Currency choice in install.php + edit user available

This commit is contained in:
Phyks 2013-08-11 22:25:25 +02:00
parent d97292ada3
commit 4beabd5df3
8 changed files with 78 additions and 35 deletions

3
TODO
View File

@ -3,6 +3,7 @@
* tokens + ban system * tokens + ban system
* remember me * remember me
* Display names * Display names
* htmlspecialchars
install.php : install.php :
============= =============
@ -12,5 +13,3 @@ install.php :
index.php : index.php :
=========== ===========
* Delete user (+ check if not you) * Delete user (+ check if not you)
* Edit user
* Create user

View File

@ -118,10 +118,13 @@ class Storage {
$i = false; $i = false;
foreach($this->fields as $field=>$type) { foreach($this->fields as $field=>$type) {
if(isset($this->$field))
{
if($i) { $query .= ','; } else { $i = true; } if($i) { $query .= ','; } else { $i = true; }
$query .= $field.'=:'.$field; $query .= $field.'=:'.$field;
} }
}
$query .= ' WHERE id='.$this->id; $query .= ' WHERE id='.$this->id;
} }
@ -139,10 +142,12 @@ class Storage {
$i = false; $i = false;
foreach($this->fields as $field=>$type) { foreach($this->fields as $field=>$type) {
if(isset($this->$field)) {
if($i) { $query .= ','; } else { $i = true; } if($i) { $query .= ','; } else { $i = true; }
$query .= ':'.$field; $query .= ':'.$field;
} }
}
$query .= ')'; $query .= ')';
} }
@ -151,8 +156,10 @@ class Storage {
$query = $this->connection->prepare($query); $query = $this->connection->prepare($query);
foreach($this->fields as $field=>$type) { foreach($this->fields as $field=>$type) {
if(!empty($this->$field)) {
$query->bindParam(':'.$field, $this->$field); $query->bindParam(':'.$field, $this->$field);
} }
}
$query->execute(); $query->execute();

View File

@ -72,7 +72,7 @@ class User extends Storage {
public function sessionRestore($data, $serialized = false) { public function sessionRestore($data, $serialized = false) {
if($serialized) if($serialized)
$user_data = unserialize($serialized_data); $user_data = unserialize($data);
else else
$user_data = $data; $user_data = $data;
@ -87,8 +87,8 @@ class User extends Storage {
$users = $this->load(); $users = $this->load();
foreach($users as $user) { foreach($users as $user) {
$return[0] = new User(); $return[$user['id']] = new User();
$return[0]->sessionRestore($user); $return[$user['id']]->sessionRestore($user);
} }
return $return; return $return;
} }

