From 76aa2ab76d8f2305db7a2bb7cdbe461cca0146a3 Mon Sep 17 00:00:00 2001
From: "Justin J. Novack" <jnovack@gmail.com>
Date: Mon, 17 Sep 2012 09:53:19 -0400
Subject: ADD: Add identity to /forbidden page for easy administration

---
 data/templates/forbidden.htm | 6 +++++-
 www/auth.php                 | 9 ---------
 www/secure.php               | 8 ++++++++
 3 files changed, 13 insertions(+), 10 deletions(-)

diff --git a/data/templates/forbidden.htm b/data/templates/forbidden.htm
index ad40a9f..e6965dd 100644
--- a/data/templates/forbidden.htm
+++ b/data/templates/forbidden.htm
@@ -5,7 +5,11 @@
 
 <fieldset>
   <legend>Access Denied</legend>
-  <img src="images/access_denied.png">
+  <img src="images/access_denied.png" align='left'>
+  <p>We're sorry, your identity is not authorized:</p>
+  <p><code>{{ identity }}</code></p>
+  <p>If you feel this message is in error, please notify the site admin
+    and include your identity.</p>
 </fieldset>
 {% endblock %}
 
diff --git a/www/auth.php b/www/auth.php
index bb4fcb2..b8d08ff 100644
--- a/www/auth.php
+++ b/www/auth.php
@@ -201,15 +201,6 @@ if (isset($_POST['start'])) {
     }
 
     $openid = $message->getArrayFormat();
-    if ($GLOBALS['phorkie']['auth']['secure'] > 0 &&
-        $GLOBALS['phorkie']['auth']['userlist']) {
-        if (!in_array($openid['openid.identity'], $GLOBALS['phorkie']['users'])) {
-            $redirect = 'http://' . $_SERVER['HTTP_HOST'] . "/forbidden";
-            header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
-            exit;
-        }
-    }
-    // include_once 'openid/wrapper.php';
 
 	$email = (isset($openid['openid.ext1.value.email'])) ? $openid['openid.ext1.value.email'] : null;
     $email = (isset($openid['openid.ext2.value.email']) && !isset($email)) ? $openid['openid.ext2.value.email'] : $email;
diff --git a/www/secure.php b/www/secure.php
index 07cdfb6..4b81d59 100644
--- a/www/secure.php
+++ b/www/secure.php
@@ -9,4 +9,12 @@ if (!isset($_SESSION['identity'])) {
     header("Location: /login");
     exit;
 }
+if ($GLOBALS['phorkie']['auth']['secure'] > 0 &&
+    $GLOBALS['phorkie']['auth']['userlist']) {
+    if (!in_array($_SESSION['identity'], $GLOBALS['phorkie']['users'])) {
+        $redirect = 'http://' . $_SERVER['HTTP_HOST'] . "/forbidden";
+        header('Location: ' . filter_var($redirect, FILTER_SANITIZE_URL));
+        exit;
+    }
+}
 ?>
-- 
cgit v1.2.3