function _services_sessions_authenticate_call in Services 7.3

Same name and namespace in other branches

6.3 services.module \_services_sessions_authenticate_call()

Authenticates a call using Drupal's built in sessions

Return value

string Error message in case error occured.

1 string reference to '_services_sessions_authenticate_call'

services_services_authentication_info in ./services.module: Implementation of hook_services_authentication_info().

File

./services.module, line 573: Provides a generic but powerful API for web services.

Code

function _services_sessions_authenticate_call($module, $controller) {
  global $user;
  $original_user = services_get_server_info('original_user');
  if ($original_user->uid == 0) {
    return;
  }
  if ($controller['callback'] != '_user_resource_get_token') {
    $non_safe_method_called = !in_array($_SERVER['REQUEST_METHOD'], array(
      'GET',
      'HEAD',
      'OPTIONS',
      'TRACE',
    ));
    $csrf_token = NULL;
    if (isset($_SERVER['HTTP_X_CSRF_TOKEN'])) {
      $csrf_token = $_SERVER['HTTP_X_CSRF_TOKEN'];
    }
    elseif (isset($_REQUEST['services_token'])) {
      $csrf_token = $_REQUEST['services_token'];
    }
    if ($non_safe_method_called && !drupal_valid_token($csrf_token, 'services')) {
      return t('CSRF validation failed');
    }
  }
  if ($user->uid != $original_user->uid) {
    $user = $original_user;
  }
}

You are here

function _services_sessions_authenticate_call in Services 7.3

Return value

File

Code

API Navigation