interface to change password
authorarno <arenevier@fdn.fr>
Sun, 16 Aug 2009 13:02:31 +0000 (15:02 +0200)
committerarno <arenevier@fdn.fr>
Sun, 16 Aug 2009 13:02:31 +0000 (15:02 +0200)
README.txt
api.php
devdoc/api.txt
inc/db/anydb.php
inc/db/mysql.php
inc/i10n/en/syp.php
inc/i10n/fr/syp.php
inc/templates_admin.php
inc/templates_install.php
js/admin.js
media/admin.css

index ce452dda99d7730287896d3b50c087585a1cb94a..ccd1f04a815d19ad409514858f3690bf37effd64 100644 (file)
@@ -50,7 +50,8 @@ co-administrators
 It is possible to allow other people to upload and manage
 pictures/descriptions. In admin interface, select "Add an co-administrator"
 and fill informations (user name and password). Then, you need to communicate
-to your user its username and password. Only admin can add new users.
+to your user its username and password. He/She will be able to modify this
+password afterward. Only admin can add new users.
 
 Other co-administrators will be able to add markers, and delete/modifiy them.
 They cannot modify markers they have not created. admin is the only user
diff --git a/api.php b/api.php
index af8af1a836a65baef44b819cae3953422d1bb88a..fda62ff32389e1a630759a43e5d3643b9b44d29e 100644 (file)
--- a/api.php
+++ b/api.php
@@ -10,9 +10,16 @@ function success ($reason) {
     exit_document ("<success request=\"$reason\"></success>");
 }
 
+function success_changepass ($username) {
+    $res = "<success request=\"changepass\"><user>" .
+            htmlspecialchars ($username) .
+            "</user></success>";
+    exit_document ($res);
+}
+
 function success_newuser ($username) {
     $res = "<success request=\"newuser\"><user>" .
-            htmlspecialchars ($user) .
+            htmlspecialchars ($username) .
             "</user></success>";
     exit_document ($res);
 }
@@ -83,6 +90,10 @@ function error_server () {
     error ("server");
 }
 
+function error_wrongpass () {
+    error ("wrongpass");
+}
+
 function error_unauthorized () {
     error ("unauthorized");
 }
@@ -177,16 +188,20 @@ function unique_file ($dirname, $relpath, $con) {
    return null;
 }
 
+function setcookies ($user, $pwd) {
+    // cookie will be valid for 2 weeks. I've chosen that value
+    // arbitrarily, and it may change in the future.
+    $time = time () + 14 * 60 * 24 * 60;
+    setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false, true);
+    setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false, true);
+}
+
 function check_auth ($con, $user, $pwd, $auth_only) {
     $authentificated = false;
 
     if (isset ($pwd)) {
         if ($con->checkpwdmd5 ($user, md5 ($pwd))) {
-            // cookie will be valid for 2 weeks. I've chosen that value
-            // arbitrarily, and it may change in the future.
-            $time = time () + 14 * 60 * 24 * 60;
-            setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false, true);
-            setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false, true);
+            setcookies ($user, $pwd);
             $authentificated = true;
             if ($auth_only) {
                 success_auth ($user);
@@ -313,6 +328,20 @@ function main ($con) {
             } catch (Exception $e) {}
 
             success_delete_feature ($feature);
+        case "changepass":
+            $currpass = unquote ($_POST ["pass_current"]);
+            if (!$con->checkpwdmd5 ($user, md5 ($currpass))) {
+                error_wrongpass ();
+            }
+            $newpass = unquote ($_POST ["pass_new"]);
+            try {
+                $con->setpwd ($user, $newpass);
+            } catch (Exception $e) {
+                error_server ();
+            }
+            setcookies ($user, $newpass);
+            success_changepass ($user);
+        break;
         case "newuser":
             if ($user != "admin") {
                 error_unauthorized ();
@@ -321,15 +350,14 @@ function main ($con) {
             if (!$newuser_name) {
                 error_request ();
             }
+            if ($con->user_exists ($newuser_name)) {
+                error_newuser_exists ();
+            }
             $newuser_password = unquote ($_POST ["newuser_password"]);
             try {
-                $con->setpwd ($newuser_name, $newuser_password, false);
+                $con->setpwd ($newuser_name, $newuser_password);
             } catch (Exception $e) {
-                if ($e->getMessage () == anydbConnection::err_query) {
-                    error_newuser_exists ();
-                } else {
-                    error_server ();
-                }
+                error_server ();
             }
             success_newuser ($newuser_name);
         break;
index 8cc6fefa376b72952f3d88ecc27007e380190fc3..804c0c4d4baba7295f629a5d0af4d1651e0c8087 100644 (file)
@@ -20,6 +20,12 @@ but server may be written in any language.
 ## auth
  asks for authentication
 
+## changepass
+ change user password
+ * `$_POST ["pass_current"]` must contain current password. This is needed: cookie
+    authentification is not enough.
+ * `$_POST ["pass_new"]` must contain new password
+
 ## newuser
  adds a new user
  * `$_POST ["newuser_name"]` must contain user name
@@ -79,6 +85,7 @@ as _text/html_
  * `toobig`: uploaded file was too big
  * `notation`: uploaded file was not an image
  * `nochange`: when trying to update a feature, there is nothing to update (ie: no field of the feature has changed)
+ * `wrongpass`: wrong current password when trying to change password
  * `newuser_exists`: when trying to add an user which has the same name as an already registered user
 
 ## success handling:
@@ -89,6 +96,10 @@ as _text/html_
  * `<success request="newuser"><user>?user_name?</name></success>`:
      new user addition was successfull. ?user_name? is name of newly added user.
 
+ * `<success request="changepass"><user>?user_name?</name></success>`:
+     password change was successfull. ?user_name? is name user whose password
+     has been changed.
+
  * `<success request="del">
      <feature>
         <id>?id?</id>
index 596561cbc9027c15f89cbaf51aae9b1b000046b6..1094365eb42a6201d99bdd0e851427d096e60977 100644 (file)
@@ -94,12 +94,15 @@ interface anydbConnection {
     public function create_items_table();
 
     /*
-     * set password $pwd for user $usrname. 
-     * If $usrname does not exist:
-     *    - if $create_if_not_exists is true: create user.
-     *    - if $create_if_not_exists is false: throws an err_query error.
+     * returns true if $usrname is name of an existing user, false otherwise.
      */
-    public function setpwd($usrname, $pwd, $create_if_not_exists);
+    public function user_exists ($usrname);
+
+    /*
+     * set password $pwd for user $usrname. If $usrname does not exist, create
+     * it
+     */
+    public function setpwd($usrname, $pwd);
 
     /*
      * check that $pwd_md5 is md5 for $username password.
index 8e6253fc6e0f5fbae1cfb40ab29107757a7d9f9d..8c07aa3de81c304922b7376d6d266ef13b9ca2c8 100644 (file)
@@ -54,18 +54,19 @@ class mysqlConnection implements anydbConnection {
         $this->_execute_query ($query);
     }
 
-    public function setpwd ($user_name, $pwd, $create_if_not_exists) {
+    public function user_exists ($user_name) {
         $usrname_escaped = mysql_real_escape_string ($user_name);
         $query = sprintf ("SELECT COUNT(*) FROM %susers WHERE name LIKE '%s';",
                         $this->dbprefix, $usrname_escaped);
         $res = mysql_fetch_array ($this->_execute_query ($query), MYSQL_NUM);
-        if ($res [0] == 1) {
-            if ($create_if_not_exists) {
-                $query = sprintf ("UPDATE %susers SET pwd='%s' WHERE name like '%s';", 
-                               $this->dbprefix, md5 ($pwd), $usrname_escaped);
-            } else {
-                throw new Exception (anydbConnection::err_query);
-            }
+        return ($res [0] == 1);
+    }
+
+    public function setpwd ($user_name, $pwd) {
+        $usrname_escaped = mysql_real_escape_string ($user_name);
+        if ($this->user_exists ($user_name)) {
+            $query = sprintf ("UPDATE %susers SET pwd='%s' WHERE name like '%s';", 
+                    $this->dbprefix, md5 ($pwd), $usrname_escaped);
         } else {
             $query = sprintf ("INSERT INTO %susers VALUES ('%s', '%s');", 
                                $this->dbprefix, $usrname_escaped, md5 ($pwd));
index 487e4ebb410e6d5e8953d09841610a4a689d8cbe..aed83bfbf4c9d23b22929ca7b56aa119130fca52 100644 (file)
         "Passwords do not match."
           => "",
 
+        "New password is the same as old password."
+          => "",
+
+        "Bad password."
+          => "",
+
+        "Password changed correctly."
+          => "",
+
+        "User name has not been set."
+          => "",
+
+        "User already exists in database."
+          => "",
+
+        "User added correctly."
+          => "",
+
         "User already exists in database."
           => "",
 
         "Logout"
           => "",
 
+        "Change my password"
+          => "",
+
         "Add a co-administrator"
           => "",
 
         "close"
           => "",
 
+        "current password:"
+          => "",
+
+        "new password:"
+          => "",
+
+        "confirm new password:"
+          => "",
+
+        "Validate password"
+          => "",
+
         "user name:"
           => "",
 
index 9844ed920c3cb1b966371c31b85205a08ef04164..4717b01e5a72727440bc56a3f34242b9628bf2b8 100644 (file)
         "Les mots de passe ne correspondent pas."
           ,
 
+        "New password is the same as old password."
+          =>
+        "Le nouveau mot de passe est le même que l'ancien"
+          ,
+
+        "Bad password."
+          =>
+        "Mauvais mot de passe"
+          ,
+
+        "Password changed correctly."
+          =>
+        "Mot de passe modifié correctement."
+          ,
+
         "User already exists in database."
           =>
         "L'utilisateur existe déjà."
         "Déconnexion"
           ,
 
+        "Change my password"
+          =>
+        "Modifier mon mot de passe"
+          ,
+
         "Add a co-administrator"
           =>
         "Ajouter un co-administrateur"
         "fermer"
           ,
 
+        "current password:"
+          =>
+        "mot de passe actuel&nbsp;:"
+          ,
+
+        "new password:"
+          =>
+        "nouveau mot de passe&nbsp;:"
+          ,
+
+        "confirm new password:"
+          =>
+        "confirmer le nouveau mot de passe&nbsp;:"
+          ,
+
+        "Validate password"
+          =>
+        "Valider le mot de passe"
+          ,
+
         "user name:"
           =>
         "nom d'utilisateur&nbsp;:"
index 90bdb52970d60d3fcb1449257395b90f932071d4..589ca5f3a328ad36c9521dd789ae8ca9fee11610 100644 (file)
@@ -69,8 +69,11 @@ if (!$usrtblexists || !$itemstblexists) {
             UnconsistentError: "<?php ptrans('Server reply was inconsistent.')?>",
             DelSucces: "<?php ptrans('Removal took place correctly.')?>",
             UpdateSucces: "<?php ptrans('Save took place correctly.')?>",
+            userPasswordmatchError: "<?php ptrans('Passwords do not match.')?>",
+            changeSamePass: "<?php ptrans('New password is the same as old password.')?>",
+            changePassBadPass: "<?php ptrans('Bad password.')?>",
+            changePassSuccess: "<?php ptrans('Password changed correctly.')?>",
             newUserNonameError: "<?php ptrans('User name has not been set.')?>",
-            newUserPasswordmatchError: "<?php ptrans('Passwords do not match.')?>",
             newUserExistsError: "<?php ptrans('User already exists in database.')?>",
             newUserSuccess: "<?php ptrans('User added correctly.')?>"
         };
@@ -103,12 +106,29 @@ if (!$usrtblexists || !$itemstblexists) {
     <div id="header">
     <?php other_languages($lang) ?>
     <div id="user_management">
-        <p id="logout"><a href="logout.php"><?php ptrans('Logout')?></a></p>
-        <p id="add_user"><a href=""><?php ptrans('Add a co-administrator')?></a></p>
+        <p id="logout" class="user_link"><a href="logout.php"><?php ptrans('Logout')?></a></p>
+        <p id="change_pass" class="user_link"><a href=""><?php ptrans('Change my password')?></a></p>
+        <p id="add_user" class="user_link"><a href=""><?php ptrans('Add a co-administrator')?></a></p>
     </div>
-        <div id="newuser_area">
-            <input id="newuser_close" type="image" src="openlayers/theme/default/img/close.gif"
+        <div id="user_area">
+            <input id="user_close" type="image" src="openlayers/theme/default/img/close.gif"
                         title="<?php ptrans('close without saving')?>" alt="<?php ptrans('close')?>">
+            <form id="changepass" method="post">
+                <label for="pass_current"><?php ptrans('current password:')?></label>
+                <br>
+                <input id="pass_current" name="pass_current" type="password">
+                <br>
+                <label for="pass_new"><?php ptrans('new password:')?></label>
+                <br>
+                <input id="pass_new" name="pass_new" type="password">
+                <br>
+                <label for="pass_new_confirm"><?php ptrans('confirm new password:')?></label>
+                <br>
+                <input id="pass_new_confirm" name="pass_new_confirm" type="password">
+                <br>
+                <input id="pass_submit" name="pass_submit" type="submit" value="<?php ptrans('Validate password')?>">
+                <input type="hidden" name="request" value="changepass">
+            </form>
             <form id="newuser" method="post">
                 <label for="newuser_name"><?php ptrans('user name:')?></label>
                 <br>
@@ -125,8 +145,8 @@ if (!$usrtblexists || !$itemstblexists) {
                 <input id="newuser_submit" name="newuser_submit" type="submit" value="<?php ptrans('Validate user')?>">
                 <input type="hidden" name="request" value="newuser">
                 </form>
-                <p id="newuser_comm" class="center"></p>
-                <p id="newuser_throbber" class="throbber center">
+                <p id="user_comm" class="center"></p>
+                <p id="user_throbber" class="throbber center">
                     <?php ptrans('Connecting')?>
                     <img src="media/newuser-throbber.gif">
                 </p>
index e9a96ff0d43edd2917b5d08993c65f55d0dc3f35..86c856650e965d738958914cdac991f010dbe4fe 100644 (file)
             }
             par_success (trans ('User table created.'));
             try {
-                $connection->setpwd ("admin", $_POST ["admin_pass"], true);
+                $connection->setpwd ("admin", $_POST ["admin_pass"]);
             } catch (Exception $e) {
                 par_error_and_leave (trans ('Error when initializing password.'));
             }
index 8101799156f8b7ec4c0fda46692df9459e08eb54..e1dfe5f7f04562be72a470b5ea1903beb74959c5 100644 (file)
@@ -199,7 +199,7 @@ var Admin = {
 
