AS1024/itflow
1
0
Fork 0
mirror of https://github.com/itflow-org/itflow synced 2026-03-18 19:54:51 +00:00
Code Issues Packages Projects Releases Wiki Activity

Added API Expire Date check to api.php

Browse Source
This commit is contained in:
johnnyq
2022-02-04 16:27:38 -05:00
parent 59521cbfc6
commit c01b48c6ec
1 changed files with 2 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
api.php
View File

@@ -14,13 +14,13 @@ if(!isset($_GET['api_key']) OR empty($_GET['api_key'])) {
// Validate API key from GET request // Validate API key from GET request
$api_key = mysqli_real_escape_string($mysqli,$_GET['api_key']); $api_key = mysqli_real_escape_string($mysqli,$_GET['api_key']);
$sql = mysqli_query($mysqli,"SELECT * FROM api_keys, companies WHERE api_keys.company_id = companies.company_id AND api_keys.api_key_secret = '$api_key'"); $sql = mysqli_query($mysqli,"SELECT * FROM api_keys, companies WHERE api_keys.company_id = companies.company_id AND api_keys.api_key_secret = '$api_key' AND api_key_expire > NOW()");
if(mysqli_num_rows($sql) != 1){ if(mysqli_num_rows($sql) != 1){
// Invalid Key // Invalid Key
header("HTTP/1.1 401 Unauthorized"); header("HTTP/1.1 401 Unauthorized");
mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Incorrect Key', log_description = 'Failed', log_created_at = NOW()"); mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Incorrect Key', log_description = 'Failed', log_created_at = NOW()");
echo "Incorrect API Key."; echo "Incorrect or expired API Key.";
exit(); exit();
} }