Can now enable/disable public API

admin/api_settings.php

@@ -39,11 +39,7 @@ if (is_dir(HESK_PATH . 'install')) {
 
 // Get all the required files and functions
 require(HESK_PATH . 'hesk_settings.inc.php');
-
-// Save the default language for the settings page before choosing user's preferred one
-$hesk_settings['language_default'] = $hesk_settings['language'];
 require(HESK_PATH . 'inc/common.inc.php');
-$hesk_settings['language'] = $hesk_settings['language_default'];
 require(HESK_PATH . 'inc/admin_functions.inc.php');
 hesk_load_database_functions();
 
@@ -54,9 +50,13 @@ hesk_isLoggedIn();
 // Check permissions for this feature
 hesk_checkPermission('can_man_settings');
 
+$modsForHesk_settings = mfh_getSettings();
+
+define('EXTRA_JS', '<script src="'.HESK_PATH.'internal-api/js/api-settings.js"></script>');
 // Print header
 require_once(HESK_PATH . 'inc/headerAdmin.inc.php');
 
+
 // Print main manage users page
 require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
 ?>
@@ -80,8 +80,13 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                     <td class="text-right">
                         External API
                     </td>
-                    <td class="pad-right-10 success">
-                        Enabled
+                    <td class="pad-right-10 success" id="public-api-sidebar">
+                        <?php
+                        $enabled = $modsForHesk_settings['public_api'] == '1' ? '' : 'hide';
+                        $disabled = $modsForHesk_settings['public_api'] == '1' ? 'hide' : '';
+                        ?>
+                        <span id="public-api-sidebar-disabled" class="<?php echo $disabled; ?>">Disabled</span>
+                        <span id="public-api-sidebar-enabled"  class="<?php echo $enabled; ?>">Enabled</span>
                     </td>
                 </tr>
             </table>
@@ -93,7 +98,7 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
         <ul class="nav nav-tabs">
             <li class="active"><a href="#general" data-toggle="tab"><?php echo $hesklang['tab_1']; ?></a></li>
             <li><a href="#user-security" data-toggle="tab">User Security</a></li>
-            <li><a href="#" target="_blank">API Documentation</a></li>
+            <li><a href="#" target="_blank">API Documentation <i class="fa fa-external-link"></i></a></li>
         </ul>
         <div class="tab-content summaryList tabPadding">
             <div class="tab-pane fade in active" id="general">
@@ -106,14 +111,26 @@ require_once(HESK_PATH . 'inc/show_admin_nav.inc.php');
                                 data-content="Enable or Disable the Public REST API."></i>
                         </label>
                         <div class="col-sm-9">
-                            <div class="btn-group" data-toggle="buttons">
-                                <label class="btn btn-success active">
+                            <span class="btn-group" data-toggle="buttons">
+                                <?php
+                                $on = $modsForHesk_settings['public_api'] == '1' ? 'active' : '';
+                                $off = $modsForHesk_settings['public_api'] == '1' ? '' : 'active';
+                                ?>
+                                <label id="enable-api-button" class="btn btn-success <?php echo $on; ?>">
                                     <input type="radio" name="public-api" value="1" checked> <i class="fa fa-check-circle"></i> Enable
                                 </label>
-                                <label class="btn btn-danger">
+                                <label id="disable-api-button" class="btn btn-danger <?php echo $off; ?>">
                                     <input type="radio" name="public-api" value="0"> <i class="fa fa-times-circle"></i> Disable
                                 </label>
-                            </div>
+                            </span>
+                            <span>
+                                <i id="public-api-success" class="fa fa-check-circle fa-2x green hide media-middle"
+                                    data-toggle="tooltip" title="Changes saved!"></i>
+                                <i id="public-api-failure" class="fa fa-times-circle fa-2x red hide media-middle"
+                                    data-toggle="tooltip" title="Saving changes failed. Check the logs for more information."></i>
+                                <i id="public-api-saving" class="fa fa-spin fa-spinner fa-2x hide media-middle"
+                                    data-toggle="tooltip" title="Saving..."></i>
+                            </span>
                         </div>
                     </div>
                 </form>

css/mods-for-hesk.css

@@ -197,10 +197,6 @@ div.setupButtons {
     padding: 10px 0;
 }
 
-.hide {
-    display: none;
-}
-
 .font-size-90 {
     font-size: .9em !important;
 }

inc/common.inc.php

@@ -167,6 +167,18 @@ function hesk_load_api_database_functions()
 } // END hesk_load_database_functions()
 
