]> git.mxchange.org Git - quix0rs-gnu-social.git/blobdiff - lib/util.php
projects / quix0rs-gnu-social.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Extend authorization framework to cover login and API use
[quix0rs-gnu-social.git] / lib / util.php
diff --git a/lib/util.php b/lib/util.php
index 85f49e4c59f40c57ae2b74c54fffd76a48dcf064..1e73ff9ac9b0c1428ef2c0b25d444476c54d5b05 100644 (file)
--- a/lib/util.php
+++ b/lib/util.php
@@ -300,7 +300,10 @@ function common_set_user($user)
 
     if ($user) {
         if (Event::handle('StartSetUser', array(&$user))) {
-            if($user){
+            if (!empty($user)) {
+                if (!$user->hasRight(Right::WEBLOGIN)) {
+                    throw new AuthorizationException(_('Not allowed to log in.'));
+                }
                 common_ensure_session();
                 $_SESSION['userid'] = $user->id;
                 $_cur = $user;
This is my personal clone from the wonderful software GNUSocial. I may fix or break things here, so use it on your own risk. :-)