Currency choice in install.php + edit user available
This commit is contained in:
parent
d97292ada3
commit
4beabd5df3
3
TODO
3
TODO
@ -3,6 +3,7 @@
|
|||||||
* tokens + ban system
|
* tokens + ban system
|
||||||
* remember me
|
* remember me
|
||||||
* Display names
|
* Display names
|
||||||
|
* htmlspecialchars
|
||||||
|
|
||||||
install.php :
|
install.php :
|
||||||
=============
|
=============
|
||||||
@ -12,5 +13,3 @@ install.php :
|
|||||||
index.php :
|
index.php :
|
||||||
===========
|
===========
|
||||||
* Delete user (+ check if not you)
|
* Delete user (+ check if not you)
|
||||||
* Edit user
|
|
||||||
* Create user
|
|
||||||
|
@ -118,9 +118,12 @@ class Storage {
|
|||||||
|
|
||||||
$i = false;
|
$i = false;
|
||||||
foreach($this->fields as $field=>$type) {
|
foreach($this->fields as $field=>$type) {
|
||||||
if($i) { $query .= ','; } else { $i = true; }
|
if(isset($this->$field))
|
||||||
|
{
|
||||||
|
if($i) { $query .= ','; } else { $i = true; }
|
||||||
|
|
||||||
$query .= $field.'=:'.$field;
|
$query .= $field.'=:'.$field;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$query .= ' WHERE id='.$this->id;
|
$query .= ' WHERE id='.$this->id;
|
||||||
@ -139,9 +142,11 @@ class Storage {
|
|||||||
|
|
||||||
$i = false;
|
$i = false;
|
||||||
foreach($this->fields as $field=>$type) {
|
foreach($this->fields as $field=>$type) {
|
||||||
if($i) { $query .= ','; } else { $i = true; }
|
if(isset($this->$field)) {
|
||||||
|
if($i) { $query .= ','; } else { $i = true; }
|
||||||
|
|
||||||
$query .= ':'.$field;
|
$query .= ':'.$field;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$query .= ')';
|
$query .= ')';
|
||||||
@ -151,7 +156,9 @@ class Storage {
|
|||||||
$query = $this->connection->prepare($query);
|
$query = $this->connection->prepare($query);
|
||||||
|
|
||||||
foreach($this->fields as $field=>$type) {
|
foreach($this->fields as $field=>$type) {
|
||||||
$query->bindParam(':'.$field, $this->$field);
|
if(!empty($this->$field)) {
|
||||||
|
$query->bindParam(':'.$field, $this->$field);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$query->execute();
|
$query->execute();
|
||||||
|
@ -72,7 +72,7 @@ class User extends Storage {
|
|||||||
|
|
||||||
public function sessionRestore($data, $serialized = false) {
|
public function sessionRestore($data, $serialized = false) {
|
||||||
if($serialized)
|
if($serialized)
|
||||||
$user_data = unserialize($serialized_data);
|
$user_data = unserialize($data);
|
||||||
else
|
else
|
||||||
$user_data = $data;
|
$user_data = $data;
|
||||||
|
|
||||||
@ -87,8 +87,8 @@ class User extends Storage {
|
|||||||
$users = $this->load();
|
$users = $this->load();
|
||||||
|
|
||||||
foreach($users as $user) {
|
foreach($users as $user) {
|
||||||
$return[0] = new User();
|
$return[$user['id']] = new User();
|
||||||
$return[0]->sessionRestore($user);
|
$return[$user['id']]->sessionRestore($user);
|
||||||
}
|
}
|
||||||
return $return;
|
return $return;
|
||||||
}
|
}
|
||||||
|
60
index.php
60
index.php
@ -1,4 +1,5 @@
|
|||||||
<?php
|
<?php
|
||||||
|
// Include necessary files
|
||||||
if(!file_exists('inc/config.php')) header('location: install.php');
|
if(!file_exists('inc/config.php')) header('location: install.php');
|
||||||
require_once('inc/config.php');
|
require_once('inc/config.php');
|
||||||
require_once('inc/User.class.php');
|
require_once('inc/User.class.php');
|
||||||
@ -6,32 +7,41 @@
|
|||||||
raintpl::$tpl_dir = 'tpl/';
|
raintpl::$tpl_dir = 'tpl/';
|
||||||
raintpl::$cache_dir = 'tmp/';
|
raintpl::$cache_dir = 'tmp/';
|
||||||
|
|
||||||
|
// Define raintpl instance
|
||||||
$tpl = new raintpl();
|
$tpl = new raintpl();
|
||||||
$tpl->assign('instance_title', htmlspecialchars(INSTANCE_TITLE));
