source: admin/user.php @ 1583:cbb6d70613a0

Visit:

Revision 1583:cbb6d70613a0, 10.9 KB checked in by Lepeltier kévin, 12 years ago (diff)
Ticket #1453 : Indiquer le niveau de sécurité des mots de passe lors de l'installation et sur "Informations utilisateur".

Rev	Line
[175]	1	<?php
	2	# -- BEGIN LICENSE BLOCK ---------------------------------------
	3	#
	4	# This file is part of Dotclear 2.
	5	#
[1179]	6	# Copyright (c) 2003-2013 Olivier Meunier & Association Dotclear
[175]	7	# Licensed under the GPL version 2.0 license.
	8	# See LICENSE file or
	9	# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
	10	#
	11	# -- END LICENSE BLOCK -----------------------------------------
	12
	13	require dirname(__FILE__).'/../inc/admin/prepend.php';
	14
	15	dcPage::checkSuper();
	16
	17	$page_title = __('new user');
	18
	19	$user_id = '';
	20	$user_super = '';
	21	$user_pwd = '';
	22	$user_change_pwd = '';
	23	$user_name = '';
	24	$user_firstname = '';
	25	$user_displayname = '';
	26	$user_email = '';
	27	$user_url = '';
	28	$user_lang = $core->auth->getInfo('user_lang');
	29	$user_tz = $core->auth->getInfo('user_tz');
	30	$user_post_status = '';
	31
	32	$user_options = $core->userDefaults();
	33
	34	foreach ($core->getFormaters() as $v) {
	35	$formaters_combo[$v] = $v;
	36	}
	37
	38	foreach ($core->blog->getAllPostStatus() as $k => $v) {
	39	$status_combo[$v] = $k;
	40	}
	41
	42	# Language codes
	43	$langs = l10n::getISOcodes(1,1);
	44	foreach ($langs as $k => $v) {
	45	$lang_avail = $v == 'en' \|\| is_dir(DC_L10N_ROOT.'/'.$v);
	46	$lang_combo[] = new formSelectOption($k,$v,$lang_avail ? 'avail10n' : '');
	47	}
	48
	49	# Get user if we have an ID
	50	if (!empty($_REQUEST['id']))
	51	{
	52	try {
	53	$rs = $core->getUser($_REQUEST['id']);
	54
	55	$user_id = $rs->user_id;
	56	$user_super = $rs->user_super;
	57	$user_pwd = $rs->user_pwd;
	58	$user_change_pwd = $rs->user_change_pwd;
	59	$user_name = $rs->user_name;
	60	$user_firstname = $rs->user_firstname;
	61	$user_displayname = $rs->user_displayname;
	62	$user_email = $rs->user_email;
	63	$user_url = $rs->user_url;
	64	$user_lang = $rs->user_lang;
	65	$user_tz = $rs->user_tz;
	66	$user_post_status = $rs->user_post_status;
	67
	68	$user_options = array_merge($user_options,$rs->options());
	69
	70	$page_title = $user_id;
	71	} catch (Exception $e) {
	72	$core->error->add($e->getMessage());
	73	}
	74	}
	75
	76	# Add or update user
	77	if (isset($_POST['user_name']))
	78	{
	79	try
	80	{
	81	if (empty($_POST['your_pwd']) \|\| !$core->auth->checkPassword(crypt::hmac(DC_MASTER_KEY,$_POST['your_pwd']))) {
	82	throw new Exception(__('Password verification failed'));
	83	}
	84
	85	$cur = $core->con->openCursor($core->prefix.'user');
	86
	87	$cur->user_id = $_POST['user_id'];
	88	$cur->user_super = $user_super = !empty($_POST['user_super']) ? 1 : 0;
	89	$cur->user_name = $user_name = $_POST['user_name'];
	90	$cur->user_firstname = $user_firstname = $_POST['user_firstname'];
	91	$cur->user_displayname = $user_displayname = $_POST['user_displayname'];
	92	$cur->user_email = $user_email = $_POST['user_email'];
	93	$cur->user_url = $user_url = $_POST['user_url'];
	94	$cur->user_lang = $user_lang = $_POST['user_lang'];
	95	$cur->user_tz = $user_tz = $_POST['user_tz'];
