diff options
author | cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2010-01-16 08:14:39 +0000 |
---|---|---|
committer | cweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f> | 2010-01-16 08:14:39 +0000 |
commit | 09538ab1475dcf465bdb009f2ae341f311c4902d (patch) | |
tree | 781809a65bb0def08953d4bccd1cc27f1b3657c3 /www/api | |
parent | a5065ebd639454b83d3694c47b65d503154d24fe (diff) | |
download | semanticscuttle-09538ab1475dcf465bdb009f2ae341f311c4902d.tar.gz semanticscuttle-09538ab1475dcf465bdb009f2ae341f311c4902d.tar.bz2 |
Fix bug #2928905: API was broken when no user was logged in
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@579 b3834d28-1941-0410-a4f8-b48e95affb8f
Diffstat (limited to 'www/api')
-rw-r--r-- | www/api/httpauth.inc.php | 34 |
1 files changed, 18 insertions, 16 deletions
diff --git a/www/api/httpauth.inc.php b/www/api/httpauth.inc.php index 23e3a5e..1d20d31 100644 --- a/www/api/httpauth.inc.php +++ b/www/api/httpauth.inc.php @@ -1,8 +1,8 @@ <?php require_once '../../src/SemanticScuttle/header.php'; -// Provides HTTP Basic authentication of a user, and sets two variables, sId and username, -// with the user's info. +// Provides HTTP Basic authentication of a user +// and logs the user in if necessary function authenticate() { header('WWW-Authenticate: Basic realm="SemanticScuttle API"'); @@ -11,23 +11,25 @@ function authenticate() { die(T_("Use of the API calls requires authentication.")); } -if(!$userservice->isLoggedOn()) { +if (!$userservice->isLoggedOn()) { /* Maybe we have caught authentication data in $_SERVER['REMOTE_USER'] ( Inspired by http://www.yetanothercommunitysystem.com/article-321-regle-comment-utiliser-l-authentification-http-en-php-chez-ovh ) */ - if((!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) - && preg_match('/Basic\s+(.*)$/i', $_SERVER['REMOTE_USER'], $matches)) { - list($name, $password) = explode(':', base64_decode($matches[1])); - $_SERVER['PHP_AUTH_USER'] = strip_tags($name); - $_SERVER['PHP_AUTH_PW'] = strip_tags($password); + if ((!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) + && isset($_SERVER['REMOTE_USER']) + && preg_match('/Basic\s+(.*)$/i', $_SERVER['REMOTE_USER'], $matches) + ) { + list($name, $password) = explode(':', base64_decode($matches[1])); + $_SERVER['PHP_AUTH_USER'] = strip_tags($name); + $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } - if (!isset($_SERVER['PHP_AUTH_USER'])) { - authenticate(); - } else { - $login = $userservice->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); - if (!$login) { - authenticate(); - } - } + if (!isset($_SERVER['PHP_AUTH_USER'])) { + authenticate(); + } else { + $login = $userservice->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); + if (!$login) { + authenticate(); + } + } } ?> |