arman/science-ation
1
1
Fork 0
forked from science-ation/science-ation
Code Pull Requests Activity

Fix redirection on login and on forced password changes.

Browse Source
This commit is contained in:
dave 2010-07-15 09:18:02 +00:00
parent dd6228f5d7
commit ba2738b813
5 changed files with 58 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
user.inc.php
View File

@ -504,13 +504,13 @@ function user_create($accounts_id, $conferences_id=0)
/* Perform some checks. Make sure the person is logged in, and that their /* Perform some checks. Make sure the person is logged in, and that their
* password hasn't expired (the password_expired var is set in the login page) * password hasn't expired (the password_expired var is set in the login page)
*/ */
function user_auth_required($all_required, $one_required = array()) function user_auth_required($all_required = array(), $one_required = array())
{ {
global $config; global $config;
$ok = true; $ok = true;
unset($_SESSION['request_uri']); unset($_SESSION['request_uri']);
if(!isset($_SESSION['roles'])) { if(!isset($_SESSION['roles'] || !isset($_SESSION['users_id']))) {
message_push(error(i18n("You must login to view that page"))); message_push(error(i18n("You must login to view that page")));
$_SESSION['request_uri'] = $_SERVER['REQUEST_URI']; $_SESSION['request_uri'] = $_SERVER['REQUEST_URI'];
header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type"); header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type");

92
user_account.php
View File

@ -23,15 +23,16 @@
*/ */
?> ?>
<? <?
require_once("common.inc.php"); require_once("common.inc.php");
require_once("account.inc.php"); require_once("account.inc.php");
/* Make sure the user is logged in (accounts_id is set) */ /* Make sure the user is logged in with just an account (accounts_id is set),
if(!isset($_SESSION['accounts_id'])) { * dont' call user_auth_required because they may not have a user */
if(!isset($_SESSION['accounts_id'])) {
message_push(error(i18n("You must login to view that page"))); message_push(error(i18n("You must login to view that page")));
header("location: {$config['SFIABDIRECTORY']}/index.php"); header("location: {$config['SFIABDIRECTORY']}/index.php");
exit; exit;
} }
/* Superuser may edit this for any account, if the user is not a superuser, force /* Superuser may edit this for any account, if the user is not a superuser, force
* the accounts_id to be whatever is in the session */ * the accounts_id to be whatever is in the session */
@ -42,12 +43,6 @@
$accounts_id = $_SESSION['accounts_id']; $accounts_id = $_SESSION['accounts_id'];
} }
if(array_key_exists('request_uri', $_SESSION))
$back_link = $_SESSION['request_uri'];
else
$back_link = "user_main.php";
unset($_SESSION['request_uri']);
function user_account_check_username($accounts_id, $username) function user_account_check_username($accounts_id, $username)
{ {
if(!account_valid_user($username)) return false; if(!account_valid_user($username)) return false;
@ -76,38 +71,39 @@ case 'save':
$username_link = ($_POST['username_link'] == 'yes') ? true : false; $username_link = ($_POST['username_link'] == 'yes') ? true : false;
$username = $username_link ? $email : trim($_POST['username']); $username = $username_link ? $email : trim($_POST['username']);
if($a['email'] != $email && $email != '') { if(array_key_exists('email', $_POST)) {
$save = true; /* If this key doesn't exist, don't even try to update the email or the usename, the
/* Change email */ * user is in a "must date their password" mode */
if(!account_valid_email($email)) { if($a['email'] != $email && $email != '') {
error_('Invalid email address'); $save = true;
$save = false; /* Change email */
if(!account_valid_email($email)) {
error_('Invalid email address');
$save = false;
}
if($save) {
// action_create_set_email($accounts_id, $email);
happy_("An email has been sent to %1 to confirm the new email address", array($email));
}
} }
if($save) { /* Update link */
// action_create_set_email($accounts_id, $email); $x = ($a['link_username_to_email'] == 'yes') ? true : false;
happy_("An email has been sent to %1 to confirm the new email address", array($email)); if($x != $username_link) {
} $l = $username_link ? 'yes' : 'no';
} mysql_query("UPDATE accounts SET link_username_to_email='$l' WHERE id=$accounts_id");
}
$x = ($a['link_username_to_email'] == 'yes') ? true : false; /* Update username */
if($x != $username_link) { if($a['username'] != $username) {
$l = $username_link ? 'yes' : 'no'; if(user_account_check_username($accounts_id, $username)) {
mysql_query("UPDATE accounts SET link_username_to_email='$l' WHERE id=$accounts_id"); /* Update it */
} $u = mysql_real_escape_string($username);
mysql_query("UPDATE accounts SET username='$u' WHERE id=$accounts_id");
if($a['username'] != $username) { happy_("Username updated");
$save = true; }
/* Make sure it isn't in use */ }
$x = user_account_check_username($accounts_id, $username);
if($x == false) $save = false;
if($save) {
/* Update it */
$u = mysql_real_escape_string($username);
mysql_query("UPDATE accounts SET username='$u' WHERE id=$accounts_id");
happy_("Username updated");
}
} }
$pass1 = $_POST['pass1']; $pass1 = $_POST['pass1'];
@ -119,6 +115,8 @@ case 'save':
id='$accounts_id' AND password='$pass'"); id='$accounts_id' AND password='$pass'");
$save = false; $save = false;
/* All of this, except matching the previous password, is checked
* by the form validator */
if(mysql_num_rows($q)) if(mysql_num_rows($q))
error_("You cannot choose the same password again. Please choose a different password"); error_("You cannot choose the same password again. Please choose a different password");
else if($pass1 == '') else if($pass1 == '')
@ -134,6 +132,16 @@ case 'save':
happy_('Password has been successfully updated'); happy_('Password has been successfully updated');
} }
} }
/* Forward to the request_uri if it's set */
if(isset($_SESSION['request_uri'])) {
$link = $_SESSION['request_uri'];
unset($_SESSION['request_uri']);
?>
<script type="text/javascript">
window.document.location="<?=$link?>";
</script>
<?
}
exit; exit;
} }
@ -153,12 +161,12 @@ case 'save':
$email = $a['email']; $email = $a['email'];
$username_link = ($a['link_username_to_email'] == 'yes') ? 'checked="checked"' : ''; $username_link = ($a['link_username_to_email'] == 'yes') ? 'checked="checked"' : '';
$username = $email; $username = $email;
$_SESSION['password_expired'] = true;
if($_SESSION['password_expired'] == true) { if($_SESSION['password_expired'] == true) {
echo notice(i18n('Your password has expired. You must choose a new password now.')); echo error(i18n('Your password has expired. You must choose a new password now.'));
$d = 'disabled="disabled"'; $d = 'disabled="disabled"';
$validator_passreq = 'required: true,'; $validator_passreq = 'required: true,';
echo "drect to: {$_SESSION['request_uri']}";;
} }
?> ?>

