diff --git a/api_key_add_modal.php b/api_key_add_modal.php
new file mode 100644
index 00000000..fceabf90
--- /dev/null
+++ b/api_key_add_modal.php
@@ -0,0 +1,54 @@
+
\ No newline at end of file
diff --git a/api_key_edit_modal.php b/api_key_edit_modal.php
new file mode 100644
index 00000000..ff1e371f
--- /dev/null
+++ b/api_key_edit_modal.php
@@ -0,0 +1,56 @@
+
\ No newline at end of file
diff --git a/api_keys.php b/api_keys.php
new file mode 100644
index 00000000..1718b0ea
--- /dev/null
+++ b/api_keys.php
@@ -0,0 +1,132 @@
+ $sb, 'o' => $o)));
+
+ $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM api_keys
+ WHERE (api_key_name LIKE '%$q%')
+ AND company_id = $session_company_id
+ ORDER BY $sb $o LIMIT $record_from, $record_to");
+
+ $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()"));
+
+?>
+
+
+
+
\ No newline at end of file
diff --git a/db.sql b/db.sql
index 430f0f6c..c0b19ebf 100644
--- a/db.sql
+++ b/db.sql
@@ -63,10 +63,11 @@ DROP TABLE IF EXISTS `api_keys`;
/*!40101 SET character_set_client = utf8 */;
CREATE TABLE `api_keys` (
`api_key_id` int(11) NOT NULL AUTO_INCREMENT,
+ `api_key_name` varchar(255) NOT NULL,
`api_key_secret` varchar(255) NOT NULL,
- `api_key_description` varchar(255) DEFAULT NULL,
`api_key_created_at` datetime NOT NULL,
- `api_key_expire` datetime NOT NULL,
+ `api_key_updated_at` datetime DEFAULT NULL,
+ `api_key_expire` date NOT NULL,
`company_id` int(11) NOT NULL,
PRIMARY KEY (`api_key_id`)
) ENGINE=InnoDB DEFAULT CHARSET=utf8;
@@ -1367,4 +1368,4 @@ CREATE TABLE `vendors` (
/*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */;
/*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */;
--- Dump completed on 2022-02-01 16:24:45
+-- Dump completed on 2022-02-03 19:11:34
diff --git a/post.php b/post.php
index 01f33f30..34200eb8 100644
--- a/post.php
+++ b/post.php
@@ -397,6 +397,63 @@ if(isset($_GET['delete_user'])){
header("Location: " . $_SERVER["HTTP_REFERER"]);
+}
+// API Key
+if(isset($_POST['add_api_key'])){
+
+ $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
+ $secret = trim(mysqli_real_escape_string($mysqli,$_POST['secret']));
+ $expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['expire'])));
+
+ mysqli_query($mysqli,"INSERT INTO api_keys SET api_key_name = '$name', api_key_secret = '$secret', api_key_expire = '$expire', api_key_created_at = NOW(), company_id = $session_company_id");
+
+ $api_key_id = mysqli_insert_id($mysqli);
+
+ // Logging
+ mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API Key', log_action = 'Create', log_description = '$session_name created API Key $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
+
+ $_SESSION['alert_message'] = "API Key $name created";
+
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if(isset($_POST['edit_api_key'])){
+
+ $api_key_id = intval($_POST['api_key_id']);
+ $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name'])));
+ $secret = trim(mysqli_real_escape_string($mysqli,$_POST['secret']));
+ $expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['expire'])));
+
+ mysqli_query($mysqli,"UPDATE api_keys SET api_key_name = '$name', api_key_secret = '$secret', api_key_expire = '$expire', api_key_updated_at = NOW() WHERE api_key_id = $api_key_id AND company_id = $session_company_id");
+
+ // Logging
+ mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API Key', log_action = 'Modify', log_description = '$session_name modified API Key $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
+
+ $_SESSION['alert_message'] = "API Key $name updated";
+
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+
+}
+
+if(isset($_GET['delete_api_key'])){
+ $api_key_id = intval($_GET['delete_api_key']);
+
+ // Get API Key Name
+ $sql = mysqli_query($mysqli,"SELECT * FROM api_keys WHERE api_key_id = $api_key_id AND company_id = $session_company_id");
+ $row = mysqli_fetch_array($sql);
+ $name = $row['api_key_name'];
+
+ mysqli_query($mysqli,"DELETE FROM api_keys WHERE api_key_id = $api_key_id AND company_id = $session_company_id");
+
+ // Logging
+ mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API Key', log_action = 'Delete', log_description = '$session_name deleted user $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id");
+
+ $_SESSION['alert_type'] = "danger";
+ $_SESSION['alert_message'] = "API Key $name deleted";
+
+ header("Location: " . $_SERVER["HTTP_REFERER"]);
+
}
if(isset($_POST['add_company'])){
diff --git a/side_nav.php b/side_nav.php
index 1a52dd17..b000a416 100644
--- a/side_nav.php
+++ b/side_nav.php
@@ -229,7 +229,7 @@
">
-
+
Tags
@@ -247,19 +247,25 @@
">
-
+
Users
+
+ ">
+
+ API Keys
+
+
">
-
+
Companies
">
-
+
Audit Logs