Update security

library/WsScore/WsScore.php

@@ -497,7 +497,7 @@ class WsScore
 	}
 
 	/**
-	 * checkAccesWS
+	 * Check if user has the right to access WebService
 	 * @throws SoapFault
 	 */
 	protected function checkAccesWS()
@@ -510,7 +510,7 @@ class WsScore
 	}
 
 	/**
-	 * checPerm
+	 * Check if the user has the right to acces this functionality
 	 * @param string $perm
 	 * @throws SoapFault
 	 */
@@ -576,12 +576,15 @@ class WsScore
 	        return false;
 	    }
 
-	    // Récupération des informations de connexion
-	    if ( $result->password == $password
-	            || md5($result->password) == $password
-	            || md5($result->login.'|'.$result->password) == $password
-	            || ( substr($password,0,7)=='iponly:' && checkPlagesIp($result->filtre_ip, substr($password,7))) )
-	    {
+	    // Check password with database informations
+	    if ( $result->password == $password    //password sent in clear
+	            || md5($result->password) == $password     //password sent with md5
+	            || md5($result->login.'|'.$result->password) == $password //password sent concat with login and crypt by md5
+	            // Block access with IPs
+	            || ( substr($password,0,7)=='iponly:'
+	                    && !empty($result->filtre_ip)
+	                    && checkPlagesIp($result->filtre_ip, substr($password,7))) ) {
+
 	        $timeout = $result->timeout;
 	        if ($timeout==0) $timeout = 1800;
 	        $this->tabInfoUser = array(
@@ -619,7 +622,7 @@ class WsScore
 
 	        /**
 	         * Date de debut de compte
-	        */
+	         */
 	        if ( !empty($result->dateDebutCompte) && $result->dateDebutCompte!='0000-00-00' ) {
 	            $today = mktime(0, 0, 0, date('m'), date('d'), date('Y'));
 	            $dateDebutCompte = mktime(0, 0, 0, substr($result->dateDebutCompte,5,2), substr(dateDebutCompte,8,2), substr($result->dateDebutCompte,0,4));