Merge with quitta-gsoc-2013

This commit is contained in:
Botanic 2013-07-01 15:43:35 -07:00
parent d22fe6aa84
commit dd8f3b03a4
10 changed files with 307 additions and 61 deletions

View file

@ -9,10 +9,10 @@ class Users{
*/
public function check_Register($values){
// check values
if ( isset( $values["Username"] ) and isset( $values["Password"] ) and isset( $values["Email"] ) ){
if ( isset( $values["Username"] ) and isset( $values["Password"] ) and isset( $values["ConfirmPass"] ) and isset( $values["Email"] ) ){
$user = Users::checkUser( $values["Username"] );
$pass = Users::checkPassword( $values["Password"] );
$cpass = Users::confirmPassword($pass);
$cpass = Users::confirmPassword($pass,$values["Password"],$values["ConfirmPass"]);
$email = Users::checkEmail( $values["Email"] );
}else{
$user = "";
@ -134,12 +134,13 @@ class Users{
* @takes $pass
* @return string Info: Verify's $_POST["Password"] is the same as $_POST["ConfirmPass"]
*/
private function confirmPassword($pass_result)
private function confirmPassword($pass_result,$pass,$confirmpass)
{
if ( ( $_POST["Password"] ) != ( $_POST["ConfirmPass"] ) ){
return "Passwords do not match.";
}else if ($_POST["ConfirmPass"]==""){
if ($confirmpass==""){
return "You have to fill in the confirmation password.";
}
else if ( ( $pass ) != ( $confirmpass ) ){
return "Passwords do not match.";
}else if($pass_result != "success"){
return;
}else{
@ -288,7 +289,7 @@ class Users{
//make connection with and put into shard db
global $cfg;
$dbs = new DBLayer($cfg['db']['shard']);
$dbs->execute("INSERT INTO user (Login, Password, Email) VALUES (:name, :pass, :mail)",$values["params"]);
$dbs->execute("INSERT INTO user (Login, Password, Email) VALUES (:name, :pass, :mail)",$values);
return "ok";
}
catch (PDOException $e) {
@ -304,7 +305,88 @@ class Users{
}
}
}
}
protected function checkLoginMatch($user,$pass){
print('This is the base class!');
}
public function check_change_password($values){
//if admin isn't changing others
if(!$values['adminChangesOther']){
if ( isset( $values["user"] ) and isset( $values["CurrentPass"] ) and isset( $values["ConfirmNewPass"] ) and isset( $values["NewPass"] ) ){
$match = $this->checkLoginMatch($values["user"],$values["CurrentPass"]);
$newpass = $this->checkPassword($values["NewPass"]);
$confpass = $this->confirmPassword($newpass,$values["NewPass"],$values["ConfirmNewPass"]);
}else{
$match = "";
$newpass = "";
$confpass = "";
}
}else{
//if admin is indeed changing someone!
if ( isset( $values["user"] ) and isset( $values["ConfirmNewPass"] ) and isset( $values["NewPass"] ) ){
$newpass = $this->checkPassword($values["NewPass"]);
$confpass = $this->confirmPassword($newpass,$values["NewPass"],$values["ConfirmNewPass"]);
}else{
$newpass = "";
$confpass = "";
}
}
if ( !$values['adminChangesOther'] and ( $match != "fail" ) and ( $newpass == "success" ) and ( $confpass == "success" ) ){
return "success";
}else if($values['adminChangesOther'] and ( $newpass == "success" ) and ( $confpass == "success" ) ){
return "success";
}else{
$pageElements = array(
'newpass_error_message' => $newpass,
'confirmnewpass_error_message' => $confpass
);
if(!$values['adminChangesOther']){
$pageElements['match_error_message'] = $match;
if ( $match != "fail" ){
$pageElements['MATCH_ERROR'] = 'FALSE';
}else{
$pageElements['MATCH_ERROR'] = 'TRUE';
}
}
if ( $newpass != "success" ){
$pageElements['NEWPASSWORD_ERROR'] = 'TRUE';
}else{
$pageElements['NEWPASSWORD_ERROR'] = 'FALSE';
}
if ( $confpass != "success" ){
$pageElements['CNEWPASSWORD_ERROR'] = 'TRUE';
}else{
$pageElements['CNEWPASSWORD_ERROR'] = 'FALSE';
}
return $pageElements;
}
}
protected function setPassword($user, $pass){
try {
//make connection with and put into shard db
global $cfg;
$dbs = new DBLayer($cfg['db']['shard']);
$dbs->execute("UPDATE user SET Password = :pass WHERE Login = :user ",$values);
return "ok";
}
catch (PDOException $e) {
//oh noooz, the shard is offline! Put in query queue at ams_lib db!
/*try {
$dbl = new DBLayer($cfg['db']['lib']);
$dbl->execute("INSERT INTO ams_querycache (type, query) VALUES (:type, :query)",array("type" => "createUser",
"query" => json_encode(array($values["name"],$values["pass"],$values["mail"]))));
return "shardoffline";
}catch (PDOException $e) {
print_r($e);
return "liboffline";
}*/
}
}
}