View File

@ -1,4 +1,5 @@
<?php <?php
// Include necessary files
if(!file_exists('inc/config.php')) header('location: install.php'); if(!file_exists('inc/config.php')) header('location: install.php');
require_once('inc/config.php'); require_once('inc/config.php');
require_once('inc/User.class.php'); require_once('inc/User.class.php');
@ -6,32 +7,41 @@
raintpl::$tpl_dir = 'tpl/'; raintpl::$tpl_dir = 'tpl/';
raintpl::$cache_dir = 'tmp/'; raintpl::$cache_dir = 'tmp/';
// Define raintpl instance
$tpl = new raintpl(); $tpl = new raintpl();
$tpl->assign('instance_title', htmlspecialchars(INSTANCE_TITLE)); $tpl->assign('instance_title', htmlspecialchars(INSTANCE_TITLE));
$tpl->assign('connection', false); $tpl->assign('connection', false);
$tpl->assign('notice', ''); $tpl->assign('notice', '');
$tpl->assign('error', ''); $tpl->assign('error', '');
// Handle current user status
session_start(); session_start();
$current_user = (isset($_SESSION['current_user']) ? unserialize($_SESSION['current_user']) : false); $current_user = new User();
$tpl->assign('admin', ($current_user !== false) ? (int) $current_user['admin'] : 0); if(isset($_SESSION['current_user'])) {
$current_user->sessionRestore($_SESSION['current_user'], true);
}
else {
$current_user = false;
}
$tpl->assign('current_user', $current_user);
$usersManager = new User(); // If not connected, redirect to connection page
if($current_user === false && (empty($_GET['do']) OR $_GET['do'] != 'connect')) {
if($current_user === false && (empty($_GET['do']) OR $_GET['do'] != 'connect')) { //If not connected, go to connection page
header('location: index.php?do=connect'); header('location: index.php?do=connect');
} }
// Initialize empty $_GET['do'] if required to avoid error
if(empty($_GET['do'])) { if(empty($_GET['do'])) {
$_GET['do'] = ''; $_GET['do'] = '';
} }
// Check what to do
switch($_GET['do']) { switch($_GET['do']) {
case 'connect': case 'connect':
if($current_user !== false) header('location: index.php'); if($current_user !== false) {
header('location: index.php');
}
if(!empty($_POST['login']) && !empty($_POST['password'])) { if(!empty($_POST['login']) && !empty($_POST['password'])) {
$current_user = new User();
$current_user->setLogin($_POST['login']);
if($current_user->exists($_POST['login']) && $current_user->checkPassword($_POST['password'])) { if($current_user->exists($_POST['login']) && $current_user->checkPassword($_POST['password'])) {
$_SESSION['current_user'] = $current_user->sessionStore(); $_SESSION['current_user'] = $current_user->sessionStore();
header('location: index.php'); header('location: index.php');
@ -56,10 +66,8 @@
case 'password': case 'password':
if(!empty($_POST['password']) && !empty($_POST['password_confirm'])) { if(!empty($_POST['password']) && !empty($_POST['password_confirm'])) {
if($_POST['password'] == $_POST['password_confirm']) { if($_POST['password'] == $_POST['password_confirm']) {
$user = new User(); $current_user->setPassword($user->encrypt($_POST['password']));
$user->sessionRestore($current_user, false); $current_user->save();
$user->setPassword($user->encrypt($_POST['password']));
$user->save();
header('location: index.php'); header('location: index.php');
exit(); exit();
@ -74,10 +82,26 @@
case 'edit_users': case 'edit_users':
case 'add_user': case 'add_user':
if(!$current_user['admin']) { if(!$current_user->getAdmin()) {
header('location: index.php'); header('location: index.php');
} }
if(!empty($_POST['login']) && (!empty($_POST['password']) || !empty($_POST['user_id'])) && isset($_POST['admin'])) {
$user = new User();
if(!empty($_POST['user_id'])) {
$user->setId($_POST['user_id']);
}
$user->setLogin($_POST['login']);
if(!empty($_POST['password'])) {
$user->setPassword($user->encrypt($_POST['password']));
}
$user->setAdmin($_POST['admin']);
$user->save();
header('location: index.php?do=edit_users');
exit();
}
if(!empty($_GET['user_id']) || $_GET['do'] == 'add_user') { if(!empty($_GET['user_id']) || $_GET['do'] == 'add_user') {
if(!empty($_GET['user_id'])) { if(!empty($_GET['user_id'])) {
$user_id = (int) $_GET['user_id']; $user_id = (int) $_GET['user_id'];
@ -91,13 +115,23 @@
else { else {
$users_list = new User(); $users_list = new User();
$users_list = $users_list->load_users(); $users_list = $users_list->load_users();
$tpl->assign('users', $users_list); $tpl->assign('users', $users_list);
$tpl->assign('view', 'list_users'); $tpl->assign('view', 'list_users');
} }
$tpl->assign('login_post', (!empty($_POST['login']) ? htmlspecialchars($_POST['login']) : ''));
$tpl->assign('admin_post', (isset($_POST['admin']) ? (int) $_POST['admin'] : -1));
$tpl->draw('edit_users'); $tpl->draw('edit_users');
break; break;
case 'delete_user': case 'delete_user':
if($_GET['user_id'] != $current_user->getId()) {
$user = new User();
$user->delete();
header('location: index.php');
exit();
}
break; break;
default: default:

