Change email seems to work, also for admin's :)

--HG--
branch : quitta-gsoc-2013
This commit is contained in:
Quitta 2013-07-02 04:42:12 +02:00
parent 2130875539
commit a1a052dd72
6 changed files with 163 additions and 16 deletions

View file

@ -156,7 +156,7 @@ class Users{
* @takes $email * @takes $email
* @return * @return
*/ */
private function checkEmail( $email ) public function checkEmail( $email )
{ {
if ( isset( $email ) ){ if ( isset( $email ) ){
if ( !Users::validEmail( $email ) ){ if ( !Users::validEmail( $email ) ){
@ -381,7 +381,31 @@ class Users{
try { try {
$dbl = new DBLayer($cfg['db']['lib']); $dbl = new DBLayer($cfg['db']['lib']);
$dbl->execute("INSERT INTO ams_querycache (type, query) VALUES (:type, :query)",array("type" => "changepass", $dbl->execute("INSERT INTO ams_querycache (type, query) VALUES (:type, :query)",array("type" => "changepass",
"query" => json_encode(array($values["name"],$values["pass"])))); "query" => json_encode(array($values["user"],$values["pass"]))));
return "shardoffline";
}catch (PDOException $e) {
return "liboffline";
}
}
}
protected function setAmsEmail($user, $mail){
global $cfg;
$values = Array('user' => $user, 'mail' => $mail);
try {
//make connection with and put into shard db
$dbs = new DBLayer($cfg['db']['shard']);
$dbs->execute("UPDATE user SET Email = :mail WHERE Login = :user ",$values);
return "ok";
}
catch (PDOException $e) {
//oh noooz, the shard is offline! Put in query queue at ams_lib db!
try {
$dbl = new DBLayer($cfg['db']['lib']);
$dbl->execute("INSERT INTO ams_querycache (type, query) VALUES (:type, :query)",array("type" => "changemail",
"query" => json_encode(array($values["user"],$values["mail"]))));
return "shardoffline"; return "shardoffline";
}catch (PDOException $e) { }catch (PDOException $e) {
return "liboffline"; return "liboffline";

View file

@ -60,6 +60,16 @@ class WebUsers extends Users{
return $row['Login']; return $row['Login'];
} }
public function getEmail($id){
global $cfg;
$dbw = new DBLayer($cfg['db']['web']);
$statement = $dbw->execute("SELECT * FROM ams_user WHERE UId=:id", array('id' => $id));
$row = $statement->fetch();
return $row['Email'];
}
public function isLoggedIn(){ public function isLoggedIn(){
if(isset($_SESSION['user'])){ if(isset($_SESSION['user'])){
return true; return true;
@ -89,4 +99,19 @@ class WebUsers extends Users{
return $reply; return $reply;
} }
public function setEmail($user, $mail){
global $cfg;
$reply = WebUsers::setAmsEmail($user, $mail);
$values = Array('user' => $user, 'mail' => $mail);
try {
//make connection with and put into shard db
$dbw = new DBLayer($cfg['db']['web']);
$dbw->execute("UPDATE ams_user SET Email = :mail WHERE Login = :user ",$values);
}
catch (PDOException $e) {
//ERROR: the web DB is offline
}
return $reply;
}
} }

View file

@ -0,0 +1,80 @@
<?php
function change_mail(){
try{
//if logged in
if(WebUsers::isLoggedIn()){
if(isset($_POST['target_id'])){
if( ($_POST['target_id'] == $_SESSION['id']) || WebUsers::isAdmin() ){
if($_POST['target_id'] == $_SESSION['id']){
$target_username = $_SESSION['user'];
}else{
$target_username = WebUsers::getUsername($_POST['target_id']);
}
$webUser = new WebUsers();
$reply = $webUser->checkEmail($_POST['NewEmail']);
if ( $reply != "success" ){
$result['EMAIL_ERROR'] = 'TRUE';
}else{
$result['EMAIL_ERROR'] = 'FALSE';
}
$result['prevNewEmail'] = $_POST["NewEmail"];
if ($reply== "success"){
$status = WebUsers::setEmail($target_username, $_POST["NewEmail"] );
if($status == 'ok'){
$result['SUCCESS_MAIL'] = "OK";
}else if($status == 'shardoffline'){
$result['SUCCESS_MAIL'] = "SHARDOFF";
}
$result['permission'] = $_SESSION['permission'];
$result['no_visible_elements'] = 'FALSE';
$result['target_id'] = $_POST['target_id'];
if(isset($_GET['id'])){
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
$result['isAdmin'] = "TRUE";
}
}
helpers :: loadtemplate( 'settings', $result);
exit;
}else{
$result['EMAIL'] = $reply;
$result['permission'] = $_SESSION['permission'];
$result['no_visible_elements'] = 'FALSE';
$return['username'] = $_SESSION['user'];
$result['target_id'] = $_POST['target_id'];
if(isset($_GET['id'])){
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
$result['isAdmin'] = "TRUE";
}
}
helpers :: loadtemplate( 'settings', $result);
exit;
}
}else{
//ERROR: permission denied!
}
}else{
//ERROR: The form was not filled in correclty
}
}else{
//ERROR: user is not logged in
exit;
}
}catch (PDOException $e) {
//go to error page or something, because can't access website db
print_r($e);
exit;
}
}

