summaryrefslogtreecommitdiffstats
path: root/application/models
diff options
context:
space:
mode:
authorFlorian Pritz <bluewind@xinu.at>2013-09-03 15:49:46 +0200
committerFlorian Pritz <bluewind@xinu.at>2013-09-03 15:49:46 +0200
commit26e2f14fb02bc6dd3df3e516f57a51b628a2e4c2 (patch)
tree8d6c7b87844b1319adab7f25d7ef5c7c51e0e513 /application/models
parentfbd587a62dc1d84e4ebf3917ecdb86270ea8a48d (diff)
parent69e0cba93445496e7b045b54ecefe8243276fd50 (diff)
Merge branch 'working'
Diffstat (limited to 'application/models')
-rw-r--r--application/models/mfile.php1
-rw-r--r--application/models/muser.php35
2 files changed, 18 insertions, 18 deletions
diff --git a/application/models/mfile.php b/application/models/mfile.php
index fe762d954..e862f1930 100644
--- a/application/models/mfile.php
+++ b/application/models/mfile.php
@@ -312,7 +312,6 @@ class Mfile extends CI_Model {
function delete_id($id)
{
- $this->muser->require_access("apikey");
$filedata = $this->get_filedata($id);
$userid = $this->muser->get_userid();
diff --git a/application/models/muser.php b/application/models/muser.php
index 843b7cad6..b3c16bf78 100644
--- a/application/models/muser.php
+++ b/application/models/muser.php
@@ -67,14 +67,6 @@ class Muser extends CI_Model {
{
$username = $this->input->post("username");
$password = $this->input->post("password");
- $apikey = $this->input->post("apikey");
-
- if ($apikey !== false) {
- if ($this->apilogin(trim($apikey))) {
- return true;
- }
- show_error("API key login failed", 401);
- }
// prefer post parameters if either (username or password) is set
if ($username === false && $password === false) {
@@ -84,19 +76,24 @@ class Muser extends CI_Model {
}
}
- if ($apikey === false && $username !== false && $password !== false) {
+ if ($username !== false && $password !== false) {
if ($this->login($username, $password)) {
return true;
} else {
show_error("Login failed", 401);
}
}
+
+ return null;
}
function apilogin($apikey)
{
$this->require_session();
+ // get rid of spaces and newlines
+ $apikey = trim($apikey);
+
$query = $this->db->query("
SELECT a.user userid
FROM apikeys a
@@ -111,7 +108,7 @@ class Muser extends CI_Model {
return true;
}
- return false;
+ show_error("API key login failed", 401);
}
function logout()
@@ -168,22 +165,26 @@ class Muser extends CI_Model {
return true;
}
- show_error("Access denied", 403);
+ show_error("Access denied: Access level too low", 403);
}
function require_access($wanted_level = "full")
{
+ if ($this->input->post("apikey") !== false) {
+ $this->apilogin($this->input->post("apikey"));
+ }
+
+ if (is_cli_client()) {
+ $this->login_cli_client();
+ }
+
if ($this->logged_in()) {
return $this->check_access_level($wanted_level);
}
+ // if a CLI client reaches this point it failed to log in
if (is_cli_client()) {
- if ($this->login_cli_client()) {
- return $this->check_access_level($wanted_level);
- }
-
- echo "FileBin requires you to have an account, please go to the homepage for more information.\n";
- exit();
+ show_error("Not authenticated. FileBin requires you to have an account, please go to the homepage for more information.\n", 401);
}
// desktop clients get redirected to the login form