more debug

This commit is contained in:
Isaac Connor 2017-05-05 16:37:30 -04:00
parent cb99d709c5
commit 92854f5cba
2 changed files with 12 additions and 2 deletions

View File

@ -201,6 +201,9 @@ Debug("POST[$name] is set as " . $_POST[$name] );
if (!csrf_check_tokens($tokens)) {
Debug("Failed checking tokens");
break;
} else {
Debug("Token passed");
}
$ok = true;
} while (false);
@ -334,8 +337,12 @@ return false;
if (!isset($_COOKIE[$n])) return false;
return $value === csrf_hash($_COOKIE[$n], $time);
case 'key':
if (!$GLOBALS['csrf']['key']) return false;
return $value === csrf_hash($GLOBALS['csrf']['key'], $time);
if (!$GLOBALS['csrf']['key']) {
Debug("Checking key: no key set" );
return false;
}
Debug("Checking sid: $value === " . csrf_hash($GLOBALS['csrf']['key'], $time) );
return $value === csrf_hash($GLOBALS['csrf']['key'], $time);
// We could disable these 'weaker' checks if 'key' was set, but
// that doesn't make me feel good then about the cookie-based
// implementation.

View File

@ -175,7 +175,9 @@ foreach ( getSkinIncludes( 'skin.php' ) as $includeFile )
if ( ZM_OPT_USE_AUTH && ZM_AUTH_HASH_LOGINS ) {
if ( empty($user) && ! empty($_REQUEST['auth']) ) {
Debug("Getting user from auth hash");
if ( $authUser = getAuthUser( $_REQUEST['auth'] ) ) {
Debug("Success Getting user from auth hash");
userLogin( $authUser['Username'], $authUser['Password'], true );
}
} else if ( ! empty($user) ) {
@ -206,6 +208,7 @@ require_once( 'includes/actions.php' );
# If I put this here, it protects all views and popups, but it has to go after actions.php because actions.php does the actual logging in.
if ( ZM_OPT_USE_AUTH && ! isset($user) ) {
Debug("Redirecting to login" );
$view = 'login';
}