Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- <?php
- if(!defined('IS_INTERNAL')) { die('Direct file connect attempt.'); }
- class api
- {
- /**
- * A place to store variables linked with the api key.
- */
- private static $token_variables = array();
- /**
- * Adds to the list of variables linked with the token.
- *
- * @param string $name The name of the new variable
- * @param mixed $data The data of the new variable
- */
- private static function AddTokenVariable($name, $data)
- {
- if(!is_string($name)) {
- return false;
- }
- api::$token_variables[$name] = $data;
- }
- /**
- * Gets a variable that was fetched when you authenticate token.
- *
- * @param string $name The name of the variable.
- */
- public static function GetVariable($name)
- {
- if(!is_string($name)) {
- return false;
- }
- if(isset(api::$token_variables[$name])) {
- return api::$token_variables[$name];
- }
- return false;
- }
- /**
- * Authenticates an API token and gets all data linked with the token.
- *
- * @param string $token The token that we'll be using.
- */
- public static function AuthenticateToken($token)
- {
- if(!config::GetConfig("IS_API_ENABLED")) {
- return array(
- 'success' => false,
- 'response' => 'API is disabled.'
- );
- }
- if(!sql::Instance()) {
- return array(
- 'success' => false,
- 'response' => 'Failed to initialize connection with mysql database.'
- );
- }
- $is_ok = true;
- /* Getting information linked with token */
- if($stmt = sql::Prepare("SELECT `user_id`, `enabled`, 'can_upload', 'can_delete', 'can_view' FROM `api_keys` WHERE `token` = ?")) {
- $stmt->bind_param('s', $token);
- $is_ok = $stmt->execute();
- $stmt->store_result();
- if($stmt->num_rows == 0) {
- return array(
- 'success' => false,
- 'response' => 'Invalid authentication key.'
- );
- }
- $stmt->bind_param($user_id, $enabled, $can_upload, $can_delete, $can_view);
- $is_ok = $stmt->fetch();
- $stmt->close();
- }
- else {
- $is_ok = false;
- }
- if($is_ok) {
- api::AddTokenVariable("HAS_AUTHENTICATED", true);
- api::AddTokenVariable("USER_ID", $user_id);
- api::AddTokenVariable("IS_ENABLED", misc::IsTrue($enabled));
- //Permissions variables
- api::AddTokenVariable("CAN_UPLOAD", misc::IsTrue($can_upload));
- api::AddTokenVariable("CAN_DELETE", misc::IsTrue($can_delete));
- api::AddTokenVariable("CAN_VIEW", misc::IsTrue($can_view));
- if(api::GetVariable("IS_ENABLED")) {
- return array(
- 'success' => true,
- 'response' => 'Fetched token successfully'
- );
- }
- else {
- return array(
- 'success' => false,
- 'response' => 'Token has been disabled'
- );
- }
- }
- else {
- return array(
- 'success' => false,
- 'response' => 'Something wen\'t wrong!'
- );
- }
- }
- /**
- * Generates a token for a specific user.
- *
- * @param integer $user_id The user id that'll get the API token
- * @param boolean
- */
- public static function GenerateToken($user_id, $can_upload, $can_delete, $can_view)
- {
- if(!config::GetConfig("IS_API_ENABLED")) {
- return array(
- 'success' => false,
- 'response' => 'API is disabled.'
- );
- }
- if(!is_integer($user_id)) {
- return array(
- 'success' => false,
- 'response' => 'User id is an invalid type.'
- );
- }
- if(!sql::Instance()) {
- return array(
- 'success' => false,
- 'response' => 'Failed to initialize connection with mysql database.'
- );
- }
- //Converting the parameters to sql booleans
- misc::BooleanToString($can_upload);
- misc::BooleanToString($can_delete);
- misc::BooleanToString($can_view);
- $is_ok = true;
- /* Generates a token. Format: sha512(rnd(100) + user_id) + rnd(12) */
- $token = hash("sha512", cryptography::RandomString(100, true) . (string)$user_id) . cryptography::RandomString(12, false, false);
- /* Inserting the newly made token */
- if($stmt = sql::Prepare("INSERT INTO `api_keys` (`user_id`, `token`, `enabled`, `can_upload`, `can_delete`, `can_view`) VALUES (?, ?, 'true', ?, ?, ?)")) {
- $stmt->bind_param('is', $user_id, $token, $can_upload, $can_delete, $can_view);
- $is_ok = $stmt->execute();
- $stmt->close();
- }
- else {
- $is_ok = false;
- }
- if($is_ok) {
- return array(
- 'success' => true,
- 'response' => 'Token generated successfully',
- 'token' => $token
- );
- }
- else {
- return array(
- 'success' => false,
- 'response' => 'Failed to generate token'
- );
- }
- }
- /**
- * This will change the permissions of the token.
