From 4d7b0e9bb3d39d40af2bab9dc891226f7fbb591d Mon Sep 17 00:00:00 2001
From: Lukas Reschke <lukas@statuscode.ch>
Date: Mon, 15 Oct 2012 16:26:34 +0200
Subject: [PATCH] verifyUser() for the json part

---
 lib/json.php | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/lib/json.php b/lib/json.php
index 518c3c87c4..8950971074 100644
--- a/lib/json.php
+++ b/lib/json.php
@@ -58,7 +58,7 @@ class OC_JSON{
 	*/
 	public static function checkAdminUser() {
 		self::checkLoggedIn();
-		if( !OC_Group::inGroup( OC_User::getUser(), 'admin' )) {
+		if( !OC_Group::inGroup( OC_User::getUser(), 'admin' ) || self::verifyUser() === false) {
 			$l = OC_L10N::get('lib');
 			self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
 			exit();
@@ -70,13 +70,25 @@ class OC_JSON{
 	*/
 	public static function checkSubAdminUser() {
 		self::checkLoggedIn();
-		if(!OC_Group::inGroup(OC_User::getUser(),'admin') && !OC_SubAdmin::isSubAdmin(OC_User::getUser())) {
+		if(!OC_Group::inGroup(OC_User::getUser(),'admin') && !OC_SubAdmin::isSubAdmin(OC_User::getUser()) || self::verifyUser() === false) {
 			$l = OC_L10N::get('lib');
 			self::error(array( 'data' => array( 'message' => $l->t('Authentication error') )));
 			exit();
 		}
 	}
 
+	/**
+	* Check if the user verified the login with his password in the last 15 minutes
+	* @return bool
+	*/
+	public static function verifyUser() {
+		// Check if the user verified his password in the last 15 minutes
+		if($_SESSION['verifiedLogin'] < time() OR !isset($_SESSION['verifiedLogin'])) {
+			return false;
+		}
+		return true;
+	}
+
 	/**
 	* Send json error msg
 	*/
-- 
GitLab