From 9c29eea515b336b23187a86f5b55443571fcba01 Mon Sep 17 00:00:00 2001 From: Jan Schumann Date: Tue, 3 Jan 2012 02:56:20 +0100 Subject: Setup auth system from plugins --- inc/auth.php | 56 ++++++++++++++++++++++++++++++++++---------------------- 1 file changed, 34 insertions(+), 22 deletions(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index e0f58e5f2..b11a14d50 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -36,29 +36,41 @@ function auth_setup(){ global $AUTH_ACL; global $lang; global $config_cascade; + global $plugin_controller; $AUTH_ACL = array(); if(!$conf['useacl']) return false; - // load the the backend auth functions and instantiate the auth object XXX - if (@file_exists(DOKU_INC.'inc/auth/'.$conf['authtype'].'.class.php')) { - require_once(DOKU_INC.'inc/auth/basic.class.php'); - require_once(DOKU_INC.'inc/auth/'.$conf['authtype'].'.class.php'); - - $auth_class = "auth_".$conf['authtype']; - if (class_exists($auth_class)) { - $auth = new $auth_class(); - if ($auth->success == false) { - // degrade to unauthenticated user - unset($auth); - auth_logoff(); - msg($lang['authtempfail'], -1); - } - } else { - nice_die($lang['authmodfailed']); - } - } else { - nice_die($lang['authmodfailed']); + // try to load auth backend from plugins + $plugins = $plugin_controller->getList('auth'); + foreach ($plugin_controller->getList('auth') as $plugin) { + if ($conf['authtype'] === $plugin) { + $auth = $plugin_controller->load('auth', $plugin)->getAuth(); + break; + } + } + + if (!$auth) { + // load the the backend auth functions and instantiate the auth object XXX + if (@file_exists(DOKU_INC.'inc/auth/'.$conf['authtype'].'.class.php')) { + require_once(DOKU_INC.'inc/auth/basic.class.php'); + require_once(DOKU_INC.'inc/auth/'.$conf['authtype'].'.class.php'); + + $auth_class = "auth_".$conf['authtype']; + if (class_exists($auth_class)) { + $auth = new $auth_class(); + if ($auth->success == false) { + // degrade to unauthenticated user + unset($auth); + auth_logoff(); + msg($lang['authtempfail'], -1); + } + } else { + nice_die($lang['authmodfailed']); + } + } else { + nice_die($lang['authmodfailed']); + } } if(!$auth) return; @@ -675,7 +687,7 @@ function auth_sendPassword($user,$password){ if(empty($conf['mailprefix'])) { $subject = $lang['regpwmail']; - } else { + } else { $subject = '['.$conf['mailprefix'].'] '.$lang['regpwmail']; } @@ -920,10 +932,10 @@ function act_resendpwd(){ if(empty($conf['mailprefix'])) { $subject = $lang['regpwmail']; - } else { + } else { $subject = '['.$conf['mailprefix'].'] '.$lang['regpwmail']; } - + if(mail_send($userinfo['name'].' <'.$userinfo['mail'].'>', $subject, $text, -- cgit v1.2.3 From f4476bd9b5badd36cd0617d76538e47d9649986b Mon Sep 17 00:00:00 2001 From: Jan Schumann Date: Mon, 20 Feb 2012 19:51:26 +0100 Subject: Refactored auth system: All auth methods are now introduced as plugins. --- inc/auth.php | 37 ++++++++++++------------------------- 1 file changed, 12 insertions(+), 25 deletions(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index b11a14d50..aac7a2fca 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -45,35 +45,19 @@ function auth_setup(){ $plugins = $plugin_controller->getList('auth'); foreach ($plugin_controller->getList('auth') as $plugin) { if ($conf['authtype'] === $plugin) { - $auth = $plugin_controller->load('auth', $plugin)->getAuth(); + $auth = $plugin_controller->load('auth', $plugin); break; } } - if (!$auth) { - // load the the backend auth functions and instantiate the auth object XXX - if (@file_exists(DOKU_INC.'inc/auth/'.$conf['authtype'].'.class.php')) { - require_once(DOKU_INC.'inc/auth/basic.class.php'); - require_once(DOKU_INC.'inc/auth/'.$conf['authtype'].'.class.php'); - - $auth_class = "auth_".$conf['authtype']; - if (class_exists($auth_class)) { - $auth = new $auth_class(); - if ($auth->success == false) { - // degrade to unauthenticated user - unset($auth); - auth_logoff(); - msg($lang['authtempfail'], -1); - } - } else { - nice_die($lang['authmodfailed']); - } - } else { - nice_die($lang['authmodfailed']); - } - } + if(!$auth) return; - if(!