more debug
This commit is contained in:
parent
cb99d709c5
commit
92854f5cba
|
@ -201,6 +201,9 @@ Debug("POST[$name] is set as " . $_POST[$name] );
|
|||
if (!csrf_check_tokens($tokens)) {
|
||||
Debug("Failed checking tokens");
|
||||
break;
|
||||
|
||||
} else {
|
||||
Debug("Token passed");
|
||||
}
|
||||
$ok = true;
|
||||
} while (false);
|
||||
|
@ -334,8 +337,12 @@ return false;
|
|||
if (!isset($_COOKIE[$n])) return false;
|
||||
return $value === csrf_hash($_COOKIE[$n], $time);
|
||||
case 'key':
|
||||
if (!$GLOBALS['csrf']['key']) return false;
|
||||
return $value === csrf_hash($GLOBALS['csrf']['key'], $time);
|
||||
if (!$GLOBALS['csrf']['key']) {
|
||||
Debug("Checking key: no key set" );
|
||||
return false;
|
||||
}
|
||||
Debug("Checking sid: $value === " . csrf_hash($GLOBALS['csrf']['key'], $time) );
|
||||
return $value === csrf_hash($GLOBALS['csrf']['key'], $time);
|
||||
// We could disable these 'weaker' checks if 'key' was set, but
|
||||
// that doesn't make me feel good then about the cookie-based
|
||||
// implementation.
|
||||
|
|
|
@ -175,7 +175,9 @@ foreach ( getSkinIncludes( 'skin.php' ) as $includeFile )
|
|||
|
||||
if ( ZM_OPT_USE_AUTH && ZM_AUTH_HASH_LOGINS ) {
|
||||
if ( empty($user) && ! empty($_REQUEST['auth']) ) {
|
||||
Debug("Getting user from auth hash");
|
||||
if ( $authUser = getAuthUser( $_REQUEST['auth'] ) ) {
|
||||
Debug("Success Getting user from auth hash");
|
||||
userLogin( $authUser['Username'], $authUser['Password'], true );
|
||||
}
|
||||
} else if ( ! empty($user) ) {
|
||||
|
@ -206,6 +208,7 @@ require_once( 'includes/actions.php' );
|
|||
|
||||
# If I put this here, it protects all views and popups, but it has to go after actions.php because actions.php does the actual logging in.
|
||||
if ( ZM_OPT_USE_AUTH && ! isset($user) ) {
|
||||
Debug("Redirecting to login" );
|
||||
$view = 'login';
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in New Issue