NOW()"); if(mysqli_num_rows($sql) != 1){ // Invalid Key header("HTTP/1.1 401 Unauthorized"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()"); echo "Incorrect or expired API Key."; exit(); } // API Key is valid. $row = mysqli_fetch_array($sql); $company_id = $row['company_id']; if(isset($_GET['cid'])){ $cid = intval($_GET['cid']); $sql = mysqli_query($mysqli,"SELECT contact_name AS name FROM contacts WHERE contact_phone = $cid AND company_id = $company_id UNION SELECT contact_name AS name FROM contacts WHERE contact_mobile = $cid AND company_id = $company_id UNION SELECT location_name AS name FROM locations WHERE location_phone = $cid AND company_id = $company_id UNION SELECT vendor_name AS name FROM vendors WHERE vendor_phone = $cid AND company_id = $company_id"); $row = mysqli_fetch_array($sql); $name = $row['name']; echo "$name - $cid"; //Alert when call comes through mysqli_query($mysqli,"INSERT INTO alerts SET alert_type = 'Inbound Call', alert_message = 'Inbound call from $name - $cid', alert_date = NOW(), company_id = $company_id"); //Log When call comes through mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Call', log_action = 'Inbound', log_description = 'Inbound call from $name - $cid', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), company_id = $company_id"); } if(isset($_GET['incoming_call'])){ mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'call', log_description = 'incoming', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), company_id = $company_id"); } if(isset($_GET['primary_contact_numbers'])){ $sql = mysqli_query($mysqli,"SELECT * FROM clients LEFT JOIN contacts ON clients.primary_contact = contacts.contact_id WHERE clients.company_id = $company_id"); while($row = mysqli_fetch_array($sql)){ $client_name = $row['client_name']; $contact_name = $row['contact_name']; $contact_phone = $row['contact_phone']; $contact_mobile = $row['contact_mobile']; echo "$client_name - $contact_name - $contact_phone - $contact_mobile
"; } //Log mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Client Numbers', log_description = 'Client Phone Numbers were pulled', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), company_id = $company_id"); } if(isset($_GET['phonebook'])){ header('Content-type: text/xml'); header('Pragma: public'); header('Cache-control: private'); header('Expires: -1'); echo ""; echo ''; $sql = mysqli_query($mysqli,"SELECT * FROM clients LEFT JOIN contacts ON clients.primary_contact = contacts.contact_id WHERE clients.company_id = $company_id"); while($row = mysqli_fetch_array($sql)){ $client_name = $row['client_name']; $contact_name = $row['contact_name']; $contact_phone = $row['contact_phone']; $contact_mobile = $row['contact_mobile']; ?> 0 1 '; //Log mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Phonebook', log_description = 'XML Phonebook Downloaded', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), company_id = $company_id"); } if(isset($_GET['primary_contact_emails'])){ $sql = mysqli_query($mysqli,"SELECT * FROM clients LEFT JOIN contacts ON clients.primary_contact = contacts.contact_id WHERE clients.company_id = $company_id"); while($row = mysqli_fetch_array($sql)){ $client_name = $row['client_name']; $contact_name = $row['contact_name']; $contact_email = $row['contact_email']; echo "$client_name - $contact_name - $contact_email
"; } //Log mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Client Emails', log_description = 'Client Emails were pulled', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), company_id = $company_id"); } if(isset($_GET['account_balance'])){ $client_id = intval($_GET['account_balance']); //Add up all the payments for the invoice and get the total amount paid to the invoice $sql_invoice_amounts = mysqli_query($mysqli,"SELECT SUM(invoice_amount) AS invoice_amounts FROM invoices WHERE invoice_client_id = $client_id AND invoice_status NOT LIKE 'Draft' AND invoice_status NOT LIKE 'Cancelled' AND company_id = $company_id"); $row = mysqli_fetch_array($sql_invoice_amounts); $invoice_amounts = $row['invoice_amounts']; $sql_amount_paid = mysqli_query($mysqli,"SELECT SUM(payment_amount) AS amount_paid FROM payments, invoices WHERE payment_invoice_id = invoices.invoice_id AND invoice_client_id = $client_id AND payments.company_id = $company_id"); $row = mysqli_fetch_array($sql_amount_paid); $amount_paid = $row['amount_paid']; $balance = $invoice_amounts - $amount_paid; echo $balance; //Log mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Account Balance', log_description = 'Client $client_id checked their balance which had a balance of $balance', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), company_id = $company_id"); } if(isset($_GET['add_asset']) && isset($_GET['client_id'])) { $client_id = intval($_GET['client_id']); $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['add_asset']))); $type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['type']))); $make = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['make']))); $model = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['model']))); $serial = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['serial']))); $os = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['os']))); // Add mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_created_at = NOW(), asset_client_id = $client_id, company_id = $company_id"); //Logging mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Asset Created', log_description = '$name', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), company_id = $company_id"); echo "Asset added!"; } ?>