Merge with quitta-gsoc-2013

--HG-- branch : rc-botanic-webdev
12 years ago · 046a3c8231
parent fea7487a77 75ff3e1ed4
commit 046a3c8231
10 changed files with 307 additions and 61 deletions
--- a/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/users.php
+++ b/code/ryzom/tools/server/ryzom_ams/ams_lib/autoload/users.php
@ -9,10 +9,10 @@ class Users{
     */ 
     public function check_Register($values){
          // check values
-          if ( isset( $values["Username"] ) and isset( $values["Password"] ) and isset( $values["Email"] ) ){
+          if ( isset( $values["Username"] ) and isset( $values["Password"] ) and isset( $values["ConfirmPass"] ) and isset( $values["Email"] ) ){
               $user = Users::checkUser( $values["Username"] );
               $pass = Users::checkPassword( $values["Password"] );
-               $cpass = Users::confirmPassword($pass);
+               $cpass = Users::confirmPassword($pass,$values["Password"],$values["ConfirmPass"]);
               $email = Users::checkEmail( $values["Email"] );
          }else{
               $user = "";
@ -134,12 +134,13 @@ class Users{
     * @takes $pass
     * @return string Info: Verify's $_POST["Password"] is the same as $_POST["ConfirmPass"]
     */
-     private function confirmPassword($pass_result)
+     private function confirmPassword($pass_result,$pass,$confirmpass)
    {
-          if ( ( $_POST["Password"] ) != ( $_POST["ConfirmPass"] ) ){
+          if ($confirmpass==""){
             return "Passwords do not match.";
          }else if ($_POST["ConfirmPass"]==""){
             return "You have to fill in the confirmation password.";
          }
          else if ( ( $pass ) != ( $confirmpass ) ){
             return "Passwords do not match.";
          }else if($pass_result != "success"){
               return;
          }else{
@ -288,7 +289,7 @@ class Users{
               //make connection with and put into shard db
               global $cfg;
               $dbs = new DBLayer($cfg['db']['shard']);
-               $dbs->execute("INSERT INTO user (Login, Password, Email) VALUES (:name, :pass, :mail)",$values["params"]);
+               $dbs->execute("INSERT INTO user (Login, Password, Email) VALUES (:name, :pass, :mail)",$values);
               return "ok";
          }
          catch (PDOException $e) {
@ -305,6 +306,87 @@ class Users{
          } 
     }
     protected function checkLoginMatch($user,$pass){
          print('This is the base class!');
     }
     public function check_change_password($values){
          //if admin isn't changing others
          if(!$values['adminChangesOther']){
               if ( isset( $values["user"] ) and isset( $values["CurrentPass"] ) and isset( $values["ConfirmNewPass"] ) and isset( $values["NewPass"] ) ){
                    $match = $this->checkLoginMatch($values["user"],$values["CurrentPass"]);
                    $newpass = $this->checkPassword($values["NewPass"]);
                    $confpass = $this->confirmPassword($newpass,$values["NewPass"],$values["ConfirmNewPass"]);
               }else{
                    $match = "";
                    $newpass = "";
                    $confpass = "";
               }
          }else{
               //if admin is indeed changing someone!
               if ( isset( $values["user"] ) and isset( $values["ConfirmNewPass"] ) and isset( $values["NewPass"] ) ){
                    $newpass = $this->checkPassword($values["NewPass"]);
                    $confpass = $this->confirmPassword($newpass,$values["NewPass"],$values["ConfirmNewPass"]);
               }else{
                    $newpass = "";
                    $confpass = "";
               }
          }
          if (  !$values['adminChangesOther'] and ( $match != "fail" ) and ( $newpass == "success" ) and ( $confpass == "success" ) ){
               return "success";
          }else if($values['adminChangesOther'] and ( $newpass == "success" ) and ( $confpass == "success" ) ){
               return "success";
          }else{
               $pageElements = array(
                'newpass_error_message' => $newpass,
                'confirmnewpass_error_message' => $confpass
                );
               if(!$values['adminChangesOther']){
                    $pageElements['match_error_message'] = $match;
                    if ( $match != "fail" ){
                         $pageElements['MATCH_ERROR'] = 'FALSE';
                    }else{
                         $pageElements['MATCH_ERROR'] = 'TRUE';
                    }
               }
               if ( $newpass != "success" ){
                    $pageElements['NEWPASSWORD_ERROR'] = 'TRUE';
               }else{
                    $pageElements['NEWPASSWORD_ERROR'] = 'FALSE';
               }
               if ( $confpass != "success" ){
                    $pageElements['CNEWPASSWORD_ERROR'] = 'TRUE';
               }else{
                    $pageElements['CNEWPASSWORD_ERROR'] = 'FALSE';
               }
               return $pageElements;
          }
     }
     protected function setPassword($user, $pass){
           try {
               //make connection with and put into shard db
               global $cfg;
               $dbs = new DBLayer($cfg['db']['shard']);
               $dbs->execute("UPDATE user SET Password = :pass WHERE Login = :user ",$values);
               return "ok";
          }
          catch (PDOException $e) {
               //oh noooz, the shard is offline! Put in query queue at ams_lib db!