View file

@ -18,7 +18,6 @@ function change_password(){
$adminChangesOther = true; $adminChangesOther = true;
$_POST["CurrentPass"] = "dummypass"; $_POST["CurrentPass"] = "dummypass";
} }
$id = $_POST['target_id'];
$webUser = new WebUsers(); $webUser = new WebUsers();
$params = Array( 'user' => $target_username, 'CurrentPass' => $_POST["CurrentPass"], 'NewPass' => $_POST["NewPass"], 'ConfirmNewPass' => $_POST["ConfirmNewPass"], 'adminChangesOther' => $adminChangesOther); $params = Array( 'user' => $target_username, 'CurrentPass' => $_POST["CurrentPass"], 'NewPass' => $_POST["NewPass"], 'ConfirmNewPass' => $_POST["ConfirmNewPass"], 'adminChangesOther' => $adminChangesOther);
@ -29,9 +28,9 @@ function change_password(){
$hashpass = crypt($_POST["NewPass"], WebUsers::generateSALT()); $hashpass = crypt($_POST["NewPass"], WebUsers::generateSALT());
$status = WebUsers::setPassword($target_username, $hashpass); $status = WebUsers::setPassword($target_username, $hashpass);
if($status == 'ok'){ if($status == 'ok'){
$succresult['SUCCESS'] = "OK"; $succresult['SUCCESS_PASS'] = "OK";
}else if($status == 'shardoffline'){ }else if($status == 'shardoffline'){
$succresult['SUCCESS'] = "SHARDOFF"; $succresult['SUCCESS_PASS'] = "SHARDOFF";
} }
$succresult['permission'] = $_SESSION['permission']; $succresult['permission'] = $_SESSION['permission'];
$succresult['no_visible_elements'] = 'FALSE'; $succresult['no_visible_elements'] = 'FALSE';
@ -51,6 +50,7 @@ function change_password(){
$result['prevConfirmNewPass'] = $_POST["ConfirmNewPass"]; $result['prevConfirmNewPass'] = $_POST["ConfirmNewPass"];
$result['permission'] = $_SESSION['permission']; $result['permission'] = $_SESSION['permission'];
$result['no_visible_elements'] = 'FALSE'; $result['no_visible_elements'] = 'FALSE';
$return['username'] = $_SESSION['user'];
$result['target_id'] = $_POST['target_id']; $result['target_id'] = $_POST['target_id'];
if(isset($_GET['id'])){ if(isset($_GET['id'])){
if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){ if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){

View file

@ -8,10 +8,12 @@ function settings(){
$result['isAdmin'] = "TRUE"; $result['isAdmin'] = "TRUE";
} }
$result['target_id'] = $_GET['id']; $result['target_id'] = $_GET['id'];
$result['current_mail'] = WebUsers::getEmail($_GET['id']);
}else{ }else{
$result['target_id'] = $_SESSION['id']; $result['target_id'] = $_SESSION['id'];
$result['current_mail'] = WebUsers::getEmail($_SESSION['id']);
} }
return $result; return $result;
}else{ }else{
//ERROR: not logged in! //ERROR: not logged in!

View file

@ -52,15 +52,15 @@
{if isset($SUCCESS) and $SUCCESS eq "OK"} {if isset($SUCCESS_PASS) and $SUCCESS_PASS eq "OK"}
<div class="alert alert-success"> <div class="alert alert-success">
Your password has been changed! The password has been changed!
</div> </div>
{/if} {/if}
{if isset($SUCCESS) and $SUCCESS eq "SHARDOFF"} {if isset($SUCCESS_PASS) and $SUCCESS_PASS eq "SHARDOFF"}
<div class="alert alert-warning"> <div class="alert alert-warning">
Your password has been changed, though the shard seems offline, it may take some time to see the change on the shard. The password has been changed, though the shard seems offline, it may take some time to see the change on the shard.
</div> </div>
{/if} {/if}
@ -87,18 +87,34 @@
</div> </div>
<div class="box-content"> <div class="box-content">
<div class="row-fluid"> <div class="row-fluid">
<form id="changeEmail" class="form-vertical" method="post" action="index.php"> <form id="changeEmail" class="form-vertical" method="post" action="index.php?page=settings&id={$target_id}">
<legend>Change Email</legend> <legend>Change Email</legend>
<div class="control-group"> <div class="control-group {if isset($EMAIL_ERROR) and $EMAIL_ERROR eq "TRUE"}error{/if}">
<label class="control-label">New Email</label> <label class="control-label">New Email</label>
<div class="controls"> <div class="controls">
<div class="input-prepend"> <div class="input-prepend">
<span class="add-on" style="margin-left:5px;"><i class="icon-envelope"></i></span> <span class="add-on" style="margin-left:5px;"><i class="icon-envelope"></i></span>
<input type="text" class="input-xlarge" id="NewEmail" name="NewEmail" placeholder="Your new email"> <input type="text" class="input-xlarge" id="NewEmail" name="NewEmail" placeholder="Your new email" {if isset($prevNewEmail)}value="{$prevNewEmail}"{else if isset($current_mail)}value="{$current_mail}"{/if}>
</div> {if isset($EMAIL_ERROR) and $EMAIL_ERROR eq "TRUE"}<span class="help-inline">{$EMAIL}</span>{/if}
</div>
</div> </div>
</div> </div>
<input type="hidden" name="function" value="change_email">
{if isset($SUCCESS_MAIL) and $SUCCESS_MAIL eq "OK"}
<div class="alert alert-success">
The email has been changed!
</div>
{/if}
{if isset($SUCCESS_MAIL) and $SUCCESS_MAIL eq "SHARDOFF"}
<div class="alert alert-warning">
The email has been changed, though the shard seems offline, it may take some time to see the change on the shard.
</div>
{/if}
<input type="hidden" name="function" value="change_mail">
<input type="hidden" name="target_id" value="{$target_id}">
<div class="control-group"> <div class="control-group">
<label class="control-label"></label> <label class="control-label"></label>
<div class="controls"> <div class="controls">