/**
* Validate the API request
*
* Checks for the user's public key and token against the secret key
*
* @access private
* @global object $wp_query WordPress Query
* @uses Inbound_API::get_user()
* @uses Inbound_API::invalid_key()
* @uses Inbound_API::invalid_auth()
* @return void
*/
private static function validate_request()
{
global $wp_query;
self::$override = false;
/* Check for presence of keys and tokens */
if (empty($_REQUEST['token']) || empty($_REQUEST['key'])) {
self::missing_auth();
}
/* Retrieve the user by public API key and ensure they exist */
if (!($user = self::get_user($_REQUEST['key']))) {
self::invalid_key();
} else {
$token = urldecode($_REQUEST['token']);
$secret = get_user_meta($user, 'inbound_user_secret_key', true);
$public = urldecode($_REQUEST['key']);
if (hash('md5', $secret . $public) === $token) {
self::$is_valid_request = true;
} else {
self::invalid_auth();
}
}
}
