Access without login - accept ?username=

author jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>

Wed, 27 Aug 2008 16:43:30 +0000 (16:43 +0000)

committer jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>

Wed, 27 Aug 2008 16:43:30 +0000 (16:43 +0000)
author jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
Wed, 27 Aug 2008 16:43:30 +0000 (16:43 +0000)
committer jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
Wed, 27 Aug 2008 16:43:30 +0000 (16:43 +0000)
diff --git a/auth.inc.php b/auth.inc.php

index 592b23ef994170e0c73d3b5c94d26377d18ebc0c..92a177a8ca0cf17ee880a0421c98b502f475a93c 100644 (file)
--- a/auth.inc.php
+++ b/auth.inc.php
@@ -70,8 +70,12 @@ function auth_error() {
         page_footer("auth");
  }
  
-$username = $_SESSION["usernames"][$_GET["server"]];
+$username = &$_SESSION["usernames"][$_GET["server"]];
+if (!isset($username)) {
+       $username = $_GET["username"];
+}
  if (!isset($username) || !$mysql->connect($_GET["server"], $username, $_SESSION["passwords"][$_GET["server"]])) {
         auth_error();
         exit;
  }
+unset($username);
diff --git a/todo.txt b/todo.txt

index 334558b99960f2614699eec1f51d35cf6656e132..669d32d1217df4a3c4d25d9a072e65fd0e23f3b6 100644 (file)
--- a/todo.txt
+++ b/todo.txt
@@ -9,7 +9,6 @@ Bulk update - leave original, set to value, set to NULL
  Save uploaded files after error to session variable instead of hidden field
  Transactions in export
  Compress export and import
-Access without login - accept $_GET
  ? Query print
  ? Execution time in sql.inc.php
  ? Save token also to cookie - for session expiration and login in other window
author	jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
	Wed, 27 Aug 2008 16:43:30 +0000 (16:43 +0000)
committer	jakubvrana <jakubvrana@7c3ca157-0c34-0410-bff1-cbf682f78f5c>
	Wed, 27 Aug 2008 16:43:30 +0000 (16:43 +0000)
auth.inc.php		patch \| blob \| history
todo.txt		patch \| blob \| history