Zed. The source code to build a world.

cerbere.php

API security

Zed. The immensity of stars. The HyperShip. The people.

(c) 2010, Dereckson, some rights reserved. Released under BSD license.

This file provides a cerbere function, to assert the user is correctly authenticated in the API call.

Tags
subpackage

API

author

Sébastien Santoro aka Dereckson dereckson@espace-win.org

copyright

2010 Sébastien Santoro aka Dereckson

license

http://www.opensource.org/licenses/bsd-license.php BSD

version
0.1
link
http://scherzo.dereckson.be/doc/zed
link
http://zed.dereckson.be/
filesource

Table of Contents

Constants

ALLOW_LOCALHOST  = \false
Determines if localhost calls could be passed.
FORMAT_ERROR  = \false
Determines if the error must be formatted.
OUTPUT_ERROR  = \true
Determines if error should be printed.
TABLE_API_KEYS  = 'api_keys'
The table where are located the API keys

Functions

cerbere()  : mixed
Checks if credentials are okay and exits if not
cerbere_die()  : never
Prints a message in raw or API format, then exits.

Constants

ALLOW_LOCALHOST

Determines if localhost calls could be passed.

public mixed ALLOW_LOCALHOST = \false

If true, any call from localhost is valid. Otherwise, normal security rules are applied.

FORMAT_ERROR

Determines if the error must be formatted.

public mixed FORMAT_ERROR = \false

If true, any error will be sent to api_output ; otherwise, it will be printed as is.

OUTPUT_ERROR

Determines if error should be printed.

public mixed OUTPUT_ERROR = \true

If true, the error will be printed according the FORMAT_ERROR setting. Otherwise, a blank page will be served.

TABLE_API_KEYS

The table where are located the API keys

public mixed TABLE_API_KEYS = 'api_keys'

Functions

cerbere()

Checks if credentials are okay and exits if not

cerbere() : mixed

If the credentials aren't valid, it will print an error message if OUTPUT_ERROR is defined and true.

This error message will be formatted through the api_output function if FORMAT_ERROR is defined and true ; otherwise, it will be print as is.

To help debug, you can also define ALLOW_LOCALHOST. If this constant is defined and true, any call from localhost will be accepted, without checking the key.

Tags
see
cerbere_die

cerbere_die()

Prints a message in raw or API format, then exits.

cerbere_die(string $message) : never

The error message will be formatted through api_output if the constant FORMAT_ERROR is defined and true. Otherwise, it will be printed as is.

Parameters
$message : string

The error message to print

Return values
never 

        

        
    




    

    

                                

                

                            
    

        On this page

        
    


                

                            

            

    

        

            
Search results