 
+function hesk_load_internal_api_database_functions()
+{
+    require(HESK_PATH . 'internal-api/core/json_error.php');
+    // Preferrably use the MySQLi functions
+    if (function_exists('mysqli_connect')) {
+        require(HESK_PATH . 'internal-api/core/database_mysqli.inc.php');
+    } // Default to MySQL
+    else {
+        require(HESK_PATH . 'internal-api/core/database.inc.php');
+    }
+} // END hesk_load_database_functions()
+
 function hesk_unlink($file, $older_than = 0)
 {
     return (is_file($file) && (!$older_than || (time() - filectime($file)) > $older_than) && @unlink($file)) ? true : false;

inc/headerAdmin.inc.php

@@ -89,6 +89,12 @@ $modsForHesk_settings = mfh_getSettings();
     <script type="text/javascript" src="//cdnjs.cloudflare.com/ajax/libs/leaflet/0.7.3/leaflet.js"></script>
     <script type="text/javascript" src="<?php echo HESK_PATH; ?>js/platform.js"></script>
     <script type="text/javascript" src="<?php echo HESK_PATH; ?>js/bootstrap-validator.min.js"></script>
+    <script type="text/javascript" src="<?php echo HESK_PATH; ?>internal-api/js/core.php"></script>
+    <?php
+    if (defined('EXTRA_JS')) {
+        echo EXTRA_JS;
+    }
+    ?>
     <style>
         .navbar-default {
             background-color: <?php echo $modsForHesk_settings['navbarBackgroundColor']; ?>;

install/mods-for-hesk/sql/installSql.php

@@ -694,3 +694,13 @@ function execute252Scripts()
 
     executeQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "settings` SET `Value` = '2.5.2' WHERE `Key` = 'modsForHeskVersion'");
 }
+
+// Version 2.6.0
+function execute260Scripts()
+{
+    global $hesk_settings;
+    hesk_dbConnect();
+
+    executeQuery("INSERT INTO `" . hesk_dbEscape($hesk_settings['db_pfix']) . "settings` (`Key`, `Value`) VALUES ('public_api', '1')");
+    executeQuery("UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "settings` SET `Value` = '2.6.0' WHERE `Key` = 'modsForHeskVersion'");
+}

internal-api/admin/api-settings/index.php

@@ -0,0 +1,28 @@
+<?php
+define('IN_SCRIPT', 1);
+define('HESK_PATH', '../../../');
+define('INTERNAL_API_PATH', '../../');
+require_once(HESK_PATH . 'hesk_settings.inc.php');
+require_once(HESK_PATH . 'inc/common.inc.php');
+require_once(INTERNAL_API_PATH . 'core/output.php');
+require_once(INTERNAL_API_PATH . 'dao/settings_dao.php');
+
+hesk_load_internal_api_database_functions();
+hesk_dbConnect();
+
+// Routing
+$request_method = $_SERVER['REQUEST_METHOD'];
+if ($request_method == 'POST') {
+    $key = $_POST['key'];
+    $value = $_POST['value'];
+
+    if ($key == NULL || $value == NULL) {
+        return http_response_code(400);
+    }
+
+    update_setting($key, $value, $hesk_settings);
+
+    return http_response_code(204);
+}
+
+return http_response_code(405);