View file

@ -26,4 +26,52 @@ class WebUsers extends Users{
$dbw = new DBLayer($cfg['db']['web']);
return $dbw->execute("SELECT * FROM ams_user WHERE Email = :email",array('email' => $email))->rowCount();
}
/**
* Function checkUserPassMatch
*
* @takes $username,$password
* @return string Info: Returns true or false if a login match is found in the web db
*/
public function checkLoginMatch($username,$password){
global $cfg;
$dbw = new DBLayer($cfg['db']['web']);
$statement = $dbw->execute("SELECT * FROM ams_user WHERE Login=:user", array('user' => $username));
$row = $statement->fetch();
$salt = substr($row['Password'],0,2);
$hashed_input_pass = crypt($password, $salt);
if($hashed_input_pass == $row['Password']){
return $row;
}else{
return "fail";
}
}
public function getUsername($id){
global $cfg;
$dbw = new DBLayer($cfg['db']['web']);
$statement = $dbw->execute("SELECT * FROM ams_user WHERE UId=:id", array('id' => $id));
$row = $statement->fetch();
return $row['Login'];
}
public function isLoggedIn(){
if(isset($_SESSION['user'])){
return true;
}
return false;
}
public function isAdmin(){
if(isset($_SESSION['permission']) && $_SESSION['permission'] == 2){
return true;
}
return false;
}
}

View file

@ -2,7 +2,7 @@
function add_user(){
$params = Array('Username' => $_POST["Username"], 'Password' => $_POST["Password"], 'Email' => $_POST["Email"]);
$params = Array('Username' => $_POST["Username"], 'Password' => $_POST["Password"], 'ConfirmPass' => $_POST["ConfirmPass"], 'Email' => $_POST["Email"]);
$webUser = new WebUsers;
$result = $webUser->check_Register($params);

View file

@ -0,0 +1,68 @@
<?php
function change_password(){
try{
//if logged in
if(WebUsers::isLoggedIn()){
if(isset($_POST['target_id'])){
$adminChangesOther = false;
//if target_id is the same as session id or is admin
if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){
if($_POST['target_id'] == $_SESSION['id']){
$target_username = $_SESSION['user'];
}else{
$target_username = WebUsers::getUsername($_POST['target_id']);
//isAdmin is true when it's the admin, but the target_id != own id
$adminChangesOther = true;
$_POST["CurrentPass"] = "dummypass";
}
$id = $_POST['target_id'];
$webUser = new WebUsers();
$params = Array( 'user' => $target_username, 'CurrentPass' => $_POST["CurrentPass"], 'NewPass' => $_POST["NewPass"], 'ConfirmNewPass' => $_POST["ConfirmNewPass"], 'adminChangesOther' => $adminChangesOther);
$result = $webUser->check_change_password($params);
if ($result == "success"){
//edit stuff into db
$hashpass = crypt($_POST["NewPass"], WebUsers::generateSALT());
print('success!');
exit;
}else{
$result['prevCurrentPass'] = $_POST["CurrentPass"];
$result['prevNewPass'] = $_POST["NewPass"];
$result['prevConfirmNewPass'] = $_POST["ConfirmNewPass"];
$result['permission'] = $_SESSION['permission'];
$result['no_visible_elements'] = 'FALSE';
$result['target_id'] = $_POST['target_id'];
if(isset($_GET['id'])){
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
$result['isAdmin'] = "TRUE";
}
}
helpers :: loadtemplate( 'settings', $result);
exit;
}
}else{
//ERROR: permission denied!
}
}else{
//ERROR: The form was not filled in correclty
}
}else{
//ERROR: user is not logged in
exit;
}
}catch (PDOException $e) {
//go to error page or something, because can't access website db
print_r($e);
exit;
}
}

