From 5e767144c9fad9fe84573f4c46cd74b8edf76391 Mon Sep 17 00:00:00 2001
From: zotlabs <mike@macgirvin.com>
Date: Thu, 31 Aug 2017 19:09:07 -0700
Subject: simplify api_auth

---
 include/api_auth.php | 24 +++++++++---------------
 1 file changed, 9 insertions(+), 15 deletions(-)

(limited to 'include/api_auth.php')

diff --git a/include/api_auth.php b/include/api_auth.php
index e5cd7cab3..7fc8dec3a 100644
--- a/include/api_auth.php
+++ b/include/api_auth.php
@@ -33,21 +33,15 @@ function api_login(&$a){
 		
 	// workarounds for HTTP-auth in CGI mode
 
-	if(x($_SERVER,'REDIRECT_REMOTE_USER')) {
-		$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ;
-		if(strlen($userpass)) {
-			list($name, $password) = explode(':', $userpass);
-			$_SERVER['PHP_AUTH_USER'] = $name;
-			$_SERVER['PHP_AUTH_PW'] = $password;
-		}
-	}
-
-	if(x($_SERVER,'HTTP_AUTHORIZATION')) {
-		$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"],6)) ;
-		if(strlen($userpass)) {
-			list($name, $password) = explode(':', $userpass);
-			$_SERVER['PHP_AUTH_USER'] = $name;
-			$_SERVER['PHP_AUTH_PW'] = $password;
+	foreach([ 'REDIRECT_REMOTE_USER', 'HTTP_AUTHORIZATION' ] as $head) {
+		if(array_key_exists($head,$_SERVER) && substr(trim($_SERVER[$head]),0,5) === 'Basic') {
+			$userpass = @base64_decode(substr(trim($_SERVER[$head]),6)) ;
+			if(strlen($userpass)) {
+				list($name, $password) = explode(':', $userpass);
+				$_SERVER['PHP_AUTH_USER'] = $name;
+				$_SERVER['PHP_AUTH_PW']   = $password;
+			}
+			break;
 		}
 	}
 
-- 
cgit v1.2.3