From 09538ab1475dcf465bdb009f2ae341f311c4902d Mon Sep 17 00:00:00 2001
From: cweiske
Date: Sat, 16 Jan 2010 08:14:39 +0000
Subject: Fix bug #2928905: API was broken when no user was logged in

git-svn-id: https://semanticscuttle.svn.sourceforge.net/svnroot/semanticscuttle/trunk@579 b3834d28-1941-0410-a4f8-b48e95affb8f
---
 doc/ChangeLog            |  4 ++++
 www/api/httpauth.inc.php | 34 ++++++++++++++++++----------------
 2 files changed, 22 insertions(+), 16 deletions(-)

diff --git a/doc/ChangeLog b/doc/ChangeLog
index 1dcb6a8..e033cb6 100644
--- a/doc/ChangeLog
+++ b/doc/ChangeLog
@@ -1,6 +1,10 @@
 ChangeLog for SemantiScuttle
 ============================
 
+0.95.2 - 2010-FIXME
+-------------------
+- Fix bug #2928905: API was broken when no user was logged in
+
 0.95.1 - 2009-11-16
 -------------------
 - Fix bug: admin tags were not shown because javascript include was broken.
diff --git a/www/api/httpauth.inc.php b/www/api/httpauth.inc.php
index 23e3a5e..1d20d31 100644
--- a/www/api/httpauth.inc.php
+++ b/www/api/httpauth.inc.php
@@ -1,8 +1,8 @@
 <?php
 require_once '../../src/SemanticScuttle/header.php';
 
-//  Provides HTTP Basic authentication of a user, and sets two variables, sId and username,
-//  with the user's info.
+// Provides HTTP Basic authentication of a user
+// and logs the user in if necessary
 
 function authenticate() {
 	header('WWW-Authenticate: Basic realm="SemanticScuttle API"');
@@ -11,23 +11,25 @@ function authenticate() {
 	die(T_("Use of the API calls requires authentication."));
 }
 
-if(!$userservice->isLoggedOn()) {
+if (!$userservice->isLoggedOn()) {
 	/* Maybe we have caught authentication data in $_SERVER['REMOTE_USER']
 	 ( Inspired by http://www.yetanothercommunitysystem.com/article-321-regle-comment-utiliser-l-authentification-http-en-php-chez-ovh ) */
-	if((!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']))
-	&& preg_match('/Basic\s+(.*)$/i', $_SERVER['REMOTE_USER'], $matches)) {
-		list($name, $password) = explode(':', base64_decode($matches[1]));
-		$_SERVER['PHP_AUTH_USER'] = strip_tags($name);
-		$_SERVER['PHP_AUTH_PW'] = strip_tags($password);
+	if ((!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW']))
+        && isset($_SERVER['REMOTE_USER'])
+        && preg_match('/Basic\s+(.*)$/i', $_SERVER['REMOTE_USER'], $matches)
+    ) {
+        list($name, $password) = explode(':', base64_decode($matches[1]));
+        $_SERVER['PHP_AUTH_USER'] = strip_tags($name);
+        $_SERVER['PHP_AUTH_PW'] = strip_tags($password);
 	}
 
-	if (!isset($_SERVER['PHP_AUTH_USER'])) {
-		authenticate();
-	} else {
-		$login = $userservice->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
-		if (!$login) {
-			authenticate();
-		}
-	}
+    if (!isset($_SERVER['PHP_AUTH_USER'])) {
+        authenticate();
+    } else {
+        $login = $userservice->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']);
+        if (!$login) {
+            authenticate();
+        }
+    }
 }
 ?>
-- 
cgit v1.2.3-54-g00ecf