verifyUser() for the json part

4d7b0e9b · Lukas Reschke · Daniel Molkentin · d33bec09 · 4d7b0e9b
Commit 4d7b0e9b authored 12 years ago by Lukas Reschke Committed by Daniel Molkentin 12 years ago
--- a/lib/json.php
+++ b/lib/json.php
@@ -58,7 +58,7 @@ class OC_JSON{
 	*/
 	public static function checkAdminUser() {
 		self::checkLoggedIn();
-		if( !OC_Group::inGroup( OC_User::getUser(), 'admin' )) {
+		if( !OC_Group::inGroup( OC_User::getUser(), 'admin' ) || self::verifyUser() === false) {
 			$l = OC_L10N::get('lib');
 			self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
 			exit();
@@ -70,13 +70,25 @@ class OC_JSON{
 	*/
 	public static function checkSubAdminUser() {
 		self::checkLoggedIn();
-		if(!OC_Group::inGroup(OC_User::getUser(),'admin') && !OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
+		if(!OC_Group::inGroup(OC_User::getUser(),'admin') && !OC_SubAdmin::isSubAdmin(OC_User::getUser()) || self::verifyUser() === false) {
 			$l = OC_L10N::get('lib');
 			self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
 			exit();
 		}
 	}

+	/**
+	* Check if the user verified the login with his password in the last 15 minutes
+	* @return bool
+	*/
+	public static function verifyUser() {
+		// Check if the user verified his password in the last 15 minutes
+		if($_SESSION['verifiedLogin'] < time() OR !isset($_SESSION['verifiedLogin'])) {
+			return false;
+		}
+		return true;
+	}
+
 	/**
 	* Send json error msg
 	*/