From 84de0a99a368380891e0804cceeb46c2ff8197ae Mon Sep 17 00:00:00 2001 From: Diego Najar Date: Tue, 15 May 2018 20:12:15 +0200 Subject: [PATCH] Edit user and password change --- bl-kernel/admin/controllers/user-password.php | 63 ++++--------------- bl-kernel/admin/views/edit-user.php | 11 ++++ bl-kernel/admin/views/user-password.php | 57 ++++++++--------- bl-kernel/dbusers.class.php | 7 +-- bl-kernel/functions.php | 33 ++++++++++ 5 files changed, 88 insertions(+), 83 deletions(-) diff --git a/bl-kernel/admin/controllers/user-password.php b/bl-kernel/admin/controllers/user-password.php index e498f307..8001b719 100644 --- a/bl-kernel/admin/controllers/user-password.php +++ b/bl-kernel/admin/controllers/user-password.php @@ -4,40 +4,7 @@ // Functions // ============================================================================ -function setPassword($username, $new_password, $confirm_password) -{ - global $dbUsers; - global $Language; - global $Syslog; - // Password length - if( strlen($new_password) < 6 ) - { - Alert::set($Language->g('Password must be at least 6 characters long'), ALERT_STATUS_FAIL); - return false; - } - - if($new_password===$confirm_password) - { - if( $dbUsers->setPassword($username, $new_password) ) { - Alert::set($Language->g('The changes have been saved'), ALERT_STATUS_OK); - // Add to syslog - $Syslog->add(array( - 'dictionaryKey'=>'user-password-changed', - 'notes'=>$username - )); - return true; - } - else { - Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to change the user password.'); - return false; - } - } - else { - Alert::set($Language->g('The password and confirmation password do not match'), ALERT_STATUS_FAIL); - return false; - } -} // ============================================================================ // Main before POST @@ -47,16 +14,12 @@ function setPassword($username, $new_password, $confirm_password) // POST Method // ============================================================================ -if( $_SERVER['REQUEST_METHOD'] == 'POST' ) -{ - // Prevent editors to administrate other users. - if($Login->role()!=='admin') - { - $_POST['username'] = $Login->username(); - unset($_POST['role']); - } - - if( setPassword($_POST['username'], $_POST['new_password'], $_POST['confirm_password']) ) { +if ($_SERVER['REQUEST_METHOD'] == 'POST') { + if (changeUserPassword(array( + 'username'=>$_POST['username'], + 'newPassword'=>$_POST['newPassword'], + 'confirmPassword'=>$_POST['confirmPassword'] + ))) { Redirect::page('users'); } } @@ -65,18 +28,16 @@ if( $_SERVER['REQUEST_METHOD'] == 'POST' ) // Main after POST // ============================================================================ -if($Login->role()!=='admin') { +// Prevent non-administrators to change other users +if ($Login->role()!=='admin') { $layout['parameters'] = $Login->username(); } -$_user = $dbUsers->getDb($layout['parameters']); - -// If the user doesn't exist, redirect to the users list. -if($_user===false) { +// Get the user to edit +$user = $dbUsers->get($layout['parameters']); +if ($user===false) { Redirect::page('users'); } -$_user['username'] = $layout['parameters']; - // Title of the page -$layout['title'] .= ' - '.$Language->g('Change password'); \ No newline at end of file +$layout['title'] = $Language->g('Change password').' - '.$layout['title']; \ No newline at end of file diff --git a/bl-kernel/admin/views/edit-user.php b/bl-kernel/admin/views/edit-user.php index 4d15a388..6d55430d 100644 --- a/bl-kernel/admin/views/edit-user.php +++ b/bl-kernel/admin/views/edit-user.php @@ -44,6 +44,17 @@ echo Bootstrap::formOpen(array()); 'tip'=>'' )); + echo Bootstrap::formTitle(array('title'=>$L->g('Password'))); + + echo ' +
+
+
+ '.$L->g('Change password').' +
+
