X-Git-Url: https://dev.renevier.net/gitweb.cgi?p=syp.git;a=blobdiff_plain;f=api.php;h=052b5145a47e5aef5701b72648896a3c08367369;hp=18c7179cd1b9306a1ab34acb4bc6c2ed43b5f4f6;hb=080f837e8fbca48c55f4549df13b9c4772db3613;hpb=e57c166b46cf9c5961bca1b2241783944277cef5 diff --git a/api.php b/api.php index 18c7179..052b514 100644 --- a/api.php +++ b/api.php @@ -175,28 +175,41 @@ function unique_file ($dirname, $relpath, $con) { return null; } -function main ($con) { - if (!isset ($_POST ["request"])) { - request_error (); - } - if ($_POST ["request"] == "auth") { - $pwd = unquote ($_POST["password"]); - $user = "admin"; +function check_auth ($con, $pwd, $cookie_name, $auth_only) { + $authentificated = false; + $user = "admin"; + + if ($pwd) { if ($con->checkpwdmd5 ($user, md5 ($pwd))) { // cookie will be valid for 2 weeks. I've chosen that value // arbitrarily, and it may change in the future. $time = time () + 14 * 60 * 24 * 60; - $cookie_name = sprintf ("%sauth", DBPREFIX); setcookie ($cookie_name, md5 ($pwd), $time, "" , "", false, true); - success_auth (); + $authentificated = true; + if ($auth_only) { + success_auth (); + } } else { unauthorized_error (); } } - if (!($con->checkpwdmd5 ("admin", - $_COOKIE [sprintf ("%sauth", DBPREFIX)]))) { + + if (!$authentificated && !($con->checkpwdmd5 ($user, + $_COOKIE [$cookie_name]))) { unauthorized_error (); } +} + +function main ($con) { + if (!isset ($_POST ["request"])) { + request_error (); + } + + $pwd = unquote ($_POST["password"]); + $cookie_name = sprintf ("%sauth", DBPREFIX); + // does user only want authentication or does he want to do other things + $auth_only = ($_POST ["request"] == "auth"); + check_auth ($con, $pwd, $cookie_name, $auth_only); switch ($_POST ["request"]) { case "update":