From: Jeremy Tan Date: Mon, 28 Oct 2013 13:21:47 +0000 (+0800) Subject: Merge branch 'users' X-Git-Url: https://git.ucc.asn.au/?p=matches%2FMCTX3420.git;a=commitdiff_plain;h=f54777b1c07919d18292491b2d2ccdbbc54a588d;hp=f4f4c762db8c7cb2934bb03ae85063e453d68169 Merge branch 'users' Conflicts: server/parameters Resolved to users branch --- diff --git a/server/parameters b/server/parameters index 26e2892..5fdc595 100644 --- a/server/parameters +++ b/server/parameters @@ -17,19 +17,16 @@ LOGDEBUG=4 verbosity="$LOGDEBUG" # Set to 1/0 to enable/disable the pin module (gives direct control over GPIO/ADC/PWM) +#TODO: This option isn't actually implemented yet... pin_test="0" # Set to the URI to use authentication -#auth_uri="ldap://192.168.1.1" -#auth_uri="ldaps://ldap.pheme.uwa.edu.au" #UWA +#auth_uri="ldap://192.168.1.1#ou=People,dc=daedalus" +#auth_uri="ldaps://ldap.pheme.uwa.edu.au#ou=Users,ou=UWA,dc=uwads,dc=uwa,dc=edu,dc=au" #UWA #auth_uri="/etc/shadow" #auth_uri="shadow" - -# Set to the dn of the LDAP server -ldap_base_dn="ou=People,dc=daedalus" # Testing -#ldap_base_dn="ou=Users,ou=UWA,dc=uwads,dc=uwa,dc=edu,dc=au" #UWA +auth_uri="mysql://localhost#root,$(cat mysql_password)" ## OPTIONS TO BE PASSED TO SERVER; DO NOT EDIT -parameters="-v $verbosity -p $pin_test" -# -A $auth_uri -d $ldap_base_dn" +parameters="-v $verbosity -p $pin_test -A $auth_uri" diff --git a/testing/MCTXWeb/public_html/users/account.php b/testing/MCTXWeb/public_html/users/account.php deleted file mode 100644 index 3f93126..0000000 --- a/testing/MCTXWeb/public_html/users/account.php +++ /dev/null @@ -1,32 +0,0 @@ - -
-
-
-

UserCake

-

Account

-
"; - -include("left-nav.php"); - -echo " -
-
-Hey, $loggedInUser->displayname. This is an example secure page designed to demonstrate some of the basic features of UserCake. Just so you know, your title at the moment is $loggedInUser->title, and that can be changed in the admin panel. You registered this account on " . date("M d, Y", $loggedInUser->signupTimeStamp()) . ". -
-
-
- -"; - -?> diff --git a/testing/MCTXWeb/public_html/users/activate-account.php b/testing/MCTXWeb/public_html/users/activate-account.php deleted file mode 100644 index 33bbd15..0000000 --- a/testing/MCTXWeb/public_html/users/activate-account.php +++ /dev/null @@ -1,66 +0,0 @@ - -
-
-
-

UserCake

-

Activate Account

- -
"; - -include("left-nav.php"); - -echo " -
-
"; - -echo resultBlock($errors,$successes); - -echo " -
-
-
- -"; - -?> diff --git a/testing/MCTXWeb/public_html/users/admin_configuration.php b/testing/MCTXWeb/public_html/users/admin_configuration.php index 01fa76a..05bd187 100644 --- a/testing/MCTXWeb/public_html/users/admin_configuration.php +++ b/testing/MCTXWeb/public_html/users/admin_configuration.php @@ -135,23 +135,12 @@ $languages = getLanguageFiles(); //Retrieve list of language files $templates = getTemplateFiles(); //Retrieve list of template files $permissionData = fetchAllPermissions(); //Retrieve list of all permission levels require_once("models/header.php"); +startPage(); -echo " - -
-
-
-

UserCake

-

Admin Configuration

-
"; - -include("left-nav.php"); +echo notificationBlock($errors,$successes); echo " -
-
"; - -echo resultBlock($errors,$successes); +
Site details
"; echo "
@@ -228,10 +217,8 @@ echo "
-
-
-
- -"; +
"; + +finishPage(); ?> diff --git a/testing/MCTXWeb/public_html/users/admin_page.php b/testing/MCTXWeb/public_html/users/admin_page.php index 7d1815d..2728752 100644 --- a/testing/MCTXWeb/public_html/users/admin_page.php +++ b/testing/MCTXWeb/public_html/users/admin_page.php @@ -4,6 +4,8 @@ UserCake Version: 2.0.2 http://usercake.com */ +//what a bunch of spaghetti code + require_once("models/config.php"); if (!securePage($_SERVER['PHP_SELF'])){die();} $pageId = $_GET['id']; @@ -71,41 +73,49 @@ $pagePermissions = fetchPagePermissions($pageId); $permissionData = fetchAllPermissions(); require_once("models/header.php"); +startPage(); -echo " - -
-
-
-

