/** * Displays the page with key information and statistics (one tab each). */ public function subpage_key($apiKey) { wfProfileIn(__METHOD__); $apiKeyObject = ApiGate_ApiKey::newFromDb($apiKey); $html = ""; ob_start(); if (is_object($apiKeyObject)) { // Determine if the current user can view this key (they must either own it or be an ApiGate admin). if ($apiKeyObject->canBeViewedByCurrentUser()) { $useTwoColLayout = false; // use full width so that the charts fit // Use standard tabs (from UI Style Guide) ?> <ul class="tabs"> <li class="selected" data-tab="apiGate_keyInfo"><a><?php echo wfMsg('apigate-tab-keyinfo'); ?> </a></li> <li data-tab="apiGate_keyStats"><a><?php echo wfMsg('apigate-tab-keystats'); ?> </a></li> </ul> <div id="apiGate_keyInfo" data-tab-body="apiGate_keyInfo" class="tabBody selected"> <?php echo $this->subpage_keyInfo($apiKeyObject); ?> </div> <div id="apiGate_keyStats" data-tab-body="apiGate_keyStats" class="tabBody"> <?php echo $this->subpage_keyStats($apiKey); ?> </div><!-- end apiGate_keyStats --> <?php } else { ApiGate::printError(i18n('apigate-error-keyaccess-denied', $apiKey)); } } else { // NOTE: This message which says essentially "not found or you don't have access" is intentionally vauge. // If we had access-denied and key-not-found be different errors, attackers could just iterate through a bunch of possibilities // until they found a key that exists & then they could spoof as being that app. ApiGate::printError(i18n('apigate-error-keyaccess-denied', $apiKey)); } $html .= ob_get_clean(); wfProfileOut(__METHOD__); return $html; }
/** * Prints a mysql error. */ public static function queryError($queryString, $db, $returnAsString = false) { $errorString = i18n('apigate-mysql-error', $queryString, mysql_error($db)); if ($returnAsString) { return ApiGate::getErrorHtml($errorString); } else { ApiGate::printError($errorString); } }