diff --git a/api.php b/api.php index f68ab40a..098c6c60 100644 --- a/api.php +++ b/api.php @@ -1,12 +1,18 @@ - - '; //Log - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Phonebook', log_description = 'XML Phonebook Downloaded', log_created_at = NOW(), company_id = $company_id"); + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Phonebook', log_description = 'XML Phonebook Downloaded', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), company_id = $company_id"); } @@ -141,7 +147,7 @@ if(isset($_GET['primary_contact_emails'])){ } //Log - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Client Emails', log_description = 'Client Emails were pulled', log_created_at = NOW(), company_id = $company_id"); + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Client Emails', log_description = 'Client Emails were pulled', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), company_id = $company_id"); } @@ -166,7 +172,7 @@ if(isset($_GET['account_balance'])){ echo $balance; //Log - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Account Balance', log_description = 'Client $client_id checked their balance which had a balance of $balance', log_created_at = NOW(), company_id = $company_id"); + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Account Balance', log_description = 'Client $client_id checked their balance which had a balance of $balance', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), company_id = $company_id"); } @@ -183,7 +189,7 @@ if(isset($_GET['add_asset']) && isset($_GET['client_id'])) { mysqli_query($mysqli,"INSERT INTO assets SET asset_name = '$name', asset_type = '$type', asset_make = '$make', asset_model = '$model', asset_serial = '$serial', asset_os = '$os', asset_created_at = NOW(), asset_client_id = $client_id, company_id = $company_id"); //Logging - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Asset Created', log_description = '$name', log_created_at = NOW(), company_id = $company_id"); + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Asset Created', log_description = '$name', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW(), company_id = $company_id"); echo "Asset added!"; } diff --git a/api/v1/validate_api_key.php b/api/v1/validate_api_key.php index 9f0c07e2..16d3af63 100644 --- a/api/v1/validate_api_key.php +++ b/api/v1/validate_api_key.php @@ -8,6 +8,8 @@ header('Content-Type: application/json'); // Get user IP $ip = mysqli_real_escape_string($mysqli,get_ip()); +// Get user agent +$user_agent = mysqli_real_escape_string($mysqli,$_SERVER['HTTP_USER_AGENT']); // Setup return array $return_arr = array(); @@ -58,7 +60,7 @@ if(isset($api_key)){ if(mysqli_num_rows($sql) != 1){ // Invalid Key header("HTTP/1.1 401 Unauthorized"); - mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired Key', log_ip = '$ip', log_user_agent = '$session_user_agent', log_created_at = NOW()"); + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired Key', log_ip = '$ip', log_user_agent = '$user_agent', log_created_at = NOW()"); $return_arr['success'] = "False"; $return_arr['message'] = "API Key authentication failure or expired.";