private function authenticate($params) { //check if all the params are supplied $valid_params = isset($params->UUID) && isset($params->MAC); if (!$valid_params) { return HTTP::response('400'); } //validate the user $sql = "SELECT id\n FROM presence_users pu\n WHERE pu.UUID = ? AND pu.mac = ?"; $user = DB::getRecord($sql, array(sha1($params->UUID), sha1($params->MAC))); //check if we obtained a numeric id if (!$user || !is_int((int) $user->id)) { return HTTP::response('401'); } //check if the user does not have a token already $old_token = $this->get_token($user->id); if ($old_token) { API::response($old_token); } //generate the token $auth = new stdClass(); $auth->userid = $user->id; $auth->token = sha1(time() * rand()); $auth->timeexpires = time() + 24 * 60 * 60; $auth_response = DB::putRecord('presence_auth', $auth); if ($auth_response) { unset($auth->userid); API::response($auth); } }
private function validate_token($token) { $sql = "SELECT id\n FROM presence_auth pa\n WHERE pa.token = ?\n AND pa.timeexpires > ?"; $response = DB::getRecord($sql, array($token, time())); if (!$response) { HTTP::response('401'); } //set the request token $this->_token = $token; }
/** * Release a lock */ public function unlock() { $key = filter_input(INPUT_GET, 'key'); if (empty($key)) { throw new Exception("No key argument specified"); } list($key, $check) = explode(':', $key, 2) + array(1 => null); $lock = 'nbd-cms.lock.' . $key; $info = apc_fetch($lock); if (empty($info)) { HTTP::response(204); echo "Lock does not exist"; exit; } if ($info['check'] != $check) { HTTP::response(423); //locked echo "Invalid token: You do not own that lock."; exit; } apc_delete($lock); echo 1; }
}); // create the DB connection DB::setUp($CONFIG); // validate and respond to the request $method = $_SERVER['REQUEST_METHOD']; $url = isset($_GET['url']) ? $_GET['url'] : null; switch ($method) { case 'GET': $params = (object) $_GET; break; case 'POST': $params = (object) $_POST; break; default: HTTP::response('405'); //Method Not Allowed } $url_fragments = explode('/', trim($url, '/')); if (count($url_fragments) != 3) { HTTP::response('400'); //Bad Request } //format of the response $format = $url_fragments[0]; //resource $resource = $url_fragments[1]; //action to be made on the resource $action = $url_fragments[2]; //check if the required format is implemented and if the resource exists is_dir(ROOT . '/api/' . $format) && class_exists(ucfirst($resource)) ? new $resource($action, $params) : HTTP::response('400'); //Bad Request