Example #1
0
/**
 * Verify API user authentication. If invalid terminate execution.
 * @since 2.2.0
 * @version 2.2.0
 * @param string $user Username passed to the API via URL argument
 * @param string $key API Key passed to the API via URL argument
 * @return void
 */
function api_user_authenticate($user = '', $key = '')
{
    global $hc_cfg;
    $valid = 0;
    $api_users = array();
    if (!isset($user) || !isset($key)) {
        return api_error(2);
    }
    if ($hc_cfg[128] == 2) {
        $api_users_age = apc_exists(HC_APCPrefix . 'users_age') ? apc_fetch(HC_APCPrefix . 'users_age') : 0;
        if (apc_exists(HC_APCPrefix . 'users')) {
            $api_users = apc_fetch(HC_APCPrefix . 'users');
        }
        if ($api_users_age <= date("U") && count($api_users) > 0) {
            apc_user_write_cache($api_users);
            $api_users = array();
        }
        if (array_key_exists($key, $api_users) && $api_users[$key][1] == $user) {
            ++$api_users[$key][0];
            $count = $api_users[$key];
            unset($api_users[$key]);
            $api_users[$key] = $count;
            $valid = 1;
        } else {
            $result = doQuery("SELECT PkID, NetworkName, APIKey FROM " . HC_TblPrefix . "users WHERE NetworkName = '" . cIn($user) . "' AND APIKey = '" . cIn($key) . "' AND APIAccess = 1 AND IsBanned = 0");
            if (hasRows($result)) {
                $api_users[mysql_result($result, 0, 2)][0] = '1';
                $api_users[mysql_result($result, 0, 2)][1] = mysql_result($result, 0, 1);
                $valid = 1;
            }
        }
        if (count($api_users) > $hc_cfg[130]) {
            $user_keys = array_keys($api_users);
            $remove = array_shift($user_keys);
            $store_cnt = $api_users[$remove][0];
            $store_user = $api_users[$remove][1];
            doQuery("UPDATE " . HC_TblPrefix . "users SET APICnt = (APICnt + '" . cIn($store_cnt) . "') WHERE APIKey = '" . cIn($remove) . "' AND NetworkName = '" . cIn($store_user) . "'");
            array_shift($api_users);
        }
        apc_store(HC_APCPrefix . 'users', $api_users);
    } else {
        $result = doQuery("SELECT PkID, NetworkName, APIKey FROM " . HC_TblPrefix . "users WHERE NetworkName = '" . cIn($user) . "' AND APIKey = '" . cIn($key) . "' AND APIAccess = 1 AND IsBanned = 0");
        if (hasRows($result)) {
            $valid = 1;
            doQuery("UPDATE " . HC_TblPrefix . "users SET APICnt = (APICnt + 1) WHERE APIKey = '" . cIn($key) . "' AND NetworkName = '" . cIn($user) . "'");
        }
    }
    if ($valid == 0) {
        return api_error(2);
    } else {
        return null;
    }
}
Example #2
0
/**
 * Delete cache files. Filters for filenames starting with a period. Generates redirect index.html file to prevent cache directory browsing.
 * @since 2.0.0
 * @version 2.0.0
 * @return void
 */
function clearCache()
{
    global $hc_cfg;
    foreach (glob(HCPATH . '/cache/*') as $filename) {
        if (substr(basename($filename), 0, 1) != '.') {
            unlink($filename);
        }
    }
    $fp = fopen(HCPATH . '/cache/index.html', 'w');
    fwrite($fp, "<html><head><title></title><META HTTP-EQUIV=\"Refresh\" CONTENT=\"0; URL=../\"></head><body></body></html>");
    fclose($fp);
    if (function_exists('apc_clear_cache') && $hc_cfg[128] == 2) {
        $api_users = apc_exists(HC_APCPrefix . 'users') ? apc_fetch(HC_APCPrefix . 'users') : array();
        apc_user_write_cache($api_users);
        $iterator = new APCIterator('user', NULL, APC_ITER_KEY);
        foreach ($iterator as $key => $data) {
            if (preg_match('/^' . HC_APCPrefix . '/', $key)) {
                apc_delete($key);
            }
        }
    }
}