$auth) return; + if ($auth && $auth->success == false) { + // degrade to unauthenticated user + unset($auth); + auth_logoff(); + msg($lang['authtempfail'], -1); + } // do the login either by cookie or provided credentials XXX if (!isset($_REQUEST['u'])) $_REQUEST['u'] = ''; @@ -102,7 +86,10 @@ function auth_setup(){ } // apply cleaning - $_REQUEST['u'] = $auth->cleanUser($_REQUEST['u']); + if (true === $auth->success) + { + $_REQUEST['u'] = $auth->cleanUser($_REQUEST['u']); + } if(isset($_REQUEST['authtok'])){ // when an authentication token is given, trust the session -- cgit v1.2.3 From 3094e817f9f8c3971ffa00a852a1acee8bbcfd4c Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sat, 6 Oct 2012 11:11:50 +0200 Subject: changed default auth to authplain We need to decide how to handle the renaming of the auth classes. Should this be done automatically somehow? Or is an admin expected to fix this manually when updating? --- inc/auth.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 25b9e4632..3fe465cbb 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -54,7 +54,10 @@ function auth_setup() { } } - if(!$auth) return false; + if(!$auth){ + msg($lang['authtempfail'], -1); + return false; + } if ($auth && $auth->success == false) { // degrade to unauthenticated user -- cgit v1.2.3 From 9d2e1be699d573eebda922cf67f030d3d2aa462d Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sat, 16 Feb 2013 18:29:20 +0100 Subject: introduced http_status() for sending HTTP status code FS#1698 It seems, some servers require a special Status: header for sending the HTTP status code from PHP (F)CGI to the server. This patch introduces a new function (adopted from CodeIgniter) for simplifying the status handling. --- inc/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 7f427bd8d..9566a2615 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -267,7 +267,7 @@ function auth_login($user, $pass, $sticky = false, $silent = false) { function auth_validateToken($token) { if(!$token || $token != $_SESSION[DOKU_COOKIE]['auth']['token']) { // bad token - header("HTTP/1.0 401 Unauthorized"); + http_status(401); print 'Invalid auth token - maybe the session timed out'; unset($_SESSION[DOKU_COOKIE]['auth']['token']); // no second chance exit; -- cgit v1.2.3 From a4ce95c84dca904abb57d30efa2a9d5d68eeda1b Mon Sep 17 00:00:00 2001 From: Dominik Eckelmann Date: Wed, 20 Feb 2013 10:44:25 +0100 Subject: fixed auth_browseruid on IE9 IE9 send different HTTP_ACCEPT_LANGUAGE header on ajax request. This causes different results from auth_browseruid. This patch removes the HTTP_ACCEPT_LANGUAGE from the browser id calculation. --- inc/auth.php | 1 - 1 file changed, 1 deletion(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 9566a2615..d82b8b5dd 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -311,7 +311,6 @@ function auth_browseruid() { $uid = ''; $uid .= $_SERVER['HTTP_USER_AGENT']; $uid .= $_SERVER['HTTP_ACCEPT_ENCODING']; - $uid .= $_SERVER['HTTP_ACCEPT_LANGUAGE']; $uid .= $_SERVER['HTTP_ACCEPT_CHARSET']; $uid .= substr($ip, 0, strpos($ip, '.')); $uid = strtolower($uid); -- cgit v1.2.3 From 6416b708d3d115a6d7529b6c388c796fcb651d55 Mon Sep 17 00:00:00 2001 From: Michael Hamann Date: Wed, 20 Feb 2013 19:43:29 +0100 Subject: Fix handling of failed authentication loading In the case of a failed authentication initialization, the authentication setup was simply continued with an unset $auth object. This restores the previous behavior (before merging #141) of simply returning after unsetting $auth. Furthermore this re-introduces the check if $auth is set before checking $auth and removes a useless check if $auth is true (could never be false). --- inc/auth.php | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index d82b8b5dd..92a56e163 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -54,16 +54,17 @@ function auth_setup() { } } - if(!$auth){ + if(!isset($auth) || !