X-Git-Url: https://dev.renevier.net/gitweb.cgi?p=syp.git;a=blobdiff_plain;f=devdoc%2Fapi.txt;h=005b49cb7a6ed8f9c52b8a6264fc8c08178de573;hp=8cc6fefa376b72952f3d88ecc27007e380190fc3;hb=19730f2e2bbf61f389882c646f58349df3bcd848;hpb=3c74920cb66b4e6c47c7e8a0eaeed40ffb7e8544
diff --git a/devdoc/api.txt b/devdoc/api.txt
index 8cc6fef..005b49c 100644
--- a/devdoc/api.txt
+++ b/devdoc/api.txt
@@ -8,24 +8,36 @@ This field is called _imgurl_; it may also have a _title_ and/or a _description_
Client submits a classic html form to server.
-**note**: In this documentation, php notation is used (`_POST` and `_FILES`),
-but server may be written in any language.
+**note**: In this documentation, php notation is used (`_POST`, `_FILES` and
+ `_COOKIE`), but server may be written in any language.
-` _POST["password"]` and `_POST["user"] may contain user name and password. If
+`_POST["password"]` and `_POST["user"] may contain user name and password. If
they are set, access is checked. If they is not set, cookies are checked. If
- neither are present.
+ neither are present. If access is correct, cookies are set.
+
+Alternatively, `_COOKIE["syp_user"]` and `_COOKIE["syp_auth"]` may contain user
+ name and md5 of password. If tables prefix is not *syp_*, cookies name are
+ modifier accordingly.
`_POST["request"]` is either:
## auth
asks for authentication
+## changepass
+ change user password
+
+ * `_POST ["pass_current"]` must contain current password. This is needed: cookie
+ authentification is not enough.
+ * `_POST ["pass_new"]` must contain new password
+
## newuser
adds a new user
- * `$_POST ["newuser_name"]` must contain user name
- * `$_POST ["newuser_password"]` must contain user password
- Only admin can add new users.
+ * `_POST ["newuser_name"]` must contain user name
+ * `_POST ["newuser_password"]` must contain user password
+
+ **Only admin can add new users.**
## add
@@ -79,6 +91,7 @@ as _text/html_
* `toobig`: uploaded file was too big
* `notation`: uploaded file was not an image
* `nochange`: when trying to update a feature, there is nothing to update (ie: no field of the feature has changed)
+ * `wrongpass`: wrong current password when trying to change password
* `newuser_exists`: when trying to add an user which has the same name as an already registered user
## success handling:
@@ -89,6 +102,10 @@ as _text/html_
* `?user_name?`:
new user addition was successfull. ?user_name? is name of newly added user.
+ * `?user_name?`:
+ password change was successfull. ?user_name? is name user whose password
+ has been changed.
+
* `
?id?