From e0cda5cfa047ed83224aa83a732626c56d9c6f56 Mon Sep 17 00:00:00 2001
From: Ismo Vuorinen <ivuorinen@me.com>
Date: Fri, 22 Nov 2013 09:27:39 +0200
Subject: [PATCH] Implemented database refresh key: import.php?key=[user
 specified refresh_key] (Closes #1)

---
 app/api/config.sample.php |  3 ++-
 app/api/import.php        | 12 ++++++++++++
 2 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/app/api/config.sample.php b/app/api/config.sample.php
index 7b3492c..7891981 100644
--- a/app/api/config.sample.php
+++ b/app/api/config.sample.php
@@ -17,7 +17,8 @@ $config = array(
     'user'         => 'username',
     'password'     => 'password',
     'table'        => 'airports',
-    'create_table' => true
+    'create_table' => true,
+    'refresh_key'  => 'lentolaskuridatabasekey' // You should change this to your reset key
 );
 
 // ----
diff --git a/app/api/import.php b/app/api/import.php
index c53eb70..7e57b42 100644
--- a/app/api/import.php
+++ b/app/api/import.php
@@ -18,6 +18,18 @@ if (is_readable('config.php')) {
     die("Couldn't find configuration file. Please check the installation guide.");
 }
 
+
+/**
+ * Test if import.php?key= value matches $config['refresh_key']
+ * If matches continue, else stop processing with error message.
+ */
+
+$key = (empty($_GET['key'])) ? null : $_GET['key'];
+if ($config['refresh_key'] !== $key || empty($key)) {
+    $mysqli->close();
+    die("Wrong refresh_key, please check configuration file for the corrent key.");
+}
+
 /**
  * If we can see lentolaskuri.sql and config.php setting
  * $config['create_table'] is true, we try to create table for airports.