function _securesite_denied in Secure Site 6.2
Same name and namespace in other branches
- 7.2 securesite.inc \_securesite_denied()
Deny access to users who are not authorized to access secured pages.
2 calls to _securesite_denied()
- _securesite_guest_login in ./
securesite.inc - Log in guest user.
- _securesite_user_login in ./
securesite.inc - Log in authenticated user.
File
- ./
securesite.inc, line 244 - Secure Site log-in functions.
Code
function _securesite_denied($message) {
if (empty($_SESSION['securesite_denied'])) {
// Unset messages from previous log-in attempts.
unset($_SESSION['messages']);
// Set a session variable so that the log-in dialog will be displayed when the page is reloaded.
$_SESSION['securesite_denied'] = TRUE;
drupal_set_header('HTTP/1.1 403 Forbidden');
drupal_set_title(t('Access denied'));
drupal_set_message($message, 'error');
print theme('securesite_page');
module_invoke_all('exit');
exit;
}
else {
unset($_SESSION['securesite_denied']);
// Safari will attempt to use old credentials before requesting new credentials
// from the user. Logging out requires that the WWW-Authenticate header be sent
// twice.
$user_agent = isset($_SERVER['HTTP_USER_AGENT']) ? drupal_strtolower($_SERVER['HTTP_USER_AGENT']) : '';
if ($user_agent != str_replace('safari', '', $user_agent)) {
$_SESSION['securesite_repeat'] = TRUE;
}
$types = variable_get('securesite_type', array(
SECURESITE_BASIC,
));
if (in_array(SECURESITE_DIGEST, $types)) {
// Reset the digest header.
$realm = variable_get('securesite_realm', variable_get('site_name', 'Drupal'));
_securesite_digest_validate($status, array(
'realm' => $realm,
'fakerealm' => _securesite_fake_realm(),
));
}
_securesite_dialog(array_pop($types));
}
}