dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

A little more work to enable the api key.

This commit is contained in:
Mark Crane 2013-09-21 07:58:29 +00:00
parent 1d13e6bea9
commit b3d38b6039
1 changed files with 5 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
resources/check_auth.php
View File

@ -44,7 +44,7 @@ require_once "resources/require.php";
} }
//if the username from the form is not provided then send to login.php //if the username from the form is not provided then send to login.php
if (strlen(check_str($_REQUEST["username"])) == 0) { if (strlen(check_str($_REQUEST["username"])) == 0 && strlen(check_str($_REQUEST["key"])) == 0) {
$php_self = $_SERVER["PHP_SELF"]; $php_self = $_SERVER["PHP_SELF"];
$msg = "username required"; $msg = "username required";
header("Location: ".PROJECT_PATH."/login.php?path=".urlencode($php_self)."&msg=".urlencode($msg)); header("Location: ".PROJECT_PATH."/login.php?path=".urlencode($php_self)."&msg=".urlencode($msg));
@ -188,14 +188,14 @@ require_once "resources/require.php";
//check the username and password if they don't match then redirect to the login //check the username and password if they don't match then redirect to the login
$sql = "select * from v_users "; $sql = "select * from v_users ";
//$sql .= "where domain_uuid='".$domain_uuid."' "; //$sql .= "where domain_uuid='".$domain_uuid."' ";
//$sql .= "and username='".$username."' ";
//$sql .= "and key='".$key."' ";
$sql .= "where domain_uuid=:domain_uuid "; $sql .= "where domain_uuid=:domain_uuid ";
if (strlen($key) > 0) { if (strlen($key) > 0) {
$sql .= "and key=:key "; $sql .= "and api_key=:key ";
//$sql .= "and api_key='".$key."' ";
} }
else { else {
$sql .= "and username=:username "; $sql .= "and username=:username ";
//$sql .= "and username='".$username."' ";
} }
$sql .= "and (user_enabled = 'true' or user_enabled is null) "; $sql .= "and (user_enabled = 'true' or user_enabled is null) ";
$prep_statement = $db->prepare(check_sql($sql)); $prep_statement = $db->prepare(check_sql($sql));
@ -257,7 +257,7 @@ require_once "resources/require.php";
} }
// add session variables // add session variables
$_SESSION["user_uuid"] = $row["user_uuid"]; $_SESSION["user_uuid"] = $row["user_uuid"];
$_SESSION["username"] = check_str($_REQUEST["username"]); $_SESSION["username"] = $row["username"];
// user session array // user session array
$_SESSION["user"]["username"] = $row["username"]; $_SESSION["user"]["username"] = $row["username"];
$_SESSION["user"]["user_uuid"] = $row["user_uuid"]; $_SESSION["user"]["user_uuid"] = $row["user_uuid"];