streams/include/api_auth.php

<?php /** @file */

/**
 * API Login via basic-auth or OAuth
 */

function api_login(&$a){

	$record = null;

	require_once('include/oauth.php');

	// login with oauth
	try {
		$oauth = new ZotOAuth1();
		$req = OAuth1Request::from_request();

		list($consumer,$token) = $oauth->verify_request($req);

		if (!is_null($token)){
			$oauth->loginUser($token->uid);

			App::set_oauth_key($consumer->key);

			call_hooks('logged_in', App::$user);
			return;
		}
		killme();
	}
	catch(Exception $e) {
		logger($e->getMessage());
	}
		
	// workarounds for HTTP-auth in CGI mode

	if(x($_SERVER,'REDIRECT_REMOTE_USER')) {
		$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ;
		if(strlen($userpass)) {
			list($name, $password) = explode(':', $userpass);
			$_SERVER['PHP_AUTH_USER'] = $name;
			$_SERVER['PHP_AUTH_PW'] = $password;
		}
	}

	if(x($_SERVER,'HTTP_AUTHORIZATION')) {
		$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"],6)) ;
		if(strlen($userpass)) {
			list($name, $password) = explode(':', $userpass);
			$_SERVER['PHP_AUTH_USER'] = $name;
			$_SERVER['PHP_AUTH_PW'] = $password;
		}
	}

	require_once('include/auth.php');
	require_once('include/security.php');

	// process normal login request

	if(isset($_SERVER['PHP_AUTH_USER'])) {
		$channel_login = 0;
		$record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);
		if($record && $record['channel']) {
			$channel_login = $record['channel']['channel_id'];
		}
	}


	if($record['account']) {
		authenticate_success($record['account']);

		if($channel_login)
			change_channel($channel_login);

		$_SESSION['allow_api'] = true;
		return true;
	}
	else {
		$_SERVER['PHP_AUTH_PW'] = '*****';
		logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);
		log_failed_login('API login failure');
		retry_basic_auth();
	}

}


function retry_basic_auth() {
	header('WWW-Authenticate: Basic realm="Hubzilla"');
	header('HTTP/1.0 401 Unauthorized');
	echo('This api requires login');
	killme();
}
Move api_auth() out to a file that can be included from plugins/modules to allow them to expose their own programmatic API. 2015-11-11 06:50:18 +00:00			`<?php /** @file */`

			`/**`
some major cleanup of api authentication stuff - still needs much more and this still may not solve #206 2015-12-11 00:39:46 +00:00			`* API Login via basic-auth or OAuth`
Move api_auth() out to a file that can be included from plugins/modules to allow them to expose their own programmatic API. 2015-11-11 06:50:18 +00:00			`*/`

			`function api_login(&$a){`
some major cleanup of api authentication stuff - still needs much more and this still may not solve #206 2015-12-11 00:39:46 +00:00
			`$record = null;`

			`require_once('include/oauth.php');`

Move api_auth() out to a file that can be included from plugins/modules to allow them to expose their own programmatic API. 2015-11-11 06:50:18 +00:00			`// login with oauth`
			`try {`
some major cleanup of api authentication stuff - still needs much more and this still may not solve #206 2015-12-11 00:39:46 +00:00			`$oauth = new ZotOAuth1();`
remove the unqualified "OAuth" namespace from the project. We need to reference either OAuth1 or OAuth2. 2015-12-13 23:35:45 +00:00			`$req = OAuth1Request::from_request();`
Move api_auth() out to a file that can be included from plugins/modules to allow them to expose their own programmatic API. 2015-11-11 06:50:18 +00:00
			`list($consumer,$token) = $oauth->verify_request($req);`

			`if (!is_null($token)){`
			`$oauth->loginUser($token->uid);`

static App 2016-03-31 23:06:03 +00:00			`App::set_oauth_key($consumer->key);`
Move api_auth() out to a file that can be included from plugins/modules to allow them to expose their own programmatic API. 2015-11-11 06:50:18 +00:00
static App 2016-03-31 23:06:03 +00:00			`call_hooks('logged_in', App::$user);`
Move api_auth() out to a file that can be included from plugins/modules to allow them to expose their own programmatic API. 2015-11-11 06:50:18 +00:00			`return;`
			`}`
use killme() instead of die() so that any sessions are closed cleanly. 2015-12-09 04:42:46 +00:00			`killme();`
Move api_auth() out to a file that can be included from plugins/modules to allow them to expose their own programmatic API. 2015-11-11 06:50:18 +00:00			`}`
			`catch(Exception $e) {`
a couple of api improvements 2015-12-12 05:10:20 +00:00			`logger($e->getMessage());`
Move api_auth() out to a file that can be included from plugins/modules to allow them to expose their own programmatic API. 2015-11-11 06:50:18 +00:00			`}`

some major cleanup of api authentication stuff - still needs much more and this still may not solve #206 2015-12-11 00:39:46 +00:00			`// workarounds for HTTP-auth in CGI mode`

