Juan
/
cours-MDS
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

adding users count qith apikey check

Browse Source
master
Juan 3 years ago
parent cccc2912b4
commit 5305c87cd5
1 changed files with 107 additions and 4 deletions
Show Stats Download Patch File Download Diff File

111
b3-dev/api/api-php/index.php
Unescape View File

@ -1,6 +1,66 @@
<?php <?php
//from : https://api.wordpress.org/secret-key/1.1/salt //from : https://api.wordpress.org/secret-key/1.1/salt
define('AUTH_KEY', '2(QMu)jt|2!(9t]V!4SB/y,+T]LcvGZ8-sV@vS6RUgR!_]&S}{6/RZjAmLeW28On'); define('AUTH_KEY', '2(QMu)jt|2!(9t]V!4SB/y,+T]LcvGZ8-sV@vS6RUgR!_]&S}{6/RZjAmLeW28On');
$keyring = array(
'28__u`AAs51n2KqX?hk27/=|mQI-Sv;]nP%Sd:27+pd#eb{KUK+Vui&a_|$m{+8x',
'{KoCg/!0?7_|&pjyh!D%+IHpaB]rj|NA<^}mU|un= =}|`le[~f)&h-%Qpr>mYLA',
'0{-f_Z/)J?Dr-=B2G=+U-+&ZTvN2m[+){7nO&rd{t6+|8BW!(+&Lx!U{gF&t.m(8',
'TY@V>x3x6= |?K|.dBEt2U;9su-h4kS_-4~+AuDvV4<0.:}^o:l;*&WC6P:<58?t',
'?GOHK0|EpH`X1.1DZ,-r*`?(7+<4rbG?;W*ReX+<#CUuGiQ,G^c[SJh!Q#@aHB #',
'JdF?Zl=7tE{|+VDh%SzDVj[$nV$Emkt!T9&lhUM7Ty/yRadrv,T(S7CEk rIsx,$',
'y:XeG#<+>Jb+cqB*^doW[2|N]ju8l<4?$ek?M?0aFaY>W&TJw rNCz+L7+ZN;#f=',
'E|ngUL<N+f)Qfgs$ggG5ejS${9NN7-)qlH]iB;R]xvy%e3G`C+Lb $?K(5F-Rb%u',
'!|MuVONHh33|l|`|RqQ|r%sZgCUo?FIXlPBQ`4J/Ajc$fvyS>],O).^DqOWo~Jzy',
'i2El=I~}<o.qv;A8~ {i/3]j*XghY8K+}|M]mc-Q ~m$#bJY8NdA-jOUF=|+VLyg',
'}#]wSs]%9,I0SF7A5~|5,3S_,/-(#z+L@oxJ<PM|Jro~p=P.c^EMqDgDf-F4o?Xw',
'o6h{,vP2CQ&-)gc|Z2^U^{Y^htKH}[IS|&GUtY`E`a)D@kaJr$8,dKSSm@c2D7y+'
);
/*
function is_valid_api_key2($key) {
$keyset = explode(':',$key);
$coded_key = $keyset[0];
$salt = $keyset[1];
$time = strftime('%Y%m%d%H');
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$dbname = 'apib3';
@ $mysqli = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
$mysql_safe_key = mysqli->real_escape_string($keyring)
$sql = "SELECT * FROM `apikey` WHERE `api_key` LIKE '".$key."'";
$result = $mysqli->query($sql);
if ($result->num_rows > 0) {
$mysqli->close();
return true;
}
$mysqli->close();
return false;
}
*/
function is_valid_api_key($key) {
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$dbname = 'apib3';
@ $mysqli = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
$sql = "SELECT * FROM `apikey` WHERE `api_key` LIKE '".$key."'";
$result = $mysqli->query($sql);
if ($result->num_rows > 0) {
$mysqli->close();
return true;
}
$mysqli->close();
return false;
}
//header('Content-type: text/plain;charset=utf-8'); //header('Content-type: text/plain;charset=utf-8');
header('Content-type: application/json;charset=utf-8'); header('Content-type: application/json;charset=utf-8');
@ -33,12 +93,47 @@
echo json_encode( (object) array('status'=>'active') ); echo json_encode( (object) array('status'=>'active') );
break; break;
case '/users/' :
if($vars['REQUEST_METHOD'] == "GET")
{
if(isset($_GET['key']) && is_valid_api_key($_GET['key']))
{
$dbhost = 'localhost';
$dbuser = 'root';
$dbpass = '';
$dbname = 'apib3';
//si je préfixe avec @je n'aurais pas le message d'erreur.
@ $mysqli = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
$sql = "SELECT COUNT(*) AS nbusers FROM `user`";
$result = $mysqli->query($sql);
if ($result->num_rows > 0) {
$row = $result->fetch_array(MYSQLI_ASSOC);
header('HTTP/1.1 200 OK');
echo json_encode( (object) array('users'=>$row['nbusers']));
$result->free_result();
$mysqli->close();
}
}
else
{
header('HTTP/1.1 403 Forbidden');
echo json_encode( (object) array('error'=>'Please provide a valid key') );
}
}
else
{
header('HTTP/1.1 405 Method Not Allowed');
echo json_encode( (object) array('error'=>'/users/ requires GET method') );
}
break;
case "/key/" : case "/key/" :
case "/key" : case "/key" :
if($vars['REQUEST_METHOD'] == "POST") if($vars['REQUEST_METHOD'] == "POST")
{ {
if(!empty($_POST['user']) && !empty($_POST['password'])) if(!empty($_POST['user']) && !empty($_POST['password']))
{ {
$uid = null;
$user = $_POST['user']; $user = $_POST['user'];
$password = md5($_POST['password'].AUTH_KEY); $password = md5($_POST['password'].AUTH_KEY);
$response = array('user'=>$user,'md5'=>$password); $response = array('user'=>$user,'md5'=>$password);
@ -64,7 +159,9 @@
$sql = "SELECT * FROM `user` WHERE `user` LIKE '".$user."' AND `password` ='".$password."'"; $sql = "SELECT * FROM `user` WHERE `user` LIKE '".$user."' AND `password` ='".$password."'";
$result = $mysqli->query($sql); $result = $mysqli->query($sql);
if ($result->num_rows > 0) { if ($result->num_rows > 0) {
// $row = $result->fetch_array(MYSQLI_ASSOC);
$response['uid'] = $row['id'];
$result->free_result();
} }
else { else {
$sql ="INSERT INTO `user` VALUES (NULL,'".$user."','".$password."')"; $sql ="INSERT INTO `user` VALUES (NULL,'".$user."','".$password."')";
@ -75,9 +172,15 @@
exit(); exit();
} }
else { else {
$response['insert'] = 'successful'; $uid = $mysqli->insert_id;
$response['insert'] = 'successful user id is '.$uid;
$response['uid'] = $uid;
} }
} }
$apikey = md5(array_rand($keyring).$response['uid'].microtime(true));
$sql ="INSERT INTO `apikey` VALUES ('".$response['uid']."','".$apikey."')";
$result = $mysqli->query($sql);
$response = array('key'=>$apikey);
} }
$mysqli->close(); $mysqli->close();
header('HTTP/1.1 200 OK'); header('HTTP/1.1 200 OK');
@ -85,7 +188,7 @@
} }
else else
{ {
header('HTTP/1.1 403 Forbidden');
echo json_encode( (object) array('error'=>'PLease provide a valid user and matching password') ); echo json_encode( (object) array('error'=>'PLease provide a valid user and matching password') );
} }
} }

Write Preview
Loading…
Cancel
Save