diff options
| author | artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2008-02-04 13:47:34 +0000 |
|---|---|---|
| committer | artem <artem@97f52cf1-0a1b-0410-bd0e-c28be96e8082> | 2008-02-04 13:47:34 +0000 |
| commit | 5b09df95f41c91dbbcfe8112c10ef6f5a297103b (patch) | |
| tree | c90a3b50eafec54454d352282bf43ce119f13a32 /frontends/php/include/perm.inc.php | |
| parent | dd34f50410dbf8ec37238b5a101c2610e5c808ac (diff) | |
| download | zabbix-5b09df95f41c91dbbcfe8112c10ef6f5a297103b.tar.gz zabbix-5b09df95f41c91dbbcfe8112c10ef6f5a297103b.tar.xz zabbix-5b09df95f41c91dbbcfe8112c10ef6f5a297103b.zip | |
- [DEV-103] fixed login right check for user "guest" (Artem)
git-svn-id: svn://svn.zabbix.com/trunk@5317 97f52cf1-0a1b-0410-bd0e-c28be96e8082
Diffstat (limited to 'frontends/php/include/perm.inc.php')
| -rw-r--r-- | frontends/php/include/perm.inc.php | 46 |
1 files changed, 24 insertions, 22 deletions
diff --git a/frontends/php/include/perm.inc.php b/frontends/php/include/perm.inc.php index 46afb302..300f1f03 100644 --- a/frontends/php/include/perm.inc.php +++ b/frontends/php/include/perm.inc.php @@ -46,40 +46,42 @@ $sessionid = get_cookie("zbx_sessionid"); - if( !is_null($sessionid)) + if(!is_null($sessionid)) { $login = $USER_DETAILS = DBfetch(DBselect('SELECT u.*,s.* FROM sessions s,users u'. ' WHERE s.sessionid='.zbx_dbstr($sessionid). ' AND s.userid=u.userid'. ' AND ((s.lastaccess+u.autologout>'.time().') OR (u.autologout=0))'. ' AND '.DBin_node('u.userid', $ZBX_LOCALNODEID))); - if($login){ - $login = (check_perm2login($USER_DETAILS['userid']) && check_perm2system($USER_DETAILS['userid'])); - } - - if(!$login){ - $USER_DETAILS = NULL; - - zbx_unsetcookie('zbx_sessionid'); - DBexecute("delete from sessions where sessionid=".zbx_dbstr($sessionid)); - unset($sessionid); - - $incorrect_session = true; - } - else{ - zbx_setcookie("zbx_sessionid",$sessionid); - DBexecute("update sessions set lastaccess=".time()." where sessionid=".zbx_dbstr($sessionid)); + if(!$USER_DETAILS){ + $incorect_session = true; } } if(!$USER_DETAILS){ - if(!($USER_DETAILS = DBfetch(DBselect('SELECT u.* FROM users u '. - ' WHERE u.alias='.zbx_dbstr(ZBX_GUEST_USER). - ' AND '.DBin_node('u.userid', $ZBX_LOCALNODEID))))) - { + $login = $USER_DETAILS = DBfetch(DBselect('SELECT u.* FROM users u '. + ' WHERE u.alias='.zbx_dbstr(ZBX_GUEST_USER). + ' AND '.DBin_node('u.userid', $ZBX_LOCALNODEID))); + if(!$USER_DETAILS){ $missed_user_guest = true; } } + + if($login){ + $login = (check_perm2login($USER_DETAILS['userid']) && check_perm2system($USER_DETAILS['userid'])); + } + + if(!$login){ + $USER_DETAILS = NULL; + + zbx_unsetcookie('zbx_sessionid'); + DBexecute("delete from sessions where sessionid=".zbx_dbstr($sessionid)); + unset($sessionid); + } + else{ + zbx_setcookie("zbx_sessionid",$sessionid); + DBexecute("update sessions set lastaccess=".time()." where sessionid=".zbx_dbstr($sessionid)); + } if($USER_DETAILS){ $USER_DETAILS['node'] = DBfetch(DBselect('select * from nodes where nodeid='.id2nodeid($USER_DETAILS['userid']))); @@ -100,7 +102,7 @@ "nodeid"=>0)); } - if(isset($incorrect_session) || isset($missed_user_guest)) + if(!$login || isset($incorrect_session) || isset($missed_user_guest)) { if(isset($incorrect_session)) $message = "Session was ended, please relogin!"; else if(isset($missed_user_guest)){ |