aboutsummaryrefslogtreecommitdiffstats
path: root/include/api.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/api.php')
-rw-r--r--include/api.php28
1 files changed, 24 insertions, 4 deletions
diff --git a/include/api.php b/include/api.php
index 57551a3b0..b26c4ea71 100644
--- a/include/api.php
+++ b/include/api.php
@@ -119,16 +119,36 @@ require_once('include/items.php');
// process normal login request
require_once('include/auth.php');
+ $channel_login = 0;
$record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
if(! $record) {
- logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
- header('WWW-Authenticate: Basic realm="Red"');
- header('HTTP/1.0 401 Unauthorized');
- die('This api requires login');
+ $r = q("select * from channel where channel_address = '%s' limit 1",
+ dbesc($_SERVER['PHP_AUTH_USER'])
+ );
+ if ($r) {
+ $x = q("select * from account where account_id = %d limit 1",
+ intval($r[0]['channel_account_id'])
+ );
+ if ($x) {
+ $record = account_verify_password($x[0]['account_email'],$_SERVER['PHP_AUTH_PW']);
+ if($record)
+ $channel_login = $r[0]['channel_id'];
+ }
+ }
+ if(! $record) {
+ logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
+ header('WWW-Authenticate: Basic realm="Red"');
+ header('HTTP/1.0 401 Unauthorized');
+ die('This api requires login');
+ }
}
require_once('include/security.php');
authenticate_success($record);
+
+ if($channel_login)
+ change_channel($channel_login);
+
$_SESSION['allow_api'] = true;
}