r31k
/
bludit
2
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Edit user and password change

This commit is contained in:
Diego Najar 2018-05-15 20:12:15 +02:00
parent ab746013ee
commit 84de0a99a3
5 changed files with 88 additions and 83 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

63
bl-kernel/admin/controllers/user-password.php
View File

@ -4,40 +4,7 @@
// Functions // Functions
// ============================================================================ // ============================================================================
function setPassword($username, $new_password, $confirm_password)
{
global $dbUsers;
global $Language;
global $Syslog;
// Password length
if( strlen($new_password) < 6 )
{
Alert::set($Language->g('Password must be at least 6 characters long'), ALERT_STATUS_FAIL);
return false;
}
if($new_password===$confirm_password)
{
if( $dbUsers->setPassword($username, $new_password) ) {
Alert::set($Language->g('The changes have been saved'), ALERT_STATUS_OK);
// Add to syslog
$Syslog->add(array(
'dictionaryKey'=>'user-password-changed',
'notes'=>$username
));
return true;
}
else {
Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to change the user password.');
return false;
}
}
else {
Alert::set($Language->g('The password and confirmation password do not match'), ALERT_STATUS_FAIL);
return false;
}
}
// ============================================================================ // ============================================================================
// Main before POST // Main before POST
@ -47,16 +14,12 @@ function setPassword($username, $new_password, $confirm_password)
// POST Method // POST Method
// ============================================================================ // ============================================================================
if( $_SERVER['REQUEST_METHOD'] == 'POST' ) if ($_SERVER['REQUEST_METHOD'] == 'POST') {
{ if (changeUserPassword(array(
// Prevent editors to administrate other users. 'username'=>$_POST['username'],
if($Login->role()!=='admin') 'newPassword'=>$_POST['newPassword'],
{ 'confirmPassword'=>$_POST['confirmPassword']
$_POST['username'] = $Login->username(); ))) {
unset($_POST['role']);
}
if( setPassword($_POST['username'], $_POST['new_password'], $_POST['confirm_password']) ) {
Redirect::page('users'); Redirect::page('users');
} }
} }
@ -65,18 +28,16 @@ if( $_SERVER['REQUEST_METHOD'] == 'POST' )
// Main after POST // Main after POST
// ============================================================================ // ============================================================================
if($Login->role()!=='admin') { // Prevent non-administrators to change other users
if ($Login->role()!=='admin') {
$layout['parameters'] = $Login->username(); $layout['parameters'] = $Login->username();
} }
$_user = $dbUsers->getDb($layout['parameters']); // Get the user to edit
$user = $dbUsers->get($layout['parameters']);
// If the user doesn't exist, redirect to the users list. if ($user===false) {
if($_user===false) {
Redirect::page('users'); Redirect::page('users');
} }
$_user['username'] = $layout['parameters'];
// Title of the page // Title of the page
$layout['title'] .= ' - '.$Language->g('Change password'); $layout['title'] = $Language->g('Change password').' - '.$layout['title'];

11
bl-kernel/admin/views/edit-user.php
View File

@ -44,6 +44,17 @@ echo Bootstrap::formOpen(array());
'tip'=>'' 'tip'=>''
)); ));
echo Bootstrap::formTitle(array('title'=>$L->g('Password')));
echo '
<div class="form-group row">
<div class="col-sm-2"></div>
<div class="col-sm-10">
<a href="'.HTML_PATH_ADMIN_ROOT.'user-password/'.$user->username().'" class="btn btn-primary mr-2">'.$L->g('Change password').'</a>
</div>
</div>
';
echo Bootstrap::formTitle(array('title'=>$L->g('Authentication Token'))); echo Bootstrap::formTitle(array('title'=>$L->g('Authentication Token')));
echo Bootstrap::formInputText(array( echo Bootstrap::formInputText(array(