internal-api/core/database.inc.php

@@ -0,0 +1,250 @@
+<?php
+/*******************************************************************************
+*  Title: Help Desk Software HESK
+*  Version: 2.6.1 from 26th February 2015
+*  Author: Klemen Stirn
+*  Website: http://www.hesk.com
+********************************************************************************
+*  COPYRIGHT AND TRADEMARK NOTICE
+*  Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
+*  HESK is a registered trademark of Klemen Stirn.
+
+*  The HESK may be used and modified free of charge by anyone
+*  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
+*  By using this code you agree to indemnify Klemen Stirn from any
+*  liability that might arise from it's use.
+
+*  Selling the code for this program, in part or full, without prior
+*  written consent is expressly forbidden.
+
+*  Using this code, in part or full, to create derivate work,
+*  new scripts or products is expressly forbidden. Obtain permission
+*  before redistributing this software over the Internet or in
+*  any other medium. In all cases copyright and header must remain intact.
+*  This Copyright is in full effect in any country that has International
+*  Trade Agreements with the United States of America or
+*  with the European Union.
+
+*  Removing any of the copyright notices without purchasing a license
+*  is expressly forbidden. To remove HESK copyright notice you must purchase
+*  a license for this script. For more information on how to obtain
+*  a license please visit the page below:
+*  https://www.hesk.com/buy.php
+*******************************************************************************/
+
+/* Check if this is a valid include */
+if (!defined('IN_SCRIPT')) {die('Invalid attempt');} 
+
+
+function hesk_dbSetNames()
+{
+	global $hesk_settings, $hesk_db_link;
+
+    if ($hesk_settings['db_vrsn'])
+    {
+		mysql_set_charset('utf8', $hesk_db_link);
+    }
+    else
+    {
+    	hesk_dbQuery("SET NAMES 'utf8'");
+    }
+
+} // END hesk_dbSetNames()
+
+
+function hesk_dbFormatEmail($email, $field = 'email')
+{
+	global $hesk_settings;
+
+	$email = hesk_dbLike($email);    
+
+	if ($hesk_settings['multi_eml'])
+	{
+		return " (`".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email)."' OR `".hesk_dbEscape($field)."` LIKE '%,".hesk_dbEscape($email)."' OR `".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email).",%' OR `".hesk_dbEscape($field)."` LIKE '%,".hesk_dbEscape($email).",%') ";
+	}
+	else
+	{
+		return " `".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email)."' ";
+	}
+
+} // END hesk_dbFormatEmail()
+
+
+function hesk_dbTime()
+{
+	$res = hesk_dbQuery("SELECT NOW()");
+	return strtotime(hesk_dbResult($res,0,0));
+} // END hesk_dbTime()
+
+
+function hesk_dbEscape($in)
+{
+	global $hesk_db_link;
+
+    $in = mysql_real_escape_string(stripslashes($in), $hesk_db_link);
+    $in = str_replace('`','&#96;',$in);
+
+    return $in;
+} // END hesk_dbEscape()
+
+
+function hesk_dbLike($in)
+{
+	return str_replace( array('_', '%'), array('\\\\_', '\\\\%'), $in);
+} // END hesk_dbLike()
+
+
+function hesk_dbConnect()
+{
+	global $hesk_settings;
+	global $hesk_db_link;
+    global $hesklang;
+
+    // Is mysql supported?
+    if ( ! function_exists('mysql_connect') )
+    {
+    	die($hesklang['emp']);
+    }
+
+    // Connect to the database
+    $hesk_db_link = @mysql_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass']);
+
+	// Errors?
+    if ( ! $hesk_db_link)
+    {
+    	if ($hesk_settings['debug_mode'])
+        {
+            $message = $hesklang['mysql_said'] . ': ' . mysql_error();
+        }
+        else
+        {
+            $message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email'];
+        }
+        header('Content-Type: application/json');
+        print_error($hesklang['cant_connect_db'], $message);
+        return http_response_code(500);
+    }
+
+    if ( ! @mysql_select_db($hesk_settings['db_name'], $hesk_db_link))
+    {
+    	if ($hesk_settings['debug_mode'])
+        {
+            $message = $hesklang['mysql_said'] . ': ' . mysql_error();
+        }
+        else
+        {
+            $message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email'];
+        }
+        header('Content-Type: application/json');
+        print_error($hesklang['cant_connect_db'], $message);
+        die();
+    }
+
+    // Check MySQL/PHP version and set encoding to utf8
+    hesk_dbSetNames();
+
+    return $hesk_db_link;
+
+} // END hesk_dbConnect()
+
+
+function hesk_dbClose()
+{
+	global $hesk_db_link;
+
+    return @mysql_close($hesk_db_link);
+
+} // END hesk_dbClose()
+
+
+function hesk_dbQuery($query)
+{
+    global $hesk_last_query;
+    global $hesk_db_link;
+    global $hesklang, $hesk_settings;
+
+    if ( ! $hesk_db_link && ! hesk_dbConnect())
+    {
+        return false;
+    }
+
+    $hesk_last_query = $query;
+
+    if ($res = @mysql_query($query, $hesk_db_link))
+    {
+    	return $res;
+    }
+    elseif ($hesk_settings['debug_mode'])
+    {
+        $message = $hesklang['mysql_said'] . mysql_error();
+    }
+    else
+    {
+        $message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email'];
+    }
+    header('Content-Type: application/json');
+    print_error($hesklang['cant_sql'], $message);
+    die();
+
+} // END hesk_dbQuery()
+
+
+function hesk_dbFetchAssoc($res)
+{
+
+    return @mysql_fetch_assoc($res);
+
+} // END hesk_FetchAssoc()
+
+
+function hesk_dbFetchRow($res)
+{
+
+    return @mysql_fetch_row($res);
+
+} // END hesk_FetchRow()
+
+
+function hesk_dbResult($res, $row = 0, $column = 0)
+{
+
+    return @mysql_result($res, $row, $column);
+
+} // END hesk_dbResult()
+
+
+function hesk_dbInsertID()
+{
+	global $hesk_db_link;
+
+    if ($lastid = @mysql_insert_id($hesk_db_link))
+    {
+        return $lastid;
+    }
+
+} // END hesk_dbInsertID()
+
+
+function hesk_dbFreeResult($res)
+{
+
+    return mysql_free_result($res);
+
+} // END hesk_dbFreeResult()
+
+
+function hesk_dbNumRows($res)
+{
+
+    return @mysql_num_rows($res);
+
+} // END hesk_dbNumRows()
+
+
+function hesk_dbAffectedRows()
+{
+	global $hesk_db_link;
+
+    return @mysql_affected_rows($hesk_db_link);
+
+} // END hesk_dbAffectedRows()