     showEditor: function (feature) {
         $("#newfeature_button").hide();
-        userMgr.closeAddUser();
+        userMgr.close();
 
         if (feature.fid) {
             $("#delete").show();
@@ -268,7 +268,7 @@ var Admin = {
     },
 
     addNewFeature: function () {
-        userMgr.closeAddUser();
+        userMgr.close();
 
         function cancel() {
             $(document).unbind("keydown");
@@ -434,7 +434,7 @@ var FeatureMgr = {
         AjaxMgr.add({
             form: form,
             oncomplete: OpenLayers.Function.bind(this.ajaxReply, this),
-            onsend: function() { $("#editor_throbber").css("visibility", "visible"); }
+            throbberid: "editor_throbber"
         });
     },
 
@@ -462,12 +462,11 @@ var FeatureMgr = {
         AjaxMgr.add({
             form: form,
             oncomplete: OpenLayers.Function.bind(this.ajaxReply, this),
-            onsend: function() { $("#editor_throbber").css("visibility", "visible"); }
+            throbberid: "editor_throbber"
         });
     },
 
     ajaxReply: function (data) {
-        $("#editor_throbber").css("visibility", "hidden");
         if (!data) {
             this.commError(SypStrings.ServerError);
             return;
@@ -630,6 +629,9 @@ var AjaxMgr = {
         $('#api_frame').one("load", function() {
             self.running = false;
             self._reqEnd();
+            if (query.throbberid) {
+                $("#" + query.throbberid).css("visibility", "hidden");
+            }
             if (typeof (query.oncomplete) == "function") {
                 var body = null;
                 try {
@@ -653,6 +655,9 @@ var AjaxMgr = {
         query.form.attr("method", "post");
         this.running = true;
         query.form.get(0).submit();
+        if (query.throbberid) {
+            $("#" + query.throbberid).css("visibility", "visible");
+        }
         if (typeof (query.onsend) == "function") {
             query.onsend();
         }
@@ -685,8 +690,8 @@ var pwdMgr = {
             pwdMgr.commError("");
             var req = {
                 form:  $("#login_form"),
+                throbberid: "pwd_throbber",
                 onsend: function() {
-                    $("#pwd_throbber").css("visibility", "visible");
                     $("#login_error").hide();
 
