diff --git a/include/user.inc.php b/include/user.inc.php
index ce2f74c86..7719a1162 100644
--- a/include/user.inc.php
+++ b/include/user.inc.php
@@ -56,6 +56,22 @@ if (isset($_GET['auth']))
auth_key_login($_GET['auth']);
}
+if (
+ defined('IN_WS')
+ and isset($_REQUEST['method'])
+ and 'pwg.images.uploadAsync' == $_REQUEST['method']
+ and isset($_POST['username'])
+ and isset($_POST['password'])
+)
+{
+ if (!try_log_user($_POST['username'], $_POST['password'], false))
+ {
+ include_once(PHPWG_ROOT_PATH.'include/ws_init.inc.php');
+ $service->sendResponse(new PwgError(999, 'Invalid username/password'));
+ exit();
+ }
+}
+
$user = build_user( $user['id'],
( defined('IN_ADMIN') and IN_ADMIN ) ? false : true // use cache ?
);
diff --git a/include/ws_functions/pwg.images.php b/include/ws_functions/pwg.images.php
index 302db82d6..ca26b5454 100644
--- a/include/ws_functions/pwg.images.php
+++ b/include/ws_functions/pwg.images.php
@@ -1473,26 +1473,15 @@ function ws_images_uploadAsync($params, &$service)
{
global $conf, $user, $logger;
+ // the username/password parameters have been used in include/user.inc.php
+ // to authenticate the request (a much better time/place than here)
+
// additional check for some parameters
if (!preg_match('/^[a-fA-F0-9]{32}$/', $params['original_sum']))
{
return new PwgError(WS_ERR_INVALID_PARAM, 'Invalid original_sum');
}
- if (!try_log_user($params['username'], $params['password'], false))
- {
- return new PwgError(999, 'Invalid username/password');
- }
-
- // build $user
- // include(PHPWG_ROOT_PATH.'include/user.inc.php');
- $user = build_user($user['id'], false);
-
- if (!is_admin())
- {
- return new PwgError(401, 'Admin status is required.');
- }
-
if ($params['image_id'] > 0)
{
$query='
diff --git a/include/ws_init.inc.php b/include/ws_init.inc.php
new file mode 100644
index 000000000..444d87b29
--- /dev/null
+++ b/include/ws_init.inc.php
@@ -0,0 +1,69 @@
+setHandler($requestFormat, $handler);
+}
+
+if (!is_null($responseFormat))
+{
+ $encoder = null;
+ switch ($responseFormat)
+ {
+ case 'rest':
+ include_once(PHPWG_ROOT_PATH.'include/ws_protocols/rest_encoder.php');
+ $encoder = new PwgRestEncoder();
+ break;
+ case 'php':
+ include_once(PHPWG_ROOT_PATH.'include/ws_protocols/php_encoder.php');
+ $encoder = new PwgSerialPhpEncoder();
+ break;
+ case 'json':
+ include_once(PHPWG_ROOT_PATH.'include/ws_protocols/json_encoder.php');
+ $encoder = new PwgJsonEncoder();
+ break;
+ case 'xmlrpc':
+ include_once(PHPWG_ROOT_PATH.'include/ws_protocols/xmlrpc_encoder.php');
+ $encoder = new PwgXmlRpcEncoder();
+ break;
+ }
+ $service->setEncoder($responseFormat, $encoder);
+}
+
+set_make_full_url();
\ No newline at end of file
diff --git a/ws.php b/ws.php
index 848174048..7fd7b8a8f 100644
--- a/ws.php
+++ b/ws.php
@@ -17,65 +17,8 @@ if ( !$conf['allow_web_services'] )
page_forbidden('Web services are disabled');
}
-include_once(PHPWG_ROOT_PATH.'include/ws_core.inc.php');
+include_once(PHPWG_ROOT_PATH.'include/ws_init.inc.php');
-add_event_handler('ws_add_methods', 'ws_addDefaultMethods');
-add_event_handler('ws_invoke_allowed', 'ws_isInvokeAllowed', EVENT_HANDLER_PRIORITY_NEUTRAL, 3);
-
-$requestFormat = 'rest';
-$responseFormat = null;
-
-if ( isset($_GET['format']) )
-{
- $responseFormat = $_GET['format'];
-}
-
-if ( !isset($responseFormat) and isset($requestFormat) )
-{
- $responseFormat = $requestFormat;
-}
-
-$service = new PwgServer();
-
-if (!is_null($requestFormat))
-{
- $handler = null;
- switch ($requestFormat)
- {
- case 'rest':
- include_once(PHPWG_ROOT_PATH.'include/ws_protocols/rest_handler.php');
- $handler = new PwgRestRequestHandler();
- break;
- }
- $service->setHandler($requestFormat, $handler);
-}
-
-if (!is_null($responseFormat))
-{
- $encoder = null;
- switch ($responseFormat)
- {
- case 'rest':
- include_once(PHPWG_ROOT_PATH.'include/ws_protocols/rest_encoder.php');
- $encoder = new PwgRestEncoder();
- break;
- case 'php':
- include_once(PHPWG_ROOT_PATH.'include/ws_protocols/php_encoder.php');
- $encoder = new PwgSerialPhpEncoder();
- break;
- case 'json':
- include_once(PHPWG_ROOT_PATH.'include/ws_protocols/json_encoder.php');
- $encoder = new PwgJsonEncoder();
- break;
- case 'xmlrpc':
- include_once(PHPWG_ROOT_PATH.'include/ws_protocols/xmlrpc_encoder.php');
- $encoder = new PwgXmlRpcEncoder();
- break;
- }
- $service->setEncoder($responseFormat, $encoder);
-}
-
-set_make_full_url();
$service->run();
@@ -540,7 +483,7 @@ function ws_addDefaultMethods( $arr )
You can update an existing photo if you define an existing image_id.
Requires admin credentials.',
$ws_functions_root . 'pwg.images.php',
- array('post_only'=>true)
+ array('admin_only'=>true, 'post_only'=>true)
);
$service->addMethod(