function check_key_validity($key) { #this function temporarily opens db, which SHOULD NOT LEAVE THIS FUNCTION! #it is only used to authenticate the key $db = CreateObject('s3dbapi.db'); $db->Halt_On_Error = 'no'; $db->Host = $GLOBALS['s3db_info']['server']['db']['db_host']; $db->Type = $GLOBALS['s3db_info']['server']['db']['db_type']; $db->Database = $GLOBALS['s3db_info']['server']['db']['db_name']; $db->User = $GLOBALS['s3db_info']['server']['db']['db_user']; $db->Password = $GLOBALS['s3db_info']['server']['db']['db_pass']; $db->connect(); $sql = "select * from s3db_access_keys where key_id='" . $key . "' and expires>='" . date('Y-m-d H:i:s') . "'"; #echo $sql; $db->query($sql, __LINE__, __FILE__); if ($db->next_record()) { $account_id = $db->f('account_id'); #find the account_uname $sql = "select account_lid from s3db_account where account_id = '" . $account_id . "'"; $db->query($sql, __LINE__, __FILE__); if ($db->next_record()) { $username = $db->f('account_lid'); } $sql = "insert into s3db_access_log (login_timestamp, session_id, login_id, ip) values(now(), 'key:" . $key . "','" . $username . "','" . $_SERVER['REMOTE_ADDR'] . "')"; $db->query($sql, __LINE__, __FILE__); delete_expired_keys($date, $db); return True; } else { return False; } }
function authenticate_remote_user($key, $url) { #URL contains info on user in the last part of the path. (for example: URL=https://ibl.mdanderson.org/s3db/U4) #$user_id_info = uid($url); $user_id_info = uid_resolve($url); if (ereg_replace('^D', '', $user_id_info['Did']) == ereg_replace('^D', '', $GLOBALS['s3db_info']['deployment']['Did'])) { #same uri as local, authentication failed return 1; exit; } $db = CreateObject('s3dbapi.db'); $db->Halt_On_Error = 'no'; $db->Host = $GLOBALS['s3db_info']['server']['db']['db_host']; $db->Type = $GLOBALS['s3db_info']['server']['db']['db_type']; $db->Database = $GLOBALS['s3db_info']['server']['db']['db_name']; $db->User = $GLOBALS['s3db_info']['server']['db']['db_user']; $db->Password = $GLOBALS['s3db_info']['server']['db']['db_pass']; $db->connect(); #Find URL list($did_url) = DidURL($user_id_info, $db); if (!$did_url) { return 4; exit; } #Validate User in remote; ##This is done by calling the apifunction keyCheck, which requires a key and a user_id; $call1 = $did_url . 'keyCheck.php?key=' . $key . '&user_id=' . $user_id_info['uid'] . '&format=php'; $tmpKC = @fopen($call1, 'r'); if (!$tmpKC) { return 4; exit; } $keyValidated = stream_get_contents($tmpKC); $keyValidated = unserialize($keyValidated); $keyValidated = $keyValidated[0]; if ($keyValidated['error_code'] == 0) { #User was validated with uid associated with remote deployment; These users cannot write anything is this deployment and their permissions are limited to the resources they were granted permission on. A filter is implemented that can be changed by the creator (Remote) insert_access_log(array('user_id' => $user_id_info['condensed'], 'db' => $db)); ##Temporarily copy the key for this user $I = array('key_id' => $key, 'account_id' => $user_id_info['condensed'], 'expires' => date('Y-m-d H:i:s', time() + 1 * 60 * 60), 'notes' => 'Key for remote user created automatically by the API. Expires in 1 hour.'); add_entry('access_keys', $I, $db); delete_expired_keys($date, $db); return 0; exit; } else { return 1; exit; } }