change password is now usable for GM's too by using a GET['id'] param!
This commit is contained in:
parent
10213a0530
commit
a94bb6dbc7
6 changed files with 173 additions and 50 deletions
|
@ -313,6 +313,8 @@ class Users{
|
||||||
}
|
}
|
||||||
|
|
||||||
public function check_change_password($values){
|
public function check_change_password($values){
|
||||||
|
//if admin isn't changing others
|
||||||
|
if(!$values['adminChangesOther']){
|
||||||
if ( isset( $values["user"] ) and isset( $values["CurrentPass"] ) and isset( $values["ConfirmNewPass"] ) and isset( $values["NewPass"] ) ){
|
if ( isset( $values["user"] ) and isset( $values["CurrentPass"] ) and isset( $values["ConfirmNewPass"] ) and isset( $values["NewPass"] ) ){
|
||||||
$match = $this->checkLoginMatch($values["user"],$values["CurrentPass"]);
|
$match = $this->checkLoginMatch($values["user"],$values["CurrentPass"]);
|
||||||
$newpass = $this->checkPassword($values["NewPass"]);
|
$newpass = $this->checkPassword($values["NewPass"]);
|
||||||
|
@ -322,19 +324,33 @@ class Users{
|
||||||
$newpass = "";
|
$newpass = "";
|
||||||
$confpass = "";
|
$confpass = "";
|
||||||
}
|
}
|
||||||
if ( ( $match != "fail" ) and ( $newpass == "success" ) and ( $confpass == "success" ) ){
|
}else{
|
||||||
|
//if admin is indeed changing someone!
|
||||||
|
if ( isset( $values["user"] ) and isset( $values["ConfirmNewPass"] ) and isset( $values["NewPass"] ) ){
|
||||||
|
$newpass = $this->checkPassword($values["NewPass"]);
|
||||||
|
$confpass = $this->confirmPassword($newpass,$values["NewPass"],$values["ConfirmNewPass"]);
|
||||||
|
}else{
|
||||||
|
$newpass = "";
|
||||||
|
$confpass = "";
|
||||||
|
}
|
||||||
|
}
|
||||||
|
if ( !$values['adminChangesOther'] and ( $match != "fail" ) and ( $newpass == "success" ) and ( $confpass == "success" ) ){
|
||||||
|
return "success";
|
||||||
|
}else if($values['adminChangesOther'] and ( $newpass == "success" ) and ( $confpass == "success" ) ){
|
||||||
return "success";
|
return "success";
|
||||||
}else{
|
}else{
|
||||||
$pageElements = array(
|
$pageElements = array(
|
||||||
'match_error_message' => $match,
|
|
||||||
'newpass_error_message' => $newpass,
|
'newpass_error_message' => $newpass,
|
||||||
'confirmnewpass_error_message' => $confpass
|
'confirmnewpass_error_message' => $confpass
|
||||||
);
|
);
|
||||||
|
if(!$values['adminChangesOther']){
|
||||||
|
$pageElements['match_error_message'] = $match;
|
||||||
if ( $match != "fail" ){
|
if ( $match != "fail" ){
|
||||||
$pageElements['MATCH_ERROR'] = 'FALSE';
|
$pageElements['MATCH_ERROR'] = 'FALSE';
|
||||||
}else{
|
}else{
|
||||||
$pageElements['MATCH_ERROR'] = 'TRUE';
|
$pageElements['MATCH_ERROR'] = 'TRUE';
|
||||||
}
|
}
|
||||||
|
}
|
||||||
if ( $newpass != "success" ){
|
if ( $newpass != "success" ){
|
||||||
$pageElements['NEWPASSWORD_ERROR'] = 'TRUE';
|
$pageElements['NEWPASSWORD_ERROR'] = 'TRUE';
|
||||||
}else{
|
}else{
|
||||||
|
@ -348,6 +364,29 @@ class Users{
|
||||||
return $pageElements;
|
return $pageElements;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
protected function setPassword($user, $pass){
|
||||||
|
try {
|
||||||
|
//make connection with and put into shard db
|
||||||
|
global $cfg;
|
||||||
|
$dbs = new DBLayer($cfg['db']['shard']);
|
||||||
|
$dbs->execute("UPDATE user SET Password = :pass WHERE Login = :user ",$values);
|
||||||
|
return "ok";
|
||||||
|
}
|
||||||
|
catch (PDOException $e) {
|
||||||
|
//oh noooz, the shard is offline! Put in query queue at ams_lib db!
