Commit 86c0dc22 authored by Leigh Stoller's avatar Leigh Stoller

No longer allow deactivated users to log in, they have to contact

us to reactivate them first.
parent 2e5e5b00
......@@ -295,7 +295,8 @@ else {
SPITHEADER();
echo "<h4>
Your account has gone <b>inactive</b>. Please contact $TBMAILADDR
Your account has gone <b>inactive</b> since it has been so
long since your last login. Please contact $TBMAILADDR
to have your account restored. <br> <br>
Please do not attempt to login again; it will not work!
</h4>\n";
......
......@@ -472,6 +472,13 @@ function CheckLoginForAjax($route)
SPITAJAX_ERROR(222, "Your account is no longer active");
exit(1);
}
# Known user, but inactive.
if ($check_status & CHECKLOGIN_INACTIVE) {
SPITAJAX_ERROR(222, "Your account has gone inactive cause ".
"your last login was so long ago: " .
$this_user->weblogin_last());
exit(1);
}
}
# Kludge, still thinking about it. If a geni user has no project
# permissions at their SA, then we mark the acount as WEBONLY, and
......
<?php
#
# Copyright (c) 2000-2014, 2016 University of Utah and the Flux Group.
# Copyright (c) 2000-2017 University of Utah and the Flux Group.
#
# {{{EMULAB-LICENSE
#
......@@ -267,7 +267,8 @@ else {
PAGEHEADER("Login", $view);
echo "<h4>
Your account has gone <b>inactive</b>. Please contact $TBMAILADDR
Your account has gone <b>inactive</b> since it has been so
long since your last login. Please contact $TBMAILADDR
to have your account restored. <br> <br>
Please do not attempt to login again; it will not work!
</h4>\n";
......
......@@ -346,6 +346,11 @@ function LoginStatus() {
$CHECKLOGIN_STATUS = CHECKLOGIN_NOTLOGGEDIN;
return $CHECKLOGIN_STATUS;
}
if ($status == TBDB_USERSTATUS_INACTIVE) {
DBQueryFatal("DELETE FROM login WHERE uid_idx='$uid_idx'");
$CHECKLOGIN_STATUS = CHECKLOGIN_NOTLOGGEDIN;
return $CHECKLOGIN_STATUS;
}
#
# Check for expired login. Remove this entry from the logins table to
......@@ -591,8 +596,8 @@ function CheckLoginConditions($status)
USERERROR("Your account has been frozen!",
1, HTTP_403_FORBIDDEN);
if ($status & CHECKLOGIN_INACTIVE)
USERERROR("Your account has gone inactive. ".
"Please contact $TBMAILADDR to restore it.",
USERERROR("Your account has gone inactive since your last login was ".
"so long ago. Please contact $TBMAILADDR to restore it.",
1, HTTP_403_FORBIDDEN);
if ($status & (CHECKLOGIN_UNVERIFIED|CHECKLOGIN_NEWUSER))
USERERROR("You have not verified your account yet!",
......@@ -890,6 +895,7 @@ function DOLOGIN($token, $password, $adminmode = 0, $nopassword = 0) {
$uid_idx = $user->uid_idx();
$usr_email = $user->email();
$ga_userid = $user->ga_userid();
$lastlogin = $user->weblogin_last();
# Check for frozen accounts. We do not update the IP record when
# an account is frozen.
......@@ -911,7 +917,11 @@ function DOLOGIN($token, $password, $adminmode = 0, $nopassword = 0) {
"Web Login Freeze: '$uid'",
"Your login has been frozen because there were too many\n".
"login failures from " . $_SERVER['REMOTE_ADDR'] . ".\n\n".
"Testbed Operations has been notified.\n",
"Testbed Operations has been notified.\n".
(isset($PORTAL_GENESIS) ?
"Portal: $PORTAL_GENESIS" :
"Classic Interface") . "\n",
"From: $TBMAIL_OPS\n".
"Cc: $TBMAIL_OPS\n".
"Bcc: $TBMAIL_AUDIT\n".
......@@ -931,6 +941,18 @@ function DOLOGIN($token, $password, $adminmode = 0, $nopassword = 0) {
# But inactive users need special handling.
if ($user->status() == TBDB_USERSTATUS_INACTIVE) {
if (1) {
TBMAIL($TBMAIL_OPS,
"Web Login Inactivity Alert: '$uid'",
"Login attempt by $uid ($uid_idx) after extended ".
"period of inactivity!\n".
"Login was denied, last activity was $lastlogin\n",
"From: $TBMAIL_OPS\n".
"Bcc: $TBMAIL_AUDIT\n".
"Errors-To: $TBMAIL_WWW");
return DOLOGIN_STATUS_INACTIVE;
}
# Try to reactivate the user. If we fail for some reason, fall
# back to just telling them they are inactive. Otherwise we can
# proceed with login.
......@@ -998,7 +1020,9 @@ function DOLOGIN($token, $password, $adminmode = 0, $nopassword = 0) {
TBMAIL($TBMAIL_OPS,
"Web Login Freeze: '$IP'",
"Logins has been frozen because there were too many login\n".
"failures from $IP. Last attempted uid was '$token'.\n\n",
"failures from $IP. Last attempted uid was '$token'.\n".
(isset($PORTAL_GENESIS) ?
"Portal: $PORTAL_GENESIS" : "Classic Interface") . "\n\n",
"From: $TBMAIL_OPS\n".
"Bcc: $TBMAIL_AUDIT\n".
"Errors-To: $TBMAIL_WWW");
......
......@@ -30,6 +30,7 @@ $user_cache = array();
class User
{
var $user;
var $stats;
var $tempdata; # For temporary data values ...
#
......@@ -56,6 +57,16 @@ class User
return;
}
$this->user = mysql_fetch_array($query_result);
$query_result =
DBQueryWarn("select * from user_stats ".
"where uid_idx='$safe_uid_idx'");
if (!$query_result || !mysql_num_rows($query_result)) {
$this->user = NULL;
return;
}
$this->stats = mysql_fetch_array($query_result);
}
# Hmm, how does one cause an error in a php constructor?
......@@ -294,6 +305,9 @@ class User
function field($name) {
return (is_null($this->user) ? -1 : $this->user[$name]);
}
function stats($name) {
return (is_null($this->stats) ? -1 : $this->stats[$name]);
}
function uid_idx() { return $this->field("uid_idx"); }
function idx() { return $this->field("uid_idx"); }
function uid() { return $this->field("uid"); }
......@@ -346,6 +360,7 @@ class User
function wikionly() { return $this->field("wikionly"); }
function mailman_password() { return $this->field("mailman_password"); }
function nonlocal_id() { return $this->field("nonlocal_id"); }
function weblogin_last() { return $this->stats("weblogin_last"); }
function portal() { return $this->field("portal"); }
function ga_userid() { return $this->field("ga_userid"); }
function isAPT() { return ($this->portal() &&
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment