Edit user and password change

2018-05-15 20:12:15 +02:00 · 2018-05-15 20:12:15 +02:00 · 84de0a99a3
parent ab746013ee
commit 84de0a99a3
5 changed files with 88 additions and 83 deletions
--- a/bl-kernel/admin/controllers/user-password.php
+++ b/bl-kernel/admin/controllers/user-password.php
@ -4,40 +4,7 @@
 // Functions
 // ============================================================================

-function setPassword($username, $new_password, $confirm_password)
-{
-	global $dbUsers;
-	global $Language;
-	global $Syslog;

-	// Password length
-	if( strlen($new_password) < 6 )
-	{
-		Alert::set($Language->g('Password must be at least 6 characters long'), ALERT_STATUS_FAIL);
-		return false;
-	}
-
-	if($new_password===$confirm_password)
-	{
-		if( $dbUsers->setPassword($username, $new_password) ) {
-			Alert::set($Language->g('The changes have been saved'), ALERT_STATUS_OK);
-			// Add to syslog
-			$Syslog->add(array(
-				'dictionaryKey'=>'user-password-changed',
-				'notes'=>$username
-			));
-			return true;
-		}
-		else {
-			Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to change the user password.');
-			return false;
-		}
-	}
-	else {
-		Alert::set($Language->g('The password and confirmation password do not match'), ALERT_STATUS_FAIL);
-		return false;
-	}
-}

 // ============================================================================
 // Main before POST
@ -47,16 +14,12 @@ function setPassword($username, $new_password, $confirm_password)
 // POST Method
 // ============================================================================

-if( $_SERVER['REQUEST_METHOD'] == 'POST' )
-{
-	// Prevent editors to administrate other users.
-	if($Login->role()!=='admin')
-	{
-		$_POST['username'] = $Login->username();
-		unset($_POST['role']);
-	}
-
-	if( setPassword($_POST['username'], $_POST['new_password'], $_POST['confirm_password']) ) {
+if ($_SERVER['REQUEST_METHOD'] == 'POST') {
+	if (changeUserPassword(array(
+		'username'=>$_POST['username'],
+		'newPassword'=>$_POST['newPassword'],
+		'confirmPassword'=>$_POST['confirmPassword']
+	))) {
 		Redirect::page('users');
 	}
 }
@ -65,18 +28,16 @@ if( $_SERVER['REQUEST_METHOD'] == 'POST' )
 // Main after POST
 // ============================================================================

+// Prevent non-administrators to change other users
 if ($Login->role()!=='admin') {
 	$layout['parameters'] = $Login->username();
 }

-$_user = $dbUsers->getDb($layout['parameters']);
-
-// If the user doesn't exist, redirect to the users list.
-if($_user===false) {
+// Get the user to edit
+$user = $dbUsers->get($layout['parameters']);
+if ($user===false) {
 	Redirect::page('users');
 }

-$_user['username'] = $layout['parameters'];
-
 // Title of the page
-$layout['title'] .= ' - '.$Language->g('Change password');
+$layout['title'] = $Language->g('Change password').' - '.$layout['title'];
--- a/bl-kernel/admin/views/edit-user.php
+++ b/bl-kernel/admin/views/edit-user.php
@ -44,6 +44,17 @@ echo Bootstrap::formOpen(array());
 		'tip'=>''
 	));

+	echo Bootstrap::formTitle(array('title'=>$L->g('Password')));
+
+	echo '
+	<div class="form-group row">
+	<div class="col-sm-2"></div>
+	<div class="col-sm-10">
+		<a href="'.HTML_PATH_ADMIN_ROOT.'user-password/'.$user->username().'" class="btn btn-primary mr-2">'.$L->g('Change password').'</a>
+	</div>
+	</div>
+	';
+
 	echo Bootstrap::formTitle(array('title'=>$L->g('Authentication Token')));

 	echo Bootstrap::formInputText(array(
--- a/bl-kernel/admin/views/user-password.php
+++ b/bl-kernel/admin/views/user-password.php
@ -1,55 +1,56 @@
 <?php

-HTML::title(array('title'=>$L->g('Change password'), 'icon'=>'key'));
+echo Bootstrap::pageTitle(array('title'=>$L->g('Change password'), 'icon'=>'person'));

-HTML::formOpen(array('id'=>'edit-user-profile-form','class'=>'uk-form-horizontal'));
+echo Bootstrap::formOpen(array());

