Merge remote-tracking branch 'upstream/master'

1 files changed, 44 insertions, 40 deletions

diff --git a/include/api_auth.php b/include/api_auth.php
index ee9db3f55..26a9df8d4 100644
--- a/include/api_auth.php
+++ b/include/api_auth.php
@@ -1,17 +1,19 @@
 <?php /** @file */
 
-require_once("oauth.php");
-
-
 /**
- * Simple HTTP Login
+ * API Login via basic-auth or OAuth
  */
 
 function api_login(&$a){
+
+	$record = null;
+
+	require_once('include/oauth.php');
+
 	// login with oauth
 	try {
-		$oauth = new FKOAuth1();
-		$req = OAuthRequest::from_request();
+		$oauth = new ZotOAuth1();
+		$req = OAuth1Request::from_request();
 
 		list($consumer,$token) = $oauth->verify_request($req);
 
@@ -23,16 +25,14 @@ function api_login(&$a){
 			call_hooks('logged_in', $a->user);
 			return;
 		}
-		echo __file__.__line__.__function__."<pre>"; 
-//			var_dump($consumer, $token); 
-		die();
+		killme();
 	}
 	catch(Exception $e) {
-		logger(__file__.__line__.__function__."\n".$e);
+		logger($e->getMessage());
 	}
-
 		
-	// workaround for HTTP-auth in CGI mode
+	// workarounds for HTTP-auth in CGI mode
+
 	if(x($_SERVER,'REDIRECT_REMOTE_USER')) {
 		$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ;
 		if(strlen($userpass)) {
@@ -51,45 +51,49 @@ function api_login(&$a){
 		}
 	}
 
+	require_once('include/auth.php');
+	require_once('include/security.php');
 
-	if (!isset($_SERVER['PHP_AUTH_USER'])) {
-		logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG);
-		header('WWW-Authenticate: Basic realm="Red"');
-		header('HTTP/1.0 401 Unauthorized');
-		die('This api requires login');
-	}
-		
 	// process normal login request
-	require_once('include/auth.php');
-	$channel_login = 0;
-	$record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
-	if(! $record) {
-	        $r = q("select * from channel where channel_address = '%s' limit 1",
+
+	if(isset($_SERVER['PHP_AUTH_USER'])) {
+		$channel_login = 0;
+		$record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
+		if(! $record) {
+	        $r = q("select * from channel left join account on account.account_id = channel.channel_account_id 
+				where channel.channel_address = '%s' limit 1",
 		       dbesc($_SERVER['PHP_AUTH_USER'])
 			);
         	if ($r) {
-			$x = q("select * from account where account_id = %d limit 1",
-			       intval($r[0]['channel_account_id'])
-				);
-			if ($x) {
-				$record = account_verify_password($x[0]['account_email'],$_SERVER['PHP_AUTH_PW']);
+				$record = account_verify_password($r[0]['account_email'],$_SERVER['PHP_AUTH_PW']);
 				if($record)
 					$channel_login = $r[0]['channel_id'];
 			}
 		}
-		if(! $record) {	
-			logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
-			header('WWW-Authenticate: Basic realm="Red"');
-			header('HTTP/1.0 401 Unauthorized');
-			die('This api requires login');
-		}
 	}
 
-	require_once('include/security.php');
-	authenticate_success($record);
+	if($record) {
+		authenticate_success($record);
 
-	if($channel_login)
-		change_channel($channel_login);
+		if($channel_login)
+			change_channel($channel_login);
+
+		$_SESSION['allow_api'] = true;
+		return true;
+	}
+	else {
+		$_SERVER['PHP_AUTH_PW'] = '*****';
+		logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
+		log_failed_login('API login failure');
+		retry_basic_auth();
+	}
 
-	$_SESSION['allow_api'] = true;
 }
+
+
+function retry_basic_auth() {
+	header('WWW-Authenticate: Basic realm="Hubzilla"');
+	header('HTTP/1.0 401 Unauthorized');
+	echo('This api requires login');
+	killme();
+}
\ No newline at end of file