Exemplo n.º 1
0
        $statusMsg = i18n('apigate-keyinfo-status-enabled');
    } else {
        $statusClass = "disabled";
        $statusMsg = i18n('apigate-keyinfo-status-disabled');
    }
    $statusHtml = "<span class='status {$statusClass}'>{$statusMsg}</span>";
}
print i18n('apigate-keyinfo-status', $statusHtml);
// If the key is disabled, show the user why.
if (!$apiKeyObject->isEnabled()) {
    $reasonBanned = $apiKeyObject->getReasonBanned();
    $reasonBanned = $reasonBanned == null ? i18n('apigate-keyinfo-no-reason-found') : $apiKeyObject->getReasonBanned();
    print "<div class='reasonDisabled'>\n" . i18n('apigate-keyinfo-reason-disabled', $reasonBanned) . "\n</div>\n";
}
// Always display the full banlog to admins if there are any events in it.
if (ApiGate_Config::isAdmin()) {
    print "<div class='banLog'>\n" . i18n('apigate-keyinfo-banlog-heading') . "\n<br/>\n";
    print $apiKeyObject->getBanLogHtml() . "</div>\n";
}
?>
			<br/>
			<?php 
echo i18n('apigate-keyinfo-name');
?>
<br/>
			<input type='text' name='firstName' value='<?php 
echo $apiKeyObject->getFirstName();
?>
' style='width:192px'/>
			&nbsp;<input type='text' name='lastName' value='<?php 
echo $apiKeyObject->getLastName();
Exemplo n.º 2
0
 /**
  * Displays usage stats (as interactive javscript charts) for a specific API key.  Re-uses
  * some of our SponsorshipDashboard code, so it's not reusable by ApiGate and isn't very customizable
  * yet, but using SD saved a TON by getting us a decent amount of features in almost no time.
  *
  * The calling code is responsible for checking whether the user should be allowed to see the html
  * that this function returns.
  *
  * @param apiKey - string - api key whose usage stats should be shown.
  * @param html - string - the html for showing the charts of stats. Can be thrown right into wgOut.
  */
 public function subpage_keyStats($apiKey)
 {
     wfProfileIn(__METHOD__);
     global $wgCacheBuster;
     $html = "";
     // TODO: LATER: When API Gate has its own charting, use that instead of this SponsorshipDashboard-dependent code.
     $metricName = wfMsg('apigate-chart-metric-requests');
     // Will just show daily and monthly to users for now (and hourly will just be for admins to detect anything weird).
     if (ApiGate_Config::isAdmin()) {
         $html .= wfMsg('apigate-hourly-admin-only') . "<br/><br/>\n";
         // to avoid confusion, mention on the page that only admins see the hourly graph
         $chartName = wfMsg('apigate-chart-name-hourly');
         $html .= $this->getChartHtmlByPeriod($apiKey, "hourly", $metricName, $chartName);
     }
     $chartName = wfMsg('apigate-chart-name-daily');
     $html .= $this->getChartHtmlByPeriod($apiKey, "daily", $metricName, $chartName);
     $chartName = wfMsg('apigate-chart-name-monthly');
     $html .= $this->getChartHtmlByPeriod($apiKey, "monthly", $metricName, $chartName);
     wfProfileOut(__METHOD__);
     return $html;
 }
Exemplo n.º 3
0
 /**
  * If the form in the 'key' template was posted, this will process it and apply any updates.
  *
  * @return string - a string containing any errors that occurred while trying to update the key info.
  */
 public static function processPost()
 {
     $errorString = "";
     if (ApiGate::getPost('formName') == "apiGate_apiKey_updateKeyInfo") {
         $apiKey = ApiGate::getPost('apiKey');
         $apiKeyObject = ApiGate_ApiKey::newFromDb($apiKey);
         if (is_object($apiKeyObject)) {
             if ($apiKeyObject->canBeEditedByCurrentUser()) {
                 $nickName = ApiGate::getPost('nickName');
                 $firstName = ApiGate::getPost('firstName');
                 $lastName = ApiGate::getPost('lastName');
                 $email_1 = ApiGate::getPost('email_1');
                 $email_2 = ApiGate::getPost('email_2');
                 // Validate input (same business logic as ApiGate_Register::processPost()).
                 global $API_GATE_DIR;
                 include_once "{$API_GATE_DIR}/ApiGate_Register.class.php";
                 $errorString = ApiGate_Register::validateNameAndEmail($firstName, $lastName, $email_1, $email_2, $errorString);
                 // If there were no errors, update the key info in the database.
                 if ($errorString == "") {
                     $dbw = ApiGate_Config::getMasterDb();
                     $queryString = "UPDATE " . ApiGate::TABLE_KEYS . " SET ";
                     $queryString .= "nickName='" . mysql_real_escape_string($nickName, $dbw) . "'";
                     $queryString .= ", firstName='" . mysql_real_escape_string($firstName, $dbw) . "'";
                     $queryString .= ", lastName='" . mysql_real_escape_string($lastName, $dbw) . "'";
                     $queryString .= ", email='" . mysql_real_escape_string($email_1, $dbw) . "'";
                     // If this is an admin, also allow changing of the enabled/disabled field from this form.
                     if (ApiGate_Config::isAdmin()) {
                         $enabled = intval(ApiGate::getPost('enabled'));
                         $setToEnabled = $enabled !== 0;
                         // If there was a change, update the log and apply it.
                         if ($setToEnabled != $apiKeyObject->isEnabled()) {
                             $queryString .= ", enabled='{$enabled}'";
                             $reason = ApiGate::getPost('reason');
                             $logQuery = "INSERT INTO " . ApiGate::TABLE_BANLOG . " (apiKey, action, username, reason) VALUES (";
                             $logQuery .= "'" . $apiKeyObject->getApiKeySqlSafe() . "'";
                             $logQuery .= ", '" . ($setToEnabled ? "enabled" : "disabled") . "'";
                             $logQuery .= ", '" . mysql_real_escape_string(ApiGate_Config::getUsername(), $dbw) . "'";
                             $logQuery .= ", 'MANUAL CHANGE: " . mysql_real_escape_string($reason, $dbw) . "'";
                             $logQuery .= ")";
                             ApiGate::sendQuery($logQuery);
                             // Purge the remote cache of this key's validity (for example, Fastly's cached call to check if the key is allowed to access the API).
                             ApiGate::purgeKey($apiKey);
                         }
                     }
                     $queryString .= " WHERE apiKey='{$apiKeyObject->getApiKeySqlSafe()}'";
                     if (ApiGate::sendQuery($queryString)) {
                         ApiGate::sendQuery("COMMIT");
                         // MediaWiki was randomly not saving some rows without this (the registration queries, so I'm assuming it's the same everywhere).
                     } else {
                         $errorString .= "\n" . i18n('apigate-register-error-mysql_error');
                         $errorString .= "\n<br/><br/>" . mysql_error($dbw);
                     }
                 }
             } else {
                 $errorString .= ApiGate::getErrorHtml(i18n('apigate-error-keyaccess-denied', $apiKey));
             }
         } else {
             // NOTE: This message which says essentially "not found or you don't have access" is intentionally vauge.
             // If we had access-denied and key-not-found be different errors, attackers could just iterate through a bunch of possibilities
             // until they found a key that exists & then they could spoof as being that app.
             $errorString .= ApiGate::getErrorHtml(i18n('apigate-error-keyaccess-denied', $apiKey));
         }
     }
     return $errorString;
 }