source: admin/user.php @ 3627:9bccfc2257ad

Visit:

Revision 3627:9bccfc2257ad, 11.5 KB checked in by franck <carnet.franck.paul@…>, 8 years ago (diff)

Use PHP 5.5+ new password functions, closes #2182

Warnings:

$core->auth->crypt($pwd) doesn't return twice the same result for a single $pwd, so if you need this old behaviour use the $core->auth->cryptLegacy($pwd) instead.
$core->auth->checkPassword($pwd) must be used with an uncrypted password string as argument.
if you need a unique UID/key, use http::browserUID(DC_MASTER_KEY.$core->auth->userID().$core->auth->cryptLegacy($core->auth->userID())). (may be refined in future)

Line
1	<?php
2	# -- BEGIN LICENSE BLOCK ---------------------------------------
3	#
4	# This file is part of Dotclear 2.
5	#
6	# Copyright (c) 2003-2013 Olivier Meunier & Association Dotclear
7	# Licensed under the GPL version 2.0 license.
8	# See LICENSE file or
9	# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
10	#
11	# -- END LICENSE BLOCK -----------------------------------------
12
13	require dirname(__FILE__).'/../inc/admin/prepend.php';
14
15	dcPage::checkSuper();
16
17	$page_title = __('New user');
18
19	$user_id = '';
20	$user_super = '';
21	$user_pwd = '';
22	$user_change_pwd = '';
23	$user_name = '';
24	$user_firstname = '';
25	$user_displayname = '';
26	$user_email = '';
27	$user_url = '';
28	$user_lang = $core->auth->getInfo('user_lang');
29	$user_tz = $core->auth->getInfo('user_tz');
30	$user_post_status = '';
31
32	$user_options = $core->userDefaults();
33
34	# Formaters combo
35	$formaters_combo = dcAdminCombos::getFormatersCombo();
36
37	$status_combo = dcAdminCombos::getPostStatusesCombo();
38
39	# Language codes
40	$lang_combo = dcAdminCombos::getAdminLangsCombo();
41
42	# Get user if we have an ID
43	if (!empty($_REQUEST['id']))
44	{
45	try {
46	$rs = $core->getUser($_REQUEST['id']);
47
48	$user_id = $rs->user_id;
49	$user_super = $rs->user_super;
50	$user_pwd = $rs->user_pwd;
51	$user_change_pwd = $rs->user_change_pwd;
52	$user_name = $rs->user_name;
53	$user_firstname = $rs->user_firstname;
54	$user_displayname = $rs->user_displayname;
55	$user_email = $rs->user_email;
56	$user_url = $rs->user_url;
57	$user_lang = $rs->user_lang;
58	$user_tz = $rs->user_tz;
59	$user_post_status = $rs->user_post_status;
60
61	$user_options = array_merge($user_options,$rs->options());
62
63	$page_title = $user_id;
64	} catch (Exception $e) {
65	$core->error->add($e->getMessage());
66	}
67	}
68
69	# Add or update user
70	if (isset($_POST['user_name']))
71	{
72	try
73	{
74	if (empty($_POST['your_pwd']) \|\| !$core->auth->checkPassword($_POST['your_pwd'])) {
75	throw new Exception(__('Password verification failed'));
76	}
77
78	$cur = $core->con->openCursor($core->prefix.'user');
79
80	$cur->user_id = $_POST['user_id'];
81	$cur->user_super = $user_super = !empty($_POST['user_super']) ? 1 : 0;
82	$cur->user_name = $user_name = $_POST['user_name'];
83	$cur->user_firstname = $user_firstname = $_POST['user_firstname'];
84	$cur->user_displayname = $user_displayname = $_POST['user_displayname'];
85	$cur->user_email = $user_email = $_POST['user_email'];
86	$cur->user_url = $user_url = $_POST['user_url'];
87	$cur->user_lang = $user_lang = $_POST['user_lang'];
88	$cur->user_tz = $user_tz = $_POST['user_tz'];
89	$cur->user_post_status = $user_post_status = $_POST['user_post_status'];
90