-	// Security token
-	HTML::formInputHidden(array(
+	echo Bootstrap::formInputHidden(array(
 		'name'=>'tokenCSRF',
 		'value'=>$Security->getTokenCSRF()
 	));

-	// Hidden field username
-	HTML::formInputHidden(array(
+	echo Bootstrap::formInputHidden(array(
 		'name'=>'username',
-		'value'=>$_user['username']
+		'value'=>$user->username()
 	));

-	HTML::legend(array('value'=>$L->g('New password'), 'class'=>'first-child'));
-
-	HTML::formInputText(array(
-		'name'=>'usernameDisable',
+	echo Bootstrap::formInputText(array(
+		'name'=>'usernameDisabled',
 		'label'=>$L->g('Username'),
-		'value'=>$_user['username'],
-		'class'=>'uk-width-1-2 uk-form-medium',
+		'value'=>$user->username(),
+		'class'=>'',
+		'placeholder'=>'',
 		'disabled'=>true,
 		'tip'=>''
 	));

-	HTML::formInputPassword(array(
-		'name'=>'new_password',
+	echo Bootstrap::formInputText(array(
+		'name'=>'newPassword',
 		'label'=>$L->g('New password'),
+		'type'=>'password',
 		'value'=>'',
-		'class'=>'uk-width-1-2 uk-form-medium',
+		'class'=>'',
+		'placeholder'=>'',
 		'tip'=>''
 	));

-	HTML::formInputPassword(array(
-		'name'=>'confirm_password',
-		'label'=>$L->g('Confirm password'),
+	echo Bootstrap::formInputText(array(
+		'name'=>'confirmPassword',
+		'label'=>$L->g('Confirm new password'),
+		'type'=>'password',
 		'value'=>'',
-		'class'=>'uk-width-1-2 uk-form-medium',
+		'class'=>'',
+		'placeholder'=>'',
 		'tip'=>''
 	));

-	echo '<div class="uk-form-row">
-		<div class="uk-form-controls">
-		<button type="submit" class="uk-button uk-button-primary">'.$L->g('Save').'</button>
-		<a href="'.HTML_PATH_ADMIN_ROOT.'edit-user/'.$_user['username'].'" class="uk-button">'.$L->g('Cancel').'</a>
+	echo '
+	<div class="form-group mt-4">
+		<button type="submit" class="btn btn-primary mr-2" name="save">'.$L->g('Save').'</button>
+		<a class="btn btn-secondary" href="'.HTML_PATH_ADMIN_ROOT.'users" role="button">'.$L->g('Cancel').'</a>
 	</div>
-	</div>';
+	';

-HTML::formClose();
+echo Bootstrap::formClose();

 ?>
--- a/bl-kernel/dbusers.class.php
+++ b/bl-kernel/dbusers.class.php
@ -149,11 +149,10 @@ class dbUsers extends dbJSON
 		return $this->set($args);
 	}

-	public function setPassword($username, $password)
+	// Change user password
+	// args => array( username, password )
+	public function setPassword($args)
 	{
-		$args['username']	= $username;
-		$args['password']	= $password;
-
 		return $this->set($args);
 	}

--- a/bl-kernel/functions.php
+++ b/bl-kernel/functions.php
@ -728,6 +728,39 @@ function editSettings($args) {
 	return false;
 }

+function changeUserPassword($args) {
+	global $dbUsers;
+	global $Language;
+	global $Syslog;
+
+	// Arguments
+	$username = $args['username'];
+	$newPassword = $args['newPassword'];
+	$confirmPassword = $args['confirmPassword'];
+
+	// Password length
+	if (Text::length($newPassword) < 6) {
+		Alert::set($Language->g('Password must be at least 6 characters long'), ALERT_STATUS_FAIL);
+		return false;
+	}
+
+	if ($newPassword!=$confirmPassword) {
+		Alert::set($Language->g('The password and confirmation password do not match'), ALERT_STATUS_FAIL);
+		return false;
+	}
+
+	if ($dbUsers->setPassword(array('username'=>$username, 'password'=>$newPassword))) {
+		$Syslog->add(array(
+			'dictionaryKey'=>'user-password-changed',
+			'notes'=>$username
+		));
+		Alert::set($Language->g('The changes have been saved'), ALERT_STATUS_OK);
+		return true;
+	}
+
+	return false;
+}
+
 // Add a new category to the system
 // Returns TRUE is successfully added, FALSE otherwise
 function createCategory($category) {