/** * Validate the current user. * * @access private * @since 1.4 * @return void */ private function validate_user() { $endpoints = $this->define_endpoints(); $endpoint = trailingslashit(str_replace('/' . $this->namespace, '', $this->request->get_route())); if (array_key_exists('require_auth', $endpoints[$endpoint]) && false === $endpoints[$endpoint]['require_auth']) { $this->is_valid_user = true; } elseif (empty($this->request['api_key']) || empty($this->request['token'])) { $this->missing_auth(); } elseif (!($user = $this->get_user())) { $this->invalid_key(); } else { $public = $this->request->get_param('api_key'); $token = $this->request->get_param('token'); $secret = $this->get_user_secret_key($user); if (hash_equals(md5($secret . $public), $token)) { $this->is_valid_user = true; } else { $this->invalid_auth(); } } }