You appear to be a bot. Output may be restricted

Description

Validate the API request

Checks for the user's public key and token against the secret key

Usage

$bool = EDD_API::validate_request();

Parameters

Returns

bool

Source

File name: easy-digital-downloads/includes/api/class-edd-api.php
Lines:

  private function validate_request() {
    global $wp_query;

    $this->override = false;

    // Make sure we have both user and api key
    if ( ! empty( $wp_query->query_vars['edd-api'] ) && ( ! $this->is_public_query() || ! empty( $wp_query->query_vars['token'] ) ) ) {

      if ( empty( $wp_query->query_vars['token'] ) || empty( $wp_query->query_vars['key'] ) ) {
        $this->missing_auth();
        return  false;
      }

      // Auth was provided, include the upgrade routine so we can use the fallback api checks
      require_once EDD_PLUGIN_DIR . 'includes/admin/upgrades/upgrade-functions.php';

      // Retrieve the user by public API key and ensure they exist
      if ( ! ( $user = $this->get_user( $wp_query->query_vars['key'] ) ) ) {

        $this->invalid_key();
        return  false;

      } else {

        $token  = urldecode( $wp_query->query_vars['token'] );
        $secret = $this->get_user_secret_key( $user );
        $public = urldecode( $wp_query->query_vars['key'] );

        // Verify that if user has secret key or not.
        if ( ! $secret ) {
          $this->invalid_auth();
        }

        $valid = $this->check_keys( $secret, $public, $token );
        if ( $valid ) {
          $this->is_valid_request = true;
        } else {
          $this->invalid_auth();
          return  false;
        }

      }
    } elseif ( ! empty( $wp_query->query_vars['edd-api'] ) && $this->is_public_query() ) {
      $this->is_valid_request = true;
      $wp_query->set( 'key', 'public' );
    }

  }
 

 View on GitHub View on Trac