From dd8f3b03a4ff25ed6f0d1af7fbed16de502fee1a Mon Sep 17 00:00:00 2001 From: Botanic Date: Mon, 1 Jul 2013 15:43:35 -0700 Subject: [PATCH] Merge with quitta-gsoc-2013 --- .../ryzom_ams/ams_lib/autoload/users.php | 98 ++++++++++++++-- .../ryzom_ams/www/html/autoload/webusers.php | 48 ++++++++ .../ryzom_ams/www/html/func/add_user.php | 2 +- .../www/html/func/change_password.php | 68 +++++++++++ .../server/ryzom_ams/www/html/func/login.php | 14 +-- .../ryzom_ams/www/html/inc/settings.php | 21 ++++ .../ryzom_ams/www/html/index_charisma.php | 8 +- .../www/html/templates/layout_admin.tpl | 1 + .../www/html/templates/layout_user.tpl | 1 + .../ryzom_ams/www/html/templates/settings.tpl | 107 +++++++++++------- 10 files changed, 307 insertions(+), 61 deletions(-) create mode 100644 code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php create mode 100644 code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php diff --git a/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/users.php b/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/users.php index 69a04ed89..7373bc4a3 100644 --- a/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/users.php +++ b/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/users.php @@ -9,10 +9,10 @@ class Users{ */ public function check_Register($values){ // check values - if ( isset( $values["Username"] ) and isset( $values["Password"] ) and isset( $values["Email"] ) ){ + if ( isset( $values["Username"] ) and isset( $values["Password"] ) and isset( $values["ConfirmPass"] ) and isset( $values["Email"] ) ){ $user = Users::checkUser( $values["Username"] ); $pass = Users::checkPassword( $values["Password"] ); - $cpass = Users::confirmPassword($pass); + $cpass = Users::confirmPassword($pass,$values["Password"],$values["ConfirmPass"]); $email = Users::checkEmail( $values["Email"] ); }else{ $user = ""; @@ -134,12 +134,13 @@ class Users{ * @takes $pass * @return string Info: Verify's $_POST["Password"] is the same as $_POST["ConfirmPass"] */ - private function confirmPassword($pass_result) + private function confirmPassword($pass_result,$pass,$confirmpass) { - if ( ( $_POST["Password"] ) != ( $_POST["ConfirmPass"] ) ){ - return "Passwords do not match."; - }else if ($_POST["ConfirmPass"]==""){ + if ($confirmpass==""){ return "You have to fill in the confirmation password."; + } + else if ( ( $pass ) != ( $confirmpass ) ){ + return "Passwords do not match."; }else if($pass_result != "success"){ return; }else{ @@ -288,7 +289,7 @@ class Users{ //make connection with and put into shard db global $cfg; $dbs = new DBLayer($cfg['db']['shard']); - $dbs->execute("INSERT INTO user (Login, Password, Email) VALUES (:name, :pass, :mail)",$values["params"]); + $dbs->execute("INSERT INTO user (Login, Password, Email) VALUES (:name, :pass, :mail)",$values); return "ok"; } catch (PDOException $e) { @@ -304,7 +305,88 @@ class Users{ } } - } + } + + + protected function checkLoginMatch($user,$pass){ + print('This is the base class!'); + } + + public function check_change_password($values){ + //if admin isn't changing others + if(!$values['adminChangesOther']){ + if ( isset( $values["user"] ) and isset( $values["CurrentPass"] ) and isset( $values["ConfirmNewPass"] ) and isset( $values["NewPass"] ) ){ + $match = $this->checkLoginMatch($values["user"],$values["CurrentPass"]); + $newpass = $this->checkPassword($values["NewPass"]); + $confpass = $this->confirmPassword($newpass,$values["NewPass"],$values["ConfirmNewPass"]); + }else{ + $match = ""; + $newpass = ""; + $confpass = ""; + } + }else{ + //if admin is indeed changing someone! + if ( isset( $values["user"] ) and isset( $values["ConfirmNewPass"] ) and isset( $values["NewPass"] ) ){ + $newpass = $this->checkPassword($values["NewPass"]); + $confpass = $this->confirmPassword($newpass,$values["NewPass"],$values["ConfirmNewPass"]); + }else{ + $newpass = ""; + $confpass = ""; + } + } + if ( !$values['adminChangesOther'] and ( $match != "fail" ) and ( $newpass == "success" ) and ( $confpass == "success" ) ){ + return "success"; + }else if($values['adminChangesOther'] and ( $newpass == "success" ) and ( $confpass == "success" ) ){ + return "success"; + }else{ + $pageElements = array( + 'newpass_error_message' => $newpass, + 'confirmnewpass_error_message' => $confpass + ); + if(!$values['adminChangesOther']){ + $pageElements['match_error_message'] = $match; + if ( $match != "fail" ){ + $pageElements['MATCH_ERROR'] = 'FALSE'; + }else{ + $pageElements['MATCH_ERROR'] = 'TRUE'; + } + } + if ( $newpass != "success" ){ + $pageElements['NEWPASSWORD_ERROR'] = 'TRUE'; + }else{ + $pageElements['NEWPASSWORD_ERROR'] = 'FALSE'; + } + if ( $confpass != "success" ){ + $pageElements['CNEWPASSWORD_ERROR'] = 'TRUE'; + }else{ + $pageElements['CNEWPASSWORD_ERROR'] = 'FALSE'; + } + return $pageElements; + } + } + + protected function setPassword($user, $pass){ + try { + //make connection with and put into shard db + global $cfg; + $dbs = new DBLayer($cfg['db']['shard']); + $dbs->execute("UPDATE user SET Password = :pass WHERE Login = :user ",$values); + return "ok"; + } + catch (PDOException $e) { + //oh noooz, the