diff options
| author | Hans Bakker <hansmbakker@gmail.com> | 2011-08-17 12:47:56 +0200 |
|---|---|---|
| committer | Hans Bakker <hansmbakker@gmail.com> | 2011-08-17 12:47:56 +0200 |
| commit | 30dab8473d542c33f53ef1c3c8aa6152ac4592f0 (patch) | |
| tree | 3c412f4232a3bb38cf43c61b081832cb3ec6cfa8 /core/ajax | |
| parent | 449662468548e6f45ad559c77c0aee6fc48d8430 (diff) | |
| download | nextcloud-server-30dab8473d542c33f53ef1c3c8aa6152ac4592f0.tar.gz nextcloud-server-30dab8473d542c33f53ef1c3c8aa6152ac4592f0.zip | |
Change authentication method to basic http auth instead of using $_GET variables
Also use OC_User::isLoggedIn to check if new authentication is needed for grouplist.php and userlist.php
For validateuser.php, credentials are always needed.
Diffstat (limited to 'core/ajax')
| -rw-r--r-- | core/ajax/grouplist.php | 36 | ||||
| -rw-r--r-- | core/ajax/userlist.php | 33 | ||||
| -rw-r--r-- | core/ajax/validateuser.php | 40 |
3 files changed, 51 insertions, 58 deletions
diff --git a/core/ajax/grouplist.php b/core/ajax/grouplist.php index 9b6c4bfa8a8..d0d10f7a84e 100644 --- a/core/ajax/grouplist.php +++ b/core/ajax/grouplist.php @@ -21,25 +21,31 @@ * */ - -// We send json data -header( "Content-Type: application/jsonrequest" ); - $RUNTIME_NOAPPS = TRUE; //no apps, yet require_once('../../lib/base.php'); -if(isset($_GET["user"]) && isset($_GET["password"])) -{ - if(!OC_User::checkPassword($_GET["user"], $_GET["password"])) - exit(); - - $groups = array(); - - foreach( OC_Group::getGroups() as $i ){ - // Do some more work here soon - $groups[] = array( "groupname" => $i ); +if(!OC_User::isLoggedIn()){ + if(!isset($_SERVER['PHP_AUTH_USER'])){ + header('WWW-Authenticate: Basic realm="ownCloud Server"'); + header('HTTP/1.0 401 Unauthorized'); + echo 'Valid credentials must be supplied'; + exit(); + } else { + if(!OC_User::checkPassword($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])){ + exit(); + } } +} + +$groups = array(); - echo json_encode($groups); +foreach( OC_Group::getGroups() as $i ){ + // Do some more work here soon + $groups[] = array( "groupname" => $i ); } + +// We send json data +header( "Content-Type: application/jsonrequest" ); +echo json_encode($groups); + ?> diff --git a/core/ajax/userlist.php b/core/ajax/userlist.php index 16e89c2ee8f..0485f514550 100644 --- a/core/ajax/userlist.php +++ b/core/ajax/userlist.php @@ -21,27 +21,30 @@ * */ - -// We send json data -header( "Content-Type: application/jsonrequest" ); - $RUNTIME_NOAPPS = TRUE; //no apps, yet require_once('../../lib/base.php'); -if(isset($_GET["user"]) && isset($_GET["password"])) -{ - if(!OC_User::checkPassword($_GET["user"], $_GET["password"])) +if(!OC_User::isLoggedIn()){ + if(!isset($_SERVER['PHP_AUTH_USER'])){ + header('WWW-Authenticate: Basic realm="ownCloud Server"'); + header('HTTP/1.0 401 Unauthorized'); + echo 'Valid credentials must be supplied'; exit(); + } else { + if(!OC_User::checkPassword($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])){ + exit(); + } + } +} - $users = array(); - - foreach( OC_User::getUsers() as $i ){ - $users[] = array( "username" => $i, "groups" => join( ", ", OC_Group::getUserGroups( $i ) )); - } - - echo json_encode($users); - +$users = array(); +foreach( OC_User::getUsers() as $i ){ + $users[] = array( "username" => $i, "groups" => join( ", ", OC_Group::getUserGroups( $i ) )); } +// We send json data +header( "Content-Type: application/jsonrequest" ); +echo json_encode($users); + ?> diff --git a/core/ajax/validateuser.php b/core/ajax/validateuser.php index 967a5184a2c..032948fc331 100644 --- a/core/ajax/validateuser.php +++ b/core/ajax/validateuser.php @@ -21,37 +21,21 @@ * */ -header("Content-Type: application/jsonrequest"); - $RUNTIME_NOAPPS = TRUE; //no apps, yet - require_once('../../lib/base.php'); -$not_installed = !OC_Config::getValue('installed', false); - -// First step : check if the server is correctly configured for ownCloud : -$errors = OC_Util::checkServer(); -if(count($errors) > 0) { - echo json_encode(array("user_valid" => "false", "comment" => $errors)); -} - -// Setup required : -elseif($not_installed) { - echo json_encode(array("user_valid" => "false", "comment" => "not_installed")); - -} - -// Someone wants to check a user: -elseif(isset($_GET["user"]) and isset($_GET["password"])) { - if(OC_User::checkPassword($_GET["user"], $_GET["password"])) - echo json_encode(array("user_valid" => "true", "comment" => "")); - else - echo json_encode(array("user_valid" => "false", "comment" => "")); -} - -// For all others cases: -else { - echo json_encode(array("user_valid" => "false", "comment" => "unknown")); +if(!isset($_SERVER['PHP_AUTH_USER'])){ + header('WWW-Authenticate: Basic realm="ownCloud Server"'); + header('HTTP/1.0 401 Unauthorized'); + echo 'Valid credentials must be supplied'; + exit(); +} else { + header("Content-Type: application/jsonrequest"); + if(OC_User::checkPassword($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])){ + echo json_encode(array("username" => $_SERVER["PHP_AUTH_USER"], "user_valid" => "true")); + } else { + echo json_encode(array("username" => $_SERVER["PHP_AUTH_USER"], "user_valid" => "false")); + } } ?> |