<?php

// Because the key is hashed in the database for security, we can't verify it directly.
// Without hashing, verifaction could've been done in one step, but GDPR makes this an obligation.

/*
    So this is like an application behind a password wall. Usually, keys aren't hashed and 
    verified directly using only it's text.
    Due to GDPR, we are forced to obscure sensitive data like the user's APIKey.
*/
class ApplicationAPI extends Application
{
    
    private $gDatabase;
    
    
    private $AdminID;
    
    
    public function __construct($AdminID)
    {
        
        $this->AdminID = $AdminID;
        
        $this->gDatabase = parent::instDB(); 
        
        
        if (!$this->ApiKeyExists($AdminID))
        {
            throw new LogicException("This administrator doesn't have an API key.");
        }
    }
    
    private function getKeyRecord()
    {
        $AdminID = $this->AdminID;
        
        $record = $this->gDatabase->row(
                                       "SELECT * FROM APIKeys WHERE AdminID = ?",
                                       $AdminID
                                    );
                                    
        return $record;
    }
    
    public function keysMatch($givenKey)
    {
        
        return (password_verify($givenKey, $this->getKeyRecord()['Keytext'])) ? true : false;
    }
    
    
    
    
    
}