summaryrefslogtreecommitdiffstats
path: root/application/core
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2015-02-03 00:44:46 +0100
committerFlorian Pritz <bluewind@xinu.at>2015-02-03 00:44:46 +0100
commite2c2740365b1f25beca1e174c8c5bda2950b7466 (patch)
treeccfdfe9fae92954acb4d1d2199f3c06c345b45a1 /application/core
parentcb52a4cdc2daa45a61c728f5ec83603e6c6a71fa (diff)
implement api/user/create_apikey
Signed-off-by: Florian Pritz <bluewind@xinu.at>
Diffstat (limited to 'application/core')
-rw-r--r--application/core/MY_Controller.php8
1 files changed, 7 insertions, 1 deletions
diff --git a/application/core/MY_Controller.php b/application/core/MY_Controller.php
index 1e724a865..fc08b10ae 100644
--- a/application/core/MY_Controller.php
+++ b/application/core/MY_Controller.php
@@ -66,7 +66,13 @@ class MY_Controller extends CI_Controller {
show_error("Function not JSON enabled");
}
- if ($this->input->post("apikey") !== false) {
+ if ($this->uri->segment(1) == "api") {
+ is_cli_client(true);
+ }
+
+ if ($this->input->post("apikey") !== false
+ || ($this->input->post("username") !== false
+ && $this->input->post("password") !== false)) {
/* This relies on the authentication code always verifying the supplied
* apikey. If the key is not verified/logged in an attacker could simply
* add an empty "apikey" field to the CSRF form to circumvent the