                     // we need a timeout; otherwise those fields will not be submitted
@@ -705,7 +710,6 @@ var pwdMgr = {
     },
 
     ajaxReply: function (data) {
-        $("#pwd_throbber").css("visibility", "hidden");
         // here, we need a timeout because onsend timeout sometimes has not been triggered yet
         window.setTimeout(function() {
             $("#login_submit, #user, #password").removeAttr("disabled");
@@ -788,38 +792,147 @@ var pwdMgr = {
 
 var userMgr = {
     _adduserDisplayed: false,
-    _deluserDisplayed: false,
+    _changepassDisplayed: false,
 
     init: function() {
+        $("#user_close").unbind("click").click(function () {
+            userMgr.close()
+        });
+
+        $("#change_pass").unbind("click").click(function() {
+            userMgr.toggleChangePass();
+            return false;
+        });
+        $("#changepass").unbind("submit").submit(function() {
+            try {
+                userMgr.changepass();
+            } catch(e) {}
+            return false;
+        });
+
         if (sypSettings.loggedUser != "admin") {
             return;
         }
 
         $("#add_user").show();
-
-        $("#add_user").click(function () {
+        $("#add_user").unbind("click").click(function () {
             userMgr.toggleAddUser();
             return false;
         });
-        $("#newuser_close").click(function () {
-            userMgr.closeAddUser()
-        });
-        $("#newuser").submit(function() {
+        $("#newuser").unbind("submit").submit(function() {
             try {
                 userMgr.add();
             } catch(e) {}
             return false;
         });
+
+    },
+
+    disableForms: function() {
+        $("#newuser_name, #newuser_password, #newuser_password_confirm, #newuser_submit").attr("disabled", "disabled");
+        $("#pass_current, #pass_new, #pass_new_confirm, #pass_submit").attr("disabled", "disabled");
+    },
+
+    enableForms: function() {
+        $("#newuser_name, #newuser_password, #newuser_password_confirm, #newuser_submit").removeAttr("disabled");
+        $("#pass_current, #pass_new, #pass_new_confirm, #pass_submit").removeAttr("disabled");
+    },
+
+    resetForms: function() {
+        $("#newuser_name, #newuser_password, #newuser_password_confirm").val("");
+        $("#pass_current, #pass_new, #pass_new_confirm").val("");
     },
 
     uninit: function() {
-        if (this._adduserDisplayed) {
-            this.closeAddUser();
-        }
+        this.close();
         $("#add_user").unbind("click");
         $("#add_user").hide();
-        $("#newuser_close").unbind("click");
+        $("#change_pass").unbind("click");
+        $("#user_close").unbind("click");
         $("#newuser").unbind("submit");
+        $("#changepass").unbind("submit");
+    },
+
+    close: function() {
+        this.closeChangePass();
+        this.closeAddUser();
+    },
+
+    toggleChangePass: function() {
+        if (this._changepassDisplayed) {
+            this.closeChangePass();
+        } else {
+            this.showChangePass();
+        }
+    },
+
+    showChangePass: function() {
+        if (!Admin.cancelCurrentFeature()) {
+            return;
+        }
+        this.closeAddUser();
+
+        $(document).unbind("keydown").keydown(function(e) { 
+            if (e.keyCode == 27) {
+                userMgr.closeChangePass()
+                e.preventDefault();
+            }
+        });
+
+        this.resetForms();
+        this.enableForms();
+        $("#user_area, #changepass").show();
+        this.commError("");
+
+        // XXX: setTimeout needed because otherwise, map becomes hidden in IE. Why ??
+        window.setTimeout(function() { 
+            $("#pass_current").focus();
+        }, 0);
+
+        this._changepassDisplayed = true;
+    },
+
+    closeChangePass: function() {
+        if (!this._changepassDisplayed) {
+            return;
+        }
+        $("#user_area, #changepass").hide();
+        $(document).unbind("keydown");
+        this._changepassDisplayed = false;
+    },
+
+    changepass: function() {
+        var newpass = $("#pass_new").val();
+        var newpass_confirm = $("#pass_new_confirm").val();
+        if (newpass != newpass_confirm) {
+            this.commError(SypStrings.userPasswordmatchError);
+            $("#pass_new").focus().select();
+            return;
+        }
+
+        var curpass = $("#pass_current").val();
+        if (newpass == curpass) {
+            this.commError(SypStrings.changeSamePass);
+            $("#pass_new").focus().select();
+            return;
+        }
+
+        this.commError("");
+
+        AjaxMgr.add({
+            form: $("#changepass"),
+            oncomplete: OpenLayers.Function.bind(this.ajaxReply, this),
+            throbberid: "user_throbber",
+            onsend: function() { 
+                // we need a timeout; otherwise those fields will not be submitted
+                window.setTimeout(function() {
+                    // removes focus from #password before disabling it. Otherwise, opera
+                    // prevents re-focusing it after re-enabling it.
+                    $("#pass_current, #pass_new, #pass_new_confirm").blur(); 
+                    userMgr.disableForms();
+                }, 0);
+            }
+        });
     },
 
