diff options
author | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-09-17 14:47:25 +0000 |
---|---|---|
committer | marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544> | 2008-09-17 14:47:25 +0000 |
commit | d99c8b42a8e70fae87f017bf9072b55ba8a72364 (patch) | |
tree | a142d2b4795332433c4541cf45e140893d262381 /engine/lib | |
parent | a753e0c616891a9b3a9823473d883540465cbb4c (diff) | |
download | elgg-d99c8b42a8e70fae87f017bf9072b55ba8a72364.tar.gz elgg-d99c8b42a8e70fae87f017bf9072b55ba8a72364.tar.bz2 |
Some api improvements:
* User tokens setable
* List api no longer requires token
git-svn-id: https://code.elgg.org/elgg/trunk@2088 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib')
-rw-r--r-- | engine/lib/api.php | 51 |
1 files changed, 50 insertions, 1 deletions
diff --git a/engine/lib/api.php b/engine/lib/api.php index 0b006b352..176ca1f8b 100644 --- a/engine/lib/api.php +++ b/engine/lib/api.php @@ -207,6 +207,25 @@ } /** + * Obtain a token for a user. + * + * @param string $username The username + * @param string $password The password + */ + function obtain_user_token($username, $password) + { + global $CONFIG; + + $site = $CONFIG->site_id; + $token = md5(mt_rand(). microtime() . $username . $password); + + if (insert_data("INSERT into {$CONFIG->dbprefix}users_apisessions (user_guid, site_guid, token, expires) values () on duplicate key update token='$token'")) + return $token; + + return false; + } + + /** * Validate a token against a given site. * * A token registered with one site can not be used from a different apikey(site), so be aware of this @@ -427,8 +446,38 @@ } // Expose some system api functions - expose_function("system.api.list", "list_all_apis", NULL, "List all available API calls on the system."); + expose_function("system.api.list", "list_all_apis", NULL, elgg_echo("system.api.list"), "GET", false); + /** + * The auth.gettoken API. + * This API call lets a user log in, returning an authentication token which can be used + * in leu of a username and password login from then on. + * + * @param string username Username + * @param string password Clear text password + */ + function auth_gettoken($username, $password) + { + if (authenticate($username, $password)) + { + $token = obtain_user_token($username, $password); + if ($token) + return $token; + } + + return new ErrorResult(); + } + + // The authentication token api + expose_function("auth.gettoken", "auth_gettoken", array( + "username" => array ( + 'string' + ), + "password" => array ( + 'string' + ) + ), elgg_echo('auth.gettoken'), "GET", false, false); + // PAM AUTH HMAC functions //////////////////////////////////////////////////////////////// |