c3f882960c
This commit changes how the config class gets it's values to a more solid way. Additonally, the DSN was updated to use a correct format, allowing PDO to connect (With a wrong DSN, it tries to connect to something that doesn't exist).
51 lines
1.3 KiB
PHP
51 lines
1.3 KiB
PHP
<?php
|
|
|
|
// Because the key is hashed in the database for security, we can't verify it directly.
|
|
// Without hashing, verifaction could've been done in one step, but GDPR makes this an obligation.
|
|
|
|
/*
|
|
So this is like an application behind a password wall. Usually, keys aren't hashed and
|
|
verified directly using only it's text.
|
|
Due to GDPR, we are forced to obscure sensitive data like the user's APIKey.
|
|
*/
|
|
class ApplicationAPI extends Application
|
|
{
|
|
|
|
private $AdminID;
|
|
|
|
|
|
public function __construct($AdminID)
|
|
{
|
|
|
|
$this->AdminID = $AdminID;
|
|
|
|
|
|
if (!$this->ApiKeyExists($AdminID))
|
|
{
|
|
throw new LogicException("This administrator doesn't have an API key.");
|
|
}
|
|
}
|
|
|
|
private function getKeyRecord()
|
|
{
|
|
$AdminID = $this->AdminID;
|
|
|
|
$record = $this->db->row(
|
|
"SELECT * FROM APIKeys WHERE AdminID = ?",
|
|
$AdminID
|
|
);
|
|
|
|
return $record;
|
|
}
|
|
|
|
public function keysMatch($givenKey)
|
|
{
|
|
|
|
return (password_verify($givenKey, $this->getKeyRecord()['Keytext'])) ? true : false;
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
} |