Passed
Push — master ( c0a3a7...3b84a4 )
by Jeroen
58:51
created

mod/web_services/lib/api_user.php (1 issue)

1
<?php
2
/**
3
 * A library for managing users of the web services API
4
 */
5
6
// API key functions /////////////////////////////////////////////////////////////////////
7
8
/**
9
 * Generate a new API user for a site, returning a new keypair on success.
10
 *
11
 * @return stdClass object or false
12
 */
13
function create_api_user() {
14
	$dbprefix = elgg_get_config('dbprefix');
15
	$public = _elgg_services()->crypto->getRandomString(40, ElggCrypto::CHARS_HEX);
16
	$secret = _elgg_services()->crypto->getRandomString(40, ElggCrypto::CHARS_HEX);
17
18
	$insert = insert_data("INSERT into {$dbprefix}api_users
19
		(api_key, secret) values
20
		('$public', '$secret')");
21
22
	if ($insert) {
23
		return get_api_user($public);
0 ignored issues
show
Bug Best Practice introduced by
The expression return get_api_user($public) returns the type array which is incompatible with the documented return type stdClass.
Loading history...
24
	}
25
26
	return false;
27
}
28
29
/**
30
 * Find an API User's details based on the provided public api key.
31
 * These users are not users in the traditional sense.
32
 *
33
 * @param string $api_key The API Key
34
 *
35
 * @return mixed stdClass representing the database row or false.
36
 */
37
function get_api_user($api_key) {
38 1
	$dbprefix = elgg_get_config('dbprefix');
39 1
	$api_key = sanitise_string($api_key);
40
41 1
	$query = "SELECT * from {$dbprefix}api_users"
42 1
	. " where api_key='$api_key' and active=1";
43
44 1
	return get_data_row($query);
45
}
46
47
/**
48
 * Revoke an api user key.
49
 *
50
 * @param string $api_key The API Key (public).
51
 *
52
 * @return bool
53
 */
54
function remove_api_user($api_key) {
55
	$dbprefix = elgg_get_config('dbprefix');
56
	$keypair = get_api_user($api_key);
57
	if ($keypair) {
58
		return delete_data("DELETE from {$dbprefix}api_users where id={$keypair->id}");
59
	}
60
61
	return false;
62
}
63