source: admin/user.php @ 3036:7ed4286c8013

Visit:

Revision 3036:7ed4286c8013, 11.4 KB checked in by franck <carnet.franck.paul@…>, 10 years ago (diff)
Centralizes crypt function of pwd in class.Dotclear.auth.php, closes #1923

Line
1	<?php
2	# -- BEGIN LICENSE BLOCK ---------------------------------------
3	#
4	# This file is part of Dotclear 2.
5	#
6	# Copyright (c) 2003-2013 Olivier Meunier & Association Dotclear
7	# Licensed under the GPL version 2.0 license.
8	# See LICENSE file or
9	# http://www.gnu.org/licenses/old-licenses/gpl-2.0.html
10	#
11	# -- END LICENSE BLOCK -----------------------------------------
12
13	require dirname(__FILE__).'/../inc/admin/prepend.php';
14
15	dcPage::checkSuper();
16
17	$page_title = __('New user');
18
19	$user_id = '';
20	$user_super = '';
21	$user_pwd = '';
22	$user_change_pwd = '';
23	$user_name = '';
24	$user_firstname = '';
25	$user_displayname = '';
26	$user_email = '';
27	$user_url = '';
28	$user_lang = $core->auth->getInfo('user_lang');
29	$user_tz = $core->auth->getInfo('user_tz');
30	$user_post_status = '';
31
32	$user_options = $core->userDefaults();
33
34	# Formaters combo
35	$formaters_combo = dcAdminCombos::getFormatersCombo();
36
37	$status_combo = dcAdminCombos::getPostStatusesCombo();
38
39	# Language codes
40	$lang_combo = dcAdminCombos::getAdminLangsCombo();
41
42	# Get user if we have an ID
43	if (!empty($_REQUEST['id']))
44	{
45	try {
46	$rs = $core->getUser($_REQUEST['id']);
47
48	$user_id = $rs->user_id;
49	$user_super = $rs->user_super;
50	$user_pwd = $rs->user_pwd;
51	$user_change_pwd = $rs->user_change_pwd;
52	$user_name = $rs->user_name;
53	$user_firstname = $rs->user_firstname;
54	$user_displayname = $rs->user_displayname;
55	$user_email = $rs->user_email;
56	$user_url = $rs->user_url;
57	$user_lang = $rs->user_lang;
58	$user_tz = $rs->user_tz;
59	$user_post_status = $rs->user_post_status;
60
61	$user_options = array_merge($user_options,$rs->options());
62
63	$page_title = $user_id;
64	} catch (Exception $e) {
65	$core->error->add($e->getMessage());
66	}
67	}
68
69	# Add or update user
70	if (isset($_POST['user_name']))
71	{
72	try
73	{
74	if (empty($_POST['your_pwd']) \|\| !$core->auth->checkPassword($core->auth->crypt($_POST['your_pwd']))) {
75	throw new Exception(__('Password verification failed'));
76	}
77
78	$cur = $core->con->openCursor($core->prefix.'user');
79
80	$cur->user_id = $_POST['user_id'];
81	$cur->user_super = $user_super = !empty($_POST['user_super']) ? 1 : 0;
82	$cur->user_name = $user_name = $_POST['user_name'];
83	$cur->user_firstname = $user_firstname = $_POST['user_firstname'];
84	$cur->user_displayname = $user_displayname = $_POST['user_displayname'];
85	$cur->user_email = $user_email = $_POST['user_email'];
86	$cur->user_url = $user_url = $_POST['user_url'];
87	$cur->user_lang = $user_lang = $_POST['user_lang'];
88	$cur->user_tz = $user_tz = $_POST['user_tz'];
89	$cur->user_post_status = $user_post_status = $_POST['user_post_status'];
90
91	if ($cur->user_id == $core->auth->userID() && $core->auth->isSuperAdmin()) {
92	// force super_user to true if current user
93	$cur->user_super = $user_super = true;
94	}
95	if ($core->auth->allowPassChange()) {
96	$cur->user_change_pwd = !empty($_POST['user_change_pwd']) ? 1 : 0;
