agco
I've figured out how to completely disable IP validation - there doesn't seem to be any information anywhere on the internet about how to do this so here it is to anyone who needs it. This definitely works on the latest version.
Open the file /include/class.api.php
The solution is to remove the three references to:
$_SERVER['REMOTE_ADDR']
That then completely disables any IP validation however the API key will still be validated. You will still need to attach an IP to the API key in the admin panel - just use 99.99.99.99
Just replace this code:
function requireApiKey() {
if(!($key=$this->getApiKey()))
return $this->exerr(401, __('Valid API key required'));
elseif (!$key->isActive() || $key->getIPAddr()!=$_SERVER['REMOTE_ADDR'])
return $this->exerr(401, __('API key not found/active or source IP not authorized'));
return $key;
}
function getApiKey() {
if (!$this->apikey && isset($_SERVER['HTTP_X_API_KEY']) && isset($_SERVER['REMOTE_ADDR']))
$this->apikey = API::lookupByKey($_SERVER['HTTP_X_API_KEY'], $_SERVER['REMOTE_ADDR']);
return $this->apikey;
}
Replace with this code:
function requireApiKey() {
if(!($key=$this->getApiKey()))
return $this->exerr(401, __('Valid API key required'));
elseif (!$key->isActive())
return $this->exerr(401, __('API key not found/active or source IP not authorized'));
return $key;
}
function getApiKey() {
if (!$this->apikey && isset($_SERVER['HTTP_X_API_KEY']))
$this->apikey = API::lookupByKey($_SERVER['HTTP_X_API_KEY']);
return $this->apikey;
}
Enjoy!
