diff options
author | friendica <info@friendica.com> | 2014-08-10 19:53:26 -0700 |
---|---|---|
committer | friendica <info@friendica.com> | 2014-08-10 19:53:26 -0700 |
commit | b12e40a4e86d162a739fc9b9c3664335d3b1481e (patch) | |
tree | b6886034fc95b7fb0e06ed17942eac0b8d5bdc61 /include/api.php | |
parent | 24db2e446812147a39e9399025415763c8583bbb (diff) | |
download | volse-hubzilla-b12e40a4e86d162a739fc9b9c3664335d3b1481e.tar.gz volse-hubzilla-b12e40a4e86d162a739fc9b9c3664335d3b1481e.tar.bz2 volse-hubzilla-b12e40a4e86d162a739fc9b9c3664335d3b1481e.zip |
allow channel login to the api, just like with the cloud
Diffstat (limited to 'include/api.php')
-rw-r--r-- | include/api.php | 28 |
1 files changed, 24 insertions, 4 deletions
diff --git a/include/api.php b/include/api.php index 57551a3b0..b26c4ea71 100644 --- a/include/api.php +++ b/include/api.php @@ -119,16 +119,36 @@ require_once('include/items.php'); // process normal login request require_once('include/auth.php'); + $channel_login = 0; $record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']); if(! $record) { - logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG); - header('WWW-Authenticate: Basic realm="Red"'); - header('HTTP/1.0 401 Unauthorized'); - die('This api requires login'); + $r = q("select * from channel where channel_address = '%s' limit 1", + dbesc($_SERVER['PHP_AUTH_USER']) + ); + if ($r) { + $x = q("select * from account where account_id = %d limit 1", + intval($r[0]['channel_account_id']) + ); + if ($x) { + $record = account_verify_password($x[0]['account_email'],$_SERVER['PHP_AUTH_PW']); + if($record) + $channel_login = $r[0]['channel_id']; + } + } + if(! $record) { + logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG); + header('WWW-Authenticate: Basic realm="Red"'); + header('HTTP/1.0 401 Unauthorized'); + die('This api requires login'); + } } require_once('include/security.php'); authenticate_success($record); + + if($channel_login) + change_channel($channel_login); + $_SESSION['allow_api'] = true; } |