Work on frame security and stop users registering twice
This commit is contained in:
Deon George
25
load/defs.js
25
load/defs.js
@@ -41,10 +41,12 @@ var ERR_NOT_IMPLEMENTED ='\1n\1h\1RNOT IMPLEMENTED YET?';
|
||||
var ERR_ROUTE ='\1n\1h\1WMISTAKE? \1GTRY AGAIN OR TELL US ON *08';
|
||||
var ERR_METHOD_NOT_EXIST ='\1n\1h\1WMISTAKE? \1GTRY AGAIN OR TELL US ON *08';
|
||||
var ACCESS_DENIED ='\1n\1h\1RACCESS DENIED. \1RMISTAKE? TRY AGAIN OR TELL US *08';
|
||||
var ALREADY_MEMBER ='\1n\1h\1RALREADY MEMBER OF CUG'
|
||||
var INACTIVITY ='\1n\1h\1RINACTIVITY ALERT, DISCONNECT PENDING...';
|
||||
var INACTIVE ='\1n\1h\1RINACTIVITY DISCONNECT';
|
||||
|
||||
var NO_HISTORY_FRAMES =['980a','98b','981a'];
|
||||
var SYSTEM_OWNER =9;
|
||||
|
||||
// Our frame object
|
||||
function TexFrame() {
|
||||
@@ -391,18 +393,19 @@ function TexFrame() {
|
||||
get: function() {
|
||||
log(LOG_DEBUG,'- Checking if user can access frame: '+this.page);
|
||||
log(LOG_DEBUG,' - User: '+JSON.stringify(user.number));
|
||||
log(LOG_DEBUG,' - Frame Owner: '+JSON.stringify(this.owner)+', System Frame: '+(this.pageowner == 0));
|
||||
log(LOG_DEBUG,' - Frame Owner: '+JSON.stringify(this.owner)+', System Frame: '+(this.pageowner == SYSTEM_OWNER));
|
||||
|
||||
// user.number 0 is unidentified user.
|
||||
if (user.number) {
|
||||
return (
|
||||
(this.isAccessible && this.pageowner == SYSTEM_OWNER && ! this.isPublic) ||
|
||||
(this.isAccessible && this.isPublic) ||
|
||||
(this.isAccessible && ! this.isPublic && user.isMember) ||
|
||||
(this.isAccessible && ! this.isPublic && this.isMember) ||
|
||||
(user.isOwner)
|
||||
);
|
||||
|
||||
} else {
|
||||
return (this.pageowner == 0 && this.isPublic && this.isAccessible);
|
||||
return (this.isAccessible && this.pageowner == SYSTEM_OWNER && this.isPublic);
|
||||
}
|
||||
}
|
||||
});
|
||||
@@ -413,6 +416,22 @@ function TexFrame() {
|
||||
}
|
||||
});
|
||||
|
||||
// Check if the user is already a member of the CUG
|
||||
Object.defineProperty(this,'isMember',{
|
||||
get: function() {
|
||||
log(LOG_DEBUG,'- Checking if user is a member of frame: '+this.page);
|
||||
|
||||
if (user.number) {
|
||||
return (
|
||||
(this.pageowner == SYSTEM_OWNER)
|
||||
);
|
||||
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
})
|
||||
|
||||
Object.defineProperty(this,'page', {
|
||||
get: function() {
|
||||
if (this.frame == null || this.index == null) return null;
|
||||
|
||||
@@ -166,24 +166,31 @@ function pageOwner(page) {
|
||||
log(LOG_DEBUG,'+ pageOwner: pageowners='+JSON.stringify(pageowners));
|
||||
}
|
||||
|
||||
var BreakException = {};
|
||||
var pageowner = o = null;
|
||||
|
||||
pageowners.forEach(function(owner) {
|
||||
var p = owner.prefix.toString();
|
||||
o = owner;
|
||||
try {
|
||||
pageowners.forEach(function(owner) {
|
||||
var p = owner.prefix.toString();
|
||||
o = owner;
|
||||
|
||||
