Passed
Push — master ( c0a3a7...3b84a4 )
by Jeroen
58:51
created

mod/web_services/lib/api_user.php (3 issues)

1
<?php
2
/**
3
 * A library for managing users of the web services API
4
 */
5
6
// API key functions /////////////////////////////////////////////////////////////////////
7
8
/**
9
 * Generate a new API user for a site, returning a new keypair on success.
10
 *
11
 * @return stdClass object or false
12
 */
13
function create_api_user() {
14
	$dbprefix = elgg_get_config('dbprefix');
15
	$public = _elgg_services()->crypto->getRandomString(40, ElggCrypto::CHARS_HEX);
16
	$secret = _elgg_services()->crypto->getRandomString(40, ElggCrypto::CHARS_HEX);
17
18
	$insert = insert_data("INSERT into {$dbprefix}api_users
19
		(api_key, secret) values
20
		('$public', '$secret')");
21
22
	if ($insert) {
23
		return get_api_user($public);
24
	}
25
26
	return false;
0 ignored issues
show
Bug Best Practice introduced by Cash Costello
The expression return false returns the type false which is incompatible with the documented return type stdClass.
Loading history...
27
}
28
29
/**
30
 * Find an API User's details based on the provided public api key.
31
 * These users are not users in the traditional sense.
32
 *
33
 * @param string $api_key The API Key
34
 *
35
 * @return mixed stdClass representing the database row or false.
36
 */
37
function get_api_user($api_key) {
38 1
	$dbprefix = elgg_get_config('dbprefix');
39 1
	$api_key = sanitise_string($api_key);
0 ignored issues
show
Deprecated Code introduced by Cash Costello
The function sanitise_string() has been deprecated: Use query parameters where possible ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-deprecated  annotation

39
	$api_key = /** @scrutinizer ignore-deprecated */ sanitise_string($api_key);

This function has been deprecated. The supplier of the function has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.

Loading history...
40
41 1
	$query = "SELECT * from {$dbprefix}api_users"
42 1
	. " where api_key='$api_key' and active=1";
43
44 1
	return get_data_row($query);
45
}
46
47
/**
48
 * Revoke an api user key.
49
 *
50
 * @param string $api_key The API Key (public).
51
 *
52
 * @return bool
53
 */
54
function remove_api_user($api_key) {
55
	$dbprefix = elgg_get_config('dbprefix');
56
	$keypair = get_api_user($api_key);
57
	if ($keypair) {
0 ignored issues
show
Bug Best Practice introduced by Cash Costello
The expression $keypair of type array is implicitly converted to a boolean; are you sure this is intended? If so, consider using ! empty($expr) instead to make it clear that you intend to check for an array without elements.

This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent.

Consider making the comparison explicit by using empty(..) or ! empty(...) instead.

Loading history...
58
		return delete_data("DELETE from {$dbprefix}api_users where id={$keypair->id}");
59
	}
60
61
	return false;
62
}
63