|
$tpl->assign('instance_title', htmlspecialchars(INSTANCE_TITLE));
|
||||||
$tpl->assign('connection', false);
|
$tpl->assign('connection', false);
|
||||||
$tpl->assign('notice', '');
|
$tpl->assign('notice', '');
|
||||||
$tpl->assign('error', '');
|
$tpl->assign('error', '');
|
||||||
|
|
||||||
|
// Handle current user status
|
||||||
session_start();
|
session_start();
|
||||||
$current_user = (isset($_SESSION['current_user']) ? unserialize($_SESSION['current_user']) : false);
|
$current_user = new User();
|
||||||
$tpl->assign('admin', ($current_user !== false) ? (int) $current_user['admin'] : 0);
|
if(isset($_SESSION['current_user'])) {
|
||||||
|
$current_user->sessionRestore($_SESSION['current_user'], true);
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$current_user = false;
|
||||||
|
}
|
||||||
|
$tpl->assign('current_user', $current_user);
|
||||||
|
|
||||||
$usersManager = new User();
|
// If not connected, redirect to connection page
|
||||||
|
if($current_user === false && (empty($_GET['do']) OR $_GET['do'] != 'connect')) {
|
||||||
if($current_user === false && (empty($_GET['do']) OR $_GET['do'] != 'connect')) { //If not connected, go to connection page
|
|
||||||
header('location: index.php?do=connect');
|
header('location: index.php?do=connect');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Initialize empty $_GET['do'] if required to avoid error
|
||||||
if(empty($_GET['do'])) {
|
if(empty($_GET['do'])) {
|
||||||
$_GET['do'] = '';
|
$_GET['do'] = '';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Check what to do
|
||||||
switch($_GET['do']) {
|
switch($_GET['do']) {
|
||||||
case 'connect':
|
case 'connect':
|
||||||
if($current_user !== false) header('location: index.php');
|
if($current_user !== false) {
|
||||||
|
header('location: index.php');
|
||||||
|
}
|
||||||
if(!empty($_POST['login']) && !empty($_POST['password'])) {
|
if(!empty($_POST['login']) && !empty($_POST['password'])) {
|
||||||
$current_user = new User();
|
|
||||||
$current_user->setLogin($_POST['login']);
|
|
||||||
if($current_user->exists($_POST['login']) && $current_user->checkPassword($_POST['password'])) {
|
if($current_user->exists($_POST['login']) && $current_user->checkPassword($_POST['password'])) {
|
||||||
$_SESSION['current_user'] = $current_user->sessionStore();
|
$_SESSION['current_user'] = $current_user->sessionStore();
|
||||||
header('location: index.php');
|
header('location: index.php');
|
||||||
@ -56,10 +66,8 @@
|
|||||||
case 'password':
|
case 'password':
|
||||||
if(!empty($_POST['password']) && !empty($_POST['password_confirm'])) {
|
if(!empty($_POST['password']) && !empty($_POST['password_confirm'])) {
|
||||||
if($_POST['password'] == $_POST['password_confirm']) {
|
if($_POST['password'] == $_POST['password_confirm']) {
|
||||||
$user = new User();
|
$current_user->setPassword($user->encrypt($_POST['password']));
|
||||||
$user->sessionRestore($current_user, false);
|
$current_user->save();
|
||||||
$user->setPassword($user->encrypt($_POST['password']));
|
|
||||||
$user->save();
|
|
||||||
|
|
||||||
header('location: index.php');
|
header('location: index.php');
|
||||||
exit();
|
exit();
|
||||||
@ -74,10 +82,26 @@
|
|||||||
|
|
||||||
case 'edit_users':
|
case 'edit_users':
|
||||||
case 'add_user':
|
case 'add_user':
|
||||||
if(!$current_user['admin']) {
|
if(!$current_user->getAdmin()) {
|
||||||
header('location: index.php');
|
header('location: index.php');
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(!empty($_POST['login']) && (!empty($_POST['password']) || !empty($_POST['user_id'])) && isset($_POST['admin'])) {
|
||||||
|
$user = new User();
|
||||||
|
if(!empty($_POST['user_id'])) {
|
||||||
|
$user->setId($_POST['user_id']);
