From 45f7ac5696d51a8cb8a538b9dded640df27128a5 Mon Sep 17 00:00:00 2001
From: marcus <marcus@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Thu, 25 Sep 2008 19:54:04 +0000
Subject: Committing what I have at the end of the day, api still not 100%

git-svn-id: https://code.elgg.org/elgg/trunk@2138 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 services/api/rest.php | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

(limited to 'services')

diff --git a/services/api/rest.php b/services/api/rest.php
index cee7ebc43..c6632cbc7 100644
--- a/services/api/rest.php
+++ b/services/api/rest.php
@@ -29,21 +29,20 @@
 		throw new SecurityException(elgg_echo('SecurityException:APIAccessDenied'));
 
 	// Register some default PAM methods, plugins can add their own
-	register_pam_handler('pam_auth_session');
-	register_pam_handler('pam_auth_hmac');
+	register_pam_handler('pam_auth_session_or_hmac'); // Command must either be authenticated by a hmac or the user is already logged in
 	register_pam_handler('pam_auth_usertoken', 'required'); // Either token present and valid OR method doesn't require one.
 	register_pam_handler('pam_auth_anonymous_method'); // Support anonymous functions
 	
 	// Get parameter variables
 	$method = get_input('method');
 	$result = null;
-	
+
 	// Authenticate session
 	if (pam_authenticate())
 	{
 		// Authenticated somehow, now execute.
-		$token = "";
-		$params = $CONFIG->input;// Use $CONFIG->input instead of $_REQUEST since this is called by the pagehandler
+		$token = "";		
+		$params = get_parameters_for_method($method); // Use $CONFIG->input instead of $_REQUEST since this is called by the pagehandler
 		if (isset($params['auth_token'])) $token = $params['auth_token'];
 
 		$result = execute_method($method, $params, $token);
-- 
cgit v1.2.3