Commit 86c0dc22 authored by Leigh Stoller's avatar Leigh Stoller

No longer allow deactivated users to log in, they have to contact

us to reactivate them first.
parent 2e5e5b00
...@@ -295,7 +295,8 @@ else { ...@@ -295,7 +295,8 @@ else {
SPITHEADER(); SPITHEADER();
echo "<h4> echo "<h4>
Your account has gone <b>inactive</b>. Please contact $TBMAILADDR Your account has gone <b>inactive</b> since it has been so
long since your last login. Please contact $TBMAILADDR
to have your account restored. <br> <br> to have your account restored. <br> <br>
Please do not attempt to login again; it will not work! Please do not attempt to login again; it will not work!
</h4>\n"; </h4>\n";
......
...@@ -472,6 +472,13 @@ function CheckLoginForAjax($route) ...@@ -472,6 +472,13 @@ function CheckLoginForAjax($route)
SPITAJAX_ERROR(222, "Your account is no longer active"); SPITAJAX_ERROR(222, "Your account is no longer active");
exit(1); exit(1);
} }
# Known user, but inactive.
if ($check_status & CHECKLOGIN_INACTIVE) {
SPITAJAX_ERROR(222, "Your account has gone inactive cause ".
"your last login was so long ago: " .
$this_user->weblogin_last());
exit(1);
}
} }
# Kludge, still thinking about it. If a geni user has no project # Kludge, still thinking about it. If a geni user has no project
# permissions at their SA, then we mark the acount as WEBONLY, and # permissions at their SA, then we mark the acount as WEBONLY, and
......
<?php <?php
# #
# Copyright (c) 2000-2014, 2016 University of Utah and the Flux Group. # Copyright (c) 2000-2017 University of Utah and the Flux Group.
# #
# {{{EMULAB-LICENSE # {{{EMULAB-LICENSE
# #
...@@ -267,7 +267,8 @@ else { ...@@ -267,7 +267,8 @@ else {
PAGEHEADER("Login", $view); PAGEHEADER("Login", $view);
echo "<h4> echo "<h4>
Your account has gone <b>inactive</b>. Please contact $TBMAILADDR Your account has gone <b>inactive</b> since it has been so
long since your last login. Please contact $TBMAILADDR
to have your account restored. <br> <br> to have your account restored. <br> <br>
Please do not attempt to login again; it will not work! Please do not attempt to login again; it will not work!
</h4>\n"; </h4>\n";
......
...@@ -346,6 +346,11 @@ function LoginStatus() { ...@@ -346,6 +346,11 @@ function LoginStatus() {
$CHECKLOGIN_STATUS = CHECKLOGIN_NOTLOGGEDIN; $CHECKLOGIN_STATUS = CHECKLOGIN_NOTLOGGEDIN;
return $CHECKLOGIN_STATUS; return $CHECKLOGIN_STATUS;
} }
if ($status == TBDB_USERSTATUS_INACTIVE) {
DBQueryFatal("DELETE FROM login WHERE uid_idx='$uid_idx'");
$CHECKLOGIN_STATUS = CHECKLOGIN_NOTLOGGEDIN;
return $CHECKLOGIN_STATUS;
}
# #
# Check for expired login. Remove this entry from the logins table to # Check for expired login. Remove this entry from the logins table to
...@@ -591,8 +596,8 @@ function CheckLoginConditions($status) ...@@ -591,8 +596,8 @@ function CheckLoginConditions($status)
USERERROR("Your account has been frozen!", USERERROR("Your account has been frozen!",
1, HTTP_403_FORBIDDEN); 1, HTTP_403_FORBIDDEN);
if ($status & CHECKLOGIN_INACTIVE) if ($status & CHECKLOGIN_INACTIVE)
USERERROR("Your account has gone inactive. ". USERERROR("Your account has gone inactive since your last login was ".
"Please contact $TBMAILADDR to restore it.", "so long ago. Please contact $TBMAILADDR to restore it.",
1, HTTP_403_FORBIDDEN); 1, HTTP_403_FORBIDDEN);
if ($status & (CHECKLOGIN_UNVERIFIED|CHECKLOGIN_NEWUSER)) if ($status & (CHECKLOGIN_UNVERIFIED|CHECKLOGIN_NEWUSER))
USERERROR("You have not verified your account yet!", USERERROR("You have not verified your account yet!",
...@@ -890,6 +895,7 @@ function DOLOGIN($token, $password, $adminmode = 0, $nopassword = 0) { ...@@ -890,6 +895,7 @@ function DOLOGIN($token, $password, $adminmode = 0, $nopassword = 0) {
$uid_idx = $user->uid_idx(); $uid_idx = $user->uid_idx();
$usr_email = $user->email(); $usr_email = $user->email();
$ga_userid = $user->ga_userid(); $ga_userid = $user->ga_userid();
$lastlogin = $user->weblogin_last();
# Check for frozen accounts. We do not update the IP record when # Check for frozen accounts. We do not update the IP record when
# an account is frozen. # an account is frozen.
...@@ -911,7 +917,11 @@ function DOLOGIN($token, $password, $adminmode = 0, $nopassword = 0) { ...@@ -911,7 +917,11 @@ function DOLOGIN($token, $password, $adminmode = 0, $nopassword = 0) {
"Web Login Freeze: '$uid'", "Web Login Freeze: '$uid'",
"Your login has been frozen because there were too many\n". "Your login has been frozen because there were too many\n".
