From a4be3297d541560e1bc4291d366808fca517d49e Mon Sep 17 00:00:00 2001
From: Karl 'vollmerk' Vollmer <vollmer@ampache.org>
Date: Sat, 13 May 2006 00:39:40 +0000
Subject: fixed localplay buttons with use_auth disabled and tweaked access
 control mojo to prevent login in addition to the normal prevention of
 streaming

---
 login.php | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

(limited to 'login.php')

diff --git a/login.php b/login.php
index 0311dc76..e03e40d4 100644
--- a/login.php
+++ b/login.php
@@ -31,6 +31,20 @@ require_once('modules/init.php');
 vauth_session_cookie();
 init_preferences();
 
+/**
+ * If Access Control is turned on then we don't
+ * even want them to be able to get to the login 
+ * page if they aren't in the ACL
+ */
+if (conf('access_control')) { 
+        $access = new Access(0);
+        if (!$access->check("25", $_SERVER['REMOTE_ADDR'])) {
+                debug_event('access_denied','Access Denied:' . $_SERVER['REMOTE_ADDR'] . ' is not in the Access list','3');
+                access_denied();
+        }
+} // access_control is enabled
+
+
 /* Check for posted username and password */
 if ($_POST['username'] && $_POST['password']) {
 
-- 
cgit