aboutsummaryrefslogtreecommitdiffstats
path: root/include/api_auth.php
diff options
context:
space:
mode:
Diffstat (limited to 'include/api_auth.php')
-rw-r--r--include/api_auth.php80
1 files changed, 42 insertions, 38 deletions
diff --git a/include/api_auth.php b/include/api_auth.php
index ee9db3f55..c9978c99d 100644
--- a/include/api_auth.php
+++ b/include/api_auth.php
@@ -1,16 +1,18 @@
<?php /** @file */
-require_once("oauth.php");
-
-
/**
- * Simple HTTP Login
+ * API Login via basic-auth or OAuth
*/
function api_login(&$a){
+
+ $record = null;
+
+ require_once('include/oauth.php');
+
// login with oauth
try {
- $oauth = new FKOAuth1();
+ $oauth = new ZotOAuth1();
$req = OAuthRequest::from_request();
list($consumer,$token) = $oauth->verify_request($req);
@@ -23,16 +25,14 @@ function api_login(&$a){
call_hooks('logged_in', $a->user);
return;
}
- echo __file__.__line__.__function__."<pre>";
-// var_dump($consumer, $token);
- die();
+ killme();
}
catch(Exception $e) {
logger(__file__.__line__.__function__."\n".$e);
}
-
- // workaround for HTTP-auth in CGI mode
+ // workarounds for HTTP-auth in CGI mode
+
if(x($_SERVER,'REDIRECT_REMOTE_USER')) {
$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ;
if(strlen($userpass)) {
@@ -51,45 +51,49 @@ function api_login(&$a){
}
}
+ require_once('include/auth.php');
+ require_once('include/security.php');
- if (!isset($_SERVER['PHP_AUTH_USER'])) {
- logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG);
- header('WWW-Authenticate: Basic realm="Red"');
- header('HTTP/1.0 401 Unauthorized');
- die('This api requires login');
- }
-
// process normal login request
- require_once('include/auth.php');
- $channel_login = 0;
- $record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
- if(! $record) {
- $r = q("select * from channel where channel_address = '%s' limit 1",
+
+ if(isset($_SERVER['PHP_AUTH_USER'])) {
+ $channel_login = 0;
+ $record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
+ if(! $record) {
+ $r = q("select * from channel left join account on account.account_id = channel.channel_account_id
+ where channel.channel_address = '%s' limit 1",
dbesc($_SERVER['PHP_AUTH_USER'])
);
if ($r) {
- $x = q("select * from account where account_id = %d limit 1",
- intval($r[0]['channel_account_id'])
- );
- if ($x) {
- $record = account_verify_password($x[0]['account_email'],$_SERVER['PHP_AUTH_PW']);
+ $record = account_verify_password($r[0]['account_email'],$_SERVER['PHP_AUTH_PW']);
if($record)
$channel_login = $r[0]['channel_id'];
}
}
- if(! $record) {
- logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
- header('WWW-Authenticate: Basic realm="Red"');
- header('HTTP/1.0 401 Unauthorized');
- die('This api requires login');
- }
}
- require_once('include/security.php');
- authenticate_success($record);
+ if($record) {
+ authenticate_success($record);
- if($channel_login)
- change_channel($channel_login);
+ if($channel_login)
+ change_channel($channel_login);
+
+ $_SESSION['allow_api'] = true;
+ return true;
+ }
+ else {
+ $_SERVER['PHP_AUTH_PW'] = '*****';
+ logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
+ log_failed_login('API login failure');
+ retry_basic_auth();
+ }
- $_SESSION['allow_api'] = true;
}
+
+
+function retry_basic_auth() {
+ header('WWW-Authenticate: Basic realm="Hubzilla"');
+ header('HTTP/1.0 401 Unauthorized');
+ echo('This api requires login');
+ killme();
+} \ No newline at end of file