From 00f1efb38d2a022fff7a2739e5247d1e8092cd27 Mon Sep 17 00:00:00 2001
From: xdrm-brackets <doowap31@gmail.com>
Date: Fri, 27 Oct 2017 18:15:37 +0200
Subject: [PATCH] minfix + avoid session_guard.child for SATS api call

---
 public_html/index.php | 9 ++++++---
 1 file changed, 6 insertions(+), 3 deletions(-)

diff --git a/public_html/index.php b/public_html/index.php
index 57226ca..ce1ae76 100755
--- a/public_html/index.php
+++ b/public_html/index.php
@@ -154,12 +154,15 @@
 
 		/* (4) api/module/method -> Api */
 		$R->post('api(?:(/.*))/?', function($url){
-			$GLOBALS['page_log']->log('api.call('.$_SERVER['HTTP_X_TREE_TOKEN'].')');
+			if( isset($_SERVER['HTTP_X_TREE_TOKEN']) )
+				$GLOBALS['page_log']->log('api.call('.$_SERVER['HTTP_X_TREE_TOKEN'].')');
 
 			header('Content-Type: application/json; charset=UTF-8');
 
-			if( !$GLOBALS['session_guard']->init_child() )
-				die(json_encode([ 'error' => 100, 'ErrorDescription' => 'session_guard.child error' ]));
+			// {1} Allow authed SATS not to be checked by session_guard.child //
+			if( $GLOBALS['auth'] < 3 || !isset($_SERVER['PHP_AUTH_DIGEST']) )
+				if( !$GLOBALS['session_guard']->init_child() )
+					die(json_encode([ 'error' => 100, 'ErrorDescription' => 'session_guard.child error' ]));
 
 			$request = Request::remote($url[0]);
 			$answer  = $request->dispatch();