aboutsummaryrefslogtreecommitdiffstats
path: root/include/api_auth.php
diff options
context:
space:
mode:
authorHaakon Meland Eriksen <haakon.eriksen@far.no>2015-12-14 18:55:43 +0100
committerHaakon Meland Eriksen <haakon.eriksen@far.no>2015-12-14 18:55:43 +0100
commit3b1ab5e79cbbf2a8f65cb4dc388e2257a3e857af (patch)
tree84b87fb47a27035afd2a354d11c36e8259f4c18e /include/api_auth.php
parent565126a888d70dce853a2351b698bbc0695f0ba9 (diff)
parentdcf7946673fd57325fc848df8f8cea7a84cc35b6 (diff)
downloadvolse-hubzilla-3b1ab5e79cbbf2a8f65cb4dc388e2257a3e857af.tar.gz
volse-hubzilla-3b1ab5e79cbbf2a8f65cb4dc388e2257a3e857af.tar.bz2
volse-hubzilla-3b1ab5e79cbbf2a8f65cb4dc388e2257a3e857af.zip
Merge remote-tracking branch 'upstream/master'
Diffstat (limited to 'include/api_auth.php')
-rw-r--r--include/api_auth.php84
1 files changed, 44 insertions, 40 deletions
diff --git a/include/api_auth.php b/include/api_auth.php
index ee9db3f55..26a9df8d4 100644
--- a/include/api_auth.php
+++ b/include/api_auth.php
@@ -1,17 +1,19 @@
<?php /** @file */
-require_once("oauth.php");
-
-
/**
- * Simple HTTP Login
+ * API Login via basic-auth or OAuth
*/
function api_login(&$a){
+
+ $record = null;
+
+ require_once('include/oauth.php');
+
// login with oauth
try {
- $oauth = new FKOAuth1();
- $req = OAuthRequest::from_request();
+ $oauth = new ZotOAuth1();
+ $req = OAuth1Request::from_request();
list($consumer,$token) = $oauth->verify_request($req);
@@ -23,16 +25,14 @@ function api_login(&$a){
call_hooks('logged_in', $a->user);
return;
}
- echo __file__.__line__.__function__."<pre>";
-// var_dump($consumer, $token);
- die();
+ killme();
}
catch(Exception $e) {
- logger(__file__.__line__.__function__."\n".$e);
+ logger($e->getMessage());
}
-
- // workaround for HTTP-auth in CGI mode
+ // workarounds for HTTP-auth in CGI mode
+
if(x($_SERVER,'REDIRECT_REMOTE_USER')) {
$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ;
if(strlen($userpass)) {
@@ -51,45 +51,49 @@ function api_login(&$a){
}
}
+ require_once('include/auth.php');
+ require_once('include/security.php');
- if (!isset($_SERVER['PHP_AUTH_USER'])) {
- logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG);
- header('WWW-Authenticate: Basic realm="Red"');
- header('HTTP/1.0 401 Unauthorized');
- die('This api requires login');
- }
-
// process normal login request
- require_once('include/auth.php');
- $channel_login = 0;
- $record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
- if(! $record) {
- $r = q("select * from channel where channel_address = '%s' limit 1",
+
+ if(isset($_SERVER['PHP_AUTH_USER'])) {
+ $channel_login = 0;
+ $record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
+ if(! $record) {
+ $r = q("select * from channel left join account on account.account_id = channel.channel_account_id
+ where channel.channel_address = '%s' limit 1",
dbesc($_SERVER['PHP_AUTH_USER'])
);
if ($r) {
- $x = q("select * from account where account_id = %d limit 1",
- intval($r[0]['channel_account_id'])
- );
- if ($x) {
- $record = account_verify_password($x[0]['account_email'],$_SERVER['PHP_AUTH_PW']);
+ $record = account_verify_password($r[0]['account_email'],$_SERVER['PHP_AUTH_PW']);
if($record)
$channel_login = $r[0]['channel_id'];
}
}
- if(! $record) {
- logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
- header('WWW-Authenticate: Basic realm="Red"');
- header('HTTP/1.0 401 Unauthorized');
- die('This api requires login');
- }
}
- require_once('include/security.php');
- authenticate_success($record);
+ if($record) {
+ authenticate_success($record);
- if($channel_login)
- change_channel($channel_login);
+ if($channel_login)
+ change_channel($channel_login);
+
+ $_SESSION['allow_api'] = true;
+ return true;
+ }
+ else {
+ $_SERVER['PHP_AUTH_PW'] = '*****';
+ logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
+ log_failed_login('API login failure');
+ retry_basic_auth();
+ }
- $_SESSION['allow_api'] = true;
}
+
+
+function retry_basic_auth() {
+ header('WWW-Authenticate: Basic realm="Hubzilla"');
+ header('HTTP/1.0 401 Unauthorized');
+ echo('This api requires login');
+ killme();
+} \ No newline at end of file