"login failures from " . $_SERVER['REMOTE_ADDR'] . ".\n\n". "login failures from " . $_SERVER['REMOTE_ADDR'] . ".\n\n".
"Testbed Operations has been notified.\n", "Testbed Operations has been notified.\n".
(isset($PORTAL_GENESIS) ?
"Portal: $PORTAL_GENESIS" :
"Classic Interface") . "\n",
"From: $TBMAIL_OPS\n". "From: $TBMAIL_OPS\n".
"Cc: $TBMAIL_OPS\n". "Cc: $TBMAIL_OPS\n".
"Bcc: $TBMAIL_AUDIT\n". "Bcc: $TBMAIL_AUDIT\n".
...@@ -931,6 +941,18 @@ function DOLOGIN($token, $password, $adminmode = 0, $nopassword = 0) { ...@@ -931,6 +941,18 @@ function DOLOGIN($token, $password, $adminmode = 0, $nopassword = 0) {
# But inactive users need special handling. # But inactive users need special handling.
if ($user->status() == TBDB_USERSTATUS_INACTIVE) { if ($user->status() == TBDB_USERSTATUS_INACTIVE) {
if (1) {
TBMAIL($TBMAIL_OPS,
"Web Login Inactivity Alert: '$uid'",
"Login attempt by $uid ($uid_idx) after extended ".
"period of inactivity!\n".
"Login was denied, last activity was $lastlogin\n",
"From: $TBMAIL_OPS\n".
"Bcc: $TBMAIL_AUDIT\n".
"Errors-To: $TBMAIL_WWW");
return DOLOGIN_STATUS_INACTIVE;
}
# Try to reactivate the user. If we fail for some reason, fall # Try to reactivate the user. If we fail for some reason, fall
# back to just telling them they are inactive. Otherwise we can # back to just telling them they are inactive. Otherwise we can
# proceed with login. # proceed with login.
...@@ -998,7 +1020,9 @@ function DOLOGIN($token, $password, $adminmode = 0, $nopassword = 0) { ...@@ -998,7 +1020,9 @@ function DOLOGIN($token, $password, $adminmode = 0, $nopassword = 0) {
TBMAIL($TBMAIL_OPS, TBMAIL($TBMAIL_OPS,
"Web Login Freeze: '$IP'", "Web Login Freeze: '$IP'",
"Logins has been frozen because there were too many login\n". "Logins has been frozen because there were too many login\n".
"failures from $IP. Last attempted uid was '$token'.\n\n", "failures from $IP. Last attempted uid was '$token'.\n".
(isset($PORTAL_GENESIS) ?
"Portal: $PORTAL_GENESIS" : "Classic Interface") . "\n\n",
"From: $TBMAIL_OPS\n". "From: $TBMAIL_OPS\n".
"Bcc: $TBMAIL_AUDIT\n". "Bcc: $TBMAIL_AUDIT\n".
"Errors-To: $TBMAIL_WWW"); "Errors-To: $TBMAIL_WWW");
......
...@@ -30,6 +30,7 @@ $user_cache = array(); ...@@ -30,6 +30,7 @@ $user_cache = array();
class User class User
{ {
var $user; var $user;
var $stats;
var $tempdata; # For temporary data values ... var $tempdata; # For temporary data values ...
# #
...@@ -56,6 +57,16 @@ class User ...@@ -56,6 +57,16 @@ class User
return; return;
} }
$this->user = mysql_fetch_array($query_result); $this->user = mysql_fetch_array($query_result);
$query_result =
DBQueryWarn("select * from user_stats ".
"where uid_idx='$safe_uid_idx'");
if (!$query_result || !mysql_num_rows($query_result)) {
$this->user = NULL;
return;
}
$this->stats = mysql_fetch_array($query_result);
} }
# Hmm, how does one cause an error in a php constructor? # Hmm, how does one cause an error in a php constructor?
...@@ -294,6 +305,9 @@ class User ...@@ -294,6 +305,9 @@ class User
function field($name) { function field($name) {
return (is_null($this->user) ? -1 : $this->user[$name]); return (is_null($this->user) ? -1 : $this->user[$name]);
} }
function stats($name) {
return (is_null($this->stats) ? -1 : $this->stats[$name]);
}
function uid_idx() { return $this->field("uid_idx"); } function uid_idx() { return $this->field("uid_idx"); }
function idx() { return $this->field("uid_idx"); } function idx() { return $this->field("uid_idx"); }
function uid() { return $this->field("uid"); } function uid() { return $this->field("uid"); }
...@@ -346,6 +360,7 @@ class User ...@@ -346,6 +360,7 @@ class User
function wikionly() { return $this->field("wikionly"); } function wikionly() { return $this->field("wikionly"); }
function mailman_password() { return $this->field("mailman_password"); } function mailman_password() { return $this->field("mailman_password"); }
function nonlocal_id() { return $this->field("nonlocal_id"); } function nonlocal_id() { return $this->field("nonlocal_id"); }
function weblogin_last() { return $this->stats("weblogin_last"); }
function portal() { return $this->field("portal"); } function portal() { return $this->field("portal"); }
function ga_userid() { return $this->field("ga_userid"); } function ga_userid() { return $this->field("ga_userid"); }
function isAPT() { return ($this->portal() && function isAPT() { return ($this->portal() &&
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment