|
|
|
|
@ -2,6 +2,21 @@
|
|
|
|
|
//from : https://api.wordpress.org/secret-key/1.1/salt
|
|
|
|
|
define('AUTH_KEY', '2(QMu)jt|2!(9t]V!4SB/y,+T]LcvGZ8-sV@vS6RUgR!_]&S}{6/RZjAmLeW28On');
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function get_client_ip()
|
|
|
|
|
{
|
|
|
|
|
$ip = null;
|
|
|
|
|
if (!empty($_SERVER['HTTP_CLIENT_IP'])) {
|
|
|
|
|
$ip = $_SERVER['HTTP_CLIENT_IP'];
|
|
|
|
|
} elseif (!empty($_SERVER['REMOTE_ADDR'])) {
|
|
|
|
|
$ip = $_SERVER['REMOTE_ADDR'];
|
|
|
|
|
} elseif (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) {
|
|
|
|
|
$ip = $_SERVER['HTTP_X_FORWARDED_FOR'];
|
|
|
|
|
}
|
|
|
|
|
return($ip);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
$keyring = array(
|
|
|
|
|
'28__u`AAs51n2KqX?hk27/=|mQI-Sv;]nP%Sd:27+pd#eb{KUK+Vui&a_|$m{+8x',
|
|
|
|
|
'{KoCg/!0?7_|&pjyh!D%+IHpaB]rj|NA<^}mU|un= =}|`le[~f)&h-%Qpr>mYLA',
|
|
|
|
|
@ -17,24 +32,31 @@
|
|
|
|
|
'o6h{,vP2CQ&-)gc|Z2^U^{Y^htKH}[IS|&GUtY`E`a)D@kaJr$8,dKSSm@c2D7y+'
|
|
|
|
|
);
|
|
|
|
|
|
|
|
|
|
/*
|
|
|
|
|
function is_valid_api_key2($key) {
|
|
|
|
|
|
|
|
|
|
global $keyring;
|
|
|
|
|
// la clef envoyé es de la forme un md5 : un sel
|
|
|
|
|
// on coupe la clef en deux
|
|
|
|
|
$keyset = explode(':',$key);
|
|
|
|
|
$coded_key = $keyset[0];
|
|
|
|
|
$salt = $keyset[1];
|
|
|
|
|
//la premiere partie est un md5
|
|
|
|
|
@ $coded_key = $keyset[0];
|
|
|
|
|
// la deuxième est un sel => en rélité la case de tableau à utiliser
|
|
|
|
|
@ $salt = (int) $keyset[1];
|
|
|
|
|
// on utiulise l'heure comme référence
|
|
|
|
|
$time = strftime('%Y%m%d%H');
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// connection BDD
|
|
|
|
|
$dbhost = 'localhost';
|
|
|
|
|
$dbuser = 'root';
|
|
|
|
|
$dbpass = '';
|
|
|
|
|
$dbname = 'apib3';
|
|
|
|
|
@ $mysqli = new mysqli($dbhost, $dbuser, $dbpass, $dbname);
|
|
|
|
|
|
|
|
|
|
$mysql_safe_key = mysqli->real_escape_string($keyring)
|
|
|
|
|
|
|
|
|
|
$sql = "SELECT * FROM `apikey` WHERE `api_key` LIKE '".$key."'";
|
|
|
|
|
// on protège les cractères sensible de la clef interne
|
|
|
|
|
$mysql_safe_salt = $mysqli->real_escape_string($keyring[$salt]);
|
|
|
|
|
// on protège les cractères sensible de la clef fournie
|
|
|
|
|
$mysql_safe_key = $mysqli->real_escape_string($coded_key);
|
|
|
|
|
//on fait le md5 + la comparaison dans le SQL directement
|
|
|
|
|
$sql = "SELECT * FROM `apikey` WHERE MD5(CONCAT(`api_key`,'".$mysql_safe_salt."','".$time."')) = '".$mysql_safe_key."'";
|
|
|
|
|
//die($sql);
|
|
|
|
|
$result = $mysqli->query($sql);
|
|
|
|
|
if ($result->num_rows > 0) {
|
|
|
|
|
$mysqli->close();
|
|
|
|
|
@ -43,8 +65,6 @@
|
|
|
|
|
$mysqli->close();
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
*/
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
function is_valid_api_key($key) {
|
|
|
|
|
$dbhost = 'localhost';
|
|
|
|
|
@ -93,6 +113,29 @@
|
|
|
|
|
echo json_encode( (object) array('status'=>'active') );
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case '/checksaltedkey/' :
|
|
|
|
|
if($vars['REQUEST_METHOD'] == "GET")
|
|
|
|
|
{
|
|
|
|
|
if(isset($_GET['key']))
|
|
|
|
|
{
|
|
|
|
|
header('HTTP/1.1 200 OK');
|
|
|
|
|
echo json_encode( (object) array(
|
|
|
|
|
'valid'=>is_valid_api_key2($_GET['key']),
|
|
|
|
|
'ip'=>get_client_ip() ));
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
header('HTTP/1.1 403 Forbidden');
|
|
|
|
|
echo json_encode( (object) array('error'=>'Please provide a valid key') );
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
else
|
|
|
|
|
{
|
|
|
|
|
header('HTTP/1.1 405 Method Not Allowed');
|
|
|
|
|
echo json_encode( (object) array('error'=>'/checksaltedkey/ requires GET method') );
|
|
|
|
|
}
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case '/users/' :
|
|
|
|
|
if($vars['REQUEST_METHOD'] == "GET")
|
|
|
|
|
{
|
|
|
|
|
|
