arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

Fix redirection on login and on forced password changes.

Browse Source
This commit is contained in:
dave 2010-07-15 09:18:02 +00:00
parent dd6228f5d7
commit ba2738b813
5 changed files with 58 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
user.inc.php
View File

@ -504,13 +504,13 @@ function user_create($accounts_id, $conferences_id=0)
/* Perform some checks. Make sure the person is logged in, and that their /* Perform some checks. Make sure the person is logged in, and that their
* password hasn't expired (the password_expired var is set in the login page) * password hasn't expired (the password_expired var is set in the login page)
*/ */
function user_auth_required($all_required, $one_required = array()) function user_auth_required($all_required = array(), $one_required = array())
{ {
global $config; global $config;
$ok = true; $ok = true;
unset($_SESSION['request_uri']); unset($_SESSION['request_uri']);
if(!isset($_SESSION['roles'])) { if(!isset($_SESSION['roles'] || !isset($_SESSION['users_id']))) {
message_push(error(i18n("You must login to view that page"))); message_push(error(i18n("You must login to view that page")));
$_SESSION['request_uri'] = $_SERVER['REQUEST_URI']; $_SESSION['request_uri'] = $_SERVER['REQUEST_URI'];
header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type"); header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type");

38
user_account.php
View File

@ -26,7 +26,8 @@
require_once("common.inc.php"); require_once("common.inc.php");
require_once("account.inc.php"); require_once("account.inc.php");
/* Make sure the user is logged in (accounts_id is set) */ /* Make sure the user is logged in with just an account (accounts_id is set),
* dont' call user_auth_required because they may not have a user */
if(!isset($_SESSION['accounts_id'])) { if(!isset($_SESSION['accounts_id'])) {
message_push(error(i18n("You must login to view that page"))); message_push(error(i18n("You must login to view that page")));
header("location: {$config['SFIABDIRECTORY']}/index.php"); header("location: {$config['SFIABDIRECTORY']}/index.php");
@ -42,12 +43,6 @@
$accounts_id = $_SESSION['accounts_id']; $accounts_id = $_SESSION['accounts_id'];
} }
if(array_key_exists('request_uri', $_SESSION))
$back_link = $_SESSION['request_uri'];
else
$back_link = "user_main.php";
unset($_SESSION['request_uri']);
function user_account_check_username($accounts_id, $username) function user_account_check_username($accounts_id, $username)
{ {
if(!account_valid_user($username)) return false; if(!account_valid_user($username)) return false;
@ -76,6 +71,9 @@ case 'save':
$username_link = ($_POST['username_link'] == 'yes') ? true : false; $username_link = ($_POST['username_link'] == 'yes') ? true : false;
$username = $username_link ? $email : trim($_POST['username']); $username = $username_link ? $email : trim($_POST['username']);
if(array_key_exists('email', $_POST)) {
/* If this key doesn't exist, don't even try to update the email or the usename, the
* user is in a "must date their password" mode */
if($a['email'] != $email && $email != '') { if($a['email'] != $email && $email != '') {
$save = true; $save = true;
/* Change email */ /* Change email */
@ -90,25 +88,23 @@ case 'save':
} }
} }
/* Update link */
$x = ($a['link_username_to_email'] == 'yes') ? true : false; $x = ($a['link_username_to_email'] == 'yes') ? true : false;
if($x != $username_link) { if($x != $username_link) {
$l = $username_link ? 'yes' : 'no'; $l = $username_link ? 'yes' : 'no';
mysql_query("UPDATE accounts SET link_username_to_email='$l' WHERE id=$accounts_id"); mysql_query("UPDATE accounts SET link_username_to_email='$l' WHERE id=$accounts_id");
} }
/* Update username */
if($a['username'] != $username) { if($a['username'] != $username) {
$save = true; if(user_account_check_username($accounts_id, $username)) {
/* Make sure it isn't in use */
$x = user_account_check_username($accounts_id, $username);
if($x == false) $save = false;
if($save) {
/* Update it */ /* Update it */
$u = mysql_real_escape_string($username); $u = mysql_real_escape_string($username);
mysql_query("UPDATE accounts SET username='$u' WHERE id=$accounts_id"); mysql_query("UPDATE accounts SET username='$u' WHERE id=$accounts_id");
happy_("Username updated"); happy_("Username updated");
} }
} }
}
$pass1 = $_POST['pass1']; $pass1 = $_POST['pass1'];
$pass2 = $_POST['pass2']; $pass2 = $_POST['pass2'];
@ -119,6 +115,8 @@ case 'save':
id='$accounts_id' AND password='$pass'"); id='$accounts_id' AND password='$pass'");
$save = false; $save = false;
/* All of this, except matching the previous password, is checked
* by the form validator */
if(mysql_num_rows($q)) if(mysql_num_rows($q))
error_("You cannot choose the same password again. Please choose a different password"); error_("You cannot choose the same password again. Please choose a different password");
else if($pass1 == '') else if($pass1 == '')
@ -134,6 +132,16 @@ case 'save':
happy_('Password has been successfully updated'); happy_('Password has been successfully updated');
} }
} }
/* Forward to the request_uri if it's set */
if(isset($_SESSION['request_uri'])) {
$link = $_SESSION['request_uri'];
unset($_SESSION['request_uri']);
?>
<script type="text/javascript">
window.document.location="<?=$link?>";
</script>
<?
}
exit; exit;
} }
@ -153,12 +161,12 @@ case 'save':
$email = $a['email']; $email = $a['email'];
$username_link = ($a['link_username_to_email'] == 'yes') ? 'checked="checked"' : ''; $username_link = ($a['link_username_to_email'] == 'yes') ? 'checked="checked"' : '';
$username = $email; $username = $email;
$_SESSION['password_expired'] = true;
if($_SESSION['password_expired'] == true) { if($_SESSION['password_expired'] == true) {
echo notice(i18n('Your password has expired. You must choose a new password now.')); echo error(i18n('Your password has expired. You must choose a new password now.'));
$d = 'disabled="disabled"'; $d = 'disabled="disabled"';
$validator_passreq = 'required: true,'; $validator_passreq = 'required: true,';
echo "drect to: {$_SESSION['request_uri']}";;
} }
?> ?>

