protected function initSession($params = array())
{
global $CFG_GLPI;
$this->checkAppToken();
$this->logEndpointUsage(__FUNCTION__);
if ((!isset($params['login']) || empty($params['login']) || !isset($params['password']) || empty($params['password'])) && (!isset($params['user_token']) || empty($params['user_token']))) {
$this->returnError(__("parameter(s) login, password or user_token are missing"), 400, "ERROR_LOGIN_PARAMETERS_MISSING");
}
$auth = new Auth();
// fill missing params (in case of user_token)
if (!isset($params['login'])) {
$params['login'] = '';
}
if (!isset($params['password'])) {
$params['password'] = '';
}
$noAuto = true;
if (isset($params['user_token']) && !empty($params['user_token'])) {
$_REQUEST['user_token'] = $params['user_token'];
$noAuto = false;
} else {
if (!$CFG_GLPI['enable_api_login_credentials']) {
$this->returnError(__("usage of initSession resource with credentials is disabled"), 400, "ERROR_LOGIN_WITH_CREDENTIALS_DISABLED", false);
}
}
// login on glpi
if (!$auth->Login($params['login'], $params['password'], $noAuto)) {
$err = Html::clean($auth->getErr());
if (isset($params['user_token']) && !empty($params['user_token'])) {
return $this->returnError(__("parameter user_token seems invalid"), 401, "ERROR_GLPI_LOGIN_USER_TOKEN", false);
}
return $this->returnError($err, 401, "ERROR_GLPI_LOGIN", false);
}
// stop session and return session key
session_write_close();
return array('session_token' => $_SESSION['valid_id']);
}