diff options
| author | Tony Baldwin <tonybaldwin@gmx.com> | 2014-03-09 19:22:54 -0400 |
|---|---|---|
| committer | Tony Baldwin <tonybaldwin@gmx.com> | 2014-03-09 19:22:54 -0400 |
| commit | 5cca00ddc79dad667464674e08a2a860e262eabd (patch) | |
| tree | 53df980e32a6706e977a5a2276e0f9aa9ec09300 /include/auth.php | |
| parent | 67166180bb560276273a20bcd9ca2a7aae036aba (diff) | |
| parent | a79072ce478a999b06df38ae324fbcef6d3a76e7 (diff) | |
| download | volse-hubzilla-5cca00ddc79dad667464674e08a2a860e262eabd.tar.gz volse-hubzilla-5cca00ddc79dad667464674e08a2a860e262eabd.tar.bz2 volse-hubzilla-5cca00ddc79dad667464674e08a2a860e262eabd.zip | |
Merge remote-tracking branch 'upstream/master'
Conflicts:
view/theme/redbasic/tpl/theme_settings.tpl
reset to upstream
Diffstat (limited to 'include/auth.php')
| -rw-r--r-- | include/auth.php | 21 |
1 files changed, 15 insertions, 6 deletions
diff --git a/include/auth.php b/include/auth.php index a3b028c73..c21705c99 100644 --- a/include/auth.php +++ b/include/auth.php @@ -58,14 +58,17 @@ function account_verify_password($email,$pass) { } -// login/logout - +/** + * Inline - not a function + * look for auth parameters or re-validate an existing session + * also handles logout + */ +if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-params'))) || ($_POST['auth-params'] !== 'login'))) { - -if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-params'))) || ($_POST['auth-params'] !== 'login'))) { + // process a logout request if(((x($_POST,'auth-params')) && ($_POST['auth-params'] === 'logout')) || ($a->module === 'logout')) { @@ -77,6 +80,8 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p goaway(z_root()); } + // re-validate a visitor, optionally invoke "su" if permitted to do so + if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) { // if our authenticated guest is allowed to take control of the admin channel, make it so. $admins = get_config('system','remote_admin'); @@ -106,9 +111,11 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p $a->set_groups(init_groups_visitor($_SESSION['visitor_id'])); } + // already logged in user returning + if(x($_SESSION,'uid') || x($_SESSION,'account_id')) { - // already logged in user returning + // first check if we're enforcing that sessions can't change IP address $check = get_config('system','paranoia'); // extra paranoia - if the IP changed, log them out @@ -150,6 +157,8 @@ else { nuke_session(); } + // handle a fresh login request + if((x($_POST,'password')) && strlen($_POST['password'])) $encrypted = hash('whirlpool',trim($_POST['password'])); @@ -188,7 +197,7 @@ else { notice( t('Failed authentication') . EOL); } - logger('authenticate: ' . print_r(get_app()->account,true)); + logger('authenticate: ' . print_r(get_app()->account,true), LOGGER_DEBUG); } |