CODEWITHSUNDEEP
phpapiauthenticationrest
Ara
Ara

Reputation: 409

Different authentication for different classes using Restler

I'm trying to build a REST api(using Restler) which takes in username and password for login and generates a session key. Once sessionkey is generated, user will be able to pass this session key to access other classes in the api. Is it possible to get the name of the class that invokes __isAuthenticated function?

My Auth Class:

<?php
class Auth implements iAuthenticate
{
    public static $sessionKey;
    public static $currentUser;
    public $tempsesskey;

    function __isAuthenticated ()
    {
        if (isset($_GET['useremail']) && isset($_GET['userpass'])) {
            $user = $_GET['useremail'];
            $pass = $_GET['userpass'];
            $user = mysql_real_escape_string($user);
            $pass = mysql_real_escape_string($pass);
            mysql_query(
            "UPDATE `userdetail` SET lastlogin=NOW()
            WHERE useremail='$user' AND userpass=md5('$pass')");
            if (mysql_affected_rows() > 0) {
                $result = mysql_query(
                "SELECT sessionkey from usersession where TIMESTAMPDIFF(MINUTE,lastactivity,now()) < 20 and useremail='$user'");
                while ($row = mysql_fetch_assoc($result)) {
                    $tempsesskey = $row['sessionkey'];
                }
                if (strlen($tempsesskey) > 0) {
                    mysql_query(
                    "UPDATE usersession set lastactivity=now() where sessionkey='$tempsesskey'");
                } else {
                    $tempsesskey = generateKey(52);
                    mysql_query(
                    "UPDATE `usersession` set sessionkey='$tempsesskey',keyvalid='Y' where useremail='$user'");
                }
                self::$currentUser = $user;
                self::$sessionKey = $tempsesskey;
                return TRUE;
            }
        } else 
            if (isset($_GET['sessionkey'])) {
                $sesskey = $_GET['sessionkey'];
                $sesskey = mysql_real_escape_string($sesskey);
                $result = mysql_query(
                "SELECT sessionkey from usersession where sessionkey='$sesskey' and TIMESTAMPDIFF(MINUTE,lastactivity,now()) < 20");
                if (mysql_affected_rows() > 0) {
                    while ($row = mysql_fetch_assoc($result)) {
                        $tempsesskey = $row['sessionkey'];
                        self::$sessionKey = $tempsesskey;
                    }
                    return TRUE;
                }
            }
    }
}

Upvotes: 0

Views: 1082

Answers (1)

Arul Kumaran
Arul Kumaran

Reputation: 993

There is a simple way of setting the property on the Authentication class by adding custom php doc comment /annotation which is explained in Authentication with ACL. You can use the same technique for your purpose as well

Upvotes: 1

Related Questions