From 190cd221a9fc4d855e308e1f180bf5856f722df9 Mon Sep 17 00:00:00 2001
From: Skylar <admin@netsyms.com>
Date: Wed, 18 May 2016 16:51:56 -0600
Subject: [PATCH] Add more fields, add create capability

---
 getlocation.php | 22 +++++++++++-----------
 getmodel.php    | 26 ++++++++++++++++++++++++++
 getstatus.php   | 20 ++++++++++----------
 required.php    | 11 ++++++-----
 updateitem.php  | 22 ++++++++++++++++------
 5 files changed, 69 insertions(+), 32 deletions(-)
 create mode 100644 getmodel.php

diff --git a/getlocation.php b/getlocation.php
index c4ad758..f97a612 100644
--- a/getlocation.php
+++ b/getlocation.php
@@ -7,21 +7,21 @@ $from = $_GET['from'];
 require 'readfrom.php';
 
 $id = $_GET['id'];
-if (is_empty($id)) {
-    sendError('Missing item ID!');
-}
-$loc;
-if ($from == 'assets') {
-    $loc = $database->select($from, 'rtd_location_id', ['id' => $id])[0];
+if (is_empty($id) || $id == 0 || $id == null) {
+    $loc = '0';
 } else {
-    $loc = $database->select($from, 'location_id', ['id' => $id])[0];
-}
+    if ($from == 'assets') {
+        $loc = $database->select($from, 'rtd_location_id', ['id' => $id])[0];
+    } else {
+        $loc = $database->select($from, 'location_id', ['id' => $id])[0];
+    }
 
-if ($loc == null) {
-    $loc = 0;
+    if ($loc == null) {
+        $loc = 0;
+    }
 }
 
 $list = $database->select('locations', ['id', 'name']);
 array_unshift($list, ['id' => "0", name => "None/Other"]);
 
-die(json_encode(['status' => 'OK', 'location' => $loc, 'list' => $list]));
\ No newline at end of file
+die(json_encode(['status' => 'OK', 'location' => $loc, 'list' => $list]));
diff --git a/getmodel.php b/getmodel.php
new file mode 100644
index 0000000..34d15bc
--- /dev/null
+++ b/getmodel.php
@@ -0,0 +1,26 @@
+<?php
+
+require 'required.php';
+//require 'dieifnotloggedin.php';
+
+$from = $_GET['from'];
+require 'readfrom.php';
+
+$id = $_GET['id'];
+if (is_empty($id) || $id == 0 || $id == null) {
+    $model = '0';
+} else {
+    if ($from == 'assets') {
+        $model = $database->select($from, 'model_id', ['id' => $id])[0];
+    } else {
+        sendError("Command only valid for assets.");
+    }
+
+    if ($model == null) {
+        $model = 0;
+    }
+}
+
+$list = $database->select('models', ['id', 'name']);
+
+die(json_encode(['status' => 'OK', 'model' => $model, 'list' => $list]));
diff --git a/getstatus.php b/getstatus.php
index c2cc6c7..6eb2ad2 100644
--- a/getstatus.php
+++ b/getstatus.php
@@ -7,18 +7,18 @@ $from = $_GET['from'];
 require 'readfrom.php';
 
 $id = $_GET['id'];
-if (is_empty($id)) {
-    sendError('Missing item ID!');
-}
-$status;
-if ($from == 'assets') {
-    $status = $database->select($from, 'status_id', ['id' => $id])[0];
+if (is_empty($id) || $id == 0 || $id == null) {
+    $status = '0';
 } else {
-    sendError("Command only valid for assets.");
-}
+    if ($from == 'assets') {
+        $status = $database->select($from, 'status_id', ['id' => $id])[0];
+    } else {
+        sendError("Command only valid for assets.");
+    }
 
-if ($status == null) {
-    $status = 0;
+    if ($status == null) {
+        $status = 0;
+    }
 }
 
 $list = $database->select('status_labels', ['id', 'name', 'notes']);
diff --git a/required.php b/required.php
index 5975e61..4ed4aca 100644
--- a/required.php
+++ b/required.php
@@ -39,11 +39,12 @@ function authenticate_user($username, $password) {
     global $database;
     $qf = 'username';
     if (!username_exists($username)) {
-        if (!email_exists($username)) {
-            return false;
-        } else {
-            $qf = 'email';
-        }
+//        if (!email_exists($username)) {
+//            return false;
+//        } else {
+//            $qf = 'email';
+//        }
+        return false;
     }
     $hash = $database->select('users', ['password'], [$qf => $username])[0]['password'];
     return (password_verify($password, $hash));
diff --git a/updateitem.php b/updateitem.php
index 0366da3..1380e3e 100644
--- a/updateitem.php
+++ b/updateitem.php
@@ -7,13 +7,23 @@ $from = $_POST['from'];
 require 'readfrom.php';
 
 $id = $_POST['id'];
-if (is_empty($id)) {
-    sendError('Missing item ID!');
+if (is_empty($_POST['asset_tag'])) {
+    sendError('Please fill in an asset tag.');
 }
-if ($from == 'assets') {
-    $database->update($from, ['name' => $_POST['name'], 'rtd_location_id' => $_POST['location'], 'order_number' => $_POST['order_number'], 'status_id' => $_POST['status']], ['id' => $id]);
+
+if (is_empty($id)) {
+    if ($from == 'assets') {
+        $user_id = $database->select('users', 'id', ['username' => $_SESSION['user']])[0];
+        $database->insert($from, ['name' => $_POST['name'], 'user_id' => $user_id, 'asset_tag' => $_POST['asset_tag'], 'rtd_location_id' => $_POST['location'], 'order_number' => $_POST['order_number'], 'status_id' => $_POST['status'], 'serial' => $_POST['serial'], 'model_id' => $_POST['model'], '#updated_at' => 'NOW()', '#created_at' => 'NOW()', '_snipeit_hard_drive_secure__y_n_' => $_POST['hdd_secure']]);
+    } else {
+        $database->insert($from, ['name' => $_POST['name'], 'location_id' => $_POST['location'], 'qty' => $_POST['qty'], 'order_number' => $_POST['order_number'], '#updated_at' => 'NOW()', '#created_at' => 'NOW()']);
+    }
 } else {
-    $database->update($from, ['name' => $_POST['name'], 'location_id' => $_POST['location'], 'qty' => $_POST['qty'], 'order_number' => $_POST['order_number']], ['id' => $id]);
-}
 
+    if ($from == 'assets') {
+        $database->update($from, ['name' => $_POST['name'], 'asset_tag' => $_POST['asset_tag'], 'rtd_location_id' => $_POST['location'], 'order_number' => $_POST['order_number'], 'status_id' => $_POST['status'], 'serial' => $_POST['serial'], 'model_id' => $_POST['model'], '#updated_at' => 'NOW()', '_snipeit_hard_drive_secure__y_n_' => $_POST['hdd_secure']], ['id' => $id]);
+    } else {
+        $database->update($from, ['name' => $_POST['name'], 'location_id' => $_POST['location'], 'qty' => $_POST['qty'], 'order_number' => $_POST['order_number'], '#updated_at' => 'NOW()'], ['id' => $id]);
+    }
+}
 sendOK();