diff options
Diffstat (limited to 'Zotlabs/Storage/BasicAuth.php')
| -rw-r--r-- | Zotlabs/Storage/BasicAuth.php | 25 |
1 files changed, 21 insertions, 4 deletions
diff --git a/Zotlabs/Storage/BasicAuth.php b/Zotlabs/Storage/BasicAuth.php index da5af7659..121a9c3a1 100644 --- a/Zotlabs/Storage/BasicAuth.php +++ b/Zotlabs/Storage/BasicAuth.php @@ -73,10 +73,12 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic { protected $timezone = ''; + public $module_disabled = false; + + /** * @brief Validates a username and password. * - * Guest access is granted with the password "+++". * * @see \Sabre\DAV\Auth\Backend\AbstractBasic::validateUserPass * @param string $username @@ -92,7 +94,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic { intval($record['account_id']), intval($record['account_default_channel']) ); - if ($r) { + if($r && $this->check_module_access($r[0]['channel_id'])) { return $this->setAuthenticated($r[0]); } } @@ -109,13 +111,17 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic { if ((($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED)) && (hash('whirlpool', $record['account_salt'] . $password) === $record['account_password'])) { logger('password verified for ' . $username); - return $this->setAuthenticated($r[0]); + if($this->check_module_access($r[0]['channel_id'])) + return $this->setAuthenticated($r[0]); } } } } - $error = 'password failed for ' . $username; + if($this->module_disabled) + $error = 'module not enabled for ' . $username; + else + $error = 'password failed for ' . $username; logger($error); log_failed_login($error); @@ -139,6 +145,17 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic { return true; } + protected function check_module_access($channel_id) { + if($channel_id && \App::$module === 'cdav') { + $x = get_pconfig($channel_id,'cdav','enabled'); + if(! $x) { + $this->module_disabled = true; + return false; + } + } + return true; + } + /** * Sets the channel_name from the currently logged-in channel. * |