log(LOG_DEBUG,'- pageOwner: p='+p+'('+p.length+') ,o: '+o);
|
||||
match = '';
|
||||
//log(LOG_DEBUG,'- pageOwner: p='+p+'('+p.length+') ,o: '+o);
|
||||
match = '';
|
||||
|
||||
var re = new RegExp('^' + p, 'g');
|
||||
if (page.toString().match(re) && (p.length > match.length)) {
|
||||
match = p;
|
||||
pageowner = o;
|
||||
log(LOG_DEBUG,'= pageOwner: p='+p+',o: '+o);
|
||||
}
|
||||
});
|
||||
var re = new RegExp('^' + p, 'g');
|
||||
if (page.toString().match(re) && (p.length > match.length)) {
|
||||
match = p;
|
||||
pageowner = o;
|
||||
//log(LOG_DEBUG,'= pageOwner: p='+p+',o: '+o);
|
||||
throw BreakException;
|
||||
}
|
||||
});
|
||||
|
||||
log(LOG_DEBUG,'+ pageOwner: page='+page+', owner: '+JSON.stringify(pageowner ? pageowner : o));
|
||||
} catch (e) {
|
||||
if (e !== BreakException) throw e;
|
||||
}
|
||||
|
||||
//log(LOG_DEBUG,'+ pageOwner: page='+page+', owner: '+JSON.stringify(pageowner ? pageowner : o));
|
||||
|
||||
return pageowner ? pageowner : o;
|
||||
}
|
||||
|
||||
@@ -35,6 +35,12 @@ function register() {
|
||||
});
|
||||
|
||||
this.handle=function(read) {
|
||||
// Dont allow existing users to re-register
|
||||
if (user.number) {
|
||||
sendBaseline(ALREADY_MEMBER,false);
|
||||
return read == '*' ? read : '';
|
||||
}
|
||||
|
||||
log(LOG_DEBUG,'Control REGISTER handle() start. ('+read+')');
|
||||
log(LOG_DEBUG,'- Field '+cf.fname+'('+JSON.stringify(cf)+')');
|
||||
|
||||
@@ -56,18 +62,18 @@ function register() {
|
||||
|
||||
// Make sure we got an email
|
||||
this.prefield=function() {
|
||||
log(LOG_DEBUG,'- Field '+cf.fname+'('+JSON.stringify(cf)+')');
|
||||
log(LOG_DEBUG,'- prefield: Field '+cf.fname+'('+JSON.stringify(cf)+')');
|
||||
|
||||
if (cf.fname == 'TOKEN') {
|
||||
if (! code.length) {
|
||||
log(LOG_DEBUG,'- BASELINE '+cf.fname+'('+JSON.stringify(cf)+')');
|
||||
log(LOG_DEBUG,' - BASELINE '+cf.fname+'('+JSON.stringify(cf)+')');
|
||||
sendBaseline('\1n\1h\1RPlease wait, while a token is emailed to you...',false);
|
||||
|
||||
var email = fo.fieldValue('EMAIL');
|
||||
var user = fo.fieldValue('UID');
|
||||
var uid = fo.fieldValue('UID');
|
||||
var name = fo.fieldValue('FULLNAME');
|
||||
|
||||
log(LOG_DEBUG,'- VALIDATE EMAIL TO ('+JSON.stringify(system.matchuserdata(U_NETMAIL,email))+')');
|
||||
log(LOG_DEBUG,' - VALIDATE EMAIL TO ('+JSON.stringify(system.matchuserdata(U_NETMAIL,email))+')');
|
||||
|
||||
// Validate Email hasnt been used
|
||||
// Validate USER_ID hasnt been used
|
||||
@@ -76,8 +82,8 @@ function register() {
|
||||
return;
|
||||
}
|
||||
|
||||
if (! system.check_name(user)) {
|
||||
log(LOG_DEBUG,'Cannot use user_id: ('+user+')');
|
||||
if (! system.check_name(uid)) {
|
||||
log(LOG_DEBUG,' - Cannot use user_id: ('+uid+')');
|
||||
sendBaseline('\1n\1h\1RINVAID USER ID, PLEASE TRY AGAIN *00',false);
|
||||
return;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user