From 4c1df9927d1dc6b0181ee20721f93346def026fd Mon Sep 17 00:00:00 2001 From: Eric Espie Date: Mon, 12 Sep 2022 09:45:30 +0200 Subject: [PATCH] =?UTF-8?q?N=C2=B05394=20-=20use=20session=20for=20the=20F?= =?UTF-8?q?SM?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- application/loginbasic.class.inc.php | 4 +++- application/loginexternal.class.inc.php | 4 +++- application/loginform.class.inc.php | 12 +++--------- application/loginurl.class.inc.php | 4 +++- 4 files changed, 12 insertions(+), 12 deletions(-) diff --git a/application/loginbasic.class.inc.php b/application/loginbasic.class.inc.php index 660b45cba..24b1afb2d 100644 --- a/application/loginbasic.class.inc.php +++ b/application/loginbasic.class.inc.php @@ -59,6 +59,8 @@ class LoginBasic extends AbstractLoginFSMExtension $iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS; return LoginWebPage::LOGIN_FSM_ERROR; } + // Save the checked user + $_SESSION['auth_user'] = $sAuthUser; } return LoginWebPage::LOGIN_FSM_CONTINUE; } @@ -67,7 +69,7 @@ class LoginBasic extends AbstractLoginFSMExtension { if ($_SESSION['login_mode'] == 'basic') { - list($sAuthUser) = $this->GetAuthUserAndPassword(); + $sAuthUser = $_SESSION['auth_user']; LoginWebPage::OnLoginSuccess($sAuthUser, 'internal', $_SESSION['login_mode']); } return LoginWebPage::LOGIN_FSM_CONTINUE; diff --git a/application/loginexternal.class.inc.php b/application/loginexternal.class.inc.php index d4fcb7182..c2c13de86 100644 --- a/application/loginexternal.class.inc.php +++ b/application/loginexternal.class.inc.php @@ -43,6 +43,8 @@ class LoginExternal extends AbstractLoginFSMExtension $iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS; return LoginWebPage::LOGIN_FSM_ERROR; } + // Save the checked user + $_SESSION['auth_user'] = $sAuthUser; } return LoginWebPage::LOGIN_FSM_CONTINUE; } @@ -51,7 +53,7 @@ class LoginExternal extends AbstractLoginFSMExtension { if ($_SESSION['login_mode'] == 'external') { - $sAuthUser = $this->GetAuthUser(); + $sAuthUser = $_SESSION['auth_user']; LoginWebPage::OnLoginSuccess($sAuthUser, 'external', $_SESSION['login_mode']); } return LoginWebPage::LOGIN_FSM_CONTINUE; diff --git a/application/loginform.class.inc.php b/application/loginform.class.inc.php index a4fb99db5..9a044fade 100644 --- a/application/loginform.class.inc.php +++ b/application/loginform.class.inc.php @@ -71,6 +71,8 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension $iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS; return LoginWebPage::LOGIN_FSM_ERROR; } + // Save the checked user + $_SESSION['auth_user'] = $sAuthUser; } return LoginWebPage::LOGIN_FSM_CONTINUE; } @@ -82,15 +84,7 @@ class LoginForm extends AbstractLoginFSMExtension implements iLoginUIExtension { if ($_SESSION['login_mode'] == 'form') { - if (isset($_SESSION['auth_user'])) - { - // If FSM reenter this state (example 2FA) then the auth_user is not resubmitted - $sAuthUser = $_SESSION['auth_user']; - } - else - { - $sAuthUser = utils::ReadPostedParam('auth_user', '', 'raw_data'); - } + $sAuthUser = $_SESSION['auth_user']; // Store 'auth_user' in session for further use LoginWebPage::OnLoginSuccess($sAuthUser, 'internal', $_SESSION['login_mode']); } diff --git a/application/loginurl.class.inc.php b/application/loginurl.class.inc.php index 8a215e8f5..166941d31 100644 --- a/application/loginurl.class.inc.php +++ b/application/loginurl.class.inc.php @@ -58,6 +58,8 @@ class LoginURL extends AbstractLoginFSMExtension $iErrorCode = LoginWebPage::EXIT_CODE_WRONGCREDENTIALS; return LoginWebPage::LOGIN_FSM_ERROR; } + // Save the checked user + $_SESSION['auth_user'] = $sAuthUser; } return LoginWebPage::LOGIN_FSM_CONTINUE; } @@ -66,7 +68,7 @@ class LoginURL extends AbstractLoginFSMExtension { if ($_SESSION['login_mode'] == 'url') { - $sAuthUser = utils::ReadParam('auth_user', '', false, 'raw_data'); + $sAuthUser = $_SESSION['auth_user']; LoginWebPage::OnLoginSuccess($sAuthUser, 'internal', $_SESSION['login_mode']); } return LoginWebPage::LOGIN_FSM_CONTINUE;