replacing the cli cmds with variables and configuration in config.php

[gwvp-mini.git] / gwvpmini / gwvpmini_auth.php

diff --git a/gwvpmini/gwvpmini_auth.php b/gwvpmini/gwvpmini_auth.php
index f54bd13..1e4d579 100644 (file)
--- a/gwvpmini/gwvpmini_auth.php
+++ b/gwvpmini/gwvpmini_auth.php
@@ -1,13 +1,13 @@
 <?php
 
-session_start();
+if($IS_WEB_REQUEST) session_start();
 
 $CALL_ME_FUNCTIONS["auth"] = "gwvpmini_AuthCallMe";\r
 
 function gwvpmini_AuthCallMe()\r
 {\r
 \r
-       error_log("in repoadmin callme");\r
+       //// error_log("in repoadmin callme");\r
        if(isset($_REQUEST["q"])) {\r
                $query = $_REQUEST["q"];\r
                $qspl = explode("/", $query);\r
@@ -88,6 +88,7 @@ function gwvpmini_isLoggedIn()
        
        if(isset($_SESSION)) {
                if(isset($_SESSION["username"])) {
+                       if(!gwvpmini_isUserEnabled($_SESSION["id"])) return false;
                        return true;
                }
        }
@@ -97,7 +98,7 @@ function gwvpmini_isLoggedIn()
 
 function gwvpmini_AskForBasicAuth()\r
 {
-       error_log("SEND BASIC AUTH");
+       // error_log("SEND BASIC AUTH");
        header_remove("Pragma");
        header_remove("Cache-Control");\r
        header_remove("Set-Cookie");
@@ -113,21 +114,24 @@ function gwvpmini_AskForBasicAuth()
 function gwvpmini_checkBasicAuthLogin()\r
 {\r
        $user = false;\r
-       $pass = false;\r
+       $pass = false;
+       
        if(isset($_SERVER["PHP_AUTH_USER"])) {\r
                $user = $_SERVER["PHP_AUTH_USER"];\r
        } else return false;\r
 \r
        if(isset($_SERVER["PHP_AUTH_PW"])) {\r
                $pass = $_SERVER["PHP_AUTH_PW"];\r
-       } else return false;\r
-\r
-       error_log("passing basic auth for $user, $pass to backend");\r
+       } else return false;
+       \r
+       // error_log("IN CHECK FOR BASIC AUTH: $user");\r
+       \r
+       // error_log("passing basic auth for $user, $pass to backend");\r
        $auth = gwvpmini_authUserPass($user, $pass);\r
        if($auth !== false) {\r
-               error_log("auth passes");\r
+               // error_log("auth passes");\r
        } else {\r
-               error_log("auth failes");\r
+               // error_log("auth failes");\r
        }\r
 \r
        return $auth;\r
@@ -155,13 +159,33 @@ function gwvpmini_authUserPass($user, $pass)
 {
        $details = gwvpmini_getUser($user);
        if($details == false) {
-               error_log("no user details for $user");
+               // error_log("no user details for $user");
                return false;
        }
        
+       if(!gwvpmini_isUserEnabled($details["id"])) return false;
+       
        if(sha1($pass)!=$details["password"]) return false;
        
        return $details["username"];
 }
 
+function gwvpmini_isUserEnabled($id=-1)
+{
+       if($id == -1) {\r
+               if(isset($_SESSION)) if(isset($_SESSION["id"])) $id = $_SESSION["id"];\r
+       }\r
+       \r
+       if($id == -1) return false;\r
+       \r
+       $lev_t = gwvpmini_getUser(null, null, $id);
+       
+       $lev = $lev_t["status"];\r
+       \r
+       if($lev == 0) return true;\r
+       \r
+       return false;\r
+       
+}
+
 ?>
\ No newline at end of file