diff --git a/admin/controllers/add-user.php b/admin/controllers/add-user.php index 723f0564..ce004cf3 100644 --- a/admin/controllers/add-user.php +++ b/admin/controllers/add-user.php @@ -18,30 +18,44 @@ function addUser($args) global $dbUsers; global $Language; - // Check if the username already exist in db. - if( Text::isEmpty($args['username']) ) + // Check empty username + if( Text::isEmpty($args['new_username']) ) { - Alert::set($Language->g('username-field-is-empty')); + Alert::set($Language->g('username-field-is-empty'), ALERT_STATUS_FAIL); return false; } - if( $dbUsers->userExists($args['username']) ) + // Check already exist username + if( $dbUsers->userExists($args['new_username']) ) { - Alert::set($Language->g('username-already-exists')); + Alert::set($Language->g('username-already-exists'), ALERT_STATUS_FAIL); return false; } - // Validate password. - if( ($args['password'] != $args['confirm-password'] ) || Text::isEmpty($args['password']) ) + // Password length + if( strlen($args['new_password']) < 6 ) { - Alert::set($Language->g('The password and confirmation password do not match')); + Alert::set($Language->g('Password must be at least 6 characters long'), ALERT_STATUS_FAIL); return false; } - // Add the user. - if( $dbUsers->add($args) ) + // Check new password and confirm password are equal + if( $args['new_password'] != $args['confirm_password'] ) { - Alert::set($Language->g('user-has-been-added-successfully')); + Alert::set($Language->g('The password and confirmation password do not match'), ALERT_STATUS_FAIL); + return false; + } + + // Filter form fields + $tmp = array(); + $tmp['username'] = $args['new_username']; + $tmp['password'] = $args['new_password']; + $tmp['role'] = $args['role']; + + // Add the user to the database + if( $dbUsers->add($tmp) ) + { + Alert::set($Language->g('user-has-been-added-successfully'), ALERT_STATUS_OK); return true; } else diff --git a/admin/controllers/edit-user.php b/admin/controllers/edit-user.php index 39a6bd7c..6b85671d 100644 --- a/admin/controllers/edit-user.php +++ b/admin/controllers/edit-user.php @@ -17,26 +17,6 @@ function editUser($args) } } -function setPassword($username, $new_password, $confirm_password) -{ - global $dbUsers; - global $Language; - - if( ($new_password===$confirm_password) && !Text::isEmpty($new_password) ) - { - if( $dbUsers->setPassword($username, $new_password) ) { - Alert::set($Language->g('The changes have been saved')); - } - else { - Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to change the user password.'); - } - } - else { - Alert::set($Language->g('The password and confirmation password do not match')); - return false; - } -} - function deleteUser($args, $deleteContent=false) { global $dbUsers; @@ -92,10 +72,6 @@ if( $_SERVER['REQUEST_METHOD'] == 'POST' ) elseif(isset($_POST['delete-user-associate'])) { deleteUser($_POST, false); } - elseif( !empty($_POST['new-password']) && !empty($_POST['confirm-password']) ) { - setPassword($_POST['username'], $_POST['new-password'], $_POST['confirm-password']); - editUser($_POST); - } else { editUser($_POST); } diff --git a/admin/controllers/user-password.php b/admin/controllers/user-password.php new file mode 100644 index 00000000..6b4c977a --- /dev/null +++ b/admin/controllers/user-password.php @@ -0,0 +1,73 @@ +g('Password must be at least 6 characters long'), ALERT_STATUS_FAIL); + return false; + } + + if($new_password===$confirm_password) + { + if( $dbUsers->setPassword($username, $new_password) ) { + Alert::set($Language->g('The changes have been saved'), ALERT_STATUS_OK); + return true; + } + else { + Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to change the user password.'); + return false; + } + } + else { + Alert::set($Language->g('The password and confirmation password do not match'), ALERT_STATUS_FAIL); + return false; + } +} + +// ============================================================================ +// Main before POST +// ============================================================================ + +// ============================================================================ +// POST Method +// ============================================================================ + +if( $_SERVER['REQUEST_METHOD'] == 'POST' ) +{ + // Prevent editors to administrate other users. + if($Login->role()!