aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-09-25 15:00:34 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-09-25 15:00:34 +0000
commitf3995c360b6887b1e4c60cdf9edc255c91b4438e (patch)
tree72e6edcab55ee6867f47cba62ccf17d2e899a14a /engine/lib
parentf5916cca03809729147ca1df42dda7a032581ebb (diff)
downloadelgg-f3995c360b6887b1e4c60cdf9edc255c91b4438e.tar.gz
elgg-f3995c360b6887b1e4c60cdf9edc255c91b4438e.tar.bz2
Fixing auth_token code
git-svn-id: https://code.elgg.org/elgg/trunk@2136 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/api.php12
1 files changed, 7 insertions, 5 deletions
diff --git a/engine/lib/api.php b/engine/lib/api.php
index 34e3c23c9..af299b85f 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -296,11 +296,12 @@
$site = $CONFIG->site_id;
$user = get_user_by_username($username);
$time = time();
+ $time += 60*60;
$token = md5(rand(). microtime() . $username . $password . $time . $site);
if (!$user) return false;
- if (insert_data("INSERT into {$CONFIG->dbprefix}users_apisessions (user_guid, site_guid, token, expires) values ({$user->guid}, $site, '$token', '$time') on duplicate key update token='$token'"))
+ if (insert_data("INSERT into {$CONFIG->dbprefix}users_apisessions (user_guid, site_guid, token, expires) values ({$user->guid}, $site, '$token', '$time') on duplicate key update token='$token', expires='$time'"))
return $token;
return false;
@@ -327,9 +328,9 @@
$time = time();
- $user = get_data_row("SELECT * from {$CONFIG->dbprefix}users_apisessions where token='$token' and site_guid=$site and expires>$time");
+ $user = get_data_row("SELECT * from {$CONFIG->dbprefix}users_apisessions where token='$token' and site_guid=$site and $time < expires");
if ($user)
- return $user->user_id;
+ return $user->user_guid;
return false;
}
@@ -786,7 +787,7 @@
global $METHODS, $CONFIG;
$method = get_input('method');
- $token = get_input('token');
+ $token = get_input('auth_token');
$validated_userid = validate_user_token($CONFIG->site_id, $token);
@@ -799,7 +800,7 @@
if ((!$METHODS[$method]["require_auth_token"]) || ($validated_userid) || (isloggedin()))
return true;
else
- throw new SecurityException(elgg_echo('SecurityException:AuthTokenExpired'), GenericResult::$RESULT_FAIL_AUTHTOKEN);
+ throw new SecurityException(elgg_echo('SecurityException:AuthTokenExpired'), ErrorResult::$RESULT_FAIL_AUTHTOKEN);
return false;
}
@@ -947,6 +948,7 @@
$url = $url . "?" . $params;
// Construct headers
+ $posthash = "";
if ($method == 'POST') $posthash = calculate_posthash($post_data, 'md5');
if ((isset($keys['public'])) && (isset($keys['private'])))