View file

@ -5,16 +5,14 @@ function login(){
global $cfg;
try{
$dbw = new DBLayer($cfg['db']['web']);
$statement = $dbw->execute("SELECT * FROM ams_user WHERE Login=:user", array('user' => $_POST['Username']));
$row = $statement->fetch();
$salt = substr($row['Password'],0,2);
$hashed_input_pass = crypt($_POST["Password"], $salt);
if($hashed_input_pass == $row['Password']){
$result = WebUsers::checkLoginMatch($_POST["Username"],$_POST["Password"]);
if( $result != "fail"){
//handle successful login
$_SESSION['user'] = $_POST["Username"];
$_SESSION['permission'] = $row['Permission'];
$_SESSION['permission'] = $result['Permission'];
$_SESSION['id'] = $result['UId'];
print('id=');
print($_SESSION['id']);
//go back to the index page.
header( 'Location: index.php' );
exit;

View file

@ -0,0 +1,21 @@
<?php
function settings(){
if(WebUsers::isLoggedIn()){
//in case id-GET param set it's value as target_id, if no id-param is given, ue the session id.
if(isset($_GET['id'])){
if(WebUsers::isAdmin() && ($_GET['id']!= $_SESSION['id'])){
$result['isAdmin'] = "TRUE";
}
$result['target_id'] = $_GET['id'];
}else{
$result['target_id'] = $_SESSION['id'];
}
return $result;
}else{
//ERROR: not logged in!
print("not logged in!");
exit;
}
}

View file

@ -77,17 +77,17 @@
</div>
<div class="box-content">
<ul class="nav nav-tabs" id="myTab">
<li class="active"><a href="#info">Info</a></li>
<li><a href="#custom">Custom</a></li>
<li><a href="#info">Info</a></li>
<li class="active"><a href="#custom">Custom</a></li>
<li><a href="#messages">Messages</a></li>
</ul>
<div id="myTabContent" class="tab-content">
<div class="tab-pane active" id="info">
<div class="tab-pane" id="info">
<h3>Charisma <small>a fully featued template</small></h3>
<p>Its a fully featured, responsive template for your admin panel. Its optimized for tablet and mobile phones. Scan the QR code below to view it in your mobile device.</p> <img alt="QR Code" class="charisma_qr center" src="img/qrcode136.png" />
</div>
<div class="tab-pane" id="custom">
<div class="tab-pane active" id="custom">
<h3>Custom <small>small text</small></h3>
<p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Curabitur bibendum ornare dolor.</p>
<p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Curabitur bibendum ornare dolor, quis ullamcorper ligula sodales at. Nulla tellus elit, varius non commodo eget, mattis vel eros. In sed ornare nulla. Donec consectetur, velit a pharetra ultricies, diam lorem lacinia risus, ac commodo orci erat eu massa. Sed sit amet nulla ipsum. Donec felis mauris, vulputate sed tempor at, aliquam a ligula. Pellentesque non pulvinar nisi.</p>

