diff options
author | Andrew Manning <tamanning@zoho.com> | 2016-07-21 21:14:54 -0400 |
---|---|---|
committer | Andrew Manning <tamanning@zoho.com> | 2016-07-21 21:14:54 -0400 |
commit | 5a63ddd6457ae4dba61ff30db5b6601b22ddd1b6 (patch) | |
tree | 84b9b847f384c42a462a0035142b4b5757906922 /Zotlabs/Storage | |
parent | d504197a786eb46a780278fccb529daa13bfa443 (diff) | |
parent | 8566f9130395ecdbe19f9fce85a26dac39d9fe24 (diff) | |
download | volse-hubzilla-5a63ddd6457ae4dba61ff30db5b6601b22ddd1b6.tar.gz volse-hubzilla-5a63ddd6457ae4dba61ff30db5b6601b22ddd1b6.tar.bz2 volse-hubzilla-5a63ddd6457ae4dba61ff30db5b6601b22ddd1b6.zip |
Merge remote-tracking branch 'upstream/dev' into website-import
Diffstat (limited to 'Zotlabs/Storage')
-rw-r--r-- | Zotlabs/Storage/BasicAuth.php | 40 |
1 files changed, 14 insertions, 26 deletions
diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php index 9c73b47b9..995976dcd 100644 --- a/Zotlabs/Storage/BasicAuth.php +++ b/Zotlabs/Storage/BasicAuth.php @@ -91,33 +91,20 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic { require_once('include/auth.php'); $record = account_verify_password($username, $password); - if ($record && $record['account_default_channel']) { - $r = q("SELECT * FROM channel WHERE channel_account_id = %d AND channel_id = %d LIMIT 1", - intval($record['account_id']), - intval($record['account_default_channel']) - ); - if($r && $this->check_module_access($r[0]['channel_id'])) { - return $this->setAuthenticated($r[0]); + if($record && $record['account']) { + if($record['channel']) + $channel = $record['channel']; + else { + $r = q("SELECT * FROM channel WHERE channel_account_id = %d AND channel_id = %d LIMIT 1", + intval($record['account']['account_id']), + intval($record['account']['account_default_channel']) + ); + if($r) + $channel = $r[0]; } } - $r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1", - dbesc($username) - ); - if ($r) { - $x = q("SELECT account_flags, account_salt, account_password FROM account WHERE account_id = %d LIMIT 1", - intval($r[0]['channel_account_id']) - ); - if ($x) { - // @fixme this foreach should not be needed? - foreach ($x as $record) { - if ((($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)) - && (hash('whirlpool', $record['account_salt'] . $password) === $record['account_password'])) { - logger('password verified for ' . $username); - if($this->check_module_access($r[0]['channel_id'])) - return $this->setAuthenticated($r[0]); - } - } - } + if($channel && $this->check_module_access($channel['channel_id'])) { + return $this->setAuthenticated($channel); } if($this->module_disabled) @@ -178,6 +165,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic { function check(RequestInterface $request, ResponseInterface $response) { if(local_channel()) { + $this->setAuthenticated(\App::get_channel()); return [ true, $this->principalPrefix . $this->channel_name ]; } @@ -275,4 +263,4 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic { logger('owner_id ' . $this->owner_id, LOGGER_DATA); logger('owner_nick ' . $this->owner_nick, LOGGER_DATA); } -}
\ No newline at end of file +} |