aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorzotlabs <mike@macgirvin.com>2017-08-31 19:09:07 -0700
committerzotlabs <mike@macgirvin.com>2017-08-31 19:09:07 -0700
commit5e767144c9fad9fe84573f4c46cd74b8edf76391 (patch)
treeeb006bd9ae04d528aa755c8e36d004eb166468ce
parent6d87311394356f2f072c55338673d6ebc865eede (diff)
downloadvolse-hubzilla-5e767144c9fad9fe84573f4c46cd74b8edf76391.tar.gz
volse-hubzilla-5e767144c9fad9fe84573f4c46cd74b8edf76391.tar.bz2
volse-hubzilla-5e767144c9fad9fe84573f4c46cd74b8edf76391.zip
simplify api_auth
-rw-r--r--include/api_auth.php24
1 files changed, 9 insertions, 15 deletions
diff --git a/include/api_auth.php b/include/api_auth.php
index e5cd7cab3..7fc8dec3a 100644
--- a/include/api_auth.php
+++ b/include/api_auth.php
@@ -33,21 +33,15 @@ function api_login(&$a){
// workarounds for HTTP-auth in CGI mode
- if(x($_SERVER,'REDIRECT_REMOTE_USER')) {
- $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ;
- if(strlen($userpass)) {
- list($name, $password) = explode(':', $userpass);
- $_SERVER['PHP_AUTH_USER'] = $name;
- $_SERVER['PHP_AUTH_PW'] = $password;
- }
- }
-
- if(x($_SERVER,'HTTP_AUTHORIZATION')) {
- $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"],6)) ;
- if(strlen($userpass)) {
- list($name, $password) = explode(':', $userpass);
- $_SERVER['PHP_AUTH_USER'] = $name;
- $_SERVER['PHP_AUTH_PW'] = $password;
+ foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) {
+ if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,5) === 'Basic') {
+ $userpass = @base64_decode(substr(trim($_SERVER[$head]),6)) ;
+ if(strlen($userpass)) {
+ list($name, $password) = explode(':', $userpass);
+ $_SERVER['PHP_AUTH_USER'] = $name;
+ $_SERVER['PHP_AUTH_PW'] = $password;
+ }
+ break;
}
}