aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--Zotlabs/Storage/BasicAuth.php24
-rw-r--r--Zotlabs/Web/Session.php4
2 files changed, 23 insertions, 5 deletions
diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php
index da5af7659..02c4117da 100644
--- a/Zotlabs/Storage/BasicAuth.php
+++ b/Zotlabs/Storage/BasicAuth.php
@@ -73,6 +73,9 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
protected $timezone = '';
+ public $module_disabled = false;
+
+
/**
* @brief Validates a username and password.
*
@@ -92,7 +95,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
intval($record['account_id']),
intval($record['account_default_channel'])
);
- if ($r) {
+ if($r && $this->check_module_access($r[0]['channel_id'])) {
return $this->setAuthenticated($r[0]);
}
}
@@ -109,13 +112,17 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
if ((($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED))
&& (hash('whirlpool', $record['account_salt'] . $password) === $record['account_password'])) {
logger('password verified for ' . $username);
- return $this->setAuthenticated($r[0]);
+ if($this->check_module_access($r[0]['channel_id']))
+ return $this->setAuthenticated($r[0]);
}
}
}
}
- $error = 'password failed for ' . $username;
+ if($this->module_disabled)
+ $error = 'module not enabled for ' . $username;
+ else
+ $error = 'password failed for ' . $username;
logger($error);
log_failed_login($error);
@@ -139,6 +146,17 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
return true;
}
+ protected function check_module_access($channel_id) {
+ if($channel_id && \App::$module === 'cdav') {
+ $x = get_pconfig($channel_id,'cdav','enabled');
+ if(! $x) {
+ $this->module_disabled = true;
+ return false;
+ }
+ }
+ return true;
+ }
+
/**
* Sets the channel_name from the currently logged-in channel.
*
diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php
index b1f5526ea..c26b3523c 100644
--- a/Zotlabs/Web/Session.php
+++ b/Zotlabs/Web/Session.php
@@ -13,8 +13,8 @@ namespace Zotlabs\Web;
class Session {
- static private $handler = null;
- static private $session_started = false;
+ private $handler = null;
+ private $session_started = false;
public function init() {