Menu
▾
▴
[Web-erp-svn] SF.net SVN: web-erp:[5991] trunk
|
From: <te...@us...> - 2013-05-28 03:51:52
|
Revision: 5991
http://sourceforge.net/p/web-erp/reponame/5991
Author: tehonu
Date: 2013-05-28 03:51:49 +0000 (Tue, 28 May 2013)
Log Message:
-----------
PakRicard: Allow DB_maintenance be set to -1 ==> system will allow login only to SysAdmin users (15). Other users will receive message "system under maintenance"
Modified Paths:
--------------
trunk/SystemParameters.php
trunk/api/api_login.php
trunk/includes/UserLogin.php
trunk/includes/session.inc
Modified: trunk/SystemParameters.php
===================================================================
--- trunk/SystemParameters.php 2013-05-28 02:35:48 UTC (rev 5990)
+++ trunk/SystemParameters.php 2013-05-28 03:51:49 UTC (rev 5991)
@@ -862,6 +862,11 @@
} else {
echo '<option value="0">'._('Never') . '</option>';
}
+ if ($_SESSION['DB_Maintenance']=='-1'){
+ echo '<option selected="selected" value="-1">'._('Allow SysAdmin Access Only') . '</option>';
+ } else {
+ echo '<option value="-1">'._('Allow SysAdmin Access Only') . '</option>';
+ }
echo '</select></td>
<td>' . _('Uses the function DB_Maintenance defined in ConnectDB_XXXX.inc to perform database maintenance tasks, to run at regular intervals - checked at each and every user login') . '</td>
Modified: trunk/api/api_login.php
===================================================================
--- trunk/api/api_login.php 2013-05-28 02:35:48 UTC (rev 5990)
+++ trunk/api/api_login.php 2013-05-28 03:51:49 UTC (rev 5991)
@@ -108,7 +108,7 @@
$db = $_SESSION['db']; // Used a bit in the following.
if(isset($_SESSION['DB_Maintenance'])){
- if ($_SESSION['DB_Maintenance']!=0) {
+ if ($_SESSION['DB_Maintenance']>0) {
if (DateDiff(Date($_SESSION['DefaultDateFormat']),
ConvertSQLDate($_SESSION['DB_Maintenance_LastRun'])
,'d') > $_SESSION['DB_Maintenance']){
Modified: trunk/includes/UserLogin.php
===================================================================
--- trunk/includes/UserLogin.php 2013-05-28 02:35:48 UTC (rev 5990)
+++ trunk/includes/UserLogin.php 2013-05-28 03:51:49 UTC (rev 5991)
@@ -93,12 +93,28 @@
return UL_CONFIGERR;
} else {
$i=0;
+ $UserIsSysAdmin = FALSE;
while ($myrow = DB_fetch_row($Sec_Result)){
+ if ($myrow[0] == 15){
+ $UserIsSysAdmin = TRUE;
+ }
$_SESSION['AllowedPageSecurityTokens'][$i] = $myrow[0];
$i++;
}
}
- // Temporary shift - disable log messages - how temporary?
+ // check if only maintenance users can access webERP
+ $sql = "SELECT confvalue FROM config WHERE confname = 'DB_Maintenance'";
+ $Maintenance_Result = DB_query($sql, $db);
+ if (DB_num_rows($Maintenance_Result)==0){
+ return UL_CONFIGERR;
+ } else {
+ $myMaintenanceRow = DB_fetch_row($Maintenance_Result);
+ if (($myMaintenanceRow[0] == -1) AND ($UserIsSysAdmin == FALSE)){
+ // the configuration setting has been set to -1 ==> Allow SysAdmin Access Only
+ // the user is NOT a SysAdmin
+ return UL_MAINTENANCE;
+ }
+ }
} else { // Incorrect password
// 5 login attempts, show failed login screen
if (!isset($_SESSION['AttemptsCounter'])) {
Modified: trunk/includes/session.inc
===================================================================
--- trunk/includes/session.inc 2013-05-28 02:35:48 UTC (rev 5990)
+++ trunk/includes/session.inc 2013-05-28 03:51:49 UTC (rev 5991)
@@ -144,7 +144,7 @@
}
if(isset($_SESSION['DB_Maintenance'])){
- if ($_SESSION['DB_Maintenance']!=0) {
+ if ($_SESSION['DB_Maintenance']>0) {
if (DateDiff(Date($_SESSION['DefaultDateFormat']),
ConvertSQLDate($_SESSION['DB_Maintenance_LastRun'])
,'d') >= $_SESSION['DB_Maintenance']){
|
