Merge branch 'users'

Conflicts:
	server/parameters
Resolved to users branch

diff --git a/server/parameters b/server/parameters
index 26e2892..5fdc595 100644 (file)
--- a/server/parameters
+++ b/server/parameters
@@ -17,19 +17,16 @@ LOGDEBUG=4
 verbosity="$LOGDEBUG"
 
 # Set to 1/0 to enable/disable the pin module (gives direct control over GPIO/ADC/PWM)
+#TODO: This option isn't actually implemented yet...
 pin_test="0"
 
 # Set to the URI to use authentication
-#auth_uri="ldap://192.168.1.1"
-#auth_uri="ldaps://ldap.pheme.uwa.edu.au" #UWA
+#auth_uri="ldap://192.168.1.1#ou=People,dc=daedalus"
+#auth_uri="ldaps://ldap.pheme.uwa.edu.au#ou=Users,ou=UWA,dc=uwads,dc=uwa,dc=edu,dc=au" #UWA
 #auth_uri="/etc/shadow"
 #auth_uri="shadow"
-
-# Set to the dn of the LDAP server
-ldap_base_dn="ou=People,dc=daedalus" # Testing
-#ldap_base_dn="ou=Users,ou=UWA,dc=uwads,dc=uwa,dc=edu,dc=au" #UWA
+auth_uri="mysql://localhost#root,$(cat mysql_password)"
 
 
 ## OPTIONS TO BE PASSED TO SERVER; DO NOT EDIT
-parameters="-v $verbosity -p $pin_test"
-# -A $auth_uri -d $ldap_base_dn"
+parameters="-v $verbosity -p $pin_test -A $auth_uri"

diff --git a/testing/MCTXWeb/public_html/users/account.php b/testing/MCTXWeb/public_html/users/account.php
deleted file mode 100644 (file)
index 3f93126..0000000
--- a/testing/MCTXWeb/public_html/users/account.php
+++ /dev/null
@@ -1,32 +0,0 @@
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-require_once("models/header.php");\r
-\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Account</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>\r
-Hey, $loggedInUser->displayname. This is an example secure page designed to demonstrate some of the basic features of UserCake. Just so you know, your title at the moment is $loggedInUser->title, and that can be changed in the admin panel. You registered this account on " . date("M d, Y", $loggedInUser->signupTimeStamp()) . ".\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r

diff --git a/testing/MCTXWeb/public_html/users/activate-account.php b/testing/MCTXWeb/public_html/users/activate-account.php
deleted file mode 100644 (file)
index 33bbd15..0000000
--- a/testing/MCTXWeb/public_html/users/activate-account.php
+++ /dev/null
@@ -1,66 +0,0 @@
-<?php \r
-/*\r
-UserCake Version: 2.0.1\r
-http://usercake.com\r
-*/\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-\r
-//Get token param\r
-if(isset($_GET["token"]))\r
-{      \r
-       $token = $_GET["token"];        \r
-       if(!isset($token))\r
-       {\r
-               $errors[] = lang("FORGOTPASS_INVALID_TOKEN");\r
-       }\r
-       else if(!validateActivationToken($token)) //Check for a valid token. Must exist and active must be = 0\r
-       {\r
-               $errors[] = lang("ACCOUNT_TOKEN_NOT_FOUND");\r
-       }\r
-       else\r
-       {\r
-               //Activate the users account\r
-               if(!setUserActive($token))\r
-               {\r
-                       $errors[] = lang("SQL_ERROR");\r
-               }\r
-       }\r
-}\r
-else\r
-{\r
-       $errors[] = lang("FORGOTPASS_INVALID_TOKEN");\r
-}\r
-\r
-if(count($errors) == 0) {\r
-       $successes[] = lang("ACCOUNT_ACTIVATION_COMPLETE");\r
-}\r
-\r
-require_once("models/header.php");\r
-\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Activate Account</h2>\r
-\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
-\r
-echo "\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r

diff --git a/testing/MCTXWeb/public_html/users/admin_configuration.php b/testing/MCTXWeb/public_html/users/admin_configuration.php
index 01fa76a..05bd187 100644 (file)
--- a/testing/MCTXWeb/public_html/users/admin_configuration.php
+++ b/testing/MCTXWeb/public_html/users/admin_configuration.php
@@ -135,23 +135,12 @@ $languages = getLanguageFiles(); //Retrieve list of language files
 $templates = getTemplateFiles(); //Retrieve list of template files\r
 $permissionData = fetchAllPermissions(); //Retrieve list of all permission levels\r
 require_once("models/header.php");\r
+startPage();\r
 \r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Admin Configuration</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
+echo notificationBlock($errors,$successes);\r
 \r
 echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
+<div class='widget'><div class='title'>Site details</div>";\r
 \r
 echo "\r
 <div id='regbox'>\r
@@ -228,10 +217,8 @@ echo "
 <input type='submit' name='Submit' value='Submit' />\r
 </form>\r
 </div>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
+</div>";\r
+\r
+finishPage();\r
 \r
 ?>\r

diff --git a/testing/MCTXWeb/public_html/users/admin_page.php b/testing/MCTXWeb/public_html/users/admin_page.php
index 7d1815d..2728752 100644 (file)
--- a/testing/MCTXWeb/public_html/users/admin_page.php
+++ b/testing/MCTXWeb/public_html/users/admin_page.php
@@ -4,6 +4,8 @@ UserCake Version: 2.0.2
 http://usercake.com\r
 */\r
 \r
+//what a bunch of spaghetti code\r
+\r
 require_once("models/config.php");\r
 if (!securePage($_SERVER['PHP_SELF'])){die();}\r
 $pageId = $_GET['id'];\r
@@ -71,41 +73,49 @@ $pagePermissions = fetchPagePermissions($pageId);
 $permissionData = fetchAllPermissions();\r
 \r
 require_once("models/header.php");\r
+startPage();\r
 \r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Admin Page</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
+echo notificationBlock($errors, $successes);\r
 \r
-echo "\r
+echo '\r
+<div class="widget">\r
+<div class="right">\r
+  Page ID '.$pageDetails['id'].'\r
 </div>\r
-<div id='main'>";\r
 \r
-echo resultBlock($errors,$successes);\r
+<div class="title">Manage page "'.$pageDetails['page'].'"</div>\r
 \r
+<div class="sub-title">Access control list</div>';\r
 echo "\r
-<form name='adminPage' action='".$_SERVER['PHP_SELF']."?id=".$pageId."' method='post'>\r
+<form name='adminPage' class='nice clear' action='".$_SERVER['PHP_SELF']."?id=".$pageId."' method='post'>\r
 <input type='hidden' name='process' value='1'>\r
-<table class='admin'>\r
-<tr><td>\r
-<h3>Page Information</h3>\r
-<div id='regbox'>\r
-<p>\r
-<label>ID:</label>\r
-".$pageDetails['id']."\r
-</p>\r
-<p>\r
-<label>Name:</label>\r
-".$pageDetails['page']."\r
-</p>\r
-<p>\r
-<label>Private:</label>";\r
+\r
+<table class='admin left lines'>\r
+<tr>\r
+  <th class=''>Swap</th>\r
+  <th class=''>Has access</th>\r
+  <th class=''>Does not have access</th>\r
+</tr>\r
+";\r
+\r
+foreach ($permissionData as $v) {\r
+  echo "<tr>";\r
+  if(isset($pagePermissions[$v['id']])) {\r
+    echo "<td><input type='checkbox' name='removePermission[".$v['id']."]' id='removePermission[".$v['id']."]' value='".$v['id']."'></td>";\r
+    echo "<td>".$v['name']."</td><td></td>";\r
+  } else {\r
+    echo "<td><input type='checkbox' name='addPermission[".$v['id']."]' id='addPermission[".$v['id']."]' value='".$v['id']."</td>'>";\r
+    echo "<td></td><td>".$v['name']."</td>";\r
+  }\r
+  \r
+  echo "</tr>";\r
+}\r
+\r
+echo "\r
+</table>\r
+\r
+<p class='left'>\r
+<label for='private'>Private page:</label>";\r
 \r
 //Display private checkbox\r
 if ($pageDetails['private'] == 1){\r
@@ -117,44 +127,17 @@ else {
 \r
 echo "\r
 </p>\r
-</div></td><td>\r
-<h3>Page Access</h3>\r
-<div id='regbox'>\r
-<p>\r
-Remove Access:";\r
-\r
-//Display list of permission levels with access\r
-foreach ($permissionData as $v1) {\r
-       if(isset($pagePermissions[$v1['id']])){\r
-               echo "<br><input type='checkbox' name='removePermission[".$v1['id']."]' id='removePermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['name'];\r
-       }\r
-}\r
-\r
-echo"\r
-</p><p>Add Access:";\r
 \r
-//Display list of permission levels without access\r
-foreach ($permissionData as $v1) {\r
-       if(!isset($pagePermissions[$v1['id']])){\r
-               echo "<br><input type='checkbox' name='addPermission[".$v1['id']."]' id='addPermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['name'];\r
-       }\r
-}\r
-\r
-echo"\r
-</p>\r
-</div>\r
-</td>\r
-</tr>\r
-</table>\r
-<p>\r
+<p class='right'>\r
 <label>&nbsp;</label>\r
 <input type='submit' value='Update' class='submit' />\r
 </p>\r
 </form>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
+";\r
+\r
+echo "\r
+</div>";\r
+\r
+finishPage();\r
 \r
 ?>\r

diff --git a/testing/MCTXWeb/public_html/users/admin_pages.php b/testing/MCTXWeb/public_html/users/admin_pages.php
index 6918367..6ea584b 100644 (file)
--- a/testing/MCTXWeb/public_html/users/admin_pages.php
+++ b/testing/MCTXWeb/public_html/users/admin_pages.php
@@ -5,7 +5,7 @@ http://usercake.com
 */\r
 \r
 require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+if (!securePage($_SERVER['PHP_SELF'])){header("Location: login.php"); die();}\r
 \r
 $pages = getPageFiles(); //Retrieve list of pages in root usercake folder\r
 $dbpages = fetchAllPages(); //Retrieve list of pages in pages table\r
@@ -42,23 +42,13 @@ if (count($deletions) > 0) {
 $dbpages = fetchAllPages();\r
 \r
 require_once("models/header.php");\r
+startPage();\r
 \r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Admin Pages</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>\r
-<table class='admin'>\r
-<tr><th>Id</th><th>Page</th><th>Access</th></tr>";\r
+echo '\r
+<div class="widget">\r
+<div class="title">Page visibilities</div>\r
+<table class="admin left lines">\r
+<tr><th>Id</th><th>Page</th><th>Visibility</th></tr>';\r
 \r
 //Display list of pages\r
 foreach ($dbpages as $page){\r
@@ -87,10 +77,8 @@ foreach ($dbpages as $page){
 \r
 echo "\r
 </table>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
+</div>";\r
+\r
+finishPage();\r
 \r
 ?>\r

diff --git a/testing/MCTXWeb/public_html/users/admin_permission.php b/testing/MCTXWeb/public_html/users/admin_permission.php
deleted file mode 100644 (file)
index 38ef238..0000000
--- a/testing/MCTXWeb/public_html/users/admin_permission.php
+++ /dev/null
@@ -1,220 +0,0 @@
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-$permissionId = $_GET['id'];\r
-\r
-//Check if selected permission level exists\r
-if(!permissionIdExists($permissionId)){\r
-       header("Location: admin_permissions.php"); die();       \r
-}\r
-\r
-$permissionDetails = fetchPermissionDetails($permissionId); //Fetch information specific to permission level\r
-\r
-//Forms posted\r
-if(!empty($_POST)){\r
-       \r
-       //Delete selected permission level\r
-       if(!empty($_POST['delete'])){\r
-               $deletions = $_POST['delete'];\r
-               if ($deletion_count = deletePermission($deletions)){\r
-               $successes[] = lang("PERMISSION_DELETIONS_SUCCESSFUL", array($deletion_count));\r
-               }\r
-               else {\r
-                       $errors[] = lang("SQL_ERROR");  \r
-               }\r
-       }\r
-       else\r
-       {\r
-               //Update permission level name\r
-               if($permissionDetails['name'] != $_POST['name']) {\r
-                       $permission = trim($_POST['name']);\r
-                       \r
-                       //Validate new name\r
-                       if (permissionNameExists($permission)){\r
-                               $errors[] = lang("ACCOUNT_PERMISSIONNAME_IN_USE", array($permission));\r
-                       }\r
-                       elseif (minMaxRange(1, 50, $permission)){\r
-                               $errors[] = lang("ACCOUNT_PERMISSION_CHAR_LIMIT", array(1, 50));        \r
-                       }\r
-                       else {\r
-                               if (updatePermissionName($permissionId, $permission)){\r
-                                       $successes[] = lang("PERMISSION_NAME_UPDATE", array($permission));\r
-                               }\r
-                               else {\r
-                                       $errors[] = lang("SQL_ERROR");\r
-                               }\r
-                       }\r
-               }\r
-               \r
-               //Remove access to pages\r
-               if(!empty($_POST['removePermission'])){\r
-                       $remove = $_POST['removePermission'];\r
-                       if ($deletion_count = removePermission($permissionId, $remove)) {\r
-                               $successes[] = lang("PERMISSION_REMOVE_USERS", array($deletion_count));\r
-                       }\r
-                       else {\r
-                               $errors[] = lang("SQL_ERROR");\r
-                       }\r
-               }\r
-               \r
-               //Add access to pages\r
-               if(!empty($_POST['addPermission'])){\r
-                       $add = $_POST['addPermission'];\r
-                       if ($addition_count = addPermission($permissionId, $add)) {\r
-                               $successes[] = lang("PERMISSION_ADD_USERS", array($addition_count));\r
-                       }\r
-                       else {\r
-                               $errors[] = lang("SQL_ERROR");\r
-                       }\r
-               }\r
-               \r
-               //Remove access to pages\r
-               if(!empty($_POST['removePage'])){\r
-                       $remove = $_POST['removePage'];\r
-                       if ($deletion_count = removePage($remove, $permissionId)) {\r
-                               $successes[] = lang("PERMISSION_REMOVE_PAGES", array($deletion_count));\r
-                       }\r
-                       else {\r
-                               $errors[] = lang("SQL_ERROR");\r
-                       }\r
-               }\r
-               \r
-               //Add access to pages\r
-               if(!empty($_POST['addPage'])){\r
-                       $add = $_POST['addPage'];\r
-                       if ($addition_count = addPage($add, $permissionId)) {\r
-                               $successes[] = lang("PERMISSION_ADD_PAGES", array($addition_count));\r
-                       }\r
-                       else {\r
-                               $errors[] = lang("SQL_ERROR");\r
-                       }\r
-               }\r
-                       $permissionDetails = fetchPermissionDetails($permissionId);\r
-       }\r
-}\r
-\r
-$pagePermissions = fetchPermissionPages($permissionId); //Retrieve list of accessible pages\r
-$permissionUsers = fetchPermissionUsers($permissionId); //Retrieve list of users with membership\r
-$userData = fetchAllUsers(); //Fetch all users\r
-$pageData = fetchAllPages(); //Fetch all pages\r
-\r
-require_once("models/header.php");\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Admin Permissions</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
-\r
-echo "\r
-<form name='adminPermission' action='".$_SERVER['PHP_SELF']."?id=".$permissionId."' method='post'>\r
-<table class='admin'>\r
-<tr><td>\r
-<h3>Permission Information</h3>\r
-<div id='regbox'>\r
-<p>\r
-<label>ID:</label>\r
-".$permissionDetails['id']."\r
-</p>\r
-<p>\r
-<label>Name:</label>\r
-<input type='text' name='name' value='".$permissionDetails['name']."' />\r
-</p>\r
-<label>Delete:</label>\r
-<input type='checkbox' name='delete[".$permissionDetails['id']."]' id='delete[".$permissionDetails['id']."]' value='".$permissionDetails['id']."'>\r
-</p>\r
-</div></td><td>\r
-<h3>Permission Membership</h3>\r
-<div id='regbox'>\r
-<p>\r
-Remove Members:";\r
-\r
-//List users with permission level\r
-foreach ($userData as $v1) {\r
-       if(isset($permissionUsers[$v1['id']])){\r
-               echo "<br><input type='checkbox' name='removePermission[".$v1['id']."]' id='removePermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['display_name'];\r
-       }\r
-}\r
-\r
-echo"\r
-</p><p>Add Members:";\r
-\r
-//List users without permission level\r
-foreach ($userData as $v1) {\r
-       if(!isset($permissionUsers[$v1['id']])){\r
-               echo "<br><input type='checkbox' name='addPermission[".$v1['id']."]' id='addPermission[".$v1['id']."]' value='".$v1['id']."'> ".$v1['display_name'];\r
-       }\r
-}\r
-\r
-echo"\r
-</p>\r
-</div>\r
-</td>\r
-<td>\r
-<h3>Permission Access</h3>\r
-<div id='regbox'>\r
-<p>\r
-Public Access:";\r
-\r
-//List public pages\r
-foreach ($pageData as $v1) {\r
-       if($v1['private'] != 1){\r
-               echo "<br>".$v1['page'];\r
-       }\r
-}\r
-\r
-echo"\r
-</p>\r
-<p>\r
-Remove Access:";\r
-\r
-//List pages accessible to permission level\r
-foreach ($pageData as $v1) {\r
-       if(isset($pagePermissions[$v1['id']]) AND $v1['private'] == 1){\r
-               echo "<br><input type='checkbox' name='removePage[".$v1['id']."]' id='removePage[".$v1['id']."]' value='".$v1['id']."'> ".$v1['page'];\r
-       }\r
-}\r
-\r
-echo"\r
-</p><p>Add Access:";\r
-\r
-//List pages inaccessible to permission level\r
-foreach ($pageData as $v1) {\r
-       if(!isset($pagePermissions[$v1['id']]) AND $v1['private'] == 1){\r
-               echo "<br><input type='checkbox' name='addPage[".$v1['id']."]' id='addPage[".$v1['id']."]' value='".$v1['id']."'> ".$v1['page'];\r
-       }\r
-}\r
-\r
-echo"\r
-</p>\r
-</div>\r
-</td>\r
-</tr>\r
-</table>\r
-<p>\r
-<label>&nbsp;</label>\r
-<input type='submit' value='Update' class='submit' />\r
-</p>\r
-</form>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r