View File

@ -11,7 +11,7 @@
$block_form = true; $block_form = true;
} }
if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_db']) && !empty($_POST['admin_login']) && !empty($_POST['admin_password'])) { if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_db']) && !empty($_POST['admin_login']) && !empty($_POST['admin_password']) && !empty($_POST['currency'])) {
$mysql_host = $_POST['mysql_host']; $mysql_host = $_POST['mysql_host'];
$mysql_login = $_POST['mysql_login']; $mysql_login = $_POST['mysql_login'];
$mysql_db = $_POST['mysql_db']; $mysql_db = $_POST['mysql_db'];
@ -50,7 +50,8 @@
define('MYSQL_PREFIX', '".$mysql_prefix."'); define('MYSQL_PREFIX', '".$mysql_prefix."');
define('INSTANCE_TITLE', '".$instance_title."'); define('INSTANCE_TITLE', '".$instance_title."');
define('BASE_URL', '".$_POST['base_url']."'); define('BASE_URL', '".$_POST['base_url']."');
define('SALT', '".$salt."');"; define('SALT', '".$salt."');
define('CURRENCY', '".$_POST['currency']."');";
if(file_put_contents("inc/config.php", $config)) { if(file_put_contents("inc/config.php", $config)) {
try { try {
@ -110,6 +111,7 @@
<label for="base_url">Base URL : </label><input type="text" size="30" name="base_url" id="base_url" value="<?php echo (!empty($_POST['base_url'])) ? htmlspecialchars($_POST['base_url']) : 'http'.(empty($_SERVER['HTTPS'])?'':'s').'://'.$_SERVER['SERVER_NAME'].str_replace("install.php", "", $_SERVER['REQUEST_URI']); ?>"/><br/> <label for="base_url">Base URL : </label><input type="text" size="30" name="base_url" id="base_url" value="<?php echo (!empty($_POST['base_url'])) ? htmlspecialchars($_POST['base_url']) : 'http'.(empty($_SERVER['HTTPS'])?'':'s').'://'.$_SERVER['SERVER_NAME'].str_replace("install.php", "", $_SERVER['REQUEST_URI']); ?>"/><br/>
<em>Note :</em> This is the base URL from which you access this page. You must keep the trailing "/" in the above address. <em>Note :</em> This is the base URL from which you access this page. You must keep the trailing "/" in the above address.
</p> </p>
<p><label for="currency">Currency : </label><input type="text" name="currency" id="currency" size="3"/></p>
</fieldset> </fieldset>
<fieldset> <fieldset>
<legend>Administrator</legend> <legend>Administrator</legend>

View File

@ -22,14 +22,14 @@
<li><a href="index.php?do=new_invoice">Add a bill</a></li> <li><a href="index.php?do=new_invoice">Add a bill</a></li>
<li><a href="index.php?do=password">Change your password</a></li> <li><a href="index.php?do=password">Change your password</a></li>
<li><a href="index.php?do=paybacks">See paybacks</a></li> <li><a href="index.php?do=paybacks">See paybacks</a></li>
<li><a href="index.php?do=disconnect">Disconnect</a></li>
</ul> </ul>
<?php if( $admin == 1 ){ ?> <?php if( $current_user->getAdmin() == 1 ){ ?>
<ul> <ul>
<li><a href="index.php?do=manage_paybacks">Manage paybacks</a></li> <li><a href="index.php?do=manage_paybacks">Manage paybacks</a></li>
<li><a href="index.php?do=edit_users">Edit users</a></li> <li><a href="index.php?do=edit_users">Edit users</a></li>
<li><a href="index.php?do=edit_notics">Edit notice on homepage</a></li> <li><a href="index.php?do=edit_notics">Edit notice on homepage</a></li>
<li><a href="index.php?do=disconnect">Disconnect</a></li>
</ul> </ul>
<?php } ?> <?php } ?>

View File

@ -21,15 +21,15 @@
<td>{$value->getLogin()}</td> <td>{$value->getLogin()}</td>
<td>{$value->getAdmin() ? "Yes" : "No"}</td> <td>{$value->getAdmin() ? "Yes" : "No"}</td>
<td><a href="index.php?do=edit_users&user_id={$value->getId()}">Edit</a></td> <td><a href="index.php?do=edit_users&user_id={$value->getId()}">Edit</a></td>
<td><a href="index.php?do=delete_user&user_id={$value->getId()}">Delete</a></td> <td>{if condition="$value->getId() != $current_user->getId()"}<a href="index.php?do=delete_user&user_id={$value->getId()}">Delete</a>{/if}</td>
</tr> </tr>
{/loop} {/loop}
</table> </table>
{elseif condition="$view == 'edit_user'"} {elseif condition="$view == 'edit_user'"}
<h2>Edit a user</h2> <h2>Edit a user</h2>
<form method="post" action="index.php" id="edit_user_form"> <form method="post" action="index.php?do=add_user" id="edit_user_form">
<p> <p>
<label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" {$user_id != -1 ? 'value="'.$user_data->getLogin().'"' : ''}/> <label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" {if condition="$login_post != ''"} value="{$login_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getLogin().'"' : ''} {/if}/>
</p> </p>
<p> <p>
<label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/> <label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/>
@ -39,11 +39,12 @@
</p> </p>
<p id="edit_user_admin_rights"> <p id="edit_user_admin_rights">
Give admin rights to this user ?<br/> Give admin rights to this user ?<br/>
<input type="radio" id="admin_yes" name="admin" {if condition="$user_id != -1 && $user_data->getAdmin()"}checked{/if}/><label for="admin_yes">Yes</label><br/> <input type="radio" id="admin_yes" value="1" name="admin" {if condition="$admin_post == 1 || ($admin_post == -1 && $user_id != -1 && $user_data->getAdmin())"} checked{/if}/><label for="admin_yes">Yes</label><br/>
<input type="radio" id="admin_no" id="admin" {if condition="$user_id == -1 || !$user_data->getAdmin()"}checked{/if}/><label for="admin_no">No</label> <input type="radio" id="admin_no" value="0" name="admin" {if condition="$admin_post == 0 || ($admin_post == -1 && ($user_id == -1 || !$user_data->getAdmin()))"} checked{/if}/><label for="admin_no">No</label>
</p> </p>
<p class="center"> <p class="center">
<input type="submit" value="{$user_id != -1 ? 'Edit' : 'Add'}"/> <input type="submit" value="{$user_id != -1 ? 'Edit' : 'Add'}"/>
{if condition="$user_id != -1"}<input type="hidden" name="user_id" value="{$user_id}"/>{/if}
</p> </p>
</form> </form>

View File

@ -19,13 +19,13 @@
<li><a href="index.php?do=new_invoice">Add a bill</a></li> <li><a href="index.php?do=new_invoice">Add a bill</a></li>
<li><a href="index.php?do=password">Change your password</a></li> <li><a href="index.php?do=password">Change your password</a></li>
<li><a href="index.php?do=paybacks">See paybacks</a></li> <li><a href="index.php?do=paybacks">See paybacks</a></li>
<li><a href="index.php?do=disconnect">Disconnect</a></li>
</ul> </ul>
{if condition="$admin == 1"} {if condition="$current_user->getAdmin() == 1"}
<ul> <ul>
<li><a href="index.php?do=manage_paybacks">Manage paybacks</a></li> <li><a href="index.php?do=manage_paybacks">Manage paybacks</a></li>
<li><a href="index.php?do=edit_users">Edit users</a></li> <li><a href="index.php?do=edit_users">Edit users</a></li>
<li><a href="index.php?do=edit_notics">Edit notice on homepage</a></li> <li><a href="index.php?do=edit_notics">Edit notice on homepage</a></li>
<li><a href="index.php?do=disconnect">Disconnect</a></li>
</ul> </ul>
{/if} {/if}
</div> </div>