diff --git a/resources/init.php b/resources/init.php index b3fce862c..cd2666959 100644 --- a/resources/init.php +++ b/resources/init.php @@ -56,34 +56,16 @@ $_SESSION["csrf_tokens"] = []; } -// $_SERVER["REMOTE_USER"] is only defined for pages where httpd requies authentication -// the home page does not require authentication, -// so if the user goes to a secure page and then back to home, they've effectively logged out -// it would be bad UX to show the user that they are effectively logging in and out, -// so we use session cache to remember if they have logged in recently and then pretend -// they're logged in even if they aren't if (isset($_SERVER["REMOTE_USER"])) { - // Check if SSO is enabled on this page $SSO = UnitySSO::getSSO(); - $_SESSION["SSO"] = $SSO; - - $OPERATOR = new UnityUser($SSO["user"], $LDAP, $SQL, $MAILER, $WEBHOOK); - $_SESSION["is_admin"] = $OPERATOR->getFlag(UserFlag::ADMIN); - $_SESSION["OPERATOR"] = $SSO["user"]; $_SESSION["OPERATOR_IP"] = $_SERVER["REMOTE_ADDR"]; - - if (isset($_SESSION["viewUser"]) && $_SESSION["is_admin"]) { + if (isset($_SESSION["viewUser"])) { $USER = new UnityUser($_SESSION["viewUser"], $LDAP, $SQL, $MAILER, $WEBHOOK); } else { - $USER = $OPERATOR; + $USER = new UnityUser($SSO["user"], $LDAP, $SQL, $MAILER, $WEBHOOK); } - - $_SESSION["user_exists"] = $USER->exists(); - $_SESSION["is_pi"] = $USER->isPI(); - - $SQL->addLog("user_login", $OPERATOR->uid); - + $SQL->addLog("user_login", $SSO["user"]); $USER->updateIsQualified(); // in case manual changes have been made to PI groups if ($USER->getFlag(UserFlag::LOCKED)) { @@ -97,4 +79,14 @@ "Your account was previously locked due to inactivity.", ); } + + // $_SERVER["REMOTE_USER"] is only defined for pages where httpd requies authentication + // the home page does not require authentication, + // so if the user goes to a secure page and then back to home, they've effectively logged out + // it would be bad UX to show the user that they are effectively logging in and out, + // so we use session cache to remember if they have logged in recently and then pretend + // they're logged in even if they aren't + $_SESSION["navbar_show_logged_in_user_pages"] = true; + $_SESSION["navbar_show_admin_pages"] = $USER->getFlag(UserFlag::ADMIN); + $_SESSION["navbar_show_pi_pages"] = $USER->isPI(); } diff --git a/resources/templates/header.php b/resources/templates/header.php index 1426d15c8..fbfd19986 100644 --- a/resources/templates/header.php +++ b/resources/templates/header.php @@ -5,12 +5,13 @@ if ($_SERVER["REQUEST_METHOD"] == "POST") { // another page should have already validated and we can't validate the same token twice // UnityHTTPD::validatePostCSRFToken(); - if ( - ($_SESSION["is_admin"] ?? false) == true - && ($_POST["form_type"] ?? null) == "clearView" - ) { - unset($_SESSION["viewUser"]); - UnityHTTPD::redirect(getURL("admin/user-mgmt.php")); + if (($_POST["form_type"] ?? null) == "clearView") { + if (isset($_SESSION["viewUser"])) { + unset($_SESSION["viewUser"]); + UnityHTTPD::redirect(getURL("admin/user-mgmt.php")); + } else { + throw new Exception('Cannot clearView because $_SESSION["viewUser"] is not set!'); + } } // Webroot files need to handle their own POSTs before loading the header // so that they can do UnityHTTPD::badRequest before anything else has been printed. @@ -21,13 +22,8 @@ UnityHTTPD::redirect(); } -if (isset($SSO)) { - if ( - !$_SESSION["user_exists"] - && !str_ends_with($_SERVER['PHP_SELF'], "/panel/new_account.php") - ) { - UnityHTTPD::redirect(getURL("panel/new_account.php")); - } +if (isset($USER) && !$USER->exists() && !str_ends_with($_SERVER['PHP_SELF'], "/new_account.php")) { + UnityHTTPD::redirect(getURL("panel/new_account.php")); } ?> @@ -91,7 +87,6 @@