diff --git a/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/helpers.php b/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/helpers.php index f259b85e4..d677cb936 100644 --- a/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/helpers.php +++ b/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/helpers.php @@ -34,8 +34,10 @@ class Helpers{ foreach ( $variables[$template] as $key => $value ){ $smarty -> assign( $key, $value ); } - if( isset($vars['permission']) && $vars['permission'] == 2 ){ + if( isset($vars['permission']) && $vars['permission'] == 3 ){ $inherited = "extends:layout_admin.tpl|"; + }else if( isset($vars['permission']) && $vars['permission'] == 2){ + $inherited = "extends:layout_mod.tpl|"; }else if( isset($vars['permission']) && $vars['permission'] == 1){ $inherited = "extends:layout_user.tpl|"; }else{ diff --git a/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/ticket_user.php b/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/ticket_user.php index 9c7c646a6..a26f4f5f2 100644 --- a/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/ticket_user.php +++ b/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/ticket_user.php @@ -29,8 +29,7 @@ class Ticket_User{ } return false; } - - + //return constructed element based on TUserId public static function constr_TUserId( $id) { $instance = new self(); diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php b/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php index 72d57af74..e1a4b4501 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php @@ -82,13 +82,6 @@ class WebUsers extends Users{ return false; } - public function isAdmin(){ - if(isset($_SESSION['permission']) && $_SESSION['permission'] == 2){ - return true; - } - return false; - } - public function setPassword($user, $pass){ $reply = WebUsers::setAmsPassword($user, $pass); $values = Array('user' => $user, 'pass' => $pass); @@ -122,4 +115,5 @@ class WebUsers extends Users{ $data = $dbl->executeWithoutParams("SELECT * FROM ams_user"); return $data; } + } \ No newline at end of file diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/add_sgroup.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/add_sgroup.php index 1b6297151..9fc59d917 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/func/add_sgroup.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/add_sgroup.php @@ -10,7 +10,7 @@ function add_sgroup(){ $tag = "[" . $inner_tag . "]"; $result['RESULT_OF_ADDING'] = Support_Group::createSupportGroup($name, $tag); - $result['permission'] = $_SESSION['permission']; + $result['permission'] = $_SESSION['ticket_user']->getPermission(); $result['no_visible_elements'] = 'FALSE'; $result['username'] = $_SESSION['user']; global $SITEBASE; diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/add_user_to_sgroup.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/add_user_to_sgroup.php index 830b67c57..cd6a4b0bb 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/func/add_user_to_sgroup.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/add_user_to_sgroup.php @@ -13,7 +13,7 @@ function add_user_to_sgroup(){ }else{ $result['RESULT_OF_ADDING'] = "USER_NOT_EXISTING"; } - $result['permission'] = $_SESSION['permission']; + $result['permission'] = $_SESSION['ticket_user']->getPermission(); $result['no_visible_elements'] = 'FALSE'; $result['username'] = $_SESSION['user']; global $SITEBASE; diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_info.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_info.php index dab7efbbe..12d82bfa4 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_info.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_info.php @@ -81,7 +81,7 @@ function change_info(){ if($updated){ $result['info_updated'] = "OK"; } - $result['permission'] = $_SESSION['permission']; + $result['permission'] = $_SESSION['ticket_user']->getPermission(); $result['username'] = $_SESSION['user']; $result['no_visible_elements'] = 'FALSE'; $result['target_id'] = $_POST['target_id']; diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_mail.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_mail.php index ff0427a2c..9a7f76a69 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_mail.