Change authentication method to basic http auth instead of using $_GET variables

Also use OC_User::isLoggedIn to check if new authentication is needed for grouplist.php and userlist.php
For validateuser.php, credentials are always needed.

1 files changed, 21 insertions, 15 deletions

diff --git a/core/ajax/grouplist.php b/core/ajax/grouplist.php
index 9b6c4bfa8a8..d0d10f7a84e 100644
--- a/core/ajax/grouplist.php
+++ b/core/ajax/grouplist.php
@@ -21,25 +21,31 @@
 *
 */
 
-
-// We send json data
-header( "Content-Type: application/jsonrequest" );
-
 $RUNTIME_NOAPPS = TRUE; //no apps, yet
 require_once('../../lib/base.php');
 
-if(isset($_GET["user"]) && isset($_GET["password"]))
-{
-	if(!OC_User::checkPassword($_GET["user"], $_GET["password"]))
-        	exit();
-
-	$groups = array();
-
-	foreach( OC_Group::getGroups() as $i ){
-        	// Do some more work here soon
-	        $groups[] = array( "groupname" => $i );
+if(!OC_User::isLoggedIn()){
+	if(!isset($_SERVER['PHP_AUTH_USER'])){
+		header('WWW-Authenticate: Basic realm="ownCloud Server"');
+		header('HTTP/1.0 401 Unauthorized');
+		echo 'Valid credentials must be supplied';
+		exit();
+	} else {
+		if(!OC_User::checkPassword($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])){
+			exit();
+		}
 	}
+}
+
+$groups = array();
 
-	echo json_encode($groups);
+foreach( OC_Group::getGroups() as $i ){
+       	// Do some more work here soon
+        $groups[] = array( "groupname" => $i );
 }
+
+// We send json data
+header( "Content-Type: application/jsonrequest" );
+echo json_encode($groups);
+
 ?>