More work on security
parent
5b098c8fca
commit
0db1f88b7f
@ -0,0 +1,8 @@
|
|||||||
|
<?php
|
||||||
|
require_once(API_PATH . 'dao/security_dao.php');
|
||||||
|
|
||||||
|
function get_user_for_token($token, $hesk_settings) {
|
||||||
|
$hash = hash('sha512', $token);
|
||||||
|
|
||||||
|
return get_user_for_token_hash($hash, $hesk_settings);
|
||||||
|
}
|
@ -1,7 +1,7 @@
|
|||||||
<?php
|
<?php
|
||||||
define('IN_SCRIPT', 1);
|
define('IN_SCRIPT', 1);
|
||||||
define('HESK_PATH', '../../../');
|
define('HESK_PATH', '../../../');
|
||||||
define('API_PATH', '../../');
|
define('API_PATH', '../');
|
||||||
require_once(HESK_PATH . 'hesk_settings.inc.php');
|
require_once(HESK_PATH . 'hesk_settings.inc.php');
|
||||||
require_once(HESK_PATH . 'inc/common.inc.php');
|
require_once(HESK_PATH . 'inc/common.inc.php');
|
||||||
require_once(API_PATH . 'core/output.php');
|
require_once(API_PATH . 'core/output.php');
|
@ -0,0 +1,17 @@
|
|||||||
|
<?php
|
||||||
|
|
||||||
|
function get_user_for_token_hash($hash, $hesk_settings) {
|
||||||
|
$user_id_sql = "SELECT `user_id` FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "user_api_tokens`
|
||||||
|
WHERE `token` = '" . hesk_dbEscape($hash) . "'";
|
||||||
|
|
||||||
|
$user_id_rs = hesk_dbQuery($user_id_sql);
|
||||||
|
if (hesk_dbNumRows($user_id_rs) == 0) {
|
||||||
|
return http_response_code(422);
|
||||||
|
}
|
||||||
|
$user_id = hesk_dbFetchAssoc($user_id_rs);
|
||||||
|
|
||||||
|
$user_sql = "SELECT * FROM `" . hesk_dbEscape($hesk_settings['db_pfix']) . "users` WHERE `id` = ".intval($user_id['user_id']);
|
||||||
|
$user_rs = hesk_dbQuery($user_sql);
|
||||||
|
|
||||||
|
return hesk_dbFetchAssoc($user_rs);
|
||||||
|
}
|
Loading…
Reference in New Issue