projects
/
misc
/
kostenrechnung
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Automatically calculate the filesystem path of the application and use
[misc/kostenrechnung]
/
lib
/
login.php
diff --git
a/lib/login.php
b/lib/login.php
index
e45b4ec
..
35e6160
100644
(file)
--- a/
lib/login.php
+++ b/
lib/login.php
@@
-17,11
+17,18
@@
function check_passwd()
if ($sth === false) return false;
if ($sth === false) return false;
+ if (substr($_SERVER['HTTP_REFERER'],-12) != '/?login=true'
+ || substr($_SERVER['SCRIPT_FILENAME'],-10) != '/index.php') {
+ error_log('Wrong referrer or wrong request uri');
+ return false;
+ }
+
if ($row = pg_fetch_assoc($sth)) {
$_SESSION['sys'] = array('uid' => $row['id'],
'login' => $row['login'],
'name' => $row['name'],
if ($row = pg_fetch_assoc($sth)) {
$_SESSION['sys'] = array('uid' => $row['id'],
'login' => $row['login'],
'name' => $row['name'],
- 'email' => $row['email']);
+ 'email' => $row['email'],
+ 'basedir' => substr($_SERVER['SCRIPT_FILENAME'],0,-9));
return true;
}
return true;
}