spacejewel-ipn-communication/source/dbtools/ApplicationApiTools.php
Miguel Nogueira c3f882960c Change wrong DSN name for db wrapper and update config class
This commit changes how the config class gets it's values to a more solid way.
Additonally, the DSN was updated to use a correct format, allowing PDO to connect (With a wrong DSN, it tries to connect to something that doesn't exist).
2018-06-08 18:58:48 +00:00

51 lines
1.3 KiB
PHP

<?php
// Because the key is hashed in the database for security, we can't verify it directly.
// Without hashing, verifaction could've been done in one step, but GDPR makes this an obligation.
/*
So this is like an application behind a password wall. Usually, keys aren't hashed and
verified directly using only it's text.
Due to GDPR, we are forced to obscure sensitive data like the user's APIKey.
*/
class ApplicationAPI extends Application
{
private $AdminID;
public function __construct($AdminID)
{
$this->AdminID = $AdminID;
if (!$this->ApiKeyExists($AdminID))
{
throw new LogicException("This administrator doesn't have an API key.");
}
}
private function getKeyRecord()
{
$AdminID = $this->AdminID;
$record = $this->db->row(
"SELECT * FROM APIKeys WHERE AdminID = ?",
$AdminID
);
return $record;
}
public function keysMatch($givenKey)
{
return (password_verify($givenKey, $this->getKeyRecord()['Keytext'])) ? true : false;
}
}