diff options
| author | Florian Pritz <bluewind@xinu.at> | 2013-09-03 15:49:46 +0200 |
|---|---|---|
| committer | Florian Pritz <bluewind@xinu.at> | 2013-09-03 15:49:46 +0200 |
| commit | 26e2f14fb02bc6dd3df3e516f57a51b628a2e4c2 (patch) | |
| tree | 8d6c7b87844b1319adab7f25d7ef5c7c51e0e513 /application/models/muser.php | |
| parent | fbd587a62dc1d84e4ebf3917ecdb86270ea8a48d (diff) | |
| parent | 69e0cba93445496e7b045b54ecefe8243276fd50 (diff) | |
Merge branch 'working'
Diffstat (limited to 'application/models/muser.php')
| -rw-r--r-- | application/models/muser.php | 35 |
1 files changed, 18 insertions, 17 deletions
diff --git a/application/models/muser.php b/application/models/muser.php index 843b7cad6..b3c16bf78 100644 --- a/application/models/muser.php +++ b/application/models/muser.php @@ -67,14 +67,6 @@ class Muser extends CI_Model { { $username = $this->input->post("username"); $password = $this->input->post("password"); - $apikey = $this->input->post("apikey"); - - if ($apikey !== false) { - if ($this->apilogin(trim($apikey))) { - return true; - } - show_error("API key login failed", 401); - } // prefer post parameters if either (username or password) is set if ($username === false && $password === false) { @@ -84,19 +76,24 @@ class Muser extends CI_Model { } } - if ($apikey === false && $username !== false && $password !== false) { + if ($username !== false && $password !== false) { if ($this->login($username, $password)) { return true; } else { show_error("Login failed", 401); } } + + return null; } function apilogin($apikey) { $this->require_session(); + // get rid of spaces and newlines + $apikey = trim($apikey); + $query = $this->db->query(" SELECT a.user userid FROM apikeys a @@ -111,7 +108,7 @@ class Muser extends CI_Model { return true; } - return false; + show_error("API key login failed", 401); } function logout() @@ -168,22 +165,26 @@ class Muser extends CI_Model { return true; } - show_error("Access denied", 403); + show_error("Access denied: Access level too low", 403); } function require_access($wanted_level = "full") { + if ($this->input->post("apikey") !== false) { + $this->apilogin($this->input->post("apikey")); + } + + if (is_cli_client()) { + $this->login_cli_client(); + } + if ($this->logged_in()) { return $this->check_access_level($wanted_level); } + // if a CLI client reaches this point it failed to log in if (is_cli_client()) { - if ($this->login_cli_client()) { - return $this->check_access_level($wanted_level); - } - - echo "FileBin requires you to have an account, please go to the homepage for more information.\n"; - exit(); + show_error("Not authenticated. FileBin requires you to have an account, please go to the homepage for more information.\n", 401); } // desktop clients get redirected to the login form |