UserCake

-

Admin Page

-
"; - -include("left-nav.php"); +echo notificationBlock($errors, $successes); -echo " +echo ' +
+
+ Page ID '.$pageDetails['id'].'
-
"; -echo resultBlock($errors,$successes); +
Manage page "'.$pageDetails['page'].'"
+
Access control list
'; echo " -
+ - - - -
-

Page Information

-
-

- -".$pageDetails['id']." -

-

- -".$pageDetails['page']." -

-

-"; + + + + + + + +"; + +foreach ($permissionData as $v) { + echo ""; + if(isset($pagePermissions[$v['id']])) { + echo ""; + echo ""; + } else { + echo ""; + } + + echo ""; +} + +echo " +
SwapHas accessDoes not have access
".$v['name']."'>"; + echo "".$v['name']."
+ +

+"; //Display private checkbox if ($pageDetails['private'] == 1){ @@ -117,44 +127,17 @@ else { echo "

-
 -

Page Access

-
-

-Remove Access:"; - -//Display list of permission levels with access -foreach ($permissionData as $v1) { - if(isset($pagePermissions[$v1['id']])){ - echo "
".$v1['name']; - } -} - -echo" -

Add Access:"; -//Display list of permission levels without access -foreach ($permissionData as $v1) { - if(!isset($pagePermissions[$v1['id']])){ - echo "
".$v1['name']; - } -} - -echo" -

-
-
-

+

-
-
-
- -"; +"; + +echo " +
"; + +finishPage(); ?> diff --git a/testing/MCTXWeb/public_html/users/admin_pages.php b/testing/MCTXWeb/public_html/users/admin_pages.php index 6918367..6ea584b 100644 --- a/testing/MCTXWeb/public_html/users/admin_pages.php +++ b/testing/MCTXWeb/public_html/users/admin_pages.php @@ -5,7 +5,7 @@ http://usercake.com */ require_once("models/config.php"); -if (!securePage($_SERVER['PHP_SELF'])){die();} +if (!securePage($_SERVER['PHP_SELF'])){header("Location: login.php"); die();} $pages = getPageFiles(); //Retrieve list of pages in root usercake folder $dbpages = fetchAllPages(); //Retrieve list of pages in pages table @@ -42,23 +42,13 @@ if (count($deletions) > 0) { $dbpages = fetchAllPages(); require_once("models/header.php"); +startPage(); -echo " - -
-
-
-

UserCake

-

Admin Pages

-
"; - -include("left-nav.php"); - -echo " -
-
- -"; +echo ' +
+
Page visibilities
+
IdPageAccess
+'; //Display list of pages foreach ($dbpages as $page){ @@ -87,10 +77,8 @@ foreach ($dbpages as $page){ echo "
IdPageVisibility
-
-
-
- -"; +
"; + +finishPage(); ?> diff --git a/testing/MCTXWeb/public_html/users/admin_permission.php b/testing/MCTXWeb/public_html/users/admin_permission.php deleted file mode 100644 index 38ef238..0000000 --- a/testing/MCTXWeb/public_html/users/admin_permission.php +++ /dev/null @@ -1,220 +0,0 @@ - -
-
-
-

UserCake

-

Admin Permissions

-
"; - -include("left-nav.php"); - -echo " -
-
"; - -echo resultBlock($errors,$successes); - -echo " -
- - - - -
-

Permission Information

-
-

- -".$permissionDetails['id']." -

-

- - -

- - -

-
 -

Permission Membership

-
-

-Remove Members:"; - -//List users with permission level -foreach ($userData as $v1) { - if(isset($permissionUsers[$v1['id']])){ - echo "
".$v1['display_name']; - } -} - -echo" -

Add Members:"; - -//List users without permission level -foreach ($userData as $v1) { - if(!isset($permissionUsers[$v1['id']])){ - echo "
".$v1['display_name']; - } -} - -echo" -

-
-		 -

Permission Access

-
-

-Public Access:"; - -//List public pages -foreach ($pageData as $v1) { - if($v1['private'] != 1){ - echo "
".$v1['page']; - } -} - -echo" -

-

-Remove Access:"; - -//List pages accessible to permission level -foreach ($pageData as $v1) { - if(isset($pagePermissions[$v1['id']]) AND $v1['private'] == 1){ - echo "
".$v1['page']; - } -} - -echo" -

