From c0fdf6d9adb7735a2e14fdedc127fc740ea597b8 Mon Sep 17 00:00:00 2001 From: FusionPBX Date: Fri, 16 Sep 2016 18:07:47 -0600 Subject: [PATCH] Update check_auth.php --- resources/check_auth.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/resources/check_auth.php b/resources/check_auth.php index f815754e2f..d042a53e29 100644 --- a/resources/check_auth.php +++ b/resources/check_auth.php @@ -49,7 +49,7 @@ } //if the username is not provided then send to login.php - if (strlen(check_str($_REQUEST["username"])) == 0 && strlen(check_str($_REQUEST["key"])) == 0) { + if (strlen($_REQUEST["username"]) == 0 && strlen($_REQUEST["key"]) == 0) { $target_path = ($_REQUEST["path"] != '') ? $_REQUEST["path"] : $_SERVER["REQUEST_URI"]; $_SESSION["message_mood"] = "negative"; $_SESSION["message"] = "Invalid Username and/or Password"; @@ -59,8 +59,13 @@ //validate the username and password $auth = new authentication; - $auth->username = $_REQUEST["username"]; - $auth->password = $_REQUEST["password"]; + if (strlen($_REQUEST["username"]) > 0) { + $auth->username = $_REQUEST["username"]; + $auth->password = $_REQUEST["password"]; + } + if (strlen($_REQUEST["key"]) > 0) { + $auth->key = $_REQUEST["key"]; + } $auth->debug = false; $result = $auth->validate(); if ($result["authorized"] == "true") {