1. 07 Jul, 2002 1 commit
  2. 29 May, 2002 1 commit
    • Leigh Stoller's avatar
      A couple of small changes to prevent the "No Data" errors that · 86c0ffa5
      Leigh Stoller authored
      netscape gives when logged in using another browser. Most of the
      problems stems from the desire to allow users to refer to the main
      page in http mode even when logged in. I want to draw the menu as if
      logged in, but have the actual pages demand https mode. I'm also
      trying to catch the case where users have turned off cookies. I think
      Mac's idea is the way to go, but I don't want to mess with it right
      now. These changes will avoid the worst problem.
      86c0ffa5
  3. 22 May, 2002 1 commit
    • Leigh Stoller's avatar
      A large set of authorization changes. · d2360b6d
      Leigh Stoller authored
      * Cleanup! A lot of the structure derived from the early frame days,
        which had a noticable (and bad) effect on how I wrote the stuff.  I
        cleaned up most of that yuckyness.
      
      * In process, optimize a little bit on the queries. The old code did
        about 9 queries just to write out the menu options, and then
        repeated most of those queries again in the page guts. I've
        consolidated the queries as much as possible (to 3) and cache all
        the results.
      
      * Fix up problem with users who forget their passwords before
        verification. Basically, I fixed the more general problem of not
        being able to update your user info before verification/approval;
        users now get that menu option no matter their status.
      
      * Fix up problem of users being able to access pages before
        verification (but after approval) by going around the menu options.
        The page level check (after the menu is drawn) now checks all
        conditions (password expired, unverified, unapproved, timedout, and
        also nologins()).
      
      * Minor change in approveuser; do not show the new account to the
        project leader until the new user has verified his account.
      
      * Change verification method, as reqwuested by Dave.  In addition to
        providing the key, also provide a web link to take the user straight
        to verification. I actually take them direct to the login page, and
        pass the key in as an argument. If the user is already logged in,
        bypass and go directly to the verify page (not the form page of
        course).  If the user is not logged in, let him log in, and then
        forward the key onward to the verify page. Basically, bypass the
        form all the time, and just do the verification.
      
      * Minor change in showuser; Do not show pid/groups not approved in,
        and if the count is zero, do not draw the table headings.
      d2360b6d
  4. 10 Dec, 2001 1 commit
  5. 15 May, 2001 1 commit
  6. 18 Apr, 2001 1 commit
  7. 15 Mar, 2001 1 commit