diff --git a/testing/MCTXWeb/public_html/users/admin_permissions.php b/testing/MCTXWeb/public_html/users/admin_permissions.php
deleted file mode 100644 (file)
index 9a58249..0000000
--- a/testing/MCTXWeb/public_html/users/admin_permissions.php
+++ /dev/null
@@ -1,94 +0,0 @@
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-\r
-//Forms posted\r
-if(!empty($_POST))\r
-{\r
-       //Delete permission levels\r
-       if(!empty($_POST['delete'])){\r
-               $deletions = $_POST['delete'];\r
-               if ($deletion_count = deletePermission($deletions)){\r
-               $successes[] = lang("PERMISSION_DELETIONS_SUCCESSFUL", array($deletion_count));\r
-               }\r
-       }\r
-       \r
-       //Create new permission level\r
-       if(!empty($_POST['newPermission'])) {\r
-               $permission = trim($_POST['newPermission']);\r
-               \r
-               //Validate request\r
-               if (permissionNameExists($permission)){\r
-                       $errors[] = lang("PERMISSION_NAME_IN_USE", array($permission));\r
-               }\r
-               elseif (minMaxRange(1, 50, $permission)){\r
-                       $errors[] = lang("PERMISSION_CHAR_LIMIT", array(1, 50));        \r
-               }\r
-               else{\r
-                       if (createPermission($permission)) {\r
-                       $successes[] = lang("PERMISSION_CREATION_SUCCESSFUL", array($permission));\r
-               }\r
-                       else {\r
-                               $errors[] = lang("SQL_ERROR");\r
-                       }\r
-               }\r
-       }\r
-}\r
-\r
-$permissionData = fetchAllPermissions(); //Retrieve list of all permission levels\r
-\r
-require_once("models/header.php");\r
-\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Admin Permissions</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
-\r
-echo "\r
-<form name='adminPermissions' action='".$_SERVER['PHP_SELF']."' method='post'>\r
-<table class='admin'>\r
-<tr>\r
-<th>Delete</th><th>Permission Name</th>\r
-</tr>";\r
-\r
-//List each permission level\r
-foreach ($permissionData as $v1) {\r
-       echo "\r
-       <tr>\r
-       <td><input type='checkbox' name='delete[".$v1['id']."]' id='delete[".$v1['id']."]' value='".$v1['id']."'></td>\r
-       <td><a href='admin_permission.php?id=".$v1['id']."'>".$v1['name']."</a></td>\r
-       </tr>";\r
-}\r
-\r
-echo "\r
-</table>\r
-<p>\r
-<label>Permission Name:</label>\r
-<input type='text' name='newPermission' />\r
-</p>                                \r
-<input type='submit' name='Submit' value='Submit' />\r
-</form>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r

diff --git a/testing/MCTXWeb/public_html/users/admin_upload_users.php b/testing/MCTXWeb/public_html/users/admin_upload_users.php
index 53c71ce..60b4c27 100644 (file)
--- a/testing/MCTXWeb/public_html/users/admin_upload_users.php
+++ b/testing/MCTXWeb/public_html/users/admin_upload_users.php
@@ -7,9 +7,7 @@
 require_once("models/config.php");
 if (!securePage($_SERVER['PHP_SELF'])){die();}
 
-require_once("models/header.php");
-
-$text_area="# Rows starting with '#' are ignored. Rows are of the form:\n# username, Full Name, email";
+$text_area="# Rows starting with '#' are ignored. Rows are of the form:\n# Username, Full Name, Email[, Title]";
 
 
 $show_form = true;
@@ -30,70 +28,116 @@ if (!empty($_POST))
   }
   else if ($_POST['action'] === "Upload") // Upload users in the text area
   {
-
+\r
+    if ($_POST['upload_mode'] === "purge")\r
+    {\r
+      $to_delete = fetchAllUsersWithoutPerm("Administrator");\r
+      if (count($to_delete) > 0)\r
+      {\r
+        if ($deletion_count = deleteUsers($to_delete)) {\r
+          $successes[] = lang("ACCOUNT_DELETIONS_SUCCESSFUL", array($deletion_count));\r
+        }\r
+        else {\r
+          $errors[] = lang("SQL_ERROR");\r
+        }\r
+      }\r
+    }\r
+  
     $text_area = $_POST['userUpload'];
 
-
     // Iterate through each row
     $all_rows=preg_split("/((\r?\n)|(\r\n?))/", $_POST['userUpload']);
-   
-    
-    
     
     foreach ($all_rows as $row)
     {
       if (empty($row) or $row[0] === '#')
         continue;
 
-      $errors = array();
-
-      $fields = preg_split("/,/",  $row);
-     
-      $user_name = trim($fields[0]);
-      $display_name = trim($fields[1]);
-      $email = trim($fields[2]);
+      $fields = preg_split("/,/",  $row);\r
+      if(count($fields) < 3)\r
+      {\r
+        $errors[] = "Warning: Ignoring row not in correct format: ".htmlspecialchars($row);\r
+        continue;\r
+      }\r
+      
+      $username = trim($fields[0]);
+      $displayname = trim($fields[1]);
+      $email = trim($fields[2]);\r
+      $title = trim($fields[3]);\r
+      \r
+      if(!isValidEmail($email))\r
+      {\r
+        $errors[] = "Enter a valid email for row: ".htmlspecialchars($row);\r
+        continue;\r
+      }\r
+      
       // generate the temporary password
       $password = generatePassword();
 
-
-      if(count($errors) == 0)
-      {        
-        //Construct a user object
-               $user = new User($username,$displayname,$password,$email);
-               
-               //Checking this flag tells us whether there were any errors such as possible data duplication occured
-               if(!$user->status)
-               {
-                       if($user->username_taken) $errors[] = lang("ACCOUNT_USERNAME_IN_USE",array($username));
-                       if($user->displayname_taken) $errors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE",array($displayname));
-                       if($user->email_taken)    $errors[] = lang("ACCOUNT_EMAIL_IN_USE",array($email));               
-               }
-               else
-               {
-                       //Attempt to add the user to the database, carry out finishing  tasks like emailing the user (if required)
-                       if(!$user->userCakeAddUser())
-                       {
-                               if($user->mail_failure) $errors[] = lang("MAIL_ERROR");
-                               if($user->sql_failure)  $errors[] = lang("SQL_ERROR");
-                       }
-               }
+      //Construct a user object
+      $user = new User($username,$displayname,$password,$email);
+  
+      //Checking this flag tells us whether there were any errors such as possible data duplication occured
+      if(!$user->status)
+      {
+        if($user->username_taken) $localerrors[] = lang("ACCOUNT_USERNAME_IN_USE",array($username));
+        if($user->displayname_taken) $localerrors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE",array($displayname));
+        if($user->email_taken)           $localerrors[] = lang("ACCOUNT_EMAIL_IN_USE",array($email));            
       }
-      if(count($errors) == 0)
+      else
       {
-               $successes[] = $user->success;
+        //Attempt to add the user to the database, carry out finishing  tasks like emailing the user (if required)
+        $user->userCakeAddUser(); //This doesn't return anything itself
+        
+        if($user->mail_failure) $localerrors[] = lang("MAIL_ERROR");
+        if($user->sql_failure)  $localerrors[] = lang("SQL_ERROR");
+        \r
+        if(strlen($title) >= 50)\r
+        {\r
+          $localerrors[] = "Warning: User".$username." added but failed to set title: ".lang("ACCOUNT_TITLE_CHAR_LIMIT",array(1,50));\r
+        }\r
+        else if (count($localerrors) == 0 && strlen($title) > 0)\r
+        {\r
+          $user_id = fetchUserId($username); //So stupid, when you create a user, it doesn't return the user id\r
+          if (!updateTitle($user_id, $title))\r
+          {\r
+            $localerrors[] = "Warning: User ".$username." added but failed to set title: ". lang("SQL_ERROR");\r
+          }\r
+        }
       }
 
-      echo resultBlock($errors,$successes);
-    }
+      if(count($localerrors) == 0)
+      {\r
+        $users[] = [$username, $password]; //Push user onto array
+               //$successes[] = ($user->success);
+      }\r
+      else\r
+      {\r
+        $errors = array_merge($errors, $localerrors);\r
+      }
 
-    
-    
-    
-  
+    }
+ \r
+    if(count($users) > 0)\r
+    {\r
+      $successes[] = (count($users)." users created.");\r
+      $successes[] = ("The list of usernames and passwords follow. You must save this!");\r
+      foreach($users as $user)\r
+      {\r
+        $successes[] = $user[0].",".$user[1];\r
+      }\r
+    }
   }
 
