Currency choice in install.php + edit user available

This commit is contained in:
Phyks 2013-08-11 22:25:25 +02:00
parent d97292ada3
commit 4beabd5df3
8 changed files with 78 additions and 35 deletions

3
TODO
View File

@ -3,6 +3,7 @@
* tokens + ban system
* remember me
* Display names
* htmlspecialchars
install.php :
=============
@ -12,5 +13,3 @@ install.php :
index.php :
===========
* Delete user (+ check if not you)
* Edit user
* Create user

View File

@ -118,9 +118,12 @@ class Storage {
$i = false;
foreach($this->fields as $field=>$type) {
if($i) { $query .= ','; } else { $i = true; }
if(isset($this->$field))
{
if($i) { $query .= ','; } else { $i = true; }
$query .= $field.'=:'.$field;
$query .= $field.'=:'.$field;
}
}
$query .= ' WHERE id='.$this->id;
@ -139,9 +142,11 @@ class Storage {
$i = false;
foreach($this->fields as $field=>$type) {
if($i) { $query .= ','; } else { $i = true; }
if(isset($this->$field)) {
if($i) { $query .= ','; } else { $i = true; }
$query .= ':'.$field;
$query .= ':'.$field;
}
}
$query .= ')';
@ -151,7 +156,9 @@ class Storage {
$query = $this->connection->prepare($query);
foreach($this->fields as $field=>$type) {
$query->bindParam(':'.$field, $this->$field);
if(!empty($this->$field)) {
$query->bindParam(':'.$field, $this->$field);
}
}
$query->execute();

View File

@ -72,7 +72,7 @@ class User extends Storage {
public function sessionRestore($data, $serialized = false) {
if($serialized)
$user_data = unserialize($serialized_data);
$user_data = unserialize($data);
else
$user_data = $data;
@ -87,8 +87,8 @@ class User extends Storage {
$users = $this->load();
foreach($users as $user) {
$return[0] = new User();
$return[0]->sessionRestore($user);
$return[$user['id']] = new User();
$return[$user['id']]->sessionRestore($user);
}
return $return;
}

View File

@ -1,4 +1,5 @@
<?php
// Include necessary files
if(!file_exists('inc/config.php')) header('location: install.php');
require_once('inc/config.php');
require_once('inc/User.class.php');
@ -6,32 +7,41 @@
raintpl::$tpl_dir = 'tpl/';
raintpl::$cache_dir = 'tmp/';
// Define raintpl instance
$tpl = new raintpl();
$tpl->assign('instance_title', htmlspecialchars(INSTANCE_TITLE));
$tpl->assign('connection', false);
$tpl->assign('notice', '');
$tpl->assign('error', '');
// Handle current user status
session_start();
$current_user = (isset($_SESSION['current_user']) ? unserialize($_SESSION['current_user']) : false);
$tpl->assign('admin', ($current_user !== false) ? (int) $current_user['admin'] : 0);
$current_user = new User();
if(isset($_SESSION['current_user'])) {
$current_user->sessionRestore($_SESSION['current_user'], true);
}
else {
$current_user = false;
}
$tpl->assign('current_user', $current_user);
$usersManager = new User();
if($current_user === false && (empty($_GET['do']) OR $_GET['do'] != 'connect')) { //If not connected, go to connection page
// If not connected, redirect to connection page
if($current_user === false && (empty($_GET['do']) OR $_GET['do'] != 'connect')) {
header('location: index.php?do=connect');
}
// Initialize empty $_GET['do'] if required to avoid error
if(empty($_GET['do'])) {
$_GET['do'] = '';
}
// Check what to do
switch($_GET['do']) {
case 'connect':
if($current_user !== false) header('location: index.php');
if($current_user !== false) {
header('location: index.php');
}
if(!empty($_POST['login']) && !empty($_POST['password'])) {
$current_user = new User();
$current_user->setLogin($_POST['login']);
if($current_user->exists($_POST['login']) && $current_user->checkPassword($_POST['password'])) {
$_SESSION['current_user'] = $current_user->sessionStore();
header('location: index.php');
@ -56,10 +66,8 @@
case 'password':
if(!empty($_POST['password']) && !empty($_POST['password_confirm'])) {
if($_POST['password'] == $_POST['password_confirm']) {
$user = new User();
$user->sessionRestore($current_user, false);
$user->setPassword($user->encrypt($_POST['password']));
$user->save();
$current_user->setPassword($user->encrypt($_POST['password']));
$current_user->save();
header('location: index.php');
exit();
@ -74,9 +82,25 @@
case 'edit_users':
case 'add_user':
if(!$current_user['admin']) {
if(!$current_user->getAdmin()) {
header('location: index.php');
}
if(!empty($_POST['login']) && (!empty($_POST['password']) || !empty($_POST['user_id'])) && isset($_POST['admin'])) {
$user = new User();
if(!empty($_POST['user_id'])) {
$user->setId($_POST['user_id']);
}
$user->setLogin($_POST['login']);
if(!empty($_POST['password'])) {
$user->setPassword($user->encrypt($_POST['password']));
}
$user->setAdmin($_POST['admin']);
$user->save();
header('location: index.php?do=edit_users');
exit();
}
if(!empty($_GET['user_id']) || $_GET['do'] == 'add_user') {
if(!empty($_GET['user_id'])) {
@ -91,13 +115,23 @@
else {
$users_list = new User();
$users_list = $users_list->load_users();
$tpl->assign('users', $users_list);
$tpl->assign('view', 'list_users');
}
$tpl->assign('login_post', (!empty($_POST['login']) ? htmlspecialchars($_POST['login']) : ''));
$tpl->assign('admin_post', (isset($_POST['admin']) ? (int) $_POST['admin'] : -1));
$tpl->draw('edit_users');
break;
case 'delete_user':
if($_GET['user_id'] != $current_user->getId()) {
$user = new User();
$user->delete();
header('location: index.php');
exit();
}
break;
default:

