forked from science-ation/science-ation
Remember the page for password changes too, and take them there
This commit is contained in:
parent
54fe3bf509
commit
ed6879754d
10
user.inc.php
10
user.inc.php
@ -795,6 +795,8 @@ function user_valid_email($str)
|
||||
function user_auth_required($type, $access='')
|
||||
{
|
||||
global $config;
|
||||
|
||||
unset($_SESSION['request_uri']);
|
||||
if(!isset($_SESSION['users_type'])) {
|
||||
message_push(error(i18n("You must login to view that page")));
|
||||
$_SESSION['request_uri'] = $_SERVER['REQUEST_URI'];
|
||||
@ -802,8 +804,10 @@ function user_auth_required($type, $access='')
|
||||
exit;
|
||||
}
|
||||
|
||||
/* Turn $type into an array */
|
||||
if(!is_array($type)) $type = array($type);
|
||||
|
||||
/* Iterate over all the allowed types and see if this user matches */
|
||||
$auth_type = false;
|
||||
foreach($type as $t) {
|
||||
if($_SESSION['users_type'] == $t) {
|
||||
@ -812,18 +816,22 @@ function user_auth_required($type, $access='')
|
||||
}
|
||||
}
|
||||
|
||||
/* No match, no access */
|
||||
if($auth_type == false) {
|
||||
message_push(error(i18n("You must login to view that page")));
|
||||
message_push(error(i18n("You do not have permission to view that page")));
|
||||
header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type");
|
||||
exit;
|
||||
}
|
||||
|
||||
/* Forward to password expired, remember the target URI */
|
||||
if($_SESSION['password_expired'] == true) {
|
||||
$_SESSION['request_uri'] = $_SERVER['REQUEST_URI'];
|
||||
header("location: {$config['SFIABDIRECTORY']}/user_password.php");
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
/* Check committee sub-access */
|
||||
if($auth_type == 'committee' && $access != '') {
|
||||
if(committee_auth_has_access($access) == false) {
|
||||
message_push(error(i18n('You do not have permission to view that page')));
|
||||
|
@ -50,7 +50,12 @@
|
||||
}
|
||||
|
||||
|
||||
if(array_key_exists('request_uri', $_SESSION)
|
||||
$back_link = $_SESSION['request_uri'];
|
||||
else
|
||||
$back_link = "{$type}_main.php";
|
||||
unset($_SESSION['request_uri']);
|
||||
|
||||
$password_expiry_days = $config["{$type}_password_expiry_days"];
|
||||
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user