From bfea87fff2d41c97720970ac8ad4861cd743bf57 Mon Sep 17 00:00:00 2001 From: Matthew Grooms Date: Wed, 3 Sep 2008 17:52:15 +0000 Subject: Remove the page locking privileges after discussion with Scott on IRC. The feature was confusing and offered little utility that I could see. If we really need to provide serialized access to sections of the webui, IMO it should be a global lock option and enabled or disabled manually and not a privilege that is on all the time. --- etc/inc/auth.inc | 80 ------------------------------------------------- etc/inc/config.inc | 6 ---- etc/inc/priv.inc | 12 -------- etc/rc.initial.password | 6 ++-- 4 files changed, 2 insertions(+), 102 deletions(-) (limited to 'etc') diff --git a/etc/inc/auth.inc b/etc/inc/auth.inc index e9129cf..0d69505 100644 --- a/etc/inc/auth.inc +++ b/etc/inc/auth.inc @@ -814,9 +814,6 @@ function session_auth($backing) { else log_error("User logged out for user '{$_SESSION['Username']}' from: {$_SERVER['REMOTE_ADDR']}"); - if (hasPrivilegeLock($user)) - unlink_if_exists("{$g['tmp_path']}/webconfigurator.lock"); - /* wipe out $_SESSION */ $_SESSION = array(); @@ -840,34 +837,6 @@ function session_auth($backing) { } /* - * user wants to explicitely delete the lock file. - * Requires a particular privilege. - */ - if ($_GET['deletelock'] && hasPrivilegeLock($user)) { - unlink_if_exists("{$g['tmp_path']}/webconfigurator.lock"); - $HTTP_SERVER_VARS['AUTH_USER'] = $_SESSION['Username']; - return true; - } - - /* - * user wants to explicitely create a lock. - * Requires a particular privilege. - */ - if ($_GET['createlock'] && hasPrivilegeLock($user)) { - $fd = fopen("{$g['tmp_path']}/webconfigurator.lock", "w"); - fputs($fd, "{$_SERVER['REMOTE_ADDR']}.{$_SESSION['Username']}"); - fclose($fd); - - /* - * if the user did delete the lock manually, do not - * re-create it while the session is valide. - */ - $_SESSION['Lock_Created'] = "True"; - $HTTP_SERVER_VARS['AUTH_USER'] = $_SESSION['Username']; - return true; - } - - /* * this is for debugging purpose if you do not want to use Ajax * to submit a HTML form. It basically diables the observation * of the submit event and hence does not trigger Ajax. @@ -887,55 +856,6 @@ function session_auth($backing) { return true; } - /* - * is the user is allowed to create a lock - */ - if (hasPrivilegeLock($user)) { - - /* - * create a lock once per session - */ - if (!isset($_SESSION['Lock_Created'])) { - - $fd = fopen("{$g['tmp_path']}/webconfigurator.lock", "w"); - fputs($fd, "{$_SERVER['REMOTE_ADDR']}.{$_SESSION['Username']}"); - fclose($fd); - - /* - * if the user did delete the lock manually, do not - * re-create it while the session is valide. - */ - $_SESSION['Lock_Created'] = "True"; - } - - } else { - - /* - * give regular users a chance to automatically invalidate - * a lock if its older than a particular time. - */ - if (file_exists("{$g['tmp_path']}/webconfigurator.lock")) { - - $offset = 12; //hours - $mtime = filemtime("{$g['tmp_path']}/webconfigurator.lock"); - $now_minus_offset = mktime(date("H") - $offset, 0, 0, - date("m"), date("d"), date("Y")); - - if (($mtime - $now_minus_offset) < $mtime) { - require_once("authgui.inc"); - display_login_form(); - return false; - } - - /* - * file is older than mtime + offset which may - * indicate a stale lockfile, hence we are going - * to remove it. - */ - unlink_if_exists("{$g['tmp_path']}/webconfigurator.lock"); - } - } - $HTTP_SERVER_VARS['AUTH_USER'] = $_SESSION['Username']; return true; } diff --git a/etc/inc/config.inc b/etc/inc/config.inc index 56cea76..5a52611 100644 --- a/etc/inc/config.inc +++ b/etc/inc/config.inc @@ -1621,12 +1621,6 @@ endif; } foreach ($user['priv'] as $priv) { switch($priv['id']) { - case "lockwc": - $privs[] = "user-lock-webcfg"; - break; - case "lock-ipages": - $privs[] = "user-lock-ipages"; - break; case "hasshell": $privs[] = "user-shell-access"; break; diff --git a/etc/inc/priv.inc b/etc/inc/priv.inc index e03e160..89701aa 100644 --- a/etc/inc/priv.inc +++ b/etc/inc/priv.inc @@ -47,18 +47,6 @@ require_once("priv.defs.inc"); * USER PRIVILEGE DEFINITIONS */ -$priv_list['user-lock-webcfg'] = array(); -$priv_list['user-lock-webcfg']['name'] = "User - Locks webConfigurator"; -$priv_list['user-lock-webcfg']['descr'] = "Indicates whether the user will lock access to ". - "the webConfigurator for other users"; - -$priv_list['user-lock-ipages'] = array(); -$priv_list['user-lock-ipages']['name'] = "User - Locks individual pages"; -$priv_list['user-lock-ipages']['descr'] = "Indicates whether the user will lock individual ". - "HTML pages after having accessed a particular page". - "(the lock will be freed if the user leaves or ". - "saves the page form)."; - $priv_list['user-shell-access'] = array(); $priv_list['user-shell-access']['name'] = "User - Shell account access"; $priv_list['user-shell-access']['descr'] = "Indicates whether the user is able to login for ". diff --git a/etc/rc.initial.password b/etc/rc.initial.password index fd27b77..1c865d8 100755 --- a/etc/rc.initial.password +++ b/etc/rc.initial.password @@ -37,7 +37,7 @@ $fp = fopen('php://stdin', 'r'); echo "\n" . gettext(' -The webConfigurator password will be reset to the default (which is "' . strtolower($g['product_name']) . '").') . "\n" . +The webConfigurator admin password and privileges will be reset to the default (which is "' . strtolower($g['product_name']) . '").') . "\n" . gettext('Do you want to proceed [y|n]?'); if (strcasecmp(chop(fgets($fp)), "y") == 0) { @@ -53,9 +53,7 @@ The webConfigurator password will be reset to the default (which is "' . strtolo $admin_user['name'] = "admin"; $admin_user['scope'] = "system"; - - if (!is_array($admin_user['priv'])) - $admin_user['priv'] = explode(",", "user-lock-webcfg,user-lock-ipages,user-shell-access"); + $admin_user['priv'] = array("user-shell-access"); local_user_set_password($admin_user, strtolower($g['product_name'])); local_user_set($admin_user); -- cgit v1.1