only allow logins if the app unique key matches for the session

fixes #56 (closed) by checking that the user who has an active session has one valid for this vtiger instance.

includes/main/WebUI.php

@@ -42,7 +42,7 @@ class Vtiger_WebUI extends Vtiger_EntryPoint {
$user = parent::getLogin();
if (!$user) {
$userid = Vtiger_Session::get('AUTHUSERID', $_SESSION['authenticated_user_id']);
-			if ($userid) {
+			if ($userid && vglobal('application_unique_key')==$_SESSION['app_unique_key']) {
$user = CRMEntity::getInstance('Users');
$user->retrieveCurrentUserInfoFromFile($userid);
$this->setLogin($user);