Commit 40f46422 authored by Nigel McNie's avatar Nigel McNie Committed by Nigel McNie
Browse files

Fix users who are already logged in from accessing the admin panel. Change

some safe_require calls to be simpler now that better defaults are
available.
parent 45e4ccb1
...@@ -217,6 +217,11 @@ function auth_setup () { ...@@ -217,6 +217,11 @@ function auth_setup () {
$SESSION->add_err_msg(get_string('accessforbiddentoadminsection')); $SESSION->add_err_msg(get_string('accessforbiddentoadminsection'));
redirect(get_config('wwwroot')); redirect(get_config('wwwroot'));
} }
else {
// The user never was an admin
$SESSION->add_err_msg(get_string('accessforbiddentoadminsection'));
redirect(get_config('wwwroot'));
}
} }
$USER = $SESSION->renew(); $USER = $SESSION->renew();
auth_check_password_change(); auth_check_password_change();
...@@ -298,7 +303,7 @@ function auth_check_password_change() { ...@@ -298,7 +303,7 @@ function auth_check_password_change() {
$authtype = auth_get_authtype_for_institution($USER->institution); $authtype = auth_get_authtype_for_institution($USER->institution);
$authclass = 'Auth' . ucfirst($authtype); $authclass = 'Auth' . ucfirst($authtype);
$url = ''; $url = '';
safe_require('auth', $authtype, 'lib.php', 'require_once'); safe_require('auth', $authtype);
// @todo auth preference for a password change screen for all auth methods other than internal // @todo auth preference for a password change screen for all auth methods other than internal
if ( if (
...@@ -367,7 +372,7 @@ function change_password_validate(Form $form, $values) { ...@@ -367,7 +372,7 @@ function change_password_validate(Form $form, $values) {
$authtype = auth_get_authtype_for_institution($USER->institution); $authtype = auth_get_authtype_for_institution($USER->institution);
$authclass = 'Auth' . ucfirst($authtype); $authclass = 'Auth' . ucfirst($authtype);
$authlang = 'auth.' . $authtype; $authlang = 'auth.' . $authtype;
safe_require('auth', $authtype, 'lib.php', 'require_once'); safe_require('auth', $authtype);
// @todo this could be done by a custom form rule... 'password' => $user // @todo this could be done by a custom form rule... 'password' => $user
password_validate($form, $values, $USER); password_validate($form, $values, $USER);
...@@ -582,7 +587,7 @@ function login_submit($values) { ...@@ -582,7 +587,7 @@ function login_submit($values) {
$institution = (isset($values['login_institution'])) ? $values['login_institution'] : 'mahara'; $institution = (isset($values['login_institution'])) ? $values['login_institution'] : 'mahara';
$authtype = auth_get_authtype_for_institution($institution); $authtype = auth_get_authtype_for_institution($institution);
safe_require('auth', $authtype, 'lib.php', 'require_once'); safe_require('auth', $authtype);
$authclass = 'Auth' . ucfirst($authtype); $authclass = 'Auth' . ucfirst($authtype);
try { try {
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment