コード例 #1
0
 /**
  * @param keyToTest - an API key which will be checked to see if it is already registered in the system.
  * @return bool - true if 'keyToTest' is a registered API key in the system, false if 'keyToTest' is NOT registered.
  */
 protected static function keyExists($keyToTest)
 {
     wfProfileIn(__METHOD__);
     $keyExists = false;
     $queryString = "SELECT count(*) FROM " . ApiGate::TABLE_KEYS . " WHERE apiKey='" . mysql_real_escape_string($keyToTest) . "'";
     $numKeys = ApiGate::simpleQuery($queryString);
     $keyExists = $numKeys > 0;
     wfProfileOut(__METHOD__);
     return $keyExists;
 }
コード例 #2
0
 /**
  * If the form in the 'key' template was posted, this will process it and apply any updates.
  *
  * @return string - a string containing any errors that occurred while trying to update the key info.
  */
 public static function processPost()
 {
     $errorString = "";
     if (ApiGate::getPost('formName') == "apiGate_apiKey_updateKeyInfo") {
         $apiKey = ApiGate::getPost('apiKey');
         $apiKeyObject = ApiGate_ApiKey::newFromDb($apiKey);
         if (is_object($apiKeyObject)) {
             if ($apiKeyObject->canBeEditedByCurrentUser()) {
                 $nickName = ApiGate::getPost('nickName');
                 $firstName = ApiGate::getPost('firstName');
                 $lastName = ApiGate::getPost('lastName');
                 $email_1 = ApiGate::getPost('email_1');
                 $email_2 = ApiGate::getPost('email_2');
                 // Validate input (same business logic as ApiGate_Register::processPost()).
                 global $API_GATE_DIR;
                 include_once "{$API_GATE_DIR}/ApiGate_Register.class.php";
                 $errorString = ApiGate_Register::validateNameAndEmail($firstName, $lastName, $email_1, $email_2, $errorString);
                 // If there were no errors, update the key info in the database.
                 if ($errorString == "") {
                     $dbw = ApiGate_Config::getMasterDb();
                     $queryString = "UPDATE " . ApiGate::TABLE_KEYS . " SET ";
                     $queryString .= "nickName='" . mysql_real_escape_string($nickName, $dbw) . "'";
                     $queryString .= ", firstName='" . mysql_real_escape_string($firstName, $dbw) . "'";
                     $queryString .= ", lastName='" . mysql_real_escape_string($lastName, $dbw) . "'";
                     $queryString .= ", email='" . mysql_real_escape_string($email_1, $dbw) . "'";
                     // If this is an admin, also allow changing of the enabled/disabled field from this form.
                     if (ApiGate_Config::isAdmin()) {
                         $enabled = intval(ApiGate::getPost('enabled'));
                         $setToEnabled = $enabled !== 0;
                         // If there was a change, update the log and apply it.
                         if ($setToEnabled != $apiKeyObject->isEnabled()) {
                             $queryString .= ", enabled='{$enabled}'";
                             $reason = ApiGate::getPost('reason');
                             $logQuery = "INSERT INTO " . ApiGate::TABLE_BANLOG . " (apiKey, action, username, reason) VALUES (";
                             $logQuery .= "'" . $apiKeyObject->getApiKeySqlSafe() . "'";
                             $logQuery .= ", '" . ($setToEnabled ? "enabled" : "disabled") . "'";
                             $logQuery .= ", '" . mysql_real_escape_string(ApiGate_Config::getUsername(), $dbw) . "'";
                             $logQuery .= ", 'MANUAL CHANGE: " . mysql_real_escape_string($reason, $dbw) . "'";
                             $logQuery .= ")";
                             ApiGate::sendQuery($logQuery);
                             // Purge the remote cache of this key's validity (for example, Fastly's cached call to check if the key is allowed to access the API).
                             ApiGate::purgeKey($apiKey);
                         }
                     }
                     $queryString .= " WHERE apiKey='{$apiKeyObject->getApiKeySqlSafe()}'";
                     if (ApiGate::sendQuery($queryString)) {
                         ApiGate::sendQuery("COMMIT");
                         // MediaWiki was randomly not saving some rows without this (the registration queries, so I'm assuming it's the same everywhere).
                     } else {
                         $errorString .= "\n" . i18n('apigate-register-error-mysql_error');
                         $errorString .= "\n<br/><br/>" . mysql_error($dbw);
                     }
                 }
             } else {
                 $errorString .= ApiGate::getErrorHtml(i18n('apigate-error-keyaccess-denied', $apiKey));
             }
         } else {
             // NOTE: This message which says essentially "not found or you don't have access" is intentionally vauge.
             // If we had access-denied and key-not-found be different errors, attackers could just iterate through a bunch of possibilities
             // until they found a key that exists & then they could spoof as being that app.
             $errorString .= ApiGate::getErrorHtml(i18n('apigate-error-keyaccess-denied', $apiKey));
         }
     }
     return $errorString;
 }
コード例 #3
0
 /**
  * The user link only makes sense for users with an API key (with one exception: we'll make it show up for ALL users while they're on the Wikia API wiki).
  *
  * @return bool - true if the currently logged in user should see the link to API Gate in their user-links on this page.
  */
 public static function shouldShowUserLink()
 {
     global $wgCityId, $wgUser;
     global $WIKIA_CITYID_APIWIKI;
     wfProfileIn(__METHOD__);
     $showLink = false;
     if ($wgCityId == $WIKIA_CITYID_APIWIKI) {
         $showLink = true;
     } else {
         $apiKeys = ApiGate::getKeysByUserId($wgUser->getId());
         if (count($apiKeys) > 0) {
             $showLink = true;
         }
     }
     wfProfileOut(__METHOD__);
     return $showLink;
 }
コード例 #4
0
ファイル: ApiGate.class.php プロジェクト: Tjorriemorrie/app
 /**
  * Prints the provided error string inside of some standard HTML for errors in the system.
  */
 public static function printError($errorString)
 {
     print ApiGate::getErrorHtml($errorString);
 }