aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Storage
diff options
context:
space:
mode:
authorAndrew Manning <tamanning@zoho.com>2016-07-21 21:14:54 -0400
committerAndrew Manning <tamanning@zoho.com>2016-07-21 21:14:54 -0400
commit5a63ddd6457ae4dba61ff30db5b6601b22ddd1b6 (patch)
tree84b9b847f384c42a462a0035142b4b5757906922 /Zotlabs/Storage
parentd504197a786eb46a780278fccb529daa13bfa443 (diff)
parent8566f9130395ecdbe19f9fce85a26dac39d9fe24 (diff)
downloadvolse-hubzilla-5a63ddd6457ae4dba61ff30db5b6601b22ddd1b6.tar.gz
volse-hubzilla-5a63ddd6457ae4dba61ff30db5b6601b22ddd1b6.tar.bz2
volse-hubzilla-5a63ddd6457ae4dba61ff30db5b6601b22ddd1b6.zip
Merge remote-tracking branch 'upstream/dev' into website-import
Diffstat (limited to 'Zotlabs/Storage')
-rw-r--r--Zotlabs/Storage/BasicAuth.php40
1 files changed, 14 insertions, 26 deletions
diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php
index 9c73b47b9..995976dcd 100644
--- a/Zotlabs/Storage/BasicAuth.php
+++ b/Zotlabs/Storage/BasicAuth.php
@@ -91,33 +91,20 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
require_once('include/auth.php');
$record = account_verify_password($username, $password);
- if ($record && $record['account_default_channel']) {
- $r = q("SELECT * FROM channel WHERE channel_account_id = %d AND channel_id = %d LIMIT 1",
- intval($record['account_id']),
- intval($record['account_default_channel'])
- );
- if($r && $this->check_module_access($r[0]['channel_id'])) {
- return $this->setAuthenticated($r[0]);
+ if($record && $record['account']) {
+ if($record['channel'])
+ $channel = $record['channel'];
+ else {
+ $r = q("SELECT * FROM channel WHERE channel_account_id = %d AND channel_id = %d LIMIT 1",
+ intval($record['account']['account_id']),
+ intval($record['account']['account_default_channel'])
+ );
+ if($r)
+ $channel = $r[0];
}
}
- $r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1",
- dbesc($username)
- );
- if ($r) {
- $x = q("SELECT account_flags, account_salt, account_password FROM account WHERE account_id = %d LIMIT 1",
- intval($r[0]['channel_account_id'])
- );
- if ($x) {
- // @fixme this foreach should not be needed?
- foreach ($x as $record) {
- if ((($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED))
- && (hash('whirlpool', $record['account_salt'] . $password) === $record['account_password'])) {
- logger('password verified for ' . $username);
- if($this->check_module_access($r[0]['channel_id']))
- return $this->setAuthenticated($r[0]);
- }
- }
- }
+ if($channel && $this->check_module_access($channel['channel_id'])) {
+ return $this->setAuthenticated($channel);
}
if($this->module_disabled)
@@ -178,6 +165,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
function check(RequestInterface $request, ResponseInterface $response) {
if(local_channel()) {
+ $this->setAuthenticated(\App::get_channel());
return [ true, $this->principalPrefix . $this->channel_name ];
}
@@ -275,4 +263,4 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
logger('owner_id ' . $this->owner_id, LOGGER_DATA);
logger('owner_nick ' . $this->owner_nick, LOGGER_DATA);
}
-} \ No newline at end of file
+}