diff --git a/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/users.php b/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/users.php index 69a04ed89..7373bc4a3 100644 --- a/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/users.php +++ b/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/users.php @@ -9,10 +9,10 @@ class Users{ */ public function check_Register($values){ // check values - if ( isset( $values["Username"] ) and isset( $values["Password"] ) and isset( $values["Email"] ) ){ + if ( isset( $values["Username"] ) and isset( $values["Password"] ) and isset( $values["ConfirmPass"] ) and isset( $values["Email"] ) ){ $user = Users::checkUser( $values["Username"] ); $pass = Users::checkPassword( $values["Password"] ); - $cpass = Users::confirmPassword($pass); + $cpass = Users::confirmPassword($pass,$values["Password"],$values["ConfirmPass"]); $email = Users::checkEmail( $values["Email"] ); }else{ $user = ""; @@ -134,12 +134,13 @@ class Users{ * @takes $pass * @return string Info: Verify's $_POST["Password"] is the same as $_POST["ConfirmPass"] */ - private function confirmPassword($pass_result) + private function confirmPassword($pass_result,$pass,$confirmpass) { - if ( ( $_POST["Password"] ) != ( $_POST["ConfirmPass"] ) ){ - return "Passwords do not match."; - }else if ($_POST["ConfirmPass"]==""){ + if ($confirmpass==""){ return "You have to fill in the confirmation password."; + } + else if ( ( $pass ) != ( $confirmpass ) ){ + return "Passwords do not match."; }else if($pass_result != "success"){ return; }else{ @@ -288,7 +289,7 @@ class Users{ //make connection with and put into shard db global $cfg; $dbs = new DBLayer($cfg['db']['shard']); - $dbs->execute("INSERT INTO user (Login, Password, Email) VALUES (:name, :pass, :mail)",$values["params"]); + $dbs->execute("INSERT INTO user (Login, Password, Email) VALUES (:name, :pass, :mail)",$values); return "ok"; } catch (PDOException $e) { @@ -304,7 +305,88 @@ class Users{ } } - } + } + + + protected function checkLoginMatch($user,$pass){ + print('This is the base class!'); + } + + public function check_change_password($values){ + //if admin isn't changing others + if(!$values['adminChangesOther']){ + if ( isset( $values["user"] ) and isset( $values["CurrentPass"] ) and isset( $values["ConfirmNewPass"] ) and isset( $values["NewPass"] ) ){ + $match = $this->checkLoginMatch($values["user"],$values["CurrentPass"]); + $newpass = $this->checkPassword($values["NewPass"]); + $confpass = $this->confirmPassword($newpass,$values["NewPass"],$values["ConfirmNewPass"]); + }else{ + $match = ""; + $newpass = ""; + $confpass = ""; + } + }else{ + //if admin is indeed changing someone! + if ( isset( $values["user"] ) and isset( $values["ConfirmNewPass"] ) and isset( $values["NewPass"] ) ){ + $newpass = $this->checkPassword($values["NewPass"]); + $confpass = $this->confirmPassword($newpass,$values["NewPass"],$values["ConfirmNewPass"]); + }else{ + $newpass = ""; + $confpass = ""; + } + } + if ( !$values['adminChangesOther'] and ( $match != "fail" ) and ( $newpass == "success" ) and ( $confpass == "success" ) ){ + return "success"; + }else if($values['adminChangesOther'] and ( $newpass == "success" ) and ( $confpass == "success" ) ){ + return "success"; + }else{ + $pageElements = array( + 'newpass_error_message' => $newpass, + 'confirmnewpass_error_message' => $confpass + ); + if(!$values['adminChangesOther']){ + $pageElements['match_error_message'] = $match; + if ( $match != "fail" ){ + $pageElements['MATCH_ERROR'] = 'FALSE'; + }else{ + $pageElements['MATCH_ERROR'] = 'TRUE'; + } + } + if ( $newpass != "success" ){ + $pageElements['NEWPASSWORD_ERROR'] = 'TRUE'; + }else{ + $pageElements['NEWPASSWORD_ERROR'] = 'FALSE'; + } + if ( $confpass != "success" ){ + $pageElements['CNEWPASSWORD_ERROR'] = 'TRUE'; + }else{ + $pageElements['CNEWPASSWORD_ERROR'] = 'FALSE'; + } + return $pageElements; + } + } + + protected function setPassword($user, $pass){ + try { + //make connection with and put into shard db + global $cfg; + $dbs = new DBLayer($cfg['db']['shard']); + $dbs->execute("UPDATE user SET Password = :pass WHERE Login = :user ",$values); + return "ok"; + } + catch (PDOException $e) { + //oh noooz, the shard is offline! Put in query queue at ams_lib db! + /*try { + $dbl = new DBLayer($cfg['db']['lib']); + $dbl->execute("INSERT INTO ams_querycache (type, query) VALUES (:type, :query)",array("type" => "createUser", + "query" => json_encode(array($values["name"],$values["pass"],$values["mail"])))); + return "shardoffline"; + }catch (PDOException $e) { + print_r($e); + return "liboffline"; + }*/ + } + } } + \ No newline at end of file diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php b/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php index 48b6a1f94..91c7bc317 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php @@ -26,4 +26,52 @@ class WebUsers extends Users{ $dbw = new DBLayer($cfg['db']['web']); return $dbw->execute("SELECT * FROM ams_user WHERE Email = :email",array('email' => $email))->rowCount(); } + + + /** + * Function checkUserPassMatch + * + * @takes $username,$password + * @return string Info: Returns true or false if a login match is found