Nicen the rego form and add back the change password form

diff --git a/testing/MCTXWeb/public_html/users/left-nav.php b/testing/MCTXWeb/public_html/users/left-nav.php
index bb56d73..addc4c4 100644 (file)
--- a/testing/MCTXWeb/public_html/users/left-nav.php
+++ b/testing/MCTXWeb/public_html/users/left-nav.php
@@ -22,6 +22,7 @@ if ($loggedInUser->checkPermission(array(2))){
                 <li><a href="admin_upload_users.php"><span>Upload new users</span></a></li>\r
                 <li><a href="admin_pages.php"><span>Manage visible pages</span></a></li>\r
                 <li><a href="admin_configuration.php"><span>Manage site details</span></a></li>\r
+                <li><a href="user_change_details.php"><span>Change your password</span></a></li>\r
               </ul>\r
             </div>\r
           </div>\r

diff --git a/testing/MCTXWeb/public_html/users/login.php b/testing/MCTXWeb/public_html/users/login.php
index 257fa4d..95b22a4 100644 (file)
--- a/testing/MCTXWeb/public_html/users/login.php
+++ b/testing/MCTXWeb/public_html/users/login.php
@@ -116,7 +116,8 @@ echo '
                </label>             \r
              </p>\r
              <p style="float:left; margin:0;">\r
-               <a href="forgot-password.php">Forgotten password?</a>\r
+               <a href="forgot-password.php">Forgotten password?</a><br>\r
+               <a href="register.php">Register</a>\r
              </p>\r
              <p style="float:right; margin:0;">\r
                <input type="submit" value="Log In">\r

diff --git a/testing/MCTXWeb/public_html/users/models/funcs.php b/testing/MCTXWeb/public_html/users/models/funcs.php
index 9eb69b8..a3a9928 100644 (file)
--- a/testing/MCTXWeb/public_html/users/models/funcs.php
+++ b/testing/MCTXWeb/public_html/users/models/funcs.php
@@ -165,14 +165,11 @@ function resultBlock($errors,$successes){
        //Success block\r
        if(count($successes) > 0)\r
        {\r
-               echo "<div id='success'>\r
-               <a href='#' onclick=\"showHide('success');\">[X]</a>\r
-               <ul>";\r
+               echo "<div id='success'>";\r
                foreach($successes as $success)\r
                {\r
-                       echo "<li>".$success."</li>";\r
+      echo "<p>".$success."</li>";\r
                }\r
-               echo "</ul>";\r
                echo "</div>";\r
        }\r
 }\r

diff --git a/testing/MCTXWeb/public_html/users/register.php b/testing/MCTXWeb/public_html/users/register.php
index 32f1ae1..8a0d6e6 100644 (file)
--- a/testing/MCTXWeb/public_html/users/register.php
+++ b/testing/MCTXWeb/public_html/users/register.php
@@ -40,9 +40,9 @@ if(!empty($_POST))
        if(!ctype_alnum($displayname)){\r
                $errors[] = lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS");\r
        }\r
-       if(minMaxRange(8,50,$password) && minMaxRange(8,50,$confirm_pass))\r
+       if(minMaxRange(6,50,$password) && minMaxRange(6,50,$confirm_pass))\r
        {\r
-               $errors[] = lang("ACCOUNT_PASS_CHAR_LIMIT",array(8,50));\r
+               $errors[] = lang("ACCOUNT_PASS_CHAR_LIMIT",array(6,50));\r
        }\r
        else if($password != $confirm_pass)\r
        {\r
@@ -81,25 +81,13 @@ if(!empty($_POST))
 }\r
 \r
 require_once("models/header.php");\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Register</h2>\r
+startPage();\r
 \r
-<div id='left-nav'>";\r
-include("left-nav.php");\r
 echo "\r
-</div>\r
-\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
+<div class='widget' id='login-container'><div class='title centre'>User registration</div>";\r
 \r
 echo "\r
-<div id='regbox'>\r
+<div id=''>\r
 <form name='newUser' action='".$_SERVER['PHP_SELF']."' method='post'>\r
 \r
 <p>\r
@@ -122,23 +110,26 @@ echo "
 <label>Email:</label>\r
 <input type='text' name='email' />\r
 </p>\r
+\r
 <p>\r
 <label>Security Code:</label>\r
 <img src='models/captcha.php'>\r
 </p>\r
+<p>\r
 <label>Enter Security Code:</label>\r
 <input name='captcha' type='text'>\r
 </p>\r
-<label>&nbsp;<br>\r
+<p class='right'>\r
+<label>&nbsp;</label>\r
 <input type='submit' value='Register'/>\r
-</p>\r
+</p>";\r
 \r
+echo resultBlock($errors,$successes);\r
+echo "\r
 </form>\r
 </div>\r
 \r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
+</div>";\r
+\r
+finishPage();\r
 ?>\r