|
||||||
|
/*try {
|
||||||
|
$dbl = new DBLayer($cfg['db']['lib']);
|
||||||
|
$dbl->execute("INSERT INTO ams_querycache (type, query) VALUES (:type, :query)",array("type" => "createUser",
|
||||||
|
"query" => json_encode(array($values["name"],$values["pass"],$values["mail"]))));
|
||||||
|
return "shardoffline";
|
||||||
|
}catch (PDOException $e) {
|
||||||
|
print_r($e);
|
||||||
|
return "liboffline";
|
||||||
|
}*/
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -48,9 +48,30 @@ class WebUsers extends Users{
|
||||||
}else{
|
}else{
|
||||||
return "fail";
|
return "fail";
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
public function getUsername($id){
|
||||||
|
global $cfg;
|
||||||
|
|
||||||
|
$dbw = new DBLayer($cfg['db']['web']);
|
||||||
|
$statement = $dbw->execute("SELECT * FROM ams_user WHERE UId=:id", array('id' => $id));
|
||||||
|
$row = $statement->fetch();
|
||||||
|
return $row['Login'];
|
||||||
|
}
|
||||||
|
|
||||||
|
public function isLoggedIn(){
|
||||||
|
if(isset($_SESSION['user'])){
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
public function isAdmin(){
|
||||||
|
if(isset($_SESSION['permission']) && $_SESSION['permission'] == 2){
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
|
@ -3,23 +3,61 @@
|
||||||
function change_password(){
|
function change_password(){
|
||||||
|
|
||||||
try{
|
try{
|
||||||
if(isset($_SESSION["user"])){
|
//if logged in
|
||||||
|
if(WebUsers::isLoggedIn()){
|
||||||
|
|
||||||
|
if(isset($_POST['target_id'])){
|
||||||
|
$adminChangesOther = false;
|
||||||
|
//if target_id is the same as session id or is admin
|
||||||
|
if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){
|
||||||
|
if($_POST['target_id'] == $_SESSION['id']){
|
||||||
|
$target_username = $_SESSION['user'];
|
||||||
|
}else{
|
||||||
|
$target_username = WebUsers::getUsername($_POST['target_id']);
|
||||||
|
//isAdmin is true when it's the admin, but the target_id != own id
|
||||||
|
$adminChangesOther = true;
|
||||||
|
$_POST["CurrentPass"] = "dummypass";
|
||||||
|
}
|
||||||
|
$id = $_POST['target_id'];
|
||||||
|
|
||||||
$webUser = new WebUsers();
|
$webUser = new WebUsers();
|
||||||
$params = Array( 'user' => $_SESSION["user"], 'CurrentPass' => $_POST["CurrentPass"], 'NewPass' => $_POST["NewPass"], 'ConfirmNewPass' => $_POST["ConfirmNewPass"]);
|
$params = Array( 'user' => $target_username, 'CurrentPass' => $_POST["CurrentPass"], 'NewPass' => $_POST["NewPass"], 'ConfirmNewPass' => $_POST["ConfirmNewPass"], 'adminChangesOther' => $adminChangesOther);
|
||||||
$result = $webUser->check_change_password($params);
|
$result = $webUser->check_change_password($params);
|
||||||
if ($result == "success"){
|
if ($result == "success"){
|
||||||
//edit stuff into db
|
//edit stuff into db
|
||||||
|
$hashpass = crypt($_POST["NewPass"], WebUsers::generateSALT());
|
||||||
|
print('success!');
|
||||||
|
exit;
|
||||||
|
|
||||||
}else{
|
}else{
|
||||||
|
|
||||||
$result['prevCurrentPass'] = $_POST["CurrentPass"];
|
$result['prevCurrentPass'] = $_POST["CurrentPass"];
|
||||||
$result['prevNewPass'] = $_POST["NewPass"];
|
$result['prevNewPass'] = $_POST["NewPass"];
|
||||||
$result['prevConfirmNewPass'] = $_POST["ConfirmNewPass"];
|
$result['prevConfirmNewPass'] = $_POST["ConfirmNewPass"];
|
||||||
$result['permission'] = $_SESSION['permission'];
|
$result['permission'] = $_SESSION['permission'];
|
||||||
$result['no_visible_elements'] = 'FALSE';
|
$result['no_visible_elements'] = 'FALSE';
|
||||||
|
$result['target_id'] = $_POST['target_id'];
|
||||||
|
if(isset($_GET['id'])){
|
||||||
|
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
|
||||||
|
$result['isAdmin'] = "TRUE";
|
||||||
|
}
|
||||||
|
}
|
||||||
helpers :: loadtemplate( 'settings', $result);
|
helpers :: loadtemplate( 'settings', $result);
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
}else{
|
||||||
|
//ERROR: permission denied!
