Fix sftpgo-auth.php

2023-03-09 14:40:26 +01:00 · 2023-03-09 14:40:26 +01:00 · 887ddd2474
parent ca0759c8ab
commit 887ddd2474
1 changed files with 27 additions and 16 deletions
--- a/sftpgo-auth.php
+++ b/sftpgo-auth.php
@ -2,27 +2,38 @@

 require 'router.php';

+function deny() {
+	http_response_code(403);
+	exit();
+}
+
+if (CONF['common']['services']['ht'] !== 'enabled')
+	deny();
+
 $auth_data = json_decode(file_get_contents('php://input'), true);

 $username = hashUsername($auth_data['username']);

+if (usernameExists($username) !== true)
+	deny();
+
 $id = query('select', 'users', ['username' => $username], 'id')[0];

-if (usernameExists($username) === true AND checkPassword($id, $auth_data['password']) === true) {
-	echo '
-	{
-		"status": 1,
-		"username": ' . json_encode($auth_data['username']) . ',
-		"home_dir": "' . CONF['ht']['ht_path'] . '/' . $id . '",
-		"quota_size": ' . ((query('select', 'users', ['id' => $id], 'type')[0] === 'approved') ? CONF['ht']['user_quota_approved'] : CONF['ht']['user_quota_testing']) . ',
-		"permissions": {
-			"/": [
-				"*"
-			]
-		}
+if (checkPassword($id, $auth_data['password']) !== true)
+	deny();
+
+echo '
+{
+	"status": 1,
+	"username": ' . json_encode($auth_data['username']) . ',
+	"home_dir": "' . CONF['ht']['ht_path'] . '/' . $id . '",
+	"quota_size": ' . ((query('select', 'users', ['id' => $id], 'type')[0] === 'approved') ? CONF['ht']['user_quota_approved'] : CONF['ht']['user_quota_testing']) . ',
+	"permissions": {
+		"/": [
+			"*"
+		]
 	}
-	';
-	http_response_code(200);
-} else {
-	http_response_code(403);
 }
+';
+http_response_code(200);
+