Currency choice in install.php + edit user available
This commit is contained in:
Phyks
parent
d97292ada3
commit
4beabd5df3
3
TODO
3
TODO
|
|
@ -3,6 +3,7 @@
|
|||
* tokens + ban system
|
||||
* remember me
|
||||
* Display names
|
||||
* htmlspecialchars
|
||||
|
||||
install.php :
|
||||
=============
|
||||
|
|
@ -12,5 +13,3 @@ install.php :
|
|||
index.php :
|
||||
===========
|
||||
* Delete user (+ check if not you)
|
||||
* Edit user
|
||||
* Create user
|
||||
|
|
|
|||
|
|
@ -118,9 +118,12 @@ class Storage {
|
|||
|
||||
$i = false;
|
||||
foreach($this->fields as $field=>$type) {
|
||||
if($i) { $query .= ','; } else { $i = true; }
|
||||
if(isset($this->$field))
|
||||
{
|
||||
if($i) { $query .= ','; } else { $i = true; }
|
||||
|
||||
$query .= $field.'=:'.$field;
|
||||
$query .= $field.'=:'.$field;
|
||||
}
|
||||
}
|
||||
|
||||
$query .= ' WHERE id='.$this->id;
|
||||
|
|
@ -139,9 +142,11 @@ class Storage {
|
|||
|
||||
$i = false;
|
||||
foreach($this->fields as $field=>$type) {
|
||||
if($i) { $query .= ','; } else { $i = true; }
|
||||
if(isset($this->$field)) {
|
||||
if($i) { $query .= ','; } else { $i = true; }
|
||||
|
||||
$query .= ':'.$field;
|
||||
$query .= ':'.$field;
|
||||
}
|
||||
}
|
||||
|
||||
$query .= ')';
|
||||
|
|
@ -151,7 +156,9 @@ class Storage {
|
|||
$query = $this->connection->prepare($query);
|
||||
|
||||
foreach($this->fields as $field=>$type) {
|
||||
$query->bindParam(':'.$field, $this->$field);
|
||||
if(!empty($this->$field)) {
|
||||
$query->bindParam(':'.$field, $this->$field);
|
||||
}
|
||||
}
|
||||
|
||||
$query->execute();
|
||||
|
|
|
|||
|
|
@ -72,7 +72,7 @@ class User extends Storage {
|
|||
|
||||
public function sessionRestore($data, $serialized = false) {
|
||||
if($serialized)
|
||||
$user_data = unserialize($serialized_data);
|
||||
$user_data = unserialize($data);
|
||||
else
|
||||
$user_data = $data;
|
||||
|
||||
|
|
@ -87,8 +87,8 @@ class User extends Storage {
|
|||
$users = $this->load();
|
||||
|
||||
foreach($users as $user) {
|
||||
$return[0] = new User();
|
||||
$return[0]->sessionRestore($user);
|
||||
$return[$user['id']] = new User();
|
||||
$return[$user['id']]->sessionRestore($user);
|
||||
}
|
||||
return $return;
|
||||
}
|
||||
|
|
|
|||
62
index.php
62
index.php
|
|
@ -1,4 +1,5 @@
|
|||
<?php
|
||||
// Include necessary files
|
||||
if(!file_exists('inc/config.php')) header('location: install.php');
|
||||
require_once('inc/config.php');
|
||||
require_once('inc/User.class.php');
|
||||
|
|
@ -6,32 +7,41 @@
|
|||
raintpl::$tpl_dir = 'tpl/';
|
||||
raintpl::$cache_dir = 'tmp/';
|
||||
|
||||
// Define raintpl instance
|
||||
$tpl = new raintpl();
|
||||
$tpl->assign('instance_title', htmlspecialchars(INSTANCE_TITLE));
|
||||
$tpl->assign('connection', false);
|
||||
$tpl->assign('notice', '');
|
||||
$tpl->assign('error', '');
|
||||
|
||||
|
||||
// Handle current user status
|
||||
session_start();
|
||||
$current_user = (isset($_SESSION['current_user']) ? unserialize($_SESSION['current_user']) : false);
|
||||
$tpl->assign('admin', ($current_user !== false) ? (int) $current_user['admin'] : 0);
|
||||
$current_user = new User();
|
||||
if(isset($_SESSION['current_user'])) {
|
||||
$current_user->sessionRestore($_SESSION['current_user'], true);
|
||||
}
|
||||
else {
|
||||
$current_user = false;
|
||||
}
|
||||
$tpl->assign('current_user', $current_user);
|
||||
|
||||
$usersManager = new User();
|
||||
|
||||
if($current_user === false && (empty($_GET['do']) OR $_GET['do'] != 'connect')) { //If not connected, go to connection page
|
||||
// If not connected, redirect to connection page
|
||||
if($current_user === false && (empty($_GET['do']) OR $_GET['do'] != 'connect')) {
|
||||
header('location: index.php?do=connect');
|
||||
}
|
||||
|
||||
// Initialize empty $_GET['do'] if required to avoid error
|
||||
if(empty($_GET['do'])) {
|
||||
$_GET['do'] = '';
|
||||
}
|
||||
|
||||
// Check what to do
|
||||
switch($_GET['do']) {
|
||||
case 'connect':