shard is offline! Put in query queue at ams_lib db! + /*try { + $dbl = new DBLayer($cfg['db']['lib']); + $dbl->execute("INSERT INTO ams_querycache (type, query) VALUES (:type, :query)",array("type" => "createUser", + "query" => json_encode(array($values["name"],$values["pass"],$values["mail"])))); + return "shardoffline"; + }catch (PDOException $e) { + print_r($e); + return "liboffline"; + }*/ + } + } } + \ No newline at end of file diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php b/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php index 48b6a1f94..91c7bc317 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php @@ -26,4 +26,52 @@ class WebUsers extends Users{ $dbw = new DBLayer($cfg['db']['web']); return $dbw->execute("SELECT * FROM ams_user WHERE Email = :email",array('email' => $email))->rowCount(); } + + + /** + * Function checkUserPassMatch + * + * @takes $username,$password + * @return string Info: Returns true or false if a login match is found in the web db + */ + public function checkLoginMatch($username,$password){ + global $cfg; + + $dbw = new DBLayer($cfg['db']['web']); + $statement = $dbw->execute("SELECT * FROM ams_user WHERE Login=:user", array('user' => $username)); + $row = $statement->fetch(); + + $salt = substr($row['Password'],0,2); + $hashed_input_pass = crypt($password, $salt); + if($hashed_input_pass == $row['Password']){ + return $row; + }else{ + return "fail"; + } + } + + + public function getUsername($id){ + global $cfg; + + $dbw = new DBLayer($cfg['db']['web']); + $statement = $dbw->execute("SELECT * FROM ams_user WHERE UId=:id", array('id' => $id)); + $row = $statement->fetch(); + return $row['Login']; + } + + public function isLoggedIn(){ + if(isset($_SESSION['user'])){ + return true; + } + return false; + } + + public function isAdmin(){ + if(isset($_SESSION['permission']) && $_SESSION['permission'] == 2){ + return true; + } + return false; + } + } \ No newline at end of file diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/add_user.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/add_user.php index 8fc6f311b..1f8d5ce22 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/func/add_user.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/add_user.php @@ -2,7 +2,7 @@ function add_user(){ - $params = Array('Username' => $_POST["Username"], 'Password' => $_POST["Password"], 'Email' => $_POST["Email"]); + $params = Array('Username' => $_POST["Username"], 'Password' => $_POST["Password"], 'ConfirmPass' => $_POST["ConfirmPass"], 'Email' => $_POST["Email"]); $webUser = new WebUsers; $result = $webUser->check_Register($params); diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php new file mode 100644 index 000000000..3603c5144 --- /dev/null +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php @@ -0,0 +1,68 @@ + $target_username, 'CurrentPass' => $_POST["CurrentPass"], 'NewPass' => $_POST["NewPass"], 'ConfirmNewPass' => $_POST["ConfirmNewPass"], 'adminChangesOther' => $adminChangesOther); + $result = $webUser->check_change_password($params); + if ($result == "success"){ + //edit stuff into db + $hashpass = crypt($_POST["NewPass"], WebUsers::generateSALT()); + print('success!'); + exit; + + }else{ + + $result['prevCurrentPass'] = $_POST["CurrentPass"]; + $result['prevNewPass'] = $_POST["NewPass"]; + $result['prevConfirmNewPass'] = $_POST["ConfirmNewPass"]; + $result['permission'] = $_SESSION['permission']; + $result['no_visible_elements'] = 'FALSE'; + $result['target_id'] = $_POST['target_id']; + if(isset($_GET['id'])){ + if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){ + $result['isAdmin'] = "TRUE"; + } + } + helpers :: loadtemplate( 'settings', $result); + exit; + } + + }else{ + //ERROR: permission denied! + } + + }else{ + //ERROR: The form was not filled in correclty + } + }else{ + //ERROR: user is not logged in + exit; + } + + }catch (PDOException $e) { + //go to error page or something, because can't access website db + print_r($e); + exit; + } + +} + diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php index 055ea442a..a34203541 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php @@ -5,16 +5,14 @@ function login(){ global $cfg; try{ - $dbw = new DBLayer($cfg['db']['web']); - $statement = $dbw->execute("SELECT * FROM ams_user WHERE Login=:user", array('user' => $_POST['Username'])); - - $row = $statement->fetch(); - $salt = substr($row['Password'],0,2); - $hashed_input_pass = crypt($_POST["Password"], $salt); - if($hashed_input_pass == $row['Password']){ + $result = WebUsers::checkLoginMatch($_POST["Username"],$_POST["Password"]); + if( $result != "fail"){ //handle successful login $_SESSION['user'] = $_POST["Username"]; - $_SESSION['permission'] = $row['Permission']; + $_SESSION['permission'] = $result['Permission']; + $_SESSION['id'] = $result['UId']; + print('id='); + print($_SESSION['id']); //go back to the index page. header( 'Location: index.php' ); exit; diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php new file mode 100644 index 000000000..2248b7d70 --- /dev/null +++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php @@ -0,0 +1,21 @@ +
-
+