91	if ($user_id && $cur->user_id == $core->auth->userID() && $core->auth->isSuperAdmin()) {
92	// force super_user to true if current user
93	$cur->user_super = $user_super = true;
94	}
95	if ($core->auth->allowPassChange()) {
96	$cur->user_change_pwd = !empty($_POST['user_change_pwd']) ? 1 : 0;
97	}
98
99	if (!empty($_POST['new_pwd'])) {
100	if ($_POST['new_pwd'] != $_POST['new_pwd_c']) {
101	throw new Exception(__("Passwords don't match"));
102	} else {
103	$cur->user_pwd = $_POST['new_pwd'];
104	}
105	}
106
107	$user_options['post_format'] = $_POST['user_post_format'];
108	$user_options['edit_size'] = (integer) $_POST['user_edit_size'];
109
110	if ($user_options['edit_size'] < 1) {
111	$user_options['edit_size'] = 10;
112	}
113
114	$cur->user_options = new ArrayObject($user_options);
115
116	# Udate user
117	if ($user_id)
118	{
119	# --BEHAVIOR-- adminBeforeUserUpdate
120	$core->callBehavior('adminBeforeUserUpdate',$cur,$user_id);
121
122	$new_id = $core->updUser($user_id,$cur);
123
124	# --BEHAVIOR-- adminAfterUserUpdate
125	$core->callBehavior('adminAfterUserUpdate',$cur,$new_id);
126
127	if ($user_id == $core->auth->userID() &&
128	$user_id != $new_id) {
129	$core->session->destroy();
130	}
131
132	dcPage::addSuccessNotice(__('User has been successfully updated.'));
133	$core->adminurl->redirect("admin.user",array('id' => $new_id));
134	}
135	# Add user
136	else
137	{
138	if ($core->getUsers(array('user_id' => $cur->user_id),true)->f(0) > 0) {
139	throw new Exception(sprintf(__('User "%s" already exists.'),html::escapeHTML($cur->user_id)));
140	}
141
142	# --BEHAVIOR-- adminBeforeUserCreate
143	$core->callBehavior('adminBeforeUserCreate',$cur);
144
145	$new_id = $core->addUser($cur);
146
147	# --BEHAVIOR-- adminAfterUserCreate
148	$core->callBehavior('adminAfterUserCreate',$cur,$new_id);
149
150	dcPage::addSuccessNotice(__('User has been successfully created.'));
151	if (!empty($_POST['saveplus'])) {
152	$core->adminurl->redirect("admin.user");
153	} else {
154	$core->adminurl->redirect("admin.user",array('id' => $new_id));
155	}
156	}
157	}
158	catch (Exception $e)
159	{
160	$core->error->add($e->getMessage());
161	}
162	}
163
164
165	/* DISPLAY
166	-------------------------------------------------------- */
167	dcPage::open($page_title,
168	dcPage::jsConfirmClose('user-form').
169	dcPage::jsLoad('js/jquery/jquery.pwstrength.js').
170	'<script type="text/javascript">'."\n".
171	"\$(function() {\n".
172	" \$('#new_pwd').pwstrength({texts: ['".
173	sprintf(__('Password strength: %s'),__('very weak'))."', '".
174	sprintf(__('Password strength: %s'),__('weak'))."', '".
175	sprintf(__('Password strength: %s'),__('mediocre'))."', '".
176	sprintf(__('Password strength: %s'),__('strong'))."', '".
177	sprintf(__('Password strength: %s'),__('very strong'))."']});\n".
178	"});\n".
179	"</script>\n".
180
181	# --BEHAVIOR-- adminUserHeaders
182	$core->callBehavior('adminUserHeaders'),
183
184	dcPage::breadcrumb(
185	array(
186	__('System') => '',
187	__('Users') => $core->adminurl->get("admin.users"),
188	$page_title => ''
189	))
190	);
191
192	if (!empty($_GET['upd'])) {
193	dcPage::success(__('User has been successfully updated.'));
194	}
195
196	if (!empty($_GET['add'])) {
197	dcPage::success(__('User has been successfully created.'));
198	}
199
200	echo
201	'<form action="'.$core->adminurl->get("admin.user").'" method="post" id="user-form">'.
