Commit 054346d1 authored by thiaramus's avatar thiaramus
Browse files

Added dummy placeholder authorization class.

It is unsafe to use this authorization algorithm.
Needs to be updated in the nearest future.
parent 30f1279a
<?php
/*
* webJAM - A modern JAM MessageBase Editor
* Copyright (C) 2017 Philipp Giebel (stimpy@kuehlbox.wtf)
*
* This program is free software: you can redistribute it and/or modify it under the terms of the
* GNU General Public License as published by the Free Software Foundation, either version 3 of
* the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY;
* without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
* See the GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License along with this program.
* If not, see (http://www.gnu.org/licenses/).
*
* * filename: auth.inc.php
* * description: A temporary authorization class. Not secure at all, so beware...
* * author: Roman Litvinenko (temp@thiaramus.com)
*
*/
//@todo requires a lot of security improvements
$user = false;
$apiKey = filter_input(INPUT_SERVER, 'HTTP_X_API_TOKEN', FILTER_SANITIZE_STRING);
$apiUsername = filter_input(INPUT_SERVER, 'HTTP_X_API_USERNAME', FILTER_SANITIZE_STRING);
if ($apiKey != NULL) {
if (hash_equals(hash('sha256', $apiKey), $cfg['users'][$apiUsername]['password'])) {
$user = $cfg['users'][$apiUsername];
}
}
if ($user == false) {
http_response_code(401);
die('Unauthorized');
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment