baculum: Prevent opening new sessions for each request

[bacula/bacula] / gui / baculum / protected / Class / BaculumAPI.php

diff --git a/gui/baculum/protected/Class/BaculumAPI.php b/gui/baculum/protected/Class/BaculumAPI.php
index 46c152f7575a635c51e9a1a73749acb2efbf85bf..0ed249aede9d6c4d6abb0cafa2c17ba70bebd1e7 100644 (file)
--- a/gui/baculum/protected/Class/BaculumAPI.php
+++ b/gui/baculum/protected/Class/BaculumAPI.php
@@ -1,20 +1,23 @@
 <?php
-/**
- * Bacula® - The Network Backup Solution
- * Baculum - Bacula web interface
+/*
+ * Bacula(R) - The Network Backup Solution
+ * Baculum   - Bacula web interface
  *
  * Copyright (C) 2013-2015 Marcin Haba
  *
  * The main author of Baculum is Marcin Haba.
- * The main author of Bacula is Kern Sibbald, with contributions from many
- * others, a complete list can be found in the file AUTHORS.
+ * The original author of Bacula is Kern Sibbald, with contributions
+ * from many others, a complete list can be found in the file AUTHORS.
  *
  * You may use this file and others of this release according to the
  * license defined in the LICENSE file, which includes the Affero General
  * Public License, v3.0 ("AGPLv3") and some additional permissions and
  * terms pursuant to its AGPLv3 Section 7.
  *
- * Bacula® is a registered trademark of Kern Sibbald.
+ * This notice must be preserved when any source code is
+ * conveyed and/or propagated.
+ *
+ * Bacula(R) is a registered trademark of Kern Sibbald.
  */
  
 Prado::using('System.Exceptions.TException');
@@ -46,11 +49,22 @@ abstract class BaculumAPI extends TPage
                $db = new ActiveRecord();
                $db->getDbConnection();
                $this->director = isset($this->Request['director']) ? $this->Request['director'] : null;
-               $this->user = isset($this->Request['user']) ? $this->Request['user'] : null;
-               if(is_null($this->user) && $this->Application->getModule('configuration')->isApplicationConfig() === true) {
-                       $appConfig = ConfigurationManager::getApplicationConfig();
-                       // @TOFIX: Baculum API layer should not use $_SERVER variables.
-                       $this->user = isset($_SERVER['PHP_AUTH_USER']) && $_SERVER['PHP_AUTH_USER'] != $appConfig['baculum']['login'] ? $_SERVER['PHP_AUTH_USER'] : null;
+
+               $user = isset($_SERVER['HTTP_X_BACULUM_USER']) ? $_SERVER['HTTP_X_BACULUM_USER']: null;
+               $pwd = isset($_SERVER['HTTP_X_BACULUM_PWD']) ? $_SERVER['HTTP_X_BACULUM_PWD']: null;
+               if(!is_null($user) && !is_null($pwd)) {
+                       $logged = $this->Application->getModule('users')->loginUser($user, $pwd);
+                       if ($logged === true) {
+                               $this->user = ($this->User->getIsAdmin() === false) ? $user : null;
+                       } else {
+                               $this->output = AuthorizationError::MSG_ERROR_AUTHORIZATION_TO_WEBGUI_PROBLEM;
+                               $this->error = AuthorizationError::ERROR_AUTHORIZATION_TO_WEBGUI_PROBLEM;
+                               return;
+                       }
+               } else {
+                       $this->output = AuthorizationError::MSG_ERROR_AUTHORIZATION_TO_WEBGUI_PROBLEM;
+                       $this->error = AuthorizationError::ERROR_AUTHORIZATION_TO_WEBGUI_PROBLEM;
+                       return;
                }
 
                switch($_SERVER['REQUEST_METHOD']) {