Commit d0f46edb authored by Leigh Stoller's avatar Leigh Stoller

Tighten up the permission stuff; do not let a webonly user access any

protected page except those that are explicitly deemed okay for a
webonly user. This makes me feel better and safer!
parent fba9a0a6
......@@ -15,7 +15,7 @@ include("showstuff.php3");
# Only known and logged in users can do this.
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid, CHECKLOGIN_USERSTATUS);
LOGGEDINORDIE($uid, CHECKLOGIN_USERSTATUS|CHECKLOGIN_WEBONLY);
$isadmin = ISADMIN($uid);
#
......
......@@ -15,7 +15,7 @@ include("showstuff.php3");
# Only known and logged in users can do this.
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid);
LOGGEDINORDIE($uid, CHECKLOGIN_USERSTATUS|CHECKLOGIN_WEBONLY);
$isadmin = ISADMIN($uid);
#
......
......@@ -22,7 +22,7 @@ $uid = GETLOGIN();
if ($uid) {
# Allow unapproved users to join multiple groups ...
# Must be verified though.
LOGGEDINORDIE($uid, CHECKLOGIN_UNAPPROVED);
LOGGEDINORDIE($uid, CHECKLOGIN_UNAPPROVED|CHECKLOGIN_WEBONLY);
$joining_uid = $uid;
$returning = 1;
}
......
......@@ -20,7 +20,8 @@ $changed_password = "No";
# users with expired passwords to change them.
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid, CHECKLOGIN_USERSTATUS|CHECKLOGIN_PSWDEXPIRED);
LOGGEDINORDIE($uid,
CHECKLOGIN_USERSTATUS|CHECKLOGIN_PSWDEXPIRED|CHECKLOGIN_WEBONLY);
$isadmin = ISADMIN($uid);
#
......
......@@ -23,7 +23,7 @@ $uid = GETLOGIN();
if ($uid) {
# Allow unapproved users to create multiple projects ...
# Must be verified though.
LOGGEDINORDIE($uid, CHECKLOGIN_UNAPPROVED);
LOGGEDINORDIE($uid, CHECKLOGIN_UNAPPROVED|CHECKLOGIN_WEBONLY);
$proj_head_uid = $uid;
$returning = 1;
}
......
......@@ -11,7 +11,7 @@ include("showstuff.php3");
# Only known and logged in users can do this.
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid, CHECKLOGIN_USERSTATUS);
LOGGEDINORDIE($uid, CHECKLOGIN_USERSTATUS|CHECKLOGIN_WEBONLY);
$isadmin = ISADMIN($uid);
#
......
......@@ -11,7 +11,7 @@ include("showstuff.php3");
# Only known and logged in users can do this.
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid);
LOGGEDINORDIE($uid, CHECKLOGIN_USERSTATUS|CHECKLOGIN_WEBONLY);
$isadmin = ISADMIN($uid);
#
......
......@@ -11,8 +11,7 @@ include("showstuff.php3");
# Only known and logged in users can do this.
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid, CHECKLOGIN_UNAPPROVED);
LOGGEDINORDIE($uid, CHECKLOGIN_USERSTATUS|CHECKLOGIN_WEBONLY);
$isadmin = ISADMIN($uid);
#
......
......@@ -286,6 +286,8 @@ function LOGGEDINORDIE($uid, $modifier = 0) {
USERERROR("You have not verified your account yet!", 1);
if ($status & CHECKLOGIN_UNAPPROVED)
USERERROR("Your account has not been approved yet!", 1);
if ($status & CHECKLOGIN_WEBONLY)
USERERROR("Your account does not permit you to access this page!", 1);
#
# Lastly, check for nologins here. This heads off a bunch of other
......
......@@ -15,7 +15,8 @@ PAGEHEADER("Confirm Verification");
# Only known and logged in users can be verified.
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid, CHECKLOGIN_UNVERIFIED|CHECKLOGIN_NEWUSER);
LOGGEDINORDIE($uid,
CHECKLOGIN_UNVERIFIED|CHECKLOGIN_NEWUSER|CHECKLOGIN_WEBONLY);
#
# Must provide the key!
......
......@@ -15,7 +15,8 @@ PAGEHEADER("New User Verification");
# Only known and logged in users can be verified.
#
$uid = GETLOGIN();
LOGGEDINORDIE($uid, CHECKLOGIN_UNVERIFIED|CHECKLOGIN_NEWUSER);
LOGGEDINORDIE($uid,
CHECKLOGIN_UNVERIFIED|CHECKLOGIN_NEWUSER|CHECKLOGIN_WEBONLY);
echo "<p>
The purpose of this page is to verify, for security purposes, that
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment