X-Git-Url: https://vcs.fsf.org/?a=blobdiff_plain;f=plugins%2Fadministrator%2Fauth.php;h=606058ad3fedcbc08978ec45f7db046eb84bc3e1;hb=65d0d1624a60633c008fd0b5631ca37713a7ad7c;hp=d356fec3f38ada7eddaa68cdb3dbd6406929ccc3;hpb=ec4584f97e84dbf59922a7065c882bee254b0c24;p=squirrelmail.git diff --git a/plugins/administrator/auth.php b/plugins/administrator/auth.php index d356fec3..606058ad 100644 --- a/plugins/administrator/auth.php +++ b/plugins/administrator/auth.php @@ -17,12 +17,16 @@ * Check if user has access to administrative functions * * @return boolean - * @access private */ function adm_check_user() { - global $PHP_SELF; + global $PHP_SELF, $plugins; require_once(SM_PATH . 'functions/global.php'); + /* fail if the plugin is not enabled */ + if ( !in_array('administrator', $plugins) ) { + return FALSE; + } + if ( !sqgetGlobalVar('username',$username,SQ_SESSION) ) { $username = ''; } @@ -32,10 +36,12 @@ function adm_check_user() { $auth = FALSE; } else if (file_exists(SM_PATH . 'plugins/administrator/admins')) { $auths = file(SM_PATH . 'plugins/administrator/admins'); - $auth = in_array("$username\n", $auths); + array_walk($auths, 'adm_array_trim'); + $auth = in_array($username, $auths); } else if (file_exists(SM_PATH . 'config/admins')) { $auths = file(SM_PATH . 'config/admins'); - $auth = in_array("$username\n", $auths); + array_walk($auths, 'adm_array_trim'); + $auth = in_array($username, $auths); } else if (($adm_id = fileowner(SM_PATH . 'config/config.php')) && function_exists('posix_getpwuid')) { $adm = posix_getpwuid( $adm_id ); @@ -47,4 +53,14 @@ function adm_check_user() { return ($auth); } +/** + * Removes whitespace from array values + * @param string $value array value that has to be trimmed + * @param string $key array key + * @since 1.5.1 and 1.4.5 + * @access private + */ +function adm_array_trim(&$value,$key) { + $value=trim($value); +} ?> \ No newline at end of file