upstream/nextcloud
1
0
Fork 0
mirror of https://github.com/nextcloud/server.git synced 2026-04-15 22:11:17 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 26

verifyUser() for the json part

Browse source
This commit is contained in:
Lukas Reschke 2012-10-15 16:26:34 +02:00 committed by Daniel Molkentin
parent d33bec09fe
commit 4d7b0e9bb3
1 changed files with 14 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

16
lib/json.php
View file

@ -58,7 +58,7 @@ class OC_JSON{
*/
public static function checkAdminUser() {
self::checkLoggedIn();
if( !OC_Group::inGroup( OC_User::getUser(), 'admin' )) {
if( !OC_Group::inGroup( OC_User::getUser(), 'admin' ) || self::verifyUser() === false) {
$l = OC_L10N::get('lib');
self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
exit();
@ -70,13 +70,25 @@ class OC_JSON{
*/
public static function checkSubAdminUser() {
self::checkLoggedIn();
if(!OC_Group::inGroup(OC_User::getUser(),'admin') && !OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
if(!OC_Group::inGroup(OC_User::getUser(),'admin') && !OC_SubAdmin::isSubAdmin(OC_User::getUser()) || self::verifyUser() === false) {
$l = OC_L10N::get('lib');
self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
exit();
}
}
/**
* Check if the user verified the login with his password in the last 15 minutes
* @return bool
*/
public static function verifyUser() {
// Check if the user verified his password in the last 15 minutes
if($_SESSION['verifiedLogin'] < time() OR !isset($_SESSION['verifiedLogin'])) {
return false;
}
return true;
}
/**
* Send json error msg
*/