 
-}
+}\r
+\r
+require_once("models/header.php");\r
+startPage();\r
+\r
+echo notificationBlock($errors,$successes);\r
+\r
+echo '<div class="widget"><div class="title">Upload users</div>';
 
 if ($show_form)
 {
@@ -117,10 +161,13 @@ if ($show_form)
   <input type=\"submit\" name=\"action\" value=\"Reset\"/>
   <p> Enter or copy/paste user information below (resize the text area if necessary): </p>
   <p>
-  <textarea name=\"userUpload\" rows=\"50\" cols=\"100\">".$text_area."</textarea> </p>
+  <textarea name=\"userUpload\" rows=\"50\" cols=\"100\" style=\"width: 100%\">".$text_area."</textarea> </p>
 
   </form>";
-}
+}\r
+\r
+echo '</div>';\r
+finishPage();
   
 ?> 
 

diff --git a/testing/MCTXWeb/public_html/users/admin_user.php b/testing/MCTXWeb/public_html/users/admin_user.php
index 2d0e656..169a22f 100644 (file)
--- a/testing/MCTXWeb/public_html/users/admin_user.php
+++ b/testing/MCTXWeb/public_html/users/admin_user.php
@@ -141,28 +141,16 @@ $userPermission = fetchUserPermissions($userId);
 $permissionData = fetchAllPermissions();\r
 \r
 require_once("models/header.php");\r
+startPage();\r
 \r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Admin User</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
+echo notificationBlock($errors,$successes);\r
 \r
 echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
+<div class='widget'><div class='title centre'>User administration</div>";\r
 \r
 echo "\r
 <form name='adminUser' action='".$_SERVER['PHP_SELF']."?id=".$userId."' method='post'>\r
 <table class='admin'><tr><td>\r
-<h3>User Information</h3>\r
 <div id='regbox'>\r
 <p>\r
 <label>ID:</label>\r
@@ -181,7 +169,7 @@ echo "
 <input type='text' name='email' value='".$userdetails['email']."' />\r
 </p>\r
 <p>\r
-<label>Active:</label>";\r
+<label>Active: </label>";\r
 \r
 //Display activation link, if account inactive\r
 if ($userdetails['active'] == '1'){\r
@@ -207,7 +195,7 @@ echo "
 ".date("j M, Y", $userdetails['sign_up_stamp'])."\r
 </p>\r
 <p>\r
-<label>Last Sign In:</label>";\r
+<label>Last Sign In: </label>";\r
 \r
 //Last sign in, interpretation\r
 if ($userdetails['last_sign_in_stamp'] == '0'){\r
@@ -257,9 +245,8 @@ echo"
 </table>\r
 </form>\r
 </div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
+";\r
+\r
+finishPage();\r
 \r
 ?>\r

diff --git a/testing/MCTXWeb/public_html/users/admin_users.php b/testing/MCTXWeb/public_html/users/admin_users.php
index e0ec8e0..c46ab8c 100644 (file)
--- a/testing/MCTXWeb/public_html/users/admin_users.php
+++ b/testing/MCTXWeb/public_html/users/admin_users.php
@@ -22,26 +22,15 @@ if(!empty($_POST))
 $userData = fetchAllUsers(); //Fetch information for all users\r
 \r
 require_once("models/header.php");\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Admin Users</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
+startPage();\r
 \r
+echo notificationBlock($errors,$successes);\r
 echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
+<div class='widget'><div class='title'>User list</div>";\r
 \r
 echo "\r
 <form name='adminUsers' action='".$_SERVER['PHP_SELF']."' method='post'>\r
-<table class='admin'>\r
+<table class='admin left'>\r
 <tr>\r
 <th>Delete</th><th>Username</th><th>Display Name</th><th>Title</th><th>Last Sign In</th>\r
 </tr>";\r
@@ -73,10 +62,8 @@ echo "
 </table>\r
 <input type='submit' name='Submit' value='Delete' />\r
 </form>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
+</div>";\r
+\r
+finishPage();\r
 \r
 ?>\r

diff --git a/testing/MCTXWeb/public_html/users/forgot-password.php b/testing/MCTXWeb/public_html/users/forgot-password.php
index fa68835..77fec13 100644 (file)
--- a/testing/MCTXWeb/public_html/users/forgot-password.php
+++ b/testing/MCTXWeb/public_html/users/forgot-password.php
@@ -6,6 +6,7 @@ http://usercake.com
 \r
 require_once("models/config.php");\r
 if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+if (isUserLoggedIn()){header("Location: index.php"); die();}\r
 \r
 //User has confirmed they want their password changed \r
 if(!empty($_GET["confirm"]))\r
@@ -174,22 +175,13 @@ if(!empty($_POST))
 }\r
 \r
 require_once("models/header.php");\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Forgot Password</h2>\r
-<div id='left-nav'>";\r
+startPage();\r
 \r
-include("left-nav.php");\r
+//echo notificationBlock($errors,$successes);\r
 \r
 echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
+<div id='login-container'>\r
+<div class='widget'><div class='title centre'>Forgot password</div>";\r
 \r
 echo "\r
 <div id='regbox'>\r
@@ -205,13 +197,15 @@ echo "
 <p>\r
 <label>&nbsp;</label>\r
 <input type='submit' value='Submit' class='submit' />\r
-</p>\r
+</p>";\r
+echo resultBlock($errors,$successes);\r
+\r
+echo "\r
 </form>\r
 </div>\r
 </div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
+</div>";\r
+\r
+finishPage();\r
 \r
 ?>\r

diff --git a/testing/MCTXWeb/public_html/users/index.php b/testing/MCTXWeb/public_html/users/index.php
index 63d11fb..9cec83c 100644 (file)
--- a/testing/MCTXWeb/public_html/users/index.php
+++ b/testing/MCTXWeb/public_html/users/index.php
@@ -5,43 +5,23 @@ http://usercake.com
 */\r
 \r
 require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-require_once("models/header.php");\r
+if (!isUserLoggedIn()) { header("Location: login.php"); die();}\r
 \r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>2.00</h2>\r
-<div id='left-nav'>";\r
-include("left-nav.php");\r
+require_once("models/header.php");\r
+startPage();\r
+echo '\r
+  <div class="widget">\r
+    <div class="title centre">Welcome!</div>\r
+    <p>\r
+      This is the administration site for this site. Here, you can manage\r
+      the list of users who has access to this site.\r
+    </p>\r
+    <p>\r
+      <!-- blah blah blah -->\r
+    </p>\r
+  </div>\r
+';\r
 \r
-echo "\r
-</div>\r
-<div id='main'>\r
-<p>Thank you for downloading UserCake. 100% Free and Opensource.</p>\r
-<p>Copyright (c) 2009-2012</p>\r
-<p>Permission is hereby granted, free of charge, to any person obtaining a copy\r
-of this software and associated documentation files (the 'Software'), to deal\r
-in the Software without restriction, including without limitation the rights\r
-to use, copy, modify, merge, publish, distribute, sublicense, and/or sell\r
-copies of the Software, and to permit persons to whom the Software is\r
-furnished to do so, subject to the following conditions:</p>\r
-<p>The above copyright notice and this permission notice shall be included in\r
-all copies or substantial portions of the Software.</p>\r
-<p>THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR\r
-IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,\r
-FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE\r
-AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER\r
-LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,\r
-OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN\r
-THE SOFTWARE.</p>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
+finishPage();\r
 \r
 ?>\r

diff --git a/testing/MCTXWeb/public_html/users/left-nav.php b/testing/MCTXWeb/public_html/users/left-nav.php
index b6f053e..addc4c4 100644 (file)
--- a/testing/MCTXWeb/public_html/users/left-nav.php
+++ b/testing/MCTXWeb/public_html/users/left-nav.php
@@ -4,41 +4,36 @@ UserCake Version: 2.0.2
 http://usercake.com\r
 */\r
 \r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+if (isUserLoggedIn()) {\r
 \r
-//Links for logged in user\r
-if(isUserLoggedIn()) {\r
-       echo "\r
-       <ul>\r
-       <li><a href='account.php'>Account Home</a></li>\r
-       <li><a href='user_settings.php'>User Settings</a></li>\r
-       <li><a href='logout.php'>Logout</a></li>\r
-       </ul>";\r
-       \r
-       //Links for permission level 2 (default admin)\r
-       if ($loggedInUser->checkPermission(array(2))){\r
-       echo "\r
-       <ul>\r
-       <li><a href='admin_configuration.php'>Admin Configuration</a></li>\r
-       <li><a href='admin_users.php'>Admin Users</a></li>\r
-       <li><a href='admin_permissions.php'>Admin Permissions</a></li>\r
-       <li><a href='admin_pages.php'>Admin Pages</a></li>\r
-       </ul>";\r
-       }\r
-} \r
-//Links for users not logged in\r
-else {\r
-       echo "\r
-       <ul>\r
-       <li><a href='index.php'>Home</a></li>\r
-       <li><a href='login.php'>Login</a></li>\r
-       <li><a href='register.php'>Register</a></li>\r
-       <li><a href='forgot-password.php'>Forgot Password</a></li>";\r
-       if ($emailActivation)\r
-       {\r
-       echo "<li><a href='resend-activation.php'>Resend Activation Email</a></li>";\r
-       }\r
-       echo "</ul>";\r
+echo '\r
+        <div id="sidebar">\r
+ ';\r
+\r
+ //Is admin\r
+if ($loggedInUser->checkPermission(array(2))){\r
+    echo '\r
+          <div class="widget">\r
+            <div class="title">Site Administration</div>\r
+            <div id="sidebar-menu" class="nav-menu">\r
+              <ul>\r
+                <li><a href="index.php"><span>Home</span></a></li>\r
+                <li><a href="admin_users.php"><span>Manage user list</span></a></li>\r
+                <li><a href="admin_upload_users.php"><span>Upload new users</span></a></li>\r
+                <li><a href="admin_pages.php"><span>Manage visible pages</span></a></li>\r
+                <li><a href="admin_configuration.php"><span>Manage site details</span></a></li>\r
+                <li><a href="user_change_details.php"><span>Change your password</span></a></li>\r
+              </ul>\r
+            </div>\r
+          </div>\r
+    ';\r
 }\r
 \r
+\r
+echo $custom_sidebar.'\r
+       </div>\r
+        <!-- End sidebar -->\r
+';\r
+\r
+}\r
 ?>\r

