aboutsummaryrefslogtreecommitdiffstats
path: root/Zotlabs/Storage
diff options
context:
space:
mode:
authorredmatrix <git@macgirvin.com>2016-07-20 17:55:40 -0700
committerredmatrix <git@macgirvin.com>2016-07-20 17:57:17 -0700
commitbc8c74eb422387a5537eb923c90a34c1196ce568 (patch)
tree4f8ba641908fd18cc810ee0086684a4041062231 /Zotlabs/Storage
parenteac35c05e9059ba57aefc878cc669eb0efbbd086 (diff)
downloadvolse-hubzilla-bc8c74eb422387a5537eb923c90a34c1196ce568.tar.gz
volse-hubzilla-bc8c74eb422387a5537eb923c90a34c1196ce568.tar.bz2
volse-hubzilla-bc8c74eb422387a5537eb923c90a34c1196ce568.zip
sort out some of the authentication mess - with luck this may fix the DAV auth issue which I simply could not duplicate or find a reason for.
Diffstat (limited to 'Zotlabs/Storage')
-rw-r--r--Zotlabs/Storage/BasicAuth.php37
1 files changed, 12 insertions, 25 deletions
diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php
index 60fc2c988..e94a5c1dc 100644
--- a/Zotlabs/Storage/BasicAuth.php
+++ b/Zotlabs/Storage/BasicAuth.php
@@ -91,33 +91,20 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
require_once('include/auth.php');
$record = account_verify_password($username, $password);
- if ($record && $record['account_default_channel']) {
- $r = q("SELECT * FROM channel WHERE channel_account_id = %d AND channel_id = %d LIMIT 1",
- intval($record['account_id']),
- intval($record['account_default_channel'])
- );
- if($r && $this->check_module_access($r[0]['channel_id'])) {
- return $this->setAuthenticated($r[0]);
+ if($record && $record['account']) {
+ if($record['channel'])
+ $channel = $record['channel'];
+ else {
+ $r = q("SELECT * FROM channel WHERE channel_account_id = %d AND channel_id = %d LIMIT 1",
+ intval($record['account']['account_id']),
+ intval($record['account']['account_default_channel'])
+ );
+ if($r)
+ $channel = $r[0];
}
}
- $r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1",
- dbesc($username)
- );
- if ($r) {
- $x = q("SELECT account_flags, account_salt, account_password FROM account WHERE account_id = %d LIMIT 1",
- intval($r[0]['channel_account_id'])
- );
- if ($x) {
- // @fixme this foreach should not be needed?
- foreach ($x as $record) {
- if ((($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED))
- && (hash('whirlpool', $record['account_salt'] . $password) === $record['account_password'])) {
- logger('password verified for ' . $username);
- if($this->check_module_access($r[0]['channel_id']))
- return $this->setAuthenticated($r[0]);
- }
- }
- }
+ if($channel && $this->check_module_access($channel['channel_id'])) {
+ return $this->setAuthenticated($channel);
}
if($this->module_disabled)