$auth){ msg($lang['authtempfail'], -1); return false; } - if ($auth && $auth->success == false) { + if ($auth->success == false) { // degrade to unauthenticated user unset($auth); auth_logoff(); msg($lang['authtempfail'], -1); + return false; } // do the login either by cookie or provided credentials XXX -- cgit v1.2.3 From 00d58927261c5bed6f093ca4aa2064a18139a228 Mon Sep 17 00:00:00 2001 From: Michael Hamann Date: Wed, 20 Feb 2013 20:26:05 +0100 Subject: Fix remaining missing $INPUT uses FS#2577 This adds $INPUT in all places where it was still missing and available. $INPUT is now also used in places where using $_REQUEST/... was okay in order to make the code consistent. --- inc/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 92a56e163..68b6b438d 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -92,7 +92,7 @@ function auth_setup() { // apply cleaning if (true === $auth->success) { - $_REQUEST['u'] = $auth->cleanUser($_REQUEST['u']); + $INPUT->set('u', $auth->cleanUser($INPUT->str('u'))); } if($INPUT->str('authtok')) { -- cgit v1.2.3 From e71b0ef705b86bb653fcae43e6845acbe6fd7fd2 Mon Sep 17 00:00:00 2001 From: Guy Brand Date: Sun, 17 Mar 2013 19:22:37 +0100 Subject: backward compatibility for old authtype settings --- inc/auth.php | 13 +++++++++---- 1 file changed, 9 insertions(+), 4 deletions(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 68b6b438d..0713ca6af 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -48,10 +48,15 @@ function auth_setup() { // try to load auth backend from plugins foreach ($plugin_controller->getList('auth') as $plugin) { - if ($conf['authtype'] === $plugin) { - $auth = $plugin_controller->load('auth', $plugin); - break; - } + if ($conf['authtype'] === $plugin) { + $auth = $plugin_controller->load('auth', $plugin); + break; + } elseif ('auth' . $conf['authtype'] === $plugin) { + // matches old auth backends (pre-Weatherwax) + $auth = $plugin_controller->load('auth', $plugin); + msg('Your authtype setting is deprecated. You must set $conf[\'authconfig\'] = ' . "auth" . $conf['authtype'] + . ' in your config (see Authentication Backends)',-1); + } } if(!isset($auth) || !$auth){ -- cgit v1.2.3 From 0b2e0a720d550ed8e96ffcdc62cbbffe78d27c21 Mon Sep 17 00:00:00 2001 From: Christopher Smith Date: Mon, 1 Apr 2013 17:03:25 +0100 Subject: restrict 'authtype deprecated' alert to superusers only --- inc/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 0713ca6af..9f180fc94 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -55,7 +55,7 @@ function auth_setup() { // matches old auth backends (pre-Weatherwax) $auth = $plugin_controller->load('auth', $plugin); msg('Your authtype setting is deprecated. You must set $conf[\'authconfig\'] = ' . "auth" . $conf['authtype'] - . ' in your config (see Authentication Backends)',-1); + . ' in your config (see Authentication Backends)',-1,'','',MSG_ADMINS_ONLY); } } -- cgit v1.2.3 From 98e31f853f43d94c5bd1d3ab79388c44ce29ce0a Mon Sep 17 00:00:00 2001 From: Klap-in Date: Wed, 15 May 2013 16:51:44 +0200 Subject: Fix wrong config key in deprecated auth message --- inc/auth.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 9f180fc94..3f1f7925b 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -54,8 +54,8 @@ function auth_setup() { } elseif ('auth' . $conf['authtype'] === $plugin) { // matches old auth backends (pre-Weatherwax) $auth = $plugin_controller->load('auth', $plugin); - msg('Your authtype setting is deprecated. You must set $conf[\'authconfig\'] = ' . "auth" . $conf['authtype'] - . ' in your config (see Authentication Backends)',-1,'','',MSG_ADMINS_ONLY); + msg('Your authtype setting is deprecated. You must set $conf[\'authtype\'] = ' . "auth" . $conf['authtype'] + . ' in your configuration (see Authentication Backends)',-1,'','',MSG_ADMINS_ONLY); } } -- cgit v1.2.3 From a91f1103e66d9f28375fc94de05ebbcde454950d Mon Sep 17 00:00:00 2001 From: Anika Henke Date: Mon, 27 May 2013 16:39:54 +0100 Subject: fixed wrong use of quotes in authtype warning message --- inc/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 3f1f7925b..af9f35b38 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -54,7 +54,7 @@ function auth_setup() { } elseif ('auth' . $conf['authtype'] === $plugin) { // matches old auth backends (pre-Weatherwax) $auth = $plugin_controller->load('auth', $plugin); - msg('Your authtype setting is deprecated. You must set $conf[\'authtype\'] = ' . "auth" . $conf['authtype'] + msg('Your authtype setting is deprecated. You must set $conf[\'authtype\'] = "auth' . $conf['authtype'] . '"' . ' in your configuration (see Authentication Backends)',-1,'','',MSG_ADMINS_ONLY); } } -- cgit v1.2.3 From 8fcfc7abfd65ccd920753bee341c6bfdebcecd99 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 31 May 2013 09:29:08 +0200 Subject: use HMAC in password reset token FS#2794 --- inc/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index af9f35b38..dac67bcb7 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -993,7 +993,7 @@ function act_resendpwd() { } // generate auth token - $token = md5(auth_cookiesalt().$user); //secret but user based + $token = PassHash::hmac('md5', $user, auth_cookiesalt()); //secret but user based $tfile = $conf['cachedir'].'/'.$token{0}.'/'.$token.'.pwauth'; $url = wl('', array('do'=> 'resendpwd', 'pwauth'=> $token), true, '&'); -- cgit v1.2.3 From 183a7b8845875e4a6b67e466cfff9f5163da3f17 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 31 May 2013 14:43:31 +0200 Subject: make password reset token completely random No need for HMAC here because there's no length attack vector here. We only care for the existance of the file and each reset request is completely (random) independent from each other. --- inc/auth.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index dac67bcb7..1f8489f03 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -993,7 +993,7 @@ function act_resendpwd() { } // generate auth token - $token = PassHash::hmac('md5', $user, auth_cookiesalt()); //secret but user based + $token = md5(uniqid(mt_rand(), true)); // random secret $tfile = $conf['cachedir'].'/'.$token{0}.'/'.$token.'.pwauth'; $url = wl('', array('do'=> 'resendpwd', 'pwauth'=> $token), true, '&'); -- cgit v1.2.3 From 8a285f7fa7f09ae969e12cf4b7bda0f5123bb0fb Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sun, 9 Jun 2013 02:29:27 +0200 Subject: AUTH_PASSWORD_GENERATE event added This is needed to replace the password generator by a plugin implementation. Related to PR #166 and FS#2147 --- inc/auth.php | 45 +++++++++++++++++++++++++++++---------------- 1 file changed, 29 insertions(+), 16 deletions(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 1f8489f03..82a6b46cd 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -678,27 +678,40 @@ function auth_nameencode($name, $skip_group = false) { /** * Create a pronouncable password * + * The $foruser variable might be used by plugins to run additional password + * policy checks, but is not used by the default implementation + * * @author Andreas Gohr * @link http://www.phpbuilder.com/annotate/message.php3?id=1014451 + * @triggers AUTH_PASSWORD_GENERATE * + * @param string $foruser username for which the password is generated * @return string pronouncable password */ -function auth_pwgen() { - $pw = ''; - $c = 'bcdfghjklmnprstvwz'; //consonants except hard to speak ones - $v = 'aeiou'; //vowels - $a = $c.$v; //both - - //use two syllables... - for($i = 0; $i < 2; $i++) { - $pw .= $c[rand(0, strlen($c) - 1)]; - $pw .= $v[rand(0, strlen($v) - 1)]; - $pw .= $a[rand(0, strlen($a) - 1)]; +function auth_pwgen($foruser='') { + $data = array( + 'password' = '', + 'foruser' = $foruser + ); + + $evt = new Doku_Event('AUTH_PASSWORD_GENERATE', $data); + if($evt->advise_before(true)) { + $c = 'bcdfghjklmnprstvwz'; //consonants except hard to speak ones + $v = 'aeiou'; //vowels + $a = $c.$v; //both + + //use two syllables... + for($i = 0; $i < 2; $i++) { + $data['password'] .= $c[rand(0, strlen($c) - 1)]; + $data['password'] .= $v[rand(0, strlen($v) - 1)]; + $data['password'] .= $a[rand(0, strlen($a) - 1)]; + } + //... and add a nice number + $data['password'] .= rand(10, 99); } - //... and add a nice number - $pw .= rand(10, 99); + $evt->advise_after(); - return $pw; + return $data['password']; } /** @@ -765,7 +778,7 @@ function register() { } if($conf['autopasswd']) { - $pass = auth_pwgen(); // automatically generate password + $pass = auth_pwgen($login); // automatically generate password } elseif(empty($pass) || empty($passchk)) { msg($lang['regmissing'], -1); // complain about missing passwords return false; @@ -958,7 +971,7 @@ function act_resendpwd() { } else { // autogenerate the password and send by mail - $pass = auth_pwgen(); + $pass = auth_pwgen($user); if(!