save module user authenticated with, only allow password change if module is 'internal'
This commit is contained in:
parent
1e666f0aeb
commit
200e0d4ebb
|
@ -31,7 +31,6 @@ class Auth_Remote extends Auth_Base {
|
|||
$_SESSION["fake_password"] = "******";
|
||||
$_SESSION["hide_hello"] = true;
|
||||
$_SESSION["hide_logout"] = true;
|
||||
$_SESSION["hide_change_password"] = true;
|
||||
|
||||
// LemonLDAP can send user informations via HTTP HEADER
|
||||
if (defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE){
|
||||
|
|
|
@ -214,7 +214,7 @@ class Pref_Prefs extends Protected_Handler {
|
|||
|
||||
print "</form>";
|
||||
|
||||
if (!SINGLE_USER_MODE && !$_SESSION["hide_change_password"]) {
|
||||
if (!SINGLE_USER_MODE && $_SESSION["auth_module"] == 'internal') {
|
||||
|
||||
$result = db_query($this->link, "SELECT id FROM ttrss_users
|
||||
WHERE id = ".$_SESSION["uid"]." AND pwd_hash
|
||||
|
|
|
@ -693,7 +693,10 @@
|
|||
|
||||
$user_id = (int) $authenticator->authenticate($login, $password);
|
||||
|
||||
if ($user_id) break;
|
||||
if ($user_id) {
|
||||
$_SESSION["auth_module"] = $module;
|
||||
break;
|
||||
}
|
||||
|
||||
} else {
|
||||
print T_sprintf("Fatal: authentication module %s not found.", $module);
|
||||
|
@ -734,7 +737,6 @@
|
|||
|
||||
$_SESSION["hide_hello"] = true;
|
||||
$_SESSION["hide_logout"] = true;
|
||||
$_SESSION["hide_change_password"] = true;
|
||||
|
||||
if (!$_SESSION["csrf_token"]) {
|
||||
$_SESSION["csrf_token"] = sha1(uniqid(rand(), true));
|
||||
|
|
Loading…
Reference in New Issue