=='admin') + { + $_POST['username'] = $Login->username(); + unset($_POST['role']); + } + + if( setPassword($_POST['username'], $_POST['new_password'], $_POST['confirm_password']) ) { + Redirect::page('admin', 'users'); + } +} + +// ============================================================================ +// Main after POST +// ============================================================================ + +if($Login->role()!=='admin') { + $layout['parameters'] = $Login->username(); +} + +$_user = $dbUsers->getDb($layout['parameters']); + +// If the user doesn't exist, redirect to the users list. +if($_user===false) { + Redirect::page('admin', 'users'); +} + +$_user['username'] = $layout['parameters']; diff --git a/admin/themes/default/css/default.css b/admin/themes/default/css/default.css index 8f2aebfd..378232e9 100644 --- a/admin/themes/default/css/default.css +++ b/admin/themes/default/css/default.css @@ -99,9 +99,14 @@ button.delete-button:hover { text-decoration: underline; } +#jscontent { + height: 400px; +} + +/* ----------- ALERT ----------- */ + #alert { display: none; - background: rgba(48, 102, 187, 0.91); color: #ffffff; padding: 24px; position: fixed; @@ -110,8 +115,12 @@ button.delete-button:hover { z-index: 100; } -#jscontent { - height: 400px; +.alert-ok { + background: rgba(48, 102, 187, 0.91); +} + +.alert-fail { + background: rgba(187, 48, 48, 0.91); } /* ----------- LOGIN FORM ----------- */ diff --git a/admin/themes/default/index.php b/admin/themes/default/index.php index f834fb0a..dae2d4d1 100644 --- a/admin/themes/default/index.php +++ b/admin/themes/default/index.php @@ -48,7 +48,7 @@ $(document).ready(function() { }); -
+
diff --git a/admin/themes/default/init.php b/admin/themes/default/init.php index 07ce459e..58f1cce4 100644 --- a/admin/themes/default/init.php +++ b/admin/themes/default/init.php @@ -30,6 +30,7 @@ class HTML { $type = isset($args['type']) ? $args['type'] : 'text'; $class = empty($args['class']) ? '' : 'class="'.$args['class'].'"'; $placeholder = empty($args['placeholder']) ? '' : 'placeholder="'.$args['placeholder'].'"'; + $disabled = empty($args['disabled']) ? '' : 'disabled'; $html = '
'; @@ -39,7 +40,7 @@ class HTML { $html .= '
'; - $html .= ''; + $html .= ''; if(!empty($args['tip'])) { $html .= '

'.$args['tip'].'

'; diff --git a/admin/views/add-user.php b/admin/views/add-user.php index ff3b871d..2b7230e0 100644 --- a/admin/views/add-user.php +++ b/admin/views/add-user.php @@ -2,7 +2,7 @@ HTML::title(array('title'=>$L->g('Add a new user'), 'icon'=>'user-plus')); -HTML::formOpen(array('class'=>'uk-form-horizontal')); +HTML::formOpen(array('id'=>'add-user-form', 'class'=>'uk-form-horizontal')); // Security token HTML::formInputHidden(array( @@ -11,15 +11,15 @@ HTML::formOpen(array('class'=>'uk-form-horizontal')); )); HTML::formInputText(array( - 'name'=>'username', + 'name'=>'new_username', 'label'=>$L->g('Username'), - 'value'=>(isset($_POST['username'])?$_POST['username']:''), + 'value'=>(isset($_POST['new_username'])?$_POST['new_username']:''), 'class'=>'uk-width-1-2 uk-form-medium', 'tip'=>'' )); HTML::formInputPassword(array( - 'name'=>'password', + 'name'=>'new_password', 'label'=>$L->g('Password'), 'value'=>'', 'class'=>'uk-width-1-2 uk-form-medium', @@ -27,7 +27,7 @@ HTML::formOpen(array('class'=>'uk-form-horizontal')); )); HTML::formInputPassword(array( - 'name'=>'confirm-password', + 'name'=>'confirm_password', 'label'=>$L->g('Confirm Password'), 'value'=>'', 'class'=>'uk-width-1-2 uk-form-medium', diff --git a/admin/views/edit-user.php b/admin/views/edit-user.php index 6416e9b5..bb336c46 100644 --- a/admin/views/edit-user.php +++ b/admin/views/edit-user.php @@ -1,8 +1,8 @@ $L->g('Edit user').' :: '.