]>
git.defcon.no Git - hermes/blob - api/auth.php
1cad4029d9eb3d34e65110d2dc0e6523ef179ffc
2 require_once('config.php');
3 require_once('lib/auth_base.php');
4 require_once('lib/common_functions.php');
5 require_once('lib/db_functions.php');
6 require_once('lib/domain_functions.php');
8 $config = get_config();
10 $config['sql_link'] = @mysql_connect
(
11 $config['sql_server'],
12 $config['sql_username'],
13 $config['sql_password']
15 if ( !$config['sql_link'] )
17 print json_encode( array( 'response' => 'failed', 'cause' => 'error', 'detail' => 'Database connection failed.'));
21 //*************************************************************************************
22 switch ( $_SERVER['PATH_INFO'] )
25 // Allow login using username and password, or API key.
26 // On successful login, a named session should be started,
27 // some data related to the session should be stored,
28 // and the name of the session provided to the user
33 if ( array_key_exists('username', $_GET)
34 && array_key_exists('password', $_GET) )
36 if ( 1 == authuser_verify( sql_clean($_GET['username']), sql_clean($_GET['password'])))
39 $authid = $_GET['username'];
43 print json_encode( array( 'response' => 'failed', 'cause' => 'unauthorized', 'description' => 'Login failed') );
47 else if ( array_key_exists('api_key', $_GET) )
49 if ( apikey_verify( sql_clean( $_GET['api_key'] ) ) == 1 )
52 $authid = $_GET['api_key'];
56 print json_encode( array( 'response' => 'failed', 'cause' => 'unauthorized', 'description' => 'Login failed') );
62 print json_encode ( array( 'response' => 'invalid') );
65 $session_name = set_credentials( $authid, $type );
66 $auth_key = update_authkey( $session_name, $authid );
67 print json_encode( array( 'response' => 'ok', 'session' => $session_name, 'auth_key' => $auth_key ));
70 // API clients are required to periodically ping the server
71 // The time between pings (interval) is 5 minutes?
72 // A ping call should refresh cookie lifetimes and
73 // generate and store a new auth_key
74 // The ping required a valid session...
75 // A successful ping returns a 'response' => 'pong'
76 // along with the new auth_key.
78 $session_name = $_GET['session'];
79 $authid = $_SESSION['authid'];
80 $auth_key = update_authkey( $session_name, $authid );
81 print json_encode( array( 'response' => 'pong', 'auth_key' => $auth_key ));
84 // De-authenticate/deauthorize the ongoing session.
85 // I.e. destroy session data, remove session cookies.
87 if ( array_key_exists('session', $_GET ) )
88 $session_name = $_GET['session'];
89 session_name($session_name);
91 clear_credentials($session_name);
94 print json_encode ( array( 'response' => 'wtffailed?') );
96 print json_encode ( array( 'response' => 'ok') );
99 // List valid API user-acounts.
100 // Fail with notauthorized if current authentication
101 // does not have write access.
102 // Should not return users from backend,
103 // but should only return users with authorization.
104 case "/authorize_user":
105 // Add or update a valid back-end user in authorization
106 // if the current authentication has write access.
107 // Since the user exists in backend, the only
108 // needed parameters should be username and access level
109 // If the authorization does not exist, add it.
110 // If the user is already authorized, replace access level.
112 // Add user to backend if backend is read-write and
113 // the current authentication has write access.
115 // Update the given user in the backend, if the backend
116 // is read-write, and the current authentication has
119 // Delete user from backend if backend is read-write
120 // and the current authentication has write access.
121 case "/list_apikeys":
122 // List valid API keys.
123 // Fail is current authorization does not have write access.
125 // If the current authorization has write access, create
126 // a new API key with requested access (ro/rw).
127 case "/remove_apikey":
128 // If the current authorization has write access,
129 // remove the given API key.
130 print json_encode ( array( 'response' => 'notimplemented') );
133 print json_encode ( array( 'response' => 'invalid') );
135 //*************************************************************************************
136 mysql_close( $config['sql_link'] );