Changeset 1385

Show
Ignore:
Timestamp:
12/06/07 12:20:00 (9 months ago)
Author:
rho
Message:

patch #192, improve require_login function

Signed-off: Rolando Espinoza La fuente <rho@prosoftpeople.com>

Files:

Legend:

Unmodified
Added
Removed
Modified
Copied
Moved

  • devel/lib/elgglib.php

    r1339 r1385  
    34153415 
    34163416/** 
    3417  * elgg doesn't have a 'login' page yet, but it will so this can stay here for now 
    3418  */ 
    3419 function require_login() { 
    3420     global $USER, $SESSION,$FULLME; 
     3417 * Require login, if not logged redirect to login page and set return url 
     3418 * 
     3419 * @param string $flag required user's flag 
     3420 * @param mixed $required_uid require user id on array of user's id 
     3421 */ 
     3422function require_login($user_flag=null, $required_uid=null) { 
     3423    global $USER, $SESSION,$FULLME,$CFG, $messages; 
    34213424     
    34223425    // Check to see if there's a persistent cookie 
     
    34243427     
    34253428    // First check that the user is logged in to the site. 
    3426     if (empty($USER->loggedin) || $USER->site != $CFG->wwwroot) { 
    3427         $SESSION->wantsurl = $FULLME; 
    3428         if (!empty($_SERVER['HTTP_REFERER'])) { 
    3429             $SESSION->fromurl  = $_SERVER['HTTP_REFERER']; 
    3430         } 
    3431         $USER = NULL; 
    3432         redirect($CFG->wwwroot .'login/index.php'); 
    3433         exit; 
     3429    if (!isloggedin()) { 
     3430        // back to this page 
     3431        $_SESSION['redirect_url'] = $_SERVER['REQUEST_URI']; 
     3432        header_redirect($CFG->wwwroot . 'login/index.php', __gettext('You need to log in to see this page.')); 
     3433    } 
     3434 
     3435    // check for required uid's, if not admin 
     3436    if (isset($required_uid) && !isadmin() 
     3437        && ((is_array($required_uid) && !in_array($_SERVER['userid'], $required_uid)) 
     3438            || $_SESSION['userid'] == $required_uid)) 
     3439    { 
     3440        header_redirect($CFG->wwwroot . $USER->username, __gettext("Sorry, but you don't have access to this page.")); 
     3441    } 
     3442 
     3443    // Check user's flag 
     3444    if (isset($user_flag) && !isadmin() && !user_flag_get($user_flag, $_SESSION['userid'])) { 
     3445        header_redirect($CFG->wwwroot . $USER->username, __gettext("Sorry, but you don't have access to this page.")); 
    34343446    } 
    34353447 
     
    34463458    return true; 
    34473459} 
     3460 
     3461/** 
     3462 * Redirects to other url using header() function 
     3463 * 
     3464 * @param string $url url to redirect 
     3465 * @param string $message optional message 
     3466 * @param string $status http status 
     3467 */ 
     3468function header_redirect($url, $message=null, $status=null) { 
     3469    global $messages; 
     3470    // add message 
     3471    if (isset($messages)) { 
     3472        $messages[] = $message; 
     3473    } 
     3474    // save messages 
     3475    $_SESSION['messages'] = $messages; 
     3476 
     3477    // echo status code 
     3478    switch ($status) { 
     3479        case '301': 
     3480        case 'permanent': 
     3481            header('HTTP/1.1 301 Moved Permanently'); 
     3482            break; 
     3483        case '403': 
     3484        case 'denied': 
     3485            header('HTTP/1.0 404 Not Found'); 
     3486            break; 
     3487        case '404': 
     3488        case 'notfound': 
     3489            header('HTTP/1.1 403 Access Denied'); 
     3490            break; 
     3491    } 
     3492    // redirect and exit 
     3493    header('Location: ' . $url); 
     3494    exit(); 
     3495} 
     3496 
    34483497 
    34493498 

  • devel/login/index.php

    r1307 r1385  
    3636            $messages[] = __gettext("The password for this account is extremely insecure and represents a major security risk. You should change it immediately."); 
    3737        } 
    38         define('redirect_url', $redirect_url); 
    39         $_SESSION['messages'] = $messages; 
    40         header("Location: " . redirect_url); 
    41         exit; 
     38 
     39        // override with redirect_url in session 
     40        if (isset($_SESSION['redirect_url'])) { 
     41            define('redirect_url', $_SESSION['redirect_url']); 
     42            unset($_SESSION['redirect_url']); 
     43        } else { 
     44            define('redirect_url', $redirect_url); 
     45        } 
     46        header_redirect(redirect_url); 
    4247    } else { 
    4348        $messages[] = __gettext("Unrecognised username or password. The system could not log you on, or you may not have activated your account.");