Commit the admin on/off stuff, but mostly cause I have some other

changes that have to go in now!

www/adminmode.php3

+<?php
+include("defs.php3");
+
+#
+# No PAGEHEADER since we spit out a Location header later. See below.
+# 
+
+#
+# Only known and logged in users can do this.
+#
+# Note different test though, since we want to allow logged in
+# users with expired passwords to change them.
+#
+$uid = GETLOGIN();
+LOGGEDINORDIE($uid);
+
+#
+# Admins can change status for other users.
+#
+if (!isset($target_uid)) {
+    $target_uid = $uid;
+}
+
+#
+# We need to know the real admin permission of the current user.
+#
+if (! ($CHECKLOGIN_STATUS & CHECKLOGIN_ISADMIN)) {
+    USERERROR("You do not have permission to use this page!", 1);
+}
+
+if (!isset($adminoff) || ($adminoff != 0 && $adminoff != 1)) {
+    USERERROR("Improper arguments!", 1);
+}
+
+DBQueryFatal("update users set adminoff=$adminoff where uid='$target_uid'");
+
+#
+# Spit out a redirect 
+# 
+header("Location: $TBBASE/showuser.php3?target_uid=$target_uid");
+
+?>

www/login.php3

@@ -94,7 +94,7 @@ function SPITFORM($uid, $key, $failed)
 #
 # Do not bother if NOLOGINS!
 #
-if (NOLOGINS()) {
+if (0 && NOLOGINS()) {
     PAGEHEADER("Login");
 	    
     echo "<center>

www/menu.php3

@@ -110,7 +110,7 @@ function WRITESIDEBAR() {
 				   $TBBASE,
 				   "showuser.php3?target_uid=$login_uid");
 	    
-		if ($login_status & CHECKLOGIN_ISADMIN) {
+		if (ISADMIN($login_uid)) {
 		    WRITESIDEBARBUTTON("New Project Approval",
 				       $TBBASE, "approveproject_list.php3");
 		}
@@ -128,7 +128,7 @@ function WRITESIDEBAR() {
 		WRITESIDEBARBUTTON("Project Information",
 				   $TBBASE, "showproject_list.php3");
 	    
-		if ($login_status & CHECKLOGIN_ISADMIN) {
+		if (ISADMIN($login_uid)) {
 		    WRITESIDEBARBUTTON("User List",
 				       $TBBASE, "showuser_list.php3");
 		}

www/showstuff.php3

@@ -333,6 +333,8 @@ function SHOWUSER($uid) {
     $usr_title   = $row[usr_title];
     $usr_affil   = $row[usr_affil];
     $status      = $row[status];
+    $admin       = $row[admin];
+    $adminoff    = $row[adminoff];
 
     #
     # Last Login info.
@@ -406,6 +408,17 @@ function SHOWUSER($uid) {
               <td>$status</td>
           </tr>\n";
 
+    if ($admin) {
+	$onoff = ($adminoff ? "Off" : "On");
+	$flip  = ($adminoff ? 0 : 1);
+	echo "<tr>
+                  <td>Admin (on/off):</td>
+                  <td>Yes
+                      <a href=adminmode.php3?target_uid=$uid&adminoff=$flip>
+                         ($onoff)</td>
+              </tr>\n";
+    }
+    
     echo "<tr>
               <td>Last Web Login:</td>
               <td>$lastweblogin</td>

www/tbauth.php3

@@ -34,6 +34,7 @@ define("CHECKLOGIN_FROZEN",		0x02000);
 define("CHECKLOGIN_ISADMIN",		0x04000);
 define("CHECKLOGIN_TRUSTED",		0x08000);
 define("CHECKLOGIN_CVSWEB",		0x10000);
+define("CHECKLOGIN_ADMINOFF",		0x20000);
 
 #
 # Generate a hash value suitable for authorization. We use the results of
@@ -111,7 +112,7 @@ function CHECKLOGIN($uid) {
     # 
     $query_result =
 	DBQueryFatal("select NOW()>=u.pswd_expires,l.hashkey,l.timeout, ".
-		     "       status,admin,cvsweb,g.trust ".
+		     "       status,admin,cvsweb,g.trust,adminoff ".
 		     " from users as u ".
 		     "left join login as l on l.uid=u.uid ".
 		     "left join group_membership as g on g.uid=u.uid ".
@@ -140,6 +141,7 @@ function CHECKLOGIN($uid) {
 	    ! strcmp($row[6], "group_root")) {
 	    $trusted = 1;
 	}
+	$adminoff= $row[7];
     }
 
     #
@@ -205,6 +207,8 @@ function CHECKLOGIN($uid) {
 	$CHECKLOGIN_STATUS |= CHECKLOGIN_PSWDEXPIRED;
     if ($admin)
 	$CHECKLOGIN_STATUS |= CHECKLOGIN_ISADMIN;
+    if ($adminoff)
+	$CHECKLOGIN_STATUS |= CHECKLOGIN_ADMINOFF;
     if ($trusted)
 	$CHECKLOGIN_STATUS |= CHECKLOGIN_TRUSTED;
     if ($cvsweb)
@@ -256,7 +260,8 @@ function LOGGEDINORDIE($uid, $modifier = 0) {
     # Check other conditions.
     #
     if ($status & CHECKLOGIN_PSWDEXPIRED)
-        USERERROR("Your password has expired. Please change it now!", 1);
+        USERERROR("Your password has expired. ".
+		  "<a href=moduserinfo.php3>Please change it now!</a>", 1);
     if ($status & CHECKLOGIN_FROZEN)
         USERERROR("Your account has been frozen!", 1);
     if ($status & (CHECKLOGIN_UNVERIFIED|CHECKLOGIN_NEWUSER))
@@ -287,7 +292,7 @@ function ISADMIN($uid) {
 	TBERROR("ISADMIN: $uid is not logged in!", 1);
 
     return (($CHECKLOGIN_STATUS &
-	     (CHECKLOGIN_LOGGEDIN|CHECKLOGIN_ISADMIN)) ==
+	     (CHECKLOGIN_LOGGEDIN|CHECKLOGIN_ISADMIN|CHECKLOGIN_ADMINOFF)) ==
 	    (CHECKLOGIN_LOGGEDIN|CHECKLOGIN_ISADMIN));
 }
 
@@ -369,6 +374,11 @@ function DOLOGIN($uid, $password) {
 	$timeout = time() + (60 * 60 * 24 * 32);
 	setcookie($TBNAMECOOKIE, $uid, $timeout, "/", $TBAUTHDOMAIN, 0);
 
+	#
+	# Clear adminoff on new logins.
+	#
+	DBQueryFatal("update users set adminoff=0 where uid='$uid'");
+
 	return 0;
     }
     #