Change authentication method to basic http auth instead of using $_GET variables
Also use OC_User::isLoggedIn to check if new authentication is needed for grouplist.php and userlist.php For validateuser.php, credentials are always needed.
This commit is contained in:
Hans Bakker
parent
4496624685
commit
30dab8473d
|
|
@ -21,25 +21,31 @@
|
|||
*
|
||||
*/
|
||||
|
||||
|
||||
// We send json data
|
||||
header( "Content-Type: application/jsonrequest" );
|
||||
|
||||
$RUNTIME_NOAPPS = TRUE; //no apps, yet
|
||||
require_once('../../lib/base.php');
|
||||
|
||||
if(isset($_GET["user"]) && isset($_GET["password"]))
|
||||
{
|
||||
if(!OC_User::checkPassword($_GET["user"], $_GET["password"]))
|
||||
exit();
|
||||
|
||||
$groups = array();
|
||||
|
||||
foreach( OC_Group::getGroups() as $i ){
|
||||
// Do some more work here soon
|
||||
$groups[] = array( "groupname" => $i );
|
||||
if(!OC_User::isLoggedIn()){
|
||||
if(!isset($_SERVER['PHP_AUTH_USER'])){
|
||||
header('WWW-Authenticate: Basic realm="ownCloud Server"');
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
echo 'Valid credentials must be supplied';
|
||||
exit();
|
||||
} else {
|
||||
if(!OC_User::checkPassword($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])){
|
||||
exit();
|
||||
}
|
||||
}
|
||||
|
||||
echo json_encode($groups);
|
||||
}
|
||||
|
||||
$groups = array();
|
||||
|
||||
foreach( OC_Group::getGroups() as $i ){
|
||||
// Do some more work here soon
|
||||
$groups[] = array( "groupname" => $i );
|
||||
}
|
||||
|
||||
// We send json data
|
||||
header( "Content-Type: application/jsonrequest" );
|
||||
echo json_encode($groups);
|
||||
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -21,27 +21,30 @@
|
|||
*
|
||||
*/
|
||||
|
||||
|
||||
// We send json data
|
||||
header( "Content-Type: application/jsonrequest" );
|
||||
|
||||
$RUNTIME_NOAPPS = TRUE; //no apps, yet
|
||||
require_once('../../lib/base.php');
|
||||
|
||||
if(isset($_GET["user"]) && isset($_GET["password"]))
|
||||
{
|
||||
if(!OC_User::checkPassword($_GET["user"], $_GET["password"]))
|
||||
if(!OC_User::isLoggedIn()){
|
||||
if(!isset($_SERVER['PHP_AUTH_USER'])){
|
||||
header('WWW-Authenticate: Basic realm="ownCloud Server"');
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
echo 'Valid credentials must be supplied';
|
||||
exit();
|
||||
|
||||
$users = array();
|
||||
|
||||
foreach( OC_User::getUsers() as $i ){
|
||||
$users[] = array( "username" => $i, "groups" => join( ", ", OC_Group::getUserGroups( $i ) ));
|
||||
}
|
||||
|
||||
echo json_encode($users);
|
||||
|
||||
|
||||
} else {
|
||||
if(!OC_User::checkPassword($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])){
|
||||
exit();
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
$users = array();
|
||||
|
||||
foreach( OC_User::getUsers() as $i ){
|
||||
$users[] = array( "username" => $i, "groups" => join( ", ", OC_Group::getUserGroups( $i ) ));
|
||||
}
|
||||
|
||||
// We send json data
|
||||
header( "Content-Type: application/jsonrequest" );
|
||||
echo json_encode($users);
|
||||
|
||||
?>
|
||||
|
|
|
|||
|
|
@ -21,37 +21,21 @@
|
|||
*
|
||||
*/
|
||||
|
||||
header("Content-Type: application/jsonrequest");
|
||||
|
||||
$RUNTIME_NOAPPS = TRUE; //no apps, yet
|
||||
|
||||
require_once('../../lib/base.php');
|
||||
|
||||
$not_installed = !OC_Config::getValue('installed', false);
|
||||
|
||||
// First step : check if the server is correctly configured for ownCloud :
|
||||
$errors = OC_Util::checkServer();
|
||||
if(count($errors) > 0) {
|
||||
echo json_encode(array("user_valid" => "false", "comment" => $errors));
|
||||
}
|
||||
|
||||
// Setup required :
|
||||
elseif($not_installed) {
|
||||
echo json_encode(array("user_valid" => "false", "comment" => "not_installed"));
|
||||
|
||||
}
|
||||
|
||||
// Someone wants to check a user:
|
||||
elseif(isset($_GET["user"]) and isset($_GET["password"])) {
|
||||
if(OC_User::checkPassword($_GET["user"], $_GET["password"]))
|
||||
echo json_encode(array("user_valid" => "true", "comment" => ""));
|
||||
else
|
||||
echo json_encode(array("user_valid" => "false", "comment" => ""));
|
||||
}
|
||||
|
||||
// For all others cases:
|
||||
else {
|
||||
echo json_encode(array("user_valid" => "false", "comment" => "unknown"));
|
||||
if(!isset($_SERVER['PHP_AUTH_USER'])){
|
||||
header('WWW-Authenticate: Basic realm="ownCloud Server"');
|
||||
header('HTTP/1.0 401 Unauthorized');
|
||||
echo 'Valid credentials must be supplied';
|
||||
exit();
|
||||
} else {
|
||||
header("Content-Type: application/jsonrequest");
|
||||
if(OC_User::checkPassword($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])){
|
||||
echo json_encode(array("username" => $_SERVER["PHP_AUTH_USER"], "user_valid" => "true"));
|
||||
} else {
|
||||
echo json_encode(array("username" => $_SERVER["PHP_AUTH_USER"], "user_valid" => "false"));
|
||||
}
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
|||
Loading…
Reference in New Issue