202	'<div class="two-cols">'.
203
204	'<div class="col">'.
205	'<h3>'.__('User profile').'</h3>'.
206
207	'<p><label for="user_id" class="required"><abbr title="'.__('Required field').'">*</abbr> '.__('User ID:').'</label> '.
208	form::field('user_id',20,255,html::escapeHTML($user_id)).
209	'</p>'.
210	'<p class="form-note info">'.__('At least 2 characters using letters, numbers or symbols.').'</p>';
211
212	if ($user_id == $core->auth->userID()) {
213	echo
214	'<p class="warning">'.__('Warning:').' '.
215	__('If you change your username, you will have to log in again.').'</p>';
216	}
217
218	echo
219	'<div class="pw-table">'.
220	'<p class="pw-cell">'.
221	'<label for="new_pwd" '.($user_id != '' ? '' : 'class="required"').'>'.
222	($user_id != '' ? '' : '<abbr title="'.__('Required field').'">*</abbr> ').
223	($user_id != '' ? __('New password:') : __('Password:')).'</label>'.
224	form::password('new_pwd',20,255,'','','',false,' data-indicator="pwindicator" ').
225	'</p>'.
226	'<div id="pwindicator">'.
227	' <div class="bar"></div>'.
228	' <p class="label no-margin"></p>'.
229	'</div>'.
230	'</div>'.
231	'<p class="form-note info">'.__('Password must contain at least 6 characters.').'</p>'.
232
233	'<p><label for="new_pwd_c" '.($user_id != '' ? '' : 'class="required"').'>'.
234	($user_id != '' ? '' : '<abbr title="'.__('Required field').'">*</abbr> ').__('Confirm password:').'</label> '.
235	form::password('new_pwd_c',20,255).
236	'</p>';
237
238	if ($core->auth->allowPassChange()) {
239	echo
240	'<p><label for="user_change_pwd" class="classic">'.
241	form::checkbox('user_change_pwd','1',$user_change_pwd).' '.
242	__('Password change required to connect').'</label></p>';
243	}
244
245	$super_disabled = $user_super && $user_id == $core->auth->userID();
246
247	echo
248	'<p><label for="user_super" class="classic">'.
249	form::checkbox(($super_disabled ? 'user_super_off' : 'user_super'),'1',$user_super,'','',$super_disabled).
250	' '.__('Super administrator').'</label></p>'.
251	($super_disabled ? form::hidden(array('user_super'),$user_super) : '').
252
253	'<p><label for="user_name">'.__('Last Name:').'</label> '.
254	form::field('user_name',20,255,html::escapeHTML($user_name)).
255	'</p>'.
256
257	'<p><label for="user_firstname">'.__('First Name:').'</label> '.
258	form::field('user_firstname',20,255,html::escapeHTML($user_firstname)).
259	'</p>'.
260
261	'<p><label for="user_displayname">'.__('Display name:').'</label> '.
262	form::field('user_displayname',20,255,html::escapeHTML($user_displayname)).
263	'</p>'.
264
265	'<p><label for="user_email">'.__('Email:').'</label> '.
266	form::field('user_email',20,255,html::escapeHTML($user_email)).
267	'</p>'.
268	'<p class="form-note">'.__('Mandatory for password recovering procedure.').'</p>'.
269
270	'<p><label for="user_url">'.__('URL:').'</label> '.
271	form::field('user_url',30,255,html::escapeHTML($user_url)).
272	'</p>'.
273	'</div>'.
274
275	'<div class="col">'.
276	'<h3>'.__('Options').'</h3>'.
277	'<h4>'.__('Interface').'</h4>'.
278	'<p><label for="user_lang">'.__('Language:').'</label> '.
279	form::combo('user_lang',$lang_combo,$user_lang,'l10n').
280	'</p>'.
281
282	'<p><label for="user_tz">'.__('Timezone:').'</label> '.
283	form::combo('user_tz',dt::getZones(true,true),$user_tz).
284	'</p>'.
285
286	'<h4>'.__('Edition').'</h4>'.
287	'<p><label for="user_post_format">'.__('Preferred format:').'</label> '.
288	form::combo('user_post_format',$formaters_combo,$user_options['post_format']).
289	'</p>'.
290
291	'<p><label for="user_post_status">'.__('Default entry status:').'</label> '.
292	form::combo('user_post_status',$status_combo,$user_post_status).
293	'</p>'.
294
295	'<p><label for="user_edit_size">'.__('Entry edit field height:').'</label> '.
296	form::field('user_edit_size',5,4,(integer) $user_options['edit_size']).
297	'</p>';
298
299	# --BEHAVIOR-- adminUserForm
300	$core->callBehavior('adminUserForm',isset($rs) ? $rs : null);
301
302	echo
303	'</div>'.
304	'</div>';
305
306
307	echo
308	'<p class="clear vertical-separator"><label for="your_pwd" class="required">'.
309	'<abbr title="'.__('Required field').'">*</abbr> '.__('Your password:').'</label>'.
310	form::password('your_pwd',20,255).'</p>'.
311	'<p class="clear"><input type="submit" name="save" accesskey="s" value="'.__('Save').'" />'.
312	($user_id != '' ? '' : ' <input type="submit" name="saveplus" value="'.__('Save and create another').'" />').
313	($user_id != '' ? form::hidden('id',$user_id) : '').
314	$core->formNonce().
315	'</p>'.
316
317	'</form>';
318
319	if ($user_id)
320	{
321	echo '<div class="clear fieldset">'.
322	'<h3>'.__('Permissions').'</h3>';
323
324	if (!$user_super)
325	{
326	echo
327	'<form action="'.$core->adminurl->get("admin.user.actions").'" method="post">'.
328	'<p><input type="submit" value="'.__('Add new permissions').'" />'.
329	form::hidden(array('redir'),$core->adminurl->get("admin.user",array('id' => $user_id))).
330	form::hidden(array('action'),'blogs').
331	form::hidden(array('users[]'),$user_id).
332	$core->formNonce().
333	'</p>'.
334	'</form>';
335
336	$permissions = $core->getUserPermissions($user_id);
337	$perm_types = $core->auth->getPermissionsTypes();
338
339	if (count($permissions) == 0)
340	{
341	echo '<p>'.__('No permissions so far.').'</p>';
342	}
343	else
344	{
345	foreach ($permissions as $k => $v)
346	{
347	if (count($v['p']) > 0)
348	{
349	echo
350	'<form action="'.$core->adminurl->get("admin.user.actions").'" method="post" class="perm-block">'.
351	'<p class="blog-perm">'.__('Blog:').' <a href="'.
352	$core->adminurl->get("admin.blog",array('id' => html::escapeHTML($k))).'">'.
353	html::escapeHTML($v['name']).'</a> ('.html::escapeHTML($k).')</p>';
354
355	echo '<ul class="ul-perm">';
356	foreach ($v['p'] as $p => $V) {
357	if (isset($perm_types[$p])) {
358	echo '<li>'.__($perm_types[$p]).'</li>';
359	}
360	}
361	echo
362	'</ul>'.
363	'<p class="add-perm"><input type="submit" class="reset" value="'.__('Change permissions').'" />'.
364	form::hidden(array('redir'),$core->adminurl->get("admin.user",array('id' => $user_id))).
365	form::hidden(array('action'),'perms').
366	form::hidden(array('users[]'),$user_id).
367	form::hidden(array('blogs[]'),$k).
368	$core->formNonce().
369	'</p>'.
370	'</form>';
371	}
372	}
373	}
374
375	}
376	else {
377	echo '<p>'.sprintf(__('%s is super admin (all rights on all blogs).'),'<strong>'.$user_id.'</strong>').'</p>';
378	}
379	echo '</div>';
380	}
381
382	dcPage::helpBlock('core_user');
383	dcPage::close();

Note: See TracBrowser for help on using the repository browser.

Dotclear

Context Navigation

source: admin/user.php @ 3627:9bccfc2257ad

Download in other formats:

Sites map