diff options
author | Florian Pritz <bluewind@xinu.at> | 2015-02-03 00:44:46 +0100 |
---|---|---|
committer | Florian Pritz <bluewind@xinu.at> | 2015-02-03 00:44:46 +0100 |
commit | e2c2740365b1f25beca1e174c8c5bda2950b7466 (patch) | |
tree | ccfdfe9fae92954acb4d1d2199f3c06c345b45a1 /application/core | |
parent | cb52a4cdc2daa45a61c728f5ec83603e6c6a71fa (diff) |
implement api/user/create_apikey
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application/core')
-rw-r--r-- | application/core/MY_Controller.php | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/application/core/MY_Controller.php b/application/core/MY_Controller.php index 1e724a865..fc08b10ae 100644 --- a/application/core/MY_Controller.php +++ b/application/core/MY_Controller.php @@ -66,7 +66,13 @@ class MY_Controller extends CI_Controller { show_error("Function not JSON enabled"); } - if ($this->input->post("apikey") !== false) { + if ($this->uri->segment(1) == "api") { + is_cli_client(true); + } + + if ($this->input->post("apikey") !== false + || ($this->input->post("username") !== false + && $this->input->post("password") !== false)) { /* This relies on the authentication code always verifying the supplied * apikey. If the key is not verified/logged in an attacker could simply * add an empty "apikey" field to the CSRF form to circumvent the |