4
user_login.php
View File

@ -144,7 +144,7 @@ if(isset($_SESSION['accounts_id'])) {
$q = mysql_query("SELECT id FROM users WHERE accounts_id=$accounts_id AND conferences_id={$_SESSION['conferences_id']}"); $q = mysql_query("SELECT id FROM users WHERE accounts_id=$accounts_id AND conferences_id={$_SESSION['conferences_id']}");
if(mysql_num_rows($q) == 0) { if(mysql_num_rows($q) == 0) {
/* FIXME: this should probably just return false, but for now, see if there's an error */ /* FIXME: this should probably just return false, but for now, see if there's an error */
echo "No user for that conference"; echo "No user {$accounts_id} for conference {$_SESSION['conferences_id']}";
exit; exit;
} }
if(mysql_num_rows($q) > 1) { if(mysql_num_rows($q) > 1) {
@ -193,7 +193,7 @@ if(isset($_SESSION['accounts_id'])) {
if($now > $expires) { if($now > $expires) {
$_SESSION['password_expired'] = true; $_SESSION['password_expired'] = true;
} else { } else {
unset($_SESSION['password_expired']); unset($_SESSION['password_expired']);
} }
} }
/* If password_expired == true, the main page (or any /* If password_expired == true, the main page (or any

2
user_main.php
View File

@ -31,6 +31,8 @@
header("location: index.php"); header("location: index.php");
exit; exit;
} }
user_auth_required();
$u = user_load($_SESSION['users_id']); $u = user_load($_SESSION['users_id']);

7
user_personal.php
View File

@ -26,11 +26,8 @@
require_once("common.inc.php"); require_once("common.inc.php");
require_once("user.inc.php"); require_once("user.inc.php");
if(!isset($_SESSION['users_id'])) { /* Ensure they're logged in as something, anything */
/* No user set, invalid session for editting a user */ user_auth_required();
echo "ERROR: session is invalid";
exit;
}
$user_personal_fields = array( $user_personal_fields = array(
'salutation' => array('name' => 'Salutation'), 'salutation' => array('name' => 'Salutation'),