diff --git a/src/ajax.php b/src/ajax.php index 383c741..d482476 100644 --- a/src/ajax.php +++ b/src/ajax.php @@ -947,16 +947,6 @@ function getUserListsSimple() return $a; } -function check_token() -{ - if (!need_auth()) return true; - if (!isset($_SESSION)) return true; - if (!isset($_SESSION['token'])) return true; - $headers = getallheaders(); - if (!isset($headers['MTT-Token']) || $headers['MTT-Token'] != $_SESSION['token']) { - die("Access denied! Try to reload the page."); - } -} ?> \ No newline at end of file diff --git a/src/init.php b/src/init.php index 12f7b8e..659af98 100644 --- a/src/init.php +++ b/src/init.php @@ -127,6 +127,16 @@ function access_token() return $_SESSION['token']; } +function check_token() +{ + $token = access_token(); + if ($token == '') return true; + $headers = getallheaders(); + if (!isset($headers['MTT-Token']) || $headers['MTT-Token'] != $token) { + die("Access denied! Try to reload the page."); + } +} + function timestampToDatetime($timestamp) { $format = Config::get('dateformat') .' '. (Config::get('clock') == 12 ? 'g:i A' : 'H:i'); diff --git a/src/settings.php b/src/settings.php index cbf00bf..a9478f8 100644 --- a/src/settings.php +++ b/src/settings.php @@ -10,17 +10,13 @@ require_once('./init.php'); $lang = Lang::instance(); -if ( !is_logged() ) -{ +if ( !is_logged() ) { die("Access denied!
Disable password protection or Log in."); } +check_token(); if(isset($_POST['save'])) { - if (need_auth() && _post('_token') != hash('gost', session_id())) { - die("Access denied! Try to reload the settings page."); - } - $t = array(); $langs = getLangs(); Config::$params['lang']['options'] = array_keys($langs); @@ -181,7 +177,6 @@ header('Content-type:text/html; charset=utf-8');
-