               /*try {
                    $dbl = new DBLayer($cfg['db']['lib']);  
                    $dbl->execute("INSERT INTO ams_querycache (type, query) VALUES (:type, :query)",array("type" => "createUser",
                    "query" => json_encode(array($values["name"],$values["pass"],$values["mail"]))));
                    return "shardoffline";
               }catch (PDOException $e) {
                    print_r($e);
                    return "liboffline";
               }*/
          } 
     }
 }
--- a/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php
@ -26,4 +26,52 @@ class WebUsers extends Users{
            $dbw = new DBLayer($cfg['db']['web']);
            return $dbw->execute("SELECT * FROM ams_user WHERE Email = :email",array('email' => $email))->rowCount();
     }
    /**
     * Function checkUserPassMatch
     *
     * @takes $username,$password
     * @return string Info: Returns true or false if a login match is found in the web db
     */
     public function checkLoginMatch($username,$password){
        global $cfg;
        $dbw = new DBLayer($cfg['db']['web']);
        $statement = $dbw->execute("SELECT * FROM ams_user WHERE Login=:user", array('user' => $username));
        $row = $statement->fetch();
        $salt = substr($row['Password'],0,2);
        $hashed_input_pass = crypt($password, $salt);
        if($hashed_input_pass == $row['Password']){
              return $row;
        }else{
              return "fail";
        }	
     }
    public function getUsername($id){
        global $cfg;
        $dbw = new DBLayer($cfg['db']['web']);
        $statement = $dbw->execute("SELECT * FROM ams_user WHERE UId=:id", array('id' => $id));
        $row = $statement->fetch();
        return $row['Login'];
    }
    public function isLoggedIn(){
        if(isset($_SESSION['user'])){
            return true;
        }
        return false;
    }
    public function isAdmin(){
        if(isset($_SESSION['permission']) && $_SESSION['permission'] == 2){
            return true;
        }
        return false;
    }
 }
--- a/code/ryzom/tools/server/ryzom_ams/www/html/func/add_user.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/add_user.php
@ -2,7 +2,7 @@
 function add_user(){
-     $params = Array('Username' =>  $_POST["Username"], 'Password' =>  $_POST["Password"], 'Email' =>  $_POST["Email"]);
+     $params = Array('Username' =>  $_POST["Username"], 'Password' =>  $_POST["Password"], 'ConfirmPass' =>  $_POST["ConfirmPass"], 'Email' =>  $_POST["Email"]);
     $webUser = new WebUsers;
     $result = $webUser->check_Register($params);
--- a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_password.php
@ -0,0 +1,68 @@
 <?php
 function change_password(){
    try{
        //if logged in
        if(WebUsers::isLoggedIn()){
            if(isset($_POST['target_id'])){
                $adminChangesOther = false;
                //if target_id is the same as session id or is admin
                if(  ($_POST['target_id'] == $_SESSION['id']) ||  WebUsers::isAdmin()  ){
                    if($_POST['target_id'] == $_SESSION['id']){
                        $target_username = $_SESSION['user'];
                    }else{
                        $target_username = WebUsers::getUsername($_POST['target_id']);
                        //isAdmin is true when it's the admin, but the target_id != own id
                        $adminChangesOther = true;
                        $_POST["CurrentPass"] = "dummypass";
                    }
                    $id = $_POST['target_id'];
                    $webUser = new WebUsers();
                    $params = Array( 'user' => $target_username, 'CurrentPass' => $_POST["CurrentPass"], 'NewPass' => $_POST["NewPass"], 'ConfirmNewPass' => $_POST["ConfirmNewPass"], 'adminChangesOther' => $adminChangesOther);
                    $result = $webUser->check_change_password($params);
                    if ($result == "success"){
                        //edit stuff into db
                        $hashpass = crypt($_POST["NewPass"], WebUsers::generateSALT());
                        print('success!');
                        exit;
                    }else{
                        $result['prevCurrentPass'] = $_POST["CurrentPass"];
                        $result['prevNewPass'] = $_POST["NewPass"];
                        $result['prevConfirmNewPass'] = $_POST["ConfirmNewPass"];
                        $result['permission'] = $_SESSION['permission'];
                        $result['no_visible_elements'] = 'FALSE';
                        $result['target_id'] = $_POST['target_id'];
                        if(isset($_GET['id'])){
                            if(WebUsers::isAdmin() && ($_POST['target_id'] != $_SESSION['id'])){
                                $result['isAdmin'] = "TRUE";
                            }
                        }
                        helpers :: loadtemplate( 'settings', $result);
                        exit;
                    }
                }else{
                    //ERROR: permission denied!
