Passed
Push — master ( c0a3a7...3b84a4 )
by Jeroen
58:51
created

mod/web_services/lib/api_user.php (1 issue)

1
<?php
2
/**
3
 * A library for managing users of the web services API
4
 */
5
6
// API key functions /////////////////////////////////////////////////////////////////////
7
8
/**
9
 * Generate a new API user for a site, returning a new keypair on success.
10
 *
11
 * @return stdClass object or false
12
 */
13
function create_api_user() {
14
	$dbprefix = elgg_get_config('dbprefix');
15
	$public = _elgg_services()->crypto->getRandomString(40, ElggCrypto::CHARS_HEX);
16
	$secret = _elgg_services()->crypto->getRandomString(40, ElggCrypto::CHARS_HEX);
17
18
	$insert = insert_data("INSERT into {$dbprefix}api_users
19
		(api_key, secret) values
20
		('$public', '$secret')");
21
22
	if ($insert) {
23
		return get_api_user($public);
24
	}
25
26
	return false;
27
}
28
29
/**
30
 * Find an API User's details based on the provided public api key.
31
 * These users are not users in the traditional sense.
32
 *
33
 * @param string $api_key The API Key
34
 *
35
 * @return mixed stdClass representing the database row or false.
36
 */
37
function get_api_user($api_key) {
38 1
	$dbprefix = elgg_get_config('dbprefix');
39 1
	$api_key = sanitise_string($api_key);
0 ignored issues
show
Deprecated Code introduced by
The function sanitise_string() has been deprecated: Use query parameters where possible ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-deprecated  annotation

39
	$api_key = /** @scrutinizer ignore-deprecated */ sanitise_string($api_key);

This function has been deprecated. The supplier of the function has supplied an explanatory message.

The explanatory message should give you some clue as to whether and when the function will be removed and what other function to use instead.

Loading history...
40
41 1
	$query = "SELECT * from {$dbprefix}api_users"
42 1
	. " where api_key='$api_key' and active=1";
43
44 1
	return get_data_row($query);
45
}
46
47
/**
48
 * Revoke an api user key.
49
 *
50
 * @param string $api_key The API Key (public).
51
 *
52
 * @return bool
53
 */
54
function remove_api_user($api_key) {
55
	$dbprefix = elgg_get_config('dbprefix');
56
	$keypair = get_api_user($api_key);
57
	if ($keypair) {
58
		return delete_data("DELETE from {$dbprefix}api_users where id={$keypair->id}");
59
	}
60
61
	return false;
62
}
63