DRY out the authentication a little more

2014-07-29 03:03:22 +00:00 · 2014-07-29 03:03:22 +00:00 · e0bdd93196
parent e0fa00b160
commit e0bdd93196
2 changed files with 18 additions and 27 deletions
--- a/resources/check_auth.php
+++ b/resources/check_auth.php
@ -184,35 +184,26 @@ require_once "resources/require.php";
 		//database authentication
 			else {
 				//check the username and password if they don't match then redirect to the login
-					if ($_SESSION["user"]["unique"]["text"] == "global") {
+					$sql = "select * from v_users ";
-						//globally unique users
+					if (isset($_REQUEST["key"])) {
-						$sql = "select * from v_users ";
+						$sql .= "where api_key=:key ";
-						if (isset($_REQUEST["key"])) {
+						//$sql .= "and api_key='".$key."' ";
 							$sql .= "where api_key=:key ";
 							//$sql .= "where api_key='".$key."' ";
 						}
 						else {
 							$sql .= "where username=:username ";
 							//$sql .= "where username='".$username."' ";
 						}
 						$sql .= "and (user_enabled = 'true' or user_enabled is null) ";
 						$prep_statement = $db->prepare(check_sql($sql));
 					}
 					else {
-						//unique per domain
+						$sql .= "where username=:username ";
-						$sql = "select * from v_users ";
+						//$sql .= "and username='".$username."' ";
-						if (isset($_REQUEST["key"])) {
+					}
-							$sql .= "where api_key=:key ";
+					//$sql .= "and domain_uuid='".$domain_uuid."' ";
-							//$sql .= "and api_key='".$key."' ";
+					if ($_SESSION["user"]["unique"]["text"] == "global") {
-						}
+						//unique username - global (example: email address)
-						else {
+					}
-							$sql .= "where username=:username ";
+					else {
-							//$sql .= "and username='".$username."' ";
+						//unique username - per domain
 						}
 						//$sql .= "and domain_uuid='".$domain_uuid."' ";
 						$sql .= "and domain_uuid=:domain_uuid ";
-						$sql .= "and (user_enabled = 'true' or user_enabled is null) ";
+					}
-						$prep_statement = $db->prepare(check_sql($sql));
+					$sql .= "and (user_enabled = 'true' or user_enabled is null) ";
 					$prep_statement = $db->prepare(check_sql($sql));
 					if ($_SESSION["user"]["unique"]["text"] != "global") {
 						$prep_statement->bindParam(':domain_uuid', $domain_uuid);
 					}
 					if (isset($_REQUEST["key"])) {