change password is now usable for GM's too by using a GET['id'] param!

This commit is contained in:
Quitta 2013-07-01 23:29:16 +02:00
parent ffa8d86cfa
commit ad9f32c191
6 changed files with 173 additions and 50 deletions

View file

@ -313,27 +313,43 @@ class Users{
} }
public function check_change_password($values){ public function check_change_password($values){
if ( isset( $values["user"] ) and isset( $values["CurrentPass"] ) and isset( $values["ConfirmNewPass"] ) and isset( $values["NewPass"] ) ){ //if admin isn't changing others
$match = $this->checkLoginMatch($values["user"],$values["CurrentPass"]); if(!$values['adminChangesOther']){
$newpass = $this->checkPassword($values["NewPass"]); if ( isset( $values["user"] ) and isset( $values["CurrentPass"] ) and isset( $values["ConfirmNewPass"] ) and isset( $values["NewPass"] ) ){
$confpass = $this->confirmPassword($newpass,$values["NewPass"],$values["ConfirmNewPass"]); $match = $this->checkLoginMatch($values["user"],$values["CurrentPass"]);
$newpass = $this->checkPassword($values["NewPass"]);
$confpass = $this->confirmPassword($newpass,$values["NewPass"],$values["ConfirmNewPass"]);
}else{
$match = "";
$newpass = "";
$confpass = "";
}
}else{ }else{
$match = ""; //if admin is indeed changing someone!
$newpass = ""; if ( isset( $values["user"] ) and isset( $values["ConfirmNewPass"] ) and isset( $values["NewPass"] ) ){
$confpass = ""; $newpass = $this->checkPassword($values["NewPass"]);
$confpass = $this->confirmPassword($newpass,$values["NewPass"],$values["ConfirmNewPass"]);
}else{
$newpass = "";
$confpass = "";
}
} }
if ( ( $match != "fail" ) and ( $newpass == "success" ) and ( $confpass == "success" ) ){ if ( !$values['adminChangesOther'] and ( $match != "fail" ) and ( $newpass == "success" ) and ( $confpass == "success" ) ){
return "success";
}else if($values['adminChangesOther'] and ( $newpass == "success" ) and ( $confpass == "success" ) ){
return "success"; return "success";
}else{ }else{
$pageElements = array( $pageElements = array(
'match_error_message' => $match,
'newpass_error_message' => $newpass, 'newpass_error_message' => $newpass,
'confirmnewpass_error_message' => $confpass 'confirmnewpass_error_message' => $confpass
); );
if ( $match != "fail" ){ if(!$values['adminChangesOther']){
$pageElements['MATCH_ERROR'] = 'FALSE'; $pageElements['match_error_message'] = $match;
}else{ if ( $match != "fail" ){
$pageElements['MATCH_ERROR'] = 'TRUE'; $pageElements['MATCH_ERROR'] = 'FALSE';
}else{
$pageElements['MATCH_ERROR'] = 'TRUE';
}
} }
if ( $newpass != "success" ){ if ( $newpass != "success" ){
$pageElements['NEWPASSWORD_ERROR'] = 'TRUE'; $pageElements['NEWPASSWORD_ERROR'] = 'TRUE';
@ -348,6 +364,29 @@ class Users{
return $pageElements; return $pageElements;
} }
} }
protected function setPassword($user, $pass){
try {
//make connection with and put into shard db
global $cfg;
$dbs = new DBLayer($cfg['db']['shard']);
$dbs->execute("UPDATE user SET Password = :pass WHERE Login = :user ",$values);
return "ok";
}
catch (PDOException $e) {
//oh noooz, the shard is offline! Put in query queue at ams_lib db!
/*try {
$dbl = new DBLayer($cfg['db']['lib']);
$dbl->execute("INSERT INTO ams_querycache (type, query) VALUES (:type, :query)",array("type" => "createUser",
"query" => json_encode(array($values["name"],$values["pass"],$values["mail"]))));
return "shardoffline";
}catch (PDOException $e) {
print_r($e);
return "liboffline";
}*/
}
}
} }

View file

@ -48,9 +48,30 @@ class WebUsers extends Users{
}else{ }else{
return "fail"; return "fail";
} }
} }
public function getUsername($id){
global $cfg;
$dbw = new DBLayer($cfg['db']['web']);
$statement = $dbw->execute("SELECT * FROM ams_user WHERE UId=:id", array('id' => $id));
$row = $statement->fetch();
return $row['Login'];
}
public function isLoggedIn(){
if(isset($_SESSION['user'])){
return true;
}
return false;
}
public function isAdmin(){
if(isset($_SESSION['permission']) && $_SESSION['permission'] == 2){
return true;
}
return false;
}
} }

