public function __construct($request)
{
parent::__construct();
$this->request = $request;
$this->db = new MySQL(DBNAME, USERNAME, PASSWORD, HOST);
$this->validation = new Validation();
}
/**
* Call util to set remove stale records and set UUID, and then setup any
* table-specific data.
*/
function preInsert($event)
{
trec_make_new($this);
$this->ak_email = '*****@*****.**';
$this->ak_contact = 'Emily';
parent::preInsert($event);
}
public function __construct($request, $origin)
{
parent::__construct($request);
// Abstracted out for example
$APIKey = new APIKey();
$User = new User($this->verb);
if (!array_key_exists('apiKey', $this->request)) {
throw new Exception('No API Key provided');
} else {
if (!$APIKey->verifyKey($this->request['apiKey'], $origin)) {
throw new Exception('Invalid API Key');
} else {
if (array_key_exists('token', $this->request) && !$User->get('token', $this->request['token'])) {
throw new Exception('Invalid User Token');
}
}
}
$this->User = $User;
$this->obj_db = new PichannelDatabase();
$this->s_host_domain = $this->obj_db->getDomainName();
}
public function __construct()
{
if (Sentry::check()) {
$this->user = Sentry::getUser();
} else {
$inputKey = Input::get('apikey');
if (empty($inputKey)) {
return Response::api('Invalid authorization token.', 401);
}
$key = APIKey::where('key', $inputKey);
$this->user = $key->user()->get();
}
}
public function __construct($chiave, $sid = null)
{
global $db, $sessione;
$this->db = $db;
$this->sessione = new Sessione($sid);
/* Punta alla variabile globale, così da
* permettere il funzionamento delle funzioni
* Utente->admin() e tutte quelle che fanno
* affidamento allo stato in sessione */
$sessione = $this->sessione;
$this->chiave = APIKey::by('chiave', $chiave);
$identificato = (bool) $this->sessione->utente;
if ($identificato) {
registraParametroTransazione('uid', $this->sessione->utente);
}
registraParametroTransazione('login', (int) $identificato);
}
<?php
/*
* ©2014 Croce Rossa Italiana
*/
paginaAdmin();
foreach ($_POST['chiavi'] as $chiave) {
$c = APIKey::id($chiave);
$c->nome = $_POST["{$c}_nome"];
$c->email = $_POST["{$c}_email"];
$c->limite = $_POST["{$c}_limite"];
$c->attiva = $_POST["{$c}_attiva"];
}
redirect('admin.chiavi');
function generateAPIKey(&$argsObj, &$user)
{
$op = new stdClass();
$op->status = tl::OK;
$op->user_feedback = null;
if ($user) {
$APIKey = new APIKey();
if ($APIKey->addKeyForUser($argsObj->userID) < tl::OK) {
logAuditEvent(TLS("audit_user_apikey_set", $user->login), "CREATE", $user->login, "users");
$op->user_feedback = lang_get('result_apikey_create_ok');
}
}
return $op;
}
/**
* Generate the API Key
*
* @param struct $args
* @param string $args["user"]
* @param string $args["pass"]
* @return string
* @access public
*/
public function generateAPIKey($args)
{
$this->_setArgs($args);
$login = $this->args[self::$userParamName];
$pwd = $this->args['pass'];
$user = new tlUser();
$user->login = $login;
$login_exists = $user->readFromDB($this->dbObj, tlUser::USER_O_SEARCH_BYLOGIN) >= tl::OK;
$checkBD = $user->comparePassword($pwd) == tl::OK;
$checkLDAP = ldap_authenticate($login, $pwd);
if ($checkBD or $checkLDAP->status_ok) {
$user_id = tlUser::doesUserExist($this->dbObj, $login);
if (is_null($user_id)) {
$this->errors[] = new IXR_Error(NO_USER_BY_THIS_LOGIN, 'This is a valid user, but is not on TestLink DB');
} else {
$op = new stdClass();
$op->status = tl::OK;
$op->user_feedback = null;
$APIKey = new APIKey();
$ak = $APIKey->getAPIKey($user_id);
if (!is_null($ak)) {
return $ak;
}
if ($APIKey->addKeyForUser($user_id) >= tl::OK) {
return $APIKey->getAPIKey($user_id);
} else {
$this->errors[] = new IXR_Error(NO_DEV_KEY, NO_DEV_KEY_STR);
}
}
} else {
$this->errors[] = new IXR_Error(INVALID_AUTH, INVALID_AUTH_STR);
}
return $this->errors;
}
<?php
/*
