change password is now usable for GM's too by using a GET['id'] param!
This commit is contained in:
parent
10213a0530
commit
a94bb6dbc7
6 changed files with 173 additions and 50 deletions
|
@ -313,27 +313,43 @@ class Users{
|
|||
}
|
||||
|
||||
public function check_change_password($values){
|
||||
if ( isset( $values["user"] ) and isset( $values["CurrentPass"] ) and isset( $values["ConfirmNewPass"] ) and isset( $values["NewPass"] ) ){
|
||||
$match = $this->checkLoginMatch($values["user"],$values["CurrentPass"]);
|
||||
$newpass = $this->checkPassword($values["NewPass"]);
|
||||
$confpass = $this->confirmPassword($newpass,$values["NewPass"],$values["ConfirmNewPass"]);
|
||||
//if admin isn't changing others
|
||||
if(!$values['adminChangesOther']){
|
||||
if ( isset( $values["user"] ) and isset( $values["CurrentPass"] ) and isset( $values["ConfirmNewPass"] ) and isset( $values["NewPass"] ) ){
|
||||
$match = $this->checkLoginMatch($values["user"],$values["CurrentPass"]);
|
||||
$newpass = $this->checkPassword($values["NewPass"]);
|
||||
$confpass = $this->confirmPassword($newpass,$values["NewPass"],$values["ConfirmNewPass"]);
|
||||
}else{
|
||||
$match = "";
|
||||
$newpass = "";
|
||||
$confpass = "";
|
||||
}
|
||||
}else{
|
||||
$match = "";
|
||||
$newpass = "";
|
||||
$confpass = "";
|
||||
//if admin is indeed changing someone!
|
||||
if ( isset( $values["user"] ) and isset( $values["ConfirmNewPass"] ) and isset( $values["NewPass"] ) ){
|
||||
$newpass = $this->checkPassword($values["NewPass"]);
|
||||
$confpass = $this->confirmPassword($newpass,$values["NewPass"],$values["ConfirmNewPass"]);
|
||||
}else{
|
||||
$newpass = "";
|
||||
$confpass = "";
|
||||
}
|
||||
}
|
||||
if ( ( $match != "fail" ) and ( $newpass == "success" ) and ( $confpass == "success" ) ){
|
||||
if ( !$values['adminChangesOther'] and ( $match != "fail" ) and ( $newpass == "success" ) and ( $confpass == "success" ) ){
|
||||
return "success";
|
||||
}else if($values['adminChangesOther'] and ( $newpass == "success" ) and ( $confpass == "success" ) ){
|
||||
return "success";
|
||||
}else{
|
||||
$pageElements = array(
|
||||
'match_error_message' => $match,
|
||||
'newpass_error_message' => $newpass,
|
||||
'confirmnewpass_error_message' => $confpass
|
||||
);
|
||||
if ( $match != "fail" ){
|
||||
$pageElements['MATCH_ERROR'] = 'FALSE';
|
||||
}else{
|
||||
$pageElements['MATCH_ERROR'] = 'TRUE';
|
||||
if(!$values['adminChangesOther']){
|
||||
$pageElements['match_error_message'] = $match;
|
||||
if ( $match != "fail" ){
|
||||
$pageElements['MATCH_ERROR'] = 'FALSE';
|
||||
}else{
|
||||
$pageElements['MATCH_ERROR'] = 'TRUE';
|
||||
}
|
||||
}
|
||||
if ( $newpass != "success" ){
|
||||
$pageElements['NEWPASSWORD_ERROR'] = 'TRUE';
|
||||
|
@ -348,6 +364,29 @@ class Users{
|
|||
return $pageElements;
|
||||
}
|
||||
}
|
||||
|
||||
protected function setPassword($user, $pass){
|
||||
try {
|
||||
//make connection with and put into shard db
|
||||
global $cfg;
|
||||
$dbs = new DBLayer($cfg['db']['shard']);
|
||||
$dbs->execute("UPDATE user SET Password = :pass WHERE Login = :user ",$values);
|
||||
return "ok";
|
||||
}
|
||||
catch (PDOException $e) {
|
||||
//oh noooz, the shard is offline! Put in query queue at ams_lib db!
