Collections functions
Encryption functions
General functions
Theme permission functions
Resource functions

check_api_key()

Description

Check a query is signed correctly.

Parameters

ColumnTypeDefaultDescription
$username string The username of the calling user
$querystring string The query being passed to the API
$sign string The signature to check

Return

void

Location

include/api_functions.php lines 34 to 58

Definition

 
function check_api_key($username,$querystring,$sign)
    {
    
// Fetch user ID and API key
    
$user=get_user_by_username($username); if ($user===false) {return false;}
    
$private_key=get_api_key($user);
        
    
$aj strpos($querystring,"&ajax=");
    if(
$aj != false)
        {
        
$querystring substr($querystring,0,$aj);
        }

    
# Sign the querystring ourselves and check it matches.
    # First remove the sign parameter as this would not have been present when signed on the client.
    
$s=strpos($querystring,"&sign=");

    if (
$s===false || $s+6+strlen($sign)!==strlen($querystring)) {return false;}
    
$querystring=substr($querystring,0,$s);

    
# Calculate the expected signature.
    
$expected=hash("sha256",$private_key $querystring);
    
    
# Was it what we expected?
    
return $expected==$sign;
    }

This article was last updated 13th July 2020 16:05 Europe/London time based on the source file dated 25th June 2020 16:08 Europe/London time.