Change authentication method to basic http auth instead of using $_GET variables
Also use OC_User::isLoggedIn to check if new authentication is needed for grouplist.php and userlist.php For validateuser.php, credentials are always needed.
This commit is contained in:
parent
4496624685
commit
30dab8473d
|
@ -21,25 +21,31 @@
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
// We send json data
|
|
||||||
header( "Content-Type: application/jsonrequest" );
|
|
||||||
|
|
||||||
$RUNTIME_NOAPPS = TRUE; //no apps, yet
|
$RUNTIME_NOAPPS = TRUE; //no apps, yet
|
||||||
require_once('../../lib/base.php');
|
require_once('../../lib/base.php');
|
||||||
|
|
||||||
if(isset($_GET["user"]) && isset($_GET["password"]))
|
if(!OC_User::isLoggedIn()){
|
||||||
{
|
if(!isset($_SERVER['PHP_AUTH_USER'])){
|
||||||
if(!OC_User::checkPassword($_GET["user"], $_GET["password"]))
|
header('WWW-Authenticate: Basic realm="ownCloud Server"');
|
||||||
exit();
|
header('HTTP/1.0 401 Unauthorized');
|
||||||
|
echo 'Valid credentials must be supplied';
|
||||||
$groups = array();
|
exit();
|
||||||
|
} else {
|
||||||
foreach( OC_Group::getGroups() as $i ){
|
if(!OC_User::checkPassword($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])){
|
||||||
// Do some more work here soon
|
exit();
|
||||||
$groups[] = array( "groupname" => $i );
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
echo json_encode($groups);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$groups = array();
|
||||||
|
|
||||||
|
foreach( OC_Group::getGroups() as $i ){
|
||||||
|
// Do some more work here soon
|
||||||
|
$groups[] = array( "groupname" => $i );
|
||||||
|
}
|
||||||
|
|
||||||
|
// We send json data
|
||||||
|
header( "Content-Type: application/jsonrequest" );
|
||||||
|
echo json_encode($groups);
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -21,27 +21,30 @@
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
|
|
||||||
// We send json data
|
|
||||||
header( "Content-Type: application/jsonrequest" );
|
|
||||||
|
|
||||||
$RUNTIME_NOAPPS = TRUE; //no apps, yet
|
$RUNTIME_NOAPPS = TRUE; //no apps, yet
|
||||||
require_once('../../lib/base.php');
|
require_once('../../lib/base.php');
|
||||||
|
|
||||||
if(isset($_GET["user"]) && isset($_GET["password"]))
|
if(!OC_User::isLoggedIn()){
|
||||||
{
|
if(!isset($_SERVER['PHP_AUTH_USER'])){
|
||||||
if(!OC_User::checkPassword($_GET["user"], $_GET["password"]))
|
header('WWW-Authenticate: Basic realm="ownCloud Server"');
|
||||||
|
header('HTTP/1.0 401 Unauthorized');
|
||||||
|
echo 'Valid credentials must be supplied';
|
||||||
exit();
|
exit();
|
||||||
|
} else {
|
||||||
$users = array();
|
if(!OC_User::checkPassword($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])){
|
||||||
|
exit();
|
||||||
foreach( OC_User::getUsers() as $i ){
|
}
|
||||||
$users[] = array( "username" => $i, "groups" => join( ", ", OC_Group::getUserGroups( $i ) ));
|
}
|
||||||
}
|
|
||||||
|
|
||||||
echo json_encode($users);
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$users = array();
|
||||||
|
|
||||||
|
foreach( OC_User::getUsers() as $i ){
|
||||||
|
$users[] = array( "username" => $i, "groups" => join( ", ", OC_Group::getUserGroups( $i ) ));
|
||||||
|
}
|
||||||
|
|
||||||
|
// We send json data
|
||||||
|
header( "Content-Type: application/jsonrequest" );
|
||||||
|
echo json_encode($users);
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
|
@ -21,37 +21,21 @@
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
header("Content-Type: application/jsonrequest");
|
|
||||||
|
|
||||||
$RUNTIME_NOAPPS = TRUE; //no apps, yet
|
$RUNTIME_NOAPPS = TRUE; //no apps, yet
|
||||||
|
|
||||||
require_once('../../lib/base.php');
|
require_once('../../lib/base.php');
|
||||||
|
|
||||||
$not_installed = !OC_Config::getValue('installed', false);
|
if(!isset($_SERVER['PHP_AUTH_USER'])){
|
||||||
|
header('WWW-Authenticate: Basic realm="ownCloud Server"');
|
||||||
// First step : check if the server is correctly configured for ownCloud :
|
header('HTTP/1.0 401 Unauthorized');
|
||||||
$errors = OC_Util::checkServer();
|
echo 'Valid credentials must be supplied';
|
||||||
if(count($errors) > 0) {
|
exit();
|
||||||
echo json_encode(array("user_valid" => "false", "comment" => $errors));
|
} else {
|
||||||
}
|
header("Content-Type: application/jsonrequest");
|
||||||
|
if(OC_User::checkPassword($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])){
|
||||||
// Setup required :
|
echo json_encode(array("username" => $_SERVER["PHP_AUTH_USER"], "user_valid" => "true"));
|
||||||
elseif($not_installed) {
|
} else {
|
||||||
echo json_encode(array("user_valid" => "false", "comment" => "not_installed"));
|
echo json_encode(array("username" => $_SERVER["PHP_AUTH_USER"], "user_valid" => "false"));
|
||||||
|
}
|
||||||
}
|
|
||||||
|
|
||||||
// Someone wants to check a user:
|
|
||||||
elseif(isset($_GET["user"]) and isset($_GET["password"])) {
|
|
||||||
if(OC_User::checkPassword($_GET["user"], $_GET["password"]))
|
|
||||||
echo json_encode(array("user_valid" => "true", "comment" => ""));
|
|
||||||
else
|
|
||||||
echo json_encode(array("user_valid" => "false", "comment" => ""));
|
|
||||||
}
|
|
||||||
|
|
||||||
// For all others cases:
|
|
||||||
else {
|
|
||||||
echo json_encode(array("user_valid" => "false", "comment" => "unknown"));
|
|
||||||
}
|
}
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|
Loading…
Reference in New Issue