* ©2014 Croce Rossa Italiana
*/
paginaAdmin();
$chiave = APIKey::id($_GET['id']);
$chiave->generaChiave();
redirect('admin.chiavi');
}
paginaPubblica();
?>
<div class="row-fluid">
<div class="span12 centrato">
<h2><span class="muted">Croce Rossa.</span> Persone in prima persona.</h2>
<hr />
</div>
</div>
<?php
if ($sessione->app_id) {
/* ACCESSO TRAMITE API (APPLICAZIONE) */
$app = APIKey::id($sessione->app_id);
$ip = $sessione->app_ip;
?>
<div class="alert alert-block alert-info">
<h4>
<i class="icon-warning-sign"></i>
Stai entrando su Gaia tramite <?php
echo $app->nome;
?>
</h4>
<p>
Tieni presente che <?php
echo $app->nome;
?>
(IP: <?php
echo $ip;
/**
* Getting the public responses to display
*
* @return void
* @param unknown $inq_uuid (optional)
*/
public function search($inq_uuid = null)
{
$query_term = $this->input->get('q');
$resp_format = $this->input->get('t');
$api_key = $this->input->get('a');
if (!$resp_format) {
$resp_format = 'JSON';
}
// "view" only used for errors
// otherwise proxy response sets its own headers
// we do not have any HTML view, so if that is detected,
// it was the default. override with our local response format detection.
if ($this->airoutput->view == 'html') {
$this->airoutput->view = strtolower($resp_format);
$this->airoutput->format = $this->router->get_content_type_for_view($this->airoutput->view);
} elseif (!$this->input->get('t')) {
$resp_format = strtoupper($this->airoutput->view);
}
$api_key_rec = null;
if (!strlen($api_key)) {
$this->response(array('success' => false, 'error' => 'API Key Required'), 401);
return;
} else {
$api_key_rec = APIKey::find('APIKey', $api_key);
if (!$api_key_rec || !$api_key_rec->ak_approved) {
$this->response(array('success' => false, 'error' => 'Invalid API Key'), 403);
return;
}
// ok key. log it.
$ip_address = $this->input->server('REMOTE_ADDR');
$api_stat = new APIStat();
$api_stat->APIKey = $api_key_rec;
$api_stat->as_ip_addr = $ip_address;
$api_stat->save();
}
// validity checks
if ($this->method != 'GET') {
header('Allow: GET', true, 405);
$this->response(array('success' => false), 405);
return;
}
if (!strlen($query_term)) {
$this->response(array('success' => false, 'error' => '"q" param required'), 400);
return;
}
if ($inq_uuid) {
$query_term = "(" . $query_term . ") AND inq_uuid={$inq_uuid}";
}
$airuser = new AirUser();
$tkt = $airuser->get_tkt($api_key_rec->ak_email, 0);
$tktname = null;
$tktval = null;
foreach ($tkt as $k => $v) {
$tktname = $k;
$tktval = $v;
}
$opts = array("url" => AIR2_SEARCH_URI . '/public-responses/search', "cookie_name" => $tktname, "params" => array('t' => $resp_format), "tkt" => $tktval, "query" => $query_term, "GET" => true);
$search_proxy = new Search_Proxy($opts);
$response = $search_proxy->response();
$body = $response['json'];
$this->airoutput->format = $response['response']['content_type'];
$this->airoutput->send_headers($response['response']['http_code']);
// if JSONP requested, wrap response
if ($this->input->get('callback')) {
echo $this->input->get('callback') . '(' . $body . ');';
} else {
echo $body;
}
}
/**
* Save form information
*
* @param unknown $name
* @param unknown $email
*/
protected function save($name, $email)
{
$ip_address = $this->input->server('REMOTE_ADDR');
$api_key = new APIKey();
$api_key->ak_contact = $name;
$api_key->ak_email = $email;
$api_key->ak_key = air2_generate_uuid(32);
$api_key->save();
$api_stat = new APIStat();
$api_stat->APIKey = $api_key;
$api_stat->as_ip_addr = $ip_address;
$api_stat->save();
}
/**
*
*/
function createNewAPIKey(&$dbHandler, &$argsObj, &$userObj)
{
$op = new stdClass();
$op->user_feedback = '';
// Try to validate mail configuration
//
// From Zend Documentation
// You may find you also want to match IP addresses, Local hostnames, or a combination of all allowed types.
