X-Git-Url: https://git.ucc.asn.au/?a=blobdiff_plain;f=server%2Ffastcgi.c;h=08c413b203035d350039ba1e87b690cc34f2aed7;hb=f858232d7c564f14e6d2fb9d616f8e12a1ec9171;hp=0252f784e8ad0757d7216a5bf978a7dcbbe59d29;hpb=6d02539604cd90ae992e69d3f6a839044b6c6fef;p=matches%2FMCTX3420.git

diff --git a/server/fastcgi.c b/server/fastcgi.c
index 0252f78..08c413b 100644
--- a/server/fastcgi.c
+++ b/server/fastcgi.c
@@ -441,14 +441,15 @@ void * FCGI_RequestLoop (void *data)
 	while (FCGI_Accept() >= 0) {
 		
 		ModuleHandler module_handler = NULL;
-		char module[BUFSIZ], params[BUFSIZ], hack[BUFSIZ];
+		char module[BUFSIZ], params[BUFSIZ], cookie[BUFSIZ];
 		
 		//strncpy doesn't zero-truncate properly
 		snprintf(module, BUFSIZ, "%s", getenv("DOCUMENT_URI_LOCAL"));
 		snprintf(params, BUFSIZ, "%s", getenv("QUERY_STRING"));
-		snprintf(hack, BUFSIZ, "%s", getenv("QUERY_STRING"));
+		snprintf(cookie, BUFSIZ, "%s", getenv("COOKIE_STRING"));
 
 		Log(LOGDEBUG, "Got request #%d - Module %s, params %s", context.response_number, module, params);
+		Log(LOGDEBUG, "Cookie: %s", cookie);
 
 
 		
@@ -489,6 +490,20 @@ void * FCGI_RequestLoop (void *data)
 
 		if (module_handler) 
 		{
+			if (module_handler != Login_Handler)
+			{
+				if (cookie[0] == '\0')
+				{
+					FCGI_RejectJSON(&context, "Please login.");
+					continue;
+				}
+				if (!FCGI_HasControl(&context, cookie))
+				{
+					FCGI_RejectJSON(&context, "Invalid control key.");
+					continue;	
+				}
+			}
+
 			module_handler(&context, params);
 		} 
 		else