Move api_auth() out to a file that can be included from plugins/modules to allow them to expose their own programmatic API. 2015-11-11 06:50:18 +00:00			`if(x($_SERVER,'REDIRECT_REMOTE_USER')) {`
			`$userpass = base64_decode(substr($_SERVER["REDIRECT_REMOTE_USER"],6)) ;`
			`if(strlen($userpass)) {`
			`list($name, $password) = explode(':', $userpass);`
			`$_SERVER['PHP_AUTH_USER'] = $name;`
			`$_SERVER['PHP_AUTH_PW'] = $password;`
			`}`
			`}`

			`if(x($_SERVER,'HTTP_AUTHORIZATION')) {`
			`$userpass = base64_decode(substr($_SERVER["HTTP_AUTHORIZATION"],6)) ;`
			`if(strlen($userpass)) {`
			`list($name, $password) = explode(':', $userpass);`
			`$_SERVER['PHP_AUTH_USER'] = $name;`
			`$_SERVER['PHP_AUTH_PW'] = $password;`
			`}`
			`}`

some major cleanup of api authentication stuff - still needs much more and this still may not solve #206 2015-12-11 00:39:46 +00:00			`require_once('include/auth.php');`
			`require_once('include/security.php');`
Move api_auth() out to a file that can be included from plugins/modules to allow them to expose their own programmatic API. 2015-11-11 06:50:18 +00:00
			`// process normal login request`
some major cleanup of api authentication stuff - still needs much more and this still may not solve #206 2015-12-11 00:39:46 +00:00
			`if(isset($_SERVER['PHP_AUTH_USER'])) {`
			`$channel_login = 0;`
			`$record = account_verify_password($_SERVER['PHP_AUTH_USER'],$_SERVER['PHP_AUTH_PW']);`
sort out some of the authentication mess - with luck this may fix the DAV auth issue which I simply could not duplicate or find a reason for. 2016-07-21 00:55:40 +00:00			`if($record && $record['channel']) {`
			`$channel_login = $record['channel']['channel_id'];`
Move api_auth() out to a file that can be included from plugins/modules to allow them to expose their own programmatic API. 2015-11-11 06:50:18 +00:00			`}`
			`}`

issue #460 2016-07-25 20:27:17 +00:00

sort out some of the authentication mess - with luck this may fix the DAV auth issue which I simply could not duplicate or find a reason for. 2016-07-21 00:55:40 +00:00			`if($record['account']) {`
issue #460 2016-07-25 20:27:17 +00:00			`authenticate_success($record['account']);`
some major cleanup of api authentication stuff - still needs much more and this still may not solve #206 2015-12-11 00:39:46 +00:00
			`if($channel_login)`
			`change_channel($channel_login);`
Move api_auth() out to a file that can be included from plugins/modules to allow them to expose their own programmatic API. 2015-11-11 06:50:18 +00:00
some major cleanup of api authentication stuff - still needs much more and this still may not solve #206 2015-12-11 00:39:46 +00:00			`$_SESSION['allow_api'] = true;`
			`return true;`
			`}`
			`else {`
			`$_SERVER['PHP_AUTH_PW'] = '*****';`
			`logger('API_login failure: ' . print_r($_SERVER,true), LOGGER_DEBUG);`
			`log_failed_login('API login failure');`
			`retry_basic_auth();`
			`}`
Move api_auth() out to a file that can be included from plugins/modules to allow them to expose their own programmatic API. 2015-11-11 06:50:18 +00:00
			`}`
remove duplicated code 2015-12-09 04:47:55 +00:00

			`function retry_basic_auth() {`
			`header('WWW-Authenticate: Basic realm="Hubzilla"');`
			`header('HTTP/1.0 401 Unauthorized');`
			`echo('This api requires login');`
			`killme();`
			`}`