From ed3418058ee4d8d85d2c461f07b88cf16bfdc8fc Mon Sep 17 00:00:00 2001
From: Tobias Reich <tobias.reich.ich@gmail.com>
Date: Thu, 14 May 2015 21:07:42 +0200
Subject: [PATCH] Use identifier to prevent login of multiple instances of
 lychee #344

---
 php/api.php             |  3 ++-
 php/modules/Session.php | 17 +++++++++++------
 2 files changed, 13 insertions(+), 7 deletions(-)

diff --git a/php/api.php b/php/api.php
index affa33a..cb089e5 100755
--- a/php/api.php
+++ b/php/api.php
@@ -63,7 +63,8 @@ if (!empty($_POST['function'])||!empty($_GET['function'])) {
 	if (isset($_POST['function']))	$fn = $_POST['function'];
 	else							$fn = $_GET['function'];
 
-	if (isset($_SESSION['login'])&&$_SESSION['login']==true) {
+	if ((isset($_SESSION['login'])&&$_SESSION['login']===true)&&
+		(isset($_SESSION['identifier'])&&$_SESSION['identifier']===$settings['identifier'])) {
 
 		###
 		# Admin Access
diff --git a/php/modules/Session.php b/php/modules/Session.php
index d96c973..16916c9 100755
--- a/php/modules/Session.php
+++ b/php/modules/Session.php
@@ -44,6 +44,9 @@ class Session extends Module {
 		unset($return['config']['username']);
 		unset($return['config']['password']);
 
+		# Remove identifier from response
+		unset($return['config']['identifier']);
+
 		# Path to Lychee for the server-import dialog
 		$return['config']['location'] = LYCHEE;
 
@@ -99,15 +102,13 @@ class Session extends Module {
 		# Check login with crypted hash
 		if ($this->settings['username']===$username&&
 			$this->settings['password']===$password) {
-				$_SESSION['login'] = true;
+				$_SESSION['login']		= true;
+				$_SESSION['identifier']	= $this->settings['identifier'];
 				return true;
 		}
 
 		# No login
-		if ($this->noLogin()===true) {
-			$_SESSION['login'] = true;
-			return true;
-		}
+		if ($this->noLogin()===true) return true;
 
 		# Call plugins
 		$this->plugins(__METHOD__, 1, func_get_args());
@@ -124,7 +125,8 @@ class Session extends Module {
 		# Check if login credentials exist and login if they don't
 		if ($this->settings['username']===''&&
 			$this->settings['password']==='') {
-				$_SESSION['login'] = true;
+				$_SESSION['login']		= true;
+				$_SESSION['identifier']	= $this->settings['identifier'];
 				return true;
 		}
 
@@ -137,6 +139,9 @@ class Session extends Module {
 		# Call plugins
 		$this->plugins(__METHOD__, 0, func_get_args());
 
+		$_SESSION['login']		= null;
+		$_SESSION['identifier']	= null;
+
 		session_destroy();
 
 		# Call plugins