internal-api/core/database_mysqli.inc.php

@@ -0,0 +1,255 @@
+<?php
+/*******************************************************************************
+*  Title: Help Desk Software HESK
+*  Version: 2.6.1 from 26th February 2015
+*  Author: Klemen Stirn
+*  Website: http://www.hesk.com
+********************************************************************************
+*  COPYRIGHT AND TRADEMARK NOTICE
+*  Copyright 2005-2015 Klemen Stirn. All Rights Reserved.
+*  HESK is a registered trademark of Klemen Stirn.
+
+*  The HESK may be used and modified free of charge by anyone
+*  AS LONG AS COPYRIGHT NOTICES AND ALL THE COMMENTS REMAIN INTACT.
+*  By using this code you agree to indemnify Klemen Stirn from any
+*  liability that might arise from it's use.
+
+*  Selling the code for this program, in part or full, without prior
+*  written consent is expressly forbidden.
+
+*  Using this code, in part or full, to create derivate work,
+*  new scripts or products is expressly forbidden. Obtain permission
+*  before redistributing this software over the Internet or in
+*  any other medium. In all cases copyright and header must remain intact.
+*  This Copyright is in full effect in any country that has International
+*  Trade Agreements with the United States of America or
+*  with the European Union.
+
+*  Removing any of the copyright notices without purchasing a license
+*  is expressly forbidden. To remove HESK copyright notice you must purchase
+*  a license for this script. For more information on how to obtain
+*  a license please visit the page below:
+*  https://www.hesk.com/buy.php
+*******************************************************************************/
+
+/* Check if this is a valid include */
+if (!defined('IN_SCRIPT')) {die('Invalid attempt');}
+
+
+function hesk_dbSetNames()
+{
+	global $hesk_settings, $hesk_db_link;
+
+    if ($hesk_settings['db_vrsn'])
+    {
+		mysqli_set_charset($hesk_db_link, 'utf8');
+    }
+    else
+    {
+    	hesk_dbQuery("SET NAMES 'utf8'");
+    }
+
+} // END hesk_dbSetNames()
+
+
+function hesk_dbFormatEmail($email, $field = 'email')
+{
+	global $hesk_settings;
+
+	$email = hesk_dbLike($email);
+
+	if ($hesk_settings['multi_eml'])
+	{
+		return " (`".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email)."' OR `".hesk_dbEscape($field)."` LIKE '%,".hesk_dbEscape($email)."' OR `".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email).",%' OR `".hesk_dbEscape($field)."` LIKE '%,".hesk_dbEscape($email).",%') ";
+	}
+	else
+	{
+		return " `".hesk_dbEscape($field)."` LIKE '".hesk_dbEscape($email)."' ";
+	}
+
+} // END hesk_dbFormatEmail()
+
+
+function hesk_dbTime()
+{
+	$res = hesk_dbQuery("SELECT NOW()");
+	return strtotime(hesk_dbResult($res,0,0));
+} // END hesk_dbTime()
+
+
+function hesk_dbEscape($in)
+{
+	global $hesk_db_link;
+
+    $in = mysqli_real_escape_string($hesk_db_link, stripslashes($in));
+    $in = str_replace('`','&#96;',$in);
+
+    return $in;
+} // END hesk_dbEscape()
+
+
+function hesk_dbLike($in)
+{
+	return str_replace( array('_', '%'), array('\\\\_', '\\\\%'), $in);
+} // END hesk_dbLike()
+
+
+function hesk_dbConnect()
+{
+	global $hesk_settings;
+	global $hesk_db_link;
+    global $hesklang;
+
+    // Is mysqli supported?
