AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 10:54:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Removed old API Key from Settings api.php now uses api_keys and a key is no longer generated upon setup, Also autogen an API key upon creation.

Browse Source
This commit is contained in:
johnnyq
2022-02-04 15:59:51 -05:00
parent b58696f079
commit b1d09e6b56
7 changed files with 8 additions and 53 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
api.php
View File

@@ -13,8 +13,8 @@ if(!isset($_GET['api_key']) OR empty($_GET['api_key'])) {
}
// Validate API key from GET request
$config_api_key = mysqli_real_escape_string($mysqli,$_GET['api_key']);
$sql = mysqli_query($mysqli,"SELECT * FROM settings, companies WHERE settings.company_id = companies.company_id AND settings.config_api_key = '$config_api_key'");
$api_key = mysqli_real_escape_string($mysqli,$_GET['api_key']);
$sql = mysqli_query($mysqli,"SELECT * FROM api_keys, companies WHERE api_keys.company_id = companies.company_id AND api_keys.api_key_secret = '$api_key'");
if(mysqli_num_rows($sql) != 1){
// Invalid Key
header("HTTP/1.1 401 Unauthorized");