return false
end
-function authenticator.htmlauth(validator, default)
+function authenticator.htmlauth(validator, accs, default)
local user = luci.http.formvalue("username")
local pass = luci.http.formvalue("password")
local c = context.tree
local track = {}
local args = {}
- context.args = context.path
+ context.args = args
local n
for i, s in ipairs(request) do
viewns.controller = luci.http.getenv("SCRIPT_NAME")
viewns.media = luci.config.main.mediaurlbase
viewns.resource = luci.config.main.resourcebase
- viewns.REQUEST_URI = luci.http.getenv("SCRIPT_NAME") .. (luci.http.getenv("PATH_INFO") or "")
+ viewns.REQUEST_URI = (luci.http.getenv("SCRIPT_NAME") or "") .. (luci.http.getenv("PATH_INFO") or "")
if track.dependent then
local stat, err = pcall(assert, not track.auto)
if not luci.util.contains(accs, user) then
if authen then
- local user = authen(luci.sys.user.checkpasswd, def)
+ local user, sess = authen(luci.sys.user.checkpasswd, accs, def)
if not user or not luci.util.contains(accs, user) then
return
else
- local sid = luci.sys.uniqueid(16)
+ local sid = sess or luci.sys.uniqueid(16)
luci.http.header("Set-Cookie", "sysauth=" .. sid.."; path=/")
- luci.sauth.write(sid, user)
+ if not sess then
+ luci.sauth.write(sid, user)
+ end
end
else
luci.http.status(403, "Forbidden")