yet more session work

Zotlabs/Storage/BasicAuth.php

@@ -73,6 +73,9 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
 	protected $timezone = '';
 
 
+	public $module_disabled = false;
+
+
 	/**
 	 * @brief Validates a username and password.
 	 *
@@ -92,7 +95,7 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
 				intval($record['account_id']),
 				intval($record['account_default_channel'])
 			);
-			if ($r) {
+			if($r && $this->check_module_access($r[0]['channel_id'])) {
 				return $this->setAuthenticated($r[0]);
 			}
 		}
@@ -109,12 +112,16 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
 					if ((($record['account_flags'] == ACCOUNT_OK) || ($record['account_flags'] == ACCOUNT_UNVERIFIED))
 					&& (hash('whirlpool', $record['account_salt'] . $password) === $record['account_password'])) {
 						logger('password verified for ' . $username);
+						if($this->check_module_access($r[0]['channel_id']))
 							return $this->setAuthenticated($r[0]);
 					}
 				}
 			}
 		}
 
+		if($this->module_disabled)
+			$error = 'module not enabled for ' . $username;
+		else
 			$error = 'password failed for ' . $username;
 		logger($error);
 		log_failed_login($error);
@@ -139,6 +146,17 @@ class BasicAuth extends DAV\Auth\Backend\AbstractBasic {
 		return true;
 	}
 
+	protected function check_module_access($channel_id) {
+		if($channel_id && \App::$module === 'cdav') {
+			$x = get_pconfig($channel_id,'cdav','enabled');
+			if(! $x) {
+				$this->module_disabled = true;
+				return false;
+			}
+		}
+		return true;
+	}
+
 	/**
 	 * Sets the channel_name from the currently logged-in channel.
 	 *

Zotlabs/Web/Session.php

@@ -13,8 +13,8 @@ namespace Zotlabs\Web;
 
 class Session {
 
-	static private $handler = null;
+	private $handler = null;
-	static private $session_started = false;
+	private $session_started = false;
 
 	public function init() {