From 45f7ac5696d51a8cb8a538b9dded640df27128a5 Mon Sep 17 00:00:00 2001 From: marcus Date: Thu, 25 Sep 2008 19:54:04 +0000 Subject: Committing what I have at the end of the day, api still not 100% git-svn-id: https://code.elgg.org/elgg/trunk@2138 36083f99-b078-4883-b0ff-0f9b5a30f544 --- services/api/rest.php | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) (limited to 'services/api') diff --git a/services/api/rest.php b/services/api/rest.php index cee7ebc43..c6632cbc7 100644 --- a/services/api/rest.php +++ b/services/api/rest.php @@ -29,21 +29,20 @@ throw new SecurityException(elgg_echo('SecurityException:APIAccessDenied')); // Register some default PAM methods, plugins can add their own - register_pam_handler('pam_auth_session'); - register_pam_handler('pam_auth_hmac'); + register_pam_handler('pam_auth_session_or_hmac'); // Command must either be authenticated by a hmac or the user is already logged in register_pam_handler('pam_auth_usertoken', 'required'); // Either token present and valid OR method doesn't require one. register_pam_handler('pam_auth_anonymous_method'); // Support anonymous functions // Get parameter variables $method = get_input('method'); $result = null; - + // Authenticate session if (pam_authenticate()) { // Authenticated somehow, now execute. - $token = ""; - $params = $CONFIG->input;// Use $CONFIG->input instead of $_REQUEST since this is called by the pagehandler + $token = ""; + $params = get_parameters_for_method($method); // Use $CONFIG->input instead of $_REQUEST since this is called by the pagehandler if (isset($params['auth_token'])) $token = $params['auth_token']; $result = execute_method($method, $params, $token); -- cgit v1.2.3