	96	$cur->user_post_status = $user_post_status = $_POST['user_post_status'];
	97
[313]	98	if ($cur->user_id == $core->auth->userID() && $core->auth->isSuperAdmin()) {
	99	// force super_user to true if current user
	100	$cur->user_super = $user_super = true;
	101	}
[175]	102	if ($core->auth->allowPassChange()) {
	103	$cur->user_change_pwd = !empty($_POST['user_change_pwd']) ? 1 : 0;
	104	}
	105
	106	if (!empty($_POST['new_pwd'])) {
	107	if ($_POST['new_pwd'] != $_POST['new_pwd_c']) {
	108	throw new Exception(__("Passwords don't match"));
	109	} else {
	110	$cur->user_pwd = $_POST['new_pwd'];
	111	}
	112	}
	113
	114	$user_options['post_format'] = $_POST['user_post_format'];
	115	$user_options['edit_size'] = (integer) $_POST['user_edit_size'];
	116
	117	if ($user_options['edit_size'] < 1) {
	118	$user_options['edit_size'] = 10;
	119	}
	120
	121	$cur->user_options = new ArrayObject($user_options);
	122
	123	# Udate user
	124	if ($user_id)
	125	{
	126	# --BEHAVIOR-- adminBeforeUserUpdate
	127	$core->callBehavior('adminBeforeUserUpdate',$cur,$user_id);
	128
	129	$new_id = $core->updUser($user_id,$cur);
	130
	131	# --BEHAVIOR-- adminAfterUserUpdate
	132	$core->callBehavior('adminAfterUserUpdate',$cur,$new_id);
	133
	134	if ($user_id == $core->auth->userID() &&
	135	$user_id != $new_id) {
	136	$core->session->destroy();
	137	}
	138
	139	http::redirect('user.php?id='.$new_id.'&upd=1');
	140	}
	141	# Add user
	142	else
	143	{
	144	if ($core->getUsers(array('user_id' => $cur->user_id),true)->f(0) > 0) {
	145	throw new Exception(sprintf(__('User "%s" already exists.'),html::escapeHTML($cur->user_id)));
	146	}
	147
	148	# --BEHAVIOR-- adminBeforeUserCreate
	149	$core->callBehavior('adminBeforeUserCreate',$cur);
	150
	151	$new_id = $core->addUser($cur);
	152
	153	# --BEHAVIOR-- adminAfterUserCreate
	154	$core->callBehavior('adminAfterUserCreate',$cur,$new_id);
	155
[547]	156	if (!empty($_POST['saveplus'])) {
	157	http::redirect('user.php?add=1');
	158	} else {
	159	http::redirect('user.php?id='.$new_id.'&add=1');
	160	}
[175]	161	}
	162	}
	163	catch (Exception $e)
	164	{
	165	$core->error->add($e->getMessage());
	166	}
	167	}
	168
	169
	170	/* DISPLAY
	171	-------------------------------------------------------- */
	172	dcPage::open($page_title,
	173	dcPage::jsConfirmClose('user-form').
[1583]	174	dcPage::jsLoad('js/jquery/jquery.pwstrength.js').
	175	'<script type="text/javascript">'."\n".
	176	"//<![CDATA[\n".
	177	"\$(function() {\n".
	178	" \$('#new_pwd').pwstrength({texts: ['".
	179	sprintf(__('Password strength: %s'),__('very weak'))."', '".
	180	sprintf(__('Password strength: %s'),__('weak'))."', '".
	181	sprintf(__('Password strength: %s'),__('mediocre'))."', '".
	182	sprintf(__('Password strength: %s'),__('strong'))."', '".
	183	sprintf(__('Password strength: %s'),__('very strong'))."']});\n".
	184	"});\n".
	185	"\n//]]>\n".
	186	"</script>\n".
[175]	187
	188	# --BEHAVIOR-- adminUserHeaders
	189	$core->callBehavior('adminUserHeaders')
	190	);
	191
	192	if (!empty($_GET['upd'])) {
[907]	193	dcPage::message(__('User has been successfully updated.'));
[175]	194	}
	195
	196	if (!empty($_GET['add'])) {
[907]	197	dcPage::message(__('User has been successfully created.'));
[175]	198	}
	199
[501]	200	echo '<h2><a href="users.php">'.__('Users').'</a> &rsaquo; <span class="page-title">'.$page_title.'</span></h2>';