diff --git a/testing/MCTXWeb/public_html/users/login.php b/testing/MCTXWeb/public_html/users/login.php
index 2c45d1f..7d2ba20 100644 (file)
--- a/testing/MCTXWeb/public_html/users/login.php
+++ b/testing/MCTXWeb/public_html/users/login.php
@@ -8,7 +8,7 @@ require_once("models/config.php");
 if (!securePage($_SERVER['PHP_SELF'])){die();}\r
 \r
 //Prevent the user visiting the logged in page if he/she is already logged in\r
-if(isUserLoggedIn()) { header("Location: account.php"); die(); }\r
+if(isUserLoggedIn()) { header("Location: index.php"); die(); }\r
 \r
 //Forms posted\r
 if(!empty($_POST))\r
@@ -48,7 +48,7 @@ if(!empty($_POST))
                                //Hash the password and use the salt from the database to compare the password.\r
                                $entered_pass = generateHash($password,$userdetails["password"]);\r
 \r
-                               echo "".$userdetails["password"];\r
+                               //echo "".$userdetails["password"]; //Wut is dis\r
                                \r
                                if($entered_pass != $userdetails["password"])\r
                                {\r
@@ -69,13 +69,22 @@ if(!empty($_POST))
                                        $loggedInUser->displayname = $userdetails["display_name"];\r
                                        $loggedInUser->username = $userdetails["user_name"];\r
                                        \r
-                                       //Update last sign in\r
-                                       $loggedInUser->updateLastSignIn();\r
-                                       $_SESSION["userCakeUser"] = $loggedInUser;\r
-                                       \r
-                                       //Redirect to user account page\r
-                                       header("Location: account.php");\r
-                                       die();\r
+          //Only allow login to admins\r
+          if ($loggedInUser->checkPermission(array(2)))\r
+          {\r
+            //Update last sign in\r
+            $loggedInUser->updateLastSignIn();\r
+            \r
+            $_SESSION["userCakeUser"] = $loggedInUser;\r
+            \r
+            //Redirect to user account page\r
+            header("Location: index.php");\r
+            die();\r
+          }\r
+          else\r
+          {\r
+            $errors[] = ("You are no admin :(");\r
+          }\r
                                }\r
                        }\r
                }\r
@@ -83,45 +92,44 @@ if(!empty($_POST))
 }\r
 \r
 require_once("models/header.php");\r
+startPage();\r
 \r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Login</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>";\r
-\r
+echo '\r
+      <div id="login-container">\r
+      <div class="widget">\r
+        <div class="title">Notice</div>\r
+        This is the login page for site administration.<br>If you wish to log in\r
+        to the main web-site, see <a href="..">here instead</a>.\r
+      </div>\r
+       <div class="widget">\r
+           <form id="login" name="login" action="'.$_SERVER["PHP_SELF"].'" method="post">\r
+             <p>\r
+               <label>\r
+                 Username<br>\r
+                 <input name="username" type="text">\r
+               </label>\r
+             </p>\r
+             <p>\r
+               <label>\r
+                 Password<br>\r
+                 <input name="password" type="password">\r
+               </label>             \r
+             </p>\r
+             <p style="float:left; margin:0;">\r
+               <a href="forgot-password.php">Forgotten password?</a><br>\r
+               <a href="register.php">Register</a>\r
+             </p>\r
+             <p style="float:right; margin:0;">\r
+               <input type="submit" value="Log In">\r
+             </p>\r
+';\r
 echo resultBlock($errors,$successes);\r
+echo '\r
+            </form>\r
+       </div>\r
+      </div>\r
+ ';\r
 \r
-echo "\r
-<div id='regbox'>\r
-<form name='login' action='".$_SERVER['PHP_SELF']."' method='post'>\r
-<p>\r
-<label>Username:</label>\r
-<input type='text' name='username' />\r
-</p>\r
-<p>\r
-<label>Password:</label>\r
-<input type='password' name='password' />\r
-</p>\r
-<p>\r
-<label>&nbsp;</label>\r
-<input type='submit' value='Login' class='submit' />\r
-</p>\r
-</form>\r
-</div>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
+finishPage();\r
 \r
 ?>\r

diff --git a/testing/MCTXWeb/public_html/users/logout.php b/testing/MCTXWeb/public_html/users/logout.php
index 728a294..e722ba7 100644 (file)
--- a/testing/MCTXWeb/public_html/users/logout.php
+++ b/testing/MCTXWeb/public_html/users/logout.php
@@ -13,6 +13,7 @@ if(isUserLoggedIn())
        $loggedInUser->userLogOut();\r
 }\r
 \r
+/*\r
 if(!empty($websiteUrl)) \r
 {\r
        $add_http = "";\r
@@ -26,10 +27,10 @@ if(!empty($websiteUrl))
        die();\r
 }\r
 else\r
-{\r
-       header("Location: http://".$_SERVER['HTTP_HOST']);\r
+{*/\r
+       header("Location: login.php");//http://".$_SERVER['HTTP_HOST']);\r
        die();\r
-}      \r
+/*}*/  \r
 \r
 ?>\r
 \r

