<?php
include_once 'User.class.php';
// Requests from the same server don't have a HTTP_ORIGIN header
if (!array_key_exists('HTTP_ORIGIN', $_SERVER)) {
$_SERVER['HTTP_ORIGIN'] = $_SERVER['SERVER_NAME'];
}
//echo "_REQUEST : " . var_dump($_REQUEST)."<br/><br/>"; // requests starts with everything AFTER 10.0.0.10/api/
//excho "_SERVER[REQUEST_URI] : " . var_dump($_SERVER['REQUEST_URI'])."<br/><br/>";
try {
$user = array_key_exists('PHP_AUTH_USER', $_SERVER) ? $_SERVER['PHP_AUTH_USER'] : "";
$pass = array_key_exists('PHP_AUTH_PW', $_SERVER) ? $_SERVER['PHP_AUTH_PW'] : "";
$pass_hash = substr(crypt($pass, '$2y$09$' . apiDB::getPWSalt() . '$'), 29);
$message = "";
$validated = apiDB::validate($user, $pass_hash, $message);
if ($validated < -1) {
header('WWW-Authenticate: Basic realm="SASSCAL Weather"');
header('HTTP/1.0 401 Unauthorized');
die($message . $validated);
} else {
if ($validated < 0) {
echo $message;
} else {
error_log("AUTHORIZED AS -" . $user . "- -" . $pass_hash . "-\r\n", 3, "/var/tmp/auth.log");
$args = explode('/', rtrim($_REQUEST['request'], '/'));
$firstclass = strtolower(array_shift($args));
//pop first object off the URL
$extension = "html";
//ignore the extension if there is one.
if (sizeof($args) == 0 && strrpos($firstclass, ".") !== false) {
$extension = substr($firstclass, strrpos($firstclass, ".") + 1);
