From d99c8b42a8e70fae87f017bf9072b55ba8a72364 Mon Sep 17 00:00:00 2001 From: marcus Date: Wed, 17 Sep 2008 14:47:25 +0000 Subject: Some api improvements: * User tokens setable * List api no longer requires token git-svn-id: https://code.elgg.org/elgg/trunk@2088 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/api.php | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 50 insertions(+), 1 deletion(-) (limited to 'engine/lib') diff --git a/engine/lib/api.php b/engine/lib/api.php index 0b006b352..176ca1f8b 100644 --- a/engine/lib/api.php +++ b/engine/lib/api.php @@ -206,6 +206,25 @@ return $_SERVER['REQUEST_METHOD']; } + /** + * Obtain a token for a user. + * + * @param string $username The username + * @param string $password The password + */ + function obtain_user_token($username, $password) + { + global $CONFIG; + + $site = $CONFIG->site_id; + $token = md5(mt_rand(). microtime() . $username . $password); + + if (insert_data("INSERT into {$CONFIG->dbprefix}users_apisessions (user_guid, site_guid, token, expires) values () on duplicate key update token='$token'")) + return $token; + + return false; + } + /** * Validate a token against a given site. * @@ -427,8 +446,38 @@ } // Expose some system api functions - expose_function("system.api.list", "list_all_apis", NULL, "List all available API calls on the system."); + expose_function("system.api.list", "list_all_apis", NULL, elgg_echo("system.api.list"), "GET", false); + /** + * The auth.gettoken API. + * This API call lets a user log in, returning an authentication token which can be used + * in leu of a username and password login from then on. + * + * @param string username Username + * @param string password Clear text password + */ + function auth_gettoken($username, $password) + { + if (authenticate($username, $password)) + { + $token = obtain_user_token($username, $password); + if ($token) + return $token; + } + + return new ErrorResult(); + } + + // The authentication token api + expose_function("auth.gettoken", "auth_gettoken", array( + "username" => array ( + 'string' + ), + "password" => array ( + 'string' + ) + ), elgg_echo('auth.gettoken'), "GET", false, false); + // PAM AUTH HMAC functions //////////////////////////////////////////////////////////////// -- cgit v1.2.3