+ '; + echo Bootstrap::formTitle(array('title'=>$L->g('Authentication Token'))); echo Bootstrap::formInputText(array( diff --git a/bl-kernel/admin/views/user-password.php b/bl-kernel/admin/views/user-password.php index bc33f448..67d85a28 100644 --- a/bl-kernel/admin/views/user-password.php +++ b/bl-kernel/admin/views/user-password.php @@ -1,55 +1,56 @@ $L->g('Change password'), 'icon'=>'key')); +echo Bootstrap::pageTitle(array('title'=>$L->g('Change password'), 'icon'=>'person')); -HTML::formOpen(array('id'=>'edit-user-profile-form','class'=>'uk-form-horizontal')); +echo Bootstrap::formOpen(array()); - // Security token - HTML::formInputHidden(array( + echo Bootstrap::formInputHidden(array( 'name'=>'tokenCSRF', 'value'=>$Security->getTokenCSRF() )); - // Hidden field username - HTML::formInputHidden(array( + echo Bootstrap::formInputHidden(array( 'name'=>'username', - 'value'=>$_user['username'] + 'value'=>$user->username() )); - HTML::legend(array('value'=>$L->g('New password'), 'class'=>'first-child')); - - HTML::formInputText(array( - 'name'=>'usernameDisable', + echo Bootstrap::formInputText(array( + 'name'=>'usernameDisabled', 'label'=>$L->g('Username'), - 'value'=>$_user['username'], - 'class'=>'uk-width-1-2 uk-form-medium', + 'value'=>$user->username(), + 'class'=>'', + 'placeholder'=>'', 'disabled'=>true, 'tip'=>'' )); - HTML::formInputPassword(array( - 'name'=>'new_password', + echo Bootstrap::formInputText(array( + 'name'=>'newPassword', 'label'=>$L->g('New password'), + 'type'=>'password', 'value'=>'', - 'class'=>'uk-width-1-2 uk-form-medium', + 'class'=>'', + 'placeholder'=>'', 'tip'=>'' )); - HTML::formInputPassword(array( - 'name'=>'confirm_password', - 'label'=>$L->g('Confirm password'), + echo Bootstrap::formInputText(array( + 'name'=>'confirmPassword', + 'label'=>$L->g('Confirm new password'), + 'type'=>'password', 'value'=>'', - 'class'=>'uk-width-1-2 uk-form-medium', + 'class'=>'', + 'placeholder'=>'', 'tip'=>'' )); - echo '
-
- - '.$L->g('Cancel').' -
-
'; + echo ' +
+ + '.$L->g('Cancel').' +
+ '; -HTML::formClose(); +echo Bootstrap::formClose(); -?> +?> \ No newline at end of file diff --git a/bl-kernel/dbusers.class.php b/bl-kernel/dbusers.class.php index ac2e702c..747777c2 100644 --- a/bl-kernel/dbusers.class.php +++ b/bl-kernel/dbusers.class.php @@ -149,11 +149,10 @@ class dbUsers extends dbJSON return $this->set($args); } - public function setPassword($username, $password) + // Change user password + // args => array( username, password ) + public function setPassword($args) { - $args['username'] = $username; - $args['password'] = $password; - return $this->set($args); } diff --git a/bl-kernel/functions.php b/bl-kernel/functions.php index 04c6b0bb..e26b5b8d 100644 --- a/bl-kernel/functions.php +++ b/bl-kernel/functions.php @@ -728,6 +728,39 @@ function editSettings($args) { return false; } +function changeUserPassword($args) { + global $dbUsers; + global $Language; + global $Syslog; + + // Arguments + $username = $args['username']; + $newPassword = $args['newPassword']; + $confirmPassword = $args['confirmPassword']; + + // Password length + if (Text::length($newPassword) < 6) { + Alert::set($Language->g('Password must be at least 6 characters long'), ALERT_STATUS_FAIL); + return false; + } + + if ($newPassword!=$confirmPassword) { + Alert::set($Language->g('The password and confirmation password do not match'), ALERT_STATUS_FAIL); + return false; + } + + if ($dbUsers->setPassword(array('username'=>$username, 'password'=>$newPassword))) { + $Syslog->add(array( + 'dictionaryKey'=>'user-password-changed', + 'notes'=>$username + )); + Alert::set($Language->g('The changes have been saved'), ALERT_STATUS_OK); + return true; + } + + return false; +} + // Add a new category to the system // Returns TRUE is successfully added, FALSE otherwise function createCategory($category) {