Changeset 2311:b9ea646a3613 for admin/auth.php

Timestamp:

10/08/13 09:31:33 (12 years ago)

Author:

Dsls

Branch:

default

Message:

Added specific message for auth with insufficient permissions. Added sleep() on invalid user on auth.php.

File:

• admin/auth.php (modified) (3 diffs)

admin/auth.php

@@ -196 +196 @@
 {
      # We check the user
-     $check_user = $core->auth->checkUser($user_id,$user_pwd,$user_key) === true;
+     $check_user = $core->auth->checkUser($user_id,$user_pwd,$user_key,false) === true;
+     if ($check_user) {
+          $check_perms = $core->auth->findUserBlog() !== false;
+     } else {
+          $check_perms = false;
+     }
      
      $cookie_admin = http::browserUID(DC_MASTER_KEY.$user_id.
           crypt::hmac(DC_MASTER_KEY,$user_pwd)).bin2hex(pack('a32',$user_id));
      
-     if ($check_user && $core->auth->mustChangePassword())
+     if ($check_perms && $core->auth->mustChangePassword())
      {
           $login_data = join('/',array(
@@ -216 +221 @@
           }
      }
-     elseif ($check_user && !empty($_POST['safe_mode']) && !$core->auth->isSuperAdmin()) 
+     elseif ($check_perms && !empty($_POST['safe_mode']) && !$core->auth->isSuperAdmin()) 
      {
           $err = __('Safe Mode can only be used for super administrators.');
      }
-     elseif ($check_user)
+     elseif ($check_perms)
      {
           $core->session->start();
@@ -246 +251 @@
                setcookie('dc_admin',false,-600,'','',DC_ADMIN_SSL);
           }
-          $err = __('Wrong username or password');
+          if ($check_user) {
+               $err = __('Insufficient permissions');
+          } else {
+               $err = __('Wrong username or password');
+          }
      }
 }