false, 'error' => 'Not authenticated']); exit; } // Check admin status - audit log viewing is admin-only $isAdmin = $_SESSION['user']['is_admin'] ?? false; if (!$isAdmin) { http_response_code(403); echo json_encode(['success' => false, 'error' => 'Admin access required']); exit; } // Use centralized database connection $conn = Database::getConnection(); $auditLogModel = new AuditLogModel($conn); // GET - Fetch filtered audit logs or export to CSV if ($_SERVER['REQUEST_METHOD'] === 'GET') { // Check for CSV export request if (isset($_GET['export']) && $_GET['export'] === 'csv') { // Build filters $filters = []; if (isset($_GET['action_type'])) $filters['action_type'] = $_GET['action_type']; if (isset($_GET['entity_type'])) $filters['entity_type'] = $_GET['entity_type']; if (isset($_GET['user_id'])) $filters['user_id'] = $_GET['user_id']; if (isset($_GET['entity_id'])) $filters['entity_id'] = $_GET['entity_id']; if (isset($_GET['date_from'])) $filters['date_from'] = $_GET['date_from']; if (isset($_GET['date_to'])) $filters['date_to'] = $_GET['date_to']; if (isset($_GET['ip_address'])) $filters['ip_address'] = $_GET['ip_address']; // Get all matching logs (no limit for CSV export) $result = $auditLogModel->getFilteredLogs($filters, 10000, 0); $logs = $result['logs']; // Set CSV headers header('Content-Type: text/csv'); header('Content-Disposition: attachment; filename="audit_log_' . date('Y-m-d_His') . '.csv"'); // Output CSV $output = fopen('php://output', 'w'); // Write CSV header fputcsv($output, ['Log ID', 'Timestamp', 'User', 'Action', 'Entity Type', 'Entity ID', 'IP Address', 'Details']); // Write data rows foreach ($logs as $log) { $details = ''; if (is_array($log['details'])) { $details = json_encode($log['details']); } fputcsv($output, [ $log['log_id'], $log['created_at'], $log['display_name'] ?? $log['username'] ?? 'N/A', $log['action_type'], $log['entity_type'], $log['entity_id'] ?? 'N/A', $log['ip_address'] ?? 'N/A', $details ]); } fclose($output); exit; } // Normal JSON response for filtered logs try { // Get pagination parameters $page = isset($_GET['page']) ? (int)$_GET['page'] : 1; $limit = isset($_GET['limit']) ? (int)$_GET['limit'] : 50; $offset = ($page - 1) * $limit; // Build filters $filters = []; if (isset($_GET['action_type'])) $filters['action_type'] = $_GET['action_type']; if (isset($_GET['entity_type'])) $filters['entity_type'] = $_GET['entity_type']; if (isset($_GET['user_id'])) $filters['user_id'] = $_GET['user_id']; if (isset($_GET['entity_id'])) $filters['entity_id'] = $_GET['entity_id']; if (isset($_GET['date_from'])) $filters['date_from'] = $_GET['date_from']; if (isset($_GET['date_to'])) $filters['date_to'] = $_GET['date_to']; if (isset($_GET['ip_address'])) $filters['ip_address'] = $_GET['ip_address']; // Get filtered logs $result = $auditLogModel->getFilteredLogs($filters, $limit, $offset); echo json_encode([ 'success' => true, 'logs' => $result['logs'], 'total' => $result['total'], 'pages' => $result['pages'], 'current_page' => $page ]); } catch (Exception $e) { http_response_code(500); echo json_encode(['success' => false, 'error' => 'Failed to fetch audit logs']); } $conn->close(); exit; } // Method not allowed http_response_code(405); echo json_encode(['success' => false, 'error' => 'Method not allowed']); $conn->close(); ?>