playSMS Forum

[solved] Additional security in the API

Anton, hello!
I noticed one peculiarity when sending SMS via API.
Namely, some of the required directives are u (username) and h (api token). It so happens that even if a person knows the API token, but at the same time does not know the username, he will be able to generate and send SMS. In a word, there is no link between the username and the API-token in the system. It seems to me it would be great to write logic that checks for the presence of two directives and their binding to each other. This will give additional security and reliability to the system.

Jamshid Tursunov

See config.php:

Option $core_config['webservices_username'] sets to default that the username should be included in API, if its false then username is not required.

If thats not the case then its a bug.


Thanks Anton, it was set to “false”
Topic is closed

Jamshid Tursunov

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.