mirror/php-ifm
1
0
Fork 0
mirror of https://github.com/misterunknown/ifm.git synced 2025-08-10 01:56:30 +02:00
Code Issues Releases Wiki Activity

fixed use of undefined index when checking for authentication

Browse Source
This commit is contained in:
Marco Dickert
2017-03-05 22:26:50 +01:00
parent 83087ed928
commit b5a0bb1d0f
2 changed files with 28 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
ifm.php
View File

@@ -1757,10 +1757,10 @@ ifm.init();
*/
public function checkAuth() {
if(IFMConfig::auth == 1 && $_SESSION['auth'] !== true) {
if( IFMConfig::auth == 1 && ( ! isset( $_SESSION['auth'] ) || $_SESSION['auth'] !== true ) ) {
$login_failed = false;
if(isset($_POST["user"]) && isset($_POST["pass"])) {
if($this->checkCredentials($_POST["user"], $_POST["pass"])) {
if( isset( $_POST["user"] ) && isset( $_POST["pass"] ) ) {
if( $this->checkCredentials( $_POST["user"], $_POST["pass"] ) ) {
$_SESSION['auth'] = true;
}
else {
@@ -1769,16 +1769,18 @@ ifm.init();
}
}
if($_SESSION['auth'] !== true) {
if(isset($_POST["api"]) && $login_failed === true)
echo json_encode(array("status"=>"ERROR", "message"=>"authentication failed"));
elseif(isset($_POST["api"]) && $login_failed !== true)
echo json_encode(array("status"=>"ERROR", "message"=>"not authenticated"));
else
$this->loginForm($login_failed);
return false;
} else {
if( isset( $_SESSION['auth'] ) && $_SESSION['auth'] === true ) {
return true;
} else {
if( isset( $_POST["api"] ) ) {
if( $login_failed === true )
echo json_encode( array( "status"=>"ERROR", "message"=>"authentication failed" ) );
else
echo json_encode( array( "status"=>"ERROR", "message"=>"not authenticated" ) );
} else {
$this->loginForm($login_failed);
}
return false;
}
} else {
return true;

26
src/main.php
View File

@@ -596,10 +596,10 @@ class IFM {
*/
public function checkAuth() {
if(IFMConfig::auth == 1 && $_SESSION['auth'] !== true) {
if( IFMConfig::auth == 1 && ( ! isset( $_SESSION['auth'] ) || $_SESSION['auth'] !== true ) ) {
$login_failed = false;
if(isset($_POST["user"]) && isset($_POST["pass"])) {
if($this->checkCredentials($_POST["user"], $_POST["pass"])) {
if( isset( $_POST["user"] ) && isset( $_POST["pass"] ) ) {
if( $this->checkCredentials( $_POST["user"], $_POST["pass"] ) ) {
$_SESSION['auth'] = true;
}
else {
@@ -608,16 +608,18 @@ class IFM {
}
}
if($_SESSION['auth'] !== true) {
if(isset($_POST["api"]) && $login_failed === true)
echo json_encode(array("status"=>"ERROR", "message"=>"authentication failed"));
elseif(isset($_POST["api"]) && $login_failed !== true)
echo json_encode(array("status"=>"ERROR", "message"=>"not authenticated"));
else
$this->loginForm($login_failed);
return false;
} else {
if( isset( $_SESSION['auth'] ) && $_SESSION['auth'] === true ) {
return true;
} else {
if( isset( $_POST["api"] ) ) {
if( $login_failed === true )
echo json_encode( array( "status"=>"ERROR", "message"=>"authentication failed" ) );
else
echo json_encode( array( "status"=>"ERROR", "message"=>"not authenticated" ) );
} else {
$this->loginForm($login_failed);
}
return false;
}
} else {
return true;