diff --git a/testing/MCTXWeb/public_html/users/user_change_details.php b/testing/MCTXWeb/public_html/users/user_change_details.php
new file mode 100644 (file)
index 0000000..16c4532
--- /dev/null
+++ b/testing/MCTXWeb/public_html/users/user_change_details.php
@@ -0,0 +1,169 @@
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+require_once("models/config.php");\r
+if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+\r
+//Forms posted\r
+if(!empty($_POST))\r
+{\r
+       $errors = array();\r
+       $username = sanitize(trim($_POST["username"]));\r
+       $password = trim($_POST["password"]);\r
+  $password_new = trim($_POST["password_new"]);\r
+  $password_confirm = trim($_POST["password_confirm"]);\r
+       \r
+       //Perform some validation\r
+       //Feel free to edit / change as required\r
+       if($username == "")\r
+       {\r
+               $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");\r
+       }\r
+       if($password == "")\r
+       {\r
+               $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");\r
+       }\r
+\r
+       if(count($errors) == 0)\r
+       {\r
+               //A security note here, never tell the user which credential was incorrect\r
+               if(!usernameExists($username))\r
+               {\r
+                       $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");\r
+               }\r
+               else\r
+               {\r
+                       $userdetails = fetchUserDetails($username);\r
+                       //See if the user's account is activated\r
+                       if($userdetails["active"]==0)\r
+                       {\r
+                               $errors[] = lang("ACCOUNT_INACTIVE");\r
+                       }\r
+                       else\r
+                       {\r
+                               //Hash the password and use the salt from the database to compare the password.\r
+                               $entered_pass = generateHash($password,$userdetails["password"]);\r
+\r
+                               //echo "".$userdetails["password"]; //Wut is dis\r
+                               \r
+                               if($entered_pass != $userdetails["password"])\r
+                               {\r
+                                       //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing\r
+                                       $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");\r
+                               }\r
+                               else\r
+                               {\r
+                                       //Passwords match! we're good to go'\r
+                                       \r
+                                       //Construct a new logged in user object\r
+                                       //Transfer some db data to the session object\r
+                                       $loggedInUser = new loggedInUser();\r
+                                       $loggedInUser->email = $userdetails["email"];\r
+                                       $loggedInUser->user_id = $userdetails["id"];\r
+                                       $loggedInUser->hash_pw = $userdetails["password"];\r
+                                       $loggedInUser->title = $userdetails["title"];\r
+                                       $loggedInUser->displayname = $userdetails["display_name"];\r
+                                       $loggedInUser->username = $userdetails["user_name"];\r
+                                       \r
+          if(trim($password_new) == "")\r
+          {\r
+            $errors[] = lang("ACCOUNT_SPECIFY_NEW_PASSWORD");\r
+          }\r
+          else if(trim($password_confirm) == "")\r
+          {\r
+            $errors[] = lang("ACCOUNT_SPECIFY_CONFIRM_PASSWORD");\r
+          }\r
+          else if(minMaxRange(6,50,$password_new))\r
+          {    \r
+            $errors[] = lang("ACCOUNT_NEW_PASSWORD_LENGTH",array(6,50));\r
+          }\r
+          else if($password_new != $password_confirm)\r
+          {\r
+            $errors[] = lang("ACCOUNT_PASS_MISMATCH");\r
+          }\r
+          \r
+          //End data validation\r
+          if(count($errors) == 0)\r
+          {\r
+            //Also prevent updating if someone attempts to update with the same password\r
+            $entered_pass_new = generateHash($password_new,$loggedInUser->hash_pw);\r
+            \r
+            if($entered_pass_new == $loggedInUser->hash_pw)\r
+            {\r
+              //Don't update, this fool is trying to update with the same password ¬¬\r
+              $errors[] = lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE");\r
+            }\r
+            else\r
+            {\r
+              //This function will create the new hash and update the hash_pw property.\r
+              $loggedInUser->updatePassword($password_new);\r
+              $successes[] = lang("ACCOUNT_PASSWORD_UPDATED");\r
+            }\r
+          }\r
+                               }\r
+                       }\r
+               }\r
+       }\r
+}\r
+\r
+if (isUserLoggedIn())\r
+{\r
+  //If not admin, log them out after pw change\r
+  if (!$loggedInUser->checkPermission(array(2)))\r
+  {\r
+    $loggedInUser->userLogOut();\r
+  }\r
+}\r
+\r
+require_once("models/header.php");\r
+startPage();\r
+\r
+echo '\r
+      <div id="login-container">\r
+       <div class="widget">\r
+          <div class="title centre">Change of password</div>\r
+           <form id="login-update" class="clear" name="login-update" action="'.$_SERVER["PHP_SELF"].'" method="post">\r
+             <p>\r
+               <label>\r
+                 Username<br>\r
+                 <input name="username" type="text">\r
+               </label>\r
+             </p>\r
+             <p>\r
+               <label>\r
+                 Password<br>\r
+                 <input name="password" type="password">\r
+               </label>             \r
+             </p>\r
+             <p>\r
+               <label>\r
+                 New password<br>\r
+                 <input name="password_new" type="password">\r
+               </label>             \r
+             </p>\r
+             <p>\r
+               <label>\r
+                 Confirm password<br>\r
+                 <input name="password_confirm" type="password">\r
+               </label>             \r
+             </p>\r
+             <p style="float:left; margin:0;">\r
+               <a href="forgot-password.php">Forgotten password?</a>\r
+             </p>\r
+             <p style="float:right; margin:0;">\r
+               <input type="submit" value="Update">\r
+             </p>\r
+            </form>';\r
+            \r
+echo resultBlock($errors,$successes);            \r
+echo '\r
+       </div>\r
+      </div>\r
+ ';\r
+\r
+finishPage();\r
+\r
+?>\r