     toggleAddUser: function() {
@@ -835,6 +948,8 @@ var userMgr = {
             return;
         }
 
+        this.closeChangePass();
+
         $(document).unbind("keydown").keydown(function(e) { 
             if (e.keyCode == 27) {
                 userMgr.closeAddUser()
@@ -842,18 +957,24 @@ var userMgr = {
             }
         });
 
-        Admin.reset();
-        $("#newuser_area").show();
-        $("#newuser_name, #newuser_password, #newuser_password_confirm").val("");
-        $("#newuser_name, #newuser_password, #newuser_password_confirm, #newuser_submit").removeAttr('disabled');
-        $("#newuser_name").focus();;
+        $("#user_area, #newuser").show();
+        this.resetForms();
+        this.enableForms();
         this.commError("");
 
+        // XXX: setTimeout needed because otherwise, map becomes hidden in IE. Why ??
+        window.setTimeout(function() { 
+            $("#newuser_name").focus();
+        }, 0);
+
         this._adduserDisplayed = true;
     },
 
     closeAddUser: function() {
-        $("#newuser_area").hide();
+        if (!this._adduserDisplayed) {
+            return;
+        }
+        $("#user_area, #newuser").hide();
         $(document).unbind("keydown");
         this._adduserDisplayed = false;
     },
@@ -869,7 +990,7 @@ var userMgr = {
         var newuser_pass = $("#newuser_password").val();
         var newuser_pass_confirm = $("#newuser_password_confirm").val();
         if (newuser_pass != newuser_pass_confirm) {
-            this.commError(SypStrings.newUserPasswordmatchError);
+            this.commError(SypStrings.userPasswordmatchError);
             $("#newuser_password").focus().select();
             return;
         }
@@ -879,17 +1000,33 @@ var userMgr = {
         AjaxMgr.add({
             form: $("#newuser"),
             oncomplete: OpenLayers.Function.bind(this.ajaxReply, this),
-            onsend: function() { $("#newuser_throbber").css("visibility", "visible"); }
+            throbberid: "user_throbber",
+            onsend: function() { 
+                // we need a timeout; otherwise those fields will not be submitted
+                window.setTimeout(function() {
+                    // removes focus from #password before disabling it. Otherwise, opera
+                    // prevents re-focusing it after re-enabling it.
+                    $("#newuser_name, #newuser_password, #newuser_password_confirm").blur(); 
+                    userMgr.disableForms();
+                }, 0);
+            }
         });
     },
 
     ajaxReply: function (data) {
-        $("#newuser_throbber").css("visibility", "hidden");
         if (!data) {
+            // here, we need a timeout because onsend timeout sometimes has not been triggered yet
+            var self = this;
+            window.setTimeout(function() {
+                self.enableForms();
+             }, 0);
             this.commError(SypStrings.ServerError);
             return;
         }
 
