Last partial fix for ticket 585: Compartmentalize the admin area and require active authentication every 20 minutes to access the admin area.

Also renaming auth::validate_too_many_failed_password_changes to validate_too_many_failed_auth_attempts since it's used in this generalized way in 3 places now.
author: Andy Staudacher <andy.st@gmail.com> 2010-02-07 15:37:32 -0800
committer: Andy Staudacher <andy.st@gmail.com> 2010-02-07 15:37:32 -0800
commit: f93528ffab19b7a733fc8fb21c22853d8ec0d2f5 (patch)
tree: 29213dc93ad8d2edea6f7f5b3cd5bd3f0362885d /modules/gallery/controllers/admin.php
parent: 18b0096751f45d7946a2277070dd3dd1f5db4a89 (diff)
1 files changed, 5 insertions, 1 deletions
diff --git a/modules/gallery/controllers/admin.php b/modules/gallery/controllers/admin.php
index e4216991..b5f3db39 100644
--- a/modules/gallery/controllers/admin.php
+++ b/modules/gallery/controllers/admin.php
@@ -21,7 +21,7 @@ class Admin_Controller extends Controller {
   private $theme;
 
   public function __construct($theme=null) {
-    if (!(identity::active_user()->admin)) {
+    if (!identity::active_user()->admin) {
       access::forbidden();
     }
 
@@ -29,6 +29,10 @@ class Admin_Controller extends Controller {
   }
 
   public function __call($controller_name, $args) {
+    if (auth::must_reauth_for_admin_area()) {
+      return url::redirect("reauthenticate");
+    }
+
     if (request::method() == "post") {
       access::verify_csrf();
     }
author	Andy Staudacher <andy.st@gmail.com>	2010-02-07 15:37:32 -0800
committer	Andy Staudacher <andy.st@gmail.com>	2010-02-07 15:37:32 -0800
commit	f93528ffab19b7a733fc8fb21c22853d8ec0d2f5 (patch)
tree	29213dc93ad8d2edea6f7f5b3cd5bd3f0362885d /modules/gallery/controllers/admin.php
parent	18b0096751f45d7946a2277070dd3dd1f5db4a89 (diff)