Merge branch 'api-rework' into working

3 files changed, 25 insertions, 27 deletions

diff --git a/application/models/mfile.php b/application/models/mfile.php
index eee2c4e5b..0ec27a817 100644
--- a/application/models/mfile.php
+++ b/application/models/mfile.php
@@ -40,7 +40,7 @@ class Mfile extends CI_Model {
 			return $id;
 		}
 
-		show_error("Failed to find unused ID after $max_tries tries.");
+		throw new \exceptions\PublicApiException("file/new_id-try-limit", "Failed to find unused ID after $max_tries tries");
 	}
 
 	function id_exists($id)
diff --git a/application/models/mmultipaste.php b/application/models/mmultipaste.php
index 6cbf6518b..ed3b8e3a7 100644
--- a/application/models/mmultipaste.php
+++ b/application/models/mmultipaste.php
@@ -54,7 +54,7 @@ class Mmultipaste extends CI_Model {
 			return $id;
 		}
 
-		show_error("Failed to find unused ID after $max_tries tries.");
+		throw new \exceptions\PublicApiException("file/new_id-try-limit", "Failed to find unused ID after $max_tries tries");
 	}
 
 	public function id_exists($id)
@@ -64,9 +64,9 @@ class Mmultipaste extends CI_Model {
 		}
 
 		$sql = '
-			SELECT multipaste.url_id
-			FROM multipaste
-			WHERE multipaste.url_id = ?
+			SELECT url_id
+			FROM `'.$this->db->dbprefix.'multipaste`
+			WHERE url_id = ?
 			LIMIT 1';
 		$query = $this->db->query($sql, array($id));
 
@@ -113,7 +113,7 @@ class Mmultipaste extends CI_Model {
 	{
 		return $this->db->query("
 			SELECT user_id
-			FROM multipaste
+			FROM `".$this->db->dbprefix."multipaste`
 			WHERE url_id = ?
 			", array($id))->row_array()["user_id"];
 	}
@@ -122,7 +122,7 @@ class Mmultipaste extends CI_Model {
 	{
 		return $this->db->query("
 			SELECT url_id, user_id, date
-			FROM multipaste
+			FROM `".$this->db->dbprefix."multipaste`
 			WHERE url_id = ?
 			", array($id))->row_array();
 	}
@@ -133,8 +133,8 @@ class Mmultipaste extends CI_Model {
 
 		$query = $this->db->query("
 			SELECT mfm.file_url_id
-			FROM multipaste_file_map mfm
-			JOIN multipaste m ON m.multipaste_id = mfm.multipaste_id
+			FROM `".$this->db->dbprefix."multipaste_file_map` mfm
+			JOIN `".$this->db->dbprefix."multipaste` m ON m.multipaste_id = mfm.multipaste_id
 			WHERE m.url_id = ?
 			ORDER BY mfm.sort_order
 			", array($url_id))->result_array();
@@ -151,7 +151,7 @@ class Mmultipaste extends CI_Model {
 	{
 		$query = $this->db->query("
 			SELECT multipaste_id
-			FROM multipaste
+			FROM `".$this->db->dbprefix."multipaste`
 			WHERE url_id = ?
 			", array($url_id));
 
diff --git a/application/models/muser.php b/application/models/muser.php
index ffcc5f6b3..6f6129ca2 100644
--- a/application/models/muser.php
+++ b/application/models/muser.php
@@ -83,7 +83,7 @@ class Muser extends CI_Model {
 			if ($this->login($username, $password)) {
 				return true;
 			} else {
-				show_error("Login failed", 401);
+				throw new \exceptions\NotAuthenticatedException("user/login-failed", "Login failed");
 			}
 		}
 
@@ -112,7 +112,7 @@ class Muser extends CI_Model {
 			return true;
 		}
 
-		show_error("API key login failed", 401);
+		throw new \exceptions\NotAuthenticatedException("user/api-login-failed", "API key login failed");
 	}
 
 	function logout()
@@ -156,18 +156,18 @@ class Muser extends CI_Model {
 	{
 		$session_level = $this->session->userdata("access_level");
 
-		$wanted = array_search($wanted_level, $this->access_levels);
-		$have = array_search($session_level, $this->access_levels);
+		$wanted = array_search($wanted_level, $this->get_access_levels());
+		$have = array_search($session_level, $this->get_access_levels());
 
 		if ($wanted === false || $have === false) {
-			show_error("Failed to determine access level");
+			throw new \exceptions\PublicApiException("api/invalid-accesslevel", "Failed to determine access level");
 		}
 
 		if ($have >= $wanted) {
-			return true;
+			return;
 		}
 
-		show_error("Access denied: Access level too low", 403);
+		throw new \exceptions\InsufficientPermissionsException("api/insufficient-permissions", "Access denied: Access level too low");
 	}
 
 	function require_access($wanted_level = "full")
@@ -184,17 +184,15 @@ class Muser extends CI_Model {
 			return $this->check_access_level($wanted_level);
 		}
 
-		if (!stateful_client()) {
-			show_error("Not authenticated. FileBin requires you to have an account, please go to the homepage for more information.\n", 401);
+		if (stateful_client()) {
+			// desktop clients get redirected to the login form
+			$this->require_session();
+			if (!$this->session->userdata("flash:new:uri")) {
+				$this->session->set_flashdata("uri", $this->uri->uri_string());
+			}
 		}
 
-		// desktop clients get redirected to the login form
-		$this->require_session();
-		if (!$this->session->userdata("flash:new:uri")) {
-			$this->session->set_flashdata("uri", $this->uri->uri_string());
-		}
-		redirect('user/login');
-		exit();
+		throw new \exceptions\NotAuthenticatedException("api/not-authenticated", "Not authenticated. FileBin requires you to have an account, please go to the homepage for more information.");
 	}
 
 	function username_exists($username)
@@ -210,7 +208,7 @@ class Muser extends CI_Model {
 			->get()->row_array();
 
 		if (!isset($query["key"]) || $key != $query["key"]) {
-			show_error("Invalid action key");
+			throw new \exceptions\ApiException("user/get_action/invalid-action", "Invalid action key");
 		}
 
 		return $query;