private function authenticate($params)
{
//check if all the params are supplied
$valid_params = isset($params->UUID) && isset($params->MAC);
if (!$valid_params) {
return HTTP::response('400');
}
//validate the user
$sql = "SELECT id\n FROM presence_users pu\n WHERE pu.UUID = ? AND pu.mac = ?";
$user = DB::getRecord($sql, array(sha1($params->UUID), sha1($params->MAC)));
//check if we obtained a numeric id
if (!$user || !is_int((int) $user->id)) {
return HTTP::response('401');
}
//check if the user does not have a token already
$old_token = $this->get_token($user->id);
if ($old_token) {
API::response($old_token);
}
//generate the token
$auth = new stdClass();
$auth->userid = $user->id;
$auth->token = sha1(time() * rand());
$auth->timeexpires = time() + 24 * 60 * 60;
$auth_response = DB::putRecord('presence_auth', $auth);
if ($auth_response) {
unset($auth->userid);
API::response($auth);
}
}
private function validate_token($token)
{
$sql = "SELECT id\n FROM presence_auth pa\n WHERE pa.token = ?\n AND pa.timeexpires > ?";
$response = DB::getRecord($sql, array($token, time()));
if (!$response) {
HTTP::response('401');
}
//set the request token
$this->_token = $token;
}
/**
* Release a lock
*/
public function unlock()
{
$key = filter_input(INPUT_GET, 'key');
if (empty($key)) {
throw new Exception("No key argument specified");
}
list($key, $check) = explode(':', $key, 2) + array(1 => null);
$lock = 'nbd-cms.lock.' . $key;
$info = apc_fetch($lock);
if (empty($info)) {
HTTP::response(204);
echo "Lock does not exist";
exit;
}
if ($info['check'] != $check) {
HTTP::response(423);
//locked
echo "Invalid token: You do not own that lock.";
exit;
}
apc_delete($lock);
echo 1;
}
});
// create the DB connection
DB::setUp($CONFIG);
// validate and respond to the request
$method = $_SERVER['REQUEST_METHOD'];
$url = isset($_GET['url']) ? $_GET['url'] : null;
switch ($method) {
case 'GET':
$params = (object) $_GET;
break;
case 'POST':
$params = (object) $_POST;
break;
default:
HTTP::response('405');
//Method Not Allowed
}
$url_fragments = explode('/', trim($url, '/'));
if (count($url_fragments) != 3) {
HTTP::response('400');
//Bad Request
}
//format of the response
$format = $url_fragments[0];
//resource
$resource = $url_fragments[1];
//action to be made on the resource
$action = $url_fragments[2];
//check if the required format is implemented and if the resource exists
is_dir(ROOT . '/api/' . $format) && class_exists(ucfirst($resource)) ? new $resource($action, $params) : HTTP::response('400');
//Bad Request
