Improved Security & New Features

Improved API Security
Improved Code Overall
Changed Class Names

ost_wbs/classes/class.helper.php

@@ -0,0 +1,40 @@
+<?php
+class Helper 
+{
+    // Check Tickets Status
+    public function checkTicketStatus($ticketstatus)
+    {
+        // Map array to check if status is available
+        $NAcceptedTicketStatus = array_map(function($ticketstatus){
+            return (string) $ticketstatus;
+        }, ATSTATUS);
+
+        // then use in array
+        if(!in_array($ticketstatus, $NAcceptedTicketStatus)) {
+             throw new Exception("Ticket status not available.");
+        } 
+
+        return true;
+    }
+
+    	// Get formated date from string
+    public function getFormatedDate($fullstring, $condition)
+    {
+
+    	switch ($condition) {
+    	  case "start":
+    	        $startDate = substr($fullstring, 0, 10);
+       			$result = str_replace("-","/",$startDate);
+    	    break;
+    	  case "end":
+        		$endDate = substr($fullstring, -10);
+        		$result = str_replace("-","/",$endDate);
+    	    break;
+    	  default:
+    	    throw new Exception("Helper: condition date not recognize.");
+    	} 
+
+    	return $result;
+
+    }    
+}

ost_wbs/classes/class.key.php

@@ -0,0 +1,56 @@
+<?php
+class apiKey
+{
+
+    var $farray;
+
+    function __construct() {
+        $this->key = false;
+        $this->cancreate = false;
+        $this->isactive = false;
+        $this->countR = false;
+    }
+
+    function OAuth($key)
+    {
+
+        if($key) $this->key = $key;
+        // Connect Database
+        $Dbobj = new DBConnection(); 
+        $mysqli = $Dbobj->getDBConnect();
+
+        $GetKey = $mysqli->query("SELECT * FROM ".TABLE_PREFIX."api_key WHERE apiKey = '$key'");
+        $this->farray = $GetKey->fetch_array(); 
+        $this->countR = $GetKey->num_rows;
+
+        // If exists
+        if(!$this->countR)
+            throw new Exception("No API Key found.");
+        // Check IPAddress
+        if(!$this->farray["isactive"] || APIKEY_RESTRICT && $this->farray["ipaddr"] != $_SERVER['REMOTE_ADDR'])
+            throw new Exception("API key not found/active or source IP not authorized");
+
+    } 
+
+    function cancreate()
+    {
+        return $this->farray["can_create_tickets"];
+    }
+
+    function isactive()
+    {
+        return $this->farray["isactive"];
+    }
+
+    function ippaddr()
+    {
+        return $this->farray["ippaddr"];
+    }
+
+}
+
+// Init API Key verification
+$apiAuth = new apiKey;
+$apiAuth->OAuth($key["apikey"]);
+
+?>

ost_wbs/classes/ticket_class.php → ost_wbs/classes/class.ticket.php

@@ -1,6 +1,43 @@
 <?php
+
 class Ticket 
 {
+        function compileResults($result)
+        {
+            return array(
+                    'ticket_id'=>$result->ticket_id,
+                    'ticket_pid'=>$result->ticket_pid,
+                    'number'=>$result->number,
+                    'user_id'=>$result->user_id,
+                    'user_email_id'=>$result->user_email_id,
+                    'status_id'=>$result->status_id,
+                    'dept_id'=>$result->dept_id,
+                    'sla_id'=>$result->sla_id,
+                    'topic_id'=>$result->topic_id,
+                    'staff_id'=>$result->staff_id,
+                    'team_id'=>$result->team_id,
+                    'email_id'=>$result->email_id,
+                    'lock_id'=>$result->lock_id,
+                    'flags'=>$result->flags,
+                    'sort'=>$result->sort,
+                    'subject'=>utf8_encode($result->subject),
+                    'title'=>utf8_encode($result->title),
+                    'body'=>utf8_encode($result->body),
+                    'ip_address'=>$result->ip_address,
+                    'source'=>$result->source,
+                    'source_extra'=>$result->source_extra,
+                    'isoverdue'=>$result->isoverdue,
+                    'isanswered'=>$result->isanswered,
+                    'duedate'=>$result->duedate,
+                    'est_duedate'=>$result->est_duedate,
+                    'reopened'=>$result->reopened,
+                    'closed'=>$result->closed,
+                    'lastupdate'=>$result->lastupdate,
+                    'created'=>$result->created,
+                    'updated'=>$result->updated
+            );
+        }  
+
         public function all($parameters)
         {
             // Connect Database
@@ -63,6 +100,7 @@ public function all($parameters)
             // get num rows
             $numRows = $getTickets->num_rows;
             $countRows = 1;
+            $sameTicket = false;
 
