Navigation

← Previous Changeset
Next Changeset →

Changeset 4696

Timestamp:

08/04/07 23:05:54 (1 year ago)

Author:

gregmac

Message:

Fix some logout issues, create separate views for logout and unauthorized

Files:

freepbx/branches/2.3/amp_conf/htdocs/admin/header_auth.php (modified) (2 diffs)
freepbx/branches/2.3/amp_conf/htdocs/admin/views/loggedout.php (added)
freepbx/branches/2.3/amp_conf/htdocs/admin/views/unauthorized.php (added)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

freepbx/branches/2.3/amp_conf/htdocs/admin/header_auth.php

r4690	r4696
13	13	// remove the user
14	14	unset($_SESSION['AMP_user']);
15		~~header('WWW-Authenticate: Basic realm="FreePBX '._('Administration').'"');~~
16		~~header('HTTP/1.0 401 Unauthorized');~~
17
18		~~// remove the ?logout in the url~~
19		~~header('Refresh: 0;'.$_SERVER['PHP_SELF']); // note, cannot do Location: because it changes the HTTP response code to 302~~
20	15
	16	// flag to prompt for pw again
	17	$_SESSION['logout'] = true;
	18
	19	showview('loggedout');
21	20	exit;
22	21	} else if (!isset($_SESSION['AMP_user']) && isset($_SERVER['PHP_AUTH_USER']) && isset($_SERVER['PHP_AUTH_PW'])) {
23		// not logged in, and have provided a user/pass
24		$_SESSION['AMP_user'] = new ampuser($_SERVER['PHP_AUTH_USER']);
25
26		if (!$_SESSION['AMP_user']->checkPassword($_SERVER['PHP_AUTH_PW'])) {
27		// failed, one last chance -- fallback to amportal.conf db admin user
28		if ( (count(getAmpAdminUsers()) == 0) && ($_SERVER['PHP_AUTH_USER'] == $amp_conf['AMPDBUSER'])
29		&& ($_SERVER['PHP_AUTH_PW'] == $amp_conf['AMPDBPASS'])) {
30
31		// password succesfully matched amportal.conf db admin user
32
33		// set admin access
34		$_SESSION['AMP_user']->setAdmin();
35		} else {
36		// password failed and admin user fall-back failed
37		unset($_SESSION['AMP_user']);
38		}
39		} // else, succesfully logged in
40		}
	22	if (isset($_SESSION['logout']) && $_SESSION['logout']) {
	23	// workaround for HTTP-auth - just tried to logout, don't allow a log in (with the same credentials)
	24	unset($_SESSION['logout']);
	25	// afterwards, this falls through to the !AMP_user check below, and sends 401 header, which causes the browser to re-prompt the user
	26	} else {
	27	// not logged in, and have provided a user/pass
	28	$_SESSION['AMP_user'] = new ampuser($_SERVER['PHP_AUTH_USER']);
	29
	30	if (!$_SESSION['AMP_user']->checkPassword($_SERVER['PHP_AUTH_PW'])) {
	31	// failed, one last chance -- fallback to amportal.conf db admin user
	32	if ( (count(getAmpAdminUsers()) == 0) && ($_SERVER['PHP_AUTH_USER'] == $amp_conf['AMPDBUSER'])
	33	&& ($_SERVER['PHP_AUTH_PW'] == $amp_conf['AMPDBPASS'])) {
	34
	35	// password succesfully matched amportal.conf db admin user
	36
	37	// set admin access
	38	$_SESSION['AMP_user']->setAdmin();
	39	} else {
	40	// password failed and admin user fall-back failed
	41	unset($_SESSION['AMP_user']);
	42	}
	43	} // else, succesfully logged in
	44	}
	45	}
41	46
42	47	if (!isset($_SESSION['AMP_user'])) {
…	…
44	49	header('WWW-Authenticate: Basic realm="FreePBX '._('Administration').'"');
45	50	header('HTTP/1.0 401 Unauthorized');
46		showview("~~noaccess~~");
	51	showview("unauthorized");
47	52	exit;
48	53	}

Navigation

Changeset 4696

Legend:

freepbx/branches/2.3/amp_conf/htdocs/admin/header_auth.php

Download in other formats:

Navigation

Downloads

Screenshots

Documentation

Training

Support

Community

About