extern/egroupware_official
1
0
Fork 0
mirror of https://github.com/EGroupware/egroupware.git synced 2025-02-23 22:01:47 +01:00
Code Issues Packages Projects Releases Wiki Activity

fixed Pim's addition to the session class: session of the anon user is destroyed, if he tries to enter an application he has no rights to. The check was before the allowed applications have been read ;-)

Browse Source
This commit is contained in:
Ralf Becker 2006-11-01 09:40:04 +00:00
parent 45fa4d0c1c
commit 8831acc1c4
1 changed files with 16 additions and 17 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
phpgwapi/inc/class.sessions.inc.php
View File

@ -292,7 +292,6 @@
function verify($sessionid='',$kp3='') function verify($sessionid='',$kp3='')
{ {
$fill_egw_info_and_repositories = !$GLOBALS['egw_info']['flags']['restored_from_session']; $fill_egw_info_and_repositories = !$GLOBALS['egw_info']['flags']['restored_from_session'];
if(empty($sessionid) || !$sessionid) if(empty($sessionid) || !$sessionid)
{ {
$sessionid = get_var('sessionid',array('GET','COOKIE')); $sessionid = get_var('sessionid',array('GET','COOKIE'));
@ -317,22 +316,6 @@
$this->session_flags = $session['session_flags']; $this->session_flags = $session['session_flags'];
/* If User is Anonymous and enters a not allowed application its session will be destroyed inmediatly. */
$_current_app=$GLOBALS['egw_info']['flags']['currentapp'];
if($this->session_flags=='A' && !$GLOBALS['egw_info']['user']['apps'][$_current_app])
{
$this->destroy($sessionid,$kp3);
/* Overwrite Cookie with empty user. For 2 weeks */
$this->egw_setcookie('sessionid','');
$this->egw_setcookie('kp3','');
$this->egw_setcookie('domain','');
$this->egw_setcookie('last_domain','');
$this->egw_setcookie('last_loginid', '');
return False;
}
$this->split_login_domain($session['session_lid'],$this->account_lid,$this->account_domain); $this->split_login_domain($session['session_lid'],$this->account_lid,$this->account_domain);
/* This is to ensure that we authenticate to the correct domain (might not be default) */ /* This is to ensure that we authenticate to the correct domain (might not be default) */
@ -452,6 +435,22 @@
//echo 'DEBUG: Sessions: account_id is empty!<br>'."\n"; //echo 'DEBUG: Sessions: account_id is empty!<br>'."\n";
return False; return False;
} }
/* If User is Anonymous and enters a not allowed application its session will be destroyed inmediatly. */
$_current_app=$GLOBALS['egw_info']['flags']['currentapp'];
if($this->session_flags=='A' && !$GLOBALS['egw_info']['user']['apps'][$_current_app])
{
$this->destroy($sessionid,$kp3);
/* Overwrite Cookie with empty user. For 2 weeks */
$this->egw_setcookie('sessionid','');
$this->egw_setcookie('kp3','');
$this->egw_setcookie('domain','');
$this->egw_setcookie('last_domain','');
$this->egw_setcookie('last_loginid', '');
return False;
}
return True; return True;
} }