Commit 186b419b authored by Leigh B. Stoller's avatar Leigh B. Stoller
Browse files

Commit the admin on/off stuff, but mostly cause I have some other

changes that have to go in now!
parent 62b1ff17
<?php
include("defs.php3");
#
# No PAGEHEADER since we spit out a Location header later. See below.
#
#
# Only known and logged in users can do this.
#
# Note different test though, since we want to allow logged in
# users with expired passwords to change them.
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid);
#
# Admins can change status for other users.
#
if (!isset($target_uid)) {
$target_uid = $uid;
}
#
# We need to know the real admin permission of the current user.
#
if (! ($CHECKLOGIN_STATUS & CHECKLOGIN_ISADMIN)) {
USERERROR("You do not have permission to use this page!", 1);
}
if (!isset($adminoff) || ($adminoff != 0 && $adminoff != 1)) {
USERERROR("Improper arguments!", 1);
}
DBQueryFatal("update users set adminoff=$adminoff where uid='$target_uid'");
#
# Spit out a redirect
#
header("Location: $TBBASE/showuser.php3?target_uid=$target_uid");
?>
...@@ -75,7 +75,7 @@ function SPITFORM($uid, $key, $failed) ...@@ -75,7 +75,7 @@ function SPITFORM($uid, $key, $failed)
value=\"$uid\" value=\"$uid\"
name=uid size=$TBDB_UIDLEN></td> name=uid size=$TBDB_UIDLEN></td>
</tr> </tr>
<tr> <tr>
<td>Password:</td> <td>Password:</td>
<td><input type=password name=password size=12></td> <td><input type=password name=password size=12></td>
</tr> </tr>
...@@ -94,7 +94,7 @@ function SPITFORM($uid, $key, $failed) ...@@ -94,7 +94,7 @@ function SPITFORM($uid, $key, $failed)
# #
# Do not bother if NOLOGINS! # Do not bother if NOLOGINS!
# #
if (NOLOGINS()) { if (0 && NOLOGINS()) {
PAGEHEADER("Login"); PAGEHEADER("Login");
echo "<center> echo "<center>
......
...@@ -110,7 +110,7 @@ function WRITESIDEBAR() { ...@@ -110,7 +110,7 @@ function WRITESIDEBAR() {
$TBBASE, $TBBASE,
"showuser.php3?target_uid=$login_uid"); "showuser.php3?target_uid=$login_uid");
if ($login_status & CHECKLOGIN_ISADMIN) { if (ISADMIN($login_uid)) {
WRITESIDEBARBUTTON("New Project Approval", WRITESIDEBARBUTTON("New Project Approval",
$TBBASE, "approveproject_list.php3"); $TBBASE, "approveproject_list.php3");
} }
...@@ -128,7 +128,7 @@ function WRITESIDEBAR() { ...@@ -128,7 +128,7 @@ function WRITESIDEBAR() {
WRITESIDEBARBUTTON("Project Information", WRITESIDEBARBUTTON("Project Information",
$TBBASE, "showproject_list.php3"); $TBBASE, "showproject_list.php3");
if ($login_status & CHECKLOGIN_ISADMIN) { if (ISADMIN($login_uid)) {
WRITESIDEBARBUTTON("User List", WRITESIDEBARBUTTON("User List",
$TBBASE, "showuser_list.php3"); $TBBASE, "showuser_list.php3");
} }
......
...@@ -333,6 +333,8 @@ function SHOWUSER($uid) { ...@@ -333,6 +333,8 @@ function SHOWUSER($uid) {
$usr_title = $row[usr_title]; $usr_title = $row[usr_title];
$usr_affil = $row[usr_affil]; $usr_affil = $row[usr_affil];
$status = $row[status]; $status = $row[status];
$admin = $row[admin];
$adminoff = $row[adminoff];
# #
# Last Login info. # Last Login info.
...@@ -405,6 +407,17 @@ function SHOWUSER($uid) { ...@@ -405,6 +407,17 @@ function SHOWUSER($uid) {
<td>Status:</td> <td>Status:</td>
<td>$status</td> <td>$status</td>
</tr>\n"; </tr>\n";
if ($admin) {
$onoff = ($adminoff ? "Off" : "On");
$flip = ($adminoff ? 0 : 1);
echo "<tr>
<td>Admin (on/off):</td>
<td>Yes
<a href=adminmode.php3?target_uid=$uid&adminoff=$flip>
($onoff)</td>
</tr>\n";
}
echo "<tr> echo "<tr>
<td>Last Web Login:</td> <td>Last Web Login:</td>
......