|
||||||
|
}
|
||||||
|
$user->setLogin($_POST['login']);
|
||||||
|
if(!empty($_POST['password'])) {
|
||||||
|
$user->setPassword($user->encrypt($_POST['password']));
|
||||||
|
}
|
||||||
|
$user->setAdmin($_POST['admin']);
|
||||||
|
$user->save();
|
||||||
|
|
||||||
|
header('location: index.php?do=edit_users');
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
if(!empty($_GET['user_id']) || $_GET['do'] == 'add_user') {
|
if(!empty($_GET['user_id']) || $_GET['do'] == 'add_user') {
|
||||||
if(!empty($_GET['user_id'])) {
|
if(!empty($_GET['user_id'])) {
|
||||||
$user_id = (int) $_GET['user_id'];
|
$user_id = (int) $_GET['user_id'];
|
||||||
@ -91,13 +115,23 @@
|
|||||||
else {
|
else {
|
||||||
$users_list = new User();
|
$users_list = new User();
|
||||||
$users_list = $users_list->load_users();
|
$users_list = $users_list->load_users();
|
||||||
|
|
||||||
$tpl->assign('users', $users_list);
|
$tpl->assign('users', $users_list);
|
||||||
$tpl->assign('view', 'list_users');
|
$tpl->assign('view', 'list_users');
|
||||||
}
|
}
|
||||||
|
$tpl->assign('login_post', (!empty($_POST['login']) ? htmlspecialchars($_POST['login']) : ''));
|
||||||
|
$tpl->assign('admin_post', (isset($_POST['admin']) ? (int) $_POST['admin'] : -1));
|
||||||
$tpl->draw('edit_users');
|
$tpl->draw('edit_users');
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case 'delete_user':
|
case 'delete_user':
|
||||||
|
if($_GET['user_id'] != $current_user->getId()) {
|
||||||
|
$user = new User();
|
||||||
|
$user->delete();
|
||||||
|
|
||||||
|
header('location: index.php');
|
||||||
|
exit();
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
default:
|
default:
|
||||||
|
@ -11,7 +11,7 @@
|
|||||||
$block_form = true;
|
$block_form = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_db']) && !empty($_POST['admin_login']) && !empty($_POST['admin_password'])) {
|
if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_db']) && !empty($_POST['admin_login']) && !empty($_POST['admin_password']) && !empty($_POST['currency'])) {
|
||||||
$mysql_host = $_POST['mysql_host'];
|
$mysql_host = $_POST['mysql_host'];
|
||||||
$mysql_login = $_POST['mysql_login'];
|
$mysql_login = $_POST['mysql_login'];
|
||||||
$mysql_db = $_POST['mysql_db'];
|
$mysql_db = $_POST['mysql_db'];
|
||||||
@ -50,7 +50,8 @@
|
|||||||
define('MYSQL_PREFIX', '".$mysql_prefix."');
|
define('MYSQL_PREFIX', '".$mysql_prefix."');
|
||||||
define('INSTANCE_TITLE', '".$instance_title."');
|
define('INSTANCE_TITLE', '".$instance_title."');
|
||||||
define('BASE_URL', '".$_POST['base_url']."');
|
define('BASE_URL', '".$_POST['base_url']."');
|
||||||
define('SALT', '".$salt."');";
|
define('SALT', '".$salt."');
|
||||||
|
define('CURRENCY', '".$_POST['currency']."');";
|
||||||
|
|
||||||
if(file_put_contents("inc/config.php", $config)) {
|
if(file_put_contents("inc/config.php", $config)) {
|
||||||
try {
|
try {
|
||||||
@ -110,6 +111,7 @@
|
|||||||
<label for="base_url">Base URL : </label><input type="text" size="30" name="base_url" id="base_url" value="<?php echo (!empty($_POST['base_url'])) ? htmlspecialchars($_POST['base_url']) : 'http'.(empty($_SERVER['HTTPS'])?'':'s').'://'.$_SERVER['SERVER_NAME'].str_replace("install.php", "", $_SERVER['REQUEST_URI']); ?>"/><br/>
|
<label for="base_url">Base URL : </label><input type="text" size="30" name="base_url" id="base_url" value="<?php echo (!empty($_POST['base_url'])) ? htmlspecialchars($_POST['base_url']) : 'http'.(empty($_SERVER['HTTPS'])?'':'s').'://'.$_SERVER['SERVER_NAME'].str_replace("install.php", "", $_SERVER['REQUEST_URI']); ?>"/><br/>
|
||||||
<em>Note :</em> This is the base URL from which you access this page. You must keep the trailing "/" in the above address.