                }
            }else{
                //ERROR: The form was not filled in correclty
            }    
        }else{
            //ERROR: user is not logged in
            exit;
        }
    }catch (PDOException $e) {
         //go to error page or something, because can't access website db
         print_r($e);
         exit;
    }
 }
--- a/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/login.php
@ -5,16 +5,14 @@ function login(){
 	global $cfg;
 	try{
-		$dbw = new DBLayer($cfg['db']['web']);
+		$result = WebUsers::checkLoginMatch($_POST["Username"],$_POST["Password"]);
-		$statement = $dbw->execute("SELECT * FROM ams_user WHERE Login=:user", array('user' => $_POST['Username']));
+		if( $result != "fail"){
 		$row = $statement->fetch();
 		$salt = substr($row['Password'],0,2);
 		$hashed_input_pass = crypt($_POST["Password"], $salt);
 		if($hashed_input_pass == $row['Password']){
 			//handle successful login
 			$_SESSION['user'] = $_POST["Username"];
-			$_SESSION['permission'] = $row['Permission'];
+			$_SESSION['permission'] = $result['Permission'];
 			$_SESSION['id'] = $result['UId'];
 			print('id=');
 			print($_SESSION['id']);
 			//go back to the index page.
 			header( 'Location: index.php' );
 			exit;
--- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php
@ -0,0 +1,21 @@
 <?php
 function settings(){
    if(WebUsers::isLoggedIn()){
            //in case id-GET param set it's value as target_id, if no id-param is given, ue the session id.
            if(isset($_GET['id'])){
                if(WebUsers::isAdmin() && ($_GET['id']!= $_SESSION['id'])){
                    $result['isAdmin'] = "TRUE";
                }
                $result['target_id'] = $_GET['id'];
            }else{
                $result['target_id'] = $_SESSION['id'];
            }
            return $result;
    }else{
        //ERROR: not logged in!
        print("not logged in!");
        exit;
    }
 }
--- a/code/ryzom/tools/server/ryzom_ams/www/html/index_charisma.php
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/index_charisma.php
@ -77,17 +77,17 @@
 					</div>
 					<div class="box-content">
 						<ul class="nav nav-tabs" id="myTab">
-							<li class="active"><a href="#info">Info</a></li>
+							<li><a href="#info">Info</a></li>
-							<li><a href="#custom">Custom</a></li>
+							<li class="active"><a href="#custom">Custom</a></li>
 							<li><a href="#messages">Messages</a></li>
 						</ul>
 						<div id="myTabContent" class="tab-content">
-							<div class="tab-pane active" id="info">
+							<div class="tab-pane" id="info">
 								<h3>Charisma <small>a fully featued template</small></h3>
 								<p>Its a fully featured, responsive template for your admin panel. Its optimized for tablet and mobile phones. Scan the QR code below to view it in your mobile device.</p> <img alt="QR Code" class="charisma_qr center" src="img/qrcode136.png" />
 							</div>
-							<div class="tab-pane" id="custom">
+							<div class="tab-pane active" id="custom">
 								<h3>Custom <small>small text</small></h3>
 								<p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Curabitur bibendum ornare dolor.</p>
 								<p>Lorem ipsum dolor sit amet, consectetur adipiscing elit. Curabitur bibendum ornare dolor, quis ullamcorper ligula sodales at. Nulla tellus elit, varius non commodo eget, mattis vel eros. In sed ornare nulla. Donec consectetur, velit a pharetra ultricies, diam lorem lacinia risus, ac commodo orci erat eu massa. Sed sit amet nulla ipsum. Donec felis mauris, vulputate sed tempor at, aliquam a ligula. Pellentesque non pulvinar nisi.</p>
--- a/code/ryzom/tools/server/ryzom_ams/www/html/templates/layout_admin.tpl
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/templates/layout_admin.tpl
@ -2,6 +2,7 @@
 {block name=menu}
 	<li class="nav-header hidden-tablet">Main</li>
 	<li style="margin-left: -2px;"><a class="ajax-link" href="index.php"><i class="icon-home"></i><span class="hidden-tablet"> Dashboard</span></a></li>
        <li style="margin-left: -2px;"><a class="ajax-link" href="index.php?page=settings"><i class="icon-cog"></i><span class="hidden-tablet"> Settings</span></a></li>
 	<li class="nav-header hidden-tablet">Admin</li>
        <li style="margin-left: -2px;"><a class="ajax-link" href="index.php?page=libuserlist"><i class="icon-th-list"></i><span class="hidden-tablet"> Liblist</span></a></li>
        <li class="nav-header hidden-tablet">Actions</li>
--- a/code/ryzom/tools/server/ryzom_ams/www/html/templates/layout_user.tpl
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/templates/layout_user.tpl
@ -2,6 +2,7 @@
 {block name=menu}
    <li class="nav-header hidden-tablet">Main</li>
    <li style="margin-left: -2px;" class="active"><a class="ajax-link" href="index.php"><i class="icon-home"></i><span class="hidden-tablet"> Dashboard</span></a></li>
    <li style="margin-left: -2px;"><a class="ajax-link" href="index.php?page=settings"><i class="icon-cog"></i><span class="hidden-tablet"> Settings</span></a></li>
    <li style="margin-left: -2px;"><a class="ajax-link" href="index.php?page=userlist"><i class="icon-home"></i><span class="hidden-tablet"> Demo Userlist</span></a></li>
    <li class="nav-header hidden-tablet">Actions</li>
    <li style="margin-left: -2px;"><a href="?page=logout"><i class="icon-off"></i><span class="hidden-tablet"> Logout </span></a></li>
--- a/code/ryzom/tools/server/ryzom_ams/www/html/templates/settings.tpl
+++ b/code/ryzom/tools/server/ryzom_ams/www/html/templates/settings.tpl
@ -1,57 +1,57 @@
 {block name=content}
-	<div class="row-fluid">
+	<div class="row-fluid sortable ui-sortable">
-	<div class="box span12">
+		<div class="box span4">
-		<div class="box-header well">
+			<div class="box-header well" data-original-title="">
-			<h2><i class=" icon-user"></i> Settings</h2>
+				<h2><i class="icon-th"></i> Change Password</h2>
 				<div class="box-icon">
 					<a href="#" class="btn btn-minimize btn-round"><i class="icon-chevron-up"></i></a>
 					<a href="#" class="btn btn-close btn-round"><i class="icon-remove"></i></a>
 				</div>
 			</div>
 			<div class="box-content">
-			<ul class="nav nav-tabs" id="myTab">
+				<div class="row-fluid">
-				<li class="active"><a href="#info">Change Password</a></li>
+					<form id="changePassword" class="form-vertical" method="post" action="index.php?page=settings&id={$target_id}">
 				<li><a href="#custom">Change Email</a></li>
 				<li><a href="#messages">Change Info</a></li>
 			</ul>
 			<div id="myTabContent" class="tab-content">
 				<div class="tab-pane active" id="info">
 					<form id="changePassword" class="form-vertical" method="post" action="index.php">
 						<legend>Change Password</legend>
-						<div class="control-group">
+						{if !isset($isAdmin) or $isAdmin eq "FALSE"}
 							<div class="control-group {if isset($MATCH_ERROR) and $MATCH_ERROR eq "TRUE"}error{else if
 				isset($match_error_message) and $match_error_message neq "fail"}success{else}{/if}">
 							<label class="control-label">Current Password</label>
 								<div class="controls">
 								    <div class="input-prepend">
 									<span class="add-on" style="margin-left:5px;"><i class="icon-lock"></i></span>
-									<input type="password" class="input-xlarge" id="CurrentPass" name="CurrentPass" placeholder="Your current password">
+										<input type="password" class="input-xlarge" id="CurrentPass" name="CurrentPass" placeholder="Your current password" {if isset($prevCurrentPass)}value="{$prevCurrentPass}"{/if}>
 										{if isset($MATCH_ERROR) and $MATCH_ERROR eq "TRUE"}<span class="help-inline">The password is incorrect</span>{/if}
 								    </div>
 								</div>
 							</div>
-						
+						{/if}
-							<div class="control-group">
+							<div class="control-group {if isset($NEWPASSWORD_ERROR) and $NEWPASSWORD_ERROR eq "TRUE"}error{else if
