Mirror/Gazelle
1
0
Fork 0
mirror of https://github.com/WhatCD/Gazelle.git synced 2024-12-13 10:56:26 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
44f05430fc
Gazelle/sections/api/index.php
Git 3e3fdfb804 Empty commit
2013-08-28 23:08:41 +00:00

73 lines
1.5 KiB
PHP
Raw Blame History

<?
$Available = array(
'access_request',
'access_state',
'user_stats_ratio',
'user_stats_torrent',
'user_stats_comumnity',
);
if (
empty($_GET['req'])
|| empty($_GET['uid'])
|| empty($_GET['aid'])
|| empty($_GET['key'])
|| !is_number($_GET['uid'])
|| !is_number($_GET['aid'])
|| !in_array($_GET['req'], $Available, true)
) {
error('invalid');
}
$AppID = $_GET['aid'];
$UserID = $_GET['uid'];
$App = $Cache->get_value("api_apps_$AppID");
if (!is_array($App)) {
if (!isset($DB)) {
require(SERVER_ROOT.'/classes/mysql.class.php');
$DB = new DB_MYSQL;
}
$DB->query("
SELECT Token, Name
FROM api_applications
WHERE ID = '$AppID'
LIMIT 1");
$App = $DB->to_array(false, MYSQLI_ASSOC);
$Cache->cache_value("api_apps_$AppID", $App, 0);
}
$App = $App[0];
//Handle our request auths
if ($_GET['req'] === 'access_request') {
if (md5($App['Token']) !== $_GET['key']) {
error('invalid');
}
} else {
$User = $Cache->get_value("api_users_$UserID");
if (!is_array($User)) {
if (!isset($DB)) {
require(SERVER_ROOT.'/classes/mysql.class.php');
$DB = new DB_MYSQL;
}
$DB->query("
SELECT AppID, Token, State, Time, Access
FROM api_users
WHERE UserID = '$UserID'
LIMIT 1"); //int, no db_string
$User = $DB->to_array('AppID', MYSQLI_ASSOC);
$Cache->cache_value("api_users_$UserID", $User, 0);
}
$User = $User[$AppID];
if (md5($User['Token'] . $App['Token']) !== $_GET['key']) {
error('invalid');
}
}
die('API put on hold');
require(SERVER_ROOT.'/sections/api/'.$_GET['req'].'.php');
echo '</payload>';
$Debug->profile();
Reference in New Issue View Git Blame Copy Permalink