allow channel login to the api, just like with the cloud

1 files changed, 24 insertions, 4 deletions

diff --git a/include/api.php b/include/api.php
index 57551a3b0..b26c4ea71 100644
--- a/include/api.php
+++ b/include/api.php
@@ -119,16 +119,36 @@ require_once('include/items.php');
 		
 		// process normal login request
 		require_once('include/auth.php');
+		$channel_login = 0;
 		$record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
 		if(! $record) {
-		   logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
-		    header('WWW-Authenticate: Basic realm="Red"');
-		    header('HTTP/1.0 401 Unauthorized');
-		    die('This api requires login');
+	        $r = q("select * from channel where channel_address = '%s' limit 1",
+    	        dbesc($_SERVER['PHP_AUTH_USER'])
+        	);
+        	if ($r) {
+            	$x = q("select * from account where account_id = %d limit 1",
+                	intval($r[0]['channel_account_id'])
+            	);
+            	if ($x) {
+					$record = account_verify_password($x[0]['account_email'],$_SERVER['PHP_AUTH_PW']);
+					if($record)
+						$channel_login = $r[0]['channel_id'];
+				}
+			}
+			if(! $record) {	
+				logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
+				header('WWW-Authenticate: Basic realm="Red"');
+				header('HTTP/1.0 401 Unauthorized');
+				die('This api requires login');
+			}
 		}
 
 		require_once('include/security.php');
 		authenticate_success($record);
+
+		if($channel_login)
+			change_channel($channel_login);
+
 		$_SESSION['allow_api'] = true;
 	}