summaryrefslogtreecommitdiff
path: root/www
diff options
context:
space:
mode:
authorcweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f>2010-01-16 08:14:39 +0000
committercweiske <cweiske@b3834d28-1941-0410-a4f8-b48e95affb8f>2010-01-16 08:14:39 +0000
commit09538ab1475dcf465bdb009f2ae341f311c4902d (patch)
tree781809a65bb0def08953d4bccd1cc27f1b3657c3 /www
parenta5065ebd639454b83d3694c47b65d503154d24fe (diff)
downloadsemanticscuttle-09538ab1475dcf465bdb009f2ae341f311c4902d.tar.gz
semanticscuttle-09538ab1475dcf465bdb009f2ae341f311c4902d.tar.bz2
Fix bug #2928905: API was broken when no user was logged in
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@579 b3834d28-1941-0410-a4f8-b48e95affb8f
Diffstat (limited to 'www')
-rw-r--r--www/api/httpauth.inc.php34
1 files changed, 18 insertions, 16 deletions
diff --git a/www/api/httpauth.inc.php b/www/api/httpauth.inc.php
index 23e3a5e..1d20d31 100644
--- a/www/api/httpauth.inc.php
+++ b/www/api/httpauth.inc.php
@@ -1,8 +1,8 @@
<?php
require_once '../../src/SemanticScuttle/header.php';
-// Provides HTTP Basic authentication of a user, and sets two variables, sId and username,
-// with the user's info.
+// Provides HTTP Basic authentication of a user
+// and logs the user in if necessary
function authenticate() {
header('WWW-Authenticate: Basic realm="SemanticScuttle API"');
@@ -11,23 +11,25 @@ function authenticate() {
die(T_("Use of the API calls requires authentication."));
}
-if(!$userservice->isLoggedOn()) {
+if (!$userservice->isLoggedOn()) {
/* Maybe we have caught authentication data in $_SERVER['REMOTE_USER']
( Inspired by http://www.yetanothercommunitysystem.com/article-321-regle-comment-utiliser-l-authentification-http-en-php-chez-ovh ) */
- if((!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']))
- && preg_match('/Basic\s+(.*)$/i', $_SERVER['REMOTE_USER'], $matches)) {
- list($name, $password) = explode(':', base64_decode($matches[1]));
- $_SERVER['PHP_AUTH_USER'] = strip_tags($name);
- $_SERVER['PHP_AUTH_PW'] = strip_tags($password);
+ if ((!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']))
+ && isset($_SERVER['REMOTE_USER'])
+ && preg_match('/Basic\s+(.*)$/i', $_SERVER['REMOTE_USER'], $matches)
+ ) {
+ list($name, $password) = explode(':', base64_decode($matches[1]));
+ $_SERVER['PHP_AUTH_USER'] = strip_tags($name);
+ $_SERVER['PHP_AUTH_PW'] = strip_tags($password);
}
- if (!isset($_SERVER['PHP_AUTH_USER'])) {
- authenticate();
- } else {
- $login = $userservice->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
- if (!$login) {
- authenticate();
- }
- }
+ if (!isset($_SERVER['PHP_AUTH_USER'])) {
+ authenticate();
+ } else {
+ $login = $userservice->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
+ if (!$login) {
+ authenticate();
+ }
+ }
}
?>