"; }
+ if ((user.siteadmin != null) && (user.siteadmin == 32)) { msg += "Locked, "; }
+ if ((user.siteadmin == null) || (user.siteadmin == 0) || (user.siteadmin == 32)) {
msg += "User";
} else if (user.siteadmin == 8) {
msg += "User with server files";
@@ -4938,6 +4939,7 @@
function showUserAdminDialog(e, userid) {
if (xxdialogMode) return;
haltEvent(e);
+ userid = decodeURIComponent(userid);
var x = '';
x += 'Server Files, k max, blank for default
';
x += 'Full Administrator
';
@@ -4945,9 +4947,10 @@
x += 'Server Restore
';
x += 'Server Updates
';
x += 'Manage Users
';
+ x += '
Lock Account
';
x += '';
- var user = users[userid];
- setDialogMode(2, "Site Permissions", 3, showUserAdminDialogEx, x, user);
+ var user = users[userid.toLowerCase()];
+ setDialogMode(2, "Server Permissions", 3, showUserAdminDialogEx, x, user);
if (user.siteadmin && user.siteadmin != 0) {
Q('ua_fulladmin').checked = (user.siteadmin == 0xFFFFFFFF);
Q('ua_serverbackup').checked = ((user.siteadmin != 0xFFFFFFFF) && ((user.siteadmin & 1) != 0)); // Server Backup
@@ -4955,6 +4958,7 @@
Q('ua_serverrestore').checked = ((user.siteadmin != 0xFFFFFFFF) && ((user.siteadmin & 4) != 0)); // Server Restore
Q('ua_fileaccess').checked = ((user.siteadmin != 0xFFFFFFFF) && ((user.siteadmin & 8) != 0)); // Server Files
Q('ua_serverupdate').checked = ((user.siteadmin != 0xFFFFFFFF) && ((user.siteadmin & 16) != 0)); // Server Update
+ Q('ua_lockedaccount').checked = ((user.siteadmin != 0xFFFFFFFF) && ((user.siteadmin & 32) != 0)); // Account locked
}
QE('ua_fulladmin', userinfo.siteadmin == 0xFFFFFFFF);
QE('ua_serverbackup', userinfo.siteadmin == 0xFFFFFFFF);
@@ -4974,7 +4978,7 @@
QE('ua_serverrestore', !Q('ua_fulladmin').checked);
QE('ua_fileaccess', !Q('ua_fulladmin').checked);
QE('ua_serverupdate', !Q('ua_fulladmin').checked);
- QE('ua_fileaccessquota', Q('ua_fileaccess').checked || Q('ua_fulladmin').checked);
+ QE('ua_fileaccessquota', Q('ua_fileaccess').checked && !Q('ua_fulladmin').checked);
}
}
@@ -4986,6 +4990,7 @@
if (Q('ua_serverrestore').checked == true) siteadmin += 4;
if (Q('ua_fileaccess').checked == true) siteadmin += 8;
if (Q('ua_serverupdate').checked == true) siteadmin += 16;
+ if (Q('ua_lockedaccount').checked == true) siteadmin += 32;
}
var x = { action: 'edituser', name: user.name, siteadmin: siteadmin };
if (isNaN(quota) == false) { x.quota = (quota * 1024); }
diff --git a/webserver.js b/webserver.js
index 66f314ae..baf89c4e 100644
--- a/webserver.js
+++ b/webserver.js
@@ -88,6 +88,7 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
const SITERIGHT_SERVERRESTORE = 4;
const SITERIGHT_FILEACCESS = 8;
const SITERIGHT_SERVERUPDATE = 16;
+ const SITERIGHT_LOCKED = 32;
// Setup SSPI authentication if needed
if ((obj.parent.platform == 'win32') && (obj.args.nousers != true) && (obj.parent.config != null) && (obj.parent.config.domains != null)) {
@@ -207,6 +208,7 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
if (hash == user.hash) {
// Update the password to the stronger format.
require('./pass').hash(pass, function (err, salt, hash) { if (err) throw err; user.salt = salt; user.hash = hash; delete user.passtype; obj.db.SetUser(user); });
+ if ((user.siteadmin) && (user.siteadmin != 0xFFFFFFFF) && (user.siteadmin & 32) != 0) { fn('locked'); return; }
return fn(null, user._id);
}
fn(new Error('invalid password'), null, user.passhint);
@@ -215,7 +217,10 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
// Default strong password hashing (pbkdf2 SHA384)
require('./pass').hash(pass, user.salt, function (err, hash) {
if (err) return fn(err);
- if (hash == user.hash) return fn(null, user._id);
+ if (hash == user.hash) {
+ if ((user.siteadmin) && (user.siteadmin != 0xFFFFFFFF) && (user.siteadmin & 32) != 0) { fn('locked'); return; }
+ return fn(null, user._id);
+ }
fn(new Error('invalid password'), null, user.passhint);
});
}
@@ -330,7 +335,7 @@ module.exports.CreateWebServer = function (parent, db, args, secret, certificate
obj.parent.DispatchEvent(['*'], obj, { etype: 'user', username: user.name, action: 'login', msg: 'Account login', domain: domain.id })
} else {
delete req.session.loginmode;
- req.session.error = 'Login failed, check username and password.';
+ if (err == 'locked') { req.session.error = 'Account locked.'; } else { req.session.error = 'Login failed, check username and password.'; }
if ((passhint != null) && (passhint.length > 0)) {
req.session.passhint = passhint;
} else {