dbxe
/
fusionpbx
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

DRY out the authentication a little more

This commit is contained in:
Mark Crane 2014-07-29 03:03:22 +00:00
parent e0fa00b160
commit e0bdd93196
2 changed files with 18 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
resources/check_auth.php
View File

@ -184,22 +184,6 @@ require_once "resources/require.php";
//database authentication
else {
//check the username and password if they don't match then redirect to the login
if ($_SESSION["user"]["unique"]["text"] == "global") {
//globally unique users
$sql = "select * from v_users ";
if (isset($_REQUEST["key"])) {
$sql .= "where api_key=:key ";
//$sql .= "where api_key='".$key."' ";
}
else {
$sql .= "where username=:username ";
//$sql .= "where username='".$username."' ";
}
$sql .= "and (user_enabled = 'true' or user_enabled is null) ";
$prep_statement = $db->prepare(check_sql($sql));
}
else {
//unique per domain
$sql = "select * from v_users ";
if (isset($_REQUEST["key"])) {
$sql .= "where api_key=:key ";
@ -210,9 +194,16 @@ require_once "resources/require.php";
//$sql .= "and username='".$username."' ";
}
//$sql .= "and domain_uuid='".$domain_uuid."' ";
if ($_SESSION["user"]["unique"]["text"] == "global") {
//unique username - global (example: email address)
}
else {
//unique username - per domain
$sql .= "and domain_uuid=:domain_uuid ";
}
$sql .= "and (user_enabled = 'true' or user_enabled is null) ";
$prep_statement = $db->prepare(check_sql($sql));
if ($_SESSION["user"]["unique"]["text"] != "global") {
$prep_statement->bindParam(':domain_uuid', $domain_uuid);
}
if (isset($_REQUEST["key"])) {