Fixes #3263 Fixed vulnerability in user expiration system

8fda542b · Côme Bernigaud · Benoit Mortier · 67794705 · 8fda542b · 8fda542b
Commit 8fda542b authored Aug 11, 2014 by Côme Bernigaud Committed by Benoit Mortier Aug 11, 2014
--- a/html/index.php
+++ b/html/index.php
@@ -316,7 +316,6 @@ if (($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])) || $htacces

      /* Save userinfo and plugin structure */
      session::global_set('ui', $ui);
-      session::global_set('session_cnt', 0);

      /* Let FusionDirectory trigger a new connection for each POST, save config to session. */
      session::global_set('config', $config);
@@ -339,6 +338,7 @@ if (($_SERVER["REQUEST_METHOD"] == "POST" && isset($_POST['login'])) || $htacces

      /* Not account expired or password forced change go to main page */
      new log("security", "login", "", array(), "User \"$username\" logged in successfully");
+      session::global_set('connected', 1);
      $config->checkLdapConfig(); // check that newly installed plugins have their configuration in the LDAP
      header ("Location: main.php?global_check=1");
      exit;

--- a/html/main.php
+++ b/html/main.php
@@ -48,7 +48,7 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") {
 @DEBUG (DEBUG_SESSION, __LINE__, __FUNCTION__, __FILE__, session::get_all(), "_SESSION");

 /* Logged in? Simple security check */
-if (!session::global_is_set('config')) {
+if (!session::global_is_set('connected')) {
  new log("security", "login", "", array(), "main.php called without session - logging out");
  header ("Location: logout.php");
  exit;