'error', 'cause' => 'auth-load' ) ); exit; } } else { print json_encode( array( 'response' => 'error', 'cause' => 'config-error' ) ); exit; } /*******************************/ function apikey_verify( $key ) { if ( $key == "6327c08b70f9" ) return 1; return false; } function new_key( $hex = false ) { // Basically this is at the moment a slightly modified // version of generate_password() from user_functiions.php // The behaviour/output of this function is expected to change // so using generate_password() directly does not make sense... $length = 16; $string = ""; while ( strlen( $string ) < $length ) { if ( $hex ) $string .= substr(md5(rand().rand()), 0, $length); else { $string .= crypt( substr(sha1(rand()), 0, $length) ); $string = preg_replace( '/\W/', '', $string); } } return substr( $string, 0, $length ); } function simple_authfail() { print json_encode( array( 'response' => 'failed', 'cause' => 'unauthorized', 'description' => 'Not authorized') ); exit; } function token_auth( ) { global $_GET; // TODO: Part of ping/pong requirement. // Run a function to clear all authkeys older than 5 minutes. // expire_authkeys(); if ( array_key_exists('session', $_GET ) && array_key_exists('auth_key', $_GET ) ) { if ( ! check_session($_GET['session'] ) ) simple_authfail(); if ( ! check_authkey($_GET['auth_key'] ) ) simple_authfail(); } else simple_authfail(); } function get_cookie_path () { $name = $_SERVER["SCRIPT_NAME"]; $file = basename($name); $path = preg_replace("/".$file."/", "", $name); return $path; } function check_authkey ( $key ) { // TODO: Make real, actual checks... if ( $key ) return true; return false; } function update_authkey ( $session, $authid ) { $key = substr(new_key(), 0, 8); return $key; } function check_session ( $name ) { session_name( $name ); session_start(); if ( ! $_SESSION['authid'] ) { return clear_credentials($name); } if ( ! $_COOKIE['client_key'] ) { return clear_credentials($name); } $authid = $_SESSION['authid']; $type = $_SESSION['type']; $client_key = $_COOKIE['client_key']; $level = get_authorization( $type, $authid ); if ( $level == false ) { return clear_credentials($name); } $session_key = md5( $name . $authid ); if ( $client_key != $session_key ) { return clear_credentials($name); } // TODO: Database checks? // TODO: Refresh cookie // If we got this far, things are looking good. return true; } function set_credentials( $authid, $type ) { $name = new_key(true); session_name( $name ); session_start(); $_SESSION['authid'] = $authid; $_SESSION['type'] = $type; $client_key = md5( $name . $authid ); setcookie('client_key', $client_key, time()+180*60, get_cookie_path() ); // TODO: Stuff data to database for further checks? // TODO: Do magic with the KEY return $name; } function clear_credentials($name) { setcookie('client_key', '', 0, get_cookie_path() ); setcookie($name, '', 0, "/"); $_SESSION = array(); session_destroy(); return false; } function get_authorization() { return 1; } function can_write ( ) { // Stub, to be called on any API nodes that write data in the DB. $authid = $_SESSION['authid']; $type = $_SESSION['type']; $level = get_authorization( $type, $authid ); return true; } ?>