WMDE
/
LDAPAccountManager
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

#188 fixed issue with self service Ajax requests

This commit is contained in:
Roland Gruber 2017-04-05 19:49:14 +02:00
parent c51f2893ce
commit 997a4530e6
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lam/lib/account.inc
View File

@ -1473,7 +1473,7 @@ function validateReCAPTCHA($secretKey) {
* @param boolean $check2ndFactor check if the 2nd factor was provided if required
*/
function enforceUserIsLoggedIn($check2ndFactor = true) {
if (!isset($_SESSION['loggedIn']) || ($_SESSION['loggedIn'] !== true)) {
if ((!isset($_SESSION['loggedIn']) || ($_SESSION['loggedIn'] !== true)) && empty($_SESSION['selfService_clientPassword'])) {
logNewMessage(LOG_WARNING, 'Detected unauthorized access to page that requires login: ' . $_SERVER["SCRIPT_FILENAME"]);
die();
}