diff options
| author | redmatrix <git@macgirvin.com> | 2016-07-20 17:55:40 -0700 |
|---|---|---|
| committer | redmatrix <git@macgirvin.com> | 2016-07-20 17:55:40 -0700 |
| commit | 3affb2e8172b4cc673aafe9551c21dad6f606d87 (patch) | |
| tree | 446d143aa2b47b8fd710b5a4920ee63196b8fe34 /Zotlabs/Storage | |
| parent | d54ad9880252cf8c6d2c61a01680279741735a36 (diff) | |
| download | volse-hubzilla-3affb2e8172b4cc673aafe9551c21dad6f606d87.tar.gz volse-hubzilla-3affb2e8172b4cc673aafe9551c21dad6f606d87.tar.bz2 volse-hubzilla-3affb2e8172b4cc673aafe9551c21dad6f606d87.zip | |
sort out some of the authentication mess - with luck this may fix the DAV auth issue which I simply could not duplicate or find a reason for.
Diffstat (limited to 'Zotlabs/Storage')
| -rw-r--r-- | Zotlabs/Storage/BasicAuth.php | 37 |
1 files changed, 12 insertions, 25 deletions
diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php index 9c73b47b9..67617b637 100644 --- a/Zotlabs/Storage/BasicAuth.php +++ b/Zotlabs/Storage/BasicAuth.php @@ -91,33 +91,20 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic { require_once('include/auth.php'); $record = account_verify_password($username, $password); - if ($record && $record['account_default_channel']) { - $r = q("SELECT * FROM channel WHERE channel_account_id = %d AND channel_id = %d LIMIT 1", - intval($record['account_id']), - intval($record['account_default_channel']) - ); - if($r && $this->check_module_access($r[0]['channel_id'])) { - return $this->setAuthenticated($r[0]); + if($record && $record['account']) { + if($record['channel']) + $channel = $record['channel']; + else { + $r = q("SELECT * FROM channel WHERE channel_account_id = %d AND channel_id = %d LIMIT 1", + intval($record['account']['account_id']), + intval($record['account']['account_default_channel']) + ); + if($r) + $channel = $r[0]; } } - $r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1", - dbesc($username) - ); - if ($r) { - $x = q("SELECT account_flags, account_salt, account_password FROM account WHERE account_id = %d LIMIT 1", - intval($r[0]['channel_account_id']) - ); - if ($x) { - // @fixme this foreach should not be needed? - foreach ($x as $record) { - if ((($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)) - && (hash('whirlpool', $record['account_salt'] . $password) === $record['account_password'])) { - logger('password verified for ' . $username); - if($this->check_module_access($r[0]['channel_id'])) - return $this->setAuthenticated($r[0]); - } - } - } + if($channel && $this->check_module_access($channel['channel_id'])) { + return $this->setAuthenticated($channel); } if($this->module_disabled) |