1
|
|
|
<?php |
2
|
|
|
/** |
3
|
|
|
* A library for managing users of the web services API |
4
|
|
|
*/ |
5
|
|
|
|
6
|
|
|
// API key functions ///////////////////////////////////////////////////////////////////// |
7
|
|
|
|
8
|
|
|
/** |
9
|
|
|
* Generate a new API user for a site, returning a new keypair on success. |
10
|
|
|
* |
11
|
|
|
* @return stdClass object or false |
12
|
|
|
*/ |
13
|
|
|
function create_api_user() { |
14
|
|
|
$dbprefix = elgg_get_config('dbprefix'); |
15
|
|
|
$public = _elgg_services()->crypto->getRandomString(40, ElggCrypto::CHARS_HEX); |
16
|
|
|
$secret = _elgg_services()->crypto->getRandomString(40, ElggCrypto::CHARS_HEX); |
17
|
|
|
|
18
|
|
|
$insert = insert_data("INSERT into {$dbprefix}api_users |
19
|
|
|
(api_key, secret) values |
20
|
|
|
('$public', '$secret')"); |
21
|
|
|
|
22
|
|
|
if ($insert) { |
23
|
|
|
return get_api_user($public); |
|
|
|
|
24
|
|
|
} |
25
|
|
|
|
26
|
|
|
return false; |
|
|
|
|
27
|
|
|
} |
28
|
|
|
|
29
|
|
|
/** |
30
|
|
|
* Find an API User's details based on the provided public api key. |
31
|
|
|
* These users are not users in the traditional sense. |
32
|
|
|
* |
33
|
|
|
* @param string $api_key The API Key |
34
|
|
|
* |
35
|
|
|
* @return mixed stdClass representing the database row or false. |
36
|
|
|
*/ |
37
|
|
|
function get_api_user($api_key) { |
38
|
1 |
|
$dbprefix = elgg_get_config('dbprefix'); |
39
|
1 |
|
$api_key = sanitise_string($api_key); |
|
|
|
|
40
|
|
|
|
41
|
1 |
|
$query = "SELECT * from {$dbprefix}api_users" |
42
|
1 |
|
. " where api_key='$api_key' and active=1"; |
43
|
|
|
|
44
|
1 |
|
return get_data_row($query); |
45
|
|
|
} |
46
|
|
|
|
47
|
|
|
/** |
48
|
|
|
* Revoke an api user key. |
49
|
|
|
* |
50
|
|
|
* @param string $api_key The API Key (public). |
51
|
|
|
* |
52
|
|
|
* @return bool |
53
|
|
|
*/ |
54
|
|
|
function remove_api_user($api_key) { |
55
|
|
|
$dbprefix = elgg_get_config('dbprefix'); |
56
|
|
|
$keypair = get_api_user($api_key); |
57
|
|
|
if ($keypair) { |
|
|
|
|
58
|
|
|
return delete_data("DELETE from {$dbprefix}api_users where id={$keypair->id}"); |
59
|
|
|
} |
60
|
|
|
|
61
|
|
|
return false; |
62
|
|
|
} |
63
|
|
|
|