diff options
| author | zotlabs <mike@macgirvin.com> | 2017-08-31 19:09:07 -0700 |
|---|---|---|
| committer | zotlabs <mike@macgirvin.com> | 2017-08-31 19:09:07 -0700 |
| commit | 5e767144c9fad9fe84573f4c46cd74b8edf76391 (patch) | |
| tree | eb006bd9ae04d528aa755c8e36d004eb166468ce /include | |
| parent | 6d87311394356f2f072c55338673d6ebc865eede (diff) | |
| download | volse-hubzilla-5e767144c9fad9fe84573f4c46cd74b8edf76391.tar.gz volse-hubzilla-5e767144c9fad9fe84573f4c46cd74b8edf76391.tar.bz2 volse-hubzilla-5e767144c9fad9fe84573f4c46cd74b8edf76391.zip | |
simplify api_auth
Diffstat (limited to 'include')
| -rw-r--r-- | include/api_auth.php | 24 |
1 files changed, 9 insertions, 15 deletions
diff --git a/include/api_auth.php b/include/api_auth.php index e5cd7cab3..7fc8dec3a 100644 --- a/include/api_auth.php +++ b/include/api_auth.php @@ -33,21 +33,15 @@ function api_login(&$a){ // workarounds for HTTP-auth in CGI mode - if(x($_SERVER,'REDIRECT_REMOTE_USER')) { - $userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ; - if(strlen($userpass)) { - list($name, $password) = explode(':', $userpass); - $_SERVER['PHP_AUTH_USER'] = $name; - $_SERVER['PHP_AUTH_PW'] = $password; - } - } - - if(x($_SERVER,'HTTP_AUTHORIZATION')) { - $userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"],6)) ; - if(strlen($userpass)) { - list($name, $password) = explode(':', $userpass); - $_SERVER['PHP_AUTH_USER'] = $name; - $_SERVER['PHP_AUTH_PW'] = $password; + foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) { + if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,5) === 'Basic') { + $userpass = @base64_decode(substr(trim($_SERVER[$head]),6)) ; + if(strlen($userpass)) { + list($name, $password) = explode(':', $userpass); + $_SERVER['PHP_AUTH_USER'] = $name; + $_SERVER['PHP_AUTH_PW'] = $password; + } + break; } } |