summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMatthew Grooms <mgrooms@pfsense.org>2008-09-03 20:33:06 +0000
committerMatthew Grooms <mgrooms@pfsense.org>2008-09-03 20:33:06 +0000
commitd97ab688619c0c7f9a831ffc7e39fc5d8f6f5be3 (patch)
tree20e1cb7fcc9d9e0652b0b3b2018fae67c8355305
parenta0d4c5da2928e852bf65a37be4c235c3694035f3 (diff)
downloadpfsense-d97ab688619c0c7f9a831ffc7e39fc5d8f6f5be3.zip
pfsense-d97ab688619c0c7f9a831ffc7e39fc5d8f6f5be3.tar.gz
Cleanup some of the authentication code. Fix the problem where you must
navigate away from the initial page twice to get somewhere. Remove some of the cruft that was no longer used. Don't unconditionally redirect a user to their homepage if another url was specified pre-login. This will allow admins to create bookmarks to specific pfsense webui pages.
-rw-r--r--etc/inc/authgui.inc57
-rw-r--r--usr/local/www/headjs.php28
2 files changed, 17 insertions, 68 deletions
diff --git a/etc/inc/authgui.inc b/etc/inc/authgui.inc
index e370250..6bec26c 100644
--- a/etc/inc/authgui.inc
+++ b/etc/inc/authgui.inc
@@ -47,6 +47,10 @@ require_once("functions.inc");
* pam_backed - this uses the system's PAM facility .htpasswd file
*/
+//log_error("debug: FILE_NAME = {$_SERVER['REQUEST_URI']}");
+//log_error("debug: FILE_NAME = {$_SERVER['SCRIPT_FILENAME']}");
+//log_error("debug: SCRIPT_NAME = {$_SERVER['SCRIPT_NAME']}");
+
/* enable correct auth backend, default to htpasswd_backed */
$ldapcase = $config['system']['webgui']['backend'];
switch($ldapcase)
@@ -66,18 +70,6 @@ if (!session_auth($backing_method))
exit;
/*
- * scriptname is set in headjs.php if the user tried to access
- * a page other than index.php without beeing logged in.
- *
- * NOTE : This doesn't make sense to me. -mgrooms
- */
-/* if (isset($_POST['scriptname']) && isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER'])) {
- * pfSenseHeader("{$_POST['scriptname']}");
- * exit;
- * }
- */
-
-/*
* Once here, the user has authenticated with the web server.
* We give them access only to the appropriate pages based on
* the user or group privileges.
@@ -85,32 +77,29 @@ if (!session_auth($backing_method))
getAllowedPages($HTTP_SERVER_VARS['AUTH_USER']);
/*
- * get the group homepage, to be able to forward
- * the user to this particular PHP page.
+ * get the user homepage
*/
$home = $config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['home'];
if (!$home)
$home = "/index.php";
/*
- * If the user tries to explicitly access a particular
- * page, set $home to that page instead.
+ * redirect to homepage if no url is specified
*/
-if (isset($_POST['scriptname']) &&
- $_POST['scriptname'] <> "/" && $_POST['scriptname'] <> "/index.php") {
- $home = str_replace('/', '', basename($_POST['scriptname']));
- $pagereq = $home;
+if ($_SERVER['REQUEST_URI'] == "/") {
+ pfSenseHeader($home);
+ exit;
}
/*
- * If the user is attempting to hit the default page, set it to
- * specifically look for /index.php. Without this, any user would
- * have access to the index page.
+ * redirect browsers post-login to avoid pages
+ * taking action in reponse to a POST request
*/
-if ($_SERVER['SCRIPT_NAME'] == '/')
- $_SERVER['SCRIPT_NAME'] = $home;
-if ($pagereq == "")
- $pagereq = str_replace('/', '', basename($_SERVER['SCRIPT_NAME']));
+if (!$_SESSION['Post_Login']) {
+ $_SESSION['Post_Login'] = true;
+ pfSenseHeader($_SERVER['REQUEST_URI']);
+ exit;
+}
/*
* determine if the user is allowed access to the requested page
@@ -132,18 +121,6 @@ if (!isAllowedPage($pagereq)) {
exit;
}
-if (isset($_SESSION['Logged_In'])) {
- /*
- * only forward if the user has just logged in
- * TODO: session auth based - may be an issue.
- */
- if ($_SERVER['SCRIPT_NAME'] <> $home && empty($_SESSION['First_Visit'])) {
- $_SESSION['First_Visit'] = "False";
- pfSenseHeader("{$home}");
- exit;
- }
-}
-
function display_error_form($http_code, $desc) {
global $config, $g;
$g['theme'] = $config['theme'];
@@ -256,7 +233,7 @@ function display_login_form() {
</head>
<body onload="page_load()">
<div id="login">
- <form id="iform" name="login_iform" method="post" autocomplete="off" action="<?= $_SERVER['SCRIPT_NAME'] ?>">
+ <form id="iform" name="login_iform" method="post" autocomplete="off" action="<?=$_SERVER['SCRIPT_NAME'];?>">
<h1></h1>
<div id="inputerrors"><?=$_SESSION['Login_Error'];?></div>
<p>
diff --git a/usr/local/www/headjs.php b/usr/local/www/headjs.php
index 59af195..2042429 100644
--- a/usr/local/www/headjs.php
+++ b/usr/local/www/headjs.php
@@ -80,34 +80,6 @@ function getHeadJS() {
$('cancelbutton').style.visibility = 'hidden';
$('loading').style.visibility = 'visible';
// submit the form using Ajax
- ";
-
-
- isset($HTTP_SERVER_VARS['AUTH_USER']) ? $scriptName = split("/", $_SERVER["SCRIPT_FILENAME"]) : $scriptName = split("/", "/index.php");
- isset($HTTP_SERVER_VARS['AUTH_USER']) ? $loggedin = "var isLoggedIn = true;" : $loggedin = "var isLoggedIn = false;";
- $scriptElms = count($scriptName);
- $scriptName = $scriptName[$scriptElms-1];
- $realScriptName = str_replace("/", "", $_SERVER["SCRIPT_NAME"]);
-
- $headjs .= "
- {$loggedin}
-
- if (! isLoggedIn) {
- var newInput = document.createElement('input');
- newInput.setAttribute('id', 'scriptname');
- newInput.setAttribute('name', 'scriptname');
- newInput.setAttribute('value', '{$realScriptName}');
- newInput.setAttribute('type', 'hidden');
-
- $('iform').appendChild(newInput);
- }
-
- new Ajax.Request('{$scriptName}', {
- method : 'post',
- parameters : Form.serialize($('iform')),
- onSuccess : formSubmitted,
- onFailure : formFailure
- });
}
function formSubmitted(resp) {
OpenPOWER on IntegriCloud