Commit 186b419b authored by Leigh Stoller's avatar Leigh Stoller

Commit the admin on/off stuff, but mostly cause I have some other

changes that have to go in now!
parent 62b1ff17
<?php
include("defs.php3");
#
# No PAGEHEADER since we spit out a Location header later. See below.
#
#
# Only known and logged in users can do this.
#
# Note different test though, since we want to allow logged in
# users with expired passwords to change them.
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid);
#
# Admins can change status for other users.
#
if (!isset($target_uid)) {
$target_uid = $uid;
}
#
# We need to know the real admin permission of the current user.
#
if (! ($CHECKLOGIN_STATUS & CHECKLOGIN_ISADMIN)) {
USERERROR("You do not have permission to use this page!", 1);
}
if (!isset($adminoff) || ($adminoff != 0 && $adminoff != 1)) {
USERERROR("Improper arguments!", 1);
}
DBQueryFatal("update users set adminoff=$adminoff where uid='$target_uid'");
#
# Spit out a redirect
#
header("Location: $TBBASE/showuser.php3?target_uid=$target_uid");
?>
......@@ -75,7 +75,7 @@ function SPITFORM($uid, $key, $failed)
value=\"$uid\"
name=uid size=$TBDB_UIDLEN></td>
</tr>
<tr>
<tr>
<td>Password:</td>
<td><input type=password name=password size=12></td>
</tr>
......@@ -94,7 +94,7 @@ function SPITFORM($uid, $key, $failed)
#
# Do not bother if NOLOGINS!
#
if (NOLOGINS()) {
if (0 && NOLOGINS()) {
PAGEHEADER("Login");
echo "<center>
......
......@@ -110,7 +110,7 @@ function WRITESIDEBAR() {
$TBBASE,
"showuser.php3?target_uid=$login_uid");
if ($login_status & CHECKLOGIN_ISADMIN) {
if (ISADMIN($login_uid)) {
WRITESIDEBARBUTTON("New Project Approval",
$TBBASE, "approveproject_list.php3");
}
......@@ -128,7 +128,7 @@ function WRITESIDEBAR() {
WRITESIDEBARBUTTON("Project Information",
$TBBASE, "showproject_list.php3");
if ($login_status & CHECKLOGIN_ISADMIN) {
if (ISADMIN($login_uid)) {
WRITESIDEBARBUTTON("User List",
$TBBASE, "showuser_list.php3");
}
......
......@@ -333,6 +333,8 @@ function SHOWUSER($uid) {
$usr_title = $row[usr_title];
$usr_affil = $row[usr_affil];
$status = $row[status];
$admin = $row[admin];
$adminoff = $row[adminoff];
#
# Last Login info.
......@@ -405,6 +407,17 @@ function SHOWUSER($uid) {
<td>Status:</td>
<td>$status</td>
</tr>\n";
if ($admin) {
$onoff = ($adminoff ? "Off" : "On");
$flip = ($adminoff ? 0 : 1);
echo "<tr>
<td>Admin (on/off):</td>
<td>Yes
<a href=adminmode.php3?target_uid=$uid&adminoff=$flip>
($onoff)</td>
</tr>\n";
}
echo "<tr>
<td>Last Web Login:</td>
......
......@@ -34,6 +34,7 @@ define("CHECKLOGIN_FROZEN", 0x02000);
define("CHECKLOGIN_ISADMIN", 0x04000);
define("CHECKLOGIN_TRUSTED", 0x08000);
define("CHECKLOGIN_CVSWEB", 0x10000);
define("CHECKLOGIN_ADMINOFF", 0x20000);
#
# Generate a hash value suitable for authorization. We use the results of
......@@ -111,7 +112,7 @@ function CHECKLOGIN($uid) {
#
$query_result =
DBQueryFatal("select NOW()>=u.pswd_expires,l.hashkey,l.timeout, ".
" status,admin,cvsweb,g.trust ".
" status,admin,cvsweb,g.trust,adminoff ".
" from users as u ".
"left join login as l on l.uid=u.uid ".
"left join group_membership as g on g.uid=u.uid ".
......@@ -140,6 +141,7 @@ function CHECKLOGIN($uid) {
! strcmp($row[6], "group_root")) {
$trusted = 1;
}
$adminoff= $row[7];
}
#
......@@ -205,6 +207,8 @@ function CHECKLOGIN($uid) {
$CHECKLOGIN_STATUS |= CHECKLOGIN_PSWDEXPIRED;
if ($admin)
$CHECKLOGIN_STATUS |= CHECKLOGIN_ISADMIN;
if ($adminoff)
$CHECKLOGIN_STATUS |= CHECKLOGIN_ADMINOFF;
if ($trusted)
$CHECKLOGIN_STATUS |= CHECKLOGIN_TRUSTED;
if ($cvsweb)
......@@ -256,7 +260,8 @@ function LOGGEDINORDIE($uid, $modifier = 0) {
# Check other conditions.
#
if ($status & CHECKLOGIN_PSWDEXPIRED)
USERERROR("Your password has expired. Please change it now!", 1);
USERERROR("Your password has expired. ".
"<a href=moduserinfo.php3>Please change it now!</a>", 1);
if ($status & CHECKLOGIN_FROZEN)
USERERROR("Your account has been frozen!", 1);
if ($status & (CHECKLOGIN_UNVERIFIED|CHECKLOGIN_NEWUSER))
......@@ -287,7 +292,7 @@ function ISADMIN($uid) {
TBERROR("ISADMIN: $uid is not logged in!", 1);
return (($CHECKLOGIN_STATUS &
(CHECKLOGIN_LOGGEDIN|CHECKLOGIN_ISADMIN)) ==
(CHECKLOGIN_LOGGEDIN|CHECKLOGIN_ISADMIN|CHECKLOGIN_ADMINOFF)) ==
(CHECKLOGIN_LOGGEDIN|CHECKLOGIN_ISADMIN));
}
......@@ -369,6 +374,11 @@ function DOLOGIN($uid, $password) {
$timeout = time() + (60 * 60 * 24 * 32);
setcookie($TBNAMECOOKIE, $uid, $timeout, "/", $TBAUTHDOMAIN, 0);
#
# Clear adminoff on new logins.
#
DBQueryFatal("update users set adminoff=0 where uid='$uid'");
return 0;
}
#
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment