From 0a017d37174296abd5a1a34284eaf9313b32ecf4 Mon Sep 17 00:00:00 2001 From: marcus Date: Mon, 22 Sep 2008 20:42:20 +0000 Subject: API improvement. Authentication via token now logs user in for that session. git-svn-id: https://code.elgg.org/elgg/trunk@2103 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/api.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'engine/lib') diff --git a/engine/lib/api.php b/engine/lib/api.php index f32faf9d5..b60f90572 100644 --- a/engine/lib/api.php +++ b/engine/lib/api.php @@ -737,6 +737,8 @@ /** * Function that examines whether an authentication token is present returning true if it is, OR the requested * method doesn't require one. + * + * If a token is present and a validated user id is returned, that user is logged in to the current session. * * @param unknown_type $credentials */ @@ -749,6 +751,9 @@ $validated_userid = validate_user_token($CONFIG->site_id, $token); + if ($validated_userid) + login(get_entity($validated_userid)); + if ((!$METHODS[$method]["require_auth_token"]) || ($validated_userid) || (isloggedin())) return true; else -- cgit v1.2.3