diff options
-rw-r--r-- | CGI.pl | 23 | ||||
-rw-r--r-- | defparams.pl | 9 | ||||
-rwxr-xr-x | index.cgi | 2 | ||||
-rwxr-xr-x | token.cgi | 2 |
4 files changed, 30 insertions, 6 deletions
@@ -219,7 +219,14 @@ sub get_netaddr { return join(".", unpack("CCCC", pack("N", $addr))); } -sub quietly_check_login() { +my $login_cookie_set = 0; +# If quietly_check_login is called with no arguments and logins are +# required, it will prompt for a login. +sub quietly_check_login { + if (Param('requirelogin') && !(@_)) { + confirm_login(); + return; + } $::disabledreason = ''; my $userid = 0; my $ipaddr = $ENV{'REMOTE_ADDR'}; @@ -561,11 +568,19 @@ sub confirm_login { $::COOKIE{"Bugzilla_logincookie"} = $logincookie; my $cookiepath = Param("cookiepath"); - print "Set-Cookie: Bugzilla_login= " . url_quote($enteredlogin) . " ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n"; - print "Set-Cookie: Bugzilla_logincookie=$logincookie ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n"; + if ($login_cookie_set == 0) { + $login_cookie_set = 1; + print "Set-Cookie: Bugzilla_login= " . url_quote($enteredlogin) . " ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n"; + print "Set-Cookie: Bugzilla_logincookie=$logincookie ; path=$cookiepath; expires=Sun, 30-Jun-2029 00:00:00 GMT\n"; + } } - $userid = quietly_check_login(); + # If anonymous logins are disabled, quietly_check_login will force + # the user to log in by calling confirm_login() when called by any + # code that does not call it with an argument. When confirm_login + # calls quietly_check_login, it must not result in confirm_login + # being called back. + $userid = quietly_check_login('do_not_recurse_here'); if (!$userid) { if ($::disabledreason) { diff --git a/defparams.pl b/defparams.pl index b0567c783..ae0923295 100644 --- a/defparams.pl +++ b/defparams.pl @@ -964,6 +964,15 @@ Reason: %reason% }, { + name => 'requirelogin', + desc => 'If this option is set, all access to the system beyond the ' . + ' front page will require a login. No anonymous users will ' . + ' be permitted.', + type => 'b', + default => '0' + }, + + { name => 'usermatchmode', desc => 'Allow match strings to be entered for user names when entering ' . 'and editing bugs. <p>' . @@ -45,7 +45,7 @@ use vars qw( ConnectToDatabase(); # Check whether or not the user is logged in and, if so, set the $::userid -quietly_check_login(); +quietly_check_login('permit_anonymous'); ############################################################################### # Main Body Execution @@ -36,7 +36,7 @@ require "CGI.pl"; # Establish a connection to the database backend. ConnectToDatabase(); -quietly_check_login(); +quietly_check_login('permit_anonymous'); # Use the "Token" module that contains functions for doing various # token-related tasks. |