public static function isAuthorized()
{
// grab data
$email = \SpoonFilter::getGetValue('email', null, '');
$nonce = \SpoonFilter::getGetValue('nonce', null, '');
$secret = \SpoonFilter::getGetValue('secret', null, '');
// data can be available in the POST, so check it
if ($email == '') {
$email = \SpoonFilter::getPostValue('email', null, '');
}
if ($nonce == '') {
$nonce = \SpoonFilter::getPostValue('nonce', null, '');
}
if ($secret == '') {
$secret = \SpoonFilter::getPostValue('secret', null, '');
}
// check if needed elements are available
if ($email === '' || $nonce === '' || $secret === '') {
return self::output(self::NOT_AUTHORIZED, array('message' => 'Not authorized.'));
}
// get the user
try {
$user = new BackendUser(null, $email);
} catch (\Exception $e) {
return self::output(self::FORBIDDEN, array('message' => 'This account does not exist.'));
}
// get settings
$apiAccess = $user->getSetting('api_access', false);
$apiKey = $user->getSetting('api_key');
// no API-access
if (!$apiAccess) {
return self::output(self::FORBIDDEN, array('message' => 'Your account isn\'t allowed to use the API. Contact an administrator.'));
}
// create hash
$hash = BackendAuthentication::getEncryptedString($email . $apiKey, $nonce);
// output
if ($secret != $hash) {
return self::output(self::FORBIDDEN, array('message' => 'Invalid secret.'));
}
// return
return true;
}