 			isset($newpass_error_message) and $newpass_error_message eq "success"}success{else}{/if}">
 						<label class="control-label">New Password</label>
 							<div class="controls">
 							    <div class="input-prepend">
 								<span class="add-on" style="margin-left:5px;"><i class="icon-tag"></i></span>
-									<input type="password" class="input-xlarge" id="NewPass" name="NewPass" placeholder="Your new password">
+									<input type="password" class="input-xlarge" id="NewPass" name="NewPass" placeholder="Your new password"  {if isset($prevNewPass)}value="{$prevNewPass}"{/if}>
 									{if isset($NEWPASSWORD_ERROR) and $NEWPASSWORD_ERROR eq "TRUE"}<span class="help-inline">{$newpass_error_message}</span>{/if}
 							   </div>
 							</div>
 						</div>
-						<div class="control-group">
+						<div class="control-group {if isset($CNEWPASSWORD_ERROR) and $CNEWPASSWORD_ERROR eq "TRUE"}error{else if
 			isset($confirmnewpass_error_message) and $confirmnewpass_error_message eq "success"}success{else}{/if}">
 						<label class="control-label">Confirm New Password</label>
 							<div class="controls">
 							    <div class="input-prepend">
 								<span class="add-on" style="margin-left:5px;"><i class="icon-tags"></i></span>
-									<input type="password" class="input-xlarge" id="ConfirmNewPass" name="ConfirmNewPass" placeholder="Re-enter the new password">
+									<input type="password" class="input-xlarge" id="ConfirmNewPass" name="ConfirmNewPass" placeholder="Re-enter the new password"  {if isset($prevConfirmNewPass)}value="{$prevConfirmNewPass}"{/if}>
 									{if isset($CNEWPASSWORD_ERROR) and $CNEWPASSWORD_ERROR eq "TRUE"}<span class="help-inline">{$confirmnewpass_error_message}</span>{/if}
 							    </div>
 							</div>
 						</div>
 						<input type="hidden" name="function" value="change_password">
-						
+						<input type="hidden" name="target_id" value="{$target_id}">
 						<div class="control-group">
 							<label class="control-label"></label>
 							<div class="controls">
@ -60,7 +60,19 @@
 						</div>
 					</form>		
 				</div>                   
-				<div class="tab-pane" id="custom">
+			</div>
 		</div><!--/span-->
 		<div class="box span4">
 			<div class="box-header well" data-original-title="">
 				<h2><i class="icon-th"></i> Change Email</h2>
 				<div class="box-icon">
 					<a href="#" class="btn btn-minimize btn-round"><i class="icon-chevron-up"></i></a>
 					<a href="#" class="btn btn-close btn-round"><i class="icon-remove"></i></a>
 				</div>
 			</div>
 			<div class="box-content">
 				<div class="row-fluid">
 					<form id="changeEmail" class="form-vertical" method="post" action="index.php">
 						<legend>Change Email</legend>
 						<div class="control-group">
@ -81,7 +93,19 @@
 						</div>
 					</form>
 				</div>                   
-				<div class="tab-pane" id="messages">
+			</div>
 		</div><!--/span-->
 		<div class="box span4">
 			<div class="box-header well" data-original-title="">
 				<h2><i class="icon-th"></i> Change Info</h2>
 				<div class="box-icon">
 					<a href="#" class="btn btn-minimize btn-round"><i class="icon-chevron-up"></i></a>
 					<a href="#" class="btn btn-close btn-round"><i class="icon-remove"></i></a>
 				</div>
 			</div>
 			<div class="box-content">
 				<div class="row-fluid">
 					<form id="changeEmail" class="form-vertical" method="post" action="index.php">
 						<legend>Change Info</legend>
@ -109,6 +133,7 @@
 						<label class="control-label">Country</label>
 							<div class="controls">
 								 <select>
 									<option value="AA" selected="selected">Select one</option>
 									<option value="AF">Afghanistan</option>
 									<option value="AX">Åland Islands</option>
 									<option value="AL">Albania</option>
@ -393,8 +418,10 @@
 					</form>
 				</div>                   
 			</div>
 		</div>
 		</div><!--/span-->
-	</div>
+	</div><!--/row-->
 {/block}