Changeset 1710
- Timestamp:
- 08/29/08 22:09:51 (3 months ago)
- Files:
-
- 1 modified
-
branches/3.4/server/xml.server.php (modified) (2 diffs)
Legend:
- Unmodified
- Added
- Removed
-
branches/3.4/server/xml.server.php
r1518 r1710 49 49 * login via this interface so we do have an exception for action=login 50 50 */ 51 if (!Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$_REQUEST['user'],'5')) {52 debug_event('Access Denied','Unathorized access attempt to API [' . $_SERVER['REMOTE_ADDR'] . ']', '3');53 ob_end_clean();54 echo xmlData::error('403','ACL Error');55 exit();56 }57 58 51 if ((!vauth::session_exists('api', $_REQUEST['auth']) AND $_REQUEST['action'] != 'handshake')) { 59 52 debug_event('Access Denied','Invalid Session attempt to API [' . $_REQUEST['action'] . ']','3'); … … 63 56 } 64 57 65 // If we make it past the check and we're not a hand-shaking then we should extend the session 66 if ($_REQUEST['action'] != 'handshake') { 58 // If the session exists then let's try to pull some data from it to see if we're still allowed to do this 59 $session = vauth::get_session_data($_REQUEST['auth']); 60 $username = ($_REQUEST['action'] == 'handshake') ? $_REQUEST['user'] : $session['username']; 61 62 if (!Access::check_network('init-api',$_SERVER['REMOTE_ADDR'],$username,'5')) { 63 debug_event('Access Denied','Unathorized access attempt to API [' . $_SERVER['REMOTE_ADDR'] . ']', '3'); 64 ob_end_clean(); 65 echo xmlData::error('403','ACL Error'); 66 exit(); 67 } 68 69 if (!$_REQUEST['action'] != 'handshake') { 67 70 vauth::session_extend($_REQUEST['auth']); 68 $session = vauth::get_session_data($_REQUEST['auth']);69 71 $GLOBALS['user'] = User::get_from_username($session['username']); 70 72 } 73 71 74 72 75 switch ($_REQUEST['action']) {