View file

@ -2,6 +2,7 @@
{block name=menu}
<li class="nav-header hidden-tablet">Main</li>
<li style="margin-left: -2px;"><a class="ajax-link" href="index.php"><i class="icon-home"></i><span class="hidden-tablet"> Dashboard</span></a></li>
<li style="margin-left: -2px;"><a class="ajax-link" href="index.php?page=settings"><i class="icon-cog"></i><span class="hidden-tablet"> Settings</span></a></li>
<li class="nav-header hidden-tablet">Admin</li>
<li style="margin-left: -2px;"><a class="ajax-link" href="index.php?page=libuserlist"><i class="icon-th-list"></i><span class="hidden-tablet"> Liblist</span></a></li>
<li class="nav-header hidden-tablet">Actions</li>

View file

@ -2,6 +2,7 @@
{block name=menu}
<li class="nav-header hidden-tablet">Main</li>
<li style="margin-left: -2px;" class="active"><a class="ajax-link" href="index.php"><i class="icon-home"></i><span class="hidden-tablet"> Dashboard</span></a></li>
<li style="margin-left: -2px;"><a class="ajax-link" href="index.php?page=settings"><i class="icon-cog"></i><span class="hidden-tablet"> Settings</span></a></li>
<li style="margin-left: -2px;"><a class="ajax-link" href="index.php?page=userlist"><i class="icon-home"></i><span class="hidden-tablet"> Demo Userlist</span></a></li>
<li class="nav-header hidden-tablet">Actions</li>
<li style="margin-left: -2px;"><a href="?page=logout"><i class="icon-off"></i><span class="hidden-tablet"> Logout </span></a></li>