Add Access:"; - -//List pages inaccessible to permission level -foreach ($pageData as $v1) { - if(!isset($pagePermissions[$v1['id']]) AND $v1['private'] == 1){ - echo "
".$v1['page']; - } -} - -echo" -

-
-
-

- - -

-
-
-
-
- -"; - -?> diff --git a/testing/MCTXWeb/public_html/users/admin_permissions.php b/testing/MCTXWeb/public_html/users/admin_permissions.php deleted file mode 100644 index 9a58249..0000000 --- a/testing/MCTXWeb/public_html/users/admin_permissions.php +++ /dev/null @@ -1,94 +0,0 @@ - -
-
-
-

UserCake

-

Admin Permissions

-
"; - -include("left-nav.php"); - -echo " -
-
"; - -echo resultBlock($errors,$successes); - -echo " -
- - - -"; - -//List each permission level -foreach ($permissionData as $v1) { - echo " - - - - "; -} - -echo " -
DeletePermission Name
".$v1['name']."
-

- - -

- -
-
-
-
- -"; - -?> diff --git a/testing/MCTXWeb/public_html/users/admin_upload_users.php b/testing/MCTXWeb/public_html/users/admin_upload_users.php index 53c71ce..60b4c27 100644 --- a/testing/MCTXWeb/public_html/users/admin_upload_users.php +++ b/testing/MCTXWeb/public_html/users/admin_upload_users.php @@ -7,9 +7,7 @@ require_once("models/config.php"); if (!securePage($_SERVER['PHP_SELF'])){die();} -require_once("models/header.php"); - -$text_area="# Rows starting with '#' are ignored. Rows are of the form:\n# username, Full Name, email"; +$text_area="# Rows starting with '#' are ignored. Rows are of the form:\n# Username, Full Name, Email[, Title]"; $show_form = true; @@ -30,70 +28,116 @@ if (!empty($_POST)) } else if ($_POST['action'] === "Upload") // Upload users in the text area { - + + if ($_POST['upload_mode'] === "purge") + { + $to_delete = fetchAllUsersWithoutPerm("Administrator"); + if (count($to_delete) > 0) + { + if ($deletion_count = deleteUsers($to_delete)) { + $successes[] = lang("ACCOUNT_DELETIONS_SUCCESSFUL", array($deletion_count)); + } + else { + $errors[] = lang("SQL_ERROR"); + } + } + } + $text_area = $_POST['userUpload']; - // Iterate through each row $all_rows=preg_split("/((\r?\n)|(\r\n?))/", $_POST['userUpload']); - - - foreach ($all_rows as $row) { if (empty($row) or $row[0] === '#') continue; - $errors = array(); - - $fields = preg_split("/,/", $row); - - $user_name = trim($fields[0]); - $display_name = trim($fields[1]); - $email = trim($fields[2]); + $fields = preg_split("/,/", $row); + if(count($fields) < 3) + { + $errors[] = "Warning: Ignoring row not in correct format: ".htmlspecialchars($row); + continue; + } + + $username = trim($fields[0]); + $displayname = trim($fields[1]); + $email = trim($fields[2]); + $title = trim($fields[3]); + + if(!isValidEmail($email)) + { + $errors[] = "Enter a valid email for row: ".htmlspecialchars($row); + continue; + } + // generate the temporary password $password = generatePassword(); - - if(count($errors) == 0) - { - //Construct a user object - $user = new User($username,$displayname,$password,$email); - - //Checking this flag tells us whether there were any errors such as possible data duplication occured - if(!$user->status) - { - if($user->username_taken) $errors[] = lang("ACCOUNT_USERNAME_IN_USE",array($username)); - if($user->displayname_taken) $errors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE",array($displayname)); - if($user->email_taken) $errors[] = lang("ACCOUNT_EMAIL_IN_USE",array($email)); - } - else - { - //Attempt to add the user to the database, carry out finishing tasks like emailing the user (if required) - if(!$user->userCakeAddUser()) - { - if($user->mail_failure) $errors[] = lang("MAIL_ERROR"); - if($user->sql_failure) $errors[] = lang("SQL_ERROR"); - } - } + //Construct a user object + $user = new User($username,$displayname,$password,$email); + + //Checking this flag tells us whether there were any errors such as possible data duplication occured + if(!$user->status) + { + if($user->username_taken) $localerrors[] = lang("ACCOUNT_USERNAME_IN_USE",array($username)); + if($user->displayname_taken) $localerrors[] = lang("ACCOUNT_DISPLAYNAME_IN_USE",array($displayname)); + if($user->email_taken) $localerrors[] = lang("ACCOUNT_EMAIL_IN_USE",array($email)); } - if(count($errors) == 0) + else { - $successes[] = $user->success; + //Attempt to add the user to the database, carry out finishing tasks like emailing the user (if required) + $user->userCakeAddUser(); //This doesn't return anything itself + + if($user->mail_failure) $localerrors[] = lang("MAIL_ERROR"); + if($user->sql_failure) $localerrors[] = lang("SQL_ERROR"); + + if(strlen($title) >= 50) + { + $localerrors[] = "Warning: User".$username." added but failed to set title: ".lang("ACCOUNT_TITLE_CHAR_LIMIT",array(1,50)); + } + else if (count($localerrors) == 0 && strlen($title) > 0) + { + $user_id = fetchUserId($username); //So stupid, when you create a user, it doesn't return the user id + if (!updateTitle($user_id, $title)) + { + $localerrors[] = "Warning: User ".$username." added but failed to set title: ". lang("SQL_ERROR"); + } + } } - echo resultBlock($errors,$successes); - } + if(count($localerrors) == 0) + { + $users[] = [$username, $password]; //Push user onto array + //$successes[] = ($user->success); + } + else + { + $errors = array_merge($errors, $localerrors); + } - - - - + } + + if(count($users) > 0) + { + $successes[] = (count($users)." users created."); + $successes[] = ("The list of usernames and passwords follow. You must save this!"); + foreach($users as $user) + { + $successes[] = $user[0].",".$user[1]; + } + } } -} +} + +require_once("models/header.php"); +startPage(); + +echo notificationBlock($errors,$successes); + +echo '
Upload users
'; if ($show_form) { @@ -117,10 +161,13 @@ if ($show_form)

