|
|
|
|
@ -2,6 +2,66 @@
|
|
|
|
|
//from : https://api.wordpress.org/secret-key/1.1/salt
|
|
|
|
|
define('AUTH_KEY', '2(QMu)jt|2!(9t]V!4SB/y,+T]LcvGZ8-sV@vS6RUgR!_]&S}{6/RZjAmLeW28On');
|
|
|
|
|
|
|
|
|
|
$keyring = array(
|
|
|
|
|
'28__u`AAs51n2KqX?hk27/=|mQI-Sv;]nP%Sd:27+pd#eb{KUK+Vui&a_|$m{+8x',
|
|
|
|
|
'{KoCg/!0?7_|&pjyh!D%+IHpaB]rj|NA<^}mU|un= =}|`le[~f)&h-%Qpr>mYLA',
|
|
|
|
|
'0{-f_Z/)J?Dr-=B2G=+U-+&ZTvN2m[+){7nO&rd{t6+|8BW!(+&Lx!U{gF&t.m(8',
|
|
|
|
|
'TY@V>x3x6= |?K|.dBEt2U;9su-h4kS_-4~+AuDvV4<0.:}^o:l;*&WC6P:<58?t',
|
|
|
|
|
'?GOHK0|EpH`X1.1DZ,-r*`?(7+<4rbG?;W*ReX+<#CUuGiQ,G^c[SJh!Q#@aHB #',
|
|
|
|
|
'JdF?Zl=7tE{|+VDh%SzDVj[$nV$Emkt!T9&lhUM7Ty/yRadrv,T(S7CEk rIsx,$',
|
|
|
|
|
'y:XeG#<+>Jb+cqB*^doW[2|N]ju8l<4?$ek?M?0aFaY>W&TJw rNCz+L7+ZN;#f=',
|
|
|
|
|
'E|ngUL<N+f)Qfgs$ggG5ejS${9NN7-)qlH]iB;R]xvy%e3G`C+Lb $?K(5F-Rb%u',
|
|
|
|
|
'!|MuVONHh33|l|`|RqQ|r%sZgCUo?FIXlPBQ`4J/Ajc$fvyS>],O).^DqOWo~Jzy',
|
|
|
|
|
'i2El=I~}<o.qv;A8~ {i/3]j*XghY8K+}|M]mc-Q ~m$#bJY8NdA-jOUF=|+VLyg',
|
|
|
|
|
'}#]wSs]%9,I0SF7A5~|5,3S_,/-(#z+L@oxJ<PM|Jro~p=P.c^EMqDgDf-F4o?Xw',
|
|
|
|
|
'o6h{,vP2CQ&-)gc|Z2^U^{Y^htKH}[IS|&GUtY`E`a)D@kaJr$8,dKSSm@c2D7y+'
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
function is_valid_api_key2($key) {
|
|
|
|
|
|
|
|
|
|
$keyset = explode(':',$key);
|
|
|
|
|
$coded_key = $keyset[0];
|
|
|
|
|
$salt = $keyset[1];
|
|
|
|
|
$time = strftime('%Y%m%d%H');
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
$dbhost = 'localhost';
|
|
|
|
|
$dbuser = 'root';
|
|
|
|
|
$dbpass = '';
|
|
|
|
|
$dbname = 'apib3';
|
|
|
|
|
@ $mysqli = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
|
|
|
|
|
|
|
|
|
|
$mysql_safe_key = mysqli->real_escape_string($keyring)
|
|
|
|
|
|
|
|
|
|
$sql = "SELECT * FROM `apikey` WHERE `api_key` LIKE '".$key."'";
|
|
|
|
|
$result = $mysqli->query($sql);
|
|
|
|
|
if ($result->num_rows > 0) {
|
|
|
|
|
$mysqli->close();
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
$mysqli->close();
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function is_valid_api_key($key) {
|
|
|
|
|
$dbhost = 'localhost';
|
|
|
|
|
$dbuser = 'root';
|
|
|
|
|
$dbpass = '';
|
|
|
|
|
$dbname = 'apib3';
|
|
|
|
|
@ $mysqli = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
|
|
|
|
|
$sql = "SELECT * FROM `apikey` WHERE `api_key` LIKE '".$key."'";
|
|
|
|
|
$result = $mysqli->query($sql);
|
|
|
|
|
if ($result->num_rows > 0) {
|
|
|
|
|
$mysqli->close();
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
$mysqli->close();
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
//header('Content-type: text/plain;charset=utf-8');
|
|
|
|
|
header('Content-type: application/json;charset=utf-8');
|
|
|
|
|
$vars=array();
|
|
|
|
|
@ -33,12 +93,47 @@
|
|
|
|
|
echo json_encode( (object) array('status'=>'active') );
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case '/users/' :
|
|
|
|
|
if($vars['REQUEST_METHOD'] == "GET")
|
|
|
|
|
{
|
|
|
|
|
if(isset($_GET['key']) && is_valid_api_key($_GET['key']))
|
|
|
|
|
{
|
|
|
|
|
$dbhost = 'localhost';
|
|
|
|
|
$dbuser = 'root';
|
|
|
|
|
$dbpass = '';
|
|
|
|
|
$dbname = 'apib3';
|
|
|
|
|
//si je préfixe avec @je n'aurais pas le message d'erreur.
