mirror/librenms-librenms
1
0
Fork 0
mirror of https://github.com/librenms/librenms.git synced 2024-10-07 16:52:45 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Move clean function call for auth

Browse Source
This commit is contained in:
laf
2016-10-17 17:11:40 +00:00
parent 6b07d6d99d
commit 92ee374bb8
2 changed files with 3 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files
html/includes/authenticate.inc.php
+1 -1
View File
@@ -58,7 +58,7 @@ if (file_exists('includes/authentication/'.$config['auth_mechanism'].'.inc.php')
$auth_success = 0;
if ((isset($_SESSION['username'])) || (isset($_COOKIE['sess_id'],$_COOKIE['token']))) {
if (reauthenticate(clean($_COOKIE['sess_id']), clean($_COOKIE['token'])) || authenticate($_SESSION['username'], $_SESSION['password'])) {
if (reauthenticate($_COOKIE['sess_id'], $_COOKIE['token']) || authenticate($_SESSION['username'], $_SESSION['password'])) {
$_SESSION['userlevel'] = get_userlevel($_SESSION['username']);
$_SESSION['user_id'] = get_userid($_SESSION['username']);
if (!$_SESSION['authenticated']) {
html/includes/authentication/mysql.inc.php
+2
View File
@@ -35,6 +35,8 @@ function authenticate($username, $password)
function reauthenticate($sess_id, $token)
{
$sess_id = clean($sess_id);
$token = clean($token);
list($uname,$hash) = explode('|', $token);
$session = dbFetchRow("SELECT * FROM `session` WHERE `session_username` = '$uname' AND session_value='$sess_id'", array(), true);
$hasher = new PasswordHash(8, false);