+        var needFormEnabling = true;
+        var focusEl = null;
+
         var xml = new OpenLayers.Format.XML().read(data);
         switch (xml.documentElement.nodeName.toLowerCase()) {
             case "error":
@@ -902,19 +1039,35 @@ var userMgr = {
                     break;
                     case "server":
                         this.commError(SypStrings.ServerError);
-                        $("#newuser_name").focus().select();
+                        if (this._adduserDisplayed) {
+                            focusEl = $("#newuser_name");
+                        } else if (this._changepassDisplayed) {
+                            focusEl = $("#pass_current");
+                        }
                     break;
                     case "request":
                         this.commError(SypStrings.RequestError);
-                        $("#newuser_name").focus().select();
+                        if (this._adduserDisplayed) {
+                            focusEl = $("#newuser_name");
+                        } else if (this._changepassDisplayed) {
+                            focusEl = $("#pass_current");
+                        }
+                    break;
+                    case "wrongpass":
+                        this.commError(SypStrings.changePassBadPass);
+                        focusEl = $("#pass_current");
                     break;
                     case "newuser_exists":
                         this.commError(SypStrings.newUserExistsError);
-                        $("#newuser_name").focus().select();
+                        focusEl = $("#newuser_name");
                     break;
                     default:
                         this.commError(SypStrings.UnconsistentError);
-                        $("#newuser_name").focus().select();
+                        if (this._adduserDisplayed) {
+                            focusEl = $("#newuser_name");
+                        } else if (this._changepassDisplayed) {
+                            focusEl = $("#pass_current");
+                        }
                     break;
                 }
             break;
@@ -922,29 +1075,49 @@ var userMgr = {
                 switch (xml.documentElement.getAttribute("request")) {
                     case "newuser":
                         this.commSuccess(SypStrings.newUserSuccess);
-                        $("#newuser_name, #newuser_password, #newuser_password_confirm, #newuser_submit").attr('disabled', 'disabled');
+                        needFormEnabling = false;
+                    break;
+                    case "changepass":
+                        this.commSuccess(SypStrings.changePassSuccess);
+                        needFormEnabling = false;
                     break;
                     default:
                         this.commError(SypStrings.UnconsistentError);
-                        $("newuser_name").focus().select();
+                        focusEl = $("newuser_name");
                     break;
                 }
             break;
             default:
                 this.commError(SypStrings.UnconsistentError);
-                $("newuser_name").focus().select();
+                focusEl = $("newuser_name");
             break;
         }
+
+        if (needFormEnabling) {
+            // here, we need a timeout because onsend timeout sometimes has not been triggered yet
+            var self = this;
+            window.setTimeout(function() {
+                self.enableForms();
+                if (focusEl) {
+                    focusEl.select().focus();
+                }
+             }, 0);
+        } else {
+            if (focusEl) {
+                focusEl.focus().select();
+            }
+        }
+
     },
 
     commSuccess: function (message) {
-        $("#newuser_comm").text(message);
-        $("#newuser_comm").removeClass("error success").addClass("success");
+        $("#user_comm").text(message);
+        $("#user_comm").removeClass("error success").addClass("success");
     },
 
     commError: function (message) {
-        $("#newuser_comm").text(message);
-        $("#newuser_comm").removeClass("error success").addClass("error");
+        $("#user_comm").text(message);
+        $("#user_comm").removeClass("error success").addClass("error");
     }
 }
 
index ec9f82b9dcdf29e140fd6053f7ac2b64884ca8ae..5d9c397690d200f9a55dcd205acc690386a97f4a 100644 (file)
@@ -14,7 +14,7 @@
 #add_user {
     display: none;
 }
-#logout a, #add_user a {
+.user_link {
     text-decoration: none;
     color: blue;
 }
 }
 
 /*
- * newuser
+ * user area
  */
-#newuser_area {
+#user_area {
     border: 1px solid black;
     display: none;
     float: right;
     clear: right;
     width: 35%;
 }
-#newuser {
-    margin: 12px;
-    text-align: center;
-}
-#newuser_close {
+#user_close {
     float: right;
 }
-#newuser_comm {
+#user_comm {
     margin-left: 4px;
     margin-right: 4px;
 }
+#newuser, #changepass {
+    display: none;
+    margin: 12px;
+    text-align: center;
+}
 
 /*
  * map
@@ -83,7 +84,7 @@
 #editor {
     position: absolute;
     width: 44%;
-    top: 3em;
+    top: 4em;
     left: 55%;
     display: none;
     border: 1px solid black;