97	}
98
99	if (!empty($_POST['new_pwd'])) {
100	if ($_POST['new_pwd'] != $_POST['new_pwd_c']) {
101	throw new Exception(__("Passwords don't match"));
102	} else {
103	$cur->user_pwd = $_POST['new_pwd'];
104	}
105	}
106
107	$user_options['post_format'] = $_POST['user_post_format'];
108	$user_options['edit_size'] = (integer) $_POST['user_edit_size'];
109
110	if ($user_options['edit_size'] < 1) {
111	$user_options['edit_size'] = 10;
112	}
113
114	$cur->user_options = new ArrayObject($user_options);
115
116	# Udate user
117	if ($user_id)
118	{
119	# --BEHAVIOR-- adminBeforeUserUpdate
120	$core->callBehavior('adminBeforeUserUpdate',$cur,$user_id);
121
122	$new_id = $core->updUser($user_id,$cur);
123
124	# --BEHAVIOR-- adminAfterUserUpdate
125	$core->callBehavior('adminAfterUserUpdate',$cur,$new_id);
126
127	if ($user_id == $core->auth->userID() &&
128	$user_id != $new_id) {
129	$core->session->destroy();
130	}
131
132	dcPage::addSuccessNotice(__('User has been successfully updated.'));
133	$core->adminurl->redirect("admin.user",array('id' => $new_id));
134	}
135	# Add user
136	else
137	{
138	if ($core->getUsers(array('user_id' => $cur->user_id),true)->f(0) > 0) {
139	throw new Exception(sprintf(__('User "%s" already exists.'),html::escapeHTML($cur->user_id)));
140	}
141
142	# --BEHAVIOR-- adminBeforeUserCreate
143	$core->callBehavior('adminBeforeUserCreate',$cur);
144
145	$new_id = $core->addUser($cur);
146
147	# --BEHAVIOR-- adminAfterUserCreate
148	$core->callBehavior('adminAfterUserCreate',$cur,$new_id);
149
150	dcPage::addSuccessNotice(__('User has been successfully created.'));
151	if (!empty($_POST['saveplus'])) {
152	$core->adminurl->redirect("admin.user");
153	} else {
154	$core->adminurl->redirect("admin.user",array('id' => $new_id));
155	}
156	}
157	}
158	catch (Exception $e)
159	{
160	$core->error->add($e->getMessage());
161	}
162	}
163
164
165	/* DISPLAY
166	-------------------------------------------------------- */
167	dcPage::open($page_title,
168	dcPage::jsConfirmClose('user-form').
169	dcPage::jsLoad('js/jquery/jquery.pwstrength.js').
170	'<script type="text/javascript">'."\n".
171	"//<![CDATA[\n".
172	"\$(function() {\n".
173	" \$('#new_pwd').pwstrength({texts: ['".
174	sprintf(__('Password strength: %s'),__('very weak'))."', '".
175	sprintf(__('Password strength: %s'),__('weak'))."', '".
176	sprintf(__('Password strength: %s'),__('mediocre'))."', '".
177	sprintf(__('Password strength: %s'),__('strong'))."', '".
178	sprintf(__('Password strength: %s'),__('very strong'))."']});\n".
179	"});\n".
180	"\n//]]>\n".
181	"</script>\n".
182
183	# --BEHAVIOR-- adminUserHeaders
184	$core->callBehavior('adminUserHeaders'),
185
186	dcPage::breadcrumb(
187	array(
188	__('System') => '',
189	__('Users') => $core->adminurl->get("admin.users"),
190	$page_title => ''
191	))
192	);
193
194	if (!empty($_GET['upd'])) {
195	dcPage::success(__('User has been successfully updated.'));
196	}
197
198	if (!empty($_GET['add'])) {
199	dcPage::success(__('User has been successfully created.'));
200	}
201
202	echo
203	'<form action="'.$core->adminurl->get("admin.user").'" method="post" id="user-form">'.
204	'<div class="two-cols">'.
205
206	'<div class="col">'.
207	'<h3>'.__('User profile').'</h3>'.