$auth->triggerUserMod('modify', array($user, array('pass' => $pass)))) { msg('error modifying user data', -1); return false; -- cgit v1.2.3 From d628dcf33c131b3ede5c78b4550c2ba23124f432 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sun, 9 Jun 2013 02:51:19 +0200 Subject: fixed syntax fuckup --- inc/auth.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 82a6b46cd..db6245e20 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -690,8 +690,8 @@ function auth_nameencode($name, $skip_group = false) { */ function auth_pwgen($foruser='') { $data = array( - 'password' = '', - 'foruser' = $foruser + 'password' => '', + 'foruser' => $foruser ); $evt = new Doku_Event('AUTH_PASSWORD_GENERATE', $data); -- cgit v1.2.3 From 987c8d26bbfec753f50b50e8f16e0f5579a93e11 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Fri, 14 Jun 2013 14:49:39 +0200 Subject: Increased strength of auto generated passwords a bit If you want better random initialization and more control over the password strength install the passpolicy plugin. --- inc/auth.php | 29 +++++++++++++++-------------- 1 file changed, 15 insertions(+), 14 deletions(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index db6245e20..6107645cd 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -681,14 +681,14 @@ function auth_nameencode($name, $skip_group = false) { * The $foruser variable might be used by plugins to run additional password * policy checks, but is not used by the default implementation * - * @author Andreas Gohr - * @link http://www.phpbuilder.com/annotate/message.php3?id=1014451 + * @author Andreas Gohr + * @link http://www.phpbuilder.com/annotate/message.php3?id=1014451 * @triggers AUTH_PASSWORD_GENERATE * * @param string $foruser username for which the password is generated * @return string pronouncable password */ -function auth_pwgen($foruser='') { +function auth_pwgen($foruser = '') { $data = array( 'password' => '', 'foruser' => $foruser @@ -696,18 +696,19 @@ function auth_pwgen($foruser='') { $evt = new Doku_Event('AUTH_PASSWORD_GENERATE', $data); if($evt->advise_before(true)) { - $c = 'bcdfghjklmnprstvwz'; //consonants except hard to speak ones - $v = 'aeiou'; //vowels - $a = $c.$v; //both - - //use two syllables... - for($i = 0; $i < 2; $i++) { - $data['password'] .= $c[rand(0, strlen($c) - 1)]; - $data['password'] .= $v[rand(0, strlen($v) - 1)]; - $data['password'] .= $a[rand(0, strlen($a) - 1)]; + $c = 'bcdfghjklmnprstvwz'; //consonants except hard to speak ones + $v = 'aeiou'; //vowels + $a = $c.$v; //both + $s = '!$%&?+*~#-_:.;,'; // specials + + //use thre syllables... + for($i = 0; $i < 3; $i++) { + $data['password'] .= $c[mt_rand(0, strlen($c) - 1)]; + $data['password'] .= $v[mt_rand(0, strlen($v) - 1)]; + $data['password'] .= $a[mt_rand(0, strlen($a) - 1)]; } - //... and add a nice number - $data['password'] .= rand(10, 99); + //... and add a nice number and special + $data['password'] .= mt_rand(10, 99).$s[mt_rand(0, strlen($s) - 1)]; } $evt->advise_after(); -- cgit v1.2.3 From ea2272c40a77ba38305773f8f3e3172bb71e9f49 Mon Sep 17 00:00:00 2001 From: Andreas Gohr Date: Sun, 16 Jun 2013 21:57:42 +0200 Subject: removed tabs --- inc/auth.php | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) (limited to 'inc/auth.php') diff --git a/inc/auth.php b/inc/auth.php index 6107645cd..47b29eff7 100644 --- a/inc/auth.php +++ b/inc/auth.php @@ -59,18 +59,18 @@ function auth_setup() { } } - if(!isset($auth) || !$auth){ + if(!isset($auth) || !$auth){ msg($lang['authtempfail'], -1); return false; } if ($auth->success == false) { - // degrade to unauthenticated user - unset($auth); - auth_logoff(); - msg($lang['authtempfail'], -1); + // degrade to unauthenticated user + unset($auth); + auth_logoff(); + msg($lang['authtempfail'], -1); return false; - } + } // do the login either by cookie or provided credentials XXX $INPUT->set('http_credentials', false); -- cgit v1.2.3