yet more session work

1 files changed, 21 insertions, 3 deletions

diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php
index da5af7659..02c4117da 100644
--- a/Zotlabs/Storage/BasicAuth.php
+++ b/Zotlabs/Storage/BasicAuth.php
@@ -73,6 +73,9 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
 	protected $timezone = '';
 
 
+	public $module_disabled = false;
+
+
 	/**
 	 * @brief Validates a username and password.
 	 *
@@ -92,7 +95,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
 				intval($record['account_id']),
 				intval($record['account_default_channel'])
 			);
-			if ($r) {
+			if($r && $this->check_module_access($r[0]['channel_id'])) {
 				return $this->setAuthenticated($r[0]);
 			}
 		}
@@ -109,13 +112,17 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
 					if ((($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED))
 					&& (hash('whirlpool', $record['account_salt'] . $password) === $record['account_password'])) {
 						logger('password verified for ' . $username);
-						return $this->setAuthenticated($r[0]);
+						if($this->check_module_access($r[0]['channel_id']))
+							return $this->setAuthenticated($r[0]);
 					}
 				}
 			}
 		}
 
-		$error = 'password failed for ' . $username;
+		if($this->module_disabled)
+			$error = 'module not enabled for ' . $username;
+		else
+			$error = 'password failed for ' . $username;
 		logger($error);
 		log_failed_login($error);
 
@@ -139,6 +146,17 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
 		return true;
 	}
 
+	protected function check_module_access($channel_id) {
+		if($channel_id && \App::$module === 'cdav') {
+			$x = get_pconfig($channel_id,'cdav','enabled');
+			if(! $x) {
+				$this->module_disabled = true;
+				return false;
+			}
+		}
+		return true;
+	}
+
 	/**
 	 * Sets the channel_name from the currently logged-in channel.
 	 *