56 lines
1.4 KiB
PHP
56 lines
1.4 KiB
PHP
|
<?php
|
||
|
|
|
||
|
|
// Because the key is hashed in the database for security, we can't verify it directly.
|
||
|
|
// Without hashing, verifaction could've been done in one step, but GDPR makes this an obligation.
|
||
|
|
|
||
|
|
/*
|
||
|
|
So this is like an application behind a password wall. Usually, keys aren't hashed and
|
||
|
|
verified directly using only it's text.
|
||
|
|
Due to GDPR, we are forced to obscure sensitive data like the user's APIKey.
|
||
|
|
*/
|
||
|
|
class ApplicationAPI extends Application
|
||
|
|
{
|
||
|
|
|
||
|
|
private $gDatabase;
|
||
|
|
|
||
|
|
|
||
|
|
private $AdminID;
|
||
|
|
|
||
|
|
|
||
|
|
public function __construct($AdminID)
|
||
|
|
{
|
||
|
|
|
||
|
|
$this->AdminID = $AdminID;
|
||
|
|
|
||
|
|
$this->gDatabase = parent::instDB();
|
||
|
|
|
||
|
|
|
||
|
|
if (!$this->ApiKeyExists($AdminID))
|
||
|
|
{
|
||
|
|
throw new LogicException("This administrator doesn't have an API key.");
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
private function getKeyRecord()
|
||
|
|
{
|
||
|
|
$AdminID = $this->AdminID;
|
||
|
|
|
||
|
|
$record = $this->gDatabase->row(
|
||
|
|
"SELECT * FROM APIKeys WHERE AdminID = ?",
|
||
|
|
$AdminID
|
||
|
|
);
|
||
|
|
|
||
|
|
return $record;
|
||
|
|
}
|
||
|
|
|
||
|
|
public function keysMatch($givenKey)
|
||
|
|
{
|
||
|
|
|
||
|
|
return (password_verify($givenKey, $this->getKeyRecord()['Keytext'])) ? true : false;
|
||
|
|
}
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
|
||
|
|
}
|