X-Git-Url: http://mop.ddnsfree.com/gitweb/?a=blobdiff_plain;f=web%2FObj%2Fsac-a-push.phh;fp=web%2FObj%2Fsac-a-push.phh;h=b184fb4524a9f5be752676c263c63c9e8b88e7b6;hb=ad1adc9cdd234ce4904a31f244469993a0f2cb7e;hp=433ec45a51bf3255b069abb2addd6fdcfc087d9e;hpb=5afa7681faebc92f25f73074e599b4048bcdd2a0;p=brisk.git

diff --git a/web/Obj/sac-a-push.phh b/web/Obj/sac-a-push.phh
index 433ec45..b184fb4 100644
--- a/web/Obj/sac-a-push.phh
+++ b/web/Obj/sac-a-push.phh
@@ -937,17 +937,30 @@ class Sac_a_push {
 
     function direct_command($cmdstr)
     {
+        GLOBAL $G_alarm_passwd;
+
         $cmd = cmd_deserialize($cmdstr);
 
         if (!isset($cmd['cmd'])) {
             return cmd_return(500, 'no cmd found');
         }
-        // "cmd" => "userauth", "login" => 'mop', 'private' => 'it_must_be_correct',
+        // "cmd" => "userauth", "sess" => 'xxxxxxxxxxx', 'private' => 'it_must_be_correct',
         //           'the_end' => 'true' );
+        // cmd=userauth&sess=52d796ac08c47&private=yourpasswd192.168.122.152d796ac08c47&the_end=true
         if ($cmd['cmd'] == 'userauth') {
-            if (!isset($cmd['login']) || !isset($cmd['private'])) {
-                return cmd_return(503, 'malformed cmd');
+            if (!isset($cmd['sess']) || !isset($cmd['private'])) {
+                return cmd_return(401, 'malformed cmd');
             }
+            $idx = -1;
+            if (($user = $this->app->get_user($cmd['sess'], &$idx)) == FALSE)
+                return cmd_return(402, 'user not found');
+
+            if (($user->flags & USER_FLAG_TY_ADMIN) == 0x00)
+                return cmd_return(403, 'permission denied');
+
+            if (md5($G_alarm_passwd.$user->ip.$user->sess) != $cmd['private'])
+                return cmd_return(404, 'authentication failed ['.$cmd['private'].']['.$G_alarm_passwd.$user->ip.$user->sess.']');
+
             return cmd_return(200, 'success');
         }