dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Add a $key option for the REST API.

This commit is contained in:
Mark Crane 2013-09-21 02:55:02 +00:00
parent cb8ac4e3b3
commit d6ddfc70ce
1 changed files with 35 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
resources/check_auth.php
View File

@ -86,8 +86,11 @@ require_once "resources/require.php";
} }
} }
//get the username //get the username or key
$username = check_str($_REQUEST["username"]); $username = check_str($_REQUEST["username"]);
if (file_exists($_SERVER["DOCUMENT_ROOT"].PROJECT_PATH.'/app/api/app_config.php')) {
$key = check_str($_REQUEST["key"]);
}
//ldap authentication //ldap authentication
if ($_SESSION["ldap"]["authentication"]["boolean"] == "true") { if ($_SESSION["ldap"]["authentication"]["boolean"] == "true") {
@ -186,17 +189,32 @@ require_once "resources/require.php";
$sql = "select * from v_users "; $sql = "select * from v_users ";
//$sql .= "where domain_uuid='".$domain_uuid."' "; //$sql .= "where domain_uuid='".$domain_uuid."' ";
//$sql .= "and username='".$username."' "; //$sql .= "and username='".$username."' ";
//$sql .= "and key='".$key."' ";
$sql .= "where domain_uuid=:domain_uuid "; $sql .= "where domain_uuid=:domain_uuid ";
if (strlen($key) > 0) {
$sql .= "and key=:key ";
}
else {
$sql .= "and username=:username "; $sql .= "and username=:username ";
}
$sql .= "and (user_enabled = 'true' or user_enabled is null) "; $sql .= "and (user_enabled = 'true' or user_enabled is null) ";
$prep_statement = $db->prepare(check_sql($sql)); $prep_statement = $db->prepare(check_sql($sql));
$prep_statement->bindParam(':domain_uuid', $domain_uuid); $prep_statement->bindParam(':domain_uuid', $domain_uuid);
if (strlen($key) > 0) {
$prep_statement->bindParam(':key', $key);
}
else {
$prep_statement->bindParam(':username', $username); $prep_statement->bindParam(':username', $username);
}
$prep_statement->execute(); $prep_statement->execute();
$result = $prep_statement->fetchAll(PDO::FETCH_NAMED); $result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
if (count($result) == 0) { if (count($result) == 0) {
$auth_failed = true; $auth_failed = true;
} }
else {
if (strlen($key) > 0) {
$auth_failed = false;
}
else { else {
foreach ($result as &$row) { foreach ($result as &$row) {
//get the salt from the database //get the salt from the database
@ -214,6 +232,7 @@ require_once "resources/require.php";
} }
} }
} }
}
if ($auth_failed) { if ($auth_failed) {
//log the failed auth attempt to the system, to be available for fail2ban. //log the failed auth attempt to the system, to be available for fail2ban.
openlog('FusionPBX', LOG_NDELAY, LOG_AUTH); openlog('FusionPBX', LOG_NDELAY, LOG_AUTH);