aboutsummaryrefslogtreecommitdiff
path: root/engine
diff options
context:
space:
mode:
authormarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-09-17 14:47:25 +0000
committermarcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-09-17 14:47:25 +0000
commitd99c8b42a8e70fae87f017bf9072b55ba8a72364 (patch)
treea142d2b4795332433c4541cf45e140893d262381 /engine
parenta753e0c616891a9b3a9823473d883540465cbb4c (diff)
downloadelgg-d99c8b42a8e70fae87f017bf9072b55ba8a72364.tar.gz
elgg-d99c8b42a8e70fae87f017bf9072b55ba8a72364.tar.bz2
Some api improvements:
* User tokens setable * List api no longer requires token git-svn-id: https://code.elgg.org/elgg/trunk@2088 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine')
-rw-r--r--engine/lib/api.php51
1 files changed, 50 insertions, 1 deletions
diff --git a/engine/lib/api.php b/engine/lib/api.php
index 0b006b352..176ca1f8b 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -207,6 +207,25 @@
}
/**
+ * Obtain a token for a user.
+ *
+ * @param string $username The username
+ * @param string $password The password
+ */
+ function obtain_user_token($username, $password)
+ {
+ global $CONFIG;
+
+ $site = $CONFIG->site_id;
+ $token = md5(mt_rand(). microtime() . $username . $password);
+
+ if (insert_data("INSERT into {$CONFIG->dbprefix}users_apisessions (user_guid, site_guid, token, expires) values () on duplicate key update token='$token'"))
+ return $token;
+
+ return false;
+ }
+
+ /**
* Validate a token against a given site.
*
* A token registered with one site can not be used from a different apikey(site), so be aware of this
@@ -427,8 +446,38 @@
}
// Expose some system api functions
- expose_function("system.api.list", "list_all_apis", NULL, "List all available API calls on the system.");
+ expose_function("system.api.list", "list_all_apis", NULL, elgg_echo("system.api.list"), "GET", false);
+ /**
+ * The auth.gettoken API.
+ * This API call lets a user log in, returning an authentication token which can be used
+ * in leu of a username and password login from then on.
+ *
+ * @param string username Username
+ * @param string password Clear text password
+ */
+ function auth_gettoken($username, $password)
+ {
+ if (authenticate($username, $password))
+ {
+ $token = obtain_user_token($username, $password);
+ if ($token)
+ return $token;
+ }
+
+ return new ErrorResult();
+ }
+
+ // The authentication token api
+ expose_function("auth.gettoken", "auth_gettoken", array(
+ "username" => array (
+ 'string'
+ ),
+ "password" => array (
+ 'string'
+ )
+ ), elgg_echo('auth.gettoken'), "GET", false, false);
+
// PAM AUTH HMAC functions ////////////////////////////////////////////////////////////////