diff options
author | redmatrix <git@macgirvin.com> | 2016-05-16 22:01:33 -0700 |
---|---|---|
committer | redmatrix <git@macgirvin.com> | 2016-05-16 22:01:33 -0700 |
commit | 51edd472c2e007490bdad3198ba1b2a3d7a09c45 (patch) | |
tree | f2256217b36c388386a7f8e08c12f3897f486395 | |
parent | 1977ab35c0358ecb9f843af2c9db593a36abfaa1 (diff) | |
download | volse-hubzilla-51edd472c2e007490bdad3198ba1b2a3d7a09c45.tar.gz volse-hubzilla-51edd472c2e007490bdad3198ba1b2a3d7a09c45.tar.bz2 volse-hubzilla-51edd472c2e007490bdad3198ba1b2a3d7a09c45.zip |
yet more session work
-rw-r--r-- | Zotlabs/Storage/BasicAuth.php | 24 | ||||
-rw-r--r-- | Zotlabs/Web/Session.php | 4 |
2 files changed, 23 insertions, 5 deletions
diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php index da5af7659..02c4117da 100644 --- a/Zotlabs/Storage/BasicAuth.php +++ b/Zotlabs/Storage/BasicAuth.php @@ -73,6 +73,9 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic { protected $timezone = ''; + public $module_disabled = false; + + /** * @brief Validates a username and password. * @@ -92,7 +95,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic { intval($record['account_id']), intval($record['account_default_channel']) ); - if ($r) { + if($r && $this->check_module_access($r[0]['channel_id'])) { return $this->setAuthenticated($r[0]); } } @@ -109,13 +112,17 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic { if ((($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)) && (hash('whirlpool', $record['account_salt'] . $password) === $record['account_password'])) { logger('password verified for ' . $username); - return $this->setAuthenticated($r[0]); + if($this->check_module_access($r[0]['channel_id'])) + return $this->setAuthenticated($r[0]); } } } } - $error = 'password failed for ' . $username; + if($this->module_disabled) + $error = 'module not enabled for ' . $username; + else + $error = 'password failed for ' . $username; logger($error); log_failed_login($error); @@ -139,6 +146,17 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic { return true; } + protected function check_module_access($channel_id) { + if($channel_id && \App::$module === 'cdav') { + $x = get_pconfig($channel_id,'cdav','enabled'); + if(! $x) { + $this->module_disabled = true; + return false; + } + } + return true; + } + /** * Sets the channel_name from the currently logged-in channel. * diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index b1f5526ea..c26b3523c 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -13,8 +13,8 @@ namespace Zotlabs\Web; class Session { - static private $handler = null; - static private $session_started = false; + private $handler = null; + private $session_started = false; public function init() { |