lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #15710 from hregis/fix_add_hook_for_security

Browse Source 
FIX rename hook to be more explicit and $test = false
This commit is contained in:
Laurent Destailleur 2020-12-09 21:58:47 +01:00 committed by GitHub
commit dca5b5b1d3
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
htdocs/main.inc.php
View File

@ -565,12 +565,15 @@ if (!defined('NOLOGIN'))
// Hooks for security access
$action = '';
$hookmanager->initHooks(array('login'));
$parameters = array('dol_authmode'=>$dol_authmode);
$reshook = $hookmanager->executeHooks('loginCheckSecurityAccess', $parameters, $user, $action); // Note that $action and $object may have been modified by some hooks
if ($reshook < 0) $error++;
$parameters = array();
$reshook = $hookmanager->executeHooks('beforeLoginAuthentication', $parameters, $user, $action); // Note that $action and $object may have been modified by some hooks
if ($reshook < 0) {
$test = false;
$error++;
}
// Verification security graphic code
if (GETPOST("username", "alpha", 2) && !empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA) && !isset($_SESSION['dol_bypass_antispam']))
if ($test && GETPOST("username", "alpha", 2) && !empty($conf->global->MAIN_SECURITY_ENABLECAPTCHA) && !isset($_SESSION['dol_bypass_antispam']))
{
$sessionkey = 'dol_antispam_value';
$ok = (array_key_exists($sessionkey, $_SESSION) === true && (strtolower($_SESSION[$sessionkey]) == strtolower($_POST['code'])));