Gazelle/sections/api/index.php

<?
$Available = array(
	'access_request',
	'access_state',
	'user_stats_ratio',
	'user_stats_torrent',
	'user_stats_comumnity',
);

if (
	empty($_GET['req']) ||
	empty($_GET['uid']) ||
	empty($_GET['aid']) ||
	empty($_GET['key']) ||
	!is_number($_GET['uid']) ||
	!is_number($_GET['aid']) ||
	!in_array($_GET['req'],$Available,true)
) {
	error('invalid');
}


$AppID = $_GET['aid'];
$UserID = $_GET['uid'];

$App = $Cache->get_value('api_apps_'.$AppID);
if (!is_array($App)) {
	if (!isset($DB)) {
		require(SERVER_ROOT.'/classes/class_mysql.php');
		$DB = new DB_MYSQL;
	}
	$DB->query("SELECT Token, Name FROM api_applications WHERE ID='$AppID' LIMIT 1");
	$App = $DB->to_array(false,MYSQLI_ASSOC);
	$Cache->cache_value('api_apps_'.$AppID, $App, 0);
}
$App = $App[0];

//Handle our request auths
if ($_GET['req'] === 'access_request') {
	if (md5($App['Token']) !== $_GET['key']) {
		error('invalid');
	}
} else {
	$User = $Cache->get_value('api_users_'.$UserID);
	if (!is_array($User)) {
		if (!isset($DB)) {
			require(SERVER_ROOT.'/classes/class_mysql.php');
			$DB = new DB_MYSQL;
		}
		$DB->query("
			SELECT AppID, Token, State, Time, Access
			FROM api_users
			WHERE UserID='$UserID'
			LIMIT 1"); //int, no db_string
		$User = $DB->to_array('AppID',MYSQLI_ASSOC);
		$Cache->cache_value('api_users_'.$UserID, $User, 0);
	}
	$User = $User[$AppID];

	if (md5($User['Token'].$App['Token']) !== $_GET['key']) {
		error('invalid');
	}
}

die('API put on hold');
require(SERVER_ROOT.'/sections/api/'.$_GET['req'].'.php');
echo '</payload>';
$Debug->profile();
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`<?`
			`$Available = array(`
			`'access_request',`
			`'access_state',`
			`'user_stats_ratio',`
			`'user_stats_torrent',`
			`'user_stats_comumnity',`
			`);`

			`if (`
Empty commit 2013-02-22 08:00:24 +00:00			`empty($_GET['req']) \|\|`
			`empty($_GET['uid']) \|\|`
			`empty($_GET['aid']) \|\|`
			`empty($_GET['key']) \|\|`
			`!is_number($_GET['uid']) \|\|`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`!is_number($_GET['aid']) \|\|`
			`!in_array($_GET['req'],$Available,true)`
			`) {`
			`error('invalid');`
			`}`


			`$AppID = $_GET['aid'];`
			`$UserID = $_GET['uid'];`

			`$App = $Cache->get_value('api_apps_'.$AppID);`
Empty commit 2013-05-05 08:00:31 +00:00			`if (!is_array($App)) {`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`if (!isset($DB)) {`
			`require(SERVER_ROOT.'/classes/class_mysql.php');`
			`$DB = new DB_MYSQL;`
			`}`
			`$DB->query("SELECT Token, Name FROM api_applications WHERE ID='$AppID' LIMIT 1");`
			`$App = $DB->to_array(false,MYSQLI_ASSOC);`
			`$Cache->cache_value('api_apps_'.$AppID, $App, 0);`
			`}`
			`$App = $App[0];`

			`//Handle our request auths`
			`if ($_GET['req'] === 'access_request') {`
			`if (md5($App['Token']) !== $_GET['key']) {`
			`error('invalid');`
			`}`
			`} else {`
			`$User = $Cache->get_value('api_users_'.$UserID);`
Empty commit 2013-05-05 08:00:31 +00:00			`if (!is_array($User)) {`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`if (!isset($DB)) {`
			`require(SERVER_ROOT.'/classes/class_mysql.php');`
			`$DB = new DB_MYSQL;`
			`}`
Empty commit 2013-05-05 08:00:31 +00:00			`$DB->query("`
			`SELECT AppID, Token, State, Time, Access`
			`FROM api_users`
			`WHERE UserID='$UserID'`
			`LIMIT 1"); //int, no db_string`
Initial import from revision 11440 2011-03-28 14:21:28 +00:00			`$User = $DB->to_array('AppID',MYSQLI_ASSOC);`
			`$Cache->cache_value('api_users_'.$UserID, $User, 0);`
			`}`
			`$User = $User[$AppID];`

			`if (md5($User['Token'].$App['Token']) !== $_GET['key']) {`
			`error('invalid');`
			`}`
			`}`

			`die('API put on hold');`
			`require(SERVER_ROOT.'/sections/api/'.$_GET['req'].'.php');`
			`echo '</payload>';`
			`$Debug->profile();`