Gnous/mailcow
2
0
Fork 0
Code Issues Pull Requests 1 Packages Projects Releases Wiki Activity

[Web] prevent multiple dual-logins

Browse Source
This commit is contained in:
FreddleSpl0it 2024-03-08 14:05:37 +01:00
parent 2ba64e93f9
commit e0bda6ca6a
No known key found for this signature in database
GPG Key ID: 00E14E7634F4BEC5
1 changed files with 19 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
data/web/inc/triggers.inc.php
View File

@ -121,23 +121,26 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
if (isset($_SESSION['mailcow_cc_role']) && (isset($_SESSION['acl']['login_as']) && $_SESSION['acl']['login_as'] == "1")) { if (isset($_SESSION['mailcow_cc_role']) && (isset($_SESSION['acl']['login_as']) && $_SESSION['acl']['login_as'] == "1")) {
if (isset($_GET["duallogin"])) { if (isset($_GET["duallogin"])) {
$duallogin = html_entity_decode(rawurldecode($_GET["duallogin"])); $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
if (filter_var($duallogin, FILTER_VALIDATE_EMAIL)) { if (!$is_dual) {
if (!empty(mailbox('get', 'mailbox_details', $duallogin))) { $duallogin = html_entity_decode(rawurldecode($_GET["duallogin"]));
$_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username']; if (filter_var($duallogin, FILTER_VALIDATE_EMAIL)) {
$_SESSION["dual-login"]["role"] = $_SESSION['mailcow_cc_role']; if (!empty(mailbox('get', 'mailbox_details', $duallogin))) {
$_SESSION['mailcow_cc_username'] = $duallogin; $_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];
$_SESSION['mailcow_cc_role'] = "user"; $_SESSION["dual-login"]["role"] = $_SESSION['mailcow_cc_role'];
header("Location: /user"); $_SESSION['mailcow_cc_username'] = $duallogin;
$_SESSION['mailcow_cc_role'] = "user";
header("Location: /user");
}
} }
} else {
else { if (!empty(domain_admin('details', $duallogin))) {
if (!empty(domain_admin('details', $duallogin))) { $_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];
$_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username']; $_SESSION["dual-login"]["role"] = $_SESSION['mailcow_cc_role'];
$_SESSION["dual-login"]["role"] = $_SESSION['mailcow_cc_role']; $_SESSION['mailcow_cc_username'] = $duallogin;
$_SESSION['mailcow_cc_username'] = $duallogin; $_SESSION['mailcow_cc_role'] = "domainadmin";
$_SESSION['mailcow_cc_role'] = "domainadmin"; header("Location: /user");
header("Location: /user"); }
} }
} }
} }