From c01b48c6ec521b5a7bf22f66166b9ae90a0b68b1 Mon Sep 17 00:00:00 2001
From: johnnyq <johnny@pittpc.com>
Date: Fri, 4 Feb 2022 16:27:38 -0500
Subject: [PATCH] Added API Expire Date check to api.php

---
 api.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/api.php b/api.php
index 674738d4..1343ed34 100644
--- a/api.php
+++ b/api.php
@@ -14,13 +14,13 @@ if(!isset($_GET['api_key']) OR empty($_GET['api_key'])) {
 
 // Validate API key from GET request
 $api_key = mysqli_real_escape_string($mysqli,$_GET['api_key']);
-$sql = mysqli_query($mysqli,"SELECT * FROM api_keys, companies WHERE api_keys.company_id = companies.company_id AND api_keys.api_key_secret = '$api_key'");
+$sql = mysqli_query($mysqli,"SELECT * FROM api_keys, companies WHERE api_keys.company_id = companies.company_id AND api_keys.api_key_secret = '$api_key' AND api_key_expire > NOW()");
 if(mysqli_num_rows($sql) != 1){
     // Invalid Key
     header("HTTP/1.1 401 Unauthorized");
     mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Incorrect Key', log_description = 'Failed', log_created_at = NOW()");
 
-    echo "Incorrect API Key.";
+    echo "Incorrect or expired API Key.";
     exit();
 }