|
||||
if($current_user !== false) header('location: index.php');
|
||||
if($current_user !== false) {
|
||||
header('location: index.php');
|
||||
}
|
||||
if(!empty($_POST['login']) && !empty($_POST['password'])) {
|
||||
$current_user = new User();
|
||||
$current_user->setLogin($_POST['login']);
|
||||
if($current_user->exists($_POST['login']) && $current_user->checkPassword($_POST['password'])) {
|
||||
$_SESSION['current_user'] = $current_user->sessionStore();
|
||||
header('location: index.php');
|
||||
|
|
@ -56,10 +66,8 @@
|
|||
case 'password':
|
||||
if(!empty($_POST['password']) && !empty($_POST['password_confirm'])) {
|
||||
if($_POST['password'] == $_POST['password_confirm']) {
|
||||
$user = new User();
|
||||
$user->sessionRestore($current_user, false);
|
||||
$user->setPassword($user->encrypt($_POST['password']));
|
||||
$user->save();
|
||||
$current_user->setPassword($user->encrypt($_POST['password']));
|
||||
$current_user->save();
|
||||
|
||||
header('location: index.php');
|
||||
exit();
|
||||
|
|
@ -74,9 +82,25 @@
|
|||
|
||||
case 'edit_users':
|
||||
case 'add_user':
|
||||
if(!$current_user['admin']) {
|
||||
if(!$current_user->getAdmin()) {
|
||||
header('location: index.php');
|
||||
}
|
||||
|
||||
if(!empty($_POST['login']) && (!empty($_POST['password']) || !empty($_POST['user_id'])) && isset($_POST['admin'])) {
|
||||
$user = new User();
|
||||
if(!empty($_POST['user_id'])) {
|
||||
$user->setId($_POST['user_id']);
|
||||
}
|
||||
$user->setLogin($_POST['login']);
|
||||
if(!empty($_POST['password'])) {
|
||||
$user->setPassword($user->encrypt($_POST['password']));
|
||||
}
|
||||
$user->setAdmin($_POST['admin']);
|
||||
$user->save();
|
||||
|
||||
header('location: index.php?do=edit_users');
|
||||
exit();
|
||||
}
|
||||
|
||||
if(!empty($_GET['user_id']) || $_GET['do'] == 'add_user') {
|
||||
if(!empty($_GET['user_id'])) {
|
||||
|
|
@ -91,13 +115,23 @@
|
|||
else {
|
||||
$users_list = new User();
|
||||
$users_list = $users_list->load_users();
|
||||
|
||||
$tpl->assign('users', $users_list);
|
||||
$tpl->assign('view', 'list_users');
|
||||
}
|
||||
$tpl->assign('login_post', (!empty($_POST['login']) ? htmlspecialchars($_POST['login']) : ''));
|
||||
$tpl->assign('admin_post', (isset($_POST['admin']) ? (int) $_POST['admin'] : -1));
|
||||
$tpl->draw('edit_users');
|
||||
break;
|
||||
|
||||
case 'delete_user':
|
||||
if($_GET['user_id'] != $current_user->getId()) {
|
||||
$user = new User();
|
||||
$user->delete();
|
||||
|
||||
header('location: index.php');
|
||||
exit();
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
|
|
|
|||
|
|
@ -11,7 +11,7 @@
|
|||
$block_form = true;
|
||||
}
|
||||
|
||||
if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_db']) && !empty($_POST['admin_login']) && !empty($_POST['admin_password'])) {
|
||||
if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_db']) && !empty($_POST['admin_login']) && !empty($_POST['admin_password']) && !empty($_POST['currency'])) {
|
||||
$mysql_host = $_POST['mysql_host'];
|
||||
$mysql_login = $_POST['mysql_login'];
|
||||
$mysql_db = $_POST['mysql_db'];
|
||||
|
|
@ -50,7 +50,8 @@
|
|||
define('MYSQL_PREFIX', '".$mysql_prefix."');
|
||||
define('INSTANCE_TITLE', '".$instance_title."');
|
||||
define('BASE_URL', '".$_POST['base_url']."');
|
||||
define('SALT', '".$salt."');";
|
||||
define('SALT', '".$salt."');
|
||||
define('CURRENCY', '".$_POST['currency']."');";
|
||||
|
||||
if(file_put_contents("inc/config.php", $config)) {
|
||||
try {
|
||||
|
|
@ -110,6 +111,7 @@
|
|||
<label for="base_url">Base URL : </label><input type="text" size="30" name="base_url" id="base_url" value="<?php echo (!empty($_POST['base_url'])) ? htmlspecialchars($_POST['base_url']) : 'http'.(empty($_SERVER['HTTPS'])?'':'s').'://'.$_SERVER['SERVER_NAME'].str_replace("install.php", "", $_SERVER['REQUEST_URI']); ?>"/><br/>
|
||||
<em>Note :</em> This is the base URL from which you access this page. You must keep the trailing "/" in the above address.
|
||||
</p>
|
||||
<p><label for="currency">Currency : </label><input type="text" name="currency" id="currency" size="3"/></p>
|
||||
</fieldset>
|
||||
<fieldset>
|
||||
<legend>Administrator</legend>
|
||||
|
|
|
|||
|
|
@ -22,14 +22,14 @@
|
|||
<li><a href="index.php?do=new_invoice">Add a bill</a></li>
|
||||
<li><a href="index.php?do=password">Change your password</a></li>
|
||||
<li><a href="index.php?do=paybacks">See paybacks</a></li>
|
||||
<li><a href="index.php?do=disconnect">Disconnect</a></li>
|
||||
</ul>
|
||||
<?php if( $admin == 1 ){ ?>
|
||||
<?php if( $current_user->getAdmin() == 1 ){ ?>
|
||||
|
||||
<ul>
|
||||
<li><a href="index.php?do=manage_paybacks">Manage paybacks</a></li>
|
||||
<li><a href="index.php?do=edit_users">Edit users</a></li>
|
||||
<li><a href="index.php?do=edit_notics">Edit notice on homepage</a></li>
|
||||
<li><a href="index.php?do=disconnect">Disconnect</a></li>
|
||||
</ul>
|
||||
<?php } ?>
|
||||
|
||||
|
|
|
|||
|
|
@ -21,15 +21,15 @@
|
|||
<td>{$value->getLogin()}</td>
|
||||
<td>{$value->getAdmin() ? "Yes" : "No"}</td>
|
||||
<td><a href="index.php?do=edit_users&user_id={$value->getId()}">Edit</a></td>
|
||||
<td><a href="index.php?do=delete_user&user_id={$value->getId()}">Delete</a></td>
|
||||
<td>{if condition="$value->getId() != $current_user->getId()"}<a href="index.php?do=delete_user&user_id={$value->getId()}">Delete</a>{/if}</td>
|
||||
</tr>
|
||||
{/loop}
|
||||
</table>
|
||||
{elseif condition="$view == 'edit_user'"}
|
||||
<h2>Edit a user</h2>
|
||||
<form method="post" action="index.php" id="edit_user_form">
|
||||
<form method="post" action="index.php?do=add_user" id="edit_user_form">
|
||||
<p>
|
||||
<label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" {$user_id != -1 ? 'value="'.$user_data->getLogin().'"' : ''}/>
|
||||
<label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" {if condition="$login_post != ''"} value="{$login_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getLogin().'"' : ''} {/if}/>
|
||||
</p>
|
||||
<p>
|
||||
<label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/>
|
||||
|
|
@ -39,11 +39,12 @@
|
|||
</p>
|
||||
<p id="edit_user_admin_rights">
|
||||
Give admin rights to this user ?<br/>
|
||||
<input type="radio" id="admin_yes" name="admin" {if condition="$user_id != -1 && $user_data->getAdmin()"}checked{/if}/><label for="admin_yes">Yes</label><br/>
|
||||
<input type="radio" id="admin_no" id="admin" {if condition="$user_id == -1 || !$user_data->getAdmin()"}checked{/if}/><label for="admin_no">No</label>
|
||||
<input type="radio" id="admin_yes" value="1" name="admin" {if condition="$admin_post == 1 || ($admin_post == -1 && $user_id != -1 && $user_data->getAdmin())"} checked{/if}/><label for="admin_yes">Yes</label><br/>
|
||||
<input type="radio" id="admin_no" value="0" name="admin" {if condition="$admin_post == 0 || ($admin_post == -1 && ($user_id == -1 || !$user_data->getAdmin()))"} checked{/if}/><label for="admin_no">No</label>
|
||||
</p>
|
||||
<p class="center">
|
||||
<input type="submit" value="{$user_id != -1 ? 'Edit' : 'Add'}"/>
|
||||
{if condition="$user_id != -1"}<input type="hidden" name="user_id" value="{$user_id}"/>{/if}
|
||||
</p>
|
||||
</form>
|
||||
|
||||
|
|
|
|||
|
|
@ -19,13 +19,13 @@
|
|||
<li><a href="index.php?do=new_invoice">Add a bill</a></li>
|
||||
<li><a href="index.php?do=password">Change your password</a></li>
|
||||
<li><a href="index.php?do=paybacks">See paybacks</a></li>
|
||||
<li><a href="index.php?do=disconnect">Disconnect</a></li>
|
||||
</ul>
|
||||
{if condition="$admin == 1"}
|
||||
{if condition="$current_user->getAdmin() == 1"}
|
||||
<ul>
|
||||
<li><a href="index.php?do=manage_paybacks">Manage paybacks</a></li>
|
||||
<li><a href="index.php?do=edit_users">Edit users</a></li>
|
||||
<li><a href="index.php?do=edit_notics">Edit notice on homepage</a></li>
|
||||
<li><a href="index.php?do=disconnect">Disconnect</a></li>
|
||||
</ul>
|
||||
{/if}
|
||||
</div>
|
||||
|
|
|
|||
Loading…
Reference in New Issue