aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorredmatrix <git@macgirvin.com>2016-05-16 22:01:33 -0700
committerredmatrix <git@macgirvin.com>2016-05-16 22:01:33 -0700
commit51edd472c2e007490bdad3198ba1b2a3d7a09c45 (patch)
treef2256217b36c388386a7f8e08c12f3897f486395
parent1977ab35c0358ecb9f843af2c9db593a36abfaa1 (diff)
downloadvolse-hubzilla-51edd472c2e007490bdad3198ba1b2a3d7a09c45.tar.gz
volse-hubzilla-51edd472c2e007490bdad3198ba1b2a3d7a09c45.tar.bz2
volse-hubzilla-51edd472c2e007490bdad3198ba1b2a3d7a09c45.zip
yet more session work
-rw-r--r--Zotlabs/Storage/BasicAuth.php24
-rw-r--r--Zotlabs/Web/Session.php4
2 files changed, 23 insertions, 5 deletions
diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php
index da5af7659..02c4117da 100644
--- a/Zotlabs/Storage/BasicAuth.php
+++ b/Zotlabs/Storage/BasicAuth.php
@@ -73,6 +73,9 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
protected $timezone = '';
+ public $module_disabled = false;
+
+
/**
* @brief Validates a username and password.
*
@@ -92,7 +95,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
intval($record['account_id']),
intval($record['account_default_channel'])
);
- if ($r) {
+ if($r && $this->check_module_access($r[0]['channel_id'])) {
return $this->setAuthenticated($r[0]);
}
}
@@ -109,13 +112,17 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
if ((($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED))
&& (hash('whirlpool', $record['account_salt'] . $password) === $record['account_password'])) {
logger('password verified for ' . $username);
- return $this->setAuthenticated($r[0]);
+ if($this->check_module_access($r[0]['channel_id']))
+ return $this->setAuthenticated($r[0]);
}
}
}
}
- $error = 'password failed for ' . $username;
+ if($this->module_disabled)
+ $error = 'module not enabled for ' . $username;
+ else
+ $error = 'password failed for ' . $username;
logger($error);
log_failed_login($error);
@@ -139,6 +146,17 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
return true;
}
+ protected function check_module_access($channel_id) {
+ if($channel_id && \App::$module === 'cdav') {
+ $x = get_pconfig($channel_id,'cdav','enabled');
+ if(! $x) {
+ $this->module_disabled = true;
+ return false;
+ }
+ }
+ return true;
+ }
+
/**
* Sets the channel_name from the currently logged-in channel.
*
diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php
index b1f5526ea..c26b3523c 100644
--- a/Zotlabs/Web/Session.php
+++ b/Zotlabs/Web/Session.php
@@ -13,8 +13,8 @@ namespace Zotlabs\Web;
class Session {
- static private $handler = null;
- static private $session_started = false;
+ private $handler = null;
+ private $session_started = false;
public function init() {