Note the authentication type (by password or by IP no password) in the session

This allows us to show the logout button only if the user is authenticated by password

diff --git a/index.php b/index.php
index 24565bdc3d64c81f56c509a6e0c33568fe084950..78c1beb42a647e5688660b9cea7e415ebfd8f88a 100644 (file)
--- a/index.php
+++ b/index.php
@@ -50,6 +50,7 @@ if (jirafeau_user_session_logged()) {
 // Second check: Challenge by IP NO PASSWORD
 elseif (true === jirafeau_challenge_upload_ip_without_password($cfg, get_ip_address($cfg))) {
     jirafeau_user_session_start();
 // Second check: Challenge by IP NO PASSWORD
 elseif (true === jirafeau_challenge_upload_ip_without_password($cfg, get_ip_address($cfg))) {
     jirafeau_user_session_start();

+    $_SESSION['user_auth_type'] = JIRAFEAU_USER_AUTH_BY_IP_NO_PASSWORD;

 }
 // Third check: Challenge by IP
 elseif (true === jirafeau_challenge_upload_ip($cfg, get_ip_address($cfg))) {
 }
 // Third check: Challenge by IP
 elseif (true === jirafeau_challenge_upload_ip($cfg, get_ip_address($cfg))) {


@@ -59,6 +60,7 @@ elseif (true === jirafeau_challenge_upload_ip($cfg, get_ip_address($cfg))) {
         if (isset($_POST['upload_password'])) {
             if (jirafeau_challenge_upload_password($cfg, $_POST['upload_password'])) {
                 jirafeau_user_session_start();
         if (isset($_POST['upload_password'])) {
             if (jirafeau_challenge_upload_password($cfg, $_POST['upload_password'])) {
                 jirafeau_user_session_start();

+                $_SESSION['user_auth_type'] = JIRAFEAU_USER_AUTH_BY_PASSWORD;

             } else {
                 jirafeau_session_end();
                 jirafeau_fatal_error(t('BAD_PSW'), $cfg);
             } else {
                 jirafeau_session_end();
                 jirafeau_fatal_error(t('BAD_PSW'), $cfg);


@@ -290,7 +292,7 @@ if ($cfg['maximal_upload_size'] >= 1024) {
     </div> </fieldset></form>
 
     <?php
     </div> </fieldset></form>
 
     <?php

-    if (jirafeau_user_session_logged()) {
+    if (jirafeau_user_session_logged() && $_SESSION['user_auth_type'] == JIRAFEAU_USER_AUTH_BY_PASSWORD) {

         ?>
     <form method="post" class="form logout">
         <input type = "hidden" name = "action" value = "logout"/>
         ?>
     <form method="post" class="form logout">
         <input type = "hidden" name = "action" value = "logout"/>

diff --git a/lib/settings.php b/lib/settings.php
index 86a14e27a65388efd43ddbc3d5698e48b5854a0a..2c2235a51501835c75c04f23033222bab126ffa9 100644 (file)
--- a/lib/settings.php
+++ b/lib/settings.php
@@ -75,6 +75,9 @@ define('JIRAFEAU_MONTH', 2592000); // JIRAFEAU_DAY * 30
 define('JIRAFEAU_QUARTER', 7776000); // JIRAFEAU_DAY * 90
 define('JIRAFEAU_YEAR', 31536000); // JIRAFEAU_DAY * 365
 
 define('JIRAFEAU_QUARTER', 7776000); // JIRAFEAU_DAY * 90
 define('JIRAFEAU_YEAR', 31536000); // JIRAFEAU_DAY * 365
 

+define('JIRAFEAU_USER_AUTH_BY_IP_NO_PASSWORD', 1);
+define('JIRAFEAU_USER_AUTH_BY_PASSWORD', 2);
+

 define('JIRAFEAU_SODIUM_CHUNKSIZE', 1024);
 
 // Define some Sodium constants from newer PHP versions if they are not available
 define('JIRAFEAU_SODIUM_CHUNKSIZE', 1024);
 
 // Define some Sodium constants from newer PHP versions if they are not available