mirror of
https://github.com/tuxis-ie/nsedit.git
synced 2025-06-07 00:47:00 +03:00
Fix updating the password, and store if we have local auth, we can't change passwords if we don't have local auth
This commit is contained in:
Mark Schouten
parent
f67fa04d85
commit
6be5f2f29c
2 changed files with 22 additions and 5 deletions
|
|
@ -9,11 +9,13 @@ global $current_user;
|
|||
$current_user = false;
|
||||
|
||||
// session startup
|
||||
function _set_current_user($username, $is_admin = false, $has_csrf_token = false, $is_api = false) {
|
||||
function _set_current_user($username, $userid, $localauth = true, $is_admin = false, $has_csrf_token = false, $is_api = false) {
|
||||
global $current_user;
|
||||
|
||||
$current_user = array(
|
||||
'username' => $username,
|
||||
'id' => $userid,
|
||||
'localauth' => $localauth,
|
||||
'is_admin' => $is_admin,
|
||||
'has_csrf_token' => $has_csrf_token,
|
||||
'is_api' => $is_api,
|
||||
|
|
@ -177,7 +179,7 @@ function _try_login($username, $password) {
|
|||
writelog("Failed to find user!", $username);
|
||||
return false;
|
||||
} else {
|
||||
_set_current_user($username, (bool) $user['isadmin']);
|
||||
_set_current_user($username, $user['id'], (bool) $do_local_auth, (bool) $user['isadmin']);
|
||||
|
||||
if (session_id()) {
|
||||
session_unset();
|
||||
|
|
@ -187,6 +189,8 @@ function _try_login($username, $password) {
|
|||
session_regenerate_id(true) or die('session failure: regenerated id failed');
|
||||
session_unset();
|
||||
$_SESSION['username'] = $username;
|
||||
$_SESSION['localauth'] = $do_local_auth;
|
||||
$_SESSION['userid'] = $user['id'];
|
||||
|
||||
# requires session:
|
||||
_check_csrf_token($user);
|
||||
|
|
@ -206,7 +210,7 @@ function _check_session() {
|
|||
and $_POST['adminapikey'] === $adminapikey)
|
||||
{
|
||||
# Allow this request, fake that we're logged in as user.
|
||||
return _set_current_user('admin', true, true, true);
|
||||
return _set_current_user('admin', 1, false, true, true, true);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -222,7 +226,7 @@ function _check_session() {
|
|||
session_destroy();
|
||||
session_unset();
|
||||
} else {
|
||||
_set_current_user($_SESSION['username'], (bool) $user['isadmin']);
|
||||
_set_current_user($_SESSION['username'], $_SESSION['userid'], (bool) $_SESSION['localauth'], (bool) $user['isadmin']);
|
||||
_check_csrf_token($user);
|
||||
return;
|
||||
}
|
||||
|
|
@ -281,6 +285,16 @@ function get_sess_user() {
|
|||
return $current_user ? $current_user['username'] : null;
|
||||
}
|
||||
|
||||
function get_sess_userid() {
|
||||
global $current_user;
|
||||
return $current_user ? $current_user['id'] : null;
|
||||
}
|
||||
|
||||
function has_local_auth() {
|
||||
global $current_user;
|
||||
return $current_user ? $current_user['localauth'] : null;
|
||||
}
|
||||
|
||||
function logout() {
|
||||
@session_destroy();
|
||||
@session_unset();
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue