aboutsummaryrefslogtreecommitdiffstats
path: root/include
diff options
context:
space:
mode:
authorfriendica <info@friendica.com>2014-08-10 19:53:26 -0700
committerfriendica <info@friendica.com>2014-08-10 19:53:26 -0700
commitb12e40a4e86d162a739fc9b9c3664335d3b1481e (patch)
treeb6886034fc95b7fb0e06ed17942eac0b8d5bdc61 /include
parent24db2e446812147a39e9399025415763c8583bbb (diff)
downloadvolse-hubzilla-b12e40a4e86d162a739fc9b9c3664335d3b1481e.tar.gz
volse-hubzilla-b12e40a4e86d162a739fc9b9c3664335d3b1481e.tar.bz2
volse-hubzilla-b12e40a4e86d162a739fc9b9c3664335d3b1481e.zip
allow channel login to the api, just like with the cloud
Diffstat (limited to 'include')
-rw-r--r--include/api.php28
1 files changed, 24 insertions, 4 deletions
diff --git a/include/api.php b/include/api.php
index 57551a3b0..b26c4ea71 100644
--- a/include/api.php
+++ b/include/api.php
@@ -119,16 +119,36 @@ require_once('include/items.php');
// process normal login request
require_once('include/auth.php');
+ $channel_login = 0;
$record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
if(! $record) {
- logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
- header('WWW-Authenticate: Basic realm="Red"');
- header('HTTP/1.0 401 Unauthorized');
- die('This api requires login');
+ $r = q("select * from channel where channel_address = '%s' limit 1",
+ dbesc($_SERVER['PHP_AUTH_USER'])
+ );
+ if ($r) {
+ $x = q("select * from account where account_id = %d limit 1",
+ intval($r[0]['channel_account_id'])
+ );
+ if ($x) {
+ $record = account_verify_password($x[0]['account_email'],$_SERVER['PHP_AUTH_PW']);
+ if($record)
+ $channel_login = $r[0]['channel_id'];
+ }
+ }
+ if(! $record) {
+ logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
+ header('WWW-Authenticate: Basic realm="Red"');
+ header('HTTP/1.0 401 Unauthorized');
+ die('This api requires login');
+ }
}
require_once('include/security.php');
authenticate_success($record);
+
+ if($channel_login)
+ change_channel($channel_login);
+
$_SESSION['allow_api'] = true;
}