From 432cf39b8c1e2f9c6fbafa64466d5e0a136ca96e Mon Sep 17 00:00:00 2001
From: Skylar Ittner <admin@netsyms.com>
Date: Wed, 20 Dec 2017 17:46:02 -0700
Subject: [PATCH] Allow API key to be used instead of password for API

---
 api.php       |  2 +-
 lib/login.php | 28 ++++++++++++++++++++++++++++
 2 files changed, 29 insertions(+), 1 deletion(-)

diff --git a/api.php b/api.php
index 7b8c375..b8700ef 100644
--- a/api.php
+++ b/api.php
@@ -19,7 +19,7 @@ header("Content-Type: application/json");
 
 $username = $VARS['username'];
 $password = $VARS['password'];
-if (user_exists($username) !== true || authenticate_user($username, $password, $errmsg) !== true) {
+if (user_exists($username) !== true || (authenticate_user($username, $password, $errmsg) !== true && checkAPIKey($password) !== true)) {
     header("HTTP/1.1 403 Unauthorized");
     die("\"403 Unauthorized\"");
 }
diff --git a/lib/login.php b/lib/login.php
index 13d5671..825e6e2 100644
--- a/lib/login.php
+++ b/lib/login.php
@@ -40,6 +40,34 @@ function checkLoginServer() {
     }
 }
 
+/**
+ * Checks if the given AccountHub API key is valid by attempting to 
+ * access the API with it.
+ * @param String $key The API key to check
+ * @return boolean TRUE if the key is valid, FALSE if invalid or something went wrong
+ */
+function checkAPIKey($key) {
+    try {
+        $client = new GuzzleHttp\Client();
+
+        $response = $client
+                ->request('POST', PORTAL_API, [
+            'form_params' => [
+                'key' => $key,
+                'action' => "ping"
+            ]
+        ]);
+
+        if ($response->getStatusCode() === 200) {
+            return true;
+        }
+        return false;
+    } catch (Exception $e) {
+        return false;
+    }
+}
+
+
 ////////////////////////////////////////////////////////////////////////////////
 //                           Account handling                                 //
 ////////////////////////////////////////////////////////////////////////////////