From 75ff3e1ed4d26a89928187147e587b13b5333884 Mon Sep 17 00:00:00 2001 From: Quitta Date: Mon, 1 Jul 2013 23:29:16 +0200 Subject: [PATCH] change password is now usable for GM's too by using a GET['id'] param! --HG-- branch : quitta-gsoc-2013 --- .../ryzom_ams/ams_lib/autoload/users.php | 65 ++++++++++++--- .../ryzom_ams/www/html/autoload/webusers.php | 27 ++++++- .../www/html/func/change_password.php | 80 ++++++++++++++----- .../server/ryzom_ams/www/html/func/login.php | 3 + .../ryzom_ams/www/html/inc/settings.php | 21 +++++ .../ryzom_ams/www/html/templates/settings.tpl | 27 ++++--- 6 files changed, 173 insertions(+), 50 deletions(-) create mode 100644 code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php diff --git a/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/users.php b/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/users.php index 864c963bb..7373bc4a3 100644 --- a/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/users.php +++ b/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/users.php @@ -313,27 +313,43 @@ class Users{ } public function check_change_password($values){ - if ( isset( $values["user"] ) and isset( $values["CurrentPass"] ) and isset( $values["ConfirmNewPass"] ) and isset( $values["NewPass"] ) ){ - $match = $this->checkLoginMatch($values["user"],$values["CurrentPass"]); - $newpass = $this->checkPassword($values["NewPass"]); - $confpass = $this->confirmPassword($newpass,$values["NewPass"],$values["ConfirmNewPass"]); + //if admin isn't changing others + if(!$values['adminChangesOther']){ + if ( isset( $values["user"] ) and isset( $values["CurrentPass"] ) and isset( $values["ConfirmNewPass"] ) and isset( $values["NewPass"] ) ){ + $match = $this->checkLoginMatch($values["user"],$values["CurrentPass"]); + $newpass = $this->checkPassword($values["NewPass"]); + $confpass = $this->confirmPassword($newpass,$values["NewPass"],$values["ConfirmNewPass"]); + }else{ + $match = ""; + $newpass = ""; + $confpass = ""; + } }else{ - $match = ""; - $newpass = ""; - $confpass = ""; + //if admin is indeed changing someone! + if ( isset( $values["user"] ) and isset( $values["ConfirmNewPass"] ) and isset( $values["NewPass"] ) ){ + $newpass = $this->checkPassword($values["NewPass"]); + $confpass = $this->confirmPassword($newpass,$values["NewPass"],$values["ConfirmNewPass"]); + }else{ + $newpass = ""; + $confpass = ""; + } } - if ( ( $match != "fail" ) and ( $newpass == "success" ) and ( $confpass == "success" ) ){ + if ( !$values['adminChangesOther'] and ( $match != "fail" ) and ( $newpass == "success" ) and ( $confpass == "success" ) ){ + return "success"; + }else if($values['adminChangesOther'] and ( $newpass == "success" ) and ( $confpass == "success" ) ){ return "success"; }else{ $pageElements = array( - 'match_error_message' => $match, 'newpass_error_message' => $newpass, 'confirmnewpass_error_message' => $confpass ); - if ( $match != "fail" ){ - $pageElements['MATCH_ERROR'] = 'FALSE'; - }else{ - $pageElements['MATCH_ERROR'] = 'TRUE'; + if(!$values['adminChangesOther']){ + $pageElements['match_error_message'] = $match; + if ( $match != "fail" ){ + $pageElements['MATCH_ERROR'] = 'FALSE'; + }else{ + $pageElements['MATCH_ERROR'] = 'TRUE'; + } } if ( $newpass != "success" ){ $pageElements['NEWPASSWORD_ERROR'] = 'TRUE'; @@ -348,6 +364,29 @@ class Users{ return $pageElements; } } + + protected function setPassword($user, $pass){ + try { + //make connection with and put into shard db + global $cfg; + $dbs = new DBLayer($cfg['db']['shard']); + $dbs->execute("UPDATE user SET Password = :pass WHERE Login = :user ",$values); + return "ok"; + } + catch (PDOException $e) { + //oh noooz, the shard is offline! Put in query queue at ams_lib db! + /*try { + $dbl = new DBLayer($cfg['db']['lib']); + $dbl->execute("INSERT INTO ams_querycache (type, query) VALUES (:type, :query)",array("type" => "createUser", + "query" => json_encode(array($values["name"],$values["pass"],$values["mail"])))); + return "shardoffline"; + }catch (PDOException $e) { + print_r($e); + return "liboffline"; + }*/ + } + } } + \ No newline at end of file diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php b/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php index 1e201508f..91c7bc317 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php @@ -48,9 +48,30 @@ class WebUsers extends Users{ }else{ return "fail"; } - - - } + + public function getUsername($id){ + global $cfg; + + $dbw = new DBLayer($cfg['db']['web']); + $statement = $dbw->execute("SELECT * FROM ams_user WHERE UId=:id", array('id' => $id)); + $row = $statement->fetch(); + return $row['Login']; + } + + public function isLoggedIn(){ + if(isset($_SESSION['user'])){ + return true; + } + return false; + } + + public function isAdmin(){ + if(isset($_SESSION['permission']) && $_SESSION['permission'] == 2){ + return true; + } + return false; + } + } \ No newline at end of file diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php index 63a76a425..3603c5144 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php @@ -3,28 +3,66 @@ function change_password(){ try{ - if(isset($_SESSION["user"])){ - $webUser = new WebUsers(); - $params = Array( 'user' => $_SESSION["user"], 'CurrentPass' => $_POST["CurrentPass"], 'NewPass' => $_POST["NewPass"], 'ConfirmNewPass' => $_POST["ConfirmNewPass"]); - $result = $webUser->check_change_password($params); - if ($result == "success"){ - //edit stuff into db + //if logged in + if(WebUsers::isLoggedIn()){ + + if(isset($_POST['target_id'])){ + $adminChangesOther = false; + //if target_id is the same as session id or is admin + if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){ + if($_POST['target_id'] == $_SESSION['id']){ + $target_username = $_SESSION['user']; + }else{ + $target_username = WebUsers::getUsername($_POST['target_id']); + //isAdmin is true when it's the admin, but the target_id != own id + $adminChangesOther = true; + $_POST["CurrentPass"] = "dummypass"; + } + $id = $_POST['target_id']; + + $webUser = new WebUsers(); + $params = Array( 'user' => $target_username, 'CurrentPass' => $_POST["CurrentPass"], 'NewPass' => $_POST["NewPass"], 'ConfirmNewPass' => $_POST["ConfirmNewPass"], 'adminChangesOther' => $adminChangesOther); + $result = $webUser->check_change_password($params); + if ($result == "success"){ + //edit stuff into db + $hashpass = crypt($_POST["NewPass"], WebUsers::generateSALT()); + print('success!'); + exit; + + }else{ + + $result['prevCurrentPass'] = $_POST["CurrentPass"]; + $result['prevNewPass'] = $_POST["NewPass"]; + $result['prevConfirmNewPass'] = $_POST["ConfirmNewPass"]; + $result['permission'] = $_SESSION['permission']; + $result['no_visible_elements'] = 'FALSE'; + $result['target_id'] = $_POST['target_id']; + if(isset($_GET['id'])){ + if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){ + $result['isAdmin'] = "TRUE"; + } + } + helpers :: loadtemplate( 'settings', $result); + exit; + } + }else{ - $result['prevCurrentPass'] = $_POST["CurrentPass"]; - $result['prevNewPass'] = $_POST["NewPass"]; - $result['prevConfirmNewPass'] = $_POST["ConfirmNewPass"]; - $result['permission'] = $_SESSION['permission']; - $result['no_visible_elements'] = 'FALSE'; - helpers :: loadtemplate( 'settings', $result); - exit; + //ERROR: permission denied! } - - } - }catch (PDOException $e) { - //go to error page or something, because can't access website db - print_r($e); - exit; - } - + + }else{ + //ERROR: The form was not filled in correclty + } + }else{ + //ERROR: user is not logged in + exit; + } + + }catch (PDOException $e) { + //go to error page or something, because can't access website db + print_r($e); + exit; + } + } diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php index 4edd60fe5..a34203541 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php @@ -10,6 +10,9 @@ function login(){ //handle successful login $_SESSION['user'] = $_POST["Username"]; $_SESSION['permission'] = $result['Permission']; + $_SESSION['id'] = $result['UId']; + print('id='); + print($_SESSION['id']); //go back to the index page. header( 'Location: index.php' ); exit; diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php new file mode 100644 index 000000000..2248b7d70 --- /dev/null +++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php @@ -0,0 +1,21 @@ +
-
+ Change Password -
- -
-
- - - {if isset($MATCH_ERROR) and $MATCH_ERROR eq "TRUE"}The password is incorrect{/if} -
+ {if !isset($isAdmin) or $isAdmin eq "FALSE"} +
+ +
+
+ + + {if isset($MATCH_ERROR) and $MATCH_ERROR eq "TRUE"}The password is incorrect{/if} +
+
-
- + {/if}
@@ -50,7 +51,7 @@
- +