diff options
| author | redmatrix <redmatrix@redmatrix.me> | 2015-12-10 16:39:46 -0800 |
|---|---|---|
| committer | redmatrix <redmatrix@redmatrix.me> | 2015-12-10 16:39:46 -0800 |
| commit | 8389d8677d4e2deaaf5da028d9abacf7ce5ef250 (patch) | |
| tree | 8a1e84005f2aa84be16be7fdbacbdcc3f8807641 /include/api_auth.php | |
| parent | 7fa944ed953cbf2b9ee044d46e74dfd299237fa7 (diff) | |
| download | volse-hubzilla-8389d8677d4e2deaaf5da028d9abacf7ce5ef250.tar.gz volse-hubzilla-8389d8677d4e2deaaf5da028d9abacf7ce5ef250.tar.bz2 volse-hubzilla-8389d8677d4e2deaaf5da028d9abacf7ce5ef250.zip | |
some major cleanup of api authentication stuff - still needs much more and this still may not solve #206
Diffstat (limited to 'include/api_auth.php')
| -rw-r--r-- | include/api_auth.php | 66 |
1 files changed, 33 insertions, 33 deletions
diff --git a/include/api_auth.php b/include/api_auth.php index cabaed93e..c9978c99d 100644 --- a/include/api_auth.php +++ b/include/api_auth.php @@ -1,16 +1,18 @@ <?php /** @file */ -require_once('include/oauth.php'); - - /** - * Simple HTTP Login + * API Login via basic-auth or OAuth */ function api_login(&$a){ + + $record = null; + + require_once('include/oauth.php'); + // login with oauth try { - $oauth = new FKOAuth1(); + $oauth = new ZotOAuth1(); $req = OAuthRequest::from_request(); list($consumer,$token) = $oauth->verify_request($req); @@ -23,16 +25,14 @@ function api_login(&$a){ call_hooks('logged_in', $a->user); return; } - echo __file__.__line__.__function__."<pre>"; -// var_dump($consumer, $token); killme(); } catch(Exception $e) { logger(__file__.__line__.__function__."\n".$e); } - - // workaround for HTTP-auth in CGI mode + // workarounds for HTTP-auth in CGI mode + if(x($_SERVER,'REDIRECT_REMOTE_USER')) { $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ; if(strlen($userpass)) { @@ -51,43 +51,43 @@ function api_login(&$a){ } } + require_once('include/auth.php'); + require_once('include/security.php'); - if (!isset($_SERVER['PHP_AUTH_USER'])) { - logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG); - retry_basic_auth(); - } - // process normal login request - require_once('include/auth.php'); - $channel_login = 0; - $record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']); - if(! $record) { - $r = q("select * from channel where channel_address = '%s' limit 1", + + if(isset($_SERVER['PHP_AUTH_USER'])) { + $channel_login = 0; + $record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']); + if(! $record) { + $r = q("select * from channel left join account on account.account_id = channel.channel_account_id + where channel.channel_address = '%s' limit 1", dbesc($_SERVER['PHP_AUTH_USER']) ); if ($r) { - $x = q("select * from account where account_id = %d limit 1", - intval($r[0]['channel_account_id']) - ); - if ($x) { - $record = account_verify_password($x[0]['account_email'],$_SERVER['PHP_AUTH_PW']); + $record = account_verify_password($r[0]['account_email'],$_SERVER['PHP_AUTH_PW']); if($record) $channel_login = $r[0]['channel_id']; } } - if(! $record) { - logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG); - retry_basic_auth(); - } } - require_once('include/security.php'); - authenticate_success($record); + if($record) { + authenticate_success($record); + + if($channel_login) + change_channel($channel_login); - if($channel_login) - change_channel($channel_login); + $_SESSION['allow_api'] = true; + return true; + } + else { + $_SERVER['PHP_AUTH_PW'] = '*****'; + logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG); + log_failed_login('API login failure'); + retry_basic_auth(); + } - $_SESSION['allow_api'] = true; } |