AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-02-28 10:54:52 +00:00
Code Issues Packages Projects Releases Wiki Activity

Updated new API Validation with api-keys table and added some additonal log fields

Browse Source
This commit is contained in:
johnnyq
2022-02-04 16:37:19 -05:00
parent c01b48c6ec
commit b8e5d5844d
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
api/v1/validate_api_key.php
View File

@@ -52,16 +52,16 @@ if(isset($_POST['api_key'])){
if(isset($api_key)){
$api_key = mysqli_real_escape_string($mysqli,$api_key);
$sql = mysqli_query($mysqli,"SELECT * FROM settings, companies WHERE settings.company_id = companies.company_id AND settings.config_api_key = '$api_key'");
$sql = mysqli_query($mysqli,"SELECT * FROM api_keys, companies WHERE api_keys.company_id = companies.company_id AND api_key_secret = '$api_key' AND api_key_expire > NOW()");
// Failed
if(mysqli_num_rows($sql) != 1){
// Invalid Key
header("HTTP/1.1 401 Unauthorized");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Incorrect Key', log_description = 'Failed from $ip', log_created_at = NOW()");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Failed', log_description = 'Incorrect or expired Key', log_ip = '$ip', log_user_agent = '$session_user_agent', log_created_at = NOW()");
$return_arr['success'] = "False";
$return_arr['message'] = "API Key authentication failure.";
$return_arr['message'] = "API Key authentication failure or expired.";
header("HTTP/1.1 401 Unauthorized");
echo json_encode($return_arr);