|
||||
/*try {
|
||||
$dbl = new DBLayer($cfg['db']['lib']);
|
||||
$dbl->execute("INSERT INTO ams_querycache (type, query) VALUES (:type, :query)",array("type" => "createUser",
|
||||
"query" => json_encode(array($values["name"],$values["pass"],$values["mail"]))));
|
||||
return "shardoffline";
|
||||
}catch (PDOException $e) {
|
||||
print_r($e);
|
||||
return "liboffline";
|
||||
}*/
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
|
|
@ -48,9 +48,30 @@ class WebUsers extends Users{
|
|||
}else{
|
||||
return "fail";
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
|
||||
public function getUsername($id){
|
||||
global $cfg;
|
||||
|
||||
$dbw = new DBLayer($cfg['db']['web']);
|
||||
$statement = $dbw->execute("SELECT * FROM ams_user WHERE UId=:id", array('id' => $id));
|
||||
$row = $statement->fetch();
|
||||
return $row['Login'];
|
||||
}
|
||||
|
||||
public function isLoggedIn(){
|
||||
if(isset($_SESSION['user'])){
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public function isAdmin(){
|
||||
if(isset($_SESSION['permission']) && $_SESSION['permission'] == 2){
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
}
|
|
@ -3,28 +3,66 @@
|
|||
function change_password(){
|
||||
|
||||
try{
|
||||
if(isset($_SESSION["user"])){
|
||||
$webUser = new WebUsers();
|
||||
$params = Array( 'user' => $_SESSION["user"], 'CurrentPass' => $_POST["CurrentPass"], 'NewPass' => $_POST["NewPass"], 'ConfirmNewPass' => $_POST["ConfirmNewPass"]);
|
||||
$result = $webUser->check_change_password($params);
|
||||
if ($result == "success"){
|
||||
//edit stuff into db
|
||||
//if logged in
|
||||
if(WebUsers::isLoggedIn()){
|
||||
|
||||
if(isset($_POST['target_id'])){
|
||||
$adminChangesOther = false;
|
||||
//if target_id is the same as session id or is admin
|
||||
if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){
|
||||
if($_POST['target_id'] == $_SESSION['id']){
|
||||
$target_username = $_SESSION['user'];
|
||||
}else{
|
||||
$target_username = WebUsers::getUsername($_POST['target_id']);
|
||||
//isAdmin is true when it's the admin, but the target_id != own id
|
||||
$adminChangesOther = true;
|
||||
$_POST["CurrentPass"] = "dummypass";
|
||||
}
|
||||
$id = $_POST['target_id'];
|
||||
|
||||
$webUser = new WebUsers();
|
||||
$params = Array( 'user' => $target_username, 'CurrentPass' => $_POST["CurrentPass"], 'NewPass' => $_POST["NewPass"], 'ConfirmNewPass' => $_POST["ConfirmNewPass"], 'adminChangesOther' => $adminChangesOther);
|
||||
$result = $webUser->check_change_password($params);
|
||||
if ($result == "success"){
|
||||
//edit stuff into db
|
||||
$hashpass = crypt($_POST["NewPass"], WebUsers::generateSALT());
|
||||
print('success!');
|
||||
exit;
|
||||
|
||||
}else{
|
||||
|
||||
$result['prevCurrentPass'] = $_POST["CurrentPass"];
|
||||
$result['prevNewPass'] = $_POST["NewPass"];
|
||||
$result['prevConfirmNewPass'] = $_POST["ConfirmNewPass"];
|
||||
$result['permission'] = $_SESSION['permission'];
|
||||
$result['no_visible_elements'] = 'FALSE';
|
||||
$result['target_id'] = $_POST['target_id'];
|
||||
if(isset($_GET['id'])){
|
||||
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
|
||||
$result['isAdmin'] = "TRUE";
|
||||
}
|
||||
}
|
||||
helpers :: loadtemplate( 'settings', $result);
|
||||
exit;
|
||||
}
|
||||
|
||||
}else{
|
||||
$result['prevCurrentPass'] = $_POST["CurrentPass"];
|
||||
$result['prevNewPass'] = $_POST["NewPass"];
|
||||
$result['prevConfirmNewPass'] = $_POST["ConfirmNewPass"];
|
||||
$result['permission'] = $_SESSION['permission'];
|
||||
$result['no_visible_elements'] = 'FALSE';
|
||||
helpers :: loadtemplate( 'settings', $result);
|
||||
exit;
|
||||
//ERROR: permission denied!
