Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Browse files

Three things: allow allow_nonadmin_ssl to be set to 2 to allow

subscribers as well as admins into SSL servers;  pull some expensive
moderatorlog SELECTs out from a metamod.pl call into a task so they get
called only twice an hour;  and add "isbanned" key to accesslist.
  • Loading branch information...
commit 6e397ad38658f422097ba22a5828d68abd06c2f6 1 parent 650e469
@jamiemccarthy jamiemccarthy authored
View
61 Slash/Apache/User/User.pm
@@ -78,7 +78,7 @@ sub handler {
createCurrentUser();
createCurrentForm();
createCurrentCookie();
- if (!$constants->{allow_nonadmin_ssl}
+ if ($constants->{allow_nonadmin_ssl} != 1
&& Slash::Apache::ConnectionIsSSL() ) {
# Accessing non-dynamic URL on SSL webserver; redirect
# to the non-SSL URL.
@@ -230,25 +230,60 @@ EOT
$user->{state}{_dynamic_page} = 1;
createCurrentUser($user);
createCurrentForm($form);
- if ( ($user->{seclev} <= 1 && !$user->{state}{lostprivs})
- && !$constants->{allow_nonadmin_ssl}
- && Slash::Apache::ConnectionIsSSL()
+
+ # If the user is connecting over SSL, make sure this is allowed.
+ # If allow_nonadmin_ssl is 0, then only admins are allowed in.
+ # If allow_nonadmin_ssl is 1, then anyone is allowed in.
+ # If allow_nonadmin_ssl is 2, then admins and subscribers are allowed in.
+ my $redirect_to_nonssl = 0;
+ if (Slash::Apache::ConnectionIsSSL()
&& !(
- # If the user is trying to log in, they are allowed
- # to do so on the SSL server. Logging in means the
- # users.pl script and either an empty op or the
- # 'userlogin' op.
- $uri =~ m{^/users\.pl}
- && (!$form->{op} || $form->{op} eq 'userlogin')
- ) ) {
- # User is not an admin but is trying to connect to an admin-only
- # webserver. Redirect them to the non-SSL URL.
+ # If the user is trying to log in, they are always
+ # allowed to make the attempt on the SSL server.
+ # Logging in means the users.pl script and either
+ # an empty op or the 'userlogin' op.
+ $uri =~ m{^/users\.pl}
+ && (!$form->{op} || $form->{op} eq 'userlogin')
+ )
+ ) {
+ my $ans = $constants->{allow_nonadmin_ssl};
+ if ($ans == 1) {
+ # It's OK, anyone is allowed to use the SSL server.
+ } elsif ($ans == 0) {
+ # Only admins are allowed in -- but note the special
+ # case where this is an admin who has lost privs due
+ # to a cleartext password having been sent. Those
+ # admin accounts are allowed in over SSL even though
+ # the rest of the system might not consider them
+ # "admins" right now.
+ if ($user->{seclev} > 1 || $user->{state}{lostprivs}) {
+ # It's an admin, this is fine.
+ } else {
+ # Not an admin, SSL access forbidden.
+ $redirect_to_nonssl = 1;
+ }
+ } elsif ($ans == 2) {
+ # Admins are allowed in, per the above case, but
+ # also subscribers are allowed in.
+ if ($user->{seclev} > 1 || $user->{state}{lostprivs}
+ || $user->{is_subscriber}) {
+ # It's an admin or a subscriber, this is fine.
+ } else {
+ # Not an admin or subscriber, SSL access forbidden.
+ $redirect_to_nonssl = 1;
+ }
+ }
+ }
+ if ($redirect_to_nonssl) {
+ # User is not authorized to connect to the SSL webserver.
+ # Redirect them to the non-SSL URL.
my $newloc = $uri;
$newloc .= "?" . $r->args if $r->args;
$r->err_header_out(Location =>
URI->new_abs($newloc, $constants->{absolutedir}));
return REDIRECT;
}
+
createCurrentCookie($cookies);
createEnv($r) if $cfg->{env};
authors($r) if $form->{'slashcode_authors'};
View
14 Slash/DB/MySQL/MySQL.pm
@@ -718,16 +718,10 @@ sub getMetamodsForUserRaw {
# run tests on changes like this before and there's almost no
# way to predict accurately what it will do on a live site
# without doing it... -Jamie 2002/11/16
- my($min_old) = $self->sqlSelect("MIN(id)", "moderatorlog");
- my($max_old) = $self->sqlSelect("MAX(id)", "moderatorlog",
- "ts < DATE_SUB(NOW(), INTERVAL $days_back DAY)");
- $min_old = 0 if !$min_old;
- $max_old = 0 if !$max_old;
- my($min_new) = $self->sqlSelect("MIN(id)", "moderatorlog",
- "ts >= DATE_SUB(NOW(), INTERVAL $days_back_cushion DAY)");
- my($max_new) = $self->sqlSelect("MAX(id)", "moderatorlog");
- $min_new = 0 if !$min_new;
- $max_new = 0 if !$max_new;
+ my $min_old = $self->getVar('m2_modlogid_min_old', 'value', 1) || 0;
+ my $max_old = $self->getVar('m2_modlogid_max_old', 'value', 1) || 0;
+ my $min_new = $self->getVar('m2_modlogid_min_new', 'value', 1) || 0;
+ my $max_new = $self->getVar('m2_modlogid_max_new', 'value', 1) || 0;
my $min_mid = $max_old+1;
my $max_mid = $min_new-1;
