The current ezpRestBasicAuthStyle class relies on ezc standard authentication-to-db tiein to verify is user is valid, by generating by hand the hash of the user password to validate in the db.

But this does not work in all cases:

• if HashType=md5_site or HashType=md5_password this will not work
• if there is a custom login handler in place, this will not work, as auth might be one against an external system (ldap, anyone???)
• it does not check for disabled users

Proposal to fix:

• store in ezc credentials struct the actual password received instead of the has
• implement a new ezcAuthenticationFilter that delegates authentication to the standard ezp login subsystem*
• to keep maximum backward compatibility of existing ezpRestBasicAuthStyle, and maximum speed/scalability (ez code will use ezdb instead of ezcdb for its authentication needs, thus generating 2 db connections instead of one), this can be wrapped up in a new "auth style" class: ezpRestAdvancedAuthStyle

• it would be nice to also wrap the code looping through loginhandlers in a php class outside of user/login view, move it maybe to eZUserLoginHandler