diff options
author | redmatrix <git@macgirvin.com> | 2016-07-20 17:55:40 -0700 |
---|---|---|
committer | redmatrix <git@macgirvin.com> | 2016-07-20 17:57:17 -0700 |
commit | bc8c74eb422387a5537eb923c90a34c1196ce568 (patch) | |
tree | 4f8ba641908fd18cc810ee0086684a4041062231 /Zotlabs/Storage | |
parent | eac35c05e9059ba57aefc878cc669eb0efbbd086 (diff) | |
download | volse-hubzilla-bc8c74eb422387a5537eb923c90a34c1196ce568.tar.gz volse-hubzilla-bc8c74eb422387a5537eb923c90a34c1196ce568.tar.bz2 volse-hubzilla-bc8c74eb422387a5537eb923c90a34c1196ce568.zip |
sort out some of the authentication mess - with luck this may fix the DAV auth issue which I simply could not duplicate or find a reason for.
Diffstat (limited to 'Zotlabs/Storage')
-rw-r--r-- | Zotlabs/Storage/BasicAuth.php | 37 |
1 files changed, 12 insertions, 25 deletions
diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php index 60fc2c988..e94a5c1dc 100644 --- a/Zotlabs/Storage/BasicAuth.php +++ b/Zotlabs/Storage/BasicAuth.php @@ -91,33 +91,20 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic { require_once('include/auth.php'); $record = account_verify_password($username, $password); - if ($record && $record['account_default_channel']) { - $r = q("SELECT * FROM channel WHERE channel_account_id = %d AND channel_id = %d LIMIT 1", - intval($record['account_id']), - intval($record['account_default_channel']) - ); - if($r && $this->check_module_access($r[0]['channel_id'])) { - return $this->setAuthenticated($r[0]); + if($record && $record['account']) { + if($record['channel']) + $channel = $record['channel']; + else { + $r = q("SELECT * FROM channel WHERE channel_account_id = %d AND channel_id = %d LIMIT 1", + intval($record['account']['account_id']), + intval($record['account']['account_default_channel']) + ); + if($r) + $channel = $r[0]; } } - $r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1", - dbesc($username) - ); - if ($r) { - $x = q("SELECT account_flags, account_salt, account_password FROM account WHERE account_id = %d LIMIT 1", - intval($r[0]['channel_account_id']) - ); - if ($x) { - // @fixme this foreach should not be needed? - foreach ($x as $record) { - if ((($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)) - && (hash('whirlpool', $record['account_salt'] . $password) === $record['account_password'])) { - logger('password verified for ' . $username); - if($this->check_module_access($r[0]['channel_id'])) - return $this->setAuthenticated($r[0]); - } - } - } + if($channel && $this->check_module_access($channel['channel_id'])) { + return $this->setAuthenticated($channel); } if($this->module_disabled) |