4eyes fix

This commit is contained in:
SJ 2015-02-20 13:53:32 +01:00
parent 4356a91b59
commit 0a15910379

View File

@ -43,6 +43,20 @@ class ControllerLoginFoureyes extends Controller {
if($this->request->server['REQUEST_METHOD'] == 'POST' && $this->validate() == true) {
if($this->model_user_auth->checkLogin($this->request->post['username'], $_POST['password']) == 1) {
// check if the 2nd login is indeed an admin
$data2 = $session->get("auth_data");
if(!isset($data2['admin_user']) || $data2['admin_user'] != 1) {
syslog(LOG_INFO, "user " . $data2['username'] . " is not an admin user");
$this->model_user_auth->increment_failed_login_count($this->data['failed_login_count']);
$this->data['failed_login_count']++;
$session->set("auth_data", $data);
}
else {
$session->remove("four_eyes");
$this->model_user_auth->apply_user_auth_session($data);
@ -64,6 +78,8 @@ class ControllerLoginFoureyes extends Controller {
header("Location: " . SITE_URL . "search.php");
exit;
}
}
else {
$this->model_user_auth->increment_failed_login_count($this->data['failed_login_count']);
$this->data['failed_login_count']++;