summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Rettberg2016-09-08 18:43:47 +0200
committerSimon Rettberg2016-09-08 18:43:47 +0200
commitad4f4e405aed82cd0f87e51874043a2d054a1c01 (patch)
tree284362f85a9c31859e8e0a043e53325482812bae
parent[roomplanner] ajax saving: Better error messages on .fail() (diff)
downloadslx-admin-ad4f4e405aed82cd0f87e51874043a2d054a1c01.tar.gz
slx-admin-ad4f4e405aed82cd0f87e51874043a2d054a1c01.tar.xz
slx-admin-ad4f4e405aed82cd0f87e51874043a2d054a1c01.zip
[session] Add simple "change password" GUI
Diffstat
-rw-r--r--inc/user.inc.php17
-rw-r--r--modules-available/main/templates/main-menu.html2
-rw-r--r--modules-available/session/page.inc.php51
-rw-r--r--modules-available/session/style.css43
-rw-r--r--modules-available/session/templates/change-password.html11
-rw-r--r--modules-available/session/templates/page-login.html11
-rw-r--r--style/default.css51
7 files changed, 134 insertions, 52 deletions
diff --git a/inc/user.inc.php b/inc/user.inc.php
index dc603dac..f7688b00 100644
--- a/inc/user.inc.php
+++ b/inc/user.inc.php
@@ -49,6 +49,23 @@ class User
return false;
}
+ public static function testPassword($userid, $password)
+ {
+ $ret = Database::queryFirst('SELECT passwd FROM user WHERE userid = :userid LIMIT 1', compact('userid'));
+ if ($ret === false)
+ return false;
+ return Crypto::verify($password, $ret['passwd']);
+ }
+
+ public static function updatePassword($password)
+ {
+ if (!self::isLoggedIn())
+ return;
+ $passwd = Crypto::hash6($password);
+ $userid = self::getId();
+ return Database::exec('UPDATE user SET passwd = :passwd WHERE userid = :userid LIMIT 1', compact('userid', 'passwd')) > 0;
+ }
+
public static function login($user, $pass)
{
$ret = Database::queryFirst('SELECT userid, passwd FROM user WHERE login = :user LIMIT 1', array(':user' => $user));
diff --git a/modules-available/main/templates/main-menu.html b/modules-available/main/templates/main-menu.html
index 8dc91f12..2ede4f87 100644
--- a/modules-available/main/templates/main-menu.html
+++ b/modules-available/main/templates/main-menu.html
@@ -60,6 +60,7 @@
<form id="logoutForm" method="post" action="?do=Session">
<input type="hidden" name="token" value="{{token}}">
<input type="hidden" name="action" value="logout">
+ <a href="?do=session" class="btn btn-default btn-xs">{{lang_changePassword}}</a>
<button class="btn btn-default btn-xs" type="submit">{{lang_logout}}</button>
</form>
</li>
@@ -79,6 +80,7 @@
<ul class="dropdown-menu">
<!--<li><a href="#">Settings</a></li> -->
<!--<li role="separator" class="divider"></li> -->
+ <li><a href="?do=session">{{lang_changePassword}}</a></li>
<li><a href="#" onclick="$('#logoutForm').submit();">{{lang_logout}}</a></li>
</ul>
{{/user}}
diff --git a/modules-available/session/page.inc.php b/modules-available/session/page.inc.php
index 853f20e4..0a6eac77 100644
--- a/modules-available/session/page.inc.php
+++ b/modules-available/session/page.inc.php
@@ -6,30 +6,63 @@ class Page_Session extends Page
protected function doPreprocess()
{
User::load();
- if (Request::post('action') === 'login') {
+ $action = Request::post('action');
+ if ($action === 'login') {
// Login - see if already logged in
if (User::isLoggedIn()) // and then just redirect
- Util::redirect('?do=Main');
+ Util::redirect('?do=main');
// Else, try to log in
if (User::login(Request::post('user'), Request::post('pass')))
- Util::redirect('?do=Main');
+ Util::redirect('?do=main');
// Login credentials wrong - delay and show error message
sleep(1);
Message::addError('loginfail');
}
- if (Request::post('action') === 'logout') {
+ if ($action === 'logout') {
// Log user out (or do nothing if not logged in)
User::logout();
- Util::redirect('?do=Main');
+ Util::redirect('?do=main');
+ }
+ if ($action === 'changepw') {
+ if (!User::isLoggedIn()) {
+ Util::redirect('?do=main');
+ }
+ // Now check if the user supplied the corrent current password, and the new password twice
+ $old = Request::post('old', false, 'string');
+ $new = Request::post('newpass1', false, 'string');
+ if ($old === false || $new === false) {
+ Message::addError('main.empty-field');
+ Util::redirect('?do=session');
+ }
+ if (!User::testPassword(User::getId(), $old)) {
+ sleep(1);
+ Message::addError('wrong-password');
+ Util::redirect('?do=session');
+ }
+ if (strlen($new) < 4) {
+ Message::addError('pass-too-short');
+ Util::redirect('?do=session');
+ }
+ if ($new !== Request::post('newpass2', false, 'string')) {
+ Message::addError('adduser.password-mismatch');
+ Util::redirect('?do=session');
+ }
+ if (User::updatePassword($new)) {
+ Message::addSuccess('password-changed');
+ } else {
+ Message::addWarning('password-unchanged');
+ }
+ Util::redirect('?do=session');
}
-
- if (User::isLoggedIn())
- Util::redirect('?do=Main');
}
protected function doRender()
{
- Render::addTemplate('page-login');
+ if (User::isLoggedIn()) {
+ Render::addTemplate('change-password');
