forked from science-ation/science-ation
Fix redirection on login and on forced password changes.
This commit is contained in:
parent
dd6228f5d7
commit
ba2738b813
@ -504,13 +504,13 @@ function user_create($accounts_id, $conferences_id=0)
|
||||
/* Perform some checks. Make sure the person is logged in, and that their
|
||||
* password hasn't expired (the password_expired var is set in the login page)
|
||||
*/
|
||||
function user_auth_required($all_required, $one_required = array())
|
||||
function user_auth_required($all_required = array(), $one_required = array())
|
||||
{
|
||||
global $config;
|
||||
$ok = true;
|
||||
|
||||
unset($_SESSION['request_uri']);
|
||||
if(!isset($_SESSION['roles'])) {
|
||||
if(!isset($_SESSION['roles'] || !isset($_SESSION['users_id']))) {
|
||||
message_push(error(i18n("You must login to view that page")));
|
||||
$_SESSION['request_uri'] = $_SERVER['REQUEST_URI'];
|
||||
header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type");
|
||||
|
@ -23,15 +23,16 @@
|
||||
*/
|
||||
?>
|
||||
<?
|
||||
require_once("common.inc.php");
|
||||
require_once("account.inc.php");
|
||||
require_once("common.inc.php");
|
||||
require_once("account.inc.php");
|
||||
|
||||
/* Make sure the user is logged in (accounts_id is set) */
|
||||
if(!isset($_SESSION['accounts_id'])) {
|
||||
/* Make sure the user is logged in with just an account (accounts_id is set),
|
||||
* dont' call user_auth_required because they may not have a user */
|
||||
if(!isset($_SESSION['accounts_id'])) {
|
||||
message_push(error(i18n("You must login to view that page")));
|
||||
header("location: {$config['SFIABDIRECTORY']}/index.php");
|
||||
exit;
|
||||
}
|
||||
}
|
||||
|
||||
/* Superuser may edit this for any account, if the user is not a superuser, force
|
||||
* the accounts_id to be whatever is in the session */
|
||||
@ -42,12 +43,6 @@
|
||||
$accounts_id = $_SESSION['accounts_id'];
|
||||
}
|
||||
|
||||
if(array_key_exists('request_uri', $_SESSION))
|
||||
$back_link = $_SESSION['request_uri'];
|
||||
else
|
||||
$back_link = "user_main.php";
|
||||
unset($_SESSION['request_uri']);
|
||||
|
||||
function user_account_check_username($accounts_id, $username)
|
||||
{
|
||||
if(!account_valid_user($username)) return false;
|
||||
@ -76,37 +71,38 @@ case 'save':
|
||||
$username_link = ($_POST['username_link'] == 'yes') ? true : false;
|
||||
$username = $username_link ? $email : trim($_POST['username']);
|
||||
|
||||
if($a['email'] != $email && $email != '') {
|
||||
$save = true;
|
||||
/* Change email */
|
||||
if(!account_valid_email($email)) {
|
||||
error_('Invalid email address');
|
||||
$save = false;
|
||||
if(array_key_exists('email', $_POST)) {
|
||||
/* If this key doesn't exist, don't even try to update the email or the usename, the
|
||||
* user is in a "must date their password" mode */
|
||||
if($a['email'] != $email && $email != '') {
|
||||
$save = true;
|
||||
/* Change email */
|
||||
if(!account_valid_email($email)) {
|
||||
error_('Invalid email address');
|
||||
$save = false;
|
||||
}
|
||||
|
||||
if($save) {
|
||||
// action_create_set_email($accounts_id, $email);
|
||||
happy_("An email has been sent to %1 to confirm the new email address", array($email));
|
||||
}
|
||||
}
|
||||
|
||||
if($save) {
|
||||
// action_create_set_email($accounts_id, $email);
|
||||
happy_("An email has been sent to %1 to confirm the new email address", array($email));
|
||||
/* Update link */
|
||||
$x = ($a['link_username_to_email'] == 'yes') ? true : false;
|
||||
if($x != $username_link) {
|
||||
$l = $username_link ? 'yes' : 'no';
|
||||
mysql_query("UPDATE accounts SET link_username_to_email='$l' WHERE id=$accounts_id");
|
||||
}
|
||||
}
|
||||
|
||||
$x = ($a['link_username_to_email'] == 'yes') ? true : false;
|
||||
if($x != $username_link) {
|
||||
$l = $username_link ? 'yes' : 'no';
|
||||
