2014-09-18 10:01:34 +00:00
|
|
|
<?php
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Standard Token object for the AlternC API
|
|
|
|
*
|
|
|
|
*/
|
|
|
|
class Alternc_Api_Token {
|
|
|
|
|
|
|
|
|
|
|
|
const ERR_DATABASE_ERROR=112001;
|
|
|
|
const ERR_INVALID_ARGUMENT=112002;
|
|
|
|
const ERR_MISSING_ARGUMENT=112003;
|
2014-09-19 16:22:45 +00:00
|
|
|
const ERR_INVALID_TOKEN=112004;
|
2014-09-18 10:01:34 +00:00
|
|
|
|
|
|
|
/**
|
|
|
|
* AlternC User-Id
|
|
|
|
*
|
|
|
|
* @var int
|
|
|
|
*/
|
|
|
|
public $uid;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Is this an admin account ?
|
|
|
|
*
|
|
|
|
* @var boolean
|
|
|
|
*/
|
|
|
|
public $isAdmin;
|
|
|
|
|
|
|
|
/**
|
|
|
|
* The Token itself
|
|
|
|
*
|
|
|
|
* @var string
|
|
|
|
*/
|
|
|
|
public $token;
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* how long (seconds) is a token valid
|
|
|
|
*
|
|
|
|
* @var int
|
|
|
|
*/
|
|
|
|
public static $tokenDuration = 2678400; // default is a month
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* initialize a token object
|
|
|
|
* @param options any of the public above
|
|
|
|
* may contain a dbAdapter, in that case create() will be available
|
|
|
|
*/
|
|
|
|
public function __constructor($options=array()) {
|
|
|
|
|
|
|
|
if (isset($options["uid"]) && is_int($options["uid"]))
|
|
|
|
$this->uid=$options["uid"];
|
|
|
|
|
|
|
|
if (isset($options["isAdmin"]) && is_bool($options["isAdmin"]))
|
|
|
|
$this->isAdmin=$options["isAdmin"];
|
|
|
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Formats response to json
|
|
|
|
*
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public function toJson (){
|
|
|
|
return json_encode(
|
|
|
|
array("uid"=>$this->uid,
|
|
|
|
"isAdmin" => $this->isAdmin,
|
|
|
|
"token" => $this->token)
|
|
|
|
);
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Create a new token in the DB for the associated user/admin
|
|
|
|
*
|
|
|
|
* @return string the token (32 chars)
|
|
|
|
*/
|
|
|
|
public static function tokenGenerate($options,$db) {
|
|
|
|
if (!($db instanceof PDO)) {
|
|
|
|
throw new \Exception("No DB Object, can't create",self::ERR_DATABASE_ERROR);
|
|
|
|
}
|
|
|
|
if (!isset($options["uid"]) || !isset($options["isAdmin"])) {
|
|
|
|
throw new \Exception("Missing Arguments (uid,isAdmin)",self::ERR_MISSING_ARGUMENT);
|
|
|
|
}
|
|
|
|
|
|
|
|
$token=new Alternc_Api_Token($options);
|
|
|
|
|
|
|
|
do {
|
|
|
|
$token->token = $token->tokenRandom();
|
|
|
|
$rows = $db->exec("INSERT IGNORE INTO token SET token=?, expire=DATE_ADD(NOW(), INTERVAL ? SECONDS), data=?",
|
|
|
|
array($token,$token->tokenDuration, $token->toJson())
|
|
|
|
);
|
|
|
|
} while ($rows==0); // prevent collisions
|
|
|
|
|
|
|
|
return $token;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Check and return a token
|
|
|
|
* @param $token string a 32-chars token
|
|
|
|
* @param $db PDO a PDO object for token table access
|
|
|
|
*
|
|
|
|
* @return Alternc_Api_Token object or NULL
|
|
|
|
*/
|
|
|
|
public static function tokenGet($token,$db) {
|
|
|
|
if (!($db instanceof PDO)) {
|
|
|
|
throw new \Exception("No DB Object, can't create",self::ERR_DATABASE_ERROR);
|
|
|
|
}
|
|
|
|
if (!is_string($token) || !preg_match("#^[a-zA-Z0-9]{32}$#",$token)) {
|
2014-09-19 16:22:45 +00:00
|
|
|
return new Alternc_Api_Response( array("code" => self::ERR_INVALID_TOKEN, "message" => "Invalid token") );
|
2014-09-18 10:01:34 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
foreach($db->query("SELECT * FROM token WHERE token=?", array($token)) as $tok) {
|
|
|
|
return new Alternc_Api_Token( json_decode($tok->data,true) );
|
|
|
|
}
|
|
|
|
|
|
|
|
return null;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
* Generate a new random token
|
|
|
|
* @return string
|
|
|
|
*/
|
|
|
|
public function tokenRandom(){
|
|
|
|
$chars="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789";
|
|
|
|
$s="";
|
|
|
|
for($i=0;$i<32;$i++)
|
|
|
|
$s.=substr($chars,rand(0,61),1);
|
|
|
|
return $s;
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
} // class Alternc_Api_Response
|
|
|
|
|