208
209	'<p><label for="user_id" class="required"><abbr title="'.__('Required field').'">*</abbr> '.__('User ID:').'</label> '.
210	form::field('user_id',20,255,html::escapeHTML($user_id)).
211	'</p>'.
212	'<p class="form-note">'.__('At least 2 characters using letters, numbers or symbols.').'</p>';
213
214	if ($user_id == $core->auth->userID()) {
215	echo
216	'<p class="warning">'.__('Warning:').' '.
217	__('If you change your username, you will have to log in again.').'</p>';
218	}
219
220	echo
221	'<div class="pw-table">'.
222	'<p class="pw-cell">'.
223	'<label for="new_pwd" '.($user_id != '' ? '' : 'class="required"').'>'.
224	($user_id != '' ? '' : '<abbr title="'.__('Required field').'">*</abbr> ').
225	($user_id != '' ? __('New password:') : __('Password:')).'</label>'.
226	form::password('new_pwd',20,255,'','','',false,' data-indicator="pwindicator" ').
227	'</p>'.
228	'<div id="pwindicator">'.
229	' <div class="bar"></div>'.
230	' <p class="label no-margin"></p>'.
231	'</div>'.
232	'</div>'.
233	'<p class="form-note">'.__('Password must contain at least 6 characters.').'</p>'.
234
235	'<p><label for="new_pwd_c" '.($user_id != '' ? '' : 'class="required"').'>'.
236	($user_id != '' ? '' : '<abbr title="'.__('Required field').'">*</abbr> ').__('Confirm password:').'</label> '.
237	form::password('new_pwd_c',20,255).
238	'</p>';
239
240	if ($core->auth->allowPassChange()) {
241	echo
242	'<p><label for="user_change_pwd" class="classic">'.
243	form::checkbox('user_change_pwd','1',$user_change_pwd).' '.
244	__('Password change required to connect').'</label></p>';
245	}
246
247	$super_disabled = $user_super && $user_id == $core->auth->userID();
248	echo
249	'<p><label for="user_super" class="classic">'.form::checkbox('user_super','1',$user_super,'','',$super_disabled).' '.
250	__('Super administrator').'</label></p>'.
251
252	'<p><label for="user_name">'.__('Last Name:').'</label> '.
253	form::field('user_name',20,255,html::escapeHTML($user_name)).
254	'</p>'.
255
256	'<p><label for="user_firstname">'.__('First Name:').'</label> '.
257	form::field('user_firstname',20,255,html::escapeHTML($user_firstname)).
258	'</p>'.
259
260	'<p><label for="user_displayname">'.__('Display name:').'</label> '.
261	form::field('user_displayname',20,255,html::escapeHTML($user_displayname)).
262	'</p>'.
263
264	'<p><label for="user_email">'.__('Email:').'</label> '.
265	form::field('user_email',20,255,html::escapeHTML($user_email)).
266	'</p>'.
267	'<p class="form-note">'.__('Mandatory for password recovering procedure.').'</p>'.
268
269	'<p><label for="user_url">'.__('URL:').'</label> '.
270	form::field('user_url',30,255,html::escapeHTML($user_url)).
271	'</p>'.
272	'</div>'.
273
274	'<div class="col">'.
275	'<h3>'.__('Options').'</h3>'.
276	'<h4>'.__('Interface').'</h4>'.
277	'<p><label for="user_lang">'.__('Language:').'</label> '.
278	form::combo('user_lang',$lang_combo,$user_lang,'l10n').
279	'</p>'.
280
281	'<p><label for="user_tz">'.__('Timezone:').'</label> '.
282	form::combo('user_tz',dt::getZones(true,true),$user_tz).
283	'</p>'.
284
285	'<h4>'.__('Edition').'</h4>'.
286	'<p><label for="user_post_format">'.__('Preferred format:').'</label> '.