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_mail.php @@ -37,13 +37,13 @@ function change_mail(){ }else if($status == 'shardoffline'){ $result['SUCCESS_MAIL'] = "SHARDOFF"; } - $result['permission'] = $_SESSION['permission']; + $result['permission'] = $_SESSION['ticket_user']->getPermission(); $result['no_visible_elements'] = 'FALSE'; $result['username'] = $_SESSION['user']; $result['target_id'] = $_POST['target_id']; if(isset($_GET['id'])){ if(Ticket_User::isMod($_SESSION['ticket_user']) && ($_POST['target_id'] != $_SESSION['id'])){ - $result['isAdmin'] = "TRUE"; + $result['isMod'] = "TRUE"; } } helpers :: loadtemplate( 'settings', $result); @@ -51,13 +51,13 @@ function change_mail(){ }else{ $result['EMAIL'] = $reply; - $result['permission'] = $_SESSION['permission']; + $result['permission'] = $_SESSION['ticket_user']->getPermission(); $result['no_visible_elements'] = 'FALSE'; $result['username'] = $_SESSION['user']; $result['target_id'] = $_POST['target_id']; if(isset($_GET['id'])){ if(Ticket_User::isMod($_SESSION['ticket_user']) && ($_POST['target_id'] != $_SESSION['id'])){ - $result['isAdmin'] = "TRUE"; + $result['isMod'] = "TRUE"; } } helpers :: loadtemplate( 'settings', $result); diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php index 071cbfd3c..a2ae8691c 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php @@ -34,7 +34,7 @@ function change_password(){ }else if($status == 'shardoffline'){ $succresult['SUCCESS_PASS'] = "SHARDOFF"; } - $succresult['permission'] = $_SESSION['permission']; + $succresult['permission'] = $_SESSION['ticket_user']->getPermission(); $succresult['no_visible_elements'] = 'FALSE'; $succresult['username'] = $_SESSION['user']; $succresult['target_id'] = $_POST['target_id']; @@ -46,7 +46,7 @@ function change_password(){ $result['prevCurrentPass'] = filter_var($_POST["CurrentPass"], FILTER_SANITIZE_STRING); $result['prevNewPass'] = filter_var($_POST["NewPass"], FILTER_SANITIZE_STRING); $result['prevConfirmNewPass'] = filter_var($_POST["ConfirmNewPass"], FILTER_SANITIZE_STRING); - $result['permission'] = $_SESSION['permission']; + $result['permission'] = $_SESSION['ticket_user']->getPermission(); $result['no_visible_elements'] = 'FALSE'; $result['username'] = $_SESSION['user']; $result['target_id'] = $_POST['target_id']; diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php index 39866ba12..49ef2a435 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php @@ -3,11 +3,12 @@ function login(){ try{ - $result = WebUsers::checkLoginMatch($_POST["Username"],$_POST["Password"]); + $username = filter_var($_POST['Username'],FILTER_SANITIZE_STRING); + $password = filter_var($_POST['Password'],FILTER_SANITIZE_STRING); + $result = WebUsers::checkLoginMatch($username, $password); if( $result != "fail"){ //handle successful login - $_SESSION['user'] = $_POST["Username"]; - $_SESSION['permission'] = $result['Permission']; + $_SESSION['user'] = $username; $_SESSION['id'] = $result['UId']; $_SESSION['ticket_user'] = Ticket_User::constr_ExternId($result['UId']); diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php index a4db33b6b..4d572ddaf 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php @@ -12,7 +12,7 @@ function settings(){ }else{ $result = WebUsers::getInfo($_GET['id']); if(Ticket_User::isMod($_SESSION['ticket_user']) && ($_GET['id']!= $_SESSION['id'])){ - $result['isAdmin'] = "TRUE"; + $result['changesOther'] = "TRUE"; } $result['target_id'] = $_GET['id']; $result['current_mail'] = WebUsers::getEmail($_GET['id']); diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_queue.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_queue.php index 4af0a4b84..7b8f041d1 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_queue.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_queue.php @@ -17,7 +17,7 @@ function show_queue(){ $i++; } if(Ticket_User::isMod($_SESSION['ticket_user'])){ - $result['isAdmin'] = "TRUE"; + $result['isMod'] = "TRUE"; } return $result; }else{ diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_reply.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_reply.php index fad5dad87..c387e3cc4 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_reply.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_reply.php @@ -26,7 +26,7 @@ function show_reply(){ $result['author'] = $author->getExternId(); $result['authorName'] = WebUsers::getUsername($author->getExternId()); if(Ticket_User::isMod($_SESSION['ticket_user'])){ - $result['isAdmin'] = "TRUE"; + $result['isMod'] = "TRUE"; } return $result; diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_ticket.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_ticket.php index 217f9484c..3e6f13d18 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_ticket.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_ticket.php @@ -29,7 +29,7 @@ function show_ticket(){ $i++; } if(Ticket_User::isMod($_SESSION['ticket_user'])){ - $result['isAdmin'] = "TRUE"; + $result['isMod'] = "TRUE"; $result['statusList'] = Ticket::getStatusArray(); } return $result; diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_ticket_log.