57
bl-kernel/admin/views/user-password.php
View File

@ -1,55 +1,56 @@
<?php <?php
HTML::title(array('title'=>$L->g('Change password'), 'icon'=>'key')); echo Bootstrap::pageTitle(array('title'=>$L->g('Change password'), 'icon'=>'person'));
HTML::formOpen(array('id'=>'edit-user-profile-form','class'=>'uk-form-horizontal')); echo Bootstrap::formOpen(array());
// Security token echo Bootstrap::formInputHidden(array(
HTML::formInputHidden(array(
'name'=>'tokenCSRF', 'name'=>'tokenCSRF',
'value'=>$Security->getTokenCSRF() 'value'=>$Security->getTokenCSRF()
)); ));
// Hidden field username echo Bootstrap::formInputHidden(array(
HTML::formInputHidden(array(
'name'=>'username', 'name'=>'username',
'value'=>$_user['username'] 'value'=>$user->username()
)); ));
HTML::legend(array('value'=>$L->g('New password'), 'class'=>'first-child')); echo Bootstrap::formInputText(array(
'name'=>'usernameDisabled',
HTML::formInputText(array(
'name'=>'usernameDisable',
'label'=>$L->g('Username'), 'label'=>$L->g('Username'),
'value'=>$_user['username'], 'value'=>$user->username(),
'class'=>'uk-width-1-2 uk-form-medium', 'class'=>'',
'placeholder'=>'',
'disabled'=>true, 'disabled'=>true,
'tip'=>'' 'tip'=>''
)); ));
HTML::formInputPassword(array( echo Bootstrap::formInputText(array(
'name'=>'new_password', 'name'=>'newPassword',
'label'=>$L->g('New password'), 'label'=>$L->g('New password'),
'type'=>'password',
'value'=>'', 'value'=>'',
'class'=>'uk-width-1-2 uk-form-medium', 'class'=>'',
'placeholder'=>'',
'tip'=>'' 'tip'=>''
)); ));
HTML::formInputPassword(array( echo Bootstrap::formInputText(array(
'name'=>'confirm_password', 'name'=>'confirmPassword',
'label'=>$L->g('Confirm password'), 'label'=>$L->g('Confirm new password'),
'type'=>'password',
'value'=>'', 'value'=>'',
'class'=>'uk-width-1-2 uk-form-medium', 'class'=>'',
'placeholder'=>'',
'tip'=>'' 'tip'=>''
)); ));
echo '<div class="uk-form-row"> echo '
<div class="uk-form-controls"> <div class="form-group mt-4">
<button type="submit" class="uk-button uk-button-primary">'.$L->g('Save').'</button> <button type="submit" class="btn btn-primary mr-2" name="save">'.$L->g('Save').'</button>
<a href="'.HTML_PATH_ADMIN_ROOT.'edit-user/'.$_user['username'].'" class="uk-button">'.$L->g('Cancel').'</a> <a class="btn btn-secondary" href="'.HTML_PATH_ADMIN_ROOT.'users" role="button">'.$L->g('Cancel').'</a>
</div> </div>
</div>'; ';
HTML::formClose(); echo Bootstrap::formClose();
?> ?>

7
bl-kernel/dbusers.class.php
View File

@ -149,11 +149,10 @@ class dbUsers extends dbJSON
return $this->set($args); return $this->set($args);
} }
public function setPassword($username, $password) // Change user password
// args => array( username, password )
public function setPassword($args)
{ {
$args['username'] = $username;
$args['password'] = $password;
return $this->set($args); return $this->set($args);
} }

33
bl-kernel/functions.php
View File

@ -728,6 +728,39 @@ function editSettings($args) {
return false; return false;
} }
function changeUserPassword($args) {
global $dbUsers;
global $Language;
global $Syslog;
// Arguments
$username = $args['username'];
$newPassword = $args['newPassword'];
$confirmPassword = $args['confirmPassword'];
// Password length
if (Text::length($newPassword) < 6) {
Alert::set($Language->g('Password must be at least 6 characters long'), ALERT_STATUS_FAIL);
return false;
}
if ($newPassword!=$confirmPassword) {
Alert::set($Language->g('The password and confirmation password do not match'), ALERT_STATUS_FAIL);
return false;
}
if ($dbUsers->setPassword(array('username'=>$username, 'password'=>$newPassword))) {
$Syslog->add(array(
'dictionaryKey'=>'user-password-changed',
'notes'=>$username
));
Alert::set($Language->g('The changes have been saved'), ALERT_STATUS_OK);
return true;
}
return false;
}
// Add a new category to the system // Add a new category to the system
// Returns TRUE is successfully added, FALSE otherwise // Returns TRUE is successfully added, FALSE otherwise
function createCategory($category) { function createCategory($category) {