11 éve · ef6ac673ac
--- a/core/default_settings/default_settings.php
+++ b/core/default_settings/default_settings.php
@@ -459,4 +459,4 @@ if (permission_exists("domain_select") && permission_exists("domain_setting_add"
 
				 
			
 
				 //include the footer
			
 
				 	require_once "resources/footer.php";
			
 
				-?>
			
 
				+?>
			
--- a/resources/check_auth.php
+++ b/resources/check_auth.php
@@ -184,35 +184,26 @@ require_once "resources/require.php";
 
				 		//database authentication
			
 
				 			else {
			
 
				 				//check the username and password if they don't match then redirect to the login
			
 
				+					$sql = "select * from v_users ";
			
 
				+					if (isset($_REQUEST["key"])) {
			
 
				+						$sql .= "where api_key=:key ";
			
 
				+						//$sql .= "and api_key='".$key."' ";
			
 
				+					}
			
 
				+					else {
			
 
				+						$sql .= "where username=:username ";
			
 
				+						//$sql .= "and username='".$username."' ";
			
 
				+					}
			
 
				+					//$sql .= "and domain_uuid='".$domain_uuid."' ";
			
 
				 					if ($_SESSION["user"]["unique"]["text"] == "global") {
			
 
				-						//globally unique users
			
 
				-						$sql = "select * from v_users ";
			
 
				-						if (isset($_REQUEST["key"])) {
			
 
				-							$sql .= "where api_key=:key ";
			
 
				-							//$sql .= "where api_key='".$key."' ";
			
 
				-						}
			
 
				-						else {
			
 
				-							$sql .= "where username=:username ";
			
 
				-							//$sql .= "where username='".$username."' ";
			
 
				-						}
			
 
				-						$sql .= "and (user_enabled = 'true' or user_enabled is null) ";
			
 
				-						$prep_statement = $db->prepare(check_sql($sql));
			
 
				+						//unique username - global (example: email address)
			
 
				 					}
			
 
				 					else {
			
 
				-						//unique per domain
			
 
				-						$sql = "select * from v_users ";
			
 
				-						if (isset($_REQUEST["key"])) {
			
 
				-							$sql .= "where api_key=:key ";
			
 
				-							//$sql .= "and api_key='".$key."' ";
			
 
				-						}
			
 
				-						else {
			
 
				-							$sql .= "where username=:username ";
			
 
				-							//$sql .= "and username='".$username."' ";
			
 
				-						}
			
 
				-						//$sql .= "and domain_uuid='".$domain_uuid."' ";
			
 
				+						//unique username - per domain
			
 
				 						$sql .= "and domain_uuid=:domain_uuid ";
			
 
				-						$sql .= "and (user_enabled = 'true' or user_enabled is null) ";
			
 
				-						$prep_statement = $db->prepare(check_sql($sql));
			
 
				+					}
			
 
				+					$sql .= "and (user_enabled = 'true' or user_enabled is null) ";
			
 
				+					$prep_statement = $db->prepare(check_sql($sql));
			
 
				+					if ($_SESSION["user"]["unique"]["text"] != "global") {
			
 
				 						$prep_statement->bindParam(':domain_uuid', $domain_uuid);
			
 
				 					}
			
 
				 					if (isset($_REQUEST["key"])) {