View file

@ -3,28 +3,66 @@
function change_password(){ function change_password(){
try{ try{
if(isset($_SESSION["user"])){ //if logged in
$webUser = new WebUsers(); if(WebUsers::isLoggedIn()){
$params = Array( 'user' => $_SESSION["user"], 'CurrentPass' => $_POST["CurrentPass"], 'NewPass' => $_POST["NewPass"], 'ConfirmNewPass' => $_POST["ConfirmNewPass"]);
$result = $webUser->check_change_password($params); if(isset($_POST['target_id'])){
if ($result == "success"){ $adminChangesOther = false;
//edit stuff into db //if target_id is the same as session id or is admin
if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){
if($_POST['target_id'] == $_SESSION['id']){
$target_username = $_SESSION['user'];
}else{
$target_username = WebUsers::getUsername($_POST['target_id']);
//isAdmin is true when it's the admin, but the target_id != own id
$adminChangesOther = true;
$_POST["CurrentPass"] = "dummypass";
}
$id = $_POST['target_id'];
$webUser = new WebUsers();
$params = Array( 'user' => $target_username, 'CurrentPass' => $_POST["CurrentPass"], 'NewPass' => $_POST["NewPass"], 'ConfirmNewPass' => $_POST["ConfirmNewPass"], 'adminChangesOther' => $adminChangesOther);
$result = $webUser->check_change_password($params);
if ($result == "success"){
//edit stuff into db
$hashpass = crypt($_POST["NewPass"], WebUsers::generateSALT());
print('success!');
exit;
}else{
$result['prevCurrentPass'] = $_POST["CurrentPass"];
$result['prevNewPass'] = $_POST["NewPass"];
$result['prevConfirmNewPass'] = $_POST["ConfirmNewPass"];
$result['permission'] = $_SESSION['permission'];
$result['no_visible_elements'] = 'FALSE';
$result['target_id'] = $_POST['target_id'];
if(isset($_GET['id'])){
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
$result['isAdmin'] = "TRUE";
}
}
helpers :: loadtemplate( 'settings', $result);
exit;
}
}else{ }else{
$result['prevCurrentPass'] = $_POST["CurrentPass"]; //ERROR: permission denied!
$result['prevNewPass'] = $_POST["NewPass"];
$result['prevConfirmNewPass'] = $_POST["ConfirmNewPass"];
$result['permission'] = $_SESSION['permission'];
$result['no_visible_elements'] = 'FALSE';
helpers :: loadtemplate( 'settings', $result);
exit;
} }
}else{
//ERROR: The form was not filled in correclty
} }
}catch (PDOException $e) { }else{
//go to error page or something, because can't access website db //ERROR: user is not logged in
print_r($e); exit;
exit; }
}
}catch (PDOException $e) {
//go to error page or something, because can't access website db
print_r($e);
exit;
}
} }

View file

@ -10,6 +10,9 @@ function login(){
//handle successful login //handle successful login
$_SESSION['user'] = $_POST["Username"]; $_SESSION['user'] = $_POST["Username"];
$_SESSION['permission'] = $result['Permission']; $_SESSION['permission'] = $result['Permission'];
$_SESSION['id'] = $result['UId'];
print('id=');
print($_SESSION['id']);
//go back to the index page. //go back to the index page.
header( 'Location: index.php' ); header( 'Location: index.php' );
exit; exit;

View file

@ -0,0 +1,21 @@
<?php
function settings(){
if(WebUsers::isLoggedIn()){
//in case id-GET param set it's value as target_id, if no id-param is given, ue the session id.
if(isset($_GET['id'])){
if(WebUsers::isAdmin() && ($_GET['id']!= $_SESSION['id'])){
$result['isAdmin'] = "TRUE";
}
$result['target_id'] = $_GET['id'];
}else{
$result['target_id'] = $_SESSION['id'];
}
return $result;
}else{
//ERROR: not logged in!
print("not logged in!");
exit;
}
}

View file

@ -10,21 +10,22 @@
</div> </div>
<div class="box-content"> <div class="box-content">
<div class="row-fluid"> <div class="row-fluid">
<form id="changePassword" class="form-vertical" method="post" action="index.php"> <form id="changePassword" class="form-vertical" method="post" action="index.php?page=settings&id={$target_id}">
<legend>Change Password</legend> <legend>Change Password</legend>
<div class="control-group {if isset($MATCH_ERROR) and $MATCH_ERROR eq "TRUE"}error{else if {if !isset($isAdmin) or $isAdmin eq "FALSE"}
isset($match_error_message) and $match_error_message neq "fail"}success{else}{/if}"> <div class="control-group {if isset($MATCH_ERROR) and $MATCH_ERROR eq "TRUE"}error{else if
<label class="control-label">Current Password</label> isset($match_error_message) and $match_error_message neq "fail"}success{else}{/if}">
<div class="controls"> <label class="control-label">Current Password</label>
<div class="input-prepend"> <div class="controls">
<span class="add-on" style="margin-left:5px;"><i class="icon-lock"></i></span> <div class="input-prepend">
<input type="password" class="input-xlarge" id="CurrentPass" name="CurrentPass" placeholder="Your current password" {if isset($prevCurrentPass)}value="{$prevCurrentPass}"{/if}> <span class="add-on" style="margin-left:5px;"><i class="icon-lock"></i></span>
{if isset($MATCH_ERROR) and $MATCH_ERROR eq "TRUE"}<span class="help-inline">The password is incorrect</span>{/if} <input type="password" class="input-xlarge" id="CurrentPass" name="CurrentPass" placeholder="Your current password" {if isset($prevCurrentPass)}value="{$prevCurrentPass}"{/if}>
</div> {if isset($MATCH_ERROR) and $MATCH_ERROR eq "TRUE"}<span class="help-inline">The password is incorrect</span>{/if}
</div>
</div>
</div> </div>
</div> {/if}
<div class="control-group {if isset($NEWPASSWORD_ERROR) and $NEWPASSWORD_ERROR eq "TRUE"}error{else if <div class="control-group {if isset($NEWPASSWORD_ERROR) and $NEWPASSWORD_ERROR eq "TRUE"}error{else if
isset($newpass_error_message) and $newpass_error_message eq "success"}success{else}{/if}"> isset($newpass_error_message) and $newpass_error_message eq "success"}success{else}{/if}">
<label class="control-label">New Password</label> <label class="control-label">New Password</label>
@ -50,7 +51,7 @@
</div> </div>
<input type="hidden" name="function" value="change_password"> <input type="hidden" name="function" value="change_password">
<input type="hidden" name="target_id" value="{$target_id}">
<div class="control-group"> <div class="control-group">
<label class="control-label"></label> <label class="control-label"></label>
<div class="controls"> <div class="controls">