api/audit_log.php

<?php
/**
 * Audit Log API Endpoint
 * Handles fetching filtered audit logs and CSV export
 * Admin-only access
 */

require_once dirname(__DIR__) . '/config/config.php';
require_once dirname(__DIR__) . '/models/AuditLogModel.php';

session_start();
header('Content-Type: application/json');

// Check authentication
if (!isset($_SESSION['user']) || !isset($_SESSION['user']['user_id'])) {
    http_response_code(401);
    echo json_encode(['success' => false, 'error' => 'Not authenticated']);
    exit;
}

// Check admin status - audit log viewing is admin-only
$isAdmin = $_SESSION['user']['is_admin'] ?? false;
if (!$isAdmin) {
    http_response_code(403);
    echo json_encode(['success' => false, 'error' => 'Admin access required']);
    exit;
}

// Create database connection
$conn = new mysqli(
    $GLOBALS['config']['DB_HOST'],
    $GLOBALS['config']['DB_USER'],
    $GLOBALS['config']['DB_PASS'],
    $GLOBALS['config']['DB_NAME']
);

if ($conn->connect_error) {
    http_response_code(500);
    echo json_encode(['success' => false, 'error' => 'Database connection failed']);
    exit;
}

$auditLogModel = new AuditLogModel($conn);

// GET - Fetch filtered audit logs or export to CSV
if ($_SERVER['REQUEST_METHOD'] === 'GET') {
    // Check for CSV export request
    if (isset($_GET['export']) && $_GET['export'] === 'csv') {
        // Build filters
        $filters = [];
        if (isset($_GET['action_type'])) $filters['action_type'] = $_GET['action_type'];
        if (isset($_GET['entity_type'])) $filters['entity_type'] = $_GET['entity_type'];
        if (isset($_GET['user_id'])) $filters['user_id'] = $_GET['user_id'];
        if (isset($_GET['entity_id'])) $filters['entity_id'] = $_GET['entity_id'];
        if (isset($_GET['date_from'])) $filters['date_from'] = $_GET['date_from'];
        if (isset($_GET['date_to'])) $filters['date_to'] = $_GET['date_to'];
        if (isset($_GET['ip_address'])) $filters['ip_address'] = $_GET['ip_address'];

        // Get all matching logs (no limit for CSV export)
        $result = $auditLogModel->getFilteredLogs($filters, 10000, 0);
        $logs = $result['logs'];

        // Set CSV headers
        header('Content-Type: text/csv');
        header('Content-Disposition: attachment; filename="audit_log_' . date('Y-m-d_His') . '.csv"');

        // Output CSV
        $output = fopen('php://output', 'w');

        // Write CSV header
        fputcsv($output, ['Log ID', 'Timestamp', 'User', 'Action', 'Entity Type', 'Entity ID', 'IP Address', 'Details']);

        // Write data rows
        foreach ($logs as $log) {
            $details = '';
            if (is_array($log['details'])) {
                $details = json_encode($log['details']);
            }

            fputcsv($output, [
                $log['log_id'],
                $log['created_at'],
                $log['display_name'] ?? $log['username'] ?? 'N/A',
                $log['action_type'],
                $log['entity_type'],
                $log['entity_id'] ?? 'N/A',
                $log['ip_address'] ?? 'N/A',
                $details
            ]);
        }

        fclose($output);
        $conn->close();
        exit;
    }

    // Normal JSON response for filtered logs
    try {
        // Get pagination parameters
        $page = isset($_GET['page']) ? (int)$_GET['page'] : 1;
        $limit = isset($_GET['limit']) ? (int)$_GET['limit'] : 50;
        $offset = ($page - 1) * $limit;

        // Build filters
        $filters = [];
        if (isset($_GET['action_type'])) $filters['action_type'] = $_GET['action_type'];
        if (isset($_GET['entity_type'])) $filters['entity_type'] = $_GET['entity_type'];
        if (isset($_GET['user_id'])) $filters['user_id'] = $_GET['user_id'];
        if (isset($_GET['entity_id'])) $filters['entity_id'] = $_GET['entity_id'];
        if (isset($_GET['date_from'])) $filters['date_from'] = $_GET['date_from'];
        if (isset($_GET['date_to'])) $filters['date_to'] = $_GET['date_to'];
        if (isset($_GET['ip_address'])) $filters['ip_address'] = $_GET['ip_address'];

        // Get filtered logs
        $result = $auditLogModel->getFilteredLogs($filters, $limit, $offset);

        echo json_encode([
            'success' => true,
            'logs' => $result['logs'],
            'total' => $result['total'],
            'pages' => $result['pages'],
            'current_page' => $page
        ]);
    } catch (Exception $e) {
        http_response_code(500);
        echo json_encode(['success' => false, 'error' => 'Failed to fetch audit logs']);
    }
    $conn->close();
    exit;
}

// Method not allowed
http_response_code(405);
echo json_encode(['success' => false, 'error' => 'Method not allowed']);
$conn->close();
?>
better filtering and searching 2026-01-09 11:20:27 -05:00			`<?php`
			`/**`
			`* Audit Log API Endpoint`
			`* Handles fetching filtered audit logs and CSV export`
			`* Admin-only access`
			`*/`

			`require_once dirname(__DIR__) . '/config/config.php';`
			`require_once dirname(__DIR__) . '/models/AuditLogModel.php';`

