aboutsummaryrefslogtreecommitdiff
path: root/engine
diff options
context:
space:
mode:
authoricewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-03-19 16:52:14 +0000
committericewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-03-19 16:52:14 +0000
commit48a856675272576a192b4967322d56f4a5d3e613 (patch)
treea8309f880e2865502a77b42f5e7540500be4e4ef /engine
parent9dc1455158e86f162444394dd0e0092d474ae4cc (diff)
downloadelgg-48a856675272576a192b4967322d56f4a5d3e613.tar.gz
elgg-48a856675272576a192b4967322d56f4a5d3e613.tar.bz2
Marcus Povey <marcus@dushka.co.uk>
* Using simple cache for replay protection... still need to clear cache of old files etc. git-svn-id: https://code.elgg.org/elgg/trunk@253 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine')
-rw-r--r--engine/lib/api.php21
1 files changed, 16 insertions, 5 deletions
diff --git a/engine/lib/api.php b/engine/lib/api.php
index 1e842af8c..b86a8a09c 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -267,7 +267,7 @@
*/
function execute_method($method, array $parameters, $token = "")
{
- global $METHODS;
+ global $METHODS, $CONFIG;
// Sanity check
$method = sanitise_string($method);
@@ -278,7 +278,7 @@
{
$serialised_parameters = "";
- $validated_userid = validate_user_token($ApiEnvironment->site_id, $token);
+ $validated_userid = validate_user_token($CONFIG->site_id, $token);
if ((!$METHODS[$method]["require_auth"]) || ($validated_userid) || (isloggedin()))
{
@@ -378,7 +378,7 @@
"sha256" => "sha256"
);
- if (array_key_exists($algo))
+ if (array_key_exists($algo, $supported_algos))
return $supported_algos[$algo];
throw new APIException("Algorithm '$algo' is not supported or has been disabled.");
@@ -440,7 +440,18 @@
{
global $CONFIG;
- throw new NotImplementedException("Writeme!");
+ $cache_dir = $CONFIG->cache_path;
+ if (!$cache_dir)
+ throw new ConfigurationException("Cache directory 'cache_path' not set.");
+
+ $cache = new ElggFileCache($cache_dir, 90000); // cache lifetime is 25 hours (see time window in get_and_validate_api_headers() )
+
+ if (!$result = $cache->load($hmac))
+ {
+ $cache->save($hmac, $hmac);
+
+ return false;
+ }
return true;
}
@@ -612,7 +623,7 @@
global $CONFIG;
$api_header = get_and_validate_api_headers(); // Get api header
- $api_user = get_api_user($CONFIG->api_header->api_key); // Pull API user details
+ $api_user = get_api_user($CONFIG->site_id, $api_header->api_key); // Pull API user details
if ($api_user)
{