diff --git a/testing/MCTXWeb/public_html/users/models/funcs.php b/testing/MCTXWeb/public_html/users/models/funcs.php
index b1afc72..a3a9928 100644 (file)
--- a/testing/MCTXWeb/public_html/users/models/funcs.php
+++ b/testing/MCTXWeb/public_html/users/models/funcs.php
@@ -154,31 +154,59 @@ function resultBlock($errors,$successes){
        //Error block\r
        if(count($errors) > 0)\r
        {\r
-               echo "<div id='error'>\r
-               <a href='#' onclick=\"showHide('error');\">[X]</a>\r
-               <ul>";\r
+               echo "<div id='result' class='fail'>";\r
+    \r
                foreach($errors as $error)\r
                {\r
-                       echo "<li>".$error."</li>";\r
+                       echo "<p>".$error."</p>";\r
                }\r
-               echo "</ul>";\r
                echo "</div>";\r
        }\r
        //Success block\r
        if(count($successes) > 0)\r
        {\r
-               echo "<div id='success'>\r
-               <a href='#' onclick=\"showHide('success');\">[X]</a>\r
-               <ul>";\r
+               echo "<div id='success'>";\r
                foreach($successes as $success)\r
                {\r
-                       echo "<li>".$success."</li>";\r
+      echo "<p>".$success."</li>";\r
                }\r
-               echo "</ul>";\r
                echo "</div>";\r
        }\r
 }\r
 \r
+function notificationBlock($errors, $successes) {\r
+  if (count($errors) > 0 || count($successes) > 0)\r
+  {\r
+    echo '\r
+          <div class="widget dismiss-container">\r
+            <div class="dismiss right">\r
+              <a href="#">Dismiss</a>\r
+            </div>\r
+            \r
+            <div class="title large">Notifications</div>\r
+    ';\r
+    \r
+    foreach ($errors as $error)\r
+    {\r
+      echo '<p class="fail">'.$error.'</p>';\r
+    }\r
+    \r
+    foreach ($successes as $success)\r
+    {\r
+      echo '<p>'.$success.'</p>';\r
+    }\r
+    \r
+    echo '\r
+          </div>\r
+          <script type="text/javascript">\r
+            $(".dismiss").click(function() {\r
+              $(".dismiss-container").css("display", "none");\r
+            })\r
+          </script>\r
+    ';\r
+  }\r
+}\r
+\r
 //Completely sanitizes text\r
 function sanitize($str)\r
 {\r
@@ -285,6 +313,70 @@ function emailUsernameLinked($email,$username)
        }\r
 }\r
 \r
+function permissionNameToId($permission)\r
+{\r
+       global $mysqli,$db_table_prefix;\r
+       $stmt = $mysqli->prepare("SELECT id\r
+               FROM ".$db_table_prefix."permissions\r
+               WHERE\r
+               name = ?\r
+               LIMIT 1");\r
+       $stmt->bind_param("s", $permission);    \r
+       $stmt->execute();\r
+       $stmt->bind_result($id);\r
+  \r
+  while ($stmt->fetch()){\r
+               $perm_id = $id;\r
+  }\r
+       $stmt->close();\r
+       \r
+  return $perm_id;\r
+}\r
+\r
+function fetchAllUsersWithPerm($perm_name)\r
+{\r
+       global $mysqli,$db_table_prefix; \r
+  \r
+  $perm_id = permissionNameToId($perm_name);\r
+       $stmt = $mysqli->prepare("SELECT \r
+               p1.id\r
+               FROM ".$db_table_prefix."users p1\r
+    WHERE EXISTS (SELECT * FROM ".$db_table_prefix."user_permission_matches\r
+                 WHERE user_id=p1.id AND permission_id=?)"\r
+  );\r
+  $stmt->bind_param("i", $perm_id); \r
+       $stmt->execute();\r
+       $stmt->bind_result($id);\r
+       \r
+       while ($stmt->fetch()){\r
+               $row[] = $id;\r
+       }\r
+       $stmt->close();\r
+       return ($row);\r
+}\r
+\r
+function fetchAllUsersWithoutPerm($perm_name)\r
+{\r
+       global $mysqli,$db_table_prefix; \r
+  \r
+  $perm_id = permissionNameToId($perm_name);\r
+       $stmt = $mysqli->prepare("SELECT \r
+               p1.id\r
+               FROM ".$db_table_prefix."users p1\r
+    WHERE NOT EXISTS (SELECT * FROM ".$db_table_prefix."user_permission_matches\r
+                 WHERE user_id=p1.id AND permission_id=?)"\r
+  );\r
+  $stmt->bind_param("i", $perm_id); \r
+       $stmt->execute();\r
+       $stmt->bind_result($id);\r
+       \r
+       while ($stmt->fetch()){\r
+               $row[] = $id;\r
+       }\r
+       $stmt->close();\r
+       return ($row);\r
+}\r
+\r
 //Retrieve information for all users\r
 function fetchAllUsers()\r
 {\r
@@ -313,6 +405,27 @@ function fetchAllUsers()
        return ($row);\r
 }\r
 \r
+//Yeah usercake... Fetches the user id from username\r
+function fetchUserId($username)\r
+{\r
+  global $mysqli,$db_table_prefix; \r
+  $stmt = $mysqli->prepare("SELECT \r
+               id\r
+               FROM ".$db_table_prefix."users\r
+               WHERE\r
+               user_name = ?\r
+               LIMIT 1");\r
+               $stmt->bind_param("s", $username);\r
+       \r
+       $stmt->execute();\r
+       $stmt->bind_result($id);\r
+       while ($stmt->fetch()){\r
+               $user_id = $id;\r
+       }\r
+       $stmt->close();\r
+       return $user_id;\r
+}\r
+\r
 //Retrieve complete user information by username, token or ID\r
 function fetchUserDetails($username=NULL,$token=NULL, $id=NULL)\r
 {\r
@@ -1185,7 +1298,7 @@ function securePage($uri){
                        return true;\r
                }\r
                else {\r
-                       header("Location: account.php");\r
+                       header("Location: index.php");\r
                        return false;   \r
                }\r
        }\r

diff --git a/testing/MCTXWeb/public_html/users/models/header.php b/testing/MCTXWeb/public_html/users/models/header.php
index 239a10a..d74c600 100644 (file)
--- a/testing/MCTXWeb/public_html/users/models/header.php
+++ b/testing/MCTXWeb/public_html/users/models/header.php
@@ -3,36 +3,108 @@
 UserCake Version: 2.0.2\r
 http://usercake.com\r
 */\r
-echo "\r
-  <!DOCTYPE html PUBLIC '-//W3C//DTD XHTML 1.0 Transitional//EN' 'http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd'>\r
-  <html xmlns='http://www.w3.org/1999/xhtml'>\r
+\r
+//Variables to set:\r
+//$custom_header_scripts\r
+//$custom_sidebar\r
+\r
+function startPage() {\r
+global $loggedInUser;\r
+\r
+echo '\r
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "http://www.w3.org/TR/html4/strict.dtd">\r
+<html>\r
   <head>\r
-  <meta http-equiv='Content-Type' content='text/html; charset=utf-8' />\r
-  <title>".$websiteName."</title>\r
-  <link href='".$template."' rel='stylesheet' type='text/css' />\r
-  <script src='models/funcs.js' type='text/javascript'>\r
-  </script>\r
+    <title>MCTX3420 Web Interface</title>\r
+    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">\r
+    <link rel="stylesheet" type="text/css" href="../static/style.css">\r
+    <link rel="stylesheet" type="text/css" href="../static/nav-menu.css">\r
+    \r
+    <script type="text/javascript" src="../static/jquery-1.10.1.min.js"></script>\r
+    \r
+       '.$custom_header_scripts.'\r
   </head>\r
-  <body>";\r
-\r
-/**\r
- * Make the remainder of the page\r
- */\r
-function createPage($title)\r
-{\r
-  echo "\r
-  <div id='wrapper'>\r
-  <div id='top'><div id='logo'></div></div>\r
-  <div id='content'>\r
-  <h1>User Managment</h1>\r
-  <h2>$title</h2>\r
-  <div id='left-nav'>";\r
-\r
-  include("left-nav.php");\r
-\r
-  echo "\r
-  </div>\r
-  <div id='main'>";\r
+  \r
+  <body>\r
+    <div id="header-wrap">\r
+      <div id="header">\r
+        <div id="leftnav">\r
+          <a href="http://www.uwa.edu.au/" target="_blank">\r
+            <img alt = "The University of Western Australia"\r
+            src="../static/uwacrest-text.png">\r
+          </a>\r
+          <span id="title">Site Administration</span>\r
+        </div>\r
+        <div id="rightnav">\r
+ ';\r
+ if (isUserLoggedIn()) {\r
+echo '\r
+            <span id="welcome-container">\r
+              Welcome, '.$loggedInUser->displayname.'\r
+            </span>\r
+';\r
+}\r
+echo '\r
+          <span id="date">'.date("D d M Y").'\r
+          </span>\r
+';\r
+\r
+if(isUserLoggedIn()) {\r
+       echo '\r
+          <div id="users-logout-container">\r
+            <form action="logout.php">\r
+              <div>\r
+                <input type="submit" id="logout-users" value="Logout">\r
+              </div>\r
+            </form>\r
+          </div>\r
+       ';\r
+}\r
+\r
+echo '\r
+        </div>\r
+        <div class="clear"></div>\r
+      </div>\r
+    </div>\r
+    <!-- End header -->\r
+    \r
+    <div id="content-wrap">\r
+      <noscript>\r
+        <div class="widget centre">\r
+          <div class="title">JavaScript required</div>\r
+          This website requires JavaScript to function correctly.\r
+          Please enable JavaScript to use this site.\r
+        </div>\r
+      </noscript>\r
+\r
+      <div id="content">\r
+ ';\r
+ \r
+ require_once("left-nav.php");\r
+ if (isUserLoggedIn()) {\r
+ echo '\r
+        <div id="main">\r
+';\r
 }\r
 \r
+} //function startPage()\r
+\r
+\r
+function finishPage() {\r
+if (isUserLoggedIn()) {\r
+echo '\r
+        </div>\r
+      <!-- End main content -->\r
+';\r
+}\r
+\r
+echo '\r
+      </div>\r
+    </div>\r
+  </body>\r
+</html>\r
+';\r
+}\r
+\r
+\r
 ?>\r

diff --git a/testing/MCTXWeb/public_html/users/register.php b/testing/MCTXWeb/public_html/users/register.php
index 32f1ae1..8a0d6e6 100644 (file)
--- a/testing/MCTXWeb/public_html/users/register.php
+++ b/testing/MCTXWeb/public_html/users/register.php
@@ -40,9 +40,9 @@ if(!empty($_POST))
        if(!ctype_alnum($displayname)){\r
                $errors[] = lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS");\r
        }\r
-       if(minMaxRange(8,50,$password) && minMaxRange(8,50,$confirm_pass))\r
+       if(minMaxRange(6,50,$password) && minMaxRange(6,50,$confirm_pass))\r
        {\r
-               $errors[] = lang("ACCOUNT_PASS_CHAR_LIMIT",array(8,50));\r
+               $errors[] = lang("ACCOUNT_PASS_CHAR_LIMIT",array(6,50));\r
        }\r
        else if($password != $confirm_pass)\r
        {\r
@@ -81,25 +81,13 @@ if(!empty($_POST))
 }\r
 \r
 require_once("models/header.php");\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Register</h2>\r
+startPage();\r
 \r
-<div id='left-nav'>";\r
-include("left-nav.php");\r
 echo "\r
-</div>\r
-\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
+<div class='widget' id='login-container'><div class='title centre'>User registration</div>";\r
 \r
 echo "\r
-<div id='regbox'>\r
+<div id=''>\r
 <form name='newUser' action='".$_SERVER['PHP_SELF']."' method='post'>\r
 \r
 <p>\r
@@ -122,23 +110,26 @@ echo "
 <label>Email:</label>\r
 <input type='text' name='email' />\r
 </p>\r
+\r
 <p>\r
 <label>Security Code:</label>\r
 <img src='models/captcha.php'>\r
 </p>\r
+<p>\r
 <label>Enter Security Code:</label>\r
 <input name='captcha' type='text'>\r
 </p>\r
-<label>&nbsp;<br>\r
+<p class='right'>\r
+<label>&nbsp;</label>\r
 <input type='submit' value='Register'/>\r
-</p>\r
+</p>";\r
 \r
+echo resultBlock($errors,$successes);\r
+echo "\r
 </form>\r
 </div>\r
 \r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
+</div>";\r
+\r
+finishPage();\r
 ?>\r

