Edit user and password change

This commit is contained in:
Diego Najar 2018-05-15 20:12:15 +02:00
parent ab746013ee
commit 84de0a99a3
5 changed files with 88 additions and 83 deletions

View File

@ -4,40 +4,7 @@
// Functions
// ============================================================================
function setPassword($username, $new_password, $confirm_password)
{
global $dbUsers;
global $Language;
global $Syslog;
// Password length
if( strlen($new_password) < 6 )
{
Alert::set($Language->g('Password must be at least 6 characters long'), ALERT_STATUS_FAIL);
return false;
}
if($new_password===$confirm_password)
{
if( $dbUsers->setPassword($username, $new_password) ) {
Alert::set($Language->g('The changes have been saved'), ALERT_STATUS_OK);
// Add to syslog
$Syslog->add(array(
'dictionaryKey'=>'user-password-changed',
'notes'=>$username
));
return true;
}
else {
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to change the user password.');
return false;
}
}
else {
Alert::set($Language->g('The password and confirmation password do not match'), ALERT_STATUS_FAIL);
return false;
}
}
// ============================================================================
// Main before POST
@ -47,16 +14,12 @@ function setPassword($username, $new_password, $confirm_password)
// POST Method
// ============================================================================
if( $_SERVER['REQUEST_METHOD'] == 'POST' )
{
// Prevent editors to administrate other users.
if($Login->role()!=='admin')
{
$_POST['username'] = $Login->username();
unset($_POST['role']);
}
if( setPassword($_POST['username'], $_POST['new_password'], $_POST['confirm_password']) ) {
if ($_SERVER['REQUEST_METHOD'] == 'POST') {
if (changeUserPassword(array(
'username'=>$_POST['username'],
'newPassword'=>$_POST['newPassword'],
'confirmPassword'=>$_POST['confirmPassword']
))) {
Redirect::page('users');
}
}
@ -65,18 +28,16 @@ if( $_SERVER['REQUEST_METHOD'] == 'POST' )
// Main after POST
// ============================================================================
if($Login->role()!=='admin') {
// Prevent non-administrators to change other users
if ($Login->role()!=='admin') {
$layout['parameters'] = $Login->username();
}
$_user = $dbUsers->getDb($layout['parameters']);
// If the user doesn't exist, redirect to the users list.
if($_user===false) {
// Get the user to edit
$user = $dbUsers->get($layout['parameters']);
if ($user===false) {
Redirect::page('users');
}
$_user['username'] = $layout['parameters'];
// Title of the page
$layout['title'] .= ' - '.$Language->g('Change password');
$layout['title'] = $Language->g('Change password').' - '.$layout['title'];

View File

@ -44,6 +44,17 @@ echo Bootstrap::formOpen(array());
'tip'=>''
));
echo Bootstrap::formTitle(array('title'=>$L->g('Password')));
echo '
<div class="form-group row">
<div class="col-sm-2"></div>
<div class="col-sm-10">
<a href="'.HTML_PATH_ADMIN_ROOT.'user-password/'.$user->username().'" class="btn btn-primary mr-2">'.$L->g('Change password').'</a>
</div>
</div>
';
echo Bootstrap::formTitle(array('title'=>$L->g('Authentication Token')));
echo Bootstrap::formInputText(array(

View File

@ -1,55 +1,56 @@
<?php
HTML::title(array('title'=>$L->g('Change password'), 'icon'=>'key'));
echo Bootstrap::pageTitle(array('title'=>$L->g('Change password'), 'icon'=>'person'));
HTML::formOpen(array('id'=>'edit-user-profile-form','class'=>'uk-form-horizontal'));
echo Bootstrap::formOpen(array());
// Security token
HTML::formInputHidden(array(
echo Bootstrap::formInputHidden(array(
'name'=>'tokenCSRF',
'value'=>$Security->getTokenCSRF()
));
// Hidden field username
HTML::formInputHidden(array(
echo Bootstrap::formInputHidden(array(
'name'=>'username',
'value'=>$_user['username']
'value'=>$user->username()
));
HTML::legend(array('value'=>$L->g('New password'), 'class'=>'first-child'));
HTML::formInputText(array(
'name'=>'usernameDisable',
echo Bootstrap::formInputText(array(
'name'=>'usernameDisabled',
'label'=>$L->g('Username'),
'value'=>$_user['username'],
'class'=>'uk-width-1-2 uk-form-medium',
'value'=>$user->username(),
'class'=>'',
'placeholder'=>'',
'disabled'=>true,
'tip'=>''
));
HTML::formInputPassword(array(
'name'=>'new_password',
echo Bootstrap::formInputText(array(
'name'=>'newPassword',
'label'=>$L->g('New password'),
'type'=>'password',
'value'=>'',
'class'=>'uk-width-1-2 uk-form-medium',
'class'=>'',
'placeholder'=>'',
'tip'=>''
));
HTML::formInputPassword(array(
'name'=>'confirm_password',
'label'=>$L->g('Confirm password'),
echo Bootstrap::formInputText(array(
'name'=>'confirmPassword',
'label'=>$L->g('Confirm new password'),
'type'=>'password',
'value'=>'',
'class'=>'uk-width-1-2 uk-form-medium',
'class'=>'',
'placeholder'=>'',
'tip'=>''
));
echo '<div class="uk-form-row">
<div class="uk-form-controls">
<button type="submit" class="uk-button uk-button-primary">'.$L->g('Save').'</button>
<a href="'.HTML_PATH_ADMIN_ROOT.'edit-user/'.$_user['username'].'" class="uk-button">'.$L->g('Cancel').'</a>
</div>
</div>';
echo '
<div class="form-group mt-4">
<button type="submit" class="btn btn-primary mr-2" name="save">'.$L->g('Save').'</button>
<a class="btn btn-secondary" href="'.HTML_PATH_ADMIN_ROOT.'users" role="button">'.$L->g('Cancel').'</a>
</div>
';
HTML::formClose();
echo Bootstrap::formClose();
?>
?>

View File

@ -149,11 +149,10 @@ class dbUsers extends dbJSON
return $this->set($args);
}
public function setPassword($username, $password)
// Change user password
// args => array( username, password )
public function setPassword($args)
{
$args['username'] = $username;
$args['password'] = $password;
return $this->set($args);
}

View File

@ -728,6 +728,39 @@ function editSettings($args) {
return false;
}
function changeUserPassword($args) {
global $dbUsers;
global $Language;
global $Syslog;
// Arguments
$username = $args['username'];
$newPassword = $args['newPassword'];
$confirmPassword = $args['confirmPassword'];
// Password length
if (Text::length($newPassword) < 6) {
Alert::set($Language->g('Password must be at least 6 characters long'), ALERT_STATUS_FAIL);
return false;
}
if ($newPassword!=$confirmPassword) {
Alert::set($Language->g('The password and confirmation password do not match'), ALERT_STATUS_FAIL);
return false;
}
if ($dbUsers->setPassword(array('username'=>$username, 'password'=>$newPassword))) {
$Syslog->add(array(
'dictionaryKey'=>'user-password-changed',
'notes'=>$username
));
Alert::set($Language->g('The changes have been saved'), ALERT_STATUS_OK);
return true;
}
return false;
}
// Add a new category to the system
// Returns TRUE is successfully added, FALSE otherwise
function createCategory($category) {