			`session_start();`
			`header('Content-Type: application/json');`

			`// Check authentication`
			`if (!isset($_SESSION['user']) \|\| !isset($_SESSION['user']['user_id'])) {`
			`http_response_code(401);`
			`echo json_encode(['success' => false, 'error' => 'Not authenticated']);`
			`exit;`
			`}`

			`// Check admin status - audit log viewing is admin-only`
			`$isAdmin = $_SESSION['user']['is_admin'] ?? false;`
			`if (!$isAdmin) {`
			`http_response_code(403);`
			`echo json_encode(['success' => false, 'error' => 'Admin access required']);`
			`exit;`
			`}`

			`// Create database connection`
			`$conn = new mysqli(`
			`$GLOBALS['config']['DB_HOST'],`
			`$GLOBALS['config']['DB_USER'],`
			`$GLOBALS['config']['DB_PASS'],`
			`$GLOBALS['config']['DB_NAME']`
			`);`

			`if ($conn->connect_error) {`
			`http_response_code(500);`
			`echo json_encode(['success' => false, 'error' => 'Database connection failed']);`
			`exit;`
			`}`

			`$auditLogModel = new AuditLogModel($conn);`

			`// GET - Fetch filtered audit logs or export to CSV`
			`if ($_SERVER['REQUEST_METHOD'] === 'GET') {`
			`// Check for CSV export request`
			`if (isset($_GET['export']) && $_GET['export'] === 'csv') {`
			`// Build filters`
			`$filters = [];`
			`if (isset($_GET['action_type'])) $filters['action_type'] = $_GET['action_type'];`
			`if (isset($_GET['entity_type'])) $filters['entity_type'] = $_GET['entity_type'];`
			`if (isset($_GET['user_id'])) $filters['user_id'] = $_GET['user_id'];`
			`if (isset($_GET['entity_id'])) $filters['entity_id'] = $_GET['entity_id'];`
			`if (isset($_GET['date_from'])) $filters['date_from'] = $_GET['date_from'];`
			`if (isset($_GET['date_to'])) $filters['date_to'] = $_GET['date_to'];`
			`if (isset($_GET['ip_address'])) $filters['ip_address'] = $_GET['ip_address'];`

			`// Get all matching logs (no limit for CSV export)`
			`$result = $auditLogModel->getFilteredLogs($filters, 10000, 0);`
			`$logs = $result['logs'];`

			`// Set CSV headers`
			`header('Content-Type: text/csv');`
			`header('Content-Disposition: attachment; filename="audit_log_' . date('Y-m-d_His') . '.csv"');`

			`// Output CSV`
			`$output = fopen('php://output', 'w');`

			`// Write CSV header`
			`fputcsv($output, ['Log ID', 'Timestamp', 'User', 'Action', 'Entity Type', 'Entity ID', 'IP Address', 'Details']);`

			`// Write data rows`
			`foreach ($logs as $log) {`
			`$details = '';`
			`if (is_array($log['details'])) {`
			`$details = json_encode($log['details']);`
			`}`

			`fputcsv($output, [`
			`$log['log_id'],`
			`$log['created_at'],`
			`$log['display_name'] ?? $log['username'] ?? 'N/A',`
			`$log['action_type'],`
			`$log['entity_type'],`
			`$log['entity_id'] ?? 'N/A',`
			`$log['ip_address'] ?? 'N/A',`
			`$details`
			`]);`
			`}`

			`fclose($output);`
			`$conn->close();`
			`exit;`
			`}`

			`// Normal JSON response for filtered logs`
			`try {`
			`// Get pagination parameters`
			`$page = isset($_GET['page']) ? (int)$_GET['page'] : 1;`
			`$limit = isset($_GET['limit']) ? (int)$_GET['limit'] : 50;`
			`$offset = ($page - 1) * $limit;`

			`// Build filters`
			`$filters = [];`
			`if (isset($_GET['action_type'])) $filters['action_type'] = $_GET['action_type'];`
			`if (isset($_GET['entity_type'])) $filters['entity_type'] = $_GET['entity_type'];`
			`if (isset($_GET['user_id'])) $filters['user_id'] = $_GET['user_id'];`
			`if (isset($_GET['entity_id'])) $filters['entity_id'] = $_GET['entity_id'];`
			`if (isset($_GET['date_from'])) $filters['date_from'] = $_GET['date_from'];`
			`if (isset($_GET['date_to'])) $filters['date_to'] = $_GET['date_to'];`
			`if (isset($_GET['ip_address'])) $filters['ip_address'] = $_GET['ip_address'];`

			`// Get filtered logs`
			`$result = $auditLogModel->getFilteredLogs($filters, $limit, $offset);`

			`echo json_encode([`
			`'success' => true,`
			`'logs' => $result['logs'],`
			`'total' => $result['total'],`
			`'pages' => $result['pages'],`
			`'current_page' => $page`
			`]);`
			`} catch (Exception $e) {`
			`http_response_code(500);`
			`echo json_encode(['success' => false, 'error' => 'Failed to fetch audit logs']);`
			`}`
			`$conn->close();`
			`exit;`
			`}`

			`// Method not allowed`
			`http_response_code(405);`
			`echo json_encode(['success' => false, 'error' => 'Method not allowed']);`
			`$conn->close();`
			`?>`