Charisma a fully featued template

Its a fully featured, responsive template for your admin panel. Its optimized for tablet and mobile phones. Scan the QR code below to view it in your mobile device.

QR Code
-
+

Custom small text

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Curabitur bibendum ornare dolor.

Lorem ipsum dolor sit amet, consectetur adipiscing elit. Curabitur bibendum ornare dolor, quis ullamcorper ligula sodales at. Nulla tellus elit, varius non commodo eget, mattis vel eros. In sed ornare nulla. Donec consectetur, velit a pharetra ultricies, diam lorem lacinia risus, ac commodo orci erat eu massa. Sed sit amet nulla ipsum. Donec felis mauris, vulputate sed tempor at, aliquam a ligula. Pellentesque non pulvinar nisi.

diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/templates/layout_admin.tpl b/code/ryzom/tools/server/ryzom_ams/www/html/templates/layout_admin.tpl index daa8906ad..b2c79ba00 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/templates/layout_admin.tpl +++ b/code/ryzom/tools/server/ryzom_ams/www/html/templates/layout_admin.tpl @@ -2,6 +2,7 @@ {block name=menu}
  • Dashboard
  • +
  • Settings
  • Liblist
  • diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/templates/layout_user.tpl b/code/ryzom/tools/server/ryzom_ams/www/html/templates/layout_user.tpl index 4d305b323..460a9b10b 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/templates/layout_user.tpl +++ b/code/ryzom/tools/server/ryzom_ams/www/html/templates/layout_user.tpl @@ -2,6 +2,7 @@ {block name=menu}
  • Dashboard
  • +
  • Settings
  • Demo Userlist
  • Logout
  • diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/templates/settings.tpl b/code/ryzom/tools/server/ryzom_ams/www/html/templates/settings.tpl index 213620fe9..c0e4f7a7b 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/templates/settings.tpl +++ b/code/ryzom/tools/server/ryzom_ams/www/html/templates/settings.tpl @@ -1,57 +1,57 @@ {block name=content} -
    -
    -
    -

    Settings

    -
    - - +
    +
    +
    +

    Change Password

    +
    + + +
    -
    -
    - - -
    -
    -
    +
    +
    + Change Password -
    - -
    -
    - - + {if !isset($isAdmin) or $isAdmin eq "FALSE"} +
    + +
    +
    + + + {if isset($MATCH_ERROR) and $MATCH_ERROR eq "TRUE"}The password is incorrect{/if} +
    -
    - -
    + {/if} +
    - -
    + + {if isset($NEWPASSWORD_ERROR) and $NEWPASSWORD_ERROR eq "TRUE"}{$newpass_error_message}{/if} +
    -
    +
    - -
    + + {if isset($CNEWPASSWORD_ERROR) and $CNEWPASSWORD_ERROR eq "TRUE"}{$confirmnewpass_error_message}{/if} +
    - +
    @@ -59,8 +59,20 @@
    +
    +
    +
    + +
    +
    +

    Change Email

    +
    + +
    -
    +
    +
    +
    Change Email
    @@ -80,8 +92,20 @@
    +
    +
    +
    + +
    +
    +

    Change Info

    +
    + +
    -
    +
    +
    +
    Change Info @@ -105,10 +129,11 @@
    -
    +