Commit bb2b0e56 authored by Leigh Stoller's avatar Leigh Stoller

Need to add in the call to CheckLoginOrDie() to catch other illegal

logins like unapproved user, expired password, etc. Needs some work
though, since the auth code is not branded, and so the links are wrong.
Will do that next, but want to get this in right away.
parent 7cc04178
......@@ -33,14 +33,16 @@ $page_title = "Instantiate a Profile";
$dblink = GetDBLink("sa");
#
# Get current user but make sure coming in on SSL.
# Get current user but make sure coming in on SSL. Guest users allowed
# via APT Portal.
#
RedirectSecure();
$this_user = CheckLogin($check_status);
if ($ISCLOUD) {
if (! ($CHECKLOGIN_STATUS & CHECKLOGIN_LOGGEDIN)) {
header("Location: login.php");
}
if (isset($this_user)) {
CheckLoginOrDie();
}
elseif ($ISCLOUD) {
header("Location: login.php");
}
#
......
......@@ -742,6 +742,8 @@ function CheckLoginOrRedirect()
if (! ($check_status & CHECKLOGIN_LOGGEDIN)) {
RedirectLoginPage();
}
# Catch other illegal login issues.
CheckLoginOrDie();
return $this_user;
}
......
......@@ -134,6 +134,11 @@ function CheckLoginForAjax($guestokay = false)
SPITAJAX_ERROR(2, "Your login has timed out");
exit(2);
}
# Known user, but not approved.
if ($check_status & CHECKLOGIN_UNAPPROVED) {
SPITAJAX_ERROR(2, "Your account has not been approved yet");
exit(2);
}
# Logged in user always okay.
if (isset($this_user)) {
if ($check_status & CHECKLOGIN_MAYBEVALID) {
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment