spacejewel-ipn-communication/source/dbtools/ApplicationApiTools.php

56 lines
1.4 KiB
PHP

<?php
// Because the key is hashed in the database for security, we can't verify it directly.
// Without hashing, verifaction could've been done in one step, but GDPR makes this an obligation.
/*
So this is like an application behind a password wall. Usually, keys aren't hashed and
verified directly using only it's text.
Due to GDPR, we are forced to obscure sensitive data like the user's APIKey.
*/
class ApplicationAPI extends Application
{
private $gDatabase;
private $AdminID;
public function __construct($AdminID)
{
$this->AdminID = $AdminID;
$this->gDatabase = parent::instDB();
if (!$this->ApiKeyExists($AdminID))
{
throw new LogicException("This administrator doesn't have an API key.");
}
}
private function getKeyRecord()
{
$AdminID = $this->AdminID;
$record = $this->gDatabase->row(
"SELECT * FROM APIKeys WHERE AdminID = ?",
$AdminID
);
return $record;
}
public function keysMatch($givenKey)
{
return (password_verify($givenKey, $this->getKeyRecord()['Keytext'])) ? true : false;
}
}