Commit 10753676 authored by Leigh B. Stoller's avatar Leigh B. Stoller
Browse files

Add webonly status bit to user flags. Also add utility function to

determine if user has a real account.
parent 356a9fc0
...@@ -40,6 +40,7 @@ define("CHECKLOGIN_ISADMIN", 0x04000); ...@@ -40,6 +40,7 @@ define("CHECKLOGIN_ISADMIN", 0x04000);
define("CHECKLOGIN_TRUSTED", 0x08000); define("CHECKLOGIN_TRUSTED", 0x08000);
define("CHECKLOGIN_CVSWEB", 0x10000); define("CHECKLOGIN_CVSWEB", 0x10000);
define("CHECKLOGIN_ADMINOFF", 0x20000); define("CHECKLOGIN_ADMINOFF", 0x20000);
define("CHECKLOGIN_WEBONLY", 0x40000);
# #
# Generate a hash value suitable for authorization. We use the results of # Generate a hash value suitable for authorization. We use the results of
...@@ -117,7 +118,7 @@ function CHECKLOGIN($uid) { ...@@ -117,7 +118,7 @@ function CHECKLOGIN($uid) {
# #
$query_result = $query_result =
DBQueryFatal("select NOW()>=u.pswd_expires,l.hashkey,l.timeout, ". DBQueryFatal("select NOW()>=u.pswd_expires,l.hashkey,l.timeout, ".
" status,admin,cvsweb,g.trust,adminoff ". " status,admin,cvsweb,g.trust,adminoff,webonly ".
" from users as u ". " from users as u ".
"left join login as l on l.uid=u.uid ". "left join login as l on l.uid=u.uid ".
"left join group_membership as g on g.uid=u.uid ". "left join group_membership as g on g.uid=u.uid ".
...@@ -146,7 +147,8 @@ function CHECKLOGIN($uid) { ...@@ -146,7 +147,8 @@ function CHECKLOGIN($uid) {
! strcmp($row[6], "group_root")) { ! strcmp($row[6], "group_root")) {
$trusted = 1; $trusted = 1;
} }
$adminoff= $row[7]; $adminoff = $row[7];
$webonly = $row[8];
} }
# #
...@@ -214,6 +216,8 @@ function CHECKLOGIN($uid) { ...@@ -214,6 +216,8 @@ function CHECKLOGIN($uid) {
$CHECKLOGIN_STATUS |= CHECKLOGIN_ISADMIN; $CHECKLOGIN_STATUS |= CHECKLOGIN_ISADMIN;
if ($adminoff) if ($adminoff)
$CHECKLOGIN_STATUS |= CHECKLOGIN_ADMINOFF; $CHECKLOGIN_STATUS |= CHECKLOGIN_ADMINOFF;
if ($webonly)
$CHECKLOGIN_STATUS |= CHECKLOGIN_WEBONLY;
if ($trusted) if ($trusted)
$CHECKLOGIN_STATUS |= CHECKLOGIN_TRUSTED; $CHECKLOGIN_STATUS |= CHECKLOGIN_TRUSTED;
if ($cvsweb) if ($cvsweb)
...@@ -230,7 +234,7 @@ function CHECKLOGIN($uid) { ...@@ -230,7 +234,7 @@ function CHECKLOGIN($uid) {
# #
# Set the magic enviroment variable, if appropriate, for the sake of # Set the magic enviroment variable, if appropriate, for the sake of
# any processes we might spawn. We prepend an HTTP_ on the front of # any processes we might spawn. We prepend an HTTP_ on the front of
# the variable name, so that it'll get through suexec. # the variable name, so that it will get through suexec.
# #
if ($admin && !$adminoff) { if ($admin && !$adminoff) {
putenv("HTTP_WITH_TB_ADMIN_PRIVS=1"); putenv("HTTP_WITH_TB_ADMIN_PRIVS=1");
...@@ -343,9 +347,7 @@ function DOLOGIN($uid, $password) { ...@@ -343,9 +347,7 @@ function DOLOGIN($uid, $password) {
# #
if ($row = mysql_fetch_row($query_result)) { if ($row = mysql_fetch_row($query_result)) {
$db_encoding = $row[0]; $db_encoding = $row[0];
$salt = substr($db_encoding, 0, 2); $encoding = crypt("$password", $db_encoding);
if ($salt[0] == $salt[1]) { $salt = $salt[0]; }
$encoding = crypt("$password", $salt);
if (strcmp($encoding, $db_encoding)) { if (strcmp($encoding, $db_encoding)) {
return -1; return -1;
} }
...@@ -432,12 +434,7 @@ function VERIFYPASSWD($uid, $password) { ...@@ -432,12 +434,7 @@ function VERIFYPASSWD($uid, $password) {
# #
if ($row = mysql_fetch_row($query_result)) { if ($row = mysql_fetch_row($query_result)) {
$db_encoding = $row[0]; $db_encoding = $row[0];
$salt = substr($db_encoding, 0, 2); $encoding = crypt("$password", $db_encoding);
if ($salt[0] == $salt[1]) {
$salt = $salt[0];
}
$encoding = crypt("$password", $salt);
if (strcmp($encoding, $db_encoding)) { if (strcmp($encoding, $db_encoding)) {
return -1; return -1;
...@@ -515,6 +512,23 @@ function LASTWEBLOGIN($uid) { ...@@ -515,6 +512,23 @@ function LASTWEBLOGIN($uid) {
return 0; return 0;
} }
function HASREALACCOUNT($uid) {
$query_result =
DBQueryFatal("select status,webonly from users where uid='$uid'");
if (!mysql_num_rows($query_result)) {
return 0;
}
$row = mysql_fetch_array($query_result);
$status = $row[0];
$webonly = $row[1];
if ($webonly || strcmp($status, TBDB_USERSTATUS_ACTIVE)) {
return 0;
}
return 1;
}
# #
# Beware empty spaces (cookies)! # Beware empty spaces (cookies)!
# #
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment