From: arno Date: Sun, 16 Aug 2009 13:02:31 +0000 (+0200) Subject: interface to change password X-Git-Tag: v0.3b_thomas~20 X-Git-Url: https://dev.renevier.net/gitweb.cgi?p=syp.git;a=commitdiff_plain;h=939514b912738c5784b04a0d207db1afd918eb69 interface to change password --- diff --git a/README.txt b/README.txt index ce452dd..ccd1f04 100644 --- a/README.txt +++ b/README.txt @@ -50,7 +50,8 @@ co-administrators It is possible to allow other people to upload and manage pictures/descriptions. In admin interface, select "Add an co-administrator" and fill informations (user name and password). Then, you need to communicate -to your user its username and password. Only admin can add new users. +to your user its username and password. He/She will be able to modify this +password afterward. Only admin can add new users. Other co-administrators will be able to add markers, and delete/modifiy them. They cannot modify markers they have not created. admin is the only user diff --git a/api.php b/api.php index af8af1a..fda62ff 100644 --- a/api.php +++ b/api.php @@ -10,9 +10,16 @@ function success ($reason) { exit_document (""); } +function success_changepass ($username) { + $res = "" . + htmlspecialchars ($username) . + ""; + exit_document ($res); +} + function success_newuser ($username) { $res = "" . - htmlspecialchars ($user) . + htmlspecialchars ($username) . ""; exit_document ($res); } @@ -83,6 +90,10 @@ function error_server () { error ("server"); } +function error_wrongpass () { + error ("wrongpass"); +} + function error_unauthorized () { error ("unauthorized"); } @@ -177,16 +188,20 @@ function unique_file ($dirname, $relpath, $con) { return null; } +function setcookies ($user, $pwd) { + // cookie will be valid for 2 weeks. I've chosen that value + // arbitrarily, and it may change in the future. + $time = time () + 14 * 60 * 24 * 60; + setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false, true); + setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false, true); +} + function check_auth ($con, $user, $pwd, $auth_only) { $authentificated = false; if (isset ($pwd)) { if ($con->checkpwdmd5 ($user, md5 ($pwd))) { - // cookie will be valid for 2 weeks. I've chosen that value - // arbitrarily, and it may change in the future. - $time = time () + 14 * 60 * 24 * 60; - setcookie (sprintf ("%sauth", DBPREFIX), md5 ($pwd), $time, "" , "", false, true); - setcookie (sprintf ("%suser", DBPREFIX), $user, $time, "" , "", false, true); + setcookies ($user, $pwd); $authentificated = true; if ($auth_only) { success_auth ($user); @@ -313,6 +328,20 @@ function main ($con) { } catch (Exception $e) {} success_delete_feature ($feature); + case "changepass": + $currpass = unquote ($_POST ["pass_current"]); + if (!$con->checkpwdmd5 ($user, md5 ($currpass))) { + error_wrongpass (); + } + $newpass = unquote ($_POST ["pass_new"]); + try { + $con->setpwd ($user, $newpass); + } catch (Exception $e) { + error_server (); + } + setcookies ($user, $newpass); + success_changepass ($user); + break; case "newuser": if ($user != "admin") { error_unauthorized (); @@ -321,15 +350,14 @@ function main ($con) { if (!$newuser_name) { error_request (); } + if ($con->user_exists ($newuser_name)) { + error_newuser_exists (); + } $newuser_password = unquote ($_POST ["newuser_password"]); try { - $con->setpwd ($newuser_name, $newuser_password, false); + $con->setpwd ($newuser_name, $newuser_password); } catch (Exception $e) { - if ($e->getMessage () == anydbConnection::err_query) { - error_newuser_exists (); - } else { - error_server (); - } + error_server (); } success_newuser ($newuser_name); break; diff --git a/devdoc/api.txt b/devdoc/api.txt index 8cc6fef..804c0c4 100644 --- a/devdoc/api.txt +++ b/devdoc/api.txt @@ -20,6 +20,12 @@ but server may be written in any language. ## auth asks for authentication +## changepass + change user password + * `$_POST ["pass_current"]` must contain current password. This is needed: cookie + authentification is not enough. + * `$_POST ["pass_new"]` must contain new password + ## newuser adds a new user * `$_POST ["newuser_name"]` must contain user name @@ -79,6 +85,7 @@ as _text/html_ * `toobig`: uploaded file was too big * `notation`: uploaded file was not an image * `nochange`: when trying to update a feature, there is nothing to update (ie: no field of the feature has changed) + * `wrongpass`: wrong current password when trying to change password * `newuser_exists`: when trying to add an user which has the same name as an already registered user ## success handling: @@ -89,6 +96,10 @@ as _text/html_ * `?user_name?`: new user addition was successfull. ?user_name? is name of newly added user. + * `?user_name?`: + password change was successfull. ?user_name? is name user whose password + has been changed. + * ` ?id? diff --git a/inc/db/anydb.php b/inc/db/anydb.php index 596561c..1094365 100644 --- a/inc/db/anydb.php +++ b/inc/db/anydb.php @@ -94,12 +94,15 @@ interface anydbConnection { public function create_items_table(); /* - * set password $pwd for user $usrname. - * If $usrname does not exist: - * - if $create_if_not_exists is true: create user. - * - if $create_if_not_exists is false: throws an err_query error. + * returns true if $usrname is name of an existing user, false otherwise. */ - public function setpwd($usrname, $pwd, $create_if_not_exists); + public function user_exists ($usrname); + + /* + * set password $pwd for user $usrname. If $usrname does not exist, create + * it + */ + public function setpwd($usrname, $pwd); /* * check that $pwd_md5 is md5 for $username password. diff --git a/inc/db/mysql.php b/inc/db/mysql.php index 8e6253f..8c07aa3 100644 --- a/inc/db/mysql.php +++ b/inc/db/mysql.php @@ -54,18 +54,19 @@ class mysqlConnection implements anydbConnection { $this->_execute_query ($query); } - public function setpwd ($user_name, $pwd, $create_if_not_exists) { + public function user_exists ($user_name) { $usrname_escaped = mysql_real_escape_string ($user_name); $query = sprintf ("SELECT COUNT(*) FROM %susers WHERE name LIKE '%s';", $this->dbprefix, $usrname_escaped); $res = mysql_fetch_array ($this->_execute_query ($query), MYSQL_NUM); - if ($res [0] == 1) { - if ($create_if_not_exists) { - $query = sprintf ("UPDATE %susers SET pwd='%s' WHERE name like '%s';", - $this->dbprefix, md5 ($pwd), $usrname_escaped); - } else { - throw new Exception (anydbConnection::err_query); - } + return ($res [0] == 1); + } + + public function setpwd ($user_name, $pwd) { + $usrname_escaped = mysql_real_escape_string ($user_name); + if ($this->user_exists ($user_name)) { + $query = sprintf ("UPDATE %susers SET pwd='%s' WHERE name like '%s';", + $this->dbprefix, md5 ($pwd), $usrname_escaped); } else { $query = sprintf ("INSERT INTO %susers VALUES ('%s', '%s');", $this->dbprefix, $usrname_escaped, md5 ($pwd)); diff --git a/inc/i10n/en/syp.php b/inc/i10n/en/syp.php index 487e4eb..aed83bf 100644 --- a/inc/i10n/en/syp.php +++ b/inc/i10n/en/syp.php @@ -213,6 +213,24 @@ "Passwords do not match." => "", + "New password is the same as old password." + => "", + + "Bad password." + => "", + + "Password changed correctly." + => "", + + "User name has not been set." + => "", + + "User already exists in database." + => "", + + "User added correctly." + => "", + "User already exists in database." => "", @@ -222,6 +240,9 @@ "Logout" => "", + "Change my password" + => "", + "Add a co-administrator" => "", @@ -231,6 +252,18 @@ "close" => "", + "current password:" + => "", + + "new password:" + => "", + + "confirm new password:" + => "", + + "Validate password" + => "", + "user name:" => "", diff --git a/inc/i10n/fr/syp.php b/inc/i10n/fr/syp.php index 9844ed9..4717b01 100644 --- a/inc/i10n/fr/syp.php +++ b/inc/i10n/fr/syp.php @@ -346,6 +346,21 @@ "Les mots de passe ne correspondent pas." , + "New password is the same as old password." + => + "Le nouveau mot de passe est le même que l'ancien" + , + + "Bad password." + => + "Mauvais mot de passe" + , + + "Password changed correctly." + => + "Mot de passe modifié correctement." + , + "User already exists in database." => "L'utilisateur existe déjà." @@ -361,6 +376,11 @@ "Déconnexion" , + "Change my password" + => + "Modifier mon mot de passe" + , + "Add a co-administrator" => "Ajouter un co-administrateur" @@ -376,6 +396,26 @@ "fermer" , + "current password:" + => + "mot de passe actuel :" + , + + "new password:" + => + "nouveau mot de passe :" + , + + "confirm new password:" + => + "confirmer le nouveau mot de passe :" + , + + "Validate password" + => + "Valider le mot de passe" + , + "user name:" => "nom d'utilisateur :" diff --git a/inc/templates_admin.php b/inc/templates_admin.php index 90bdb52..589ca5f 100644 --- a/inc/templates_admin.php +++ b/inc/templates_admin.php @@ -69,8 +69,11 @@ if (!$usrtblexists || !$itemstblexists) { UnconsistentError: "", DelSucces: "", UpdateSucces: "", + userPasswordmatchError: "", + changeSamePass: "", + changePassBadPass: "", + changePassSuccess: "", newUserNonameError: "", - newUserPasswordmatchError: "", newUserExistsError: "", newUserSuccess: "" }; @@ -103,12 +106,29 @@ if (!$usrtblexists || !$itemstblexists) {