TEsting out formkey actions with new functions

api/functions/organizr-functions.php

@@ -381,10 +381,12 @@ function isApprovedRequest($method)
 		return true;
 	} elseif ($method == 'POST') {
 		$formKey = (isset($_POST['data']['formKey'])) ? $_POST['data']['formKey'] : '';
-		if (password_verify(substr($GLOBALS['quickConfig']['organizrHash'], 2, 10), $formKey)) {
+		if (checkFormKey($formKey)) {
 			return true;
-		} elseif (($requesterFormKeyHeader) && password_verify(substr($GLOBALS['quickConfig']['organizrHash'], 2, 10), $requesterFormKeyHeader)) {
+		} elseif (($requesterFormKeyHeader) && checkFormKey($requesterFormKeyHeader)) {
 			return true;
+		} else {
+			writeLog('error', 'API ERROR: Unable to authenticate Form Key for this users action', $GLOBALS['organizrUser']['username']);
 		}
 	} else {
 		return true;

api/functions/static-globals.php

@@ -53,16 +53,21 @@ function loadConfigOnce($path = null)
 	}
 }
 
-function formKey()
+function formKey($script = true)
 {
-	if (isset($GLOBALS['quickConfig']['organizrAPI'])) {
-		if ($GLOBALS['quickConfig']['organizrAPI'] !== '') {
+	if (isset($GLOBALS['quickConfig']['organizrHash'])) {
+		if ($GLOBALS['quickConfig']['organizrHash'] !== '') {
 			$hash = password_hash(substr($GLOBALS['quickConfig']['organizrHash'], 2, 10), PASSWORD_BCRYPT);
-			return '<script>local("s","formKey","' . $hash . '");</script>';
+			return ($script) ? '<script>local("s","formKey","' . $hash . '");</script>' : $hash;
 		}
 	}
 }
 
+function checkFormKey($formKey = '')
+{
+	return password_verify(substr($GLOBALS['quickConfig']['organizrHash'], 2, 10), $formKey);
+}
+
 function favIcons()
 {
 	$favicon = '