1 files changed, 14 insertions, 26 deletions

diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php
index 9c73b47b9..995976dcd 100644
--- a/Zotlabs/Storage/BasicAuth.php
+++ b/Zotlabs/Storage/BasicAuth.php
@@ -91,33 +91,20 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
 
 		require_once('include/auth.php');
 		$record = account_verify_password($username, $password);
-		if ($record && $record['account_default_channel']) {
-			$r = q("SELECT * FROM channel WHERE channel_account_id = %d AND channel_id = %d LIMIT 1",
-				intval($record['account_id']),
-				intval($record['account_default_channel'])
-			);
-			if($r && $this->check_module_access($r[0]['channel_id'])) {
-				return $this->setAuthenticated($r[0]);
+		if($record && $record['account']) {
+			if($record['channel'])
+				$channel = $record['channel'];
+			else {
+				$r = q("SELECT * FROM channel WHERE channel_account_id = %d AND channel_id = %d LIMIT 1",
+					intval($record['account']['account_id']),
+					intval($record['account']['account_default_channel'])
+				);
+				if($r)
+					$channel = $r[0];
 			}
 		}
-		$r = q("SELECT * FROM channel WHERE channel_address = '%s' LIMIT 1",
-			dbesc($username)
-		);
-		if ($r) {
-			$x = q("SELECT account_flags, account_salt, account_password FROM account WHERE account_id = %d LIMIT 1",
-				intval($r[0]['channel_account_id'])
-			);
-			if ($x) {
-				// @fixme this foreach should not be needed?
-				foreach ($x as $record) {
-					if ((($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED))
-					&& (hash('whirlpool', $record['account_salt'] . $password) === $record['account_password'])) {
-						logger('password verified for ' . $username);
-						if($this->check_module_access($r[0]['channel_id']))
-							return $this->setAuthenticated($r[0]);
-					}
-				}
-			}
+		if($channel && $this->check_module_access($channel['channel_id'])) {
+			return $this->setAuthenticated($channel);
 		}
 
 		if($this->module_disabled)
@@ -178,6 +165,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
     function check(RequestInterface $request, ResponseInterface $response) {
 
 		if(local_channel()) {
+			$this->setAuthenticated(\App::get_channel());
 			return [ true, $this->principalPrefix . $this->channel_name ];
 		}
 
@@ -275,4 +263,4 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
 		logger('owner_id ' . $this->owner_id, LOGGER_DATA);
 		logger('owner_nick ' . $this->owner_nick, LOGGER_DATA);
 	}
-}
\ No newline at end of file
+}