arno/lychee
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Use identifier to prevent login of multiple instances of lychee #344

Browse Source
This commit is contained in:
Tobias Reich 2015-05-14 21:07:42 +02:00
parent aedd378f98
commit ed3418058e
2 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
php/api.php
View File

@ -63,7 +63,8 @@ if (!empty($_POST['function'])||!empty($_GET['function'])) {
if (isset($_POST['function'])) $fn = $_POST['function']; if (isset($_POST['function'])) $fn = $_POST['function'];
else $fn = $_GET['function']; else $fn = $_GET['function'];
if (isset($_SESSION['login'])&&$_SESSION['login']==true) { if ((isset($_SESSION['login'])&&$_SESSION['login']===true)&&
(isset($_SESSION['identifier'])&&$_SESSION['identifier']===$settings['identifier'])) {
### ###
# Admin Access # Admin Access

17
php/modules/Session.php
View File

@ -44,6 +44,9 @@ class Session extends Module {
unset($return['config']['username']); unset($return['config']['username']);
unset($return['config']['password']); unset($return['config']['password']);
# Remove identifier from response
unset($return['config']['identifier']);
# Path to Lychee for the server-import dialog # Path to Lychee for the server-import dialog
$return['config']['location'] = LYCHEE; $return['config']['location'] = LYCHEE;
@ -99,15 +102,13 @@ class Session extends Module {
# Check login with crypted hash # Check login with crypted hash
if ($this->settings['username']===$username&& if ($this->settings['username']===$username&&
$this->settings['password']===$password) { $this->settings['password']===$password) {
$_SESSION['login'] = true; $_SESSION['login'] = true;
$_SESSION['identifier'] = $this->settings['identifier'];
return true; return true;
} }
# No login # No login
if ($this->noLogin()===true) { if ($this->noLogin()===true) return true;
$_SESSION['login'] = true;
return true;
}
# Call plugins # Call plugins
$this->plugins(__METHOD__, 1, func_get_args()); $this->plugins(__METHOD__, 1, func_get_args());
@ -124,7 +125,8 @@ class Session extends Module {
# Check if login credentials exist and login if they don't # Check if login credentials exist and login if they don't
if ($this->settings['username']===''&& if ($this->settings['username']===''&&
$this->settings['password']==='') { $this->settings['password']==='') {
$_SESSION['login'] = true; $_SESSION['login'] = true;
$_SESSION['identifier'] = $this->settings['identifier'];
return true; return true;
} }
@ -137,6 +139,9 @@ class Session extends Module {
# Call plugins # Call plugins
$this->plugins(__METHOD__, 0, func_get_args()); $this->plugins(__METHOD__, 0, func_get_args());
$_SESSION['login'] = null;
$_SESSION['identifier'] = null;
session_destroy(); session_destroy();
# Call plugins # Call plugins