Fix redirection on login and on forced password changes.

This commit is contained in:
dave 2010-07-15 09:18:02 +00:00
parent dd6228f5d7
commit ba2738b813
5 changed files with 58 additions and 51 deletions

View File

@ -504,13 +504,13 @@ function user_create($accounts_id, $conferences_id=0)
/* Perform some checks. Make sure the person is logged in, and that their
* password hasn't expired (the password_expired var is set in the login page)
*/
function user_auth_required($all_required, $one_required = array())
function user_auth_required($all_required = array(), $one_required = array())
{
global $config;
$ok = true;
unset($_SESSION['request_uri']);
if(!isset($_SESSION['roles'])) {
if(!isset($_SESSION['roles'] || !isset($_SESSION['users_id']))) {
message_push(error(i18n("You must login to view that page")));
$_SESSION['request_uri'] = $_SERVER['REQUEST_URI'];
header("location: {$config['SFIABDIRECTORY']}/user_login.php?type=$type");

View File

@ -23,15 +23,16 @@
*/
?>
<?
require_once("common.inc.php");
require_once("account.inc.php");
require_once("common.inc.php");
require_once("account.inc.php");
/* Make sure the user is logged in (accounts_id is set) */
if(!isset($_SESSION['accounts_id'])) {
/* Make sure the user is logged in with just an account (accounts_id is set),
* dont' call user_auth_required because they may not have a user */
if(!isset($_SESSION['accounts_id'])) {
message_push(error(i18n("You must login to view that page")));
header("location: {$config['SFIABDIRECTORY']}/index.php");
exit;
}
}
/* Superuser may edit this for any account, if the user is not a superuser, force
* the accounts_id to be whatever is in the session */
@ -42,12 +43,6 @@
$accounts_id = $_SESSION['accounts_id'];
}
if(array_key_exists('request_uri', $_SESSION))
$back_link = $_SESSION['request_uri'];
else
$back_link = "user_main.php";
unset($_SESSION['request_uri']);
function user_account_check_username($accounts_id, $username)
{
if(!account_valid_user($username)) return false;
@ -76,37 +71,38 @@ case 'save':
$username_link = ($_POST['username_link'] == 'yes') ? true : false;
$username = $username_link ? $email : trim($_POST['username']);
if($a['email'] != $email && $email != '') {
$save = true;
/* Change email */
if(!account_valid_email($email)) {
error_('Invalid email address');
$save = false;
if(array_key_exists('email', $_POST)) {
/* If this key doesn't exist, don't even try to update the email or the usename, the
* user is in a "must date their password" mode */
if($a['email'] != $email && $email != '') {
$save = true;
/* Change email */
if(!account_valid_email($email)) {
error_('Invalid email address');
$save = false;
}
if($save) {
// action_create_set_email($accounts_id, $email);
happy_("An email has been sent to %1 to confirm the new email address", array($email));
}
}
if($save) {
// action_create_set_email($accounts_id, $email);
happy_("An email has been sent to %1 to confirm the new email address", array($email));
/* Update link */
$x = ($a['link_username_to_email'] == 'yes') ? true : false;
if($x != $username_link) {
$l = $username_link ? 'yes' : 'no';
mysql_query("UPDATE accounts SET link_username_to_email='$l' WHERE id=$accounts_id");
}
}
$x = ($a['link_username_to_email'] == 'yes') ? true : false;
if($x != $username_link) {
$l = $username_link ? 'yes' : 'no';
mysql_query("UPDATE accounts SET link_username_to_email='$l' WHERE id=$accounts_id");
}
if($a['username'] != $username) {
$save = true;
/* Make sure it isn't in use */
$x = user_account_check_username($accounts_id, $username);
if($x == false) $save = false;
if($save) {
/* Update it */
$u = mysql_real_escape_string($username);
mysql_query("UPDATE accounts SET username='$u' WHERE id=$accounts_id");
happy_("Username updated");
/* Update username */
if($a['username'] != $username) {
if(user_account_check_username($accounts_id, $username)) {
/* Update it */
$u = mysql_real_escape_string($username);
mysql_query("UPDATE accounts SET username='$u' WHERE id=$accounts_id");
happy_("Username updated");
}
}
}
@ -119,6 +115,8 @@ case 'save':
id='$accounts_id' AND password='$pass'");
$save = false;
/* All of this, except matching the previous password, is checked
* by the form validator */
if(mysql_num_rows($q))
error_("You cannot choose the same password again. Please choose a different password");
else if($pass1 == '')
@ -134,6 +132,16 @@ case 'save':
happy_('Password has been successfully updated');
}
}
/* Forward to the request_uri if it's set */
if(isset($_SESSION['request_uri'])) {
$link = $_SESSION['request_uri'];
unset($_SESSION['request_uri']);
?>
<script type="text/javascript">
window.document.location="<?=$link?>";
</script>
<?
}
exit;
}
@ -153,12 +161,12 @@ case 'save':
$email = $a['email'];
$username_link = ($a['link_username_to_email'] == 'yes') ? 'checked="checked"' : '';
$username = $email;
$_SESSION['password_expired'] = true;
if($_SESSION['password_expired'] == true) {
echo notice(i18n('Your password has expired. You must choose a new password now.'));
echo error(i18n('Your password has expired. You must choose a new password now.'));
$d = 'disabled="disabled"';
$validator_passreq = 'required: true,';
echo "drect to: {$_SESSION['request_uri']}";;
}
?>

View File

@ -144,7 +144,7 @@ if(isset($_SESSION['accounts_id'])) {
$q = mysql_query("SELECT id FROM users WHERE accounts_id=$accounts_id AND conferences_id={$_SESSION['conferences_id']}");
if(mysql_num_rows($q) == 0) {
/* FIXME: this should probably just return false, but for now, see if there's an error */
echo "No user for that conference";
echo "No user {$accounts_id} for conference {$_SESSION['conferences_id']}";
exit;
}
if(mysql_num_rows($q) > 1) {
@ -193,7 +193,7 @@ if(isset($_SESSION['accounts_id'])) {
if($now > $expires) {
$_SESSION['password_expired'] = true;
} else {
unset($_SESSION['password_expired']);
unset($_SESSION['password_expired']);
}
}
/* If password_expired == true, the main page (or any

View File

@ -31,6 +31,8 @@
header("location: index.php");
exit;
}
user_auth_required();
$u = user_load($_SESSION['users_id']);

View File

@ -26,11 +26,8 @@
require_once("common.inc.php");
require_once("user.inc.php");
if(!isset($_SESSION['users_id'])) {
/* No user set, invalid session for editting a user */
echo "ERROR: session is invalid";
exit;
}
/* Ensure they're logged in as something, anything */
user_auth_required();
$user_personal_fields = array(
'salutation' => array('name' => 'Salutation'),