Pman/Login.php

[Pman.Base] / Pman / Login.php

diff --git a/Pman/Login.php b/Pman/Login.php
index f655568..d5e0849 100644 (file)
--- a/Pman/Login.php
+++ b/Pman/Login.php
@@ -135,7 +135,7 @@ class Pman_Login extends Pman
         
         
         // first check they have perms to do this..
-        if (!$au|| ($au->company_id_comptype != 'OWNER') || !$this->hasPerm('Core.Person', 'E')) {
+        if (!$au|| ($au->company()->comptype != 'OWNER') || !$this->hasPerm('Core.Person', 'E')) {
             $this->jerr("User switching not permitted");
         }
         
@@ -200,6 +200,15 @@ class Pman_Login extends Pman
             $this->jerr('Account disabled');
         }
         
+        // check if config allows non-owner passwords.
+        // auth_company = "OWNER" auth_company = "CLIENT"
+        $ff= HTML_FlexyFramework::get();
+        if (!empty($ff->Pman['auth_comptype']) && $ff->Pman['auth_comptype'] != $u->company()->comptype) {
+            $this->jerr("Login not permited to outside companies");
+        }
+        
+        
+        
         if ($u->checkPassword($_REQUEST['password'])) {
             $u->login();
             // we might need this later..