More work on security
parent
5b098c8fca
commit
0db1f88b7f
@ -0,0 +1,8 @@
|
||||
<?php
|
||||
require_once(API_PATH . 'dao/security_dao.php');
|
||||
|
||||
function get_user_for_token($token, $hesk_settings) {
|
||||
$hash = hash('sha512', $token);
|
||||
|
||||
return get_user_for_token_hash($hash, $hesk_settings);
|
||||
}
|
@ -1,7 +1,7 @@
|
||||
<?php
|
||||
define('IN_SCRIPT', 1);
|
||||
define('HESK_PATH', '../../../');
|
||||
define('API_PATH', '../../');
|
||||
define('API_PATH', '../');
|
||||
require_once(HESK_PATH . 'hesk_settings.inc.php');
|
||||
require_once(HESK_PATH . 'inc/common.inc.php');
|
||||
require_once(API_PATH . 'core/output.php');
|
@ -0,0 +1,17 @@
|
||||
<?php
|
||||
|
||||
function get_user_for_token_hash($hash, $hesk_settings) {
|
||||
$user_id_sql = "SELECT `user_id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "user_api_tokens`
|
||||
WHERE `token` = '" . hesk_dbEscape($hash) . "'";
|
||||
|
||||
$user_id_rs = hesk_dbQuery($user_id_sql);
|
||||
if (hesk_dbNumRows($user_id_rs) == 0) {
|
||||
return http_response_code(422);
|
||||
}
|
||||
$user_id = hesk_dbFetchAssoc($user_id_rs);
|
||||
|
||||
$user_sql = "SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id` = ".intval($user_id['user_id']);
|
||||
$user_rs = hesk_dbQuery($user_sql);
|
||||
|
||||
return hesk_dbFetchAssoc($user_rs);
|
||||
}
|
Loading…
Reference in New Issue