Enter or copy/paste user information below (resize the text area if necessary):

-

+

"; -} +} + +echo '
'; +finishPage(); ?> diff --git a/testing/MCTXWeb/public_html/users/admin_user.php b/testing/MCTXWeb/public_html/users/admin_user.php index 2d0e656..169a22f 100644 --- a/testing/MCTXWeb/public_html/users/admin_user.php +++ b/testing/MCTXWeb/public_html/users/admin_user.php @@ -141,28 +141,16 @@ $userPermission = fetchUserPermissions($userId); $permissionData = fetchAllPermissions(); require_once("models/header.php"); +startPage(); -echo " - -
-
-
-

UserCake

-

Admin User

-
"; - -include("left-nav.php"); +echo notificationBlock($errors,$successes); echo " -
-
"; - -echo resultBlock($errors,$successes); +
User administration
"; echo "
-

User Information

@@ -181,7 +169,7 @@ echo "

-"; +"; //Display activation link, if account inactive if ($userdetails['active'] == '1'){ @@ -207,7 +195,7 @@ echo " ".date("j M, Y", $userdetails['sign_up_stamp'])."

-"; +"; //Last sign in, interpretation if ($userdetails['last_sign_in_stamp'] == '0'){ @@ -257,9 +245,8 @@ echo"

-
-
- -"; +"; + +finishPage(); ?> diff --git a/testing/MCTXWeb/public_html/users/admin_users.php b/testing/MCTXWeb/public_html/users/admin_users.php index e0ec8e0..c46ab8c 100644 --- a/testing/MCTXWeb/public_html/users/admin_users.php +++ b/testing/MCTXWeb/public_html/users/admin_users.php @@ -22,26 +22,15 @@ if(!empty($_POST)) $userData = fetchAllUsers(); //Fetch information for all users require_once("models/header.php"); -echo " - -
-
-
-

UserCake

-

Admin Users

-
"; - -include("left-nav.php"); +startPage(); +echo notificationBlock($errors,$successes); echo " -
-
"; - -echo resultBlock($errors,$successes); +
User list
"; echo "
- +
"; @@ -73,10 +62,8 @@ echo "
DeleteUsernameDisplay NameTitleLast Sign In
-
-
-
- -"; +
"; + +finishPage(); ?> diff --git a/testing/MCTXWeb/public_html/users/forgot-password.php b/testing/MCTXWeb/public_html/users/forgot-password.php index fa68835..77fec13 100644 --- a/testing/MCTXWeb/public_html/users/forgot-password.php +++ b/testing/MCTXWeb/public_html/users/forgot-password.php @@ -6,6 +6,7 @@ http://usercake.com require_once("models/config.php"); if (!securePage($_SERVER['PHP_SELF'])){die();} +if (isUserLoggedIn()){header("Location: index.php"); die();} //User has confirmed they want their password changed if(!empty($_GET["confirm"])) @@ -174,22 +175,13 @@ if(!empty($_POST)) } require_once("models/header.php"); -echo " - -
-
-
-

UserCake

-

Forgot Password

-
"; +startPage(); -include("left-nav.php"); +//echo notificationBlock($errors,$successes); echo " -
-
"; - -echo resultBlock($errors,$successes); +
+
Forgot password
"; echo "
@@ -205,13 +197,15 @@ echo "

