Commit 0e17f951 authored by Leigh B Stoller's avatar Leigh B Stoller
Browse files

Minor refactoring to allow easier login checks from APT login path.

Add check for pswd_expires=null setting; never expires.
parent 25d378be
......@@ -35,6 +35,8 @@ $ISAPT = 1;
$ISCLOUD = 0;
$ISVSERVER = 0;
$GOOGLEUA = 'UA-45161989-1';
# See tbauth.php3
$CHANGEPSWD_PAGE= "changepswd.php";
#
# Global flag to disable accounts. We do this on some pages which
......@@ -741,7 +743,7 @@ function RedirectLoginPage()
#
# Check the login and redirect to login page.
#
function CheckLoginOrRedirect()
function CheckLoginOrRedirect($modifier = 0)
{
RedirectSecure();
......@@ -750,8 +752,7 @@ function CheckLoginOrRedirect()
if (! ($check_status & CHECKLOGIN_LOGGEDIN)) {
RedirectLoginPage();
}
# Catch other illegal login issues.
CheckLoginOrDie();
CheckLoginConditions($check_status & ~$modifier);
return $this_user;
}
......
......@@ -67,8 +67,8 @@ define("CHECKLOGIN_WEBONLY", 0x040000);
define("CHECKLOGIN_PLABUSER", 0x080000);
define("CHECKLOGIN_STUDLY", 0x100000);
define("CHECKLOGIN_WIKIONLY", 0x200000);
define("CHECKLOGIN_OPSGUY", 0x400000); # Member of emulab-ops.
define("CHECKLOGIN_ISFOREIGN_ADMIN", 0x800000); # Admin of another Emulab.
define("CHECKLOGIN_OPSGUY", 0x400000); # Member of emulab-ops.
define("CHECKLOGIN_ISFOREIGN_ADMIN", 0x800000); # Admin of another Emulab.
#
# Constants for tracking possible login attacks.
......@@ -83,6 +83,9 @@ define("DOLOGIN_STATUS_ERROR", -1);
define("DOLOGIN_STATUS_IPFREEZE", -2);
define("DOLOGIN_STATUS_WEBFREEZE", -3);
# So we can redefine this in the APT pages.
$CHANGEPSWD_PAGE = "moduserinfo.php3";
#
# Generate a hash value suitable for authorization. We use the results of
# microtime, combined with a random number.
......@@ -417,7 +420,7 @@ function LoginStatus() {
# Now add in the modifiers.
#
# Do not expire passwords for admin users.
if ($expired && !$admin)
if (!is_null($expired) && $expired && !$admin)
$CHECKLOGIN_STATUS |= CHECKLOGIN_PSWDEXPIRED;
if ($admin)
$CHECKLOGIN_STATUS |= CHECKLOGIN_ISADMIN;
......@@ -554,14 +557,22 @@ function LOGGEDINORDIE($uid, $modifier = 0, $login_url = NULL) {
TBERROR("LOGGEDINORDIE failed mysteriously", 1);
}
$status = $status & ~$modifier;
CheckLoginConditions($status & ~$modifier);
#
# Check other conditions.
#
# No one should ever look at the return value of this function.
return null;
}
#
# Check other conditions.
#
function CheckLoginConditions($status)
{
global $CHANGEPSWD_PAGE;
if ($status & CHECKLOGIN_PSWDEXPIRED)
USERERROR("Your password has expired. ".
"<a href=moduserinfo.php3>Please change it now!</a>",
"<a href='$CHANGEPSWD_PAGE'>Please change it now.</a>",
1, HTTP_403_FORBIDDEN);
if ($status & CHECKLOGIN_FROZEN)
USERERROR("Your account has been frozen!",
......@@ -585,10 +596,7 @@ function LOGGEDINORDIE($uid, $modifier = 0, $login_url = NULL) {
#
if (NOLOGINS() && !ISADMIN())
USERERROR("Sorry. The Web Interface is ".
"<a href=nologins.php3>Temporarily Unavailable!</a>", 1);
# No one should ever look at the return value of this function.
return null;
"temporarily unavailable. Please check back later.", 1);
}
#
......@@ -612,12 +620,22 @@ function CheckLoginOrDie($modifier = 0, $login_url = NULL)
#
function CheckLogin(&$status)
{
global $CHECKLOGIN_USER;
global $CHECKLOGIN_USER, $CHECKLOGIN_STATUS;
$status = LoginStatus();
# If login looks valid, return the user.
if ($status & (CHECKLOGIN_LOGGEDIN|CHECKLOGIN_MAYBEVALID)) {
if ($status & (CHECKLOGIN_LOGGEDIN|CHECKLOGIN_MAYBEVALID)) {
#
# Check for NOLOGINS.
# We want to allow admin types to continue using the web interface,
# and logout anyone else that is currently logged in!
#
if (NOLOGINS() && !ISADMIN()) {
DOLOGOUT($CHECKLOGIN_USER);
$status = $CHECKLOGIN_STATUS;
return null;
}
if ($status & CHECKLOGIN_LOGGEDIN) {
BumpLogoutTime();
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment