diff options
| -rw-r--r-- | endpoints/rest.php | 5 | ||||
| -rw-r--r-- | engine/lib/api.php | 3 |
2 files changed, 6 insertions, 2 deletions
diff --git a/endpoints/rest.php b/endpoints/rest.php index 40631e81d..e00d27555 100644 --- a/endpoints/rest.php +++ b/endpoints/rest.php @@ -13,7 +13,7 @@ // Include required files require_once('../engine/start.php'); - global $ApiEnvironment; + global $CONFIG, $ApiEnvironment; // Register the error handler error_reporting(E_ALL); @@ -97,7 +97,8 @@ } else { - // TODO: set site environment + // Set site environment + $ApiEnvironment->site_id = $CONFIG->site_id; // User is logged in, just execute if (isset($params['auth_token'])) $token = $params['auth_token']; diff --git a/engine/lib/api.php b/engine/lib/api.php index 7e685cdd6..3f97b0c8c 100644 --- a/engine/lib/api.php +++ b/engine/lib/api.php @@ -198,6 +198,9 @@ $site = (int)$site; $token = sanitise_string($token); + if (!$site) throw new ConfigurationException("No site ID has been specified."); + if (!$token) throw new APIException("User token not specified."); + $time = time(); $user = get_data_row("SELECT * from {$CONFIG->dbprefix}users_apisessions where token='$token' and site_id=$site and expires>$time"); |