in the web db + */ + public function checkLoginMatch($username,$password){ + global $cfg; + + $dbw = new DBLayer($cfg['db']['web']); + $statement = $dbw->execute("SELECT * FROM ams_user WHERE Login=:user", array('user' => $username)); + $row = $statement->fetch(); + + $salt = substr($row['Password'],0,2); + $hashed_input_pass = crypt($password, $salt); + if($hashed_input_pass == $row['Password']){ + return $row; + }else{ + return "fail"; + } + } + + + public function getUsername($id){ + global $cfg; + + $dbw = new DBLayer($cfg['db']['web']); + $statement = $dbw->execute("SELECT * FROM ams_user WHERE UId=:id", array('id' => $id)); + $row = $statement->fetch(); + return $row['Login']; + } + + public function isLoggedIn(){ + if(isset($_SESSION['user'])){ + return true; + } + return false; + } + + public function isAdmin(){ + if(isset($_SESSION['permission']) && $_SESSION['permission'] == 2){ + return true; + } + return false; + } + } \ No newline at end of file diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/add_user.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/add_user.php index 8fc6f311b..1f8d5ce22 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/func/add_user.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/add_user.php @@ -2,7 +2,7 @@ function add_user(){ - $params = Array('Username' => $_POST["Username"], 'Password' => $_POST["Password"], 'Email' => $_POST["Email"]); + $params = Array('Username' => $_POST["Username"], 'Password' => $_POST["Password"], 'ConfirmPass' => $_POST["ConfirmPass"], 'Email' => $_POST["Email"]); $webUser = new WebUsers; $result = $webUser->check_Register($params); diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php new file mode 100644 index 000000000..3603c5144 --- /dev/null +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php @@ -0,0 +1,68 @@ + $target_username, 'CurrentPass' => $_POST["CurrentPass"], 'NewPass' => $_POST["NewPass"], 'ConfirmNewPass' => $_POST["ConfirmNewPass"], 'adminChangesOther' => $adminChangesOther); + $result = $webUser->check_change_password($params); + if ($result == "success"){ + //edit stuff into db + $hashpass = crypt($_POST["NewPass"], WebUsers::generateSALT()); + print('success!'); + exit; + + }else{ + + $result['prevCurrentPass'] = $_POST["CurrentPass"]; + $result['prevNewPass'] = $_POST["NewPass"]; + $result['prevConfirmNewPass'] = $_POST["ConfirmNewPass"]; + $result['permission'] = $_SESSION['permission']; + $result['no_visible_elements'] = 'FALSE'; + $result['target_id'] = $_POST['target_id']; + if(isset($_GET['id'])){ + if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){ + $result['isAdmin'] = "TRUE"; + } + } + helpers :: loadtemplate( 'settings', $result); + exit; + } + + }else{ + //ERROR: permission denied! + } + + }else{ + //ERROR: The form was not filled in correclty + } + }else{ + //ERROR: user is not logged in + exit; + } + + }catch (PDOException $e) { + //go to error page or something, because can't access website db + print_r($e); + exit; + } + +} + diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php index 055ea442a..a34203541 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php @@ -5,16 +5,14 @@ function login(){ global $cfg; try{ - $dbw = new DBLayer($cfg['db']['web']); - $statement = $dbw->execute("SELECT * FROM ams_user WHERE Login=:user", array('user' => $_POST['Username'])); - - $row = $statement->fetch(); - $salt = substr($row['Password'],0,2); - $hashed_input_pass = crypt($_POST["Password"], $salt); - if($hashed_input_pass == $row['Password']){ + $result = WebUsers::checkLoginMatch($_POST["Username"],$_POST["Password"]); + if( $result != "fail"){ //handle successful login $_SESSION['user'] = $_POST["Username"]; - $_SESSION['permission'] = $row['Permission']; + $_SESSION['permission'] = $result['Permission']; + $_SESSION['id'] = $result['UId']; + print('id='); + print($_SESSION['id']); //go back to the index page. header( 'Location: index.php' ); exit; diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php new file mode 100644 index 000000000..2248b7d70 --- /dev/null +++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php @@ -0,0 +1,21 @@ +
Its a fully featured, responsive template for your admin panel. Its optimized for tablet and mobile phones. Scan the QR code below to view it in your mobile device.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Curabitur bibendum ornare dolor.
Lorem ipsum dolor sit amet, consectetur adipiscing elit. Curabitur bibendum ornare dolor, quis ullamcorper ligula sodales at. Nulla tellus elit, varius non commodo eget, mattis vel eros. In sed ornare nulla. Donec consectetur, velit a pharetra ultricies, diam lorem lacinia risus, ac commodo orci erat eu massa. Sed sit amet nulla ipsum. Donec felis mauris, vulputate sed tempor at, aliquam a ligula. Pellentesque non pulvinar nisi.
diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/templates/layout_admin.tpl b/code/ryzom/tools/server/ryzom_ams/www/html/templates/layout_admin.tpl index daa8906ad..b2c79ba00 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/templates/layout_admin.tpl +++ b/code/ryzom/tools/server/ryzom_ams/www/html/templates/layout_admin.tpl @@ -2,6 +2,7 @@ {block name=menu}