diff options
| -rw-r--r-- | CGI.pl | 34 | ||||
| -rwxr-xr-x | checksetup.pl | 9 | ||||
| -rwxr-xr-x | editusers.cgi | 74 |
3 files changed, 93 insertions, 24 deletions
@@ -487,6 +487,7 @@ sub PasswordForLogin { sub quietly_check_login() { $::usergroupset = '0'; my $loginok = 0; + $::disabledreason = ''; if (defined $::COOKIE{"Bugzilla_login"} && defined $::COOKIE{"Bugzilla_logincookie"}) { ConnectToDatabase(); @@ -499,16 +500,23 @@ sub quietly_check_login() { " and profiles.cryptpassword = logincookies.cryptpassword " . "and logincookies.hostname = " . SqlQuote($ENV{"REMOTE_HOST"}) . + ", profiles.disabledtext " . " from profiles,logincookies where logincookies.cookie = " . SqlQuote($::COOKIE{"Bugzilla_logincookie"}) . " and profiles.userid = logincookies.userid"); my @row; if (@row = FetchSQLData()) { - $loginok = $row[2]; - if ($loginok) { - $::usergroupset = $row[0]; - $::COOKIE{"Bugzilla_login"} = $row[1]; # Makes sure case is in - # canonical form. + my ($groupset, $loginname, $ok, $disabledtext) = (@row); + if ($ok) { + if ($disabledtext eq '') { + $loginok = 1; + $::usergroupset = $groupset; + $::COOKIE{"Bugzilla_login"} = $loginname; # Makes sure case + # is in + # canonical form. + } else { + $::disabledreason = $disabledtext; + } } } } @@ -639,6 +647,22 @@ sub confirm_login { my $loginok = quietly_check_login(); if ($loginok != 1) { + if ($::disabledreason) { + print "Set-Cookie: Bugzilla_login= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT +Set-Cookie: Bugzilla_logincookie= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT +Set-Cookie: Bugzilla_password= ; path=/; expires=Sun, 30-Jun-80 00:00:00 GMT +Content-type: text/html + +"; + PutHeader("Your account has been disabled"); + print $::disabledreason; + print "<HR>\n"; + print "If you believe your account should be restored, please\n"; + print "send email to " . Param("maintainer") . " explaining\n"; + print "why.\n"; + PutFooter(); + exit(); + } print "Content-type: text/html\n\n"; PutHeader("Login", undef, undef, undef, 1); print "I need a legitimate e-mail address and password to continue.\n"; diff --git a/checksetup.pl b/checksetup.pl index 0028d7cce..69e31919a 100755 --- a/checksetup.pl +++ b/checksetup.pl @@ -625,6 +625,7 @@ $table{profiles} = realname varchar(255), groupset bigint not null, emailnotification enum("ExcludeSelfChanges", "CConly", "All") not null default "ExcludeSelfChanges", + disabledtext mediumtext not null, index(login_name)'; @@ -1024,7 +1025,13 @@ if (!GetFieldDef('bugs', 'keywords')) { push(@list, $k); } } - + + +# 2000-01-18 Added a "disabledtext" field to the profiles table. If not +# empty, then this account has been disabled, and this field is to contain +# text describing why. + +AddField('profiles', 'disabledtext', 'mediumtext not null'); diff --git a/editusers.cgi b/editusers.cgi index d4c3cfd16..f4a6c4dfb 100755 --- a/editusers.cgi +++ b/editusers.cgi @@ -73,9 +73,10 @@ sub CheckUser ($) # Displays the form to edit a user parameters # -sub EmitFormElements ($$$$$) +sub EmitFormElements ($$$$$$) { - my ($user, $password, $realname, $groupset, $emailnotification) = @_; + my ($user, $password, $realname, $groupset, $emailnotification, + $disabledtext) = @_; print " <TH ALIGN=\"right\">Login name:</TH>\n"; print " <TD><INPUT SIZE=64 MAXLENGTH=255 NAME=\"user\" VALUE=\"$user\"></TD>\n"; @@ -102,6 +103,15 @@ sub EmitFormElements ($$$$$) print qq{<OPTION$selectpart VALUE="$tag">$desc\n}; } print "</SELECT></TD>\n"; + print "</TR><TR>\n"; + print " <TH ALIGN=\"right\">Disable text:</TH>\n"; + print " <TD ROWSPAN=2><TEXTAREA NAME=\"disabledtext\" ROWS=10 COLS=60>" . + value_quote($disabledtext) . "</TEXTAREA>\n"; + print " </TD>\n"; + print "</TR><TR>\n"; + print " <TD VALIGN=\"top\">If non-empty, then the account will\n"; + print "be disabled, and this text should explain why.</TD>\n"; + SendSQL("SELECT bit,name,description,bit & $groupset != 0 FROM groups @@ -182,7 +192,7 @@ my $candelete = Param('allowuserdeletion'); unless ($action) { PutHeader("Select match string"); print qq{ -<FORM METHOD=POST ACTION="editusers.cgi"> +<FORM METHOD=GET ACTION="editusers.cgi"> <INPUT TYPE=HIDDEN NAME="action" VALUE="list"> List users with login name matching: <INPUT SIZE=32 NAME="matchstr"> @@ -205,7 +215,8 @@ List users with login name matching: if ($action eq 'list') { PutHeader("Select user"); - my $query = "SELECT login_name,realname FROM profiles WHERE login_name "; + my $query = "SELECT login_name,realname,disabledtext " . + "FROM profiles WHERE login_name "; if ($::FORM{'matchtype'} eq 'substr') { $query .