From d6a1cf0466c69609e55b939b8e45b47c3f95f968 Mon Sep 17 00:00:00 2001
From: Linty <lintydev@gmail.com>
Date: Wed, 29 Oct 2025 11:49:19 +0100
Subject: [PATCH] fixes #2424 remove connection by header from API key
 validation

Simplifies the API key validation in auth_key_login by removing the requirement for connection_by_header. Now, API keys matching the pattern are accepted regardless of the connection source.
---
 include/functions_user.inc.php | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/include/functions_user.inc.php b/include/functions_user.inc.php
index b52645b8e..29a0fdf68 100644
--- a/include/functions_user.inc.php
+++ b/include/functions_user.inc.php
@@ -1677,10 +1677,7 @@ function auth_key_login($auth_key, $connection_by_header=false)
   {
     $valid_key = 'auth_key';
   }
-  else if (
-    preg_match('/^pkid-\d{8}-[a-z0-9]{20}:[a-z0-9]{40}$/i', $auth_key)
-    and $connection_by_header
-    )
+  else if (preg_match('/^pkid-\d{8}-[a-z0-9]{20}:[a-z0-9]{40}$/i', $auth_key))
   {
     $valid_key = 'api_key';
     $tmp_key = explode(':', $auth_key);