From b58696f079f157675f03373158797849f3a886ca Mon Sep 17 00:00:00 2001 From: johnnyq Date: Thu, 3 Feb 2022 19:12:10 -0500 Subject: [PATCH] Added API List, Create, Update Delete Interface --- api_key_add_modal.php | 54 +++++++++++++++++ api_key_edit_modal.php | 56 +++++++++++++++++ api_keys.php | 132 +++++++++++++++++++++++++++++++++++++++++ db.sql | 7 ++- post.php | 57 ++++++++++++++++++ side_nav.php | 14 +++-- 6 files changed, 313 insertions(+), 7 deletions(-) create mode 100644 api_key_add_modal.php create mode 100644 api_key_edit_modal.php create mode 100644 api_keys.php diff --git a/api_key_add_modal.php b/api_key_add_modal.php new file mode 100644 index 00000000..fceabf90 --- /dev/null +++ b/api_key_add_modal.php @@ -0,0 +1,54 @@ + \ No newline at end of file diff --git a/api_key_edit_modal.php b/api_key_edit_modal.php new file mode 100644 index 00000000..ff1e371f --- /dev/null +++ b/api_key_edit_modal.php @@ -0,0 +1,56 @@ + \ No newline at end of file diff --git a/api_keys.php b/api_keys.php new file mode 100644 index 00000000..1718b0ea --- /dev/null +++ b/api_keys.php @@ -0,0 +1,132 @@ + $sb, 'o' => $o))); + + $sql = mysqli_query($mysqli,"SELECT SQL_CALC_FOUND_ROWS * FROM api_keys + WHERE (api_key_name LIKE '%$q%') + AND company_id = $session_company_id + ORDER BY $sb $o LIMIT $record_from, $record_to"); + + $num_rows = mysqli_fetch_row(mysqli_query($mysqli,"SELECT FOUND_ROWS()")); + +?> + +
+
+

API Keys

+
+ +
+
+
+
+
+ +
+ +
+
+
+
+
+ + "> + + + + + + + + + + + + + + + + + + + + + +
NameSecretCreatedExpireAction
+ + +
+ +
+ Edit +
+ Delete +
+
+
+
+ +
+
+ + \ No newline at end of file diff --git a/db.sql b/db.sql index 430f0f6c..c0b19ebf 100644 --- a/db.sql +++ b/db.sql @@ -63,10 +63,11 @@ DROP TABLE IF EXISTS `api_keys`; /*!40101 SET character_set_client = utf8 */; CREATE TABLE `api_keys` ( `api_key_id` int(11) NOT NULL AUTO_INCREMENT, + `api_key_name` varchar(255) NOT NULL, `api_key_secret` varchar(255) NOT NULL, - `api_key_description` varchar(255) DEFAULT NULL, `api_key_created_at` datetime NOT NULL, - `api_key_expire` datetime NOT NULL, + `api_key_updated_at` datetime DEFAULT NULL, + `api_key_expire` date NOT NULL, `company_id` int(11) NOT NULL, PRIMARY KEY (`api_key_id`) ) ENGINE=InnoDB DEFAULT CHARSET=utf8; @@ -1367,4 +1368,4 @@ CREATE TABLE `vendors` ( /*!40101 SET COLLATION_CONNECTION=@OLD_COLLATION_CONNECTION */; /*!40111 SET SQL_NOTES=@OLD_SQL_NOTES */; --- Dump completed on 2022-02-01 16:24:45 +-- Dump completed on 2022-02-03 19:11:34 diff --git a/post.php b/post.php index 01f33f30..34200eb8 100644 --- a/post.php +++ b/post.php @@ -397,6 +397,63 @@ if(isset($_GET['delete_user'])){ header("Location: " . $_SERVER["HTTP_REFERER"]); +} +// API Key +if(isset($_POST['add_api_key'])){ + + $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']))); + $secret = trim(mysqli_real_escape_string($mysqli,$_POST['secret'])); + $expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['expire']))); + + mysqli_query($mysqli,"INSERT INTO api_keys SET api_key_name = '$name', api_key_secret = '$secret', api_key_expire = '$expire', api_key_created_at = NOW(), company_id = $session_company_id"); + + $api_key_id = mysqli_insert_id($mysqli); + + // Logging + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API Key', log_action = 'Create', log_description = '$session_name created API Key $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id"); + + $_SESSION['alert_message'] = "API Key $name created"; + + header("Location: " . $_SERVER["HTTP_REFERER"]); + +} + +if(isset($_POST['edit_api_key'])){ + + $api_key_id = intval($_POST['api_key_id']); + $name = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['name']))); + $secret = trim(mysqli_real_escape_string($mysqli,$_POST['secret'])); + $expire = trim(strip_tags(mysqli_real_escape_string($mysqli,$_POST['expire']))); + + mysqli_query($mysqli,"UPDATE api_keys SET api_key_name = '$name', api_key_secret = '$secret', api_key_expire = '$expire', api_key_updated_at = NOW() WHERE api_key_id = $api_key_id AND company_id = $session_company_id"); + + // Logging + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API Key', log_action = 'Modify', log_description = '$session_name modified API Key $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id"); + + $_SESSION['alert_message'] = "API Key $name updated"; + + header("Location: " . $_SERVER["HTTP_REFERER"]); + +} + +if(isset($_GET['delete_api_key'])){ + $api_key_id = intval($_GET['delete_api_key']); + + // Get API Key Name + $sql = mysqli_query($mysqli,"SELECT * FROM api_keys WHERE api_key_id = $api_key_id AND company_id = $session_company_id"); + $row = mysqli_fetch_array($sql); + $name = $row['api_key_name']; + + mysqli_query($mysqli,"DELETE FROM api_keys WHERE api_key_id = $api_key_id AND company_id = $session_company_id"); + + // Logging + mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API Key', log_action = 'Delete', log_description = '$session_name deleted user $name', log_ip = '$session_ip', log_user_agent = '$session_user_agent', log_created_at = NOW(), log_user_id = $session_user_id, company_id = $session_company_id"); + + $_SESSION['alert_type'] = "danger"; + $_SESSION['alert_message'] = "API Key $name deleted"; + + header("Location: " . $_SERVER["HTTP_REFERER"]); + } if(isset($_POST['add_company'])){ diff --git a/side_nav.php b/side_nav.php index 1a52dd17..b000a416 100644 --- a/side_nav.php +++ b/side_nav.php @@ -229,7 +229,7 @@
  • "> - +

    Tags
    • @@ -247,19 +247,25 @@
  • "> - +

    Users
    • +
  • + "> + +

    API Keys

    +     +
  • "> - +

    Companies
  • "> - +

    Audit Logs