View file

@ -1,57 +1,57 @@
{block name=content}
<div class="row-fluid">
<div class="box span12">
<div class="box-header well">
<h2><i class=" icon-user"></i> Settings</h2>
<div class="box-icon">
<a href="#" class="btn btn-minimize btn-round"><i class="icon-chevron-up"></i></a>
<a href="#" class="btn btn-close btn-round"><i class="icon-remove"></i></a>
<div class="row-fluid sortable ui-sortable">
<div class="box span4">
<div class="box-header well" data-original-title="">
<h2><i class="icon-th"></i> Change Password</h2>
<div class="box-icon">
<a href="#" class="btn btn-minimize btn-round"><i class="icon-chevron-up"></i></a>
<a href="#" class="btn btn-close btn-round"><i class="icon-remove"></i></a>
</div>
</div>
</div>
<div class="box-content">
<ul class="nav nav-tabs" id="myTab">
<li class="active"><a href="#info">Change Password</a></li>
<li><a href="#custom">Change Email</a></li>
<li><a href="#messages">Change Info</a></li>
</ul>
<div id="myTabContent" class="tab-content">
<div class="tab-pane active" id="info">
<form id="changePassword" class="form-vertical" method="post" action="index.php">
<div class="box-content">
<div class="row-fluid">
<form id="changePassword" class="form-vertical" method="post" action="index.php?page=settings&id={$target_id}">
<legend>Change Password</legend>
<div class="control-group">
<label class="control-label">Current Password</label>
<div class="controls">
<div class="input-prepend">
<span class="add-on" style="margin-left:5px;"><i class="icon-lock"></i></span>
<input type="password" class="input-xlarge" id="CurrentPass" name="CurrentPass" placeholder="Your current password">
{if !isset($isAdmin) or $isAdmin eq "FALSE"}
<div class="control-group {if isset($MATCH_ERROR) and $MATCH_ERROR eq "TRUE"}error{else if
isset($match_error_message) and $match_error_message neq "fail"}success{else}{/if}">
<label class="control-label">Current Password</label>
<div class="controls">
<div class="input-prepend">
<span class="add-on" style="margin-left:5px;"><i class="icon-lock"></i></span>
<input type="password" class="input-xlarge" id="CurrentPass" name="CurrentPass" placeholder="Your current password" {if isset($prevCurrentPass)}value="{$prevCurrentPass}"{/if}>
{if isset($MATCH_ERROR) and $MATCH_ERROR eq "TRUE"}<span class="help-inline">The password is incorrect</span>{/if}
</div>
</div>
</div>
</div>
<div class="control-group">
{/if}
<div class="control-group {if isset($NEWPASSWORD_ERROR) and $NEWPASSWORD_ERROR eq "TRUE"}error{else if
isset($newpass_error_message) and $newpass_error_message eq "success"}success{else}{/if}">
<label class="control-label">New Password</label>
<div class="controls">
<div class="input-prepend">
<span class="add-on" style="margin-left:5px;"><i class="icon-tag"></i></span>
<input type="password" class="input-xlarge" id="NewPass" name="NewPass" placeholder="Your new password">
</div>
<input type="password" class="input-xlarge" id="NewPass" name="NewPass" placeholder="Your new password" {if isset($prevNewPass)}value="{$prevNewPass}"{/if}>
{if isset($NEWPASSWORD_ERROR) and $NEWPASSWORD_ERROR eq "TRUE"}<span class="help-inline">{$newpass_error_message}</span>{/if}
</div>
</div>
</div>
<div class="control-group">
<div class="control-group {if isset($CNEWPASSWORD_ERROR) and $CNEWPASSWORD_ERROR eq "TRUE"}error{else if
isset($confirmnewpass_error_message) and $confirmnewpass_error_message eq "success"}success{else}{/if}">
<label class="control-label">Confirm New Password</label>
<div class="controls">
<div class="input-prepend">
<span class="add-on" style="margin-left:5px;"><i class="icon-tags"></i></span>
<input type="password" class="input-xlarge" id="ConfirmNewPass" name="ConfirmNewPass" placeholder="Re-enter the new password">
</div>
<input type="password" class="input-xlarge" id="ConfirmNewPass" name="ConfirmNewPass" placeholder="Re-enter the new password" {if isset($prevConfirmNewPass)}value="{$prevConfirmNewPass}"{/if}>
{if isset($CNEWPASSWORD_ERROR) and $CNEWPASSWORD_ERROR eq "TRUE"}<span class="help-inline">{$confirmnewpass_error_message}</span>{/if}
</div>
</div>
</div>
<input type="hidden" name="function" value="change_password">
<input type="hidden" name="target_id" value="{$target_id}">
<div class="control-group">
<label class="control-label"></label>
<div class="controls">
@ -59,8 +59,20 @@
</div>
</div>
</form>
</div>
</div>
</div><!--/span-->
<div class="box span4">
<div class="box-header well" data-original-title="">
<h2><i class="icon-th"></i> Change Email</h2>
<div class="box-icon">
<a href="#" class="btn btn-minimize btn-round"><i class="icon-chevron-up"></i></a>
<a href="#" class="btn btn-close btn-round"><i class="icon-remove"></i></a>
</div>
<div class="tab-pane" id="custom">
</div>
<div class="box-content">
<div class="row-fluid">
<form id="changeEmail" class="form-vertical" method="post" action="index.php">
<legend>Change Email</legend>
<div class="control-group">
@ -80,8 +92,20 @@
</div>
</div>
</form>
</div>
</div>
</div><!--/span-->
<div class="box span4">
<div class="box-header well" data-original-title="">
<h2><i class="icon-th"></i> Change Info</h2>
<div class="box-icon">
<a href="#" class="btn btn-minimize btn-round"><i class="icon-chevron-up"></i></a>
<a href="#" class="btn btn-close btn-round"><i class="icon-remove"></i></a>
</div>
<div class="tab-pane" id="messages">
</div>
<div class="box-content">
<div class="row-fluid">
<form id="changeEmail" class="form-vertical" method="post" action="index.php">
<legend>Change Info</legend>
@ -105,10 +129,11 @@
</div>
</div>
<div class="control-group">
<div class="control-group">
<label class="control-label">Country</label>
<div class="controls">
<select>
<option value="AA" selected="selected">Select one</option>
<option value="AF">Afghanistan</option>
<option value="AX">Åland Islands</option>
<option value="AL">Albania</option>
@ -391,10 +416,12 @@
</div>
</div>
</form>
</div>
</div>
</div>
</div>
</div><!--/span-->
</div>
</div><!--/span-->
</div><!--/row-->
{/block}