X-Git-Url: http://git.dj3c1t.com/index.cgi?a=blobdiff_plain;f=mw%2Fapp%2Fdata%2Fmodules%2Fshare%2Fmw_data_users_sessions.php;h=df81d465ac1a16d35cfe2d5c669a1266e51be2ea;hb=441212b3fdf07852be95c4a59315aa39a7264249;hp=9a787a0bf90556aace861dc467556e2d532a2c8e;hpb=a4819cb78b71363db14f8c568a9a2552ee8f58da;p=mtweb

diff --git a/mw/app/data/modules/share/mw_data_users_sessions.php b/mw/app/data/modules/share/mw_data_users_sessions.php
index 9a787a0..df81d46 100644
--- a/mw/app/data/modules/share/mw_data_users_sessions.php
+++ b/mw/app/data/modules/share/mw_data_users_sessions.php
@@ -4,8 +4,12 @@
 
     var $user;
 
-    function login($login, $password){
-      if(($user = $this->user($login)) !== false){
+    function login($login, $password, $reference_user = null){
+      if(($user = isset($reference_user) ? $reference_user : $this->user($login)) !== false){
+        if(isset($reference_user) && $login != $reference_user["login"]){
+          $this->clear_session();
+          return array();
+        }
         if($this->password_ok($user, $password)){
           if(!$this->set_session($user)) $user = false;
         }
@@ -32,11 +36,13 @@
 
     function password_ok($user, $password){
       if(!$user) return false;
-      return
+      $OK =
           (isset($_SESSION[$this->app_session_key()]["id"]))
       &&  (isset($_SESSION[$this->app_session_key()]["ip"]))
       &&  (strcmp(md5($user["password"].$_SESSION[$this->app_session_key()]["id"]), $password) == 0)
-      &&  ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"]);
+      &&  ($_SESSION[$this->app_session_key()]["ip"] == $_SERVER["REMOTE_ADDR"])
+      ;
+      return $OK;
     }
 
     # ----------------------------------------------------------------------------------------
@@ -48,12 +54,12 @@
       return "mw_".str_replace("/", "_", $env->path("web"));
     }
 
-    function load_session(){
+    function load_session($reference_user = null){
       @session_start();
       if(!isset($_SESSION[$this->app_session_key()]["id"])) $this->clear_session();
       $user = array();
       if(isset($_SESSION[$this->app_session_key()]["user"])){
-        $user = $this->user($_SESSION[$this->app_session_key()]["user"]);
+        $user = isset($reference_user) ? $reference_user : $this->user($_SESSION[$this->app_session_key()]["user"]);
       }
       elseif(isset($_COOKIE[$this->app_session_key()."_user"]) && isset($_COOKIE[$this->app_session_key()."_pass"])){
         if($user = $this->user($_COOKIE[$this->app_session_key()."_user"])){