|
<em>Note :</em> This is the base URL from which you access this page. You must keep the trailing "/" in the above address.
|
||||||
</p>
|
</p>
|
||||||
|
<p><label for="currency">Currency : </label><input type="text" name="currency" id="currency" size="3"/></p>
|
||||||
</fieldset>
|
</fieldset>
|
||||||
<fieldset>
|
<fieldset>
|
||||||
<legend>Administrator</legend>
|
<legend>Administrator</legend>
|
||||||
|
@ -22,14 +22,14 @@
|
|||||||
<li><a href="index.php?do=new_invoice">Add a bill</a></li>
|
<li><a href="index.php?do=new_invoice">Add a bill</a></li>
|
||||||
<li><a href="index.php?do=password">Change your password</a></li>
|
<li><a href="index.php?do=password">Change your password</a></li>
|
||||||
<li><a href="index.php?do=paybacks">See paybacks</a></li>
|
<li><a href="index.php?do=paybacks">See paybacks</a></li>
|
||||||
|
<li><a href="index.php?do=disconnect">Disconnect</a></li>
|
||||||
</ul>
|
</ul>
|
||||||
<?php if( $admin == 1 ){ ?>
|
<?php if( $current_user->getAdmin() == 1 ){ ?>
|
||||||
|
|
||||||
<ul>
|
<ul>
|
||||||
<li><a href="index.php?do=manage_paybacks">Manage paybacks</a></li>
|
<li><a href="index.php?do=manage_paybacks">Manage paybacks</a></li>
|
||||||
<li><a href="index.php?do=edit_users">Edit users</a></li>
|
<li><a href="index.php?do=edit_users">Edit users</a></li>
|
||||||
<li><a href="index.php?do=edit_notics">Edit notice on homepage</a></li>
|
<li><a href="index.php?do=edit_notics">Edit notice on homepage</a></li>
|
||||||
<li><a href="index.php?do=disconnect">Disconnect</a></li>
|
|
||||||
</ul>
|
</ul>
|
||||||
<?php } ?>
|
<?php } ?>
|
||||||
|
|
||||||
|
@ -21,15 +21,15 @@
|
|||||||
<td>{$value->getLogin()}</td>
|
<td>{$value->getLogin()}</td>
|
||||||
<td>{$value->getAdmin() ? "Yes" : "No"}</td>
|
<td>{$value->getAdmin() ? "Yes" : "No"}</td>
|
||||||
<td><a href="index.php?do=edit_users&user_id={$value->getId()}">Edit</a></td>
|
<td><a href="index.php?do=edit_users&user_id={$value->getId()}">Edit</a></td>
|
||||||
<td><a href="index.php?do=delete_user&user_id={$value->getId()}">Delete</a></td>
|
<td>{if condition="$value->getId() != $current_user->getId()"}<a href="index.php?do=delete_user&user_id={$value->getId()}">Delete</a>{/if}</td>
|
||||||
</tr>
|
</tr>
|
||||||
{/loop}
|
{/loop}
|
||||||
</table>
|
</table>
|
||||||
{elseif condition="$view == 'edit_user'"}
|
{elseif condition="$view == 'edit_user'"}
|
||||||
<h2>Edit a user</h2>
|
<h2>Edit a user</h2>
|
||||||
<form method="post" action="index.php" id="edit_user_form">
|
<form method="post" action="index.php?do=add_user" id="edit_user_form">
|
||||||
<p>
|
<p>
|
||||||
<label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" {$user_id != -1 ? 'value="'.$user_data->getLogin().'"' : ''}/>
|
<label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" {if condition="$login_post != ''"} value="{$login_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getLogin().'"' : ''} {/if}/>
