diff options
| author | Bill Marquette <billm@pfsense.org> | 2007-08-01 18:44:41 +0000 |
|---|---|---|
| committer | Bill Marquette <billm@pfsense.org> | 2007-08-01 18:44:41 +0000 |
| commit | 9c55515a26ca3cce52e1bc92bf60f79004453b04 (patch) | |
| tree | 1302e6fcf1a95735830a3c2c36f19cfa391c1f41 /etc | |
| parent | 6c038dc63c10d19cdde51c78239fe50dcc220dfb (diff) | |
| download | pfsense-9c55515a26ca3cce52e1bc92bf60f79004453b04.zip pfsense-9c55515a26ca3cce52e1bc92bf60f79004453b04.tar.gz | |
Users that have specific page access can now login
Diffstat (limited to 'etc')
| -rw-r--r-- | etc/inc/authgui.inc | 15 |
1 files changed, 10 insertions, 5 deletions
diff --git a/etc/inc/authgui.inc b/etc/inc/authgui.inc index f5f0a6c..0c9bd55 100644 --- a/etc/inc/authgui.inc +++ b/etc/inc/authgui.inc @@ -81,7 +81,7 @@ if ($_SESSION) { // Now, we give them access only to the appropriate pages for their group. if (!(isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER']))) { $allowed[] = ''; - if (isset($config['system']['group'][$groupindex[$config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['groupname']]]['pages'][0])) { + if (isset($config['system']['group'][$groupindex[$config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['groupname']]]['pages'])) { $allowed = &$config['system']['group'][$groupindex[$config['system']['user'][$userindex[$HTTP_SERVER_VARS['AUTH_USER']]]['groupname']]]['pages']; } @@ -94,16 +94,20 @@ if (!(isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER']))) { /* okay but if the user realy tries to explicitely access a particular * page, set $home to that page instead. */ - if (isset($_POST['scriptname']) && $_POST['scriptname'] <> "/" && $_POST['scriptname'] <> "/index.php") - $home = basename($_POST['scriptname']); + if (isset($_POST['scriptname']) && $_POST['scriptname'] <> "/" && $_POST['scriptname'] <> "/index.php") { + $home = str_replace('.php', '', basename($_POST['scriptname'])); + $pagereq = $home; + } // If the user is attempting to hit the default page, set it to specifically look for /index.php. // Without this, any user would have access to the index page. //if ($_SERVER['SCRIPT_NAME'] == '/') // $_SERVER['SCRIPT_NAME'] = $home; + if ($pagereq == "") + $pagereq = str_replace('.php', '', basename($_SERVER['SCRIPT_NAME'])); // Strip the leading / from the currently requested PHP page - if (!in_array(basename($_SERVER['SCRIPT_NAME']),$allowed) && !in_array("ANY", $allowed)) { + if (!in_array($pagereq,$allowed) && !in_array("ANY", $allowed)) { // The currently logged in user is not allowed to access the page // they are attempting to go to. Redirect them to an allowed page. @@ -112,7 +116,8 @@ if (!(isSystemAdmin($HTTP_SERVER_VARS['AUTH_USER']))) { exit; } - if ($home <> "" && (in_array($home, $allowed) || in_array("ANY", $allowed))) { + + if ($pagereq <> "" && (in_array($pagereq, $allowed) || in_array("ANY", $allowed))) { pfSenseHeader("{$home}"); exit; } else { |
