From d99c8b42a8e70fae87f017bf9072b55ba8a72364 Mon Sep 17 00:00:00 2001
From: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Wed, 17 Sep 2008 14:47:25 +0000
Subject: Some api improvements: * User tokens setable * List api no longer
 requires token

git-svn-id: https://code.elgg.org/elgg/trunk@2088 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/api.php | 51 ++++++++++++++++++++++++++++++++++++++++++++++++++-
 1 file changed, 50 insertions(+), 1 deletion(-)

(limited to 'engine')

diff --git a/engine/lib/api.php b/engine/lib/api.php
index 0b006b352..176ca1f8b 100644
--- a/engine/lib/api.php
+++ b/engine/lib/api.php
@@ -206,6 +206,25 @@
 		return $_SERVER['REQUEST_METHOD'];
 	}
 	
+	/**
+	 * Obtain a token for a user.
+	 *
+	 * @param string $username The username
+	 * @param string $password The password
+	 */
+	function obtain_user_token($username, $password)
+	{
+		global $CONFIG;
+		
+		$site = $CONFIG->site_id;
+		$token = md5(mt_rand(). microtime() . $username . $password);
+		
+		if (insert_data("INSERT into {$CONFIG->dbprefix}users_apisessions (user_guid, site_guid, token, expires) values () on duplicate key update token='$token'"))
+			return $token;
+			
+		return false;
+	}
+	
 	/**
 	 * Validate a token against a given site. 
 	 * 
@@ -427,8 +446,38 @@
 	}
 	
 	// Expose some system api functions
-	expose_function("system.api.list", "list_all_apis", NULL, "List all available API calls on the system.");
+	expose_function("system.api.list", "list_all_apis", NULL, elgg_echo("system.api.list"), "GET", false);
 
+	/**
+	 * The auth.gettoken API.
+	 * This API call lets a user log in, returning an authentication token which can be used
+	 * in leu of a username and password login from then on.
+	 * 
+	 * @param string username Username
+	 * @param string password Clear text password
+	 */
+	function auth_gettoken($username, $password)
+	{
+		if (authenticate($username, $password))
+		{
+			$token = obtain_user_token($username, $password);
+			if ($token)
+				return $token;
+		}
+		
+		return new ErrorResult();
+	}
+	
+	// The authentication token api
+	expose_function("auth.gettoken", "auth_gettoken", array(
+		"username" => array (
+  			'string'
+  		),
+  		"password" => array (
+  			'string'
+		)
+	), elgg_echo('auth.gettoken'), "GET", false, false);
+	
 	
 	// PAM AUTH HMAC functions ////////////////////////////////////////////////////////////////
 	
-- 
cgit v1.2.3