Api: Cleanup by moving password check to its own function

api/src/Sharing.php

@@ -200,12 +200,8 @@ class Sharing
 				"Requested resource '/".htmlspecialchars($token)."' does NOT exist!\n"
 			);
 		}
-
 		// check password, if required
-		if ($share['share_passwd'] && (empty($_SERVER['PHP_AUTH_PW']) ||
+		if(!static::check_password($share))
-			!(Auth::compare_password($_SERVER['PHP_AUTH_PW'], $share['share_passwd'], 'crypt') ||
-				Header\Authenticate::decode_password($_SERVER['PHP_AUTH_PW']) &&
-					Auth::compare_password($_SERVER['PHP_AUTH_PW'], $share['share_passwd'], 'crypt'))))
 		{
 			$realm = 'EGroupware share '.$share['share_token'];
 			header('WWW-Authenticate: Basic realm="'.$realm.'"');
@@ -217,6 +213,25 @@ class Sharing
 
 	}
 
+	/**
+	 * Check to see if the share needs a password, and if it does that the password
+	 * provided matches.
+	 *
+	 * @param Array $share
+	 * @return boolean Password OK (or not needed)
+	 */
+	protected static function check_password(Array $share)
+	{
+		if ($share['share_passwd'] && (empty($_SERVER['PHP_AUTH_PW']) ||
+			!(Auth::compare_password($_SERVER['PHP_AUTH_PW'], $share['share_passwd'], 'crypt') ||
+				Header\Authenticate::decode_password($_SERVER['PHP_AUTH_PW']) &&
+					Auth::compare_password($_SERVER['PHP_AUTH_PW'], $share['share_passwd'], 'crypt'))))
+		{
+			return false;
+		}
+		return true;
+	}
+
 	/**
 	 * Sub-class specific things needed to be done to the share before we try
 	 * to login