| 51 | | if (!Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$_REQUEST['user'],'5')) { |
| 52 | | debug_event('Access Denied','Unathorized access attempt to API [' . $_SERVER['REMOTE_ADDR'] . ']', '3'); |
| 53 | | ob_end_clean(); |
| | 51 | if ((!vauth::session_exists('api', $_REQUEST['auth']) AND $_REQUEST['action'] != 'handshake')) { |
| | 52 | debug_event('Access Denied','Invalid Session attempt to API [' . $_REQUEST['action'] . ']','3'); |
| | 53 | ob_end_clean(); |
| | 54 | echo xmlData::error('401','Session Expired'); |
| | 55 | exit(); |
| | 56 | } |
| | 57 | |
| | 58 | // If the session exists then let's try to pull some data from it to see if we're still allowed to do this |
| | 59 | $session = vauth::get_session_data($_REQUEST['auth']); |
| | 60 | $username = ($_REQUEST['action'] == 'handshake') ? $_REQUEST['user'] : $session['username']; |
| | 61 | |
| | 62 | if (!Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$username,'5')) { |
| | 63 | debug_event('Access Denied','Unathorized access attempt to API [' . $_SERVER['REMOTE_ADDR'] . ']', '3'); |
| | 64 | ob_end_clean(); |
| 58 | | if ((!vauth::session_exists('api', $_REQUEST['auth']) AND $_REQUEST['action'] != 'handshake')) { |
| 59 | | debug_event('Access Denied','Invalid Session attempt to API [' . $_REQUEST['action'] . ']','3'); |
| 60 | | ob_end_clean(); |
| 61 | | echo xmlData::error('401','Session Expired'); |
| 62 | | exit(); |
| 63 | | } |
| 64 | | |
| 65 | | // If we make it past the check and we're not a hand-shaking then we should extend the session |
| 66 | | if ($_REQUEST['action'] != 'handshake') { |
| 67 | | vauth::session_extend($_REQUEST['auth']); |
| 68 | | $session = vauth::get_session_data($_REQUEST['auth']); |
| 69 | | $GLOBALS['user'] = User::get_from_username($session['username']); |
| | 69 | if (!$_REQUEST['action'] != 'handshake') { |
| | 70 | vauth::session_extend($_REQUEST['auth']); |
| | 71 | $GLOBALS['user'] = User::get_from_username($session['username']); |
