some major cleanup of api authentication stuff - still needs much more and this still may not solve #206
This commit is contained in:
redmatrix
@@ -1,16 +1,18 @@
|
||||
<?php /** @file */
|
||||
|
||||
require_once('include/oauth.php');
|
||||
|
||||
|
||||
/**
|
||||
* Simple HTTP Login
|
||||
* API Login via basic-auth or OAuth
|
||||
*/
|
||||
|
||||
function api_login(&$a){
|
||||
|
||||
$record = null;
|
||||
|
||||
require_once('include/oauth.php');
|
||||
|
||||
// login with oauth
|
||||
try {
|
||||
$oauth = new FKOAuth1();
|
||||
$oauth = new ZotOAuth1();
|
||||
$req = OAuthRequest::from_request();
|
||||
|
||||
list($consumer,$token) = $oauth->verify_request($req);
|
||||
@@ -23,16 +25,14 @@ function api_login(&$a){
|
||||
call_hooks('logged_in', $a->user);
|
||||
return;
|
||||
}
|
||||
echo __file__.__line__.__function__."<pre>";
|
||||
// var_dump($consumer, $token);
|
||||
killme();
|
||||
}
|
||||
catch(Exception $e) {
|
||||
logger(__file__.__line__.__function__."\n".$e);
|
||||
}
|
||||
|
||||
|
||||
// workaround for HTTP-auth in CGI mode
|
||||
// workarounds for HTTP-auth in CGI mode
|
||||
|
||||
if(x($_SERVER,'REDIRECT_REMOTE_USER')) {
|
||||
$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ;
|
||||
if(strlen($userpass)) {
|
||||
@@ -51,43 +51,43 @@ function api_login(&$a){
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
if (!isset($_SERVER['PHP_AUTH_USER'])) {
|
||||
logger('API_login: ' . print_r($_SERVER,true), LOGGER_DEBUG);
|
||||
retry_basic_auth();
|
||||
}
|
||||
|
||||
// process normal login request
|
||||
require_once('include/auth.php');
|
||||
$channel_login = 0;
|
||||
$record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
|
||||
if(! $record) {
|
||||
$r = q("select * from channel where channel_address = '%s' limit 1",
|
||||
require_once('include/security.php');
|
||||
|
||||
// process normal login request
|
||||
|
||||
if(isset($_SERVER['PHP_AUTH_USER'])) {
|
||||
$channel_login = 0;
|
||||
$record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
|
||||
if(! $record) {
|
||||
$r = q("select * from channel left join account on account.account_id = channel.channel_account_id
|
||||
where channel.channel_address = '%s' limit 1",
|
||||
dbesc($_SERVER['PHP_AUTH_USER'])
|
||||
);
|
||||
if ($r) {
|
||||
$x = q("select * from account where account_id = %d limit 1",
|
||||
intval($r[0]['channel_account_id'])
|
||||
);
|
||||
if ($x) {
|
||||
$record = account_verify_password($x[0]['account_email'],$_SERVER['PHP_AUTH_PW']);
|
||||
$record = account_verify_password($r[0]['account_email'],$_SERVER['PHP_AUTH_PW']);
|
||||
if($record)
|
||||
$channel_login = $r[0]['channel_id'];
|
||||
}
|
||||
}
|
||||
if(! $record) {
|
||||
logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
|
||||
retry_basic_auth();
|
||||
}
|
||||
}
|
||||
|
||||
require_once('include/security.php');
|
||||
authenticate_success($record);
|
||||
if($record) {
|
||||
authenticate_success($record);
|
||||
|
||||
if($channel_login)
|
||||
change_channel($channel_login);
|
||||
if($channel_login)
|
||||
change_channel($channel_login);
|
||||
|
||||
$_SESSION['allow_api'] = true;
|
||||
return true;
|
||||
}
|
||||
else {
|
||||
$_SERVER['PHP_AUTH_PW'] = '*****';
|
||||
logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
|
||||
log_failed_login('API login failure');
|
||||
retry_basic_auth();
|
||||
}
|
||||
|
||||
$_SESSION['allow_api'] = true;
|
||||
}
|
||||
|
||||
|
||||
|
||||
Reference in New Issue
Block a user