Don't check headers, simply verify user first, server second.

2024-12-22 14:41:29 +01:00 · 2001-08-27 09:40:16 +00:00 · 2001-08-27 09:40:16 +00:00 · 878aae8025
commit 878aae8025
parent a52878e3b3
1 changed files with 4 additions and 10 deletions
--- a/xmlrpc.php
+++ b/xmlrpc.php
@ -34,19 +34,13 @@
 		$auth = base64_decode(trim($tmp));
 		list($sessionid,$kp3) = split(':',$auth);

-		if($HTTP_SERVER_VARS['HTTP_X_PHPGW_SERVER'])
+		if($GLOBALS['phpgw']->session->verify($sessionid,$kp3))
 		{
-			if($GLOBALS['phpgw']->session->verify_server($sessionid,$kp3))
-			{
-				$server->authed = True;
-			}
+			$server->authed = True;
 		}
-		else
+		elseif($GLOBALS['phpgw']->session->verify_server($sessionid,$kp3))
 		{
-			if($GLOBALS['phpgw']->session->verify($sessionid,$kp3))
-			{
-				$server->authed = True;
-			}
+			$server->authed = True;
 		}
 	}