Marcus Povey <marcus@dushka.co.uk>

* Using simple cache for replay protection... still need to clear cache of old files etc.

git-svn-id: https://code.elgg.org/elgg/trunk@253 36083f99-b078-4883-b0ff-0f9b5a30f544

1 files changed, 16 insertions, 5 deletions

diff --git a/engine/lib/api.php b/engine/lib/api.php
index 1e842af8c..b86a8a09c 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -267,7 +267,7 @@
 	 */
 	function execute_method($method, array $parameters, $token = "")
 	{
-		global $METHODS;
+		global $METHODS, $CONFIG;
 		
 		// Sanity check
 		$method = sanitise_string($method); 
@@ -278,7 +278,7 @@
 		{
 			$serialised_parameters = "";
 			
-			$validated_userid = validate_user_token($ApiEnvironment->site_id, $token); 
+			$validated_userid = validate_user_token($CONFIG->site_id, $token); 
 		
 			if ((!$METHODS[$method]["require_auth"]) || ($validated_userid) || (isloggedin()))
 			{
@@ -378,7 +378,7 @@
 			"sha256" => "sha256"
 		);
 		
-		if (array_key_exists($algo))
+		if (array_key_exists($algo, $supported_algos))
 			return $supported_algos[$algo];
 			
 		throw new APIException("Algorithm '$algo' is not supported or has been disabled.");
@@ -440,7 +440,18 @@
 	{
 		global $CONFIG;
 
-		throw new NotImplementedException("Writeme!");
+		$cache_dir = $CONFIG->cache_path;
+		if (!$cache_dir)
+			throw new ConfigurationException("Cache directory 'cache_path' not set.");
+			
+		$cache = new ElggFileCache($cache_dir, 90000); // cache lifetime is 25 hours (see time window in get_and_validate_api_headers() )
+		
+		if (!$result = $cache->load($hmac))
+		{
+			$cache->save($hmac, $hmac);
+			
+			return false;
+		}
 		
 		return true;
 	}
@@ -612,7 +623,7 @@
 		global $CONFIG;
 		
 		$api_header = get_and_validate_api_headers(); // Get api header
-		$api_user = get_api_user($CONFIG->api_header->api_key); // Pull API user details
+		$api_user = get_api_user($CONFIG->site_id, $api_header->api_key); // Pull API user details
 	
 		if ($api_user)
 		{