[175]	201
	202	if ($user_id == $core->auth->userID()) {
	203	echo
	204	'<p class="warning">'.__('Warning:').' '.
	205	__('If you change your username, you will have to log in again.').'</p>';
	206	}
	207
	208	echo
	209	'<form action="user.php" method="post" id="user-form">'.
	210	'<fieldset><legend>'.__('User information').'</legend>'.
	211	'<div class="two-cols">'.
	212	'<div class="col">'.
	213	'<p><label for="user_id" class="required"><abbr title="'.__('Required field').'">*</abbr> '.__('Username:').' '.
[454]	214	form::field('user_id',20,255,html::escapeHTML($user_id)).
[175]	215	'</label></p>'.
	216	'<p class="form-note">'.__('At least 2 characters using letters, numbers or symbols.').'</p>'.
	217
[1583]	218	'<div class="pw-table">'.
	219	'<p class="pw-cell">'.
	220	'<label for="new_pwd" '.($user_id != '' ? '' : 'class="required"').'>'.
	221	($user_id != '' ? '' : '<abbr title="'.__('Required field').'">*</abbr> ').
	222	($user_id != '' ? __('New password:') : __('Password:')).'</label>'.
	223	form::password('new_pwd',20,255,'','','',false,' data-indicator="pwindicator" ').
	224	'</p>'.
	225	'<div id="pwindicator">'.
	226	' <div class="bar"></div>'.
	227	' <p class="label no-margin"></p>'.
	228	'</div>'.
	229	'</div>'.
[181]	230	'<p class="form-note">'.__('Password must contain at least 6 characters.').'</p>'.
[175]	231
[177]	232	'<p><label for="new_pwd_c" '.($user_id != '' ? '' : 'class="required"').'>'.
	233	($user_id != '' ? '' : '<abbr title="'.__('Required field').'">*</abbr> ').__('Confirm password:').' '.
[454]	234	form::password('new_pwd_c',20,255).
[175]	235	'</label></p>'.
	236
	237	'<p><label for="user_name">'.__('Last Name:').' '.
[454]	238	form::field('user_name',20,255,html::escapeHTML($user_name)).
[175]	239	'</label></p>'.
	240
	241	'<p><label for="user_firstname">'.__('First Name:').' '.
[454]	242	form::field('user_firstname',20,255,html::escapeHTML($user_firstname)).
[175]	243	'</label></p>'.
	244
	245	'<p><label for="user_displayname">'.__('Display name:').' '.
[454]	246	form::field('user_displayname',20,255,html::escapeHTML($user_displayname)).
[175]	247	'</label></p>'.
	248
	249	'<p><label for="user_email">'.__('Email:').' '.
[454]	250	form::field('user_email',20,255,html::escapeHTML($user_email)).
[175]	251	'</label></p>'.
[479]	252	'<p class="form-note">'.__('Mandatory for password recovering procedure.').'</p>'.
[175]	253	'</div>'.
	254
	255	'<div class="col">'.
	256	'<p><label for="user_url">'.__('URL:').' '.
[454]	257	form::field('user_url',30,255,html::escapeHTML($user_url)).
[175]	258	'</label></p>'.
	259	'<p><label for="user_post_format">'.__('Preferred format:').' '.
[454]	260	form::combo('user_post_format',$formaters_combo,$user_options['post_format']).
[175]	261	'</label></p>'.
	262
	263	'<p><label for="user_post_status">'.__('Default entry status:').' '.
[454]	264	form::combo('user_post_status',$status_combo,$user_post_status).
[175]	265	'</label></p>'.
	266
[230]	267	'<p><label for="user_edit_size">'.__('Entry edit field height:').' '.
[454]	268	form::field('user_edit_size',5,4,(integer) $user_options['edit_size']).
[175]	269	'</label></p>'.
	270
[230]	271	'<p><label for="user_lang">'.__('User language:').' '.
[454]	272	form::combo('user_lang',$lang_combo,$user_lang,'l10n').