|
||||||
}
|
}
|
||||||
|
|
||||||
|
}else{
|
||||||
|
//ERROR: The form was not filled in correclty
|
||||||
|
}
|
||||||
|
}else{
|
||||||
|
//ERROR: user is not logged in
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
}catch (PDOException $e) {
|
}catch (PDOException $e) {
|
||||||
//go to error page or something, because can't access website db
|
//go to error page or something, because can't access website db
|
||||||
print_r($e);
|
print_r($e);
|
||||||
|
|
|
@ -10,6 +10,9 @@ function login(){
|
||||||
//handle successful login
|
//handle successful login
|
||||||
$_SESSION['user'] = $_POST["Username"];
|
$_SESSION['user'] = $_POST["Username"];
|
||||||
$_SESSION['permission'] = $result['Permission'];
|
$_SESSION['permission'] = $result['Permission'];
|
||||||
|
$_SESSION['id'] = $result['UId'];
|
||||||
|
print('id=');
|
||||||
|
print($_SESSION['id']);
|
||||||
//go back to the index page.
|
//go back to the index page.
|
||||||
header( 'Location: index.php' );
|
header( 'Location: index.php' );
|
||||||
exit;
|
exit;
|
||||||
|
|
21
code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php
Normal file
21
code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php
Normal file
|
@ -0,0 +1,21 @@
|
||||||
|
<?php
|
||||||
|
|
||||||
|
function settings(){
|
||||||
|
if(WebUsers::isLoggedIn()){
|
||||||
|
//in case id-GET param set it's value as target_id, if no id-param is given, ue the session id.
|
||||||
|
if(isset($_GET['id'])){
|
||||||
|
if(WebUsers::isAdmin() && ($_GET['id']!= $_SESSION['id'])){
|
||||||
|
$result['isAdmin'] = "TRUE";
|
||||||
|
}
|
||||||
|
$result['target_id'] = $_GET['id'];
|
||||||
|
}else{
|
||||||
|
$result['target_id'] = $_SESSION['id'];
|
||||||
|
}
|
||||||
|
|
||||||
|
return $result;
|
||||||
|
}else{
|
||||||
|
//ERROR: not logged in!
|
||||||
|
print("not logged in!");
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
}
|
|
@ -10,9 +10,10 @@
|
||||||
</div>
|
</div>
|
||||||
<div class="box-content">
|
<div class="box-content">
|
||||||
<div class="row-fluid">
|
<div class="row-fluid">
|
||||||
<form id="changePassword" class="form-vertical" method="post" action="index.php">
|
<form id="changePassword" class="form-vertical" method="post" action="index.php?page=settings&id={$target_id}">
|
||||||
<legend>Change Password</legend>
|
<legend>Change Password</legend>
|
||||||
|
|
||||||
|
{if !isset($isAdmin) or $isAdmin eq "FALSE"}
|
||||||
<div class="control-group {if isset($MATCH_ERROR) and $MATCH_ERROR eq "TRUE"}error{else if
|
<div class="control-group {if isset($MATCH_ERROR) and $MATCH_ERROR eq "TRUE"}error{else if
|
||||||
isset($match_error_message) and $match_error_message neq "fail"}success{else}{/if}">
|
isset($match_error_message) and $match_error_message neq "fail"}success{else}{/if}">
|
||||||
<label class="control-label">Current Password</label>
|
<label class="control-label">Current Password</label>
|
||||||
|
@ -24,7 +25,7 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
|
{/if}
|
||||||
<div class="control-group {if isset($NEWPASSWORD_ERROR) and $NEWPASSWORD_ERROR eq "TRUE"}error{else if
|
<div class="control-group {if isset($NEWPASSWORD_ERROR) and $NEWPASSWORD_ERROR eq "TRUE"}error{else if
|
||||||
isset($newpass_error_message) and $newpass_error_message eq "success"}success{else}{/if}">
|
isset($newpass_error_message) and $newpass_error_message eq "success"}success{else}{/if}">
|
||||||
<label class="control-label">New Password</label>
|
<label class="control-label">New Password</label>
|
||||||
|
@ -50,7 +51,7 @@
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<input type="hidden" name="function" value="change_password">
|
<input type="hidden" name="function" value="change_password">
|
||||||
|
<input type="hidden" name="target_id" value="{$target_id}">
|
||||||
<div class="control-group">
|
<div class="control-group">
|
||||||
<label class="control-label"></label>
|
<label class="control-label"></label>
|
||||||
<div class="controls">
|
<div class="controls">
|
||||||
|
|
Loading…
Reference in a new issue