Business/TaskFloor
2
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Allow API key to be used instead of password for API

Browse Source
This commit is contained in:
Skylar Ittner 2017-12-20 17:46:02 -07:00
parent a41eea4cff
commit 432cf39b8c
2 changed files with 29 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
api.php
View File

@ -19,7 +19,7 @@ header("Content-Type: application/json");
$username = $VARS['username']; $username = $VARS['username'];
$password = $VARS['password']; $password = $VARS['password'];
if (user_exists($username) !== true || authenticate_user($username, $password, $errmsg) !== true) { if (user_exists($username) !== true || (authenticate_user($username, $password, $errmsg) !== true && checkAPIKey($password) !== true)) {
header("HTTP/1.1 403 Unauthorized"); header("HTTP/1.1 403 Unauthorized");
die("\"403 Unauthorized\""); die("\"403 Unauthorized\"");
} }

28
lib/login.php
View File

@ -40,6 +40,34 @@ function checkLoginServer() {
} }
} }
/**
* Checks if the given AccountHub API key is valid by attempting to
* access the API with it.
* @param String $key The API key to check
* @return boolean TRUE if the key is valid, FALSE if invalid or something went wrong
*/
function checkAPIKey($key) {
try {
$client = new GuzzleHttp\Client();
$response = $client
->request('POST', PORTAL_API, [
'form_params' => [
'key' => $key,
'action' => "ping"
]
]);
if ($response->getStatusCode() === 200) {
return true;
}
return false;
} catch (Exception $e) {
return false;
}
}
//////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////////
// Account handling // // Account handling //
//////////////////////////////////////////////////////////////////////////////// ////////////////////////////////////////////////////////////////////////////////