+    if ( ! function_exists('mysqli_connect') )
+    {
+    	die($hesklang['emp']);
+    }
+
+	// Do we need a special port? Check and connect to the database
+	if ( strpos($hesk_settings['db_host'], ':') )
+	{
+		list($hesk_settings['db_host'], $hesk_settings['db_port']) = explode(':', $hesk_settings['db_host']);
+		$hesk_db_link = @mysqli_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass'], $hesk_settings['db_name'], intval($hesk_settings['db_port']) );
+	}
+	else
+	{
+		$hesk_db_link = @mysqli_connect($hesk_settings['db_host'], $hesk_settings['db_user'], $hesk_settings['db_pass'], $hesk_settings['db_name']);
+	}
+
+	// Errors?
+    if ( ! $hesk_db_link)
+    {
+    	if ($hesk_settings['debug_mode'])
+        {
+            $message = $hesklang['mysql_said'] . ': (' . mysqli_connect_errno() . ') ' . mysqli_connect_error();
+        }
+        else
+        {
+            $message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email'];
+        }
+        header('Content-Type: application/json');
+        print_error($hesklang['cant_connect_db'], $message);
+        http_response_code(500);
+    }
+
+    // Check MySQL/PHP version and set encoding to utf8
+    hesk_dbSetNames();
+
+    return $hesk_db_link;
+
+} // END hesk_dbConnect()
+
+
+function hesk_dbClose()
+{
+	global $hesk_db_link;
+
+    return @mysqli_close($hesk_db_link);
+
+} // END hesk_dbClose()
+
+
+function hesk_dbQuery($query)
+{
+    global $hesk_last_query;
+    global $hesk_db_link;
+    global $hesklang, $hesk_settings;
+
+    if ( ! $hesk_db_link && ! hesk_dbConnect())
+    {
+        return false;
+    }
+
+    $hesk_last_query = $query;
+
+    #echo "<p>EXPLAIN $query</p>\n";
+
+    if ($res = @mysqli_query($hesk_db_link, $query))
+    {
+    	return $res;
+    }
+    elseif ($hesk_settings['debug_mode'])
+    {
+        $message = $hesklang['mysql_said'] . ': ' . mysqli_error($hesk_db_link);
+    }
+    else
+    {
+        $message = $hesklang['contact_webmaster'] . $hesk_settings['webmaster_email'];
+    }
+    header('Content-Type: application/json');
+    print_error($hesklang['cant_sql'], $message);
+    die(http_response_code(500));
+} // END hesk_dbQuery()
+
+
+function hesk_dbFetchAssoc($res)
+{
+
+    return @mysqli_fetch_assoc($res);
+
+} // END hesk_FetchAssoc()
+
+
+function hesk_dbFetchRow($res)
+{
+
+    return @mysqli_fetch_row($res);
+
+} // END hesk_FetchRow()
+
+
+function hesk_dbResult($res, $row = 0, $column = 0)
+{
+	$i=0;
+	$res->data_seek(0);
+
+	while ($tmp = @mysqli_fetch_array($res, MYSQLI_NUM))
+    {
+		if ($i==$row)
+        {
+        	return $tmp[$column];
+        }
+		$i++;
+	}
+
+	return '';
+
+} // END hesk_dbResult()
+
+
+function hesk_dbInsertID()
+{
+	global $hesk_db_link;
+
+    if ($lastid = @mysqli_insert_id($hesk_db_link))
+    {
+        return $lastid;
+    }
+
+} // END hesk_dbInsertID()
+
+
+function hesk_dbFreeResult($res)
+{
+
+    return @mysqli_free_result($res);
+
+} // END hesk_dbFreeResult()
+
+
+function hesk_dbNumRows($res)
+{
+
+    return @mysqli_num_rows($res);
+
+} // END hesk_dbNumRows()
+
+
+function hesk_dbAffectedRows()
+{
+	global $hesk_db_link;
+
+    return @mysqli_affected_rows($hesk_db_link);
+
+} // END hesk_dbAffectedRows()

