From f93528ffab19b7a733fc8fb21c22853d8ec0d2f5 Mon Sep 17 00:00:00 2001
From: Andy Staudacher <andy.st@gmail.com>
Date: Sun, 7 Feb 2010 15:37:32 -0800
Subject: Last partial fix for ticket 585: Compartmentalize the admin area and
 require active authentication every 20 minutes to access the admin area.

Also renaming auth::validate_too_many_failed_password_changes to validate_too_many_failed_auth_attempts since it's used in this generalized way in 3 places now.
---
 modules/gallery/controllers/admin.php | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

(limited to 'modules/gallery/controllers/admin.php')

diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php
index e4216991..b5f3db39 100644
--- a/modules/gallery/controllers/admin.php
+++ b/modules/gallery/controllers/admin.php
@@ -21,7 +21,7 @@ class Admin_Controller extends Controller {
   private $theme;
 
   public function __construct($theme=null) {
-    if (!(identity::active_user()->admin)) {
+    if (!identity::active_user()->admin) {
       access::forbidden();
     }
 
@@ -29,6 +29,10 @@ class Admin_Controller extends Controller {
   }
 
   public function __call($controller_name, $args) {
+    if (auth::must_reauth_for_admin_area()) {
+      return url::redirect("reauthenticate");
+    }
+
     if (request::method() == "post") {
       access::verify_csrf();
     }
-- 
cgit v1.2.3