iger
/
engelsystem
9
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

remove json auth feature (will be covered by api)

This commit is contained in:
Philip Häusler 2015-06-07 20:11:50 +02:00
parent bb53c6a20c
commit 1da5604f47
2 changed files with 0 additions and 42 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
includes/sys_auth.php
View File

@ -53,44 +53,6 @@ function verify_password($password, $salt, $uid = false) {
return $correct; return $correct;
} }
// JSON Authorisierungs-Schnittstelle
function json_auth_service() {
global $api_key;
header("Content-Type: application/json");
$User = $_REQUEST['user'];
$Pass = $_REQUEST['pw'];
$SourceOuth = $_REQUEST['so'];
if (isset($api_key) && $SourceOuth == $api_key) {
$sql = "SELECT `UID`, `Passwort` FROM `User` WHERE `Nick`='" . sql_escape($User) . "'";
$Erg = sql_select($sql);
if (count($Erg) == 1) {
$Erg = $Erg[0];
if (verify_password($Pass, $Erg["Passwort"], $Erg["UID"])) {
$user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`='" . sql_escape($UID) . "'");
foreach ($user_privs as $user_priv)
$privileges[] = $user_priv['name'];
$msg = array (
'status' => 'success',
'rights' => $privileges
);
echo json_encode($msg);
die();
}
}
}
echo json_encode(array (
'status' => 'failed',
'error' => "JSON Service GET syntax: https://engelsystem.de/?auth&user=<user>&pw=<password>&so=<key>, POST is possible too"
));
die();
}
function privileges_for_user($user_id) { function privileges_for_user($user_id) {
$privileges = array (); $privileges = array ();
$user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`='" . sql_escape($user_id) . "'"); $user_privs = sql_select("SELECT `Privileges`.`name` FROM `User` JOIN `UserGroups` ON (`User`.`UID` = `UserGroups`.`uid`) JOIN `GroupPrivileges` ON (`UserGroups`.`group_id` = `GroupPrivileges`.`group_id`) JOIN `Privileges` ON (`GroupPrivileges`.`privilege_id` = `Privileges`.`id`) WHERE `User`.`UID`='" . sql_escape($user_id) . "'");

4
public/index.php
View File

@ -1,10 +1,6 @@
<?php <?php
require_once realpath(__DIR__ . '/../includes/engelsystem_provider.php'); require_once realpath(__DIR__ . '/../includes/engelsystem_provider.php');
// JSON Authorisierung gewünscht?
if (isset($_REQUEST['auth']))
json_auth_service();
$free_pages = array( $free_pages = array(
'stats', 'stats',
'shifts_json_export_all', 'shifts_json_export_all',