$_user['username'], 'icon'=>'user')); +HTML::title(array('title'=>$L->g('Edit user'), 'icon'=>'user')); -HTML::formOpen(array('class'=>'uk-form-horizontal')); +HTML::formOpen(array('id'=>'edit-user-profile-form','class'=>'uk-form-horizontal')); // Security token HTML::formInputHidden(array( @@ -18,6 +18,15 @@ HTML::formOpen(array('class'=>'uk-form-horizontal')); HTML::legend(array('value'=>$L->g('Profile'))); + HTML::formInputText(array( + 'name'=>'usernameDisable', + 'label'=>$L->g('Username'), + 'value'=>$_user['username'], + 'class'=>'uk-width-1-2 uk-form-medium', + 'disabled'=>true, + 'tip'=>'' + )); + HTML::formInputText(array( 'name'=>'firstName', 'label'=>$L->g('First name'), @@ -34,6 +43,13 @@ HTML::formOpen(array('class'=>'uk-form-horizontal')); 'tip'=>'' )); + echo '
+ +
+ '.$L->g('Change password').' +
+
'; + if($Login->role()==='admin') { HTML::formSelect(array( @@ -54,24 +70,6 @@ if($Login->role()==='admin') { 'tip'=>$L->g('email-will-not-be-publicly-displayed') )); - HTML::legend(array('value'=>$L->g('Change password'))); - - HTML::formInputPassword(array( - 'name'=>'new-password', - 'label'=>$L->g('New password'), - 'value'=>'', - 'class'=>'uk-width-1-2 uk-form-medium', - 'tip'=>'' - )); - - HTML::formInputPassword(array( - 'name'=>'confirm-password', - 'label'=>$L->g('Confirm Password'), - 'value'=>'', - 'class'=>'uk-width-1-2 uk-form-medium', - 'tip'=>'' - )); - echo '
diff --git a/admin/views/new-post.php b/admin/views/new-post.php index fd4f1494..3d89fb99 100644 --- a/admin/views/new-post.php +++ b/admin/views/new-post.php @@ -44,7 +44,7 @@ echo '
'; // Tabs, general and advanced mode echo ''; diff --git a/admin/views/user-password.php b/admin/views/user-password.php new file mode 100644 index 00000000..d51fa456 --- /dev/null +++ b/admin/views/user-password.php @@ -0,0 +1,55 @@ +$L->g('Change password'), 'icon'=>'key')); + +HTML::formOpen(array('id'=>'edit-user-profile-form','class'=>'uk-form-horizontal')); + + // Security token + HTML::formInputHidden(array( + 'name'=>'tokenCSRF', + 'value'=>$Security->getToken() + )); + + // Hidden field username + HTML::formInputHidden(array( + 'name'=>'username', + 'value'=>$_user['username'] + )); + + HTML::legend(array('value'=>$L->g('New password'))); + + HTML::formInputText(array( + 'name'=>'usernameDisable', + 'label'=>$L->g('Username'), + 'value'=>$_user['username'], + 'class'=>'uk-width-1-2 uk-form-medium', + 'disabled'=>true, + 'tip'=>'' + )); + + HTML::formInputPassword(array( + 'name'=>'new_password', + 'label'=>$L->g('New password'), + 'value'=>'', + 'class'=>'uk-width-1-2 uk-form-medium', + 'tip'=>'' + )); + + HTML::formInputPassword(array( + 'name'=>'confirm_password', + 'label'=>$L->g('Confirm password'), + 'value'=>'', + 'class'=>'uk-width-1-2 uk-form-medium', + 'tip'=>'' + )); + + echo '
+
+ + '.$L->g('Cancel').' +
+
'; + +HTML::formClose(); + +?> \ No newline at end of file diff --git a/kernel/boot/init.php b/kernel/boot/init.php index 56d8b319..e9471d91 100644 --- a/kernel/boot/init.php +++ b/kernel/boot/init.php @@ -48,6 +48,12 @@ if(!defined('JSON_PRETTY_PRINT')) { define('JSON_PRETTY_PRINT', 128); } +// Alert status ok +define('ALERT_STATUS_OK', 0); + +// Alert status fail +define('ALERT_STATUS_FAIL', 1); + // Salt length define('SALT_LENGTH', 8); diff --git a/kernel/helpers/alert.class.php b/kernel/helpers/alert.class.php index 6b7bd9b6..b0d11bf2 100644 --- a/kernel/helpers/alert.class.php +++ b/kernel/helpers/alert.class.php @@ -2,21 +2,25 @@ class Alert { - // new - public static function set($value, $key='alert') + // Status, 0 = OK, 1 = Fail + public static function set($value, $status=ALERT_STATUS_OK, $key='alert') { Session::set('defined', true); - + Session::set('alertStatus', $status); Session::set($key, $value); } public static function get($key='alert') { Session::set('defined', false); - return Session::get($key); } + public static function status() + { + return Session::get('alertStatus'); + } + public static function p($key='alert') { echo self::get($key);