diff options
-rw-r--r-- | include/auth.php | 21 | ||||
-rw-r--r-- | include/reddav.php | 2 | ||||
-rw-r--r-- | include/security.php | 7 | ||||
-rw-r--r-- | mod/ping.php | 2 |
4 files changed, 23 insertions, 9 deletions
diff --git a/include/auth.php b/include/auth.php index a3b028c73..c21705c99 100644 --- a/include/auth.php +++ b/include/auth.php @@ -58,14 +58,17 @@ function account_verify_password($email,$pass) { } -// login/logout - +/** + * Inline - not a function + * look for auth parameters or re-validate an existing session + * also handles logout + */ +if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-params'))) || ($_POST['auth-params'] !== 'login'))) { - -if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-params'))) || ($_POST['auth-params'] !== 'login'))) { + // process a logout request if(((x($_POST,'auth-params')) && ($_POST['auth-params'] === 'logout')) || ($a->module === 'logout')) { @@ -77,6 +80,8 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p goaway(z_root()); } + // re-validate a visitor, optionally invoke "su" if permitted to do so + if(x($_SESSION,'visitor_id') && (! x($_SESSION,'uid'))) { // if our authenticated guest is allowed to take control of the admin channel, make it so. $admins = get_config('system','remote_admin'); @@ -106,9 +111,11 @@ if((isset($_SESSION)) && (x($_SESSION,'authenticated')) && ((! (x($_POST,'auth-p $a->set_groups(init_groups_visitor($_SESSION['visitor_id'])); } + // already logged in user returning + if(x($_SESSION,'uid') || x($_SESSION,'account_id')) { - // already logged in user returning + // first check if we're enforcing that sessions can't change IP address $check = get_config('system','paranoia'); // extra paranoia - if the IP changed, log them out @@ -150,6 +157,8 @@ else { nuke_session(); } + // handle a fresh login request + if((x($_POST,'password')) && strlen($_POST['password'])) $encrypted = hash('whirlpool',trim($_POST['password'])); @@ -188,7 +197,7 @@ else { notice( t('Failed authentication') . EOL); } - logger('authenticate: ' . print_r(get_app()->account,true)); + logger('authenticate: ' . print_r(get_app()->account,true), LOGGER_DEBUG); } diff --git a/include/reddav.php b/include/reddav.php index 6182aeacd..2a26ac42a 100644 --- a/include/reddav.php +++ b/include/reddav.php @@ -792,6 +792,7 @@ class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic { $this->channel_id = $r[0]['channel_id']; $this->channel_hash = $this->observer = $r[0]['channel_hash']; $_SESSION['uid'] = $r[0]['channel_id']; + $_SESSION['account_id'] = $r[0]['channel_account_id']; $_SESSION['authenticated'] = true; return true; } @@ -813,6 +814,7 @@ class RedBasicAuth extends Sabre\DAV\Auth\Backend\AbstractBasic { $this->channel_id = $r[0]['channel_id']; $this->channel_hash = $this->observer = $r[0]['channel_hash']; $_SESSION['uid'] = $r[0]['channel_id']; + $_SESSION['account_id'] = $r[0]['channel_account_id']; $_SESSION['authenticated'] = true; return true; } diff --git a/include/security.php b/include/security.php index 68dd573f7..f52615357 100644 --- a/include/security.php +++ b/include/security.php @@ -32,9 +32,12 @@ function authenticate_success($user_record, $login_initial = false, $interactive } - if($login_initial) + if($login_initial) { + call_hooks('logged_in', $user_record); - + + // might want to log success here + } if($return || x($_SESSION,'workflow')) { unset($_SESSION['workflow']); diff --git a/mod/ping.php b/mod/ping.php index 390613d7a..b9d9a9c77 100644 --- a/mod/ping.php +++ b/mod/ping.php @@ -28,7 +28,7 @@ function ping_init(&$a) { header("content-type: application/json"); - $result['invalid'] = ((local_user()) && (intval($_GET['uid'])) && (intval($_GET['uid']) != local_user()) ? 1 : 0); + $result['invalid'] = ((intval($_GET['uid'])) && (intval($_GET['uid']) != local_user()) ? 1 : 0); if(x($_SESSION,'sysmsg')){ foreach ($_SESSION['sysmsg'] as $m){ |