[175]	273	'</label></p>'.
	274
	275	'<p><label for="user_tz">'.__('User timezone:').' '.
[454]	276	form::combo('user_tz',dt::getZones(true,true),$user_tz).
[175]	277	'</label></p>';
	278
	279	if ($core->auth->allowPassChange()) {
	280	echo
	281	'<p><label for="user_change_pwd" class="classic">'.
[454]	282	form::checkbox('user_change_pwd','1',$user_change_pwd).' '.
[175]	283	__('Password change required to connect').'</label></p>';
	284	}
	285
[313]	286	$super_disabled = $user_super && $user_id == $core->auth->userID();
	287
[175]	288	echo
[454]	289	'<p><label for="user_super" class="classic">'.form::checkbox('user_super','1',$user_super,'','',$super_disabled).' '.
[175]	290	__('Super administrator').'</label></p>'.
	291	'</div>'.
	292	'</div>'.
	293	'</fieldset>';
	294
	295	# --BEHAVIOR-- adminUserForm
	296	$core->callBehavior('adminUserForm',isset($rs) ? $rs : null);
	297
	298	echo
[177]	299	'<p><label for="your_pwd" '.($user_id != '' ? '' : 'class="required"').'>'.
	300	($user_id != '' ? '' : '<abbr title="'.__('Required field').'">*</abbr> ').__('Your password:').
[454]	301	form::password('your_pwd',20,255).'</label></p>'.
[547]	302	'<p class="clear"><input type="submit" name="save" accesskey="s" value="'.__('Save').'" />'.
	303	($user_id != '' ? '' : ' <input type="submit" name="saveplus" value="'.__('Save and create another').'" />').
[175]	304	($user_id != '' ? form::hidden('id',$user_id) : '').
	305	$core->formNonce().
	306	'</p>'.
	307
	308	'</form>';
	309
	310	if ($user_id)
	311	{
[860]	312	echo '<div class="clear fieldset"><h3>'.__('Permissions').'</h3>'.
	313	'<form action="users_actions.php" method="post">'.
	314	'<p><input type="submit" value="'.__('Add new permissions').'" />'.
	315	form::hidden(array('redir'),'user.php?id='.$user_id).
	316	form::hidden(array('action'),'blogs').
	317	form::hidden(array('users[]'),$user_id).
	318	$core->formNonce().
	319	'</p>'.
	320	'</form>';
[175]	321
	322	$permissions = $core->getUserPermissions($user_id);
	323	$perm_types = $core->auth->getPermissionsTypes();
	324
	325	if (count($permissions) == 0)
	326	{
	327	echo '<p>'.__('No permissions.').'</p>';
	328	}
	329	else
	330	{
	331	foreach ($permissions as $k => $v)
	332	{
	333	if (count($v['p']) > 0)
	334	{
[860]	335	echo
	336	'<form action="users_actions.php" method="post">'.
	337	'<h4><a href="blog.php?id='.html::escapeHTML($k).'">'.
	338	html::escapeHTML($v['name']).'</a> ('.html::escapeHTML($k).')</h4>';
[175]	339
	340	echo '<ul>';
	341	foreach ($v['p'] as $p => $V) {
	342	if (isset($perm_types[$p])) {
	343	echo '<li>'.__($perm_types[$p]).'</li>';
	344	}
	345	}
[860]	346	echo '</ul>'.
	347	'<p><input type="submit" value="'.__('Change permissions').'" />'.
	348	form::hidden(array('redir'),'user.php?id='.$user_id).
	349	form::hidden(array('action'),'perms').
	350	form::hidden(array('users[]'),$user_id).
	351	form::hidden(array('blogs[]'),$k).
	352	$core->formNonce().
	353	'</p>'.
	354	'</form>';
[175]	355	}
	356	}
	357	}
	358
[860]	359	echo '</div>';
[175]	360	}
	361
	362	dcPage::helpBlock('core_user');
	363	dcPage::close();
[0]	364	?>

Note: See TracBrowser for help on using the repository browser.

Dotclear

Context Navigation

source: admin/user.php @ 1583:cbb6d70613a0

Download in other formats:

Sites map