Gazelle/sections/api/index.php

73 lines
1.5 KiB
PHP
Raw Permalink Normal View History

2011-03-28 14:21:28 +00:00
<?
$Available = array(
'access_request',
'access_state',
'user_stats_ratio',
'user_stats_torrent',
'user_stats_comumnity',
);
if (
2013-08-28 23:08:41 +00:00
empty($_GET['req'])
|| empty($_GET['uid'])
|| empty($_GET['aid'])
|| empty($_GET['key'])
|| !is_number($_GET['uid'])
|| !is_number($_GET['aid'])
|| !in_array($_GET['req'], $Available, true)
2011-03-28 14:21:28 +00:00
) {
error('invalid');
}
$AppID = $_GET['aid'];
$UserID = $_GET['uid'];
2013-07-04 08:00:56 +00:00
$App = $Cache->get_value("api_apps_$AppID");
2013-05-05 08:00:31 +00:00
if (!is_array($App)) {
2011-03-28 14:21:28 +00:00
if (!isset($DB)) {
2013-05-27 08:00:58 +00:00
require(SERVER_ROOT.'/classes/mysql.class.php');
2011-03-28 14:21:28 +00:00
$DB = new DB_MYSQL;
}
2013-07-04 08:00:56 +00:00
$DB->query("
SELECT Token, Name
FROM api_applications
WHERE ID = '$AppID'
LIMIT 1");
$App = $DB->to_array(false, MYSQLI_ASSOC);
$Cache->cache_value("api_apps_$AppID", $App, 0);
2011-03-28 14:21:28 +00:00
}
$App = $App[0];
//Handle our request auths
if ($_GET['req'] === 'access_request') {
if (md5($App['Token']) !== $_GET['key']) {
error('invalid');
}
} else {
2013-07-04 08:00:56 +00:00
$User = $Cache->get_value("api_users_$UserID");
2013-05-05 08:00:31 +00:00
if (!is_array($User)) {
2011-03-28 14:21:28 +00:00
if (!isset($DB)) {
2013-05-27 08:00:58 +00:00
require(SERVER_ROOT.'/classes/mysql.class.php');
2011-03-28 14:21:28 +00:00
$DB = new DB_MYSQL;
}
2013-05-05 08:00:31 +00:00
$DB->query("
SELECT AppID, Token, State, Time, Access
FROM api_users
2013-07-04 08:00:56 +00:00
WHERE UserID = '$UserID'
2013-05-05 08:00:31 +00:00
LIMIT 1"); //int, no db_string
2013-07-04 08:00:56 +00:00
$User = $DB->to_array('AppID', MYSQLI_ASSOC);
$Cache->cache_value("api_users_$UserID", $User, 0);
2011-03-28 14:21:28 +00:00
}
$User = $User[$AppID];
2013-07-04 08:00:56 +00:00
if (md5($User['Token'] . $App['Token']) !== $_GET['key']) {
2011-03-28 14:21:28 +00:00
error('invalid');
}
}
die('API put on hold');
require(SERVER_ROOT.'/sections/api/'.$_GET['req'].'.php');
echo '</payload>';
$Debug->profile();