sascha
/
nextcloud-server
mirror of https://github.com/nextcloud/server.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Change authentication method to basic http auth instead of using $_GET variables 

Also use OC_User::isLoggedIn to check if new authentication is needed for grouplist.php and userlist.php
For validateuser.php, credentials are always needed.
remotes/origin/stable
Hans Bakker 2011-08-17 12:47:56 +07:00
parent 4496624685
commit 30dab8473d
3 changed files with 51 additions and 58 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
core/ajax/grouplist.php
Unescape Escape View File

@ -21,25 +21,31 @@
*
*/
// We send json data
header( "Content-Type: application/jsonrequest" );
$RUNTIME_NOAPPS = TRUE; //no apps, yet
require_once('../../lib/base.php');
if(isset($_GET["user"]) && isset($_GET["password"]))
{
if(!OC_User::checkPassword($_GET["user"], $_GET["password"]))
exit();
$groups = array();
foreach( OC_Group::getGroups() as $i ){
// Do some more work here soon
$groups[] = array( "groupname" => $i );
if(!OC_User::isLoggedIn()){
if(!isset($_SERVER['PHP_AUTH_USER'])){
header('WWW-Authenticate: Basic realm="ownCloud Server"');
header('HTTP/1.0 401 Unauthorized');
echo 'Valid credentials must be supplied';
exit();
} else {
if(!OC_User::checkPassword($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])){
exit();
}
}
}
$groups = array();
echo json_encode($groups);
foreach( OC_Group::getGroups() as $i ){
// Do some more work here soon
$groups[] = array( "groupname" => $i );
}
// We send json data
header( "Content-Type: application/jsonrequest" );
echo json_encode($groups);
?>

33
core/ajax/userlist.php
Unescape Escape View File

@ -21,27 +21,30 @@
*
*/
// We send json data
header( "Content-Type: application/jsonrequest" );
$RUNTIME_NOAPPS = TRUE; //no apps, yet
require_once('../../lib/base.php');
if(isset($_GET["user"]) && isset($_GET["password"]))
{
if(!OC_User::checkPassword($_GET["user"], $_GET["password"]))
if(!OC_User::isLoggedIn()){
if(!isset($_SERVER['PHP_AUTH_USER'])){
header('WWW-Authenticate: Basic realm="ownCloud Server"');
header('HTTP/1.0 401 Unauthorized');
echo 'Valid credentials must be supplied';
exit();
} else {
if(!OC_User::checkPassword($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])){
exit();
}
}
}
$users = array();
foreach( OC_User::getUsers() as $i ){
$users[] = array( "username" => $i, "groups" => join( ", ", OC_Group::getUserGroups( $i ) ));
}
echo json_encode($users);
$users = array();
foreach( OC_User::getUsers() as $i ){
$users[] = array( "username" => $i, "groups" => join( ", ", OC_Group::getUserGroups( $i ) ));
}
// We send json data
header( "Content-Type: application/jsonrequest" );
echo json_encode($users);
?>

40
core/ajax/validateuser.php
Unescape Escape View File

@ -21,37 +21,21 @@
*
*/
header("Content-Type: application/jsonrequest");
$RUNTIME_NOAPPS = TRUE; //no apps, yet
require_once('../../lib/base.php');
$not_installed = !OC_Config::getValue('installed', false);
// First step : check if the server is correctly configured for ownCloud :
$errors = OC_Util::checkServer();
if(count($errors) > 0) {
echo json_encode(array("user_valid" => "false", "comment" => $errors));
}
// Setup required :
elseif($not_installed) {
echo json_encode(array("user_valid" => "false", "comment" => "not_installed"));
}
// Someone wants to check a user:
elseif(isset($_GET["user"]) and isset($_GET["password"])) {
if(OC_User::checkPassword($_GET["user"], $_GET["password"]))
echo json_encode(array("user_valid" => "true", "comment" => ""));
else
echo json_encode(array("user_valid" => "false", "comment" => ""));
}
// For all others cases:
else {
echo json_encode(array("user_valid" => "false", "comment" => "unknown"));
if(!isset($_SERVER['PHP_AUTH_USER'])){
header('WWW-Authenticate: Basic realm="ownCloud Server"');
header('HTTP/1.0 401 Unauthorized');
echo 'Valid credentials must be supplied';
exit();
} else {
header("Content-Type: application/jsonrequest");
if(OC_User::checkPassword($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])){
echo json_encode(array("username" => $_SERVER["PHP_AUTH_USER"], "user_valid" => "true"));
} else {
echo json_encode(array("username" => $_SERVER["PHP_AUTH_USER"], "user_valid" => "false"));
}
}
?>