summaryrefslogtreecommitdiffstats
path: root/application/models
diff options
context:
space:
mode:
Diffstat (limited to 'application/models')
-rw-r--r--application/models/mfile.php2
-rw-r--r--application/models/muser.php67
2 files changed, 59 insertions, 10 deletions
diff --git a/application/models/mfile.php b/application/models/mfile.php
index a7bab5d51..aaeebccaf 100644
--- a/application/models/mfile.php
+++ b/application/models/mfile.php
@@ -310,7 +310,7 @@ class Mfile extends CI_Model {
function delete_id($id)
{
- $this->muser->require_access();
+ $this->muser->require_access("apikey");
$filedata = $this->get_filedata($id);
$userid = $this->muser->get_userid();
diff --git a/application/models/muser.php b/application/models/muser.php
index 639b5ee3a..312d895e5 100644
--- a/application/models/muser.php
+++ b/application/models/muser.php
@@ -67,6 +67,14 @@ class Muser extends CI_Model {
{
$username = $this->input->post("username");
$password = $this->input->post("password");
+ $apikey = $this->input->post("apikey");
+
+ if ($apikey !== false) {
+ if ($this->apilogin(trim($apikey))) {
+ return true;
+ }
+ show_error("API key login failed", 401);
+ }
// prefer post parameters if either (username or password) is set
if ($username === false && $password === false) {
@@ -76,18 +84,39 @@ class Muser extends CI_Model {
}
}
- if ($username !== false && $password !== false) {
+ if ($apikey === false && $username !== false && $password !== false) {
if ($this->login($username, $password)) {
return true;
} else {
- // TODO: better message
- $this->output->set_status_header(401);
- echo "login failed.\n";
- exit;
+ show_error("Login failed", 401);
}
}
}
+ function apilogin($apikey)
+ {
+ $this->require_session();
+
+ // FIXME: get username/id from duser or move them to apikeys table
+ // (users is empty when using any other driver than duser_db)
+ $query = $this->db->query("
+ SELECT a.user userid, u.username
+ FROM apikeys a
+ JOIN users u on a.user = u.id
+ WHERE a.key = ?
+ ", array($apikey))->row_array();
+
+ if (isset($query["userid"])) {
+ $this->session->set_userdata('logged_in', true);
+ $this->session->set_userdata('username', $query["username"]);
+ $this->session->set_userdata('userid', $query["userid"]);
+ $this->session->set_userdata('access_level', 'apikey');
+ return true;
+ }
+
+ return false;
+ }
+
function logout()
{
$this->require_session();
@@ -124,16 +153,36 @@ class Muser extends CI_Model {
return $this->duser->get_email($userid);
}
- function require_access()
+ private function check_access_level($wanted_level)
{
- if ($this->logged_in()) {
+ $session_level = $this->session->userdata("access_level");
+
+ // last level has the most access
+ $levels = array("apikey", "full");
+
+ $wanted = array_search($wanted_level, $levels);
+ $have = array_search($session_level, $levels);
+
+ if ($wanted === false || $have === false) {
+ show_error("Failed to determine access level");
+ }
+
+ if ($have >= $wanted) {
return true;
}
- // handle cli clients
+ show_error("Access denied", 403);
+ }
+
+ function require_access($wanted_level = "full")
+ {
+ if ($this->logged_in()) {
+ return $this->check_access_level($wanted_level);
+ }
+
if (is_cli_client()) {
if ($this->login_cli_client()) {
- return true;
+ return $this->check_access_level($wanted_level);
}
echo "FileBin requires you to have an account, please go to the homepage for more information.\n";