Sfoglia il codice sorgente

user id int fixed; token check

master
Robin Thoni 10 anni fa
parent
commit
765ac304b6
4 ha cambiato i file con 24 aggiunte e 12 eliminazioni
  1. 1
    11
      index.php
  2. 12
    0
      status.php
  3. 1
    1
      user.php
  4. 10
    0
      utils.php

+ 1
- 11
index.php Vedi File

@@ -4,19 +4,9 @@ require_once "status.php";
4 4
 require_once "user.php";
5 5
 require_once "sql.php";
6 6
 
7
-function check_api_key_()
8
-{
9
-  $headers = apache_request_headers();
10
-  if (!isset($headers["Api-Key"]))
11
-    return false;
12
-  return database_exec("SELECT id FROM api_keys WHERE `key` = :key",
13
-                       array(":key" => $headers["Api-Key"]))-> fetch()
14
-                       !== false;
15
-}
16
-
17 7
 function check_api_key()
18 8
 {
19
-  if (!check_api_key_())
9
+  if (!check_table_field("Api-Key", "api_keys", "key"))
20 10
     error(401, "Bad API key");
21 11
 }
22 12
 

+ 12
- 0
status.php Vedi File

@@ -1,13 +1,25 @@
1 1
 <?php
2
+require_once "utils.php";
3
+
4
+function check_token()
5
+{
6
+  if (!check_table_field("Authorization", "tokens", "token"))
7
+    error(401, "Invalid token");
8
+}
9
+
2 10
 function status_confirm($id)
3 11
 {
12
+  check_token();
4 13
 }
5 14
 
6 15
 function status_create()
7 16
 {
17
+  check_token();
18
+  $status = get_post("status");
8 19
 }
9 20
 
10 21
 function status_feed()
11 22
 {
23
+  check_token();
12 24
 }
13 25
 ?>

+ 1
- 1
user.php Vedi File

@@ -41,7 +41,7 @@ function user_login($username = false)
41 41
   $token = hash_password(uniqid(mt_rand(), true));
42 42
   database_exec("INSERT INTO tokens (`token`, `user`) VALUES (:token, :user)",
43 43
     array(":token" => $token, ":user" => $u['id']));
44
-  echo json_encode(array("username" => $username, "id" => $u["id"],
44
+  echo json_encode(array("username" => $username, "id" => intval($u["id"]),
45 45
     "token" => $token));
46 46
 }
47 47
 ?>

+ 10
- 0
utils.php Vedi File

@@ -28,4 +28,14 @@ function get_post($key, $is_error = true)
28 28
     return false;
29 29
 }
30 30
 
31
+function check_table_field($header, $table, $field)
32
+{
33
+  $headers = apache_request_headers();
34
+  if (!isset($headers[$header]))
35
+    return false;
36
+  return database_exec("SELECT id FROM $table WHERE `$field` = :data",
37
+    array(":data" => $headers[$header]))-> fetch()
38
+    !== false;
39
+}
40
+
31 41
 ?>

Loading…
Annulla
Salva