function gwvpmini_AuthCallMe()\r
{\r
\r
- error_log("in repoadmin callme");\r
+ //error_log("in repoadmin callme");\r
if(isset($_REQUEST["q"])) {\r
$query = $_REQUEST["q"];\r
$qspl = explode("/", $query);\r
if(isset($_SESSION)) {
if(isset($_SESSION["username"])) {
+ if(!gwvpmini_isUserEnabled($_SESSION["id"])) return false;
return true;
}
}
function gwvpmini_checkBasicAuthLogin()\r
{\r
$user = false;\r
- $pass = false;\r
+ $pass = false;
+
if(isset($_SERVER["PHP_AUTH_USER"])) {\r
$user = $_SERVER["PHP_AUTH_USER"];\r
} else return false;\r
\r
if(isset($_SERVER["PHP_AUTH_PW"])) {\r
$pass = $_SERVER["PHP_AUTH_PW"];\r
- } else return false;\r
-\r
+ } else return false;
+ \r
+ error_log("IN CHECK FOR BASIC AUTH: $user");\r
+ \r
error_log("passing basic auth for $user, $pass to backend");\r
$auth = gwvpmini_authUserPass($user, $pass);\r
if($auth !== false) {\r
return false;
}
+ if(!gwvpmini_isUserEnabled($details["id"])) return false;
+
if(sha1($pass)!=$details["password"]) return false;
return $details["username"];
}
+function gwvpmini_isUserEnabled($id=-1)
+{
+ if($id == -1) {\r
+ if(isset($_SESSION)) if(isset($_SESSION["id"])) $id = $_SESSION["id"];\r
+ }\r
+ \r
+ if($id == -1) return false;\r
+ \r
+ $lev_t = gwvpmini_getUser(null, null, $id);
+
+ $lev = $lev_t["status"];\r
+ \r
+ if($lev == 0) return true;\r
+ \r
+ return false;\r
+
+}
+
?>
\ No newline at end of file