+ } else {
+ Render::addTemplate('page-login');
+ }
}
}
diff --git a/modules-available/session/style.css b/modules-available/session/style.css
new file mode 100644
index 00000000..f7800155
--- /dev/null
+++ b/modules-available/session/style.css
@@ -0,0 +1,43 @@
+.form-signin {
+ max-width: 330px;
+ padding: 15px;
+ margin: 0 auto;
+}
+
+.form-signin .form-signin-heading,
+.form-signin .checkbox {
+ margin-bottom: 10px;
+}
+
+.form-signin .checkbox {
+ font-weight: normal;
+}
+
+.form-signin .form-control {
+ position: relative;
+ font-size: 16px;
+ height: auto;
+ padding: 10px;
+ -webkit-box-sizing: border-box;
+ -moz-box-sizing: border-box;
+ box-sizing: border-box;
+}
+
+.form-signin input[type="text"],
+.form-signin input[type="password"] {
+ border-radius: 0;
+ margin-bottom: -1px;
+}
+
+.form-signin input[type="text"]:first-child,
+.form-signin input[type="password"]:first-child {
+ border-top-left-radius: 4px;
+ border-top-right-radius: 4px;
+}
+
+.form-signin input[type="text"]:last-child,
+.form-signin input[type="password"]:last-child {
+ margin-bottom: 10px;
+ border-bottom-left-radius: 4px;
+ border-bottom-right-radius: 4px;
+} \ No newline at end of file
diff --git a/modules-available/session/templates/change-password.html b/modules-available/session/templates/change-password.html
new file mode 100644
index 00000000..70ab7b92
--- /dev/null
+++ b/modules-available/session/templates/change-password.html
@@ -0,0 +1,11 @@
+<form class="form-signin" action="?do=Session" method="post">
+ <h2 class="form-signin-heading">{{lang_changePassword}}</h2>
+ <div>
+ <input type="password" name="old" class="form-control" placeholder="{{lang_currentPassword}}" autofocus>
+ <input type="password" name="newpass1" class="form-control" placeholder="{{lang_newPassword}}">
+ <input type="password" name="newpass2" class="form-control" placeholder="{{lang_repeatPassword}}">
+ </div>
+ <button class="btn btn-lg btn-primary btn-block" type="submit">{{lang_changePassword}}</button>
+ <input type="hidden" name="action" value="changepw">
+ <input type="hidden" name="token" value="{{token}}">
+</form> \ No newline at end of file
diff --git a/modules-available/session/templates/page-login.html b/modules-available/session/templates/page-login.html
index 247e9a55..4be7232a 100644
--- a/modules-available/session/templates/page-login.html
+++ b/modules-available/session/templates/page-login.html
@@ -1,11 +1,10 @@
<form class="form-signin" action="?do=Session" method="post">
<h2 class="form-signin-heading">{{lang_enter}}</h2>
- <input type="text" name="user" class="form-control" placeholder="{{lang_username}}" autofocus>
- <input type="password" name="pass" class="form-control" placeholder="{{lang_password}}">
- <!--label class="checkbox">
- <input type="checkbox" name="remember" value="remember-me"> {{lang_rememberID}}
- </label-->
+ <div>
+ <input type="text" name="user" class="form-control" placeholder="{{lang_username}}" autofocus>
+ <input type="password" name="pass" class="form-control" placeholder="{{lang_password}}">
+ </div>
<button class="btn btn-lg btn-primary btn-block" type="submit">{{lang_login}}</button>
- <a class="btn btn-lg btn-primary btn-block" href="?do=AddUser">{{lang_register}}</a>
+ <a class="btn btn-lg btn-default btn-block" href="?do=AddUser">{{lang_register}}</a>
<input type="hidden" name="action" value="login">
</form> \ No newline at end of file
diff --git a/style/default.css b/style/default.css
index 470af96e..40e40b5f 100644
--- a/style/default.css
+++ b/style/default.css
@@ -1,6 +1,6 @@
html {
overflow-y: scroll;
- height: 100%;
+ height: 100%;
}
body {
@@ -11,48 +11,25 @@ body {
background-image: url('bg.png');
}
-.form-signin {
- max-width: 330px;
- padding: 15px;
- margin: 0 auto;
-}
.form-adduser {
- max-width: 600px;
- padding: 10px;
- margin: 0 auto;
+ max-width: 600px;
+ padding: 10px;
+ margin: 0 auto;
+}
+.form-adduser .form-control {
+ position: relative;
+ font-size: 16px;
+ height: auto;
+ padding: 10px;
+ -webkit-box-sizing: border-box;
+ -moz-box-sizing: border-box;
+ box-sizing: border-box;
}
.form-narrow {
max-width: 320px;
}
-.form-signin .form-signin-heading,
-.form-signin .checkbox {
- margin-bottom: 10px;
-}
-.form-signin .checkbox {
- font-weight: normal;
-}
-.form-signin .form-control,
-.form-adduser .form-control {
- position: relative;
- font-size: 16px;
- height: auto;
- padding: 10px;
- -webkit-box-sizing: border-box;
- -moz-box-sizing: border-box;
- box-sizing: border-box;
-}
.form-control:focus {
- z-index: 2;
-}
-.form-signin input[type="text"] {
- margin-bottom: -1px;
- border-bottom-left-radius: 0;
- border-bottom-right-radius: 0;
-}
-.form-signin input[type="password"] {
- margin-bottom: 10px;
- border-top-left-radius: 0;
- border-top-right-radius: 0;
+ z-index: 2;
}
.slx-default, .slx-notebox {
generated by cgit v1.2.3-55-g7522 (git 2.39.0) at 2024-04-30 14:46:08 +0200