RanchiMall/php-mpos
3
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

weird problem, strict for isAuthenticated

Browse Source
This commit is contained in:
xisi 2014-01-29 14:46:21 -05:00
parent 5d017f60c3
commit 51818421d8
2 changed files with 11 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

13
public/include/classes/user.class.php
View File

@ -814,10 +814,17 @@ class User extends Base {
**/ **/
public function isAuthenticated($logout=true) { public function isAuthenticated($logout=true) {
$this->debug->append("STA " . __METHOD__, 4); $this->debug->append("STA " . __METHOD__, 4);
if (@$_SESSION['AUTHENTICATED'] == '1' && if (!$this->config['strict']) {
!$this->isLocked($_SESSION['USERDATA']['id']) && if (@$_SESSION['AUTHENTICATED'] == true &&
$this->getUserIp($_SESSION['USERDATA']['id']) == $_SERVER['REMOTE_ADDR'] !$this->isLocked($_SESSION['USERDATA']['id']) &&
$this->getUserIp($_SESSION['USERDATA']['id']) == $_SERVER['REMOTE_ADDR']
) return true; ) return true;
} else {
if (@$_SESSION['AUTHENTICATED'] && $_SESSION['AUTHENTICATED'] == '1' &&
(!$this->isLocked($_SESSION['USERDATA']['id'])) &&
($this->getUserIp($_SESSION['USERDATA']['id']) == $_SERVER['REMOTE_ADDR']))
return true;
}
// Catchall // Catchall
if ($logout == true) $this->logoutUser($_SERVER['REQUEST_URI']); if ($logout == true) $this->logoutUser($_SERVER['REQUEST_URI']);
return false; return false;

2
public/include/pages/account/edit.inc.php
View File

@ -150,7 +150,7 @@ if ($user->isAuthenticated()) {
// 2fa - one last time so we can sync with changes we made during this page // 2fa - one last time so we can sync with changes we made during this page
if ($user->isAuthenticated() && $config['twofactor']['enabled']) { if ($config['twofactor']['enabled'] && $user->isAuthenticated()) {
// set the token to be the old token, just in case an error occured // set the token to be the old token, just in case an error occured
$ea_token = (@$oldtoken_ea !== '') ? $oldtoken_ea : @$ea_token; $ea_token = (@$oldtoken_ea !== '') ? $oldtoken_ea : @$ea_token;
$wf_token = (@$oldtoken_wf !== '') ? $oldtoken_wf : @$wf_token; $wf_token = (@$oldtoken_wf !== '') ? $oldtoken_wf : @$wf_token;