Collections functions
Encryption functions
General functions
Render functions
Theme permission functions
Video functions
Resource functions

check_api_key()

Description

Check a query is signed correctly.

Parameters

ColumnTypeDefaultDescription
$username string The username of the calling user
$querystring string The query being passed to the API
$sign string The signature to check
$authmode string "userkey" The type of key being provided (user key or session key)

Return

void

Location

include/api_functions.php lines 33 to 55

Definition

 
function check_api_key($username,$querystring,$sign,$authmode="userkey")
    {
    
// Fetch user ID and API key
    
$user=get_user_by_username($username); if ($user===false) {return false;}
    
$aj strpos($querystring,"&ajax=");
    if(
$aj != false)
        {
        
$querystring substr($querystring,0,$aj);
        }

    if(
$authmode == "sessionkey")
        {
        
$userkey=get_session_api_key($user);
        }
    else
        {        
        
$userkey=get_api_key($user);
        }

    
# Calculate the expected signature and check it matches
    
$expected=hash("sha256",$userkey $querystring);
    return 
$expected==$sign
    }

This article was last updated 15th June 2021 14:05 Europe/London time based on the source file dated 28th May 2021 11:45 Europe/London time.