2
user_login.php
View File

@ -144,7 +144,7 @@ if(isset($_SESSION['accounts_id'])) {
$q = mysql_query("SELECT id FROM users WHERE accounts_id=$accounts_id AND conferences_id={$_SESSION['conferences_id']}"); $q = mysql_query("SELECT id FROM users WHERE accounts_id=$accounts_id AND conferences_id={$_SESSION['conferences_id']}");
if(mysql_num_rows($q) == 0) { if(mysql_num_rows($q) == 0) {
/* FIXME: this should probably just return false, but for now, see if there's an error */ /* FIXME: this should probably just return false, but for now, see if there's an error */
echo "No user for that conference"; echo "No user {$accounts_id} for conference {$_SESSION['conferences_id']}";
exit; exit;
} }
if(mysql_num_rows($q) > 1) { if(mysql_num_rows($q) > 1) {

2
user_main.php
View File

@ -31,6 +31,8 @@
header("location: index.php"); header("location: index.php");
exit; exit;
} }
user_auth_required();
$u = user_load($_SESSION['users_id']); $u = user_load($_SESSION['users_id']);

7
user_personal.php
View File

@ -26,11 +26,8 @@
require_once("common.inc.php"); require_once("common.inc.php");
require_once("user.inc.php"); require_once("user.inc.php");
if(!isset($_SESSION['users_id'])) { /* Ensure they're logged in as something, anything */
/* No user set, invalid session for editting a user */ user_auth_required();
echo "ERROR: session is invalid";
exit;
}
$user_personal_fields = array( $user_personal_fields = array(
'salutation' => array('name' => 'Salutation'), 'salutation' => array('name' => 'Salutation'),