[Web] prevent multiple dual-logins

2024-03-08 14:05:37 +01:00
parent 2ba64e93f9
commit e0bda6ca6a
1 changed files with 19 additions and 16 deletions
@@ -121,6 +121,8 @@ if (isset($_POST["login_user"]) && isset($_POST["pass_user"])) {

 if (isset($_SESSION['mailcow_cc_role']) && (isset($_SESSION['acl']['login_as']) && $_SESSION['acl']['login_as'] == "1")) {
 	if (isset($_GET["duallogin"])) {
+    $is_dual = (!empty($_SESSION["dual-login"]["username"])) ? true : false;
+    if (!$is_dual) {
      $duallogin = html_entity_decode(rawurldecode($_GET["duallogin"]));
      if (filter_var($duallogin, FILTER_VALIDATE_EMAIL)) {
        if (!empty(mailbox('get', 'mailbox_details', $duallogin))) {
@@ -141,6 +143,7 @@ if (isset($_SESSION['mailcow_cc_role']) && (isset($_SESSION['acl']['login_as'])
        }
      }
    }
+  }
 }

 if (isset($_SESSION['mailcow_cc_role'])) {