From 3a3d2f6f2cf6aa18a5ba67a233cb5a01b4e2ea0f Mon Sep 17 00:00:00 2001
From: Mark Crane <markjcrane@gmail.com>
Date: Tue, 29 Jul 2014 03:15:31 +0000
Subject: [PATCH] Increase the api_key required length to 30 characters or
 greater

---
 resources/check_auth.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/resources/check_auth.php b/resources/check_auth.php
index f62984ff9f..46d4822769 100644
--- a/resources/check_auth.php
+++ b/resources/check_auth.php
@@ -185,7 +185,7 @@ require_once "resources/require.php";
 			else {
 				//check the username and password if they don't match then redirect to the login
 					$sql = "select * from v_users ";
-					if (isset($_REQUEST["key"])) {
+					if (strlen($_REQUEST["key"]) > 30) {
 						$sql .= "where api_key=:key ";
 						//$sql .= "and api_key='".$key."' ";
 					}
@@ -206,7 +206,7 @@ require_once "resources/require.php";
 					if ($_SESSION["user"]["unique"]["text"] != "global") {
 						$prep_statement->bindParam(':domain_uuid', $domain_uuid);
 					}
-					if (isset($_REQUEST["key"])) {
+					if (strlen($_REQUEST["key"]) > 30) {
 						$prep_statement->bindParam(':key', $key);
 					}
 					else {