287	form::combo('user_post_format',$formaters_combo,$user_options['post_format']).
288	'</p>'.
289
290	'<p><label for="user_post_status">'.__('Default entry status:').'</label> '.
291	form::combo('user_post_status',$status_combo,$user_post_status).
292	'</p>'.
293
294	'<p><label for="user_edit_size">'.__('Entry edit field height:').'</label> '.
295	form::field('user_edit_size',5,4,(integer) $user_options['edit_size']).
296	'</p>';
297
298	# --BEHAVIOR-- adminUserForm
299	$core->callBehavior('adminUserForm',isset($rs) ? $rs : null);
300
301	echo
302	'</div>'.
303	'</div>';
304
305
306	echo
307	'<p class="clear vertical-separator"><label for="your_pwd" class="required">'.
308	'<abbr title="'.__('Required field').'">*</abbr> '.__('Your password:').'</label>'.
309	form::password('your_pwd',20,255).'</p>'.
310	'<p class="clear"><input type="submit" name="save" accesskey="s" value="'.__('Save').'" />'.
311	($user_id != '' ? '' : ' <input type="submit" name="saveplus" value="'.__('Save and create another').'" />').
312	($user_id != '' ? form::hidden('id',$user_id) : '').
313	$core->formNonce().
314	'</p>'.
315
316	'</form>';
317
318	if ($user_id)
319	{
320	echo '<div class="clear fieldset">'.
321	'<h3>'.__('Permissions').'</h3>';
322
323	if (!$user_super)
324	{
325	echo
326	'<form action="'.$core->adminurl->get("admin.user.actions").'" method="post">'.
327	'<p><input type="submit" value="'.__('Add new permissions').'" />'.
328	form::hidden(array('redir'),$core->adminurl->get("admin.user",array('id' => $user_id))).
329	form::hidden(array('action'),'blogs').
330	form::hidden(array('users[]'),$user_id).
331	$core->formNonce().
332	'</p>'.
333	'</form>';
334
335	$permissions = $core->getUserPermissions($user_id);
336	$perm_types = $core->auth->getPermissionsTypes();
337
338	if (count($permissions) == 0)
339	{
340	echo '<p>'.__('No permissions so far.').'</p>';
341	}
342	else
343	{
344	foreach ($permissions as $k => $v)
345	{
346	if (count($v['p']) > 0)
347	{
348	echo
349	'<form action="'.$core->adminurl->get("admin.user.actions").'" method="post" class="perm-block">'.
350	'<p class="blog-perm">'.__('Blog:').' <a href="'.
351	$core->adminurl->get("admin.blog",array('id' => html::escapeHTML($k))).'">'.
352	html::escapeHTML($v['name']).'</a> ('.html::escapeHTML($k).')</p>';
353
354	echo '<ul class="ul-perm">';
355	foreach ($v['p'] as $p => $V) {
356	if (isset($perm_types[$p])) {
357	echo '<li>'.__($perm_types[$p]).'</li>';
358	}
359	}
360	echo
361	'</ul>'.
362	'<p class="add-perm"><input type="submit" class="reset" value="'.__('Change permissions').'" />'.
363	form::hidden(array('redir'),$core->adminurl->get("admin.user",array('id' => $user_id))).
364	form::hidden(array('action'),'perms').
365	form::hidden(array('users[]'),$user_id).
366	form::hidden(array('blogs[]'),$k).
367	$core->formNonce().
368	'</p>'.
369	'</form>';
370	}
371	}
372	}
373
374	}
375	else {
376	echo '<p>'.sprintf(__('%s is super admin (all rights on all blogs).'),'<strong>'.$user_id.'</strong>').'</p>';
377	}
378	echo '</div>';
379	}
380
381	dcPage::helpBlock('core_user');
382	dcPage::close();

Note: See TracBrowser for help on using the repository browser.

Dotclear

Context Navigation

source: admin/user.php @ 3036:7ed4286c8013

Download in other formats:

Sites map