diff options
| author | Andrew Dolgov <[email protected]> | 2017-02-26 18:14:59 +0300 |
|---|---|---|
| committer | Andrew Dolgov <[email protected]> | 2017-02-26 18:14:59 +0300 |
| commit | 4059638262e135e4497e3f790914bd9cc476389e (patch) | |
| tree | 741384e60619122da1a92e89b17ab6ac75283a08 | |
| parent | 7c123353b57cb96d84fb7a6b311b0df1e56fa035 (diff) | |
show 401 errors if no http auth user is present
| -rw-r--r-- | backend.php | 3 | ||||
| -rw-r--r-- | index.php | 15 |
2 files changed, 10 insertions, 8 deletions
diff --git a/backend.php b/backend.php index c7d7ebc..b7298fa 100644 --- a/backend.php +++ b/backend.php @@ -12,7 +12,8 @@ $owner = SQLite3::escapeString($_SERVER["PHP_AUTH_USER"]); if (!$owner) { - print json_encode(["error" => "NOT_AUTHENTICATED"]); + header($_SERVER["SERVER_PROTOCOL"]." 401 Unauthorized"); + echo "Unauthorized"; die; } @@ -1,6 +1,14 @@ <?php require_once "config.php"; + $owner = SQLite3::escapeString($_SERVER["PHP_AUTH_USER"]); + + if (!$owner) { + header($_SERVER["SERVER_PROTOCOL"]." 401 Unauthorized"); + echo "Unauthorized"; + die; + } + if (!is_writable(SCRATCH_DB)) { die(SCRATCH_DB . " is not writable"); } @@ -95,13 +103,6 @@ require_once "config.php"; - $owner = SQLite3::escapeString($_SERVER["PHP_AUTH_USER"]); - - if (!$owner) { - print "<h1>Not authenticated</h1>"; - die; - } - $db = new SQLite3(CALIBRE_DB, SQLITE3_OPEN_READONLY); if ($query) { |