             // Fetch data
             while($PrintTickets = $getTickets->fetch_object())
@@ -76,41 +114,10 @@ public function all($parameters)
                         $ownTicket = array();
                     }
 
-                    array_push($ownTicket,
-                        array(
-                            'ticket_id'=>$PrintTickets->ticket_id,
-                            'ticket_pid'=>$PrintTickets->ticket_pid,
-                            'number'=>$PrintTickets->number,
-                            'user_id'=>$PrintTickets->user_id,
-                            'user_email_id'=>$PrintTickets->user_email_id,
-                            'status_id'=>$PrintTickets->status_id,
-                            'dept_id'=>$PrintTickets->dept_id,
-                            'sla_id'=>$PrintTickets->sla_id,
-                            'topic_id'=>$PrintTickets->topic_id,
-                            'staff_id'=>$PrintTickets->staff_id,
-                            'team_id'=>$PrintTickets->team_id,
-                            'email_id'=>$PrintTickets->email_id,
-                            'lock_id'=>$PrintTickets->lock_id,
-                            'flags'=>$PrintTickets->flags,
-                            'sort'=>$PrintTickets->sort,
-                            'subject'=>utf8_encode($PrintTickets->subject),
-                            'title'=>utf8_encode($PrintTickets->title),
-                            'body'=>utf8_encode($PrintTickets->body),
-                            'ip_address'=>$PrintTickets->ip_address,
-                            'source'=>$PrintTickets->source,
-                            'source_extra'=>$PrintTickets->source_extra,
-                            'isoverdue'=>$PrintTickets->isoverdue,
-                            'isanswered'=>$PrintTickets->isanswered,
-                            'duedate'=>$PrintTickets->duedate,
-                            'est_duedate'=>$PrintTickets->est_duedate,
-                            'reopened'=>$PrintTickets->reopened,
-                            'closed'=>$PrintTickets->closed,
-                            'lastupdate'=>$PrintTickets->lastupdate,
-                            'created'=>$PrintTickets->created,
-                            'updated'=>$PrintTickets->updated
-                      ));   
-
-                     if($countRows == $numRows)
+                    // Compile results
+                    array_push($ownTicket, self::compileResults($PrintTickets));   
+
+                    if($countRows == $numRows)
                         array_push($result, $ownTicket);
 
                     $countRows++;
@@ -143,42 +150,7 @@ public function specific($parameters)
             $numRows = $getTickets->num_rows;
 