internal-api/core/json_error.php

@@ -0,0 +1,11 @@
+<?php
+
+function print_error($title, $message) {
+    $error = array();
+    $error['type'] = 'ERROR';
+    $error['title'] = $title;
+    $error['message'] = $message;
+
+    print json_encode($error);
+    return;
+}

internal-api/core/output.php

@@ -0,0 +1,7 @@
+<?php
+
+function output($data, $status_code = 200) {
+    header('Content-Type: application/json');
+    print json_encode($data);
+    return http_response_code($status_code);
+}

internal-api/dao/settings_dao.php

@@ -0,0 +1,8 @@
+<?php
+
+function update_setting($key, $value, $hesk_settings) {
+    $sql = "UPDATE `" . hesk_dbEscape($hesk_settings['db_pfix']) . "settings` SET
+        `Value` = '" . hesk_dbEscape($value) . "' WHERE `Key` = '" . hesk_dbEscape($key) . "'";
+
+    hesk_dbQuery($sql);
+}

internal-api/js/api-settings.js

@@ -0,0 +1,52 @@
+$(document).ready(function() {
+    $('#enable-api-button').click(function() {
+        updatePublicApi('1', '#enable-api-button');
+    });
+    $('#disable-api-button').click(function() {
+        updatePublicApi('0', '#disable-api-button');
+    });
+});
+
+function updatePublicApi(enable) {
+    var endpoint = getHelpdeskUrl();
+    endpoint += '/internal-api/admin/api-settings/';
+    var data = {
+        key: 'public_api',
+        value: enable
+    };
+    $('#enable-api-button').addClass('disabled');
+    $('#disable-api-button').addClass('disabled');
+    $('#public-api-saving').removeClass('hide');
+    $('#public-api-success').addClass('hide');
+    $('#public-api-failure').addClass('hide');
+    $.ajax({
+        url: endpoint,
+        data: data,
+        method: 'POST',
+        success: function() {
+            $('#enable-api-button').removeClass('disabled');
+            $('#disable-api-button').removeClass('disabled');
+            $('#public-api-saving').addClass('hide');
+            $('#public-api-success').removeClass('hide');
+
+            if (enable == '1') {
+                $('#public-api-sidebar').addClass('success')
+                    .removeClass('danger');
+                $('#public-api-sidebar-enabled').removeClass('hide');
+                $('#public-api-sidebar-disabled').addClass('hide');
+            } else {
+                $('#public-api-sidebar').addClass('danger')
+                    .removeClass('success');
+                $('#public-api-sidebar-disabled').removeClass('hide');
+                $('#public-api-sidebar-enabled').addClass('hide');
+            }
+        },
+        error: function(data) {
+            console.error(data);
+            $('#enable-api-button').removeClass('disabled');
+            $('#disable-api-button').removeClass('disabled');
+            $('#public-api-saving').addClass('hide');
+            $('#public-api-failure').removeClass('hide');
+        }
+    });
+}

internal-api/js/core.php

@@ -0,0 +1,9 @@
+<?php
+define('IN_SCRIPT', 1);
+require_once('../../hesk_settings.inc.php');
+header('Content-Type: application/javascript');
+echo "
+function getHelpdeskUrl() {
+    return '".$hesk_settings['hesk_url']."';
+}
+";