mysqli, $api_key);
|
||||||
|
|
||||||
$sql = mysqli_query($mysqli,"SELECT * FROM api_keys WHERE api_key_secret = '$api_key' AND api_key_expire > NOW() LIMIT 1");
|
$sql = mysqli_query($mysqli, "SELECT * FROM api_keys WHERE api_key_secret = '$api_key' AND api_key_expire > NOW() LIMIT 1");
|
||||||
|
|
||||||
// Failed
|
// Failed
|
||||||
if(mysqli_num_rows($sql) !== 1){
|
if (mysqli_num_rows($sql) !== 1) {
|
||||||
// Invalid Key
|
// Invalid Key
|
||||||
header(WORDING_UNAUTHORIZED);
|
header(WORDING_UNAUTHORIZED);
|
||||||
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired Key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
|
mysqli_query($mysqli, "INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired Key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
|
||||||
|
|
||||||
$return_arr['success'] = "False";
|
$return_arr['success'] = "False";
|
||||||
$return_arr['message'] = "API Key authentication failure or expired.";
|
$return_arr['message'] = "API Key authentication failure or expired.";
|
||||||
|
|
||||||
header(WORDING_UNAUTHORIZED);
|
header(WORDING_UNAUTHORIZED);
|
||||||
echo json_encode($return_arr);
|
echo json_encode($return_arr);
|
||||||
exit();
|
exit();
|
||||||
}
|
|
||||||
|
|
||||||
// Success
|
|
||||||
else{
|
|
||||||
|
|
||||||
// Set client ID, company ID & key name
|
|
||||||
$row = mysqli_fetch_array($sql);
|
|
||||||
$api_key_name = $row['api_key_name'];
|
|
||||||
$client_id = $row['api_key_client_id'];
|
|
||||||
$company_id = $row['company_id'];
|
|
||||||
|
|
||||||
// Set limit & offset for queries
|
|
||||||
if(isset($_GET['limit'])){
|
|
||||||
$limit = intval($_GET['limit']);
|
|
||||||
}
|
|
||||||
elseif(isset($_POST['limit'])){
|
|
||||||
$limit = intval($_POST['limit']);
|
|
||||||
}
|
|
||||||
else{
|
|
||||||
$limit = 50;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if(isset($_GET['offset'])){
|
// Success
|
||||||
$offset = intval($_GET['offset']);
|
else {
|
||||||
}
|
|
||||||
elseif(isset($_POST['offset'])){
|
|
||||||
$offset = intval($_POST['offset']);
|
|
||||||
}
|
|
||||||
else{
|
|
||||||
$offset = 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
// Set client ID, company ID & key name
|
||||||
|
$row = mysqli_fetch_array($sql);
|
||||||
|
$api_key_name = $row['api_key_name'];
|
||||||
|
$client_id = $row['api_key_client_id'];
|
||||||
|
$company_id = $row['company_id'];
|
||||||
|
|
||||||
|
// Set limit & offset for queries
|
||||||
|
if (isset($_GET['limit'])) {
|
||||||
|
$limit = intval($_GET['limit']);
|
||||||
|
}
|
||||||
|
elseif (isset($_POST['limit'])) {
|
||||||
|
$limit = intval($_POST['limit']);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$limit = 50;
|
||||||
|
}
|
||||||
|
|
||||||
|
if (isset($_GET['offset'])) {
|
||||||
|
$offset = intval($_GET['offset']);
|
||||||
|
}
|
||||||
|
elseif (isset($_POST['offset'])) {
|
||||||
|
$offset = intval($_POST['offset']);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$offset = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
}
|
}
|
||||||
Reference in New Issue
Block a user