= "like"; $::FORM{'matchstr'} = '%' . $::FORM{'matchstr'} . '%'; @@ -234,11 +245,17 @@ if ($action eq 'list') { if ($count % 100 == 0) { print "</table>$header"; } - my ($user, $realname) = FetchSQLData(); + my ($user, $realname, $disabledtext) = FetchSQLData(); + my $s = ""; + my $e = ""; + if ($disabledtext) { + $s = "<STRIKE>"; + $e = "</STRIKE>"; + } $realname ||= "<FONT COLOR=\"red\">missing</FONT>"; print "<TR>\n"; - print " <TD VALIGN=\"top\"><A HREF=\"editusers.cgi?action=edit&user=", url_quote($user), "\"><B>$user</B></A></TD>\n"; - print " <TD VALIGN=\"top\">$realname</TD>\n"; + print " <TD VALIGN=\"top\"><A HREF=\"editusers.cgi?action=edit&user=", url_quote($user), "\"><B>$s$user$e</B></A></TD>\n"; + print " <TD VALIGN=\"top\">$s$realname$e</TD>\n"; if ($candelete) { print " <TD VALIGN=\"top\"><A HREF=\"editusers.cgi?action=del&user=", url_quote($user), "\">Delete</A></TD>\n"; } @@ -273,7 +290,7 @@ if ($action eq 'add') { print "<FORM METHOD=POST ACTION=editusers.cgi>\n"; print "<TABLE BORDER=0 CELLPADDING=4 CELLSPACING=0><TR>\n"; - EmitFormElements('', '', '', 0, 'ExcludeSelfChanges'); + EmitFormElements('', '', '', 0, 'ExcludeSelfChanges', ''); print "</TR></TABLE>\n<HR>\n"; print "<INPUT TYPE=SUBMIT VALUE=\"Add\">\n"; @@ -298,6 +315,7 @@ if ($action eq 'new') { # Cleanups and valididy checks my $realname = trim($::FORM{realname} || ''); my $password = trim($::FORM{password} || ''); + my $disabledtext = trim($::FORM{disabledtext} || ''); unless ($user) { print "You must enter a name for the new user. Please press\n"; @@ -335,13 +353,15 @@ if ($action eq 'new') { # Add the new user SendSQL("INSERT INTO profiles ( " . - "login_name, password, cryptpassword, realname, groupset" . - " ) VALUES ( " . - SqlQuote($user) . "," . - SqlQuote($password) . "," . - "encrypt(" . SqlQuote($password) . ")," . - SqlQuote($realname) . "," . - $bits . ")" ); + "login_name, password, cryptpassword, realname, groupset, " . + "disabledtext" . + " ) VALUES ( " . + SqlQuote($user) . "," . + SqlQuote($password) . "," . + "encrypt(" . SqlQuote($password) . ")," . + SqlQuote($realname) . "," . + $bits . "," . + SqlQuote($disabledtext) . ")" ); #+++ send e-mail away @@ -525,16 +545,18 @@ if ($action eq 'edit') { CheckUser($user); # get data of user - SendSQL("SELECT password, realname, groupset, emailnotification + SendSQL("SELECT password, realname, groupset, emailnotification, + disabledtext FROM profiles WHERE login_name=" . SqlQuote($user)); - my ($password, $realname, $groupset, $emailnotification) = FetchSQLData(); + my ($password, $realname, $groupset, $emailnotification, + $disabledtext) = FetchSQLData(); print "<FORM METHOD=POST ACTION=editusers.cgi>\n"; print "<TABLE BORDER=0 CELLPADDING=4 CELLSPACING=0><TR>\n"; EmitFormElements($user, $password, $realname, $groupset, - $emailnotification); + $emailnotification, $disabledtext); print "</TR></TABLE>\n"; @@ -543,6 +565,8 @@ if ($action eq 'edit') { print "<INPUT TYPE=HIDDEN NAME=\"realnameold\" VALUE=\"$realname\">\n"; print "<INPUT TYPE=HIDDEN NAME=\"groupsetold\" VALUE=\"$groupset\">\n"; print "<INPUT TYPE=HIDDEN NAME=\"emailnotificationold\" VALUE=\"$emailnotification\">\n"; + print "<INPUT TYPE=HIDDEN NAME=\"disabledtextold\" VALUE=\"" . + value_quote($disabledtext) . "\">\n"; print "<INPUT TYPE=HIDDEN NAME=\"action\" VALUE=\"update\">\n"; print "<INPUT TYPE=SUBMIT VALUE=\"Update\">\n"; @@ -568,6 +592,8 @@ if ($action eq 'update') { my $passwordold = trim($::FORM{passwordold} || ''); my $emailnotification = trim($::FORM{emailnotification} || ''); my $emailnotificationold = trim($::FORM{emailnotificationold} || ''); + my $disabledtext = trim($::FORM{disabledtext} || ''); + my $disabledtextold = trim($::FORM{disabledtextold} || ''); my $groupsetold = trim($::FORM{groupsetold} || ''); my $groupset = "0"; @@ -609,6 +635,18 @@ if ($action eq 'update') { WHERE login_name=" . SqlQuote($userold)); print "Updated real name.<BR>\n"; } + if ($disabledtext ne $disabledtextold) { + SendSQL("UPDATE profiles + SET disabledtext=" . SqlQuote($disabledtext) . " + WHERE login_name=" . SqlQuote($userold)); + SendSQL("SELECT userid + FROM profiles + WHERE login_name=" . SqlQuote($user)); + my $userid = FetchOneColumn(); + SendSQL("DELETE FROM logincookies + WHERE userid=" . $userid); + print "Updated disabled text.<BR>\n"; + } if ($user ne $userold) { unless ($user) { print "Sorry, I can't delete the user's name."; |