ThaMunsta/itflow
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request #249 from wrongecho/api

Browse Source 
API Changes - General refactor & Add asset via API
This commit is contained in:
Johnny
2022-01-07 14:27:24 -05:00
committed by GitHub
parent adf1dbe76e 87faebd90d
commit 5d27a1717b
2 changed files with 202 additions and 176 deletions
Download Patch File Download Diff File Expand all files Collapse all files
README.md
+3 -1
View File
@@ -109,7 +109,9 @@
* XML Phonebook Download - /api.php?api_key=[API_KEY]&phonebook * XML Phonebook Download - /api.php?api_key=[API_KEY]&phonebook
* Client Email (great for mailing lists) - /api.php?api_key=[API_KEY]&client_emails - Returns Client Name - Email Address * Client Email (great for mailing lists) - /api.php?api_key=[API_KEY]&client_emails - Returns Client Name - Email Address
* Account Balance for Client (can be integrated into multiple places for example in FreePBX Press 3 to check account balance, please enter your client ID your balance is) - /api.php?api_key=[API_KEY]&client_id=[CLIENT_ID] - Returns Account Balance * Account Balance for Client (can be integrated into multiple places for example in FreePBX Press 3 to check account balance, please enter your client ID your balance is) - /api.php?api_key=[API_KEY]&client_id=[CLIENT_ID] - Returns Account Balance
NOTE: [API_KEY] - is auto generated when a company is created and shows up in General Settings, this can also be changed manually. * Add new asset for a client - /api.php?api_key=[API_KEY]&add_asset=Name&type=[Desktop|Laptop|Server]&make=Make&model=Model&serial=Serial&os=OS
* Required: api_key, add_asset (name)
* NOTE: [API_KEY] - is auto generated when a company is created and shows up in General Settings, this can also be changed manually.
### Future Todo ### Future Todo
* MeshCentral / TacticalRMM (Export Assets Info to ITFlow, Exports common software applications to Software) * MeshCentral / TacticalRMM (Export Assets Info to ITFlow, Exports common software applications to Software)
api.php
+56 -32
View File
@@ -1,17 +1,35 @@
<?php include("config.php"); ?> <?php include("config.php"); ?>
<?php <?php
//Check Key
if(isset($_GET['api_key'])){
$config_api_key = mysqli_real_escape_string($mysqli,$_GET['api_key']);
$sql = mysqli_query($mysqli,"SELECT * FROM settings, companies WHERE settings.company_id = companies.company_id AND settings.config_api_key = '$config_api_key'"); // Check API key is provided in GET request as 'api_key'
if(!isset($_GET['api_key']) OR empty($_GET['api_key'])) {
// Missing key
header("HTTP/1.1 401 Unauthorized");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'No Key', log_description = 'No API Key specified', log_created_at = NOW()");
if(mysqli_num_rows($sql) == 1){ echo "Missing the API Key.";
$row = mysqli_fetch_array($sql); exit();
$company_id = $row['company_id']; }
if(isset($_GET['cid'])){ // Validate API key from GET request
$config_api_key = mysqli_real_escape_string($mysqli,$_GET['api_key']);
$sql = mysqli_query($mysqli,"SELECT * FROM settings, companies WHERE settings.company_id = companies.company_id AND settings.config_api_key = '$config_api_key'");
if(mysqli_num_rows($sql) != 1){
// Invalid Key
header("HTTP/1.1 401 Unauthorized");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Incorrect Key', log_description = 'Failed', log_created_at = NOW()");
echo "Incorrect API Key.";
exit();
}
// API Key is valid.
$row = mysqli_fetch_array($sql);
$company_id = $row['company_id'];
if(isset($_GET['cid'])){
$cid = intval($_GET['cid']); $cid = intval($_GET['cid']);
@@ -21,20 +39,20 @@ if(isset($_GET['api_key'])){
$name = $row['name']; $name = $row['name'];
echo "$name - $cid"; echo "$name - $cid";
//Alert whern call comes through //Alert when call comes through
mysqli_query($mysqli,"INSERT INTO alerts SET alert_type = 'Inbound Call', alert_message = 'Inbound call from $name - $cid', alert_date = NOW(), company_id = $company_id"); mysqli_query($mysqli,"INSERT INTO alerts SET alert_type = 'Inbound Call', alert_message = 'Inbound call from $name - $cid', alert_date = NOW(), company_id = $company_id");
//Log When call comes through //Log When call comes through
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Call', log_action = 'Inbound', log_description = 'Inbound call from $name - $cid', log_created_at = NOW(), company_id = $company_id"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Call', log_action = 'Inbound', log_description = 'Inbound call from $name - $cid', log_created_at = NOW(), company_id = $company_id");
} }
if(isset($_GET['incoming_call'])){ if(isset($_GET['incoming_call'])){
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'call', log_description = 'incoming', log_created_at = NOW(), company_id = $company_id"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'call', log_description = 'incoming', log_created_at = NOW(), company_id = $company_id");
} }
if(isset($_GET['client_numbers'])){ if(isset($_GET['client_numbers'])){
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $company_id"); $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $company_id");
@@ -48,9 +66,9 @@ if(isset($_GET['api_key'])){
//Log //Log
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Client Numbers', log_description = 'Client Phone Numbers were pulled', log_created_at = NOW(), company_id = $company_id"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Client Numbers', log_description = 'Client Phone Numbers were pulled', log_created_at = NOW(), company_id = $company_id");
} }
if(isset($_GET['phonebook'])){ if(isset($_GET['phonebook'])){
header('Content-type: text/xml'); header('Content-type: text/xml');
header('Pragma: public'); header('Pragma: public');
@@ -124,9 +142,9 @@ if(isset($_GET['api_key'])){
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Phonebook', log_description = 'XML Phonebook Downloaded', log_created_at = NOW(), company_id = $company_id"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Phonebook', log_description = 'XML Phonebook Downloaded', log_created_at = NOW(), company_id = $company_id");
} }
if(isset($_GET['client_emails'])){ if(isset($_GET['client_emails'])){
$sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $company_id"); $sql = mysqli_query($mysqli,"SELECT * FROM clients WHERE company_id = $company_id");
@@ -141,9 +159,9 @@ if(isset($_GET['api_key'])){
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Client Emails', log_description = 'Client Emails were pulled', log_created_at = NOW(), company_id = $company_id"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Client Emails', log_description = 'Client Emails were pulled', log_created_at = NOW(), company_id = $company_id");
} }
if(isset($_GET['account_balance'])){ if(isset($_GET['account_balance'])){
$client_id = intval($_GET['account_balance']); $client_id = intval($_GET['account_balance']);
@@ -165,19 +183,25 @@ if(isset($_GET['api_key'])){
//Log //Log
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Account Balance', log_description = 'Client $client_id checked their balance which had a balance of $balance', log_created_at = NOW(), company_id = $company_id"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Account Balance', log_description = 'Client $client_id checked their balance which had a balance of $balance', log_created_at = NOW(), company_id = $company_id");
}
}else{
echo "Incorrect API Key";
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Incorrect Key', log_description = 'Failed', log_created_at = NOW()");
}
}else{
echo "Missing the API Key";
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'No Key', log_description = 'No API Key specified', log_created_at = NOW()");
} }
if(isset($_GET['add_asset']) && isset($_GET['client_id'])) {
$client_id = intval($_GET['client_id']);
$name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['add_asset'])));
$type = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['type'])));
$make = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['make'])));
$model = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['model'])));
$serial = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['serial'])));
$os = trim(strip_tags(mysqli_real_escape_string($mysqli,$_GET['os'])));
// Add
mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_created_at = NOW(), asset_client_id = $client_id, company_id = $company_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Asset Created', log_description = '$name', log_created_at = NOW(), company_id = $company_id");
echo "Asset added!";
}
?> ?>