1 | <?php |
||||
2 | /** |
||||
3 | * A library for managing users of the web services API |
||||
4 | */ |
||||
5 | |||||
6 | // API key functions ///////////////////////////////////////////////////////////////////// |
||||
7 | |||||
8 | /** |
||||
9 | * Generate a new API user for a site, returning a new keypair on success. |
||||
10 | * |
||||
11 | * @return stdClass object or false |
||||
12 | */ |
||||
13 | function create_api_user() { |
||||
14 | $dbprefix = elgg_get_config('dbprefix'); |
||||
15 | $public = _elgg_services()->crypto->getRandomString(40, ElggCrypto::CHARS_HEX); |
||||
16 | $secret = _elgg_services()->crypto->getRandomString(40, ElggCrypto::CHARS_HEX); |
||||
17 | |||||
18 | $insert = insert_data("INSERT into {$dbprefix}api_users |
||||
19 | (api_key, secret) values |
||||
20 | ('$public', '$secret')"); |
||||
21 | |||||
22 | if ($insert) { |
||||
23 | return get_api_user($public); |
||||
0 ignored issues
–
show
Bug
Best Practice
introduced
by
Loading history...
|
|||||
24 | } |
||||
25 | |||||
26 | return false; |
||||
0 ignored issues
–
show
|
|||||
27 | } |
||||
28 | |||||
29 | /** |
||||
30 | * Find an API User's details based on the provided public api key. |
||||
31 | * These users are not users in the traditional sense. |
||||
32 | * |
||||
33 | * @param string $api_key The API Key |
||||
34 | * |
||||
35 | * @return mixed stdClass representing the database row or false. |
||||
36 | */ |
||||
37 | function get_api_user($api_key) { |
||||
38 | 1 | $dbprefix = elgg_get_config('dbprefix'); |
|||
39 | 1 | $api_key = sanitise_string($api_key); |
|||
0 ignored issues
–
show
The function
sanitise_string() has been deprecated: Use query parameters where possible
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
This function has been deprecated. The supplier of the function has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.
Loading history...
|
|||||
40 | |||||
41 | 1 | $query = "SELECT * from {$dbprefix}api_users" |
|||
42 | 1 | . " where api_key='$api_key' and active=1"; |
|||
43 | |||||
44 | 1 | return get_data_row($query); |
|||
45 | } |
||||
46 | |||||
47 | /** |
||||
48 | * Revoke an api user key. |
||||
49 | * |
||||
50 | * @param string $api_key The API Key (public). |
||||
51 | * |
||||
52 | * @return bool |
||||
53 | */ |
||||
54 | function remove_api_user($api_key) { |
||||
55 | $dbprefix = elgg_get_config('dbprefix'); |
||||
56 | $keypair = get_api_user($api_key); |
||||
57 | if ($keypair) { |
||||
0 ignored issues
–
show
The expression
$keypair of type array is implicitly converted to a boolean; are you sure this is intended? If so, consider using ! empty($expr) instead to make it clear that you intend to check for an array without elements.
This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using
Loading history...
|
|||||
58 | return delete_data("DELETE from {$dbprefix}api_users where id={$keypair->id}"); |
||||
59 | } |
||||
60 | |||||
61 | return false; |
||||
62 | } |
||||
63 |