Commit 3bca18fb authored by Leigh Stoller's avatar Leigh Stoller

More security hacking: Do not allow and random user from the internet

to logout any random user on the testbed; only logged in admin users
can do that now!
parent 754d8013
......@@ -73,8 +73,8 @@ freezeuser.php3
index.php3
joinproject.php3
loadimage.php3
login.php3
logout.php3
login.php3 X
logout.php3 X
menu.php3
menu.php3.java
modifyexp.php3
......@@ -146,7 +146,7 @@ start.php3
survey.php3
swapexp.php3
tbauth.php3
toggle.php
toggle.php X
top2image.php3
tutorial/docwrapper.php3 X
tutorial/tutorial.php3 X
......
<?php
#
# EMULAB-COPYRIGHT
# Copyright (c) 2000-2002 University of Utah and the Flux Group.
# Copyright (c) 2000-2003 University of Utah and the Flux Group.
# All rights reserved.
#
#
......@@ -12,28 +12,43 @@ require("defs.php3");
#
# This page gets loaded as the result of a logout click.
#
# $uid comes in as a variable.
# $uid optionally comes in as a variable so admins can logout other users.
#
if (isset($uid) && strcmp($uid, "")) {
DOLOGOUT($uid);
unset($uid);
#
# Zap the user back to the front page, in nonsecure mode.
#
header("Location: $TBBASE/");
return;
$target_uid = $_GET['target_uid'];
# Pedantic page argument checking. Good practice!
if (isset($target_uid) && $target_uid == "") {
PAGEARGERROR();
}
#
# Standard Testbed Header
#
PAGEHEADER("Logout");
# Get current login.
# Only admin users can logout someone other then themself.
$uid = GETLOGIN();
LOGGEDINORDIE($uid);
if (!isset($target_uid))
$target_uid = $uid;
if ($target_uid != $uid && !ISADMIN($uid)) {
PAGEHEADER("Logout");
echo "<center>
<h3>You do not have permission to logout '$target_uid'
</h3></center>\n";
PAGEFOOTER();
return;
}
echo "<center><h3>Logout attempt failed!</h3></center>\n";
if (DOLOGOUT($target_uid) != 0) {
PAGEHEADER("Logout");
echo "<center><h3>Logout '$target_uid' failed!</h3></center>\n";
PAGEFOOTER();
return;
}
#
# Standard Testbed Footer
# Success. Zap the user back to the front page, in nonsecure mode.
#
PAGEFOOTER();
header("Location: $TBBASE/");
?>
......@@ -362,7 +362,7 @@ function WRITESIDEBAR() {
if ($login_status & (CHECKLOGIN_LOGGEDIN|CHECKLOGIN_MAYBEVALID)) {
echo "<tr>";
echo "<td class=\"menufooter\" align=center valign=center>";
echo "<a href=\"$TBBASE/logout.php3?uid=$login_uid\">";
echo "<a href=\"$TBBASE/logout.php3?target_uid=$login_uid\">";
echo "<img alt=\"logoff\" border=0 ";
echo "src=\"$BASEPATH/logoff.gif\"></a>\n";
echo "</td></tr>\n";
......
......@@ -494,6 +494,11 @@ function VERIFYPASSWD($uid, $password) {
function DOLOGOUT($uid) {
global $TBDBNAME, $TBSECURECOOKIES, $CHECKLOGIN_STATUS;
# Pedantic check.
if (!TBvalid_uid($uid)) {
return 1;
}
$CHECKLOGIN_STATUS = CHECKLOGIN_NOTLOGGEDIN;
$query_result =
......@@ -501,7 +506,7 @@ function DOLOGOUT($uid) {
# Not logged in.
if (($row = mysql_fetch_array($query_result)) == 0) {
return 0;
return 1;
}
$hashkey = $row[hashkey];
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment