Browse Source

user id int fixed; token check

master
Robin Thoni 10 years ago
parent
commit
765ac304b6
4 changed files with 24 additions and 12 deletions
  1. 1
    11
      index.php
  2. 12
    0
      status.php
  3. 1
    1
      user.php
  4. 10
    0
      utils.php

+ 1
- 11
index.php View File

4
 require_once "user.php";
4
 require_once "user.php";
5
 require_once "sql.php";
5
 require_once "sql.php";
6
 
6
 
7
-function check_api_key_()
8
-{
9
-  $headers = apache_request_headers();
10
-  if (!isset($headers["Api-Key"]))
11
-    return false;
12
-  return database_exec("SELECT id FROM api_keys WHERE `key` = :key",
13
-                       array(":key" => $headers["Api-Key"]))-> fetch()
14
-                       !== false;
15
-}
16
-
17
 function check_api_key()
7
 function check_api_key()
18
 {
8
 {
19
-  if (!check_api_key_())
9
+  if (!check_table_field("Api-Key", "api_keys", "key"))
20
     error(401, "Bad API key");
10
     error(401, "Bad API key");
21
 }
11
 }
22
 
12
 

+ 12
- 0
status.php View File

1
 <?php
1
 <?php
2
+require_once "utils.php";
3
+
4
+function check_token()
5
+{
6
+  if (!check_table_field("Authorization", "tokens", "token"))
7
+    error(401, "Invalid token");
8
+}
9
+
2
 function status_confirm($id)
10
 function status_confirm($id)
3
 {
11
 {
12
+  check_token();
4
 }
13
 }
5
 
14
 
6
 function status_create()
15
 function status_create()
7
 {
16
 {
17
+  check_token();
18
+  $status = get_post("status");
8
 }
19
 }
9
 
20
 
10
 function status_feed()
21
 function status_feed()
11
 {
22
 {
23
+  check_token();
12
 }
24
 }
13
 ?>
25
 ?>

+ 1
- 1
user.php View File

41
   $token = hash_password(uniqid(mt_rand(), true));
41
   $token = hash_password(uniqid(mt_rand(), true));
42
   database_exec("INSERT INTO tokens (`token`, `user`) VALUES (:token, :user)",
42
   database_exec("INSERT INTO tokens (`token`, `user`) VALUES (:token, :user)",
43
     array(":token" => $token, ":user" => $u['id']));
43
     array(":token" => $token, ":user" => $u['id']));
44
-  echo json_encode(array("username" => $username, "id" => $u["id"],
44
+  echo json_encode(array("username" => $username, "id" => intval($u["id"]),
45
     "token" => $token));
45
     "token" => $token));
46
 }
46
 }
47
 ?>
47
 ?>

+ 10
- 0
utils.php View File

28
     return false;
28
     return false;
29
 }
29
 }
30
 
30
 
31
+function check_table_field($header, $table, $field)
32
+{
33
+  $headers = apache_request_headers();
34
+  if (!isset($headers[$header]))
35
+    return false;
36
+  return database_exec("SELECT id FROM $table WHERE `$field` = :data",
37
+    array(":data" => $headers[$header]))-> fetch()
38
+    !== false;
39
+}
40
+
31
 ?>
41
 ?>

Loading…
Cancel
Save