From df1d8b6068b0bd979cf04555cae6285c44531465 Mon Sep 17 00:00:00 2001 From: icewing Date: Mon, 10 Mar 2008 17:43:39 +0000 Subject: Marcus Povey * First draft api git-svn-id: https://code.elgg.org/elgg/trunk@144 36083f99-b078-4883-b0ff-0f9b5a30f544 --- endpoints/rest.php | 8 +++----- engine/lib/api.php | 15 ++++++++++++--- 2 files changed, 15 insertions(+), 8 deletions(-) diff --git a/endpoints/rest.php b/endpoints/rest.php index cb47804ed..40631e81d 100644 --- a/endpoints/rest.php +++ b/endpoints/rest.php @@ -41,14 +41,12 @@ $api_header = get_and_validate_api_headers(); $ApiEnvironment->api_header = $api_header; - // Get site - - - - // Pull API user details $ApiEnvironment->api_user = get_api_user($api_header->api_key); + // Get site + $ApiEnvironment->site_id = $ApiEnvironment->api_user->side_id; + if ($ApiEnvironment->api_user) { // Get the secret key diff --git a/engine/lib/api.php b/engine/lib/api.php index 0e9260629..7e685cdd6 100644 --- a/engine/lib/api.php +++ b/engine/lib/api.php @@ -193,9 +193,18 @@ */ function validate_user_token($site, $token) { - $u = new User(); - - return $u->getUserIDFromAuthToken($site, $token); + global $CONFIG; + + $site = (int)$site; + $token = sanitise_string($token); + + $time = time(); + + $user = get_data_row("SELECT * from {$CONFIG->dbprefix}users_apisessions where token='$token' and site_id=$site and expires>$time"); + if ($user) + return $user->user_id; + + return false; } /** -- cgit v1.2.3