diff --git a/testing/MCTXWeb/public_html/users/resend-activation.php b/testing/MCTXWeb/public_html/users/resend-activation.php
deleted file mode 100644 (file)
index acbee1b..0000000
--- a/testing/MCTXWeb/public_html/users/resend-activation.php
+++ /dev/null
@@ -1,166 +0,0 @@
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-\r
-//Forms posted\r
-if(!empty($_POST) && $emailActivation)\r
-{\r
-       $email = $_POST["email"];\r
-       $username = $_POST["username"];\r
-       \r
-       //Perform some validation\r
-       //Feel free to edit / change as required\r
-       if(trim($email) == "")\r
-       {\r
-               $errors[] = lang("ACCOUNT_SPECIFY_EMAIL");\r
-       }\r
-       //Check to ensure email is in the correct format / in the db\r
-       else if(!isValidEmail($email) || !emailExists($email))\r
-       {\r
-               $errors[] = lang("ACCOUNT_INVALID_EMAIL");\r
-       }\r
-       \r
-       if(trim($username) == "")\r
-       {\r
-               $errors[] =  lang("ACCOUNT_SPECIFY_USERNAME");\r
-       }\r
-       else if(!usernameExists($username))\r
-       {\r
-               $errors[] = lang("ACCOUNT_INVALID_USERNAME");\r
-       }\r
-       \r
-       if(count($errors) == 0)\r
-       {\r
-               //Check that the username / email are associated to the same account\r
-               if(!emailUsernameLinked($email,$username))\r
-               {\r
-                       $errors[] = lang("ACCOUNT_USER_OR_EMAIL_INVALID");\r
-               }\r
-               else\r
-               {\r
-                       $userdetails = fetchUserDetails($username);\r
-                       \r
-                       //See if the user's account is activation\r
-                       if($userdetails["active"]==1)\r
-                       {\r
-                               $errors[] = lang("ACCOUNT_ALREADY_ACTIVE");\r
-                       }\r
-                       else\r
-                       {\r
-                               if ($resend_activation_threshold == 0) {\r
-                                       $hours_diff = 0;\r
-                               }\r
-                               else {\r
-                                       $last_request = $userdetails["last_activation_request"];\r
-                                       $hours_diff = round((time()-$last_request) / (3600*$resend_activation_threshold),0);\r
-                               }\r
-                               \r
-                               if($resend_activation_threshold!=0 && $hours_diff <= $resend_activation_threshold)\r
-                               {\r
-                                       $errors[] = lang("ACCOUNT_LINK_ALREADY_SENT",array($resend_activation_threshold));\r
-                               }\r
-                               else\r
-                               {\r
-                                       //For security create a new activation url;\r
-                                       $new_activation_token = generateActivationToken();\r
-                                       \r
-                                       if(!updateLastActivationRequest($new_activation_token,$username,$email))\r
-                                       {\r
-                                               $errors[] = lang("SQL_ERROR");\r
-                                       }\r
-                                       else\r
-                                       {\r
-                                               $mail = new userCakeMail();\r
-                                               \r
-                                               $activation_url = $websiteUrl."activate-account.php?token=".$new_activation_token;\r
-                                               \r
-                                               //Setup our custom hooks\r
-                                               $hooks = array(\r
-                                                       "searchStrs" => array("#ACTIVATION-URL","#USERNAME#"),\r
-                                                       "subjectStrs" => array($activation_url,$userdetails["display_name"])\r
-                                                       );\r
-                                               \r
-                                               if(!$mail->newTemplateMsg("resend-activation.txt",$hooks))\r
-                                               {\r
-                                                       $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR");\r
-                                               }\r
-                                               else\r
-                                               {\r
-                                                       if(!$mail->sendMail($userdetails["email"],"Activate your ".$websiteName." Account"))\r
-                                                       {\r
-                                                               $errors[] = lang("MAIL_ERROR");\r
-                                                       }\r
-                                                       else\r
-                                                       {\r
-                                                               //Success, user details have been updated in the db now mail this information out.\r
-                                                               $successes[] = lang("ACCOUNT_NEW_ACTIVATION_SENT");\r
-                                                       }\r
-                                               }\r
-                                       }\r
-                               }\r
-                       }\r
-               }\r
-       }\r
-}\r
-\r
-//Prevent the user visiting the logged in page if he/she is already logged in\r
-if(isUserLoggedIn()) { header("Location: account.php"); die(); }\r
-\r
-require_once("models/header.php");\r
-\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>Resend Activation</h2>\r
-<div id='left-nav'>";\r
-\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
-\r
-echo "<div id='regbox'>";\r
-\r
-//Show disabled if email activation not required\r
-if(!$emailActivation)\r
-{ \r
-        echo lang("FEATURE_DISABLED");\r
-}\r
-else\r
-{\r
-       echo "<form name='resendActivation' action='".$_SERVER['PHP_SELF']."' method='post'>\r
-       <p>\r
-       <label>Username:</label>\r
-       <input type='text' name='username' />\r
-        </p>     \r
-        <p>\r
-        <label>Email:</label>\r
-        <input type='text' name='email' />\r
-        </p>    \r
-        <p>\r
-        <label>&nbsp;</label>\r
-        <input type='submit' value='Submit' class='submit' />\r
-        </p>\r
-        </form>";\r
-}\r
-\r
-echo "\r
-</div>           \r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r