-

+

"; +echo resultBlock($errors,$successes); + +echo "
-
-
- -"; +
"; + +finishPage(); ?> diff --git a/testing/MCTXWeb/public_html/users/index.php b/testing/MCTXWeb/public_html/users/index.php index 63d11fb..9cec83c 100644 --- a/testing/MCTXWeb/public_html/users/index.php +++ b/testing/MCTXWeb/public_html/users/index.php @@ -5,43 +5,23 @@ http://usercake.com */ require_once("models/config.php"); -if (!securePage($_SERVER['PHP_SELF'])){die();} -require_once("models/header.php"); +if (!isUserLoggedIn()) { header("Location: login.php"); die();} -echo " - -
-
-
-

UserCake

-

2.00

-
"; -include("left-nav.php"); +require_once("models/header.php"); +startPage(); +echo ' +
+
Welcome!
+

+ This is the administration site for this site. Here, you can manage + the list of users who has access to this site. +

+

+ +

+
+'; -echo " -
-
-

Thank you for downloading UserCake. 100% Free and Opensource.

-

Copyright (c) 2009-2012

-

Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the 'Software'), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions:

-

The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software.

-

THE SOFTWARE IS PROVIDED 'AS IS', WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE.

-
-
-
- -"; +finishPage(); ?> diff --git a/testing/MCTXWeb/public_html/users/left-nav.php b/testing/MCTXWeb/public_html/users/left-nav.php index b6f053e..addc4c4 100644 --- a/testing/MCTXWeb/public_html/users/left-nav.php +++ b/testing/MCTXWeb/public_html/users/left-nav.php @@ -4,41 +4,36 @@ UserCake Version: 2.0.2 http://usercake.com */ -if (!securePage($_SERVER['PHP_SELF'])){die();} +if (isUserLoggedIn()) { -//Links for logged in user -if(isUserLoggedIn()) { - echo " - "; - - //Links for permission level 2 (default admin) - if ($loggedInUser->checkPermission(array(2))){ - echo " - "; - } -} -//Links for users not logged in -else { - echo " - "; +echo ' + + +'; + +} ?> diff --git a/testing/MCTXWeb/public_html/users/login.php b/testing/MCTXWeb/public_html/users/login.php index 2c45d1f..7d2ba20 100644 --- a/testing/MCTXWeb/public_html/users/login.php +++ b/testing/MCTXWeb/public_html/users/login.php @@ -8,7 +8,7 @@ require_once("models/config.php"); if (!securePage($_SERVER['PHP_SELF'])){die();} //Prevent the user visiting the logged in page if he/she is already logged in -if(isUserLoggedIn()) { header("Location: account.php"); die(); } +if(isUserLoggedIn()) { header("Location: index.php"); die(); } //Forms posted if(!empty($_POST)) @@ -48,7 +48,7 @@ if(!empty($_POST)) //Hash the password and use the salt from the database to compare the password. $entered_pass = generateHash($password,$userdetails["password"]); - echo "".$userdetails["password"]; + //echo "".$userdetails["password"]; //Wut is dis if($entered_pass != $userdetails["password"]) { @@ -69,13 +69,22 @@ if(!empty($_POST)) $loggedInUser->displayname = $userdetails["display_name"]; $loggedInUser->username = $userdetails["user_name"]; - //Update last sign in - $loggedInUser->updateLastSignIn(); - $_SESSION["userCakeUser"] = $loggedInUser; - - //Redirect to user account page - header("Location: account.php"); - die(); + //Only allow login to admins + if ($loggedInUser->checkPermission(array(2))) + { + //Update last sign in + $loggedInUser->updateLastSignIn(); + + $_SESSION["userCakeUser"] = $loggedInUser; + + //Redirect to user account page + header("Location: index.php"); + die(); + } + else + { + $errors[] = ("You are no admin :("); + } } } } @@ -83,45 +92,44 @@ if(!empty($_POST)) } require_once("models/header.php"); +startPage(); -echo " - -
-
-
-

UserCake

-

Login

-
"; - -include("left-nav.php"); - -echo " -
-
"; - +echo ' +
+
+
Notice
+ This is the login page for site administration.
If you wish to log in + to the main web-site, see here instead. +
+
+
+

