Merge pull request chriskacerguis#138 from onema/master

List of ip addresses that can use an API key (2)

Author: Phil Sturgeon

application/config/rest.php

@@ -168,6 +168,8 @@
 	  `key` varchar(40) NOT NULL,
 	  `level` int(2) NOT NULL,
 	  `ignore_limits` tinyint(1) NOT NULL DEFAULT '0',
+	  `is_private_key` tinyint(1)  NOT NULL DEFAULT '0',
+	  `ip_addresses` TEXT NULL DEFAULT NULL,
 	  `date_created` int(11) NOT NULL,
 	  PRIMARY KEY (`id`)
 	) ENGINE=InnoDB DEFAULT CHARSET=utf8;

application/libraries/REST_Controller.php

@@ -432,7 +432,7 @@ public function response($data = array(), $http_code = null)
 	 */
 	protected function _detect_ssl()
 	{
-    		return (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on"));
+    		return (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == "on");
 	}
 
 
@@ -608,6 +608,38 @@ protected function _detect_api_key()
 			isset($row->user_id) AND $this->rest->user_id = $row->user_id;
 			isset($row->level) AND $this->rest->level = $row->level;
 			isset($row->ignore_limits) AND $this->rest->ignore_limits = $row->ignore_limits;
+			
+			/*
+			 * If "is private key" is enabled, compare the ip address with the list
+			 * of valid ip addresses stored in the database.
+			 */
+			if(!empty($row->is_private_key))
+			{
+				// Check for a list of valid ip addresses
+				if(isset($row->ip_addresses))
+				{
+					// multiple ip addresses must be separated using a comma, explode and loop
+					$list_ip_addresses = explode(",", $row->ip_addresses);
+					$found_address = FALSE;
+					
+					foreach($list_ip_addresses as $ip_address)
+					{
+						if($this->input->ip_address() == trim($ip_address))
+						{
+							// there is a match, set the the value to true and break out of the loop
+							$found_address = TRUE;
+							break;
+						}
+					}
+					
+					return $found_address;
+				}
+				else
+				{
+					// There should be at least one IP address for this private key.
+					return FALSE;
+				}
+			}
 
 			return $this->client;
 		}