1
0
mirror of https://github.com/vichan-devel/vichan.git synced 2024-11-30 18:24:29 +01:00

Allow users to change their own passwords

This commit is contained in:
Savetheinternet 2011-03-28 02:41:06 +11:00
parent f7313d4a0e
commit 4f775fc98d
3 changed files with 34 additions and 11 deletions

View File

@ -321,6 +321,8 @@
$config['mod']['promoteusers'] = ADMIN;
// Edit any users' login information
$config['mod']['editusers'] = ADMIN;
// Change user's own password
$config['mod']['change_password'] = JANITOR;
// Delete a user
$config['mod']['deleteusers'] = ADMIN;
// Create a user

View File

@ -38,7 +38,7 @@
if(!$mod) error('setCookies() was called for a non-moderator!');
// $config['cookies']['mod'] contains username:hash
setcookie($config['cookies']['mod'], $mod['username'] . ':' . $mod['hash'], time()+$config['cookies']['expire'], $config['cookies']['jail']?$config['root']:'/', null, false, true);
setcookie($config['cookies']['mod'], $mod['username'] . ':' . $mod['hash'], time()+$config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path']:'/', null, false, true);
// Put $mod in the session
$_SESSION['mod'] = $mod;
@ -51,7 +51,7 @@
function destroyCookies() {
global $config;
// Delete the cookies
setcookie($config['cookies']['mod'], 'deleted', time()-$config['cookies']['expire'], $config['cookies']['jail']?$config['root']:'/', null, false, true);
setcookie($config['cookies']['mod'], 'deleted', time()-$config['cookies']['expire'], $config['cookies']['jail']?$config['cookies']['path']:'/', null, false, true);
// Unset the session
unset($_SESSION['mod']);

37
mod.php
View File

@ -306,7 +306,8 @@
:'')
: ''
) .
($mod['type'] >= $config['mod']['editusers'] ?
($mod['type'] >= $config['mod']['editusers'] ||
($mod['type'] >= $config['mod']['change_password'] && $_mod['id'] == $mod['id'])?
'<a class="unimportant" style="margin-left:5px;float:right" href="?/users/' . $_mod['id'] . '">[edit]</a>'
: '' ) .
($mod['type'] >= $config['mod']['create_pm'] ?
@ -416,7 +417,7 @@
header('Location: ?/users', true, $config['redirect_http']);
} else {
// Edit user
if($mod['type'] < $config['mod']['editusers']) error($config['error']['noaccess']);
if($mod['type'] < $config['mod']['editusers'] && $mod['type'] < $config['mod']['change_password']) error($config['error']['noaccess']);
$query = prepare("SELECT * FROM `mods` WHERE `id` = :id");
$query->bindValue(':id', $modID, PDO::PARAM_INT);
@ -426,12 +427,16 @@
error($config['error']['404']);
}
if(isset($_POST['username']) && isset($_POST['password'])) {
$query = prepare("UPDATE `mods` SET `username` = :username WHERE `id` = :id");
$query->bindValue(':username', $_POST['username']);
$query->bindValue(':id', $modID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if($mod['type'] < $config['mod']['editusers'] && !($mod['type'] >= $config['mod']['change_password'] && $mod['id'] == $_mod['id'] && $change_password_only = true))
error($config['error']['noaccess']);
if((isset($_POST['username']) && isset($_POST['password'])) || (isset($change_password_only) && isset($_POST['password']))) {
if(!isset($change_password_only)) {
$query = prepare("UPDATE `mods` SET `username` = :username WHERE `id` = :id");
$query->bindValue(':username', $_POST['username']);
$query->bindValue(':id', $modID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
}
if(!empty($_POST['password'])) {
$query = prepare("UPDATE `mods` SET `password` = :password WHERE `id` = :id");
$query->bindValue(':password', sha1($_POST['password']));
@ -444,6 +449,16 @@
$query->bindValue(':id', $modID, PDO::PARAM_INT);
$query->execute() or error(db_error($query));
if(!$_mod = $query->fetch()) {
error($config['error']['404']);
}
if($_mod['id'] == $mod['id']) {
// Changed own password. Update cookies
var_dump(login($_mod['username'], $_mod['password'], false));
setCookies();
}
$_mod = $query->fetch();
}
@ -454,7 +469,13 @@
'<table>' .
'<tr><th>Username</th><td><input size="20" maxlength="30" type="text" name="username" value="' . $_mod['username'] . '" autocomplete="off" /></td></tr>' .
'<tr><th>Username</th><td>' .
(isset($change_password_only) ?
$_mod['username']
: '<input size="20" maxlength="30" type="text" name="username" value="' . $_mod['username'] . '" autocomplete="off" />') .
'</td></tr>' .
'<tr><th>Password <span class="unimportant">(new; optional)</span></th><td><input size="20" maxlength="30" type="password" name="password" value="" autocomplete="off" /></td></tr>' .
'</table>' .