+ +

+

+ +

+

+ Forgotten password?
+ Register +

+

+ +

+'; echo resultBlock($errors,$successes); +echo ' +
+
+
+ '; -echo " -
-
-

- - -

-

- - -

-

- - -

-
-
-
-
-
- -"; +finishPage(); ?> diff --git a/testing/MCTXWeb/public_html/users/logout.php b/testing/MCTXWeb/public_html/users/logout.php index 728a294..e722ba7 100644 --- a/testing/MCTXWeb/public_html/users/logout.php +++ b/testing/MCTXWeb/public_html/users/logout.php @@ -13,6 +13,7 @@ if(isUserLoggedIn()) $loggedInUser->userLogOut(); } +/* if(!empty($websiteUrl)) { $add_http = ""; @@ -26,10 +27,10 @@ if(!empty($websiteUrl)) die(); } else -{ - header("Location: http://".$_SERVER['HTTP_HOST']); +{*/ + header("Location: login.php");//http://".$_SERVER['HTTP_HOST']); die(); -} +/*}*/ ?> diff --git a/testing/MCTXWeb/public_html/users/models/funcs.php b/testing/MCTXWeb/public_html/users/models/funcs.php index b1afc72..a3a9928 100644 --- a/testing/MCTXWeb/public_html/users/models/funcs.php +++ b/testing/MCTXWeb/public_html/users/models/funcs.php @@ -154,31 +154,59 @@ function resultBlock($errors,$successes){ //Error block if(count($errors) > 0) { - echo "
- [X] -
    "; + echo "
    "; + foreach($errors as $error) { - echo "
  • ".$error."
    • "; + echo "

    ".$error."

    "; } - echo "
"; echo "
"; } //Success block if(count($successes) > 0) { - echo "
- [X] -
    "; + echo "
    "; foreach($successes as $success) { - echo "
  • ".$success."
    • "; + echo "

    ".$success.""; } - echo "

"; echo "
"; } } +function notificationBlock($errors, $successes) { + if (count($errors) > 0 || count($successes) > 0) + { + echo ' +
+
+ Dismiss +
+ +
Notifications
+ '; + + foreach ($errors as $error) + { + echo '

'.$error.'

'; + } + + foreach ($successes as $success) + { + echo '

'.$success.'

'; + } + + echo ' +
+ + '; + } +} + //Completely sanitizes text function sanitize($str) { @@ -285,6 +313,70 @@ function emailUsernameLinked($email,$username) } } +function permissionNameToId($permission) +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("SELECT id + FROM ".$db_table_prefix."permissions + WHERE + name = ? + LIMIT 1"); + $stmt->bind_param("s", $permission); + $stmt->execute(); + $stmt->bind_result($id); + + while ($stmt->fetch()){ + $perm_id = $id; + } + $stmt->close(); + + return $perm_id; +} + +function fetchAllUsersWithPerm($perm_name) +{ + global $mysqli,$db_table_prefix; + + $perm_id = permissionNameToId($perm_name); + $stmt = $mysqli->prepare("SELECT + p1.id + FROM ".$db_table_prefix."users p1 + WHERE EXISTS (SELECT * FROM ".$db_table_prefix."user_permission_matches + WHERE user_id=p1.id AND permission_id=?)" + ); + $stmt->bind_param("i", $perm_id); + $stmt->execute(); + $stmt->bind_result($id); + + while ($stmt->fetch()){ + $row[] = $id; + } + $stmt->close(); + return ($row); +} + +function fetchAllUsersWithoutPerm($perm_name) +{ + global $mysqli,$db_table_prefix; + + $perm_id = permissionNameToId($perm_name); + $stmt = $mysqli->prepare("SELECT + p1.id + FROM ".$db_table_prefix."users p1 + WHERE NOT EXISTS (SELECT * FROM ".$db_table_prefix."user_permission_matches + WHERE user_id=p1.id AND permission_id=?)" + ); + $stmt->bind_param("i", $perm_id); + $stmt->execute(); + $stmt->bind_result($id); + + while ($stmt->fetch()){ + $row[] = $id; + } + $stmt->close(); + return ($row); +} + //Retrieve information for all users function fetchAllUsers() { @@ -313,6 +405,27 @@ function fetchAllUsers() return ($row); } +//Yeah usercake... Fetches the user id from username +function fetchUserId($username) +{ + global $mysqli,$db_table_prefix; + $stmt = $mysqli->prepare("SELECT + id + FROM ".$db_table_prefix."users + WHERE + user_name = ? + LIMIT 1"); + $stmt->bind_param("s", $username); + + $stmt->execute(); + $stmt->bind_result($id); + while ($stmt->fetch()){ + $user_id = $id; + } + $stmt->close(); + return $user_id; +} + //Retrieve complete user information by username, token or ID function fetchUserDetails($username=NULL,$token=NULL, $id=NULL) { @@ -1185,7 +1298,7 @@ function securePage($uri){ return true; } else { - header("Location: account.php"); + header("Location: index.php"); return false; } } diff --git a/testing/MCTXWeb/public_html/users/models/header.php b/testing/MCTXWeb/public_html/users/models/header.php index 239a10a..d74c600 100644 --- a/testing/MCTXWeb/public_html/users/models/header.php +++ b/testing/MCTXWeb/public_html/users/models/header.php @@ -3,36 +3,108 @@ UserCake Version: 2.0.2 http://usercake.com */ -echo " - - + +//Variables to set: +//$custom_header_scripts +//$custom_sidebar + +function startPage() { +global $loggedInUser; + +echo ' + + - - ".$websiteName." - - + MCTX3420 Web Interface + + + + + + + '.$custom_header_scripts.' - "; - -/** - * Make the remainder of the page - */ -function createPage($title) -{ - echo " -
-
-
-

