Home Explore Help
Sign In
mirrors
/
mailcow-dockerized
mirror of https://github.com/mailcow/mailcow-dockerized
2
0
Fork 0
Files Issues 0 Wiki
Browse Source

[Web] prevent multiple dual-logins

FreddleSpl0it 1 year ago
parent
2ba64e93f9
commit
e0bda6ca6a
1 changed files with 19 additions and 16 deletions
Split View Show Diff Stats
  1. 19 16
      data/web/inc/triggers.inc.php

+ 19 - 16
data/web/inc/triggers.inc.php
View File 

@@ -121,23 +121,26 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {
 
 
 if (isset($_SESSION['mailcow_cc_role']) && (isset($_SESSION['acl']['login_as']) && $_SESSION['acl']['login_as'] == "1")) {
 
 	if (isset($_GET["duallogin"])) {
 
-    $duallogin = html_entity_decode(rawurldecode($_GET["duallogin"]));
 
-    if (filter_var($duallogin, FILTER_VALIDATE_EMAIL)) {
 
-      if (!empty(mailbox('get', 'mailbox_details', $duallogin))) {
 
-        $_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];
 
-        $_SESSION["dual-login"]["role"]     = $_SESSION['mailcow_cc_role'];
 
-        $_SESSION['mailcow_cc_username']    = $duallogin;
 
-        $_SESSION['mailcow_cc_role']        = "user";
 
-        header("Location: /user");
 
+    $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
 
+    if (!$is_dual) {
 
+      $duallogin = html_entity_decode(rawurldecode($_GET["duallogin"]));
 
+      if (filter_var($duallogin, FILTER_VALIDATE_EMAIL)) {
 
+        if (!empty(mailbox('get', 'mailbox_details', $duallogin))) {
 
+          $_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];
 
+          $_SESSION["dual-login"]["role"]     = $_SESSION['mailcow_cc_role'];
 
+          $_SESSION['mailcow_cc_username']    = $duallogin;
 
+          $_SESSION['mailcow_cc_role']        = "user";
 
+          header("Location: /user");
 
+        }
 
       }
 
-    }
 
-    else {
 
-      if (!empty(domain_admin('details', $duallogin))) {
 
-        $_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];
 
-        $_SESSION["dual-login"]["role"]     = $_SESSION['mailcow_cc_role'];
 
-        $_SESSION['mailcow_cc_username']    = $duallogin;
 
-        $_SESSION['mailcow_cc_role']        = "domainadmin";
 
-        header("Location: /user");
 
+      else {
 
+        if (!empty(domain_admin('details', $duallogin))) {
 
+          $_SESSION["dual-login"]["username"] = $_SESSION['mailcow_cc_username'];
 
+          $_SESSION["dual-login"]["role"]     = $_SESSION['mailcow_cc_role'];
 
+          $_SESSION['mailcow_cc_username']    = $duallogin;
 
+          $_SESSION['mailcow_cc_role']        = "domainadmin";
 
+          header("Location: /user");
 
+        }
 
       }
 
     }
 
   }