Skip to content
Snippets Groups Projects
Commit 1cc21e28 authored by Tomáš Valenta's avatar Tomáš Valenta
Browse files

create own API tokens

parent 125d92e7
No related branches found
No related tags found
No related merge requests found
...@@ -22,6 +22,7 @@ window.addEventListener( ...@@ -22,6 +22,7 @@ window.addEventListener(
} }
nextUrl.searchParams.append("sid", window.SESSION_ID); nextUrl.searchParams.append("sid", window.SESSION_ID);
nextUrl.searchParams.append("user-agent", window.navigator.userAgent);
window.location = nextUrl; window.location = nextUrl;
} }
......
...@@ -61,21 +61,7 @@ class Forums ...@@ -61,21 +61,7 @@ class Forums
return $errorResponse; return $errorResponse;
} }
global $db, $phpbb_container, $auth; global $db, $phpbb_container;
if (
!$auth->acl_gets('f_list', 'f_list_topics', 'f_read', $forumId)
|| (
$forum_data['forum_type'] == FORUM_LINK && $forum_data['forum_link']
&& !$auth->acl_get('f_read', $forumId)
)
) {
return new ErrorResponse(
"NotFound",
"This forum does not exist.",
404
);
}
$phpbb_content_visibility = $phpbb_container->get('content.visibility'); $phpbb_content_visibility = $phpbb_container->get('content.visibility');
......
...@@ -15,13 +15,81 @@ if ($user->data['user_id'] == ANONYMOUS) ...@@ -15,13 +15,81 @@ if ($user->data['user_id'] == ANONYMOUS)
exit; exit;
} }
if (!isset($_GET["forum_scopes"])) {
http_response_code(400);
die();
}
$requested_forum_ids = explode(",", $_GET["forum_scopes"]);
$allowed_forum_ids = array();
foreach ($requested_forum_ids as &$forum_id) {
if (!is_numeric($forum_id)) {
http_response_code(400);
die();
}
$forum_id = (int)$forum_id;
if (
$auth->acl_gets('f_list', 'f_list_topics', 'f_read', $forum_id)
&& $forum_data['forum_type'] == FORUM_LINK
&& $forum_data['forum_link']
&& !$auth->acl_get('f_read', $forum_id)
) {
array_push($allowed_forum_ids, $forum_id);
}
}
$db->sql_query(
'CREATE TABLE IF NOT EXISTS ' . $table_prefix . 'api_tokens (
user_id INT PRIMARY KEY,
allowed_forum_ids TEXT NOT NULL,
token VARCHAR(32) NOT NULL,
FOREIGN KEY (user_id) REFERENCES ' . $table_prefix . 'user(user_id) ON DELETE CASCADE
)'
);
$existing_token_query = $db->sql_query(
'SELECT user_id, token FROM ' . $table_prefix . 'api_tokens
WHERE user_id = ' . $user->data["user_id"]
);
$token_exists = false;
$token = null;
while ($row = $db->sql_fetchrow($existing_token_query)) {
$token_exists = true;
$token = $row["token"];
}
if (!$token_exists) {
$token = bin2hex(random_bytes(16));
$db->sql_query(
'INSERT INTO ' . $table_prefix . 'api_tokens
VALUES ('
. $user->data["user_id"] . ', '
. '\'' . implode(",", allowed_forum_ids) . '\', '
. $token .
')'
);
} else {
$db->sql_query(
'UPDATE ' . $table_prefix . 'api_tokens
WHERE user_id=' . $user->data["user_id"] . '
SET allowed_forum_ids = \'' . implode(",", allowed_forum_ids) . '\''
);
}
page_header('Synchronizace s Nástěnkou'); page_header('Synchronizace s Nástěnkou');
$template->set_filenames(array( $template->set_filenames(array(
'body' => 'nastenka_sync.html', 'body' => 'nastenka_sync.html',
)); ));
$template->assign_vars(array( $template->assign_vars(array(
'SESSION_ID' => $user->data['session_id'], 'API_TOKEN' => $token,
)); ));
page_footer(); page_footer();
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment