save module user authenticated with, only allow password change if module is 'internal'

This commit is contained in:
Andrew Dolgov 2012-08-16 16:00:50 +04:00
parent 1e666f0aeb
commit 200e0d4ebb
3 changed files with 5 additions and 4 deletions

View File

@ -31,7 +31,6 @@ class Auth_Remote extends Auth_Base {
$_SESSION["fake_password"] = "******";
$_SESSION["hide_hello"] = true;
$_SESSION["hide_logout"] = true;
$_SESSION["hide_change_password"] = true;
// LemonLDAP can send user informations via HTTP HEADER
if (defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE){

View File

@ -214,7 +214,7 @@ class Pref_Prefs extends Protected_Handler {
print "</form>";
if (!SINGLE_USER_MODE && !$_SESSION["hide_change_password"]) {
if (!SINGLE_USER_MODE && $_SESSION["auth_module"] == 'internal') {
$result = db_query($this->link, "SELECT id FROM ttrss_users
WHERE id = ".$_SESSION["uid"]." AND pwd_hash

View File

@ -693,7 +693,10 @@
$user_id = (int) $authenticator->authenticate($login, $password);
if ($user_id) break;
if ($user_id) {
$_SESSION["auth_module"] = $module;
break;
}
} else {
print T_sprintf("Fatal: authentication module %s not found.", $module);
@ -734,7 +737,6 @@
$_SESSION["hide_hello"] = true;
$_SESSION["hide_logout"] = true;
$_SESSION["hide_change_password"] = true;
if (!$_SESSION["csrf_token"]) {
$_SESSION["csrf_token"] = sha1(uniqid(rand(), true));