diff options
| -rw-r--r-- | doc/ChangeLog | 4 | ||||
| -rw-r--r-- | www/api/httpauth.inc.php | 34 |
2 files changed, 22 insertions, 16 deletions
diff --git a/doc/ChangeLog b/doc/ChangeLog index 1dcb6a8..e033cb6 100644 --- a/doc/ChangeLog +++ b/doc/ChangeLog @@ -1,6 +1,10 @@ ChangeLog for SemantiScuttle ============================ +0.95.2 - 2010-FIXME +------------------- +- Fix bug #2928905: API was broken when no user was logged in + 0.95.1 - 2009-11-16 ------------------- - Fix bug: admin tags were not shown because javascript include was broken. diff --git a/www/api/httpauth.inc.php b/www/api/httpauth.inc.php index 23e3a5e..1d20d31 100644 --- a/www/api/httpauth.inc.php +++ b/www/api/httpauth.inc.php @@ -1,8 +1,8 @@ <?php require_once '../../src/SemanticScuttle/header.php'; -// Provides HTTP Basic authentication of a user, and sets two variables, sId and username, -// with the user's info. +// Provides HTTP Basic authentication of a user +// and logs the user in if necessary function authenticate() { header('WWW-Authenticate: Basic realm="SemanticScuttle API"'); @@ -11,23 +11,25 @@ function authenticate() { die(T_("Use of the API calls requires authentication.")); } -if(!$userservice->isLoggedOn()) { +if (!$userservice->isLoggedOn()) { /* Maybe we have caught authentication data in $_SERVER['REMOTE_USER'] ( Inspired by http://www.yetanothercommunitysystem.com/article-321-regle-comment-utiliser-l-authentification-http-en-php-chez-ovh ) */ - if((!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) - && preg_match('/Basic\s+(.*)$/i', $_SERVER['REMOTE_USER'], $matches)) { - list($name, $password) = explode(':', base64_decode($matches[1])); - $_SERVER['PHP_AUTH_USER'] = strip_tags($name); - $_SERVER['PHP_AUTH_PW'] = strip_tags($password); + if ((!isset($_SERVER['PHP_AUTH_USER']) || !isset($_SERVER['PHP_AUTH_PW'])) + && isset($_SERVER['REMOTE_USER']) + && preg_match('/Basic\s+(.*)$/i', $_SERVER['REMOTE_USER'], $matches) + ) { + list($name, $password) = explode(':', base64_decode($matches[1])); + $_SERVER['PHP_AUTH_USER'] = strip_tags($name); + $_SERVER['PHP_AUTH_PW'] = strip_tags($password); } - if (!isset($_SERVER['PHP_AUTH_USER'])) { - authenticate(); - } else { - $login = $userservice->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); - if (!$login) { - authenticate(); - } - } + if (!isset($_SERVER['PHP_AUTH_USER'])) { + authenticate(); + } else { + $login = $userservice->login($_SERVER['PHP_AUTH_USER'], $_SERVER['PHP_AUTH_PW']); + if (!$login) { + authenticate(); + } + } } ?> |