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
<label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/>
|
<label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/>
|
||||||
@ -39,11 +39,12 @@
|
|||||||
</p>
|
</p>
|
||||||
<p id="edit_user_admin_rights">
|
<p id="edit_user_admin_rights">
|
||||||
Give admin rights to this user ?<br/>
|
Give admin rights to this user ?<br/>
|
||||||
<input type="radio" id="admin_yes" name="admin" {if condition="$user_id != -1 && $user_data->getAdmin()"}checked{/if}/><label for="admin_yes">Yes</label><br/>
|
<input type="radio" id="admin_yes" value="1" name="admin" {if condition="$admin_post == 1 || ($admin_post == -1 && $user_id != -1 && $user_data->getAdmin())"} checked{/if}/><label for="admin_yes">Yes</label><br/>
|
||||||
<input type="radio" id="admin_no" id="admin" {if condition="$user_id == -1 || !$user_data->getAdmin()"}checked{/if}/><label for="admin_no">No</label>
|
<input type="radio" id="admin_no" value="0" name="admin" {if condition="$admin_post == 0 || ($admin_post == -1 && ($user_id == -1 || !$user_data->getAdmin()))"} checked{/if}/><label for="admin_no">No</label>
|
||||||
</p>
|
</p>
|
||||||
<p class="center">
|
<p class="center">
|
||||||
<input type="submit" value="{$user_id != -1 ? 'Edit' : 'Add'}"/>
|
<input type="submit" value="{$user_id != -1 ? 'Edit' : 'Add'}"/>
|
||||||
|
{if condition="$user_id != -1"}<input type="hidden" name="user_id" value="{$user_id}"/>{/if}
|
||||||
</p>
|
</p>
|
||||||
</form>
|
</form>
|
||||||
|
|
||||||
|
@ -19,13 +19,13 @@
|
|||||||
<li><a href="index.php?do=new_invoice">Add a bill</a></li>
|
<li><a href="index.php?do=new_invoice">Add a bill</a></li>
|
||||||
<li><a href="index.php?do=password">Change your password</a></li>
|
<li><a href="index.php?do=password">Change your password</a></li>
|
||||||
<li><a href="index.php?do=paybacks">See paybacks</a></li>
|
<li><a href="index.php?do=paybacks">See paybacks</a></li>
|
||||||
|
<li><a href="index.php?do=disconnect">Disconnect</a></li>
|
||||||
</ul>
|
</ul>
|
||||||
{if condition="$admin == 1"}
|
{if condition="$current_user->getAdmin() == 1"}
|
||||||
<ul>
|
<ul>
|
||||||
<li><a href="index.php?do=manage_paybacks">Manage paybacks</a></li>
|
<li><a href="index.php?do=manage_paybacks">Manage paybacks</a></li>
|
||||||
<li><a href="index.php?do=edit_users">Edit users</a></li>
|
<li><a href="index.php?do=edit_users">Edit users</a></li>
|
||||||
<li><a href="index.php?do=edit_notics">Edit notice on homepage</a></li>
|
<li><a href="index.php?do=edit_notics">Edit notice on homepage</a></li>
|
||||||
<li><a href="index.php?do=disconnect">Disconnect</a></li>
|
|
||||||
</ul>
|
</ul>
|
||||||
{/if}
|
{/if}
|
||||||
</div>
|
</div>
|
||||||
|
Loading…
Reference in New Issue
Block a user