From: Andrew Dolgov Date: Thu, 16 Aug 2012 12:00:50 +0000 (+0400) Subject: save module user authenticated with, only allow password change if module is 'internal' X-Git-Tag: 1.6.0~137 X-Git-Url: https://git.wh0rd.org/?a=commitdiff_plain;h=200e0d4ebbd98da452c3eb120cb55b155764f614;p=tt-rss.git save module user authenticated with, only allow password change if module is 'internal' --- diff --git a/classes/auth_remote.php b/classes/auth_remote.php index 78997605..6892a352 100644 --- a/classes/auth_remote.php +++ b/classes/auth_remote.php @@ -31,7 +31,6 @@ class Auth_Remote extends Auth_Base { $_SESSION["fake_password"] = "******"; $_SESSION["hide_hello"] = true; $_SESSION["hide_logout"] = true; - $_SESSION["hide_change_password"] = true; // LemonLDAP can send user informations via HTTP HEADER if (defined('AUTH_AUTO_CREATE') && AUTH_AUTO_CREATE){ diff --git a/classes/pref_prefs.php b/classes/pref_prefs.php index 9d209521..5339095b 100644 --- a/classes/pref_prefs.php +++ b/classes/pref_prefs.php @@ -214,7 +214,7 @@ class Pref_Prefs extends Protected_Handler { print ""; - if (!SINGLE_USER_MODE && !$_SESSION["hide_change_password"]) { + if (!SINGLE_USER_MODE && $_SESSION["auth_module"] == 'internal') { $result = db_query($this->link, "SELECT id FROM ttrss_users WHERE id = ".$_SESSION["uid"]." AND pwd_hash diff --git a/include/functions.php b/include/functions.php index dfe48c59..a2e16441 100644 --- a/include/functions.php +++ b/include/functions.php @@ -693,7 +693,10 @@ $user_id = (int) $authenticator->authenticate($login, $password); - if ($user_id) break; + if ($user_id) { + $_SESSION["auth_module"] = $module; + break; + } } else { print T_sprintf("Fatal: authentication module %s not found.", $module); @@ -734,7 +737,6 @@ $_SESSION["hide_hello"] = true; $_SESSION["hide_logout"] = true; - $_SESSION["hide_change_password"] = true; if (!$_SESSION["csrf_token"]) { $_SESSION["csrf_token"] = sha1(uniqid(rand(), true));