diff --git a/src/ajax.php b/src/ajax.php
index 383c741..d482476 100644
--- a/src/ajax.php
+++ b/src/ajax.php
@@ -947,16 +947,6 @@ function getUserListsSimple()
return $a;
}
-function check_token()
-{
- if (!need_auth()) return true;
- if (!isset($_SESSION)) return true;
- if (!isset($_SESSION['token'])) return true;
- $headers = getallheaders();
- if (!isset($headers['MTT-Token']) || $headers['MTT-Token'] != $_SESSION['token']) {
- die("Access denied! Try to reload the page.");
- }
-}
?>
\ No newline at end of file
diff --git a/src/init.php b/src/init.php
index 12f7b8e..659af98 100644
--- a/src/init.php
+++ b/src/init.php
@@ -127,6 +127,16 @@ function access_token()
return $_SESSION['token'];
}
+function check_token()
+{
+ $token = access_token();
+ if ($token == '') return true;
+ $headers = getallheaders();
+ if (!isset($headers['MTT-Token']) || $headers['MTT-Token'] != $token) {
+ die("Access denied! Try to reload the page.");
+ }
+}
+
function timestampToDatetime($timestamp)
{
$format = Config::get('dateformat') .' '. (Config::get('clock') == 12 ? 'g:i A' : 'H:i');
diff --git a/src/settings.php b/src/settings.php
index cbf00bf..a9478f8 100644
--- a/src/settings.php
+++ b/src/settings.php
@@ -10,17 +10,13 @@ require_once('./init.php');
$lang = Lang::instance();
-if ( !is_logged() )
-{
+if ( !is_logged() ) {
die("Access denied!
Disable password protection or Log in.");
}
+check_token();
if(isset($_POST['save']))
{
- if (need_auth() && _post('_token') != hash('gost', session_id())) {
- die("Access denied! Try to reload the settings page.");
- }
-
$t = array();
$langs = getLangs();
Config::$params['lang']['options'] = array_keys($langs);
@@ -181,7 +177,6 @@ header('Content-type:text/html; charset=utf-8');