Change authentication method to basic http auth instead of using $_GET variables

Also use OC_User::isLoggedIn to check if new authentication is needed for grouplist.php and userlist.php For validateuser.php, credentials are always needed.

Change authentication method to basic http auth instead of using $_GET variables
30dab847 · Hans Bakker · 44966246 · 30dab847 · 30dab847 · 30dab847
Commit 30dab847 authored 13 years ago by Hans Bakker
--- a/core/ajax/grouplist.php
+++ b/core/ajax/grouplist.php
@@ -21,25 +21,31 @@
 *
 */

-
-// We send json data
-header( "Content-Type: application/jsonrequest" );
-
 $RUNTIME_NOAPPS = TRUE; //no apps, yet
 require_once('../../lib/base.php');

-if(isset($_GET["user"]) && isset($_GET["password"]))
-{
-	if(!OC_User::checkPassword($_GET["user"], $_GET["password"]))
-        	exit();
-
-	$groups = array();
-
-	foreach( OC_Group::getGroups() as $i ){
-        	// Do some more work here soon
-	        $groups[] = array( "groupname" => $i );
+if(!OC_User::isLoggedIn()){
+	if(!isset($_SERVER['PHP_AUTH_USER'])){
+		header('WWW-Authenticate: Basic realm="ownCloud Server"');
+		header('HTTP/1.0 401 Unauthorized');
+		echo 'Valid credentials must be supplied';
+		exit();
+	} else {
+		if(!OC_User::checkPassword($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])){
+			exit();
+		}
 	}
+}
+
+$groups = array();

-	echo json_encode($groups);
+foreach( OC_Group::getGroups() as $i ){
+       	// Do some more work here soon
+        $groups[] = array( "groupname" => $i );
 }
+
+// We send json data
+header( "Content-Type: application/jsonrequest" );
+echo json_encode($groups);
+
 ?>
--- a/core/ajax/userlist.php
+++ b/core/ajax/userlist.php
@@ -21,27 +21,30 @@
 *
 */

-
-// We send json data
-header( "Content-Type: application/jsonrequest" );
-
 $RUNTIME_NOAPPS = TRUE; //no apps, yet
 require_once('../../lib/base.php');

-if(isset($_GET["user"]) && isset($_GET["password"]))
-{
-        if(!OC_User::checkPassword($_GET["user"], $_GET["password"]))
+if(!OC_User::isLoggedIn()){
+        if(!isset($_SERVER['PHP_AUTH_USER'])){
+                header('WWW-Authenticate: Basic realm="ownCloud Server"');
+                header('HTTP/1.0 401 Unauthorized');
+                echo 'Valid credentials must be supplied';
                exit();
+        } else {
+                if(!OC_User::checkPassword($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])){
+                        exit();
+                }
+        }
+}

-        $users = array();
-
-        foreach( OC_User::getUsers() as $i ){
-        	$users[] = array( "username" => $i, "groups" => join( ", ", OC_Group::getUserGroups( $i ) ));
-	}
-
-	echo json_encode($users);
-
+$users = array();

+foreach( OC_User::getUsers() as $i ){
+       	$users[] = array( "username" => $i, "groups" => join( ", ", OC_Group::getUserGroups( $i ) ));
 }

+// We send json data
+header( "Content-Type: application/jsonrequest" );
+echo json_encode($users);
+
 ?>
--- a/core/ajax/validateuser.php
+++ b/core/ajax/validateuser.php
@@ -21,37 +21,21 @@
 *
 */

-header("Content-Type: application/jsonrequest");
-
 $RUNTIME_NOAPPS = TRUE; //no apps, yet
-
 require_once('../../lib/base.php');

-$not_installed = !OC_Config::getValue('installed', false);
-
-// First step : check if the server is correctly configured for ownCloud :
-$errors = OC_Util::checkServer();
-if(count($errors) > 0) {
-        echo json_encode(array("user_valid" => "false", "comment" => $errors));
-}
-
-// Setup required :
-elseif($not_installed) {
-        echo json_encode(array("user_valid" => "false", "comment" => "not_installed"));
-
-}
-
-// Someone wants to check a user:
-elseif(isset($_GET["user"]) and isset($_GET["password"])) {
-        if(OC_User::checkPassword($_GET["user"], $_GET["password"]))
-		echo json_encode(array("user_valid" => "true", "comment" => ""));
-	else
-		echo json_encode(array("user_valid" => "false", "comment" => ""));
-}
-
-// For all others cases:
-else {
-        echo json_encode(array("user_valid" => "false", "comment" => "unknown"));
+if(!isset($_SERVER['PHP_AUTH_USER'])){
+        header('WWW-Authenticate: Basic realm="ownCloud Server"');
+        header('HTTP/1.0 401 Unauthorized');
+        echo 'Valid credentials must be supplied';
+        exit();
+} else {
+	header("Content-Type: application/jsonrequest");
+        if(OC_User::checkPassword($_SERVER["PHP_AUTH_USER"], $_SERVER["PHP_AUTH_PW"])){
+		echo json_encode(array("username" => $_SERVER["PHP_AUTH_USER"], "user_valid" => "true"));
+	} else {
+	        echo json_encode(array("username" => $_SERVER["PHP_AUTH_USER"], "user_valid" => "false"));
+	}
 }

 ?>