|
||||
}
|
||||
|
||||
}
|
||||
}catch (PDOException $e) {
|
||||
//go to error page or something, because can't access website db
|
||||
print_r($e);
|
||||
exit;
|
||||
}
|
||||
|
||||
|
||||
}else{
|
||||
//ERROR: The form was not filled in correclty
|
||||
}
|
||||
}else{
|
||||
//ERROR: user is not logged in
|
||||
exit;
|
||||
}
|
||||
|
||||
}catch (PDOException $e) {
|
||||
//go to error page or something, because can't access website db
|
||||
print_r($e);
|
||||
exit;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
|
|
@ -10,6 +10,9 @@ function login(){
|
|||
//handle successful login
|
||||
$_SESSION['user'] = $_POST["Username"];
|
||||
$_SESSION['permission'] = $result['Permission'];
|
||||
$_SESSION['id'] = $result['UId'];
|
||||
print('id=');
|
||||
print($_SESSION['id']);
|
||||
//go back to the index page.
|
||||
header( 'Location: index.php' );
|
||||
exit;
|
||||
|
|
21
code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php
Normal file
21
code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php
Normal file
|
@ -0,0 +1,21 @@
|
|||
<?php
|
||||
|
||||
function settings(){
|
||||
if(WebUsers::isLoggedIn()){
|
||||
//in case id-GET param set it's value as target_id, if no id-param is given, ue the session id.
|
||||
if(isset($_GET['id'])){
|
||||
if(WebUsers::isAdmin() && ($_GET['id']!= $_SESSION['id'])){
|
||||
$result['isAdmin'] = "TRUE";
|
||||
}
|
||||
$result['target_id'] = $_GET['id'];
|
||||
}else{
|
||||
$result['target_id'] = $_SESSION['id'];
|
||||
}
|
||||
|
||||
return $result;
|
||||
}else{
|
||||
//ERROR: not logged in!
|
||||
print("not logged in!");
|
||||
exit;
|
||||
}
|
||||
}
|
|
@ -10,21 +10,22 @@
|
|||
</div>
|
||||
<div class="box-content">
|
||||
<div class="row-fluid">
|
||||
<form id="changePassword" class="form-vertical" method="post" action="index.php">
|
||||
<form id="changePassword" class="form-vertical" method="post" action="index.php?page=settings&id={$target_id}">
|
||||
<legend>Change Password</legend>
|
||||
|
||||
<div class="control-group {if isset($MATCH_ERROR) and $MATCH_ERROR eq "TRUE"}error{else if
|
||||
isset($match_error_message) and $match_error_message neq "fail"}success{else}{/if}">
|
||||
<label class="control-label">Current Password</label>
|
||||
<div class="controls">
|
||||
<div class="input-prepend">
|
||||
<span class="add-on" style="margin-left:5px;"><i class="icon-lock"></i></span>
|
||||
<input type="password" class="input-xlarge" id="CurrentPass" name="CurrentPass" placeholder="Your current password" {if isset($prevCurrentPass)}value="{$prevCurrentPass}"{/if}>
|
||||
{if isset($MATCH_ERROR) and $MATCH_ERROR eq "TRUE"}<span class="help-inline">The password is incorrect</span>{/if}
|
||||
</div>
|
||||
{if !isset($isAdmin) or $isAdmin eq "FALSE"}
|
||||
<div class="control-group {if isset($MATCH_ERROR) and $MATCH_ERROR eq "TRUE"}error{else if
|
||||
isset($match_error_message) and $match_error_message neq "fail"}success{else}{/if}">
|
||||
<label class="control-label">Current Password</label>
|
||||
<div class="controls">
|
||||
<div class="input-prepend">
|
||||
<span class="add-on" style="margin-left:5px;"><i class="icon-lock"></i></span>
|
||||
<input type="password" class="input-xlarge" id="CurrentPass" name="CurrentPass" placeholder="Your current password" {if isset($prevCurrentPass)}value="{$prevCurrentPass}"{/if}>
|
||||
{if isset($MATCH_ERROR) and $MATCH_ERROR eq "TRUE"}<span class="help-inline">The password is incorrect</span>{/if}
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
{/if}
|
||||
<div class="control-group {if isset($NEWPASSWORD_ERROR) and $NEWPASSWORD_ERROR eq "TRUE"}error{else if
|
||||
isset($newpass_error_message) and $newpass_error_message eq "success"}success{else}{/if}">
|
||||
<label class="control-label">New Password</label>
|
||||
|
@ -50,7 +51,7 @@
|
|||
</div>
|
||||
|
||||
<input type="hidden" name="function" value="change_password">
|
||||
|
||||
<input type="hidden" name="target_id" value="{$target_id}">
|
||||
<div class="control-group">
|
||||
<label class="control-label"></label>
|
||||
<div class="controls">
|
||||
|
|
Loading…
Reference in a new issue