diff options
| -rw-r--r-- | Zotlabs/Storage/BasicAuth.php | 24 | ||||
| -rw-r--r-- | Zotlabs/Web/Session.php | 4 |
2 files changed, 23 insertions, 5 deletions
diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php index da5af7659..02c4117da 100644 --- a/Zotlabs/Storage/BasicAuth.php +++ b/Zotlabs/Storage/BasicAuth.php @@ -73,6 +73,9 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic { protected $timezone = ''; + public $module_disabled = false; + + /** * @brief Validates a username and password. * @@ -92,7 +95,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic { intval($record['account_id']), intval($record['account_default_channel']) ); - if ($r) { + if($r && $this->check_module_access($r[0]['channel_id'])) { return $this->setAuthenticated($r[0]); } } @@ -109,13 +112,17 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic { if ((($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)) && (hash('whirlpool', $record['account_salt'] . $password) === $record['account_password'])) { logger('password verified for ' . $username); - return $this->setAuthenticated($r[0]); + if($this->check_module_access($r[0]['channel_id'])) + return $this->setAuthenticated($r[0]); } } } } - $error = 'password failed for ' . $username; + if($this->module_disabled) + $error = 'module not enabled for ' . $username; + else + $error = 'password failed for ' . $username; logger($error); log_failed_login($error); @@ -139,6 +146,17 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic { return true; } + protected function check_module_access($channel_id) { + if($channel_id && \App::$module === 'cdav') { + $x = get_pconfig($channel_id,'cdav','enabled'); + if(! $x) { + $this->module_disabled = true; + return false; + } + } + return true; + } + /** * Sets the channel_name from the currently logged-in channel. * diff --git a/Zotlabs/Web/Session.php b/Zotlabs/Web/Session.php index b1f5526ea..c26b3523c 100644 --- a/Zotlabs/Web/Session.php +++ b/Zotlabs/Web/Session.php @@ -13,8 +13,8 @@ namespace Zotlabs\Web; class Session { - static private $handler = null; - static private $session_started = false; + private $handler = null; + private $session_started = false; public function init() { |