Adds a security check on the existence of an hruid at registration time.

[platal.git] / classes / xnetsession.php

diff --git a/classes/xnetsession.php b/classes/xnetsession.php
index 0183a76..839abb2 100644 (file)
--- a/classes/xnetsession.php
+++ b/classes/xnetsession.php
@@ -24,15 +24,10 @@ class XnetSession extends PlSession
     public function __construct()
     {
         parent::__construct();
-        S::bootstrap('perms_backup', new PlFlagSet());
     }
 
     public function startAvailableAuth()
     {
-        if (!(S::v('perms') instanceof PlFlagSet)) {
-            S::set('perms', S::v('perms_backup'));
-        }
-
         if (!S::logged() && Get::has('auth')) {
             if (!$this->start(AUTH_MDP)) {
                 return false;
@@ -74,7 +69,6 @@ class XnetSession extends PlSession
                 $perms->addFlag('groupannu');
             }
             S::set('perms', $perms);
-            S::set('perms_backup', $perms);
         }
         return true;
     }
@@ -165,10 +159,28 @@ class XnetSession extends PlSession
         S::kill('may_update');
         S::kill('is_member');
         S::set('perms', $suid['perms']);
-        S::set('perms_backup', $suid['perms_backup']);
         return true;
     }
 
+    public function makePerms($perm)
+    {
+        $flags = new PlFlagSet();
+        if ($perm == 'disabled' || $perm == 'ext') {
+            S::set('perms', $flags);
+            return;
+        }
+        $flags->addFlag(PERMS_USER);
+        if ($perm == 'admin') {
+            $flags->addFlag(PERMS_ADMIN);
+        }
+        S::set('perms', $flags);
+    }
+
+    public function loggedLevel()
+    {
+        return AUTH_COOKIE;
+    }
+
     public function sureLevel()
     {
         return AUTH_MDP;