// This can be done by passing a parameter to Zend_Validate_Hostname when you instantiate it.
// The paramter should be an integer which determines what types of hostnames are allowed.
// You are encouraged to use the Zend_Validate_Hostname constants to do this.
// The Zend_Validate_Hostname constants are: ALLOW_DNS to allow only DNS hostnames, ALLOW_IP to allow IP addresses,
// ALLOW_LOCAL to allow local network names, and ALLOW_ALL to allow all three types.
//
$validator = new Zend_Validate_Hostname(Zend_Validate_Hostname::ALLOW_ALL);
$smtp_host = config_get('smtp_host');
$op->status = tl::ERROR;
// We need to validate at least that user mail is NOT EMPTY
if ($validator->isValid($smtp_host)) {
$APIKey = new APIKey();
if ($APIKey->addKeyForUser($argsObj->user_id) >= tl::OK) {
logAuditEvent(TLS("audit_user_apikey_set", $userObj->login), "CREATE", $userObj->login, "users");
$op->user_feedback = lang_get('apikey_by_mail');
$op->status = tl::OK;
// now send by mail
$ak = $APIKey->getAPIKey($argsObj->user_id);
$msgBody = lang_get('your_apikey_is') . "\n\n" . $ak . "\n\n" . lang_get('contact_admin');
$mail_op = @email_send(config_get('from_email'), $userObj->emailAddress, lang_get('mail_apikey_subject'), $msgBody);
}
} else {
$op->status = tl::ERROR;
$op->user_feedback = lang_get('apikey_cannot_be_reseted_invalid_smtp_hostname');
}
return $op;
}
<?php
/*
* ©2014 Croce Rossa Italiana
*/
paginaAdmin();
// Se non esiste, genera la chiave web
if (!APIKey::elenco()) {
$k = new APIKey();
$k->chiave = 'bb2c08ff4da11f0b590a7ae884412e2bfd8ac28a';
$k->email = '*****@*****.**';
$k->nome = 'Client JS integrato';
$k->attiva = 1;
$k->giorno = 0;
$k->limite = 0;
redirect('admin.chiavi');
}
$k = new APIKey();
$k->generaChiave();
$k->nome = '';
$k->attiva = 0;
$k->giorno = 0;
$k->limite = 5000;
redirect('admin.chiavi');
<?php
/*
* ©2014 Croce Rossa Italiana
*/
paginaAdmin();
$chiavi = APIKey::elenco();
?>
<?php
if (!$chiavi) {
?>
<div class="alert alert-block alert-error">
<h4><i class="icon-warning-sign"></i> Chiave web non presente</h4>
<p>Non è presente la chiave web. Non funzioneranno le API JS da browser.</p>
<p>Per rimediare, cliccare su "Genera nuova chiave". Gaia generera' una chiave JS automaticamente.</p>
</div>
<?php
}
?>
<form action="?p=admin.chiavi.ok" method="POST">
<div class="pull-right btn-group">
<a href="?p=admin.chiavi.genera" class="btn btn-large btn-warning"
data-conferma="Generare davvero una nuova chiave?">
<i class="icon-plus"></i>
Genera nuova chiave
</a>
<button type="submit" class="btn btn-large btn-success">
<i class="icon-save"></i>