AS1024
/
itflow
mirror of https://github.com/itflow-org/itflow
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Updated Logging in both APIs

This commit is contained in:
johnnyq 2022-02-04 16:51:56 -05:00
parent b8e5d5844d
commit 338c991d21
2 changed files with 20 additions and 12 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

28
api.php
View File

@ -1,12 +1,18 @@
<?php include("config.php"); ?>
<?php
include("functions.php");
include("config.php");
// Get user IP
$ip = mysqli_real_escape_string($mysqli,get_ip());
// Get user agent
$user_agent = mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']);
// Check API key is provided in GET request as 'api_key'
if(!isset($_GET['api_key']) OR empty($_GET['api_key'])) {
// Missing key
header("HTTP/1.1 401 Unauthorized");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'No Key', log_description = 'No API Key specified', log_created_at = NOW()");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'No API Key specified', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
echo "Missing the API Key.";
exit();
@ -18,7 +24,7 @@ $sql = mysqli_query($mysqli,"SELECT * FROM api_keys, companies WHERE api_keys.co
if(mysqli_num_rows($sql) != 1){
// Invalid Key
header("HTTP/1.1 401 Unauthorized");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Incorrect Key', log_description = 'Failed', log_created_at = NOW()");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
echo "Incorrect or expired API Key.";
exit();
@ -42,13 +48,13 @@ if(isset($_GET['cid'])){
//Alert when call comes through
mysqli_query($mysqli,"INSERT INTO alerts SET alert_type = 'Inbound Call', alert_message = 'Inbound call from $name - $cid', alert_date = NOW(), company_id = $company_id");
//Log When call comes through
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Call', log_action = 'Inbound', log_description = 'Inbound call from $name - $cid', log_created_at = NOW(), company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'Call', log_action = 'Inbound', log_description = 'Inbound call from $name - $cid', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), company_id = $company_id");
}
if(isset($_GET['incoming_call'])){
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'call', log_description = 'incoming', log_created_at = NOW(), company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'call', log_description = 'incoming', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), company_id = $company_id");
}
@ -66,7 +72,7 @@ if(isset($_GET['primary_contact_numbers'])){
}
//Log
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Client Numbers', log_description = 'Client Phone Numbers were pulled', log_created_at = NOW(), company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Client Numbers', log_description = 'Client Phone Numbers were pulled', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), company_id = $company_id");
}
@ -123,7 +129,7 @@ if(isset($_GET['phonebook'])){
echo '</AddressBook>';
//Log
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Phonebook', log_description = 'XML Phonebook Downloaded', log_created_at = NOW(), company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Phonebook', log_description = 'XML Phonebook Downloaded', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), company_id = $company_id");
}
@ -141,7 +147,7 @@ if(isset($_GET['primary_contact_emails'])){
}
//Log
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Client Emails', log_description = 'Client Emails were pulled', log_created_at = NOW(), company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Client Emails', log_description = 'Client Emails were pulled', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), company_id = $company_id");
}
@ -166,7 +172,7 @@ if(isset($_GET['account_balance'])){
echo $balance;
//Log
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Account Balance', log_description = 'Client $client_id checked their balance which had a balance of $balance', log_created_at = NOW(), company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Account Balance', log_description = 'Client $client_id checked their balance which had a balance of $balance', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), company_id = $company_id");
}
@ -183,7 +189,7 @@ if(isset($_GET['add_asset']) && isset($_GET['client_id'])) {
mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_created_at = NOW(), asset_client_id = $client_id, company_id = $company_id");
//Logging
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Asset Created', log_description = '$name', log_created_at = NOW(), company_id = $company_id");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Asset Created', log_description = '$name', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), company_id = $company_id");
echo "Asset added!";
}

4
api/v1/validate_api_key.php
View File

@ -8,6 +8,8 @@ header('Content-Type: application/json');
// Get user IP
$ip = mysqli_real_escape_string($mysqli,get_ip());
// Get user agent
$user_agent = mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']);
// Setup return array
$return_arr = array();
@ -58,7 +60,7 @@ if(isset($api_key)){
if(mysqli_num_rows($sql) != 1){
// Invalid Key
header("HTTP/1.1 401 Unauthorized");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired Key', log_ip = '$ip', log_user_agent = '$session_user_agent', log_created_at = NOW()");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired Key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()");
$return_arr['success'] = "False";
$return_arr['message'] = "API Key authentication failure or expired.";