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_ticket_log.php index c5bacf030..6cdf45b9a 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_ticket_log.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/show_ticket_log.php @@ -34,7 +34,7 @@ function show_ticket_log(){ $i++; } if(Ticket_User::isMod($_SESSION['ticket_user'])){ - $result['isAdmin'] = "TRUE"; + $result['isMod'] = "TRUE"; } return $result; diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/index.php b/code/ryzom/tools/server/ryzom_ams/www/html/index.php index 040989bbb..1131a953a 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/index.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/index.php @@ -36,8 +36,8 @@ if(isset($_SESSION['user'])){ //Set permission -if(isset($_SESSION['permission'])){ - $return['permission'] = $_SESSION['permission']; +if(isset($_SESSION['ticket_user'])){ + $return['permission'] = $_SESSION['ticket_user']->getPermission(); }else{ //default permission $return['permission'] = 0; diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/sql/install.php b/code/ryzom/tools/server/ryzom_ams/www/html/sql/install.php index c8cf05b69..33277fdb8 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/sql/install.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/sql/install.php @@ -323,12 +323,14 @@ 'name' => "admin", 'pass' => $hashpass, 'mail' => "admin@admin.com", + 'permission' => 3 ); - Users::createUser($params, 1); try{ - $params['permission'] = 2; $dbw = new DBLayer("web"); - $dbw->execute("INSERT INTO ams_user (Login, Password, Email, Permission) VALUES (:name, :pass, :mail, :permission)",$params); + $user_id = $dbw->executeReturnId("INSERT INTO ams_user (Login, Password, Email, Permission) VALUES (:name, :pass, :mail, :permission)",$params); + Users::createUser($params, $user_id); + $dbl = new DBLayer("lib"); + $dbl->execute("UPDATE ticket_user SET Permission = 3 WHERE TUserId = :user_id",array('user_id' => $user_id)); print "The admin account is created, you can login with id: admin, pass: admin!"; }catch (PDOException $e){ print "There was an error while creating the admin account! "; diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/templates/layout_mod.tpl b/code/ryzom/tools/server/ryzom_ams/www/html/templates/layout_mod.tpl new file mode 100644 index 000000000..823b68445 --- /dev/null +++ b/code/ryzom/tools/server/ryzom_ams/www/html/templates/layout_mod.tpl @@ -0,0 +1,14 @@ +{extends file="layout.tpl"} +{block name=menu} +
  • Main
    • +
  • Dashboard
    • +
  • Profile
    • +
  • Settings
    • +
  • Admin
    • +
  • Users
    • +
  • Queues
    • +
  • Support Groups
    • +
  • Actions
    • +
  • Logout
    • +{/block} + diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/templates/settings.tpl b/code/ryzom/tools/server/ryzom_ams/www/html/templates/settings.tpl index f9ad610d9..0a7aa263c 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/templates/settings.tpl +++ b/code/ryzom/tools/server/ryzom_ams/www/html/templates/settings.tpl @@ -13,7 +13,7 @@
    Change Password - {if !isset($isAdmin) or $isAdmin eq "FALSE"} + {if !isset($changesOther) or $changesOther eq "FALSE"}
    diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/templates/show_reply.tpl b/code/ryzom/tools/server/ryzom_ams/www/html/templates/show_reply.tpl index 078136f30..4813f840c 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/templates/show_reply.tpl +++ b/code/ryzom/tools/server/ryzom_ams/www/html/templates/show_reply.tpl @@ -20,7 +20,7 @@ {else if $author_permission eq '2'} [CSR] {/if} - {if isset($isAdmin) and $isAdmin eq "TRUE"} {$authorName}{else}{$authorName} {/if}

    + {if isset($isMod) and $isMod eq "TRUE"} {$authorName}{else}{$authorName} {/if}

    {$reply_content}

    diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/templates/show_ticket.tpl b/code/ryzom/tools/server/ryzom_ams/www/html/templates/show_ticket.tpl index e89f0387a..dfda0de8f 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/templates/show_ticket.tpl +++ b/code/ryzom/tools/server/ryzom_ams/www/html/templates/show_ticket.tpl @@ -39,7 +39,7 @@ {else if $reply.permission gt '1'} [CSR] {/if} - {if isset($isAdmin) and $isAdmin eq "TRUE"} {$reply.author}{else}{$reply.author} {/if}

    + {if isset($isMod) and $isMod eq "TRUE"} {$reply.author}{else}{$reply.author} {/if}

    {$reply.replyContent}

    @@ -68,7 +68,7 @@
    {/if} - {if isset($isAdmin) and $isAdmin eq "TRUE"} + {if isset($isMod) and $isMod eq "TRUE"}
    @@ -181,7 +181,7 @@