From fe13bd81bd93d84c12b23f8daa1f60c8a003d30b Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sat, 15 Oct 2011 16:30:15 +0200
Subject: Fix XML-RPC login method FS#2324

The login wasn't able to modify the session as it was already closed
earlier.

This patch also executes the correct event when logins via XMLRPC are
done.
---
 lib/exe/xmlrpc.php | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

(limited to 'lib/exe')

diff --git a/lib/exe/xmlrpc.php b/lib/exe/xmlrpc.php
index 6553d043f..8e4141d4e 100644
--- a/lib/exe/xmlrpc.php
+++ b/lib/exe/xmlrpc.php
@@ -858,11 +858,22 @@ class dokuwiki_xmlrpc_server extends IXR_IntrospectionServer {
         global $auth;
         if(!$conf['useacl']) return 0;
         if(!$auth) return 0;
+
+        @session_start(); // reopen session for login
         if($auth->canDo('external')){
-            return $auth->trustExternal($user,$pass,false);
+            $ok = $auth->trustExternal($user,$pass,false);
         }else{
-            return auth_login($user,$pass,false,true);
+            $evdata = array(
+                'user'     => $user,
+                'password' => $pass,
+                'sticky'   => false,
+                'silent'   => true,
+            );
+            $ok = trigger_event('AUTH_LOGIN_CHECK', $evdata, 'auth_login_wrapper');
         }
+        session_write_close(); // we're done with the session
+
+        return $ok;
     }
 
 
-- 
cgit v1.2.3