diff --git a/testing/MCTXWeb/public_html/users/user_change_details.php b/testing/MCTXWeb/public_html/users/user_change_details.php
new file mode 100644 (file)
index 0000000..16c4532
--- /dev/null
+++ b/testing/MCTXWeb/public_html/users/user_change_details.php
@@ -0,0 +1,169 @@
+<?php\r
+/*\r
+UserCake Version: 2.0.2\r
+http://usercake.com\r
+*/\r
+\r
+require_once("models/config.php");\r
+if (!securePage($_SERVER['PHP_SELF'])){die();}\r
+\r
+//Forms posted\r
+if(!empty($_POST))\r
+{\r
+       $errors = array();\r
+       $username = sanitize(trim($_POST["username"]));\r
+       $password = trim($_POST["password"]);\r
+  $password_new = trim($_POST["password_new"]);\r
+  $password_confirm = trim($_POST["password_confirm"]);\r
+       \r
+       //Perform some validation\r
+       //Feel free to edit / change as required\r
+       if($username == "")\r
+       {\r
+               $errors[] = lang("ACCOUNT_SPECIFY_USERNAME");\r
+       }\r
+       if($password == "")\r
+       {\r
+               $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");\r
+       }\r
+\r
+       if(count($errors) == 0)\r
+       {\r
+               //A security note here, never tell the user which credential was incorrect\r
+               if(!usernameExists($username))\r
+               {\r
+                       $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");\r
+               }\r
+               else\r
+               {\r
+                       $userdetails = fetchUserDetails($username);\r
+                       //See if the user's account is activated\r
+                       if($userdetails["active"]==0)\r
+                       {\r
+                               $errors[] = lang("ACCOUNT_INACTIVE");\r
+                       }\r
+                       else\r
+                       {\r
+                               //Hash the password and use the salt from the database to compare the password.\r
+                               $entered_pass = generateHash($password,$userdetails["password"]);\r
+\r
+                               //echo "".$userdetails["password"]; //Wut is dis\r
+                               \r
+                               if($entered_pass != $userdetails["password"])\r
+                               {\r
+                                       //Again, we know the password is at fault here, but lets not give away the combination incase of someone bruteforcing\r
+                                       $errors[] = lang("ACCOUNT_USER_OR_PASS_INVALID");\r
+                               }\r
+                               else\r
+                               {\r
+                                       //Passwords match! we're good to go'\r
+                                       \r
+                                       //Construct a new logged in user object\r
+                                       //Transfer some db data to the session object\r
+                                       $loggedInUser = new loggedInUser();\r
+                                       $loggedInUser->email = $userdetails["email"];\r
+                                       $loggedInUser->user_id = $userdetails["id"];\r
+                                       $loggedInUser->hash_pw = $userdetails["password"];\r
+                                       $loggedInUser->title = $userdetails["title"];\r
+                                       $loggedInUser->displayname = $userdetails["display_name"];\r
+                                       $loggedInUser->username = $userdetails["user_name"];\r
+                                       \r
+          if(trim($password_new) == "")\r
+          {\r
+            $errors[] = lang("ACCOUNT_SPECIFY_NEW_PASSWORD");\r
+          }\r
+          else if(trim($password_confirm) == "")\r
+          {\r
+            $errors[] = lang("ACCOUNT_SPECIFY_CONFIRM_PASSWORD");\r
+          }\r
+          else if(minMaxRange(6,50,$password_new))\r
+          {    \r
+            $errors[] = lang("ACCOUNT_NEW_PASSWORD_LENGTH",array(6,50));\r
+          }\r
+          else if($password_new != $password_confirm)\r
+          {\r
+            $errors[] = lang("ACCOUNT_PASS_MISMATCH");\r
+          }\r
+          \r
+          //End data validation\r
+          if(count($errors) == 0)\r
+          {\r
+            //Also prevent updating if someone attempts to update with the same password\r
+            $entered_pass_new = generateHash($password_new,$loggedInUser->hash_pw);\r
+            \r
+            if($entered_pass_new == $loggedInUser->hash_pw)\r
+            {\r
+              //Don't update, this fool is trying to update with the same password ¬¬\r
+              $errors[] = lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE");\r
+            }\r
+            else\r
+            {\r
+              //This function will create the new hash and update the hash_pw property.\r
+              $loggedInUser->updatePassword($password_new);\r
+              $successes[] = lang("ACCOUNT_PASSWORD_UPDATED");\r
+            }\r
+          }\r
+                               }\r
+                       }\r
+               }\r
+       }\r
+}\r
+\r
+if (isUserLoggedIn())\r
+{\r
+  //If not admin, log them out after pw change\r
+  if (!$loggedInUser->checkPermission(array(2)))\r
+  {\r
+    $loggedInUser->userLogOut();\r
+  }\r
+}\r
+\r
+require_once("models/header.php");\r
+startPage();\r
+\r
+echo '\r
+      <div id="login-container">\r
+       <div class="widget">\r
+          <div class="title centre">Change of password</div>\r
+           <form id="login-update" class="clear" name="login-update" action="'.$_SERVER["PHP_SELF"].'" method="post">\r
+             <p>\r
+               <label>\r
+                 Username<br>\r
+                 <input name="username" type="text">\r
+               </label>\r
+             </p>\r
+             <p>\r
+               <label>\r
+                 Password<br>\r
+                 <input name="password" type="password">\r
+               </label>             \r
+             </p>\r
+             <p>\r
+               <label>\r
+                 New password<br>\r
+                 <input name="password_new" type="password">\r
+               </label>             \r
+             </p>\r
+             <p>\r
+               <label>\r
+                 Confirm password<br>\r
+                 <input name="password_confirm" type="password">\r
+               </label>             \r
+             </p>\r
+             <p style="float:left; margin:0;">\r
+               <a href="forgot-password.php">Forgotten password?</a>\r
+             </p>\r
+             <p style="float:right; margin:0;">\r
+               <input type="submit" value="Update">\r
+             </p>\r
+            </form>';\r
+            \r
+echo resultBlock($errors,$successes);            \r
+echo '\r
+       </div>\r
+      </div>\r
+ ';\r
+\r
+finishPage();\r
+\r
+?>\r

diff --git a/testing/MCTXWeb/public_html/users/user_settings.php b/testing/MCTXWeb/public_html/users/user_settings.php
deleted file mode 100644 (file)
index 12603d0..0000000
--- a/testing/MCTXWeb/public_html/users/user_settings.php
+++ /dev/null
@@ -1,152 +0,0 @@
-<?php\r
-/*\r
-UserCake Version: 2.0.2\r
-http://usercake.com\r
-*/\r
-\r
-require_once("models/config.php");\r
-if (!securePage($_SERVER['PHP_SELF'])){die();}\r
-\r
-//Prevent the user visiting the logged in page if he is not logged in\r
-if(!isUserLoggedIn()) { header("Location: login.php"); die(); }\r
-\r
-if(!empty($_POST))\r
-{\r
-       $errors = array();\r
-       $successes = array();\r
-       $password = $_POST["password"];\r
-       $password_new = $_POST["passwordc"];\r
-       $password_confirm = $_POST["passwordcheck"];\r
-       \r
-       $errors = array();\r
-       $email = $_POST["email"];\r
-       \r
-       //Perform some validation\r
-       //Feel free to edit / change as required\r
-       \r
-       //Confirm the hashes match before updating a users password\r
-       $entered_pass = generateHash($password,$loggedInUser->hash_pw);\r
-       \r
-       if (trim($password) == ""){\r
-               $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD");\r
-       }\r
-       else if($entered_pass != $loggedInUser->hash_pw)\r
-       {\r
-               //No match\r
-               $errors[] = lang("ACCOUNT_PASSWORD_INVALID");\r
-       }       \r
-       if($email != $loggedInUser->email)\r
-       {\r
-               if(trim($email) == "")\r
-               {\r
-                       $errors[] = lang("ACCOUNT_SPECIFY_EMAIL");\r
-               }\r
-               else if(!isValidEmail($email))\r
-               {\r
-                       $errors[] = lang("ACCOUNT_INVALID_EMAIL");\r
-               }\r
-               else if(emailExists($email))\r
-               {\r
-                       $errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email));        \r
-               }\r
-               \r
-               //End data validation\r
-               if(count($errors) == 0)\r
-               {\r
-                       $loggedInUser->updateEmail($email);\r
-                       $successes[] = lang("ACCOUNT_EMAIL_UPDATED");\r
-               }\r
-       }\r
-       \r
-       if ($password_new != "" OR $password_confirm != "")\r
-       {\r
-               if(trim($password_new) == "")\r
-               {\r
-                       $errors[] = lang("ACCOUNT_SPECIFY_NEW_PASSWORD");\r
-               }\r
-               else if(trim($password_confirm) == "")\r
-               {\r
-                       $errors[] = lang("ACCOUNT_SPECIFY_CONFIRM_PASSWORD");\r
-               }\r
-               else if(minMaxRange(8,50,$password_new))\r
-               {       \r
-                       $errors[] = lang("ACCOUNT_NEW_PASSWORD_LENGTH",array(8,50));\r
-               }\r
-               else if($password_new != $password_confirm)\r
-               {\r
-                       $errors[] = lang("ACCOUNT_PASS_MISMATCH");\r
-               }\r
-               \r
-               //End data validation\r
-               if(count($errors) == 0)\r
-               {\r
-                       //Also prevent updating if someone attempts to update with the same password\r
-                       $entered_pass_new = generateHash($password_new,$loggedInUser->hash_pw);\r
-                       \r
-                       if($entered_pass_new == $loggedInUser->hash_pw)\r
-                       {\r
-                               //Don't update, this fool is trying to update with the same password ¬¬\r
-                               $errors[] = lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE");\r
-                       }\r
-                       else\r
-                       {\r
-                               //This function will create the new hash and update the hash_pw property.\r
-                               $loggedInUser->updatePassword($password_new);\r
-                               $successes[] = lang("ACCOUNT_PASSWORD_UPDATED");\r
-                       }\r
-               }\r
-       }\r
-       if(count($errors) == 0 AND count($successes) == 0){\r
-               $errors[] = lang("NOTHING_TO_UPDATE");\r
-       }\r
-}\r
-\r
-require_once("models/header.php");\r
-echo "\r
-<body>\r
-<div id='wrapper'>\r
-<div id='top'><div id='logo'></div></div>\r
-<div id='content'>\r
-<h1>UserCake</h1>\r
-<h2>User Settings</h2>\r
-<div id='left-nav'>";\r
-include("left-nav.php");\r
-\r
-echo "\r
-</div>\r
-<div id='main'>";\r
-\r
-echo resultBlock($errors,$successes);\r
-\r
-echo "\r
-<div id='regbox'>\r
-<form name='updateAccount' action='".$_SERVER['PHP_SELF']."' method='post'>\r
-<p>\r
-<label>Password:</label>\r
-<input type='password' name='password' />\r
-</p>\r
-<p>\r
-<label>Email:</label>\r
-<input type='text' name='email' value='".$loggedInUser->email."' />\r
-</p>\r
-<p>\r
-<label>New Pass:</label>\r
-<input type='password' name='passwordc' />\r
-</p>\r
-<p>\r
-<label>Confirm Pass:</label>\r
-<input type='password' name='passwordcheck' />\r
-</p>\r
-<p>\r
-<label>&nbsp;</label>\r
-<input type='submit' value='Update' class='submit' />\r
-</p>\r
-</form>\r
-</div>\r
-</div>\r
-<div id='bottom'></div>\r
-</div>\r
-</body>\r
-</html>";\r
-\r
-?>\r