summaryrefslogtreecommitdiffstats
path: root/index.php
diff options
context:
space:
mode:
authorGeorg Ehrke <dev@georgswebsite.de>2012-04-27 10:30:50 +0200
committerGeorg Ehrke <dev@georgswebsite.de>2012-04-27 10:30:50 +0200
commit993d655aad8be57f4421fa787fc573bcfcc417e1 (patch)
treefc289fbb8e9ce6f78883c1603c37ca2524289915 /index.php
parent1b935a22ce5f4aef6d9a8f6ecb9143c95f988bf1 (diff)
parentee0cb68f5ed91f30b5ab4c43d13433197b4fcb24 (diff)
downloadnextcloud-server-993d655aad8be57f4421fa787fc573bcfcc417e1.tar.gz
nextcloud-server-993d655aad8be57f4421fa787fc573bcfcc417e1.zip
Merge branch 'master' into movable_apps_2
Diffstat (limited to 'index.php')
-rw-r--r--index.php14
1 files changed, 7 insertions, 7 deletions
diff --git a/index.php b/index.php
index 787485555fb..fe8f7f15038 100644
--- a/index.php
+++ b/index.php
@@ -63,10 +63,9 @@ elseif(OC_User::isLoggedIn()) {
}
}
-}
// For all others cases, we display the guest page :
-else {
+} else {
OC_App::loadApps();
$error = false;
@@ -84,10 +83,9 @@ else {
else {
OC_User::unsetMagicInCookie();
}
- }
// Someone wants to log in :
- elseif(isset($_POST["user"]) && isset($_POST['password'])) {
+ } elseif(isset($_POST["user"]) and isset($_POST['password']) and isset($_SESSION['sectoken']) and isset($_POST['sectoken']) and ($_SESSION['sectoken']==$_POST['sectoken']) ) {
if(OC_User::login($_POST["user"], $_POST["password"])) {
if(!empty($_POST["remember_login"])){
if(defined("DEBUG") && DEBUG) {
@@ -104,9 +102,9 @@ else {
} else {
$error = true;
}
- }
+
// The user is already authenticated using Apaches AuthType Basic... very usable in combination with LDAP
- elseif(isset($_SERVER["PHP_AUTH_USER"]) && isset($_SERVER["PHP_AUTH_PW"])){
+ } elseif(isset($_SERVER["PHP_AUTH_USER"]) && isset($_SERVER["PHP_AUTH_PW"])){
if (OC_User::login($_SERVER["PHP_AUTH_USER"],$_SERVER["PHP_AUTH_PW"])) {
//OC_Log::write('core',"Logged in with HTTP Authentication",OC_Log::DEBUG);
OC_User::unsetMagicInCookie();
@@ -115,5 +113,7 @@ else {
$error = true;
}
}
- OC_Template::printGuestPage('', 'login', array('error' => $error, 'redirect' => isset($_REQUEST['redirect_url'])?$_REQUEST['redirect_url']:'' ));
+ $sectoken=rand(1000000,9999999);
+ $_SESSION['sectoken']=$sectoken;
+ OC_Template::printGuestPage('', 'login', array('error' => $error, 'sectoken' => $sectoken, 'redirect' => isset($_REQUEST['redirect_url'])?$_REQUEST['redirect_url']:'' ));
}