1 | <?php |
||
2 | /** |
||
3 | * A library for managing users of the web services API |
||
4 | */ |
||
5 | |||
6 | // API key functions ///////////////////////////////////////////////////////////////////// |
||
7 | |||
8 | /** |
||
9 | * Generate a new API user for a site, returning a new keypair on success. |
||
10 | * |
||
11 | * @return stdClass object or false |
||
12 | */ |
||
13 | function create_api_user() { |
||
14 | $dbprefix = elgg_get_config('dbprefix'); |
||
15 | $public = _elgg_services()->crypto->getRandomString(40, ElggCrypto::CHARS_HEX); |
||
16 | $secret = _elgg_services()->crypto->getRandomString(40, ElggCrypto::CHARS_HEX); |
||
17 | |||
18 | $insert = insert_data("INSERT into {$dbprefix}api_users |
||
19 | (api_key, secret) values |
||
20 | ('$public', '$secret')"); |
||
21 | |||
22 | if ($insert) { |
||
23 | return get_api_user($public); |
||
24 | } |
||
25 | |||
26 | return false; |
||
27 | } |
||
28 | |||
29 | /** |
||
30 | * Find an API User's details based on the provided public api key. |
||
31 | * These users are not users in the traditional sense. |
||
32 | * |
||
33 | * @param string $api_key The API Key |
||
34 | * |
||
35 | * @return mixed stdClass representing the database row or false. |
||
36 | */ |
||
37 | function get_api_user($api_key) { |
||
38 | 1 | $dbprefix = elgg_get_config('dbprefix'); |
|
39 | 1 | $api_key = sanitise_string($api_key); |
|
40 | |||
41 | 1 | $query = "SELECT * from {$dbprefix}api_users" |
|
42 | 1 | . " where api_key='$api_key' and active=1"; |
|
43 | |||
44 | 1 | return get_data_row($query); |
|
45 | } |
||
46 | |||
47 | /** |
||
48 | * Revoke an api user key. |
||
49 | * |
||
50 | * @param string $api_key The API Key (public). |
||
51 | * |
||
52 | * @return bool |
||
53 | */ |
||
54 | function remove_api_user($api_key) { |
||
55 | $dbprefix = elgg_get_config('dbprefix'); |
||
56 | $keypair = get_api_user($api_key); |
||
57 | if ($keypair) { |
||
0 ignored issues
–
show
|
|||
58 | return delete_data("DELETE from {$dbprefix}api_users where id={$keypair->id}"); |
||
59 | } |
||
60 | |||
61 | return false; |
||
62 | } |
||
63 |
This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent.
Consider making the comparison explicit by using
empty(..)
or! empty(...)
instead.