Initial API restructure

api.php

@@ -2,12 +2,32 @@
 
 <?php
 //Check Key
-if(isset($_GET['api_key'])){
+
+
+// Check API key is provided in GET request as 'api_key'
+if(!isset($_GET['api_key']) OR empty($_GET['api_key'])) {
+    // Missing key
+    header("HTTP/1.1 401 Unauthorized");
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'No Key', log_description = 'No API Key specified', log_created_at = NOW()");
+
+    echo "Missing the API Key.";
+    exit();
+}
+
+// Validate API key from GET request
 $config_api_key = mysqli_real_escape_string($mysqli,$_GET['api_key']);
-
 $sql = mysqli_query($mysqli,"SELECT * FROM settings, companies WHERE settings.company_id = companies.company_id AND settings.config_api_key = '$config_api_key'");
+if(mysqli_num_rows($sql) != 1){
+    // Invalid Key
+    header("HTTP/1.1 401 Unauthorized");
+    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Incorrect Key', log_description = 'Failed', log_created_at = NOW()");
+
+    echo "Incorrect API Key.";
+    exit();
+}
+
+// API Key is valid.
 
-    if(mysqli_num_rows($sql) == 1){
 $row = mysqli_fetch_array($sql);
 $company_id = $row['company_id'];
 
@@ -168,16 +188,5 @@ if(isset($_GET['api_key'])){
 
 }
 
-    }else{
-        echo "Incorrect API Key";
-
-        mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'Incorrect Key', log_description = 'Failed', log_created_at = NOW()");
-    }
-   
-}else{
-    echo "Missing the API Key";
-
-    mysqli_query($mysqli,"INSERT INTO logs SET log_type = 'API', log_action = 'No Key', log_description = 'No API Key specified', log_created_at = NOW()");
-}
 
 ?>