aliens/SemanticScuttle
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Fix bug #2928905: API was broken when no user was logged in

Browse source 
git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@579 b3834d28-1941-0410-a4f8-b48e95affb8f
This commit is contained in:
cweiske 2010-01-16 08:14:39 +00:00
parent a5065ebd63
commit 09538ab147
2 changed files with 22 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
doc/ChangeLog
View file

@ -1,6 +1,10 @@
ChangeLog for SemantiScuttle ChangeLog for SemantiScuttle
============================ ============================
0.95.2 - 2010-FIXME
-------------------
- Fix bug #2928905: API was broken when no user was logged in
0.95.1 - 2009-11-16 0.95.1 - 2009-11-16
------------------- -------------------
- Fix bug: admin tags were not shown because javascript include was broken. - Fix bug: admin tags were not shown because javascript include was broken.

34
www/api/httpauth.inc.php
View file

@ -1,8 +1,8 @@
<?php <?php
require_once '../../src/SemanticScuttle/header.php'; require_once '../../src/SemanticScuttle/header.php';
// Provides HTTP Basic authentication of a user, and sets two variables, sId and username, // Provides HTTP Basic authentication of a user
// with the user's info. // and logs the user in if necessary
function authenticate() { function authenticate() {
header('WWW-Authenticate: Basic realm="SemanticScuttle API"'); header('WWW-Authenticate: Basic realm="SemanticScuttle API"');
@ -11,23 +11,25 @@ function authenticate() {
die(T_("Use of the API calls requires authentication.")); die(T_("Use of the API calls requires authentication."));
} }
if(!$userservice->isLoggedOn()) { if (!$userservice->isLoggedOn()) {
/* Maybe we have caught authentication data in $_SERVER['REMOTE_USER'] /* Maybe we have caught authentication data in $_SERVER['REMOTE_USER']
( Inspired by http://www.yetanothercommunitysystem.com/article-321-regle-comment-utiliser-l-authentification-http-en-php-chez-ovh ) */ ( Inspired by http://www.yetanothercommunitysystem.com/article-321-regle-comment-utiliser-l-authentification-http-en-php-chez-ovh ) */
if((!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) if ((!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']))
&& preg_match('/Basic\s+(.*)$/i', $_SERVER['REMOTE_USER'], $matches)) { && isset($_SERVER['REMOTE_USER'])
list($name, $password) = explode(':', base64_decode($matches[1])); && preg_match('/Basic\s+(.*)$/i', $_SERVER['REMOTE_USER'], $matches)
$_SERVER['PHP_AUTH_USER'] = strip_tags($name); ) {
$_SERVER['PHP_AUTH_PW'] = strip_tags($password); list($name, $password) = explode(':', base64_decode($matches[1]));
$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
} }
if (!isset($_SERVER['PHP_AUTH_USER'])) { if (!isset($_SERVER['PHP_AUTH_USER'])) {
authenticate(); authenticate();
} else { } else {
$login = $userservice->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); $login = $userservice->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
if (!$login) { if (!$login) {
authenticate(); authenticate();
} }
} }
} }
?> ?>