             // Fetch data
-            while($PrintTickets = $getTickets->fetch_object())
-            {
-                 array_push($result,
-                    array(
-                        'ticket_id'=>$PrintTickets->ticket_id,
-                        'ticket_pid'=>$PrintTickets->ticket_pid,
-                        'number'=>$PrintTickets->number,
-                        'user_id'=>$PrintTickets->user_id,
-                        'user_email_id'=>$PrintTickets->user_email_id,
-                        'status_id'=>$PrintTickets->status_id,
-                        'dept_id'=>$PrintTickets->dept_id,
-                        'sla_id'=>$PrintTickets->sla_id,
-                        'topic_id'=>$PrintTickets->topic_id,
-                        'staff_id'=>$PrintTickets->staff_id,
-                        'team_id'=>$PrintTickets->team_id,
-                        'email_id'=>$PrintTickets->email_id,
-                        'lock_id'=>$PrintTickets->lock_id,
-                        'flags'=>$PrintTickets->flags,
-                        'sort'=>$PrintTickets->sort,
-                        'subject'=>utf8_encode($PrintTickets->subject),
-                        'title'=>utf8_encode($PrintTickets->title),
-                        'body'=>utf8_encode($PrintTickets->body),
-                        'ip_address'=>$PrintTickets->ip_address,
-                        'source'=>$PrintTickets->source,
-                        'source_extra'=>$PrintTickets->source_extra,
-                        'isoverdue'=>$PrintTickets->isoverdue,
-                        'isanswered'=>$PrintTickets->isanswered,
-                        'duedate'=>$PrintTickets->duedate,
-                        'est_duedate'=>$PrintTickets->est_duedate,
-                        'reopened'=>$PrintTickets->reopened,
-                        'closed'=>$PrintTickets->closed,
-                        'lastupdate'=>$PrintTickets->lastupdate,
-                        'created'=>$PrintTickets->created,
-                        'updated'=>$PrintTickets->updated
-                  ));   
-            }
+            while($PrintTickets = $getTickets->fetch_object()){ array_push($ownTicket, self::compileResults($PrintTickets)); }
 
             // Check if there are some results in the array
             if(!$result){

ost_wbs/config.php

@@ -1,8 +1,8 @@
 <?php
-// Turn off all error reporting
-error_reporting(0);
+# Turn off all error reporting
+error_reporting();
 
-// Database Credentials
+# Database Credentials
 define('DBTYPE','');
 define('DBHOST','');
 define('DBNAME','');
@@ -12,10 +12,17 @@
 # Table prefix
 define('TABLE_PREFIX','ost_');
 
+# Global Rules
+define('ATSTATUS', array(0,1,2,3,4,5,6,7));
+define('APIKEY_RESTRICT', false); // Check for IP authorization
+
+
+# DB Connection
 class DBConnection{
     function getDBConnect(){
 
         $mysqli = new mysqli(DBHOST,DBUSER,DBPASS,DBNAME) or die("Couldn't connect");
+
         if ($mysqli->connect_errno)
         { 
             echo "ERROR: Cannot connect web service to database";
@@ -26,12 +33,4 @@ function getDBConnect(){
     }
 }
 
-#######################################################################################################
-// API GLOBAL RULES
-#######################################################################################################
-
-// Available Ticket Status
-define('ATSTATUS', array(0,1,2,3,4,5,6,7));
-
-
 ?>

ost_wbs/index.php

@@ -14,12 +14,12 @@
 
 // Require classes
 require_once 'config.php';
-require_once 'classes/helper_class.php';
-require_once 'classes/apikey_class.php';
-require_once 'classes/ticket_class.php';
-require_once 'classes/user_class.php';
-require_once 'classes/department_class.php';
-require_once 'classes/sla_class.php';
+require_once 'classes/class.helper.php';
+require_once 'classes/class.ticket.php';
+require_once 'classes/class.user.php';
+require_once 'classes/class.department.php';
+require_once 'classes/class.sla.php';
+
 
 // Main Class
 class OSTicketAPI
@@ -30,22 +30,19 @@ public static function open($request)
         $key = array("apikey" => $request['apikey']);
         $classe = ucfirst($request['query']);
         $method = $request['condition'];
-
-        // If no sort parameters, goes "none"
+
         $sort = "none";
         $sort = $request['sort'];
 
-        // If no parameter, goes "none"
         $parameters = "none";
         $parameters = explode(",", $request['parameters']);
-
         $fparams = array("sort" => $sort, "parameters" => $parameters);
 
         try {
 
             // Check API Key
-            call_user_func_array(array(new apiKey, check), $key); 
-            
+            require_once 'classes/class.key.php';
+
                 if(class_exists($classe))
                 {
                     if(method_exists($classe, $method))