User Managment

-

$title

-
"; - - include("left-nav.php"); - - echo " -
-
"; + + +
+ +
+ + +
+ + +
+ '; + + require_once("left-nav.php"); + if (isUserLoggedIn()) { + echo ' +
+'; } +} //function startPage() + + +function finishPage() { +if (isUserLoggedIn()) { +echo ' +
+ +'; +} + +echo ' +
+
+ + +'; +} + + ?> diff --git a/testing/MCTXWeb/public_html/users/register.php b/testing/MCTXWeb/public_html/users/register.php index 32f1ae1..8a0d6e6 100644 --- a/testing/MCTXWeb/public_html/users/register.php +++ b/testing/MCTXWeb/public_html/users/register.php @@ -40,9 +40,9 @@ if(!empty($_POST)) if(!ctype_alnum($displayname)){ $errors[] = lang("ACCOUNT_DISPLAY_INVALID_CHARACTERS"); } - if(minMaxRange(8,50,$password) && minMaxRange(8,50,$confirm_pass)) + if(minMaxRange(6,50,$password) && minMaxRange(6,50,$confirm_pass)) { - $errors[] = lang("ACCOUNT_PASS_CHAR_LIMIT",array(8,50)); + $errors[] = lang("ACCOUNT_PASS_CHAR_LIMIT",array(6,50)); } else if($password != $confirm_pass) { @@ -81,25 +81,13 @@ if(!empty($_POST)) } require_once("models/header.php"); -echo " - -
-
-
-

UserCake

-

Register

+startPage(); -
"; -include("left-nav.php"); echo " -
- -
"; - -echo resultBlock($errors,$successes); +
User registration
"; echo " -
+

@@ -122,23 +110,26 @@ echo "

+

+

-
-
-
-
- -"; +
"; + +finishPage(); ?> diff --git a/testing/MCTXWeb/public_html/users/resend-activation.php b/testing/MCTXWeb/public_html/users/resend-activation.php deleted file mode 100644 index acbee1b..0000000 --- a/testing/MCTXWeb/public_html/users/resend-activation.php +++ /dev/null @@ -1,166 +0,0 @@ - array("#ACTIVATION-URL","#USERNAME#"), - "subjectStrs" => array($activation_url,$userdetails["display_name"]) - ); - - if(!$mail->newTemplateMsg("resend-activation.txt",$hooks)) - { - $errors[] = lang("MAIL_TEMPLATE_BUILD_ERROR"); - } - else - { - if(!$mail->sendMail($userdetails["email"],"Activate your ".$websiteName." Account")) - { - $errors[] = lang("MAIL_ERROR"); - } - else - { - //Success, user details have been updated in the db now mail this information out. - $successes[] = lang("ACCOUNT_NEW_ACTIVATION_SENT"); - } - } - } - } - } - } - } -} - -//Prevent the user visiting the logged in page if he/she is already logged in -if(isUserLoggedIn()) { header("Location: account.php"); die(); } - -require_once("models/header.php"); - -echo " - -
-
-
-

UserCake

-

Resend Activation

-
"; - -include("left-nav.php"); - -echo " -
-
"; - -echo resultBlock($errors,$successes); - -echo "
"; - -//Show disabled if email activation not required -if(!$emailActivation) -{ - echo lang("FEATURE_DISABLED"); -} -else -{ - echo "
-