- *
- * @param integer $user_id The owner of the token.
- * @param string $token The token you wish to edit.
- * @param boolean $can_upload The new can_upload permission.
- * @param boolean $can_delete The new $can_delete permission.
- * @param boolean $can_view The new $can_view permission.
- */
- public static function EditToken($user_id, $token, $can_upload, $can_delete, $can_view)
- {
- /* Checking that the API is enabled*/
- if(!config::GetConfig("IS_API_ENABLED")) {
- return array(
- 'success' => false,
- 'response' => 'API is disabled.'
- );
- }
- /* Connecting to mysql */
- if(!sql::Instance()) {
- return array(
- 'success' => false,
- 'response' => 'Failed to initialize connection with mysql database.'
- );
- }
- /* Converting the parameters to sql booleans. */
- misc::BooleanToString($can_upload);
- misc::BooleanToString($can_delete);
- misc::BooleanToString($can_view);
- /* Variable to say whether everything wen't okay. */
- $is_ok = true;
- /* Updating the token detials */
- if($stmt = sql::Prepare("UPDATE `api_keys` SET `can_upload` = ?, `can_delete` = ?, `can_view` = ? WHERE `user_id` =? AND `token` = ? AND `enabled` = 'true'")) {
- $stmt->bind_param('sssis', $can_upload, $can_delete, $can_view, $user_id, $token);
- $is_ok = $stmt->execute();
- $stmt->close();
- }
- else {
- $is_ok = false;
- }
- if($is_ok) {
- /*Everything wen't as planned, so returning with a success message. */
- return array(
- 'success' => true,
- 'response' => 'Edited token successfully.'
- );
- }
- else {
- /* Something wen't wrong. Return with a message that will be shown to user */
- return array(
- 'success' => false,
- 'response' => 'Something wen\'t wrong.'
- );
- }
- }
- /**
- * This will 'soft delete' a token. Soft deleting will just disable it and prev-
- * ent user from viewing it..
- *
- * @param integer $user_id The owner of the token.
- * @param string $token The token you wish to delete.
- */
- public static function DeleteToken($user_id, $token)
- {
- /* Checking that the API is enabled*/
- if(!config::GetConfig("IS_API_ENABLED")) {
- return array(
- 'success' => false,
- 'response' => 'API is disabled.'
- );
- }
- /* Connecting to mysql */
- if(!sql::Instance()) {
- return array(
- 'success' => false,
- 'response' => 'Failed to initialize connection with mysql database.'
- );
- }
- /* Variable to say whether everything wen't okay. */
- $is_ok = true;
- /* Disabling the token, which is pretty much the same as deleting it. */
- if($stmt = sql::Prepare("UPDATE `api_keys` SET `enabled` = 'false' WHERE `user_id` = ? AND `token` = ?")) {
- $stmt->bind_param('is', $user_id, $token);
- $is_ok = $stmt->execute();
- $stmt->close();
- }
- else {
- $is_ok = false;
- }
- if($is_ok) {
- /*Everything wen't as planned, so returning with a success message. */
- return array(
- 'success' => true,
- 'response' => 'Edited token successfully.'
- );
- }
- else {
- /* Something wen't wrong. Return with a message that will be shown to user */
- return array(
- 'success' => false,
- 'response' => 'Something wen\'t wrong.'
- );
- }
- }
- /**
- * Gets all tokens a user has linked to his account.
- *
- *
- */
- public static function GetTokens($user_id)
- {
- /* Checking that the API is enabled*/
- if(!config::GetConfig("IS_API_ENABLED")) {
- return array(
- 'success' => false,
- 'response' => 'API is disabled.'
- );
- }
- /* Connecting to mysql */
- if(!sql::Instance()) {
- return array(
- 'success' => false,
- 'response' => 'Failed to initialize connection with mysql database.'