mysql_query("UPDATE accounts SET link_username_to_email='$l' WHERE id=$accounts_id");
|
||||
}
|
||||
|
||||
if($a['username'] != $username) {
|
||||
$save = true;
|
||||
/* Make sure it isn't in use */
|
||||
$x = user_account_check_username($accounts_id, $username);
|
||||
if($x == false) $save = false;
|
||||
|
||||
if($save) {
|
||||
/* Update it */
|
||||
$u = mysql_real_escape_string($username);
|
||||
mysql_query("UPDATE accounts SET username='$u' WHERE id=$accounts_id");
|
||||
happy_("Username updated");
|
||||
/* Update username */
|
||||
if($a['username'] != $username) {
|
||||
if(user_account_check_username($accounts_id, $username)) {
|
||||
/* Update it */
|
||||
$u = mysql_real_escape_string($username);
|
||||
mysql_query("UPDATE accounts SET username='$u' WHERE id=$accounts_id");
|
||||
happy_("Username updated");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -119,6 +115,8 @@ case 'save':
|
||||
id='$accounts_id' AND password='$pass'");
|
||||
|
||||
$save = false;
|
||||
/* All of this, except matching the previous password, is checked
|
||||
* by the form validator */
|
||||
if(mysql_num_rows($q))
|
||||
error_("You cannot choose the same password again. Please choose a different password");
|
||||
else if($pass1 == '')
|
||||
@ -134,6 +132,16 @@ case 'save':
|
||||
happy_('Password has been successfully updated');
|
||||
}
|
||||
}
|
||||
/* Forward to the request_uri if it's set */
|
||||
if(isset($_SESSION['request_uri'])) {
|
||||
$link = $_SESSION['request_uri'];
|
||||
unset($_SESSION['request_uri']);
|
||||
?>
|
||||
<script type="text/javascript">
|
||||
window.document.location="<?=$link?>";
|
||||
</script>
|
||||
<?
|
||||
}
|
||||
exit;
|
||||
}
|
||||
|
||||
@ -153,12 +161,12 @@ case 'save':
|
||||
$email = $a['email'];
|
||||
$username_link = ($a['link_username_to_email'] == 'yes') ? 'checked="checked"' : '';
|
||||
$username = $email;
|
||||
$_SESSION['password_expired'] = true;
|
||||
|
||||
if($_SESSION['password_expired'] == true) {
|
||||
echo notice(i18n('Your password has expired. You must choose a new password now.'));
|
||||
echo error(i18n('Your password has expired. You must choose a new password now.'));
|
||||
$d = 'disabled="disabled"';
|
||||
$validator_passreq = 'required: true,';
|
||||
echo "drect to: {$_SESSION['request_uri']}";;
|
||||
}
|
||||
|
||||
?>
|
||||
|
@ -144,7 +144,7 @@ if(isset($_SESSION['accounts_id'])) {
|
||||
$q = mysql_query("SELECT id FROM users WHERE accounts_id=$accounts_id AND conferences_id={$_SESSION['conferences_id']}");
|
||||
if(mysql_num_rows($q) == 0) {
|
||||
/* FIXME: this should probably just return false, but for now, see if there's an error */
|
||||
echo "No user for that conference";
|
||||
echo "No user {$accounts_id} for conference {$_SESSION['conferences_id']}";
|
||||
exit;
|
||||
}
|
||||
if(mysql_num_rows($q) > 1) {
|
||||
@ -193,7 +193,7 @@ if(isset($_SESSION['accounts_id'])) {
|
||||
if($now > $expires) {
|
||||
$_SESSION['password_expired'] = true;
|
||||
} else {
|
||||
unset($_SESSION['password_expired']);
|
||||
unset($_SESSION['password_expired']);
|
||||
}
|
||||
}
|
||||
/* If password_expired == true, the main page (or any
|
||||
|
@ -31,6 +31,8 @@
|
||||
header("location: index.php");
|
||||
exit;
|
||||
}
|
||||
user_auth_required();
|
||||
|
||||
|
||||
$u = user_load($_SESSION['users_id']);
|
||||
|
||||
|
@ -26,11 +26,8 @@
|
||||
require_once("common.inc.php");
|
||||
require_once("user.inc.php");
|
||||
|
||||
if(!isset($_SESSION['users_id'])) {
|
||||
/* No user set, invalid session for editting a user */
|
||||
echo "ERROR: session is invalid";
|
||||
exit;
|
||||
}
|
||||
/* Ensure they're logged in as something, anything */
|
||||
user_auth_required();
|
||||
|
||||
$user_personal_fields = array(
|
||||
'salutation' => array('name' => 'Salutation'),
|
||||
|
Loading…
Reference in New Issue
Block a user