no need to check for password, but check for ip, guest login and disabled accounts (Closes #250)

2025-02-06 07:04:57 +00:00 · 2017-03-21 11:35:39 +01:00 · 2017-03-21 11:35:39 +01:00 · ca9b3cb245
commit ca9b3cb245
parent aba80e542d
1 changed files with 8 additions and 1 deletions
--- a/webdav/webdav.php
+++ b/webdav/webdav.php
@ -138,7 +138,14 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server

 		if(!$userobj)
 			return false;
-		if(md5($pass) != $userobj->getPwd())
+
+		if(($userobj->getID() == $settings->_guestID) && (!$settings->_enableGuestLogin))
+			return false;
+
+		if($userobj->isDisabled())
+			return false;
+
+		if($userobj->isAdmin() && ($_SERVER['REMOTE_ADDR'] != $settings->_adminIP ) && ( $settings->_adminIP != ""))
 			return false;

 		$this->user = $userobj;