diff options
| -rw-r--r-- | endpoints/rest.php | 8 | ||||
| -rw-r--r-- | engine/lib/api.php | 15 |
2 files changed, 15 insertions, 8 deletions
diff --git a/endpoints/rest.php b/endpoints/rest.php index cb47804ed..40631e81d 100644 --- a/endpoints/rest.php +++ b/endpoints/rest.php @@ -41,14 +41,12 @@ $api_header = get_and_validate_api_headers(); $ApiEnvironment->api_header = $api_header; - // Get site - - - - // Pull API user details $ApiEnvironment->api_user = get_api_user($api_header->api_key); + // Get site + $ApiEnvironment->site_id = $ApiEnvironment->api_user->side_id; + if ($ApiEnvironment->api_user) { // Get the secret key diff --git a/engine/lib/api.php b/engine/lib/api.php index 0e9260629..7e685cdd6 100644 --- a/engine/lib/api.php +++ b/engine/lib/api.php @@ -193,9 +193,18 @@ */ function validate_user_token($site, $token) { - $u = new User(); - - return $u->getUserIDFromAuthToken($site, $token); + global $CONFIG; + + $site = (int)$site; + $token = sanitise_string($token); + + $time = time(); + + $user = get_data_row("SELECT * from {$CONFIG->dbprefix}users_apisessions where token='$token' and site_id=$site and expires>$time"); + if ($user) + return $user->user_id; + + return false; } /** |