function authenticate()
{
global $db, $authRealm, $style;
$rmt = $authRealm != false;
$extAuth = externalAuth();
if (!$rmt || $extAuth === false) {
// built-in authentication attempt
if (empty($_REQUEST['u']) || !isset($_POST['p'])) {
// simple logout
return false;
}
$authData = array("user" => $_REQUEST['u'], "pass" => $_POST['p'], "email" => false);
} else {
// external authentication
if (isset($_REQUEST['u']) && empty($_REQUEST['u'])) {
// remote logout
header('HTTP/1.0 401 Unauthorized');
header('WWW-Authenticate: Basic realm="' . $authRealm . '"');
includeTemplate("{$style}/include/rmtlogout.php");
return null;
}
$authData = $extAuth;
}
// verify if we have administration rights
$DATA = userLogin($authData["user"], $authData["pass"], $rmt, $authData["email"]);
// check if the external authenticator provides an email address
if ($DATA !== false && empty($DATA["email"])) {
$DATA['email'] = $authData["email"];
}
return $DATA;
}
// download ticket system
include "include/init.php";
require_once "include/admfuncs.php";
require_once "include/entry.php";
// server checks
if (!isset($_SERVER["PATH_INFO"])) {
logError("missing PATH_INFO, cannot continue");
httpBadRequest();
}
// ContentType is always JSON
header("Content-Type: application/json");
// authentication
$rmt = $authRealm != false;
if (isset($_SERVER['HTTP_X_AUTHORIZATION'])) {
$extAuth = externalAuth();
$authData = httpBasicDecode($_SERVER['HTTP_X_AUTHORIZATION']);
if ($rmt || $extAuth !== false) {
// enforce double auth/consistency when using remote authentication
if ($authData === false || $extAuth === false || $authData["user"] !== $extAuth["user"] || $extAuth["pass"] !== false && $authData["pass"] !== $extAuth["pass"]) {
logError('inconsistent double authorization token');
unset($authData);
}
}
}
if (isset($authData)) {
if (empty($authData["user"]) || !$rmt && empty($authData["pass"])) {
logError('missing credentials');
httpUnauthorized();
}
$auth = userLogin($authData["user"], $authData["pass"], $rmt);
