diff --git a/api/api.inc.php b/api/api.inc.php
index 48836382022d6b8ddec422e0afc46ee074930567..5167dc496b4231264777fd93dd71886eb55a7875 100644
--- a/api/api.inc.php
+++ b/api/api.inc.php
@@ -2,7 +2,7 @@
/*********************************************************************
api.inc.php
- File included on every API page...handles security and abuse issues
+ File included on every API page...handles common includes.
Peter Rotich <peter@osticket.com>
Copyright (c) 2006-2012 osTicket
@@ -13,74 +13,9 @@
vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
-//postfix exit codes see /usr/include/sysexits.h
-define('EX_DATAERR', 65); /* data format error */
-define('EX_NOINPUT', 66); /* cannot open input */
-define('EX_UNAVAILABLE', 69); /* service unavailable */
-define('EX_IOERR', 74); /* input/output error */
-define('EX_TEMPFAIL',75); /* temp failure; user is invited to retry */
-define('EX_NOPERM', 77); /* permission denied */
-define('EX_CONFIG', 78); /* configuration error */
-
-define('EX_SUCCESS',0); /* success baby */
-
-if(!file_exists('../main.inc.php')) exit(EX_CONFIG);
+file_exists('../main.inc.php') or die('System Error');
require_once('../main.inc.php');
-if(!defined('INCLUDE_DIR')) exit(EX_CONFIG);
-
require_once(INCLUDE_DIR.'class.http.php');
require_once(INCLUDE_DIR.'class.api.php');
-define('OSTAPIINC',TRUE); // Define tag that included files can check
-
-$remotehost=(isset($_SERVER['HTTP_HOST']) || isset($_SERVER['REMOTE_ADDR']))?TRUE:FALSE;
-/* API exit helper */
-function api_exit($code,$msg='') {
- global $remotehost, $ost;
-
- if($code!=EX_SUCCESS) {
- //Error occured...
- $_SESSION['api']['errors']+=1;
- $_SESSION['api']['time']=time();
- $ost->logWarning("API error - code #$code", $msg, ($_SESSION['api']['errors']>10));
- //echo "API Error:.$msg";
- }
- if($remotehost){
- switch($code) {
- case EX_SUCCESS:
- Http::response(200,$code,'text/plain');
- break;
- case EX_UNAVAILABLE:
- Http::response(405,$code,'text/plain');
- break;
- case EX_NOPERM:
- Http::response(403,$code,'text/plain');
- break;
- case EX_DATAERR:
- case EX_NOINPUT:
- default:
- Http::response(416,$code,'text/plain');
- }
- }
- exit($code);
-}
-
-//Remote hosts need authorization.
-$apikey = null;
-if($remotehost) {
- //Upto 10 consecutive errors allowed...before a 2 minute timeout.
- //One more error during timeout and timeout starts a new clock
- if($_SESSION['api']['errors']>10 && (time()-$_SESSION['api']['time'])<=2*60) // timeout!
- api_exit(EX_NOPERM, 'Remote host ['.$_SERVER['REMOTE_ADDR'].'] in timeout - error #'.$_SESSION['api']['errors']);
-
- if(!isset($_SERVER['HTTP_X_API_KEY']) || !isset($_SERVER['REMOTE_ADDR']))
- api_exit(EX_NOPERM, 'API key required');
- elseif(!($apikey=API::lookupByKey($_SERVER['HTTP_X_API_KEY'], $_SERVER['REMOTE_ADDR']))
- || !$apikey->isActive()
- || $apikey->getIPAddr()!=$_SERVER['REMOTE_ADDR'])
- api_exit(EX_NOPERM, 'API key not found/active or source IP not authorized');
-
- //At this point we know the remote host/IP is allowed.
- $_SESSION['api']['errors']=0; //clear errors for the session.
-}
?>
diff --git a/api/http.php b/api/http.php
index 646df6798fb8a6f0cdfcc4425114f6dfff71ee91..3d0c99ad368bf5ca79cd4040d1a2d46961eba10d 100644
--- a/api/http.php
+++ b/api/http.php
@@ -1,8 +1,8 @@
<?php
/*********************************************************************
- api.php
+ http.php
- Controller for the osTicket API
+ HTTP controller for the osTicket API
Jared Hancock
Copyright (c) 2006-2012 osTicket
@@ -13,9 +13,7 @@
vim: expandtab sw=4 ts=4 sts=4:
**********************************************************************/
-
-chdir('..');
-include "main.inc.php";
+require 'api.inc.php';
# Include the main api urls
require_once INCLUDE_DIR."class.dispatcher.php";