diff options
Diffstat (limited to 'webapps/scripting/preauth.esp')
| -rw-r--r-- | webapps/scripting/preauth.esp | 49 |
1 files changed, 0 insertions, 49 deletions
diff --git a/webapps/scripting/preauth.esp b/webapps/scripting/preauth.esp deleted file mode 100644 index 84534cacef..0000000000 --- a/webapps/scripting/preauth.esp +++ /dev/null @@ -1,49 +0,0 @@ -<% -include("/scripting/common.js"); - -/* - check if a uri is one of the 'always allowed' pages, even when not logged in - This allows the login page to use the same style sheets and images -*/ -function always_allowed(uri) { - var str = string_init(); - - /* allow the primary web application to do its own authentication */ - var s = str.split('/', uri); - if (s[0] == "" && (s.length == 1 || /* no path provided */ - s[1] == 'index.html' || - s[1] == "script" || - s[1] == "resource")) { - return true; - } - - var s = str.split('.', uri); - if (s.length < 2) { - return false; - } - - var ext = s[s.length-1]; - var allowed = new Array("ico", "gif", "png","css", "js"); - for (i in allowed) { - if (allowed[i] == ext) { - return true; - } - } - return false; -} - - -/* this script is called on every web request. If it produces any - output at all then that output is returned and the requested page - is not given or processed. -*/ -if (server['SERVER_PROTOCOL'] == "http" && - server['TLS_SUPPORT'] == "True") { - write("redirect to https"); - redirect("https://" + headers['HOST'] + request['REQUEST_URI']); -} else if (always_allowed(request['REQUEST_URI']) != true && - session['AUTHENTICATED'] == undefined) { - /* present the login page */ - include("/login.esp"); -} -%> |