- );
- }
- $is_ok = true;
- /* Updating the token detials */
- if($stmt = sql::Prepare("SELECT `token`, `can_upload`, `can_delete`, `can_view` FROM `api_keys` WHERE `user_id` = ? AND `enabled` = 'true'")) {
- $stmt->bind_param('i', $user_id);
- $is_ok = $stmt->execute();
- $stmt->bind_result($token, $can_upload, $can_delete, $can_view);
- $i = 0;
- while($stmt->fetch()) {
- $result[$i] = array(
- 'token' => $token,
- 'can_upload' => misc::IsTrue($can_upload),
- 'can_delete' => misc::IsTrue($can_delete),
- 'can_view' => misc::IsTrue($can_view),
- );
- $i++;
- }
- $stmt->close();
- }
- else {
- $is_ok = false;
- }
- if($is_ok) {
- if(isset($result)) {
- return array(
- 'success' => true,
- 'response' => 'success',
- 'data' => $result
- );
- }
- else {
- return array(
- 'success' => false,
- 'response' => 'No entries found',
- );
- }
- }
- else {
- return array(
- 'success' => false,
- 'response' => 'Something went wrong',
- );
- }
- }
- /**
- * Gets all information linked with a specific token.
- *
- * @param integer $user_id The owner of the token.
- * @param string $token The token itself.
- */
- public static function GetTokenDetails($user_id, $token)
- {
- /* Checking that the API is enabled*/
- if(!config::GetConfig("IS_API_ENABLED")) {
- return array(
- 'success' => false,
- 'response' => 'API is disabled.'
- );
- }
- /* Connecting to mysql */
- if(!sql::Instance()) {
- return array(
- 'success' => false,
- 'response' => 'Failed to initialize connection with mysql database.'
- );
- }
- /* Variable to say whether everything wen't okay. */
- $is_ok = true;
- /* Getting the information linked with the token */
- if($stmt = sql::Prepare("SELECT `enabled`, `can_upload`, `can_delete`, `can_view` FROM `api_keys` WHERE `user_id` = ? AND `token` = ?")) {
- $stmt->bind_param('is', $user_id, $token);
- $is_ok = $stmt->execute();
- $stmt->store_result();
- $stmt->bind_result($enabled, $can_upload, $can_delete, $can_view);
- $stmt->fetch();
- if($stmt->num_rows > 0) {
- $result = array(
- 'is_enabled' => misc::IsTrue($enabled),
- 'can_upload' => misc::IsTrue($can_upload),
- 'can_delete' => misc::IsTrue($can_delete),
- 'can_view' => misc::IsTrue($can_view),
- );
- }
- $stmt->close();
- }
- else {
- $is_ok = false;
- }
- if($is_ok) {
- if(isset($result)) {
- return array(
- 'success' => true,
- 'response' => 'successful',
- 'data' => $result,
- );
- }
- else {
- return array(
- 'success' => false,
- 'response' => 'No token found',
- );
- }
- }
- else {
- return array(
- 'success' => false,
- 'response' => 'Something wen\'t wrong',
- );
- }
- }
- //
- // All the functions below this are functions that the API will make use of, and
- // all the above functions are functions to authenticate, generate and edit
- // authentication tokens.
- //
- /**
- * Uploads a file using the API key.
- *
- * NOTE: The user_id this will be linked this after api::AuthenticateToken has
- * been invoked
- *
- * @param string $name The name of the file that's being uploaded.
- * @param string $temp_location The temp file that the file's located.
- */
- public static function Upload($name, $temp_location)
- {
- if(!config::GetConfig("IS_API_ENABLED")) {
- return array(
- 'success' => false,
- 'response' => 'API is disabled.'
- );
- }
- if(!api::GetVariable("HAS_AUTHENTICATED")) {
- return array(
- 'success' => false,
- 'response' => 'API key has not been authenticated.'
- );
- }
- if(!api::GetVariable("IS_ENABLED")) {
- return array(
- 'success' => false,
- 'response' => 'API key is disabled.'
- );
- }
- if(!api::GetVariable("CAN_UPLOAD")) {
- return array(
- 'success' => false,
- 'response' => 'API key is unable to upload files.'
- );
- }
- if(!sql::Instance()) {
- return array(
- 'success' => false,
- 'response' => 'Failed to initialize connection with mysql database.'
- );
- }
- $size = filesize($temp_location);
- return uploads::NewUpload(
- api::GetVariable("USER_ID"),
- $name,
- $temp_location,
- $size,
- false
- );
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement