help.verua.ch/include/class.api.php

<?php
/*********************************************************************
    class.api.php

    Api related functions...

    Peter Rotich <peter@osticket.com>
    Copyright (c)  2006-2010 osTicket
    http://www.osticket.com

    Released under the GNU General Public License WITHOUT ANY WARRANTY.
    See LICENSE.TXT for details.

    vim: expandtab sw=4 ts=4 sts=4:
    $Id: $
**********************************************************************/
class Api {
  

    function add($ip,&$errors) {
        global $cfg;

        $passphrase=$cfg->getAPIPassphrase();

        if(!$passphrase)
            $errors['err']='API Passwort fehlt.';

        if(!$ip || !Validator::is_ip($ip))
            $errors['ip']='G&uuml;ltige IP erforderlich';
        elseif(Api::getKey($ip))
            $errors['ip']='API-Schl&uuml;ssel f&uuml;r die IP existiert bereits';

        $id=0;
        if(!$errors) {
            $sql='INSERT INTO '.API_KEY_TABLE.' SET created=NOW(), updated=NOW(), isactive=1'.
                 ',ipaddr='.db_input($ip).
                 ',apikey='.db_input(strtoupper(md5($ip.md5($passphrase)))); //Security of the apikey is not as critical at the moment 

            if(db_query($sql))
                $id=db_insert_id();

        }

        return $id;
    }

    function setPassphrase($phrase,&$errors) {
        global $cfg;

        if(!$phrase)
            $errors['phrase']='Erforderlich';
        elseif(str_word_count($_POST['phrase'])<3)
            $errors['phrase']='muss 3 Worte lang sein.';
        elseif(!strcmp($cfg->getAPIPassphrase(),$phrase))
            $errors['phrase']='bereits gesetzt';
        else{
            $sql='UPDATE '.CONFIG_TABLE.' SET updated=NOW(), api_passphrase='.db_input($phrase).
                ' WHERE id='.db_input($cfg->getId());
            if(db_query($sql) && db_affected_rows()){
                $cfg->reload();
                return true;
            }

        }

        return false;
    }


    function getKey($ip) {

        $key=null;
        $resp=db_query('SELECT apikey FROM '.API_KEY_TABLE.' WHERE ipaddr='.db_input($ip));
        if($resp && db_num_rows($resp))
            list($key)=db_fetch_row($resp);

        return $key;
    }


    function validate($key,$ip) {

        $resp=db_query('SELECT id FROM '.API_KEY_TABLE.' WHERE ipaddr='.db_input($ip).' AND apikey='.db_input($key));
        return ($resp && db_num_rows($resp))?true:false;

    }
   
}
?>
init 2026-01-05 08:46:20 +01:00			`<?php`
			`/*********************************************************************`
			`class.api.php`

			`Api related functions...`

			`Peter Rotich <peter@osticket.com>`
			`Copyright (c) 2006-2010 osTicket`
			`http://www.osticket.com`

			`Released under the GNU General Public License WITHOUT ANY WARRANTY.`
			`See LICENSE.TXT for details.`

			`vim: expandtab sw=4 ts=4 sts=4:`
			$Id: $
			`**********************************************************************/`
			`class Api {`


			`function add($ip,&$errors) {`
			`global $cfg;`

			`$passphrase=$cfg->getAPIPassphrase();`

			`if(!$passphrase)`
			`$errors['err']='API Passwort fehlt.';`

			`if(!$ip \|\| !Validator::is_ip($ip))`
			`$errors['ip']='Gültige IP erforderlich';`
			`elseif(Api::getKey($ip))`
			`$errors['ip']='API-Schlüssel für die IP existiert bereits';`

			`$id=0;`
			`if(!$errors) {`
			`$sql='INSERT INTO '.API_KEY_TABLE.' SET created=NOW(), updated=NOW(), isactive=1'.`
			`',ipaddr='.db_input($ip).`
			`',apikey='.db_input(strtoupper(md5($ip.md5($passphrase)))); //Security of the apikey is not as critical at the moment`

			`if(db_query($sql))`
			`$id=db_insert_id();`

			`}`

			`return $id;`
			`}`

			`function setPassphrase($phrase,&$errors) {`
			`global $cfg;`

			`if(!$phrase)`
			`$errors['phrase']='Erforderlich';`
			`elseif(str_word_count($_POST['phrase'])<3)`
			`$errors['phrase']='muss 3 Worte lang sein.';`
			`elseif(!strcmp($cfg->getAPIPassphrase(),$phrase))`
			`$errors['phrase']='bereits gesetzt';`
			`else{`
			`$sql='UPDATE '.CONFIG_TABLE.' SET updated=NOW(), api_passphrase='.db_input($phrase).`
			`' WHERE id='.db_input($cfg->getId());`
			`if(db_query($sql) && db_affected_rows()){`
			`$cfg->reload();`
			`return true;`
			`}`

			`}`

			`return false;`
			`}`


			`function getKey($ip) {`

			`$key=null;`
			`$resp=db_query('SELECT apikey FROM '.API_KEY_TABLE.' WHERE ipaddr='.db_input($ip));`
			`if($resp && db_num_rows($resp))`
			`list($key)=db_fetch_row($resp);`

			`return $key;`
			`}`


			`function validate($key,$ip) {`

			`$resp=db_query('SELECT id FROM '.API_KEY_TABLE.' WHERE ipaddr='.db_input($ip).' AND apikey='.db_input($key));`
			`return ($resp && db_num_rows($resp))?true:false;`

			`}`

			`}`
			`?>`