Combined checkExtraSecurity into getDatabaseAccessor

diff --git a/classes/Misc.php b/classes/Misc.php
index a5e7a6c521158126ff5a68ed5a0c1b75b99b16c8..b99fbeabf27b073dc964138acfa2a3469c5eb0ce 100644 (file)
--- a/classes/Misc.php
+++ b/classes/Misc.php
@@ -2,7 +2,7 @@
        /**
         * Class to hold various commonly used functions
         *
-        * $Id: Misc.php,v 1.98.2.2 2005/03/02 09:19:34 jollytoad Exp $
+        * $Id: Misc.php,v 1.98.2.3 2005/03/02 09:47:40 jollytoad Exp $
         */
         
        class Misc {
@@ -25,27 +25,6 @@
                        return !empty($info[$all ? 'pg_dumpall_path' : 'pg_dump']);
                }
 
-               /**
-                * Checks whether a login is allowed
-                * @return True if login is allowed to be used
-                */
-               function checkExtraSecurity() {
-                       global $conf;
-                       
-                       // If extra security is off, return true
-                       if (!$conf['extra_login_security']) return true;
-                       
-                       // Disallowed logins if extra_login_security is enabled.  These must be lowercase.
-                       $bad_usernames = array('pgsql', 'postgres', 'root', 'administrator');
-                       
-                       $server_info = $this->getServerInfo();
-                       
-                       if ($server_info['password'] == '') return false;
-                       
-                       $username = strtolower($server_info['username']);
-                       return !in_array($username, $bad_usernames);
-               }
-
                /**
                 * Sets the href tracking variable
                 */
@@ -277,10 +256,26 @@
                 * Creates a database accessor
                 */
                function &getDatabaseAccessor($database, $server_id = null) {
-                       global $conf;
+                       global $lang, $conf, $misc;
                        
                        $server_info = $this->getServerInfo($server_id);
 
+                       // Perform extra security checks if this config option is set
+                       if ($conf['extra_login_security']) {
+                               // Disallowed logins if extra_login_security is enabled.
+                               // These must be lowercase.
+                               $bad_usernames = array('pgsql', 'postgres', 'root', 'administrator');
+                               
+                               $username = strtolower($server_info['username']);
+                               
+                               if ($server_info['password'] == '' || in_array($username, $bad_usernames)) {
+                                       unset($_SESSION['webdbLogin'][$_REQUEST['server']]);
+                                       $msg = $lang['strloginfailed'];
+                                       include('./login.php');
+                                       exit;
+                               }
+                       }
+                       
                        // Create the connection object and make the connection
                        $_connection = new Connection(
                                $server_info['host'],

diff --git a/libraries/lib.inc.php b/libraries/lib.inc.php
index 5fa517ed751bdfbe1c66545058551cfba27e96fb..a5891c4f715ff06071e6f8c4f94dee1758967f53 100644 (file)
--- a/libraries/lib.inc.php
+++ b/libraries/lib.inc.php
@@ -3,7 +3,7 @@
        /**
         * Function library read in upon startup
         *
-        * $Id: lib.inc.php,v 1.92.2.2 2005/03/02 09:19:35 jollytoad Exp $
+        * $Id: lib.inc.php,v 1.92.2.3 2005/03/02 09:47:40 jollytoad Exp $
         */
        include_once('decorator.inc.php');
        
@@ -137,13 +137,6 @@
                        # TODO: nice error
                }
                
-               // If extra login check fails, back to the login screen
-               $_allowed = $misc->checkExtraSecurity();
-               if (!$_allowed) {
-                       include('./login.php');
-                       exit;
-               }
-               
                $_server_info = $misc->getServerInfo();
                
                // Redirect to the login form if not logged in