Mowie
/
Mowie
mirror of https://github.com/Mowie/Mowie
1
0
Fork 0
Code Issues Releases Wiki Activity

Fixed user is only every 10 minitues asked for his password

This commit is contained in:
kolaente 2017-10-04 18:14:41 +02:00
parent 2398fa28c0
commit 81530d956b
2 changed files with 57 additions and 26 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
admin/login.php
View File

@ -92,6 +92,7 @@ if(isset($_GET['checkPassword']))
if (password_verify($_POST['pw'], $db->data[0]['pass']))
{
echo 'success';
$_SESSION['sudomode'] = time();
}
else
{
@ -108,4 +109,24 @@ if(isset($_GET['checkPassword']))
{
echo 'login first.';
}
}
// Check if the user already entered his password
if (isset($_GET['checkSudo']))
{
if(is_loggedin())
{
// Check if the user entered his password less then 10 minutes ago
if (isset($_SESSION['sudomode']) && $_SESSION['sudomode'] >= (time() - 600))
{
echo 'true';
} else
{
echo 'false';
}
}
else
{
echo 'login first.';
}
}

62
inc/footer.php
View File

@ -141,36 +141,46 @@ if (!isset($_GET['direct']))
//Confirm user password
if (needsPwConfirm) {
$('#showMsg').html('<div class="overlay" style="display:none;"><div class="window-confirm"><div class="head"><?php echo $lang->get('legitimate_title')?><a onclick="closeW();" class="closeMsg"><i class="fa fa-close"></i></a></div><div id="content"></div></div></div>');
$('#content').append('<p><?php echo $lang->get('legitimate_text')?></p><p><input type="password" placeholder="<?php echo $lang->get('password')?>" id="password_legitimate" autofocus/><input type="submit" value="<?php echo $lang->get('legitimate_confirm')?>" id="legitimateSmbt"/><a onclick="closeW();" class="button btn_del"><?php echo $lang->get('legitimate_abort')?></a></p><span id="sendMsg"></span>');
$('#password_legitimate').focus();
$(".overlay").fadeIn(250);
// check if the user already entered his password
$.get('login.php?checkSudo', function( data ) {
if (data == 'false'){
$('#showMsg').html('<div class="overlay" style="display:none;"><div class="window-confirm"><div class="head"><?php echo $lang->get('legitimate_title')?><a onclick="closeW();" class="closeMsg"><i class="fa fa-close"></i></a></div><div id="content"></div></div></div>');
$('#content').append('<p><?php echo $lang->get('legitimate_text')?></p><p><input type="password" placeholder="<?php echo $lang->get('password')?>" id="password_legitimate" autofocus/><input type="submit" value="<?php echo $lang->get('legitimate_confirm')?>" id="legitimateSmbt"/><a onclick="closeW();" class="button btn_del"><?php echo $lang->get('legitimate_abort')?></a></p><span id="sendMsg"></span>');
$('#password_legitimate').focus();
$(".overlay").fadeIn(250);
$('#legitimateSmbt').click(function () {
$.ajax({
url: 'login.php?checkPassword',
type: 'POST',
cache: false,
data: 'pw=' + $('#password_legitimate').val(),
success: function (result) { // On success, display a message...
if (result == 'success') {
closeW();
$('#legitimateSmbt').click(function () {
$.ajax({
url: 'login.php?checkPassword',
type: 'POST',
cache: false,
data: 'pw=' + $('#password_legitimate').val(),
success: function (result) { // On success, display a message...
if (result == 'success') {
closeW();
//Send the request
if (!isAjax) {
sendPost(ctx, requestData);
//Send the request
if (!isAjax) {
sendPost(ctx, requestData);
}
} else if (result == 'fail') {
$('#sendMsg').html('<p style="color:red;"><?php echo $lang->get('legitimate_fail')?></p>');
} else {
$('#sendMsg').html('<p style="color:red;"><?php echo $lang->get('legitimate_error')?></p>');
}
},
error: function (xhr, status, error) {
console.log(status, error);
showMsg('<?php echo $lang->get('legitimate_error')?>');
}
} else if (result == 'fail') {
$('#sendMsg').html('<p style="color:red;"><?php echo $lang->get('legitimate_fail')?></p>');
} else {
$('#sendMsg').html('<p style="color:red;"><?php echo $lang->get('legitimate_error')?></p>');
}
},
error: function (xhr, status, error) {
console.log(status, error);
showMsg('<?php echo $lang->get('legitimate_error')?>');
});
});
} else {
//Send the request
if (!isAjax) {
sendPost(ctx, requestData);
}
});
}
});
} else {
if (!isAjax) {