- - -

-

- - -

-

- - -

-
"; -} - -echo " -
-
-
-
- -"; - -?> diff --git a/testing/MCTXWeb/public_html/users/user_change_details.php b/testing/MCTXWeb/public_html/users/user_change_details.php new file mode 100644 index 0000000..16c4532 --- /dev/null +++ b/testing/MCTXWeb/public_html/users/user_change_details.php @@ -0,0 +1,169 @@ +email = $userdetails["email"]; + $loggedInUser->user_id = $userdetails["id"]; + $loggedInUser->hash_pw = $userdetails["password"]; + $loggedInUser->title = $userdetails["title"]; + $loggedInUser->displayname = $userdetails["display_name"]; + $loggedInUser->username = $userdetails["user_name"]; + + if(trim($password_new) == "") + { + $errors[] = lang("ACCOUNT_SPECIFY_NEW_PASSWORD"); + } + else if(trim($password_confirm) == "") + { + $errors[] = lang("ACCOUNT_SPECIFY_CONFIRM_PASSWORD"); + } + else if(minMaxRange(6,50,$password_new)) + { + $errors[] = lang("ACCOUNT_NEW_PASSWORD_LENGTH",array(6,50)); + } + else if($password_new != $password_confirm) + { + $errors[] = lang("ACCOUNT_PASS_MISMATCH"); + } + + //End data validation + if(count($errors) == 0) + { + //Also prevent updating if someone attempts to update with the same password + $entered_pass_new = generateHash($password_new,$loggedInUser->hash_pw); + + if($entered_pass_new == $loggedInUser->hash_pw) + { + //Don't update, this fool is trying to update with the same password ¬¬ + $errors[] = lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE"); + } + else + { + //This function will create the new hash and update the hash_pw property. + $loggedInUser->updatePassword($password_new); + $successes[] = lang("ACCOUNT_PASSWORD_UPDATED"); + } + } + } + } + } + } +} + +if (isUserLoggedIn()) +{ + //If not admin, log them out after pw change + if (!$loggedInUser->checkPermission(array(2))) + { + $loggedInUser->userLogOut(); + } +} + +require_once("models/header.php"); +startPage(); + +echo ' +
+
+
Change of password
+
+

+ +

+

+ +

+

+ +

+

+ +

+

+ Forgotten password? +

+

+ +

+
'; + +echo resultBlock($errors,$successes); +echo ' +
+
+ '; + +finishPage(); + +?> diff --git a/testing/MCTXWeb/public_html/users/user_settings.php b/testing/MCTXWeb/public_html/users/user_settings.php deleted file mode 100644 index 12603d0..0000000 --- a/testing/MCTXWeb/public_html/users/user_settings.php +++ /dev/null @@ -1,152 +0,0 @@ -hash_pw); - - if (trim($password) == ""){ - $errors[] = lang("ACCOUNT_SPECIFY_PASSWORD"); - } - else if($entered_pass != $loggedInUser->hash_pw) - { - //No match - $errors[] = lang("ACCOUNT_PASSWORD_INVALID"); - } - if($email != $loggedInUser->email) - { - if(trim($email) == "") - { - $errors[] = lang("ACCOUNT_SPECIFY_EMAIL"); - } - else if(!isValidEmail($email)) - { - $errors[] = lang("ACCOUNT_INVALID_EMAIL"); - } - else if(emailExists($email)) - { - $errors[] = lang("ACCOUNT_EMAIL_IN_USE", array($email)); - } - - //End data validation - if(count($errors) == 0) - { - $loggedInUser->updateEmail($email); - $successes[] = lang("ACCOUNT_EMAIL_UPDATED"); - } - } - - if ($password_new != "" OR $password_confirm != "") - { - if(trim($password_new) == "") - { - $errors[] = lang("ACCOUNT_SPECIFY_NEW_PASSWORD"); - } - else if(trim($password_confirm) == "") - { - $errors[] = lang("ACCOUNT_SPECIFY_CONFIRM_PASSWORD"); - } - else if(minMaxRange(8,50,$password_new)) - { - $errors[] = lang("ACCOUNT_NEW_PASSWORD_LENGTH",array(8,50)); - } - else if($password_new != $password_confirm) - { - $errors[] = lang("ACCOUNT_PASS_MISMATCH"); - } - - //End data validation - if(count($errors) == 0) - { - //Also prevent updating if someone attempts to update with the same password - $entered_pass_new = generateHash($password_new,$loggedInUser->hash_pw); - - if($entered_pass_new == $loggedInUser->hash_pw) - { - //Don't update, this fool is trying to update with the same password ¬¬ - $errors[] = lang("ACCOUNT_PASSWORD_NOTHING_TO_UPDATE"); - } - else - { - //This function will create the new hash and update the hash_pw property. - $loggedInUser->updatePassword($password_new); - $successes[] = lang("ACCOUNT_PASSWORD_UPDATED"); - } - } - } - if(count($errors) == 0 AND count($successes) == 0){ - $errors[] = lang("NOTHING_TO_UPDATE"); - } -} - -require_once("models/header.php"); -echo " - -
-
-
-

UserCake

-

User Settings

-
"; -include("left-nav.php"); - -echo " -
-
"; - -echo resultBlock($errors,$successes); - -echo " -
-
-

- - -

-

- - -

-

- - -

-

- - -

-

- - -

-
-
-
-
-
- -"; - -?>