function updateDBConnection(DB_Connection $conn) { global $config_db, $user; if ($conn->validateKey()) { if (checkDBConnectionTable()) { $sql = "UPDATE db_connections SET " . "Name = '" . $conn->getName() . "', " . "Desc = '" . $conn->getDesc() . "', " . "Server = '" . $conn->getServer() . "', " . "User = '******', " . "Password = '******', " . "Schema = '" . $conn->getSchema() . "', " . "Type = " . $conn->getType() . ", " . "updateDate = '" . date("Y-m-d") . "', " . "updatedBy = '" . $user->getEmail() . "'" . " WHERE id = " . $conn->getID(); // Execute SQL $config_db->exec($sql); // Reload Database Connections loadDBConnections(); } } }
/** * Function to test API Keys against Users * @global API_Settings $api * @param string $api_key * @return boolean */ function testAPIKey($api_key) { global $api, $db_conn; // Check if we need to test the API Key if ($api->getUseAPIKey() == false) { return true; } // Process 'public' as API Key if (strtolower($api_key) == 'public') { return true; } // Get Connection Details $conn = new DB_Connection(); $set = false; foreach ($db_conn as $conn) { if (strtolower($conn->getName()) == strtolower($api->getAPIKeyConnection())) { $set = true; break; } } // Error message if $conn is not set if ($set != true) { die("Cannot find the connection '{$api->getAPIKeyConnection()}'"); } // Validate API Key $_sql = "select {$api->getAPIKeyField()} " . "from {$conn->getSchema(false)}.{$api->getAPIKeyTable()} " . "where {$api->getAPIKeyField()} = '{$api_key}'"; try { switch ($conn->getType()) { case 0: // SQLite $_db = new PDO("sqlite:" . $conn->getServer(false)); $_sql = "select {$api->getAPIKeyField()} " . "from {$api->getAPIKeyTable()} " . "where {$api->getAPIKeyField()} = '{$api_key}'"; break; case 1: // MySQL $_db = new PDO("mysql:host=" . $conn->getServer(false) . ";dbname=" . $conn->getSchema(false), $conn->getUser(false), $conn->getPassword(false)); break; case 2: // PostgreSQL $_db = new PDO("pgsql:host=" . $conn->getServer(false) . ";dbname=" . $conn->getSchema(false), $conn->getUser(false), $conn->getPassword(false)); break; case 3: // Oracle $_db = new PDO("oci:dbname=" . $conn->getServer(false), $conn->getUser(false), $password); break; case 4: // Microsoft SQL $_db = new PDO("sqlsrv:Server=" . $conn->getServer(false) . ";Database=" . $conn->getSchema(false), $conn->getUser(false), $conn->getPassword(false)); break; } $_db->setAttribute(PDO::ATTR_ERRMODE, PDO::ERRMODE_EXCEPTION); // Get Response $dbRes = $_db->query($_sql); $iRes = 0; foreach ($dbRes as $row) { // Check API Key Again (incase someone used a wildcard) // We are only checking the first record because it should be correct if ($api_key == $row[0] && $iRes == 0) { return true; } $iRes++; break; } } catch (PDOException $ex) { showMessage($_sql); // Print PDOException message $res = $ex->getMessage(); showMessage($res); } return false; }