function _services_sessions_authenticate_call in Services 7.3
Same name and namespace in other branches
- 6.3 services.module \_services_sessions_authenticate_call()
Authenticates a call using Drupal's built in sessions
Return value
string Error message in case error occured.
1 string reference to '_services_sessions_authenticate_call'
- services_services_authentication_info in ./
services.module - Implementation of hook_services_authentication_info().
File
- ./
services.module, line 573 - Provides a generic but powerful API for web services.
Code
function _services_sessions_authenticate_call($module, $controller) {
global $user;
$original_user = services_get_server_info('original_user');
if ($original_user->uid == 0) {
return;
}
if ($controller['callback'] != '_user_resource_get_token') {
$non_safe_method_called = !in_array($_SERVER['REQUEST_METHOD'], array(
'GET',
'HEAD',
'OPTIONS',
'TRACE',
));
$csrf_token = NULL;
if (isset($_SERVER['HTTP_X_CSRF_TOKEN'])) {
$csrf_token = $_SERVER['HTTP_X_CSRF_TOKEN'];
}
elseif (isset($_REQUEST['services_token'])) {
$csrf_token = $_REQUEST['services_token'];
}
if ($non_safe_method_called && !drupal_valid_token($csrf_token, 'services')) {
return t('CSRF validation failed');
}
}
if ($user->uid != $original_user->uid) {
$user = $original_user;
}
}