my $old_range = $max_old-$min_old; $old_range = 1 if $old_range < 1;
View
2  sql/mysql/defaults.sql
@@ -614,7 +614,7 @@ INSERT INTO vars (name, value, description) VALUES ('adminmail_mod','admin@examp
INSERT INTO vars (name, value, description) VALUES ('adminmail_post','admin@example.com','All admin mail about comment posting goes here');
INSERT INTO vars (name, value, description) VALUES ('allow_anonymous','1','allow anonymous posters');
INSERT INTO vars (name, value, description) VALUES ('allow_moderation','1','allows use of the moderation system');
-INSERT INTO vars (name, value, description) VALUES ('allow_nonadmin_ssl','0','Allows users with seclev <= 1 to access the site over Secure HTTP');
+INSERT INTO vars (name, value, description) VALUES ('allow_nonadmin_ssl','0','0=users with seclev <= 1 cannot access the site over Secure HTTP; 1=they all can; 2=only if they are subscribers');
INSERT INTO vars (name, value, description) VALUES ('anonymous_coward_uid', '1', 'UID to use for anonymous coward');
INSERT INTO vars (name, value, description) VALUES ('anon_name_alt','An anonymous coward','Name of anonymous user to be displayed in stories');
INSERT INTO vars (name, value, description) VALUES ('apache_cache', '3600', 'Default times for the getCurrentCache().');
View
9 sql/mysql/upgrades
@@ -1143,3 +1143,12 @@ ALTER TABLE moderatorlog ADD INDEX m2stat_act (m2status, active);
ALTER TABLE accesslist ADD wasbanned tinyint unsigned DEFAULT 0 NOT NULL;
ALTER TABLE accesslist ADD wasreadonly tinyint unsigned DEFAULT 0 NOT NULL;
+ALTER TABLE accesslist ADD INDEX isbanned (isbanned);
+
+REPLACE INTO vars (name, value, description) VALUES ('allow_nonadmin_ssl','0','0=users with seclev <= 1 cannot access the site over Secure HTTP; 1=they all can; 2=only if they are subscribers');
+
+INSERT INTO vars (name, value, description) VALUES ('m2_modlogid_min_old','0','Approximate min moderatorlog id');
+INSERT INTO vars (name, value, description) VALUES ('m2_modlogid_max_old','0','Approximate max moderatorlog id that counts as old');
+INSERT INTO vars (name, value, description) VALUES ('m2_modlogid_min_new','0','Approximate min moderatorlog id that counts as new');
+INSERT INTO vars (name, value, description) VALUES ('m2_modlogid_max_new','0','Approximate max moderatorlog id');
+
View
37 themes/slashcode/tasks/run_moderatord.pl
@@ -32,8 +32,10 @@
# doLogInit('moderatord');
+ update_modlog_ids($virtual_user, $constants, $slashdb, $user);
give_out_points($virtual_user, $constants, $slashdb, $user);
reconcile_m2($virtual_user, $constants, $slashdb, $user);
+ update_modlog_ids($virtual_user, $constants, $slashdb, $user);
# doLogExit('moderatord');
@@ -47,6 +49,41 @@ sub moderatordLog {
doLog('slashd', \@_);
}
+sub update_modlog_ids {
+ my($virtual_user, $constants, $slashdb, $user) = @_;
+
+ my $days_back = $constants->{archive_delay_mod};
+ my $days_back_cushion = int($days_back/10);
+ $days_back_cushion = $constants->{m2_min_daysbackcushion} || 2
+ if $days_back_cushion < ($constants->{m2_min_daysbackcushion} || 2);
+ $days_back -= $days_back_cushion;
+
+ # XXX I'm considering adding a 'WHERE m2status=0' clause to the
+ # MIN/MAX selects below. This might help choose mods more
+ # smoothly and make failure (as archive_delay_mod is approached)
+ # less dramatic too. On the other hand it might screw things
+ # up, making older mods at N-1 M2's never make it to N. I've
+ # run tests on changes like this before and there's almost no
+ # way to predict accurately what it will do on a live site
+ # without doing it... -Jamie 2002/11/16
+
+ my($min_old) = $slashdb->sqlSelect("MIN(id)", "moderatorlog");
+ my($max_old) = $slashdb->sqlSelect("MAX(id)", "moderatorlog",
+ "ts < DATE_SUB(NOW(), INTERVAL $days_back DAY)");
+ $min_old = 0 if !$min_old;
+ $max_old = 0 if !$max_old;
+ my($min_new) = $slashdb->sqlSelect("MIN(id)", "moderatorlog",
+ "ts >= DATE_SUB(NOW(), INTERVAL $days_back_cushion DAY)");
+ my($max_new) = $slashdb->sqlSelect("MAX(id)", "moderatorlog");
+ $min_new = 0 if !$min_new;
+ $max_new = 0 if !$max_new;
+
+ $slashdb->setVar("m2_modlogid_min_old", $min_old);
+ $slashdb->setVar("m2_modlogid_max_old", $max_old);
+ $slashdb->setVar("m2_modlogid_min_new", $min_new);
+ $slashdb->setVar("m2_modlogid_max_new", $max_new);
+}
+
sub give_out_points {
my($virtual_user, $constants, $slashdb, $user) = @_;
Please sign in to comment.
Something went wrong with that request. Please try again.