View File

@ -11,7 +11,7 @@
$block_form = true;
}
if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_db']) && !empty($_POST['admin_login']) && !empty($_POST['admin_password'])) {
if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_db']) && !empty($_POST['admin_login']) && !empty($_POST['admin_password']) && !empty($_POST['currency'])) {
$mysql_host = $_POST['mysql_host'];
$mysql_login = $_POST['mysql_login'];
$mysql_db = $_POST['mysql_db'];
@ -50,7 +50,8 @@
define('MYSQL_PREFIX', '".$mysql_prefix."');
define('INSTANCE_TITLE', '".$instance_title."');
define('BASE_URL', '".$_POST['base_url']."');
define('SALT', '".$salt."');";
define('SALT', '".$salt."');
define('CURRENCY', '".$_POST['currency']."');";
if(file_put_contents("inc/config.php", $config)) {
try {
@ -110,6 +111,7 @@
<label for="base_url">Base URL : </label><input type="text" size="30" name="base_url" id="base_url" value="<?php echo (!empty($_POST['base_url'])) ? htmlspecialchars($_POST['base_url']) : 'http'.(empty($_SERVER['HTTPS'])?'':'s').'://'.$_SERVER['SERVER_NAME'].str_replace("install.php", "", $_SERVER['REQUEST_URI']); ?>"/><br/>
<em>Note :</em> This is the base URL from which you access this page. You must keep the trailing "/" in the above address.
</p>
<p><label for="currency">Currency : </label><input type="text" name="currency" id="currency" size="3"/></p>
</fieldset>
<fieldset>
<legend>Administrator</legend>

View File

@ -22,14 +22,14 @@
<li><a href="index.php?do=new_invoice">Add a bill</a></li>
<li><a href="index.php?do=password">Change your password</a></li>
<li><a href="index.php?do=paybacks">See paybacks</a></li>
<li><a href="index.php?do=disconnect">Disconnect</a></li>
</ul>
<?php if( $admin == 1 ){ ?>
<?php if( $current_user->getAdmin() == 1 ){ ?>
<ul>
<li><a href="index.php?do=manage_paybacks">Manage paybacks</a></li>
<li><a href="index.php?do=edit_users">Edit users</a></li>
<li><a href="index.php?do=edit_notics">Edit notice on homepage</a></li>
<li><a href="index.php?do=disconnect">Disconnect</a></li>
</ul>
<?php } ?>

View File

@ -21,15 +21,15 @@
<td>{$value->getLogin()}</td>
<td>{$value->getAdmin() ? "Yes" : "No"}</td>
<td><a href="index.php?do=edit_users&user_id={$value->getId()}">Edit</a></td>
<td><a href="index.php?do=delete_user&user_id={$value->getId()}">Delete</a></td>
<td>{if condition="$value->getId() != $current_user->getId()"}<a href="index.php?do=delete_user&user_id={$value->getId()}">Delete</a>{/if}</td>
</tr>
{/loop}
</table>
{elseif condition="$view == 'edit_user'"}
<h2>Edit a user</h2>
<form method="post" action="index.php" id="edit_user_form">
<form method="post" action="index.php?do=add_user" id="edit_user_form">
<p>
<label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" {$user_id != -1 ? 'value="'.$user_data->getLogin().'"' : ''}/>
<label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" {if condition="$login_post != ''"} value="{$login_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getLogin().'"' : ''} {/if}/>
</p>
<p>
<label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/>
@ -39,11 +39,12 @@
</p>
<p id="edit_user_admin_rights">
Give admin rights to this user ?<br/>
<input type="radio" id="admin_yes" name="admin" {if condition="$user_id != -1 && $user_data->getAdmin()"}checked{/if}/><label for="admin_yes">Yes</label><br/>
<input type="radio" id="admin_no" id="admin" {if condition="$user_id == -1 || !$user_data->getAdmin()"}checked{/if}/><label for="admin_no">No</label>
<input type="radio" id="admin_yes" value="1" name="admin" {if condition="$admin_post == 1 || ($admin_post == -1 && $user_id != -1 && $user_data->getAdmin())"} checked{/if}/><label for="admin_yes">Yes</label><br/>
<input type="radio" id="admin_no" value="0" name="admin" {if condition="$admin_post == 0 || ($admin_post == -1 && ($user_id == -1 || !$user_data->getAdmin()))"} checked{/if}/><label for="admin_no">No</label>
</p>
<p class="center">
<input type="submit" value="{$user_id != -1 ? 'Edit' : 'Add'}"/>
{if condition="$user_id != -1"}<input type="hidden" name="user_id" value="{$user_id}"/>{/if}
</p>
</form>

View File

@ -19,13 +19,13 @@
<li><a href="index.php?do=new_invoice">Add a bill</a></li>
<li><a href="index.php?do=password">Change your password</a></li>
<li><a href="index.php?do=paybacks">See paybacks</a></li>
<li><a href="index.php?do=disconnect">Disconnect</a></li>
</ul>
{if condition="$admin == 1"}
{if condition="$current_user->getAdmin() == 1"}
<ul>
<li><a href="index.php?do=manage_paybacks">Manage paybacks</a></li>
<li><a href="index.php?do=edit_users">Edit users</a></li>
<li><a href="index.php?do=edit_notics">Edit notice on homepage</a></li>
<li><a href="index.php?do=disconnect">Disconnect</a></li>
</ul>
{/if}
</div>