|
|
|
|
|
@ $mysqli = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
|
|
|
|
|
$sql = "SELECT COUNT(*) AS nbusers FROM `user`";
|
|
|
|
|
$result = $mysqli->query($sql);
|
|
|
|
|
if ($result->num_rows > 0) {
|
|
|
|
|
$row = $result->fetch_array(MYSQLI_ASSOC);
|
|
|
|
|
header('HTTP/1.1 200 OK');
|
|
|
|
|
echo json_encode( (object) array('users'=>$row['nbusers']));
|
|
|
|
|
$result->free_result();
|
|
|
|
|
$mysqli->close();
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
header('HTTP/1.1 403 Forbidden');
|
|
|
|
|
echo json_encode( (object) array('error'=>'Please provide a valid key') );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
header('HTTP/1.1 405 Method Not Allowed');
|
|
|
|
|
echo json_encode( (object) array('error'=>'/users/ requires GET method') );
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case "/key/" :
|
|
|
|
|
case "/key" :
|
|
|
|
|
if($vars['REQUEST_METHOD'] == "POST")
|
|
|
|
|
{
|
|
|
|
|
if(!empty($_POST['user']) && !empty($_POST['password']))
|
|
|
|
|
{
|
|
|
|
|
$uid = null;
|
|
|
|
|
$user = $_POST['user'];
|
|
|
|
|
$password = md5($_POST['password'].AUTH_KEY);
|
|
|
|
|
$response = array('user'=>$user,'md5'=>$password);
|
|
|
|
|
@ -64,7 +159,9 @@
|
|
|
|
|
$sql = "SELECT * FROM `user` WHERE `user` LIKE '".$user."' AND `password` ='".$password."'";
|
|
|
|
|
$result = $mysqli->query($sql);
|
|
|
|
|
if ($result->num_rows > 0) {
|
|
|
|
|
//
|
|
|
|
|
$row = $result->fetch_array(MYSQLI_ASSOC);
|
|
|
|
|
$response['uid'] = $row['id'];
|
|
|
|
|
$result->free_result();
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$sql ="INSERT INTO `user` VALUES (NULL,'".$user."','".$password."')";
|
|
|
|
|
@ -75,9 +172,15 @@
|
|
|
|
|
exit();
|
|
|
|
|
}
|
|
|
|
|
else {
|
|
|
|
|
$response['insert'] = 'successful';
|
|
|
|
|
$uid = $mysqli->insert_id;
|
|
|
|
|
$response['insert'] = 'successful user id is '.$uid;
|
|
|
|
|
$response['uid'] = $uid;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
$apikey = md5(array_rand($keyring).$response['uid'].microtime(true));
|
|
|
|
|
$sql ="INSERT INTO `apikey` VALUES ('".$response['uid']."','".$apikey."')";
|
|
|
|
|
$result = $mysqli->query($sql);
|
|
|
|
|
$response = array('key'=>$apikey);
|
|
|
|
|
}
|
|
|
|
|
$mysqli->close();
|
|
|
|
|
header('HTTP/1.1 200 OK');
|
|
|
|
|
@ -85,7 +188,7 @@
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
|
|
|
|
|
header('HTTP/1.1 403 Forbidden');
|
|
|
|
|
echo json_encode( (object) array('error'=>'PLease provide a valid user and matching password') );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