...@@ -34,6 +34,7 @@ define("CHECKLOGIN_FROZEN", 0x02000); ...@@ -34,6 +34,7 @@ define("CHECKLOGIN_FROZEN", 0x02000);
define("CHECKLOGIN_ISADMIN", 0x04000); define("CHECKLOGIN_ISADMIN", 0x04000);
define("CHECKLOGIN_TRUSTED", 0x08000); define("CHECKLOGIN_TRUSTED", 0x08000);
define("CHECKLOGIN_CVSWEB", 0x10000); define("CHECKLOGIN_CVSWEB", 0x10000);
define("CHECKLOGIN_ADMINOFF", 0x20000);
# #
# Generate a hash value suitable for authorization. We use the results of # Generate a hash value suitable for authorization. We use the results of
...@@ -111,7 +112,7 @@ function CHECKLOGIN($uid) { ...@@ -111,7 +112,7 @@ function CHECKLOGIN($uid) {
# #
$query_result = $query_result =
DBQueryFatal("select NOW()>=u.pswd_expires,l.hashkey,l.timeout, ". DBQueryFatal("select NOW()>=u.pswd_expires,l.hashkey,l.timeout, ".
" status,admin,cvsweb,g.trust ". " status,admin,cvsweb,g.trust,adminoff ".
" from users as u ". " from users as u ".
"left join login as l on l.uid=u.uid ". "left join login as l on l.uid=u.uid ".
"left join group_membership as g on g.uid=u.uid ". "left join group_membership as g on g.uid=u.uid ".
...@@ -140,6 +141,7 @@ function CHECKLOGIN($uid) { ...@@ -140,6 +141,7 @@ function CHECKLOGIN($uid) {
! strcmp($row[6], "group_root")) { ! strcmp($row[6], "group_root")) {
$trusted = 1; $trusted = 1;
} }
$adminoff= $row[7];
} }
# #
...@@ -205,6 +207,8 @@ function CHECKLOGIN($uid) { ...@@ -205,6 +207,8 @@ function CHECKLOGIN($uid) {
$CHECKLOGIN_STATUS |= CHECKLOGIN_PSWDEXPIRED; $CHECKLOGIN_STATUS |= CHECKLOGIN_PSWDEXPIRED;
if ($admin) if ($admin)
$CHECKLOGIN_STATUS |= CHECKLOGIN_ISADMIN; $CHECKLOGIN_STATUS |= CHECKLOGIN_ISADMIN;
if ($adminoff)
$CHECKLOGIN_STATUS |= CHECKLOGIN_ADMINOFF;
if ($trusted) if ($trusted)
$CHECKLOGIN_STATUS |= CHECKLOGIN_TRUSTED; $CHECKLOGIN_STATUS |= CHECKLOGIN_TRUSTED;
if ($cvsweb) if ($cvsweb)
...@@ -256,7 +260,8 @@ function LOGGEDINORDIE($uid, $modifier = 0) { ...@@ -256,7 +260,8 @@ function LOGGEDINORDIE($uid, $modifier = 0) {
# Check other conditions. # Check other conditions.
# #
if ($status & CHECKLOGIN_PSWDEXPIRED) if ($status & CHECKLOGIN_PSWDEXPIRED)
USERERROR("Your password has expired. Please change it now!", 1); USERERROR("Your password has expired. ".
"<a href=moduserinfo.php3>Please change it now!</a>", 1);
if ($status & CHECKLOGIN_FROZEN) if ($status & CHECKLOGIN_FROZEN)
USERERROR("Your account has been frozen!", 1); USERERROR("Your account has been frozen!", 1);
if ($status & (CHECKLOGIN_UNVERIFIED|CHECKLOGIN_NEWUSER)) if ($status & (CHECKLOGIN_UNVERIFIED|CHECKLOGIN_NEWUSER))
...@@ -287,7 +292,7 @@ function ISADMIN($uid) { ...@@ -287,7 +292,7 @@ function ISADMIN($uid) {
TBERROR("ISADMIN: $uid is not logged in!", 1); TBERROR("ISADMIN: $uid is not logged in!", 1);
return (($CHECKLOGIN_STATUS & return (($CHECKLOGIN_STATUS &
(CHECKLOGIN_LOGGEDIN|CHECKLOGIN_ISADMIN)) == (CHECKLOGIN_LOGGEDIN|CHECKLOGIN_ISADMIN|CHECKLOGIN_ADMINOFF)) ==
(CHECKLOGIN_LOGGEDIN|CHECKLOGIN_ISADMIN)); (CHECKLOGIN_LOGGEDIN|CHECKLOGIN_ISADMIN));
} }
...@@ -369,6 +374,11 @@ function DOLOGIN($uid, $password) { ...@@ -369,6 +374,11 @@ function DOLOGIN($uid, $password) {
$timeout = time() + (60 * 60 * 24 * 32); $timeout = time() + (60 * 60 * 24 * 32);
setcookie($TBNAMECOOKIE, $uid, $timeout, "/", $TBAUTHDOMAIN, 0); setcookie($TBNAMECOOKIE, $uid, $timeout, "/", $TBAUTHDOMAIN, 0);
#
# Clear adminoff on new logins.
#
DBQueryFatal("update users set adminoff=0 where uid='$uid'");
return 0; return 0;
} }
# #
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment