Bug corrections
This commit is contained in:
Phyks
parent
eda37541b3
commit
8272ffb725
15
TODO
15
TODO
@ -17,3 +17,18 @@ inc/Invoices.class.php :
|
||||
|
||||
Manage paybacks :
|
||||
=================
|
||||
* TODO : Payback system
|
||||
|
||||
Tests :
|
||||
=======
|
||||
* Remember me ?
|
||||
* Add a bill
|
||||
* Edit a bill
|
||||
* Change settings
|
||||
|
||||
Tests passed (quick tests) :
|
||||
============================
|
||||
* Connection form
|
||||
* Edit notice
|
||||
* Add / Edit user
|
||||
* Change password
|
||||
|
||||
@ -65,7 +65,7 @@ class User extends Storage {
|
||||
$user_data = $this->load(array('login'=>$this->login));
|
||||
if(count($user_data) == 1) {
|
||||
$this->setId($user_data[0]['id']);
|
||||
$this->setDisplayName($user_data[0]['admin']);
|
||||
$this->setDisplayName($user_data[0]['display_name']);
|
||||
$this->setAdmin($user_data[0]['admin']);
|
||||
$this->setPassword($user_data[0]['password']);
|
||||
|
||||
@ -122,7 +122,7 @@ class User extends Storage {
|
||||
}
|
||||
|
||||
public function isUnique() {
|
||||
if(count($this->load_users(array('login'=>$this->login))) == 0) {
|
||||
if(count($this->load_users(array('login'=>$this->login))) == 0 && count($this->load_users(array('display_name'=>$this->display_name)))) {
|
||||
return true;
|
||||
}
|
||||
else {
|
||||
|
||||
133
index.php
133
index.php
@ -118,17 +118,23 @@
|
||||
case 'password':
|
||||
if(!empty($_POST['password']) && !empty($_POST['password_confirm'])) {
|
||||
if($_POST['password'] == $_POST['password_confirm']) {
|
||||
$current_user->setPassword($current_user->encrypt($_POST['password']));
|
||||
$current_user->save();
|
||||
if(check_token(600, 'password')) {
|
||||
$current_user->setPassword($current_user->encrypt($_POST['password']));
|
||||
$current_user->save();
|
||||
|
||||
header('location: index.php');
|
||||
exit();
|
||||
header('location: index.php');
|
||||
exit();
|
||||
}
|
||||
else {
|
||||
$tpl->assign('error', 'Token error. Please resubmit the form.');
|
||||
}
|
||||
}
|
||||
else {
|
||||
$tpl->assign('error', 'The content of the two password fields doesn\'t match.');
|
||||
}
|
||||
}
|
||||
$tpl->assign('view', 'password');
|
||||
$tpl->assign('token', generate_token('password'));
|
||||
$tpl->draw('edit_users');
|
||||
break;
|
||||
|
||||
@ -140,7 +146,7 @@
|
||||
}
|
||||
|
||||
if(!empty($_POST['login']) && !empty($_POST['display_name']) && (!empty($_POST['password']) || !empty($_POST['user_id'])) && isset($_POST['admin'])) {
|
||||
if(check_token('edit_users')) {
|
||||
if(check_token(600, 'edit_users')) {
|
||||
$user = new User();
|
||||
if(!empty($_POST['user_id'])) {
|
||||
$user->setId($_POST['user_id']);
|
||||
@ -152,15 +158,18 @@
|
||||
}
|
||||
$user->setAdmin($_POST['admin']);
|
||||
|
||||
if($user->isUnique()) {
|
||||
if(!empty($_POST['user_id']) || $user->isUnique()) {
|
||||
$user->save();
|
||||
header('location: index.php?do=edit_users');
|
||||
exit();
|
||||
}
|
||||
else {
|
||||
$tpl->assign('error', 'A user with the same login exists. Choose a different login.');
|
||||
$tpl->assign('error', 'A user with the same login or display name already exists. Choose a different login.');
|
||||
}
|
||||
}
|
||||
else {
|
||||
$tpl->assign('error', 'Token error. Please resubmit the form.');
|
||||
}
|
||||
}
|
||||
|
||||
if(!empty($_GET['user_id']) || $_GET['do'] == 'add_user') {
|
||||
@ -212,41 +221,46 @@
|
||||
break;
|
||||
|
||||
case 'settings':
|
||||
if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_db']) && !empty($_POST['currency']) && !empty($_POST['instance_title']) && !empty($_POST['base_url']) && !empty($_POST['timezone']) && !empty($_POST['email_webmaster']) && check_token(600, 'settings')) {
|
||||
if(!is_writable('data/')) {
|
||||
$tpl>assign('error', 'The script can\'t write in data/ dir, check permissions set on this folder.');
|
||||
}
|
||||
$config = file('data/config.php');
|
||||
if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_db']) && !empty($_POST['currency']) && !empty($_POST['instance_title']) && !empty($_POST['base_url']) && !empty($_POST['timezone']) && !empty($_POST['email_webmaster'])) {
|
||||
if(check_token(600, 'settings')) {
|
||||
if(!is_writable('data/')) {
|
||||
$tpl>assign('error', 'The script can\'t write in data/ dir, check permissions set on this folder.');
|
||||
}
|
||||
$config = file('data/config.php');
|
||||
|
||||
foreach($config as $line_number=>$line) {
|
||||
if(strpos($line, "MYSQL_HOST") !== FALSE)
|
||||
$config[$line_number] = "\tdefine('MYSQL_HOST', '".$_POST['mysql_host']."');\n";
|
||||
elseif(strpos($line, "MYSQL_LOGIN") !== FALSE)
|
||||
$config[$line_number] = "\tdefine('MYSQL_LOGIN', '".$_POST['mysql_login']."');\n";
|
||||
elseif(strpos($line, "MYSQL_PASSWORD") !== FALSE && !empty($_POST['mysql_password']))
|
||||
$config[$line_number] = "\tdefine('MYSQL_PASSWORD', '".$_POST['mysql_password']."');\n";
|
||||
elseif(strpos($line, "MYSQL_DB") !== FALSE)
|
||||
$config[$line_number] = "\tdefine('MYSQL_DB', '".$_POST['mysql_db']."');\n";
|
||||
elseif(strpos($line, "MYSQL_PREFIX") !== FALSE && !empty($_POST['mysql_prefix']))
|
||||
$config[$line_number] = "\tdefine('MYSQL_PREFIX', '".$_POST['mysql_prefix']."');\n";
|
||||
elseif(strpos($line, "INSTANCE_TITLE") !== FALSE)
|
||||
$config[$line_number] = "\tdefine('INSTANCE_TITLE', '".$_POST['instance_title']."');\n";
|
||||
elseif(strpos($line, "BASE_URL") !== FALSE)
|
||||
$config[$line_number] = "\tdefine('BASE_URL', '".$_POST['base_url']."');\n";
|
||||
elseif(strpos($line, "CURRENCY") !== FALSE)
|
||||
$config[$line_number] = "\tdefine('CURRENCY', '".$_POST['currency']."');\n";
|
||||
elseif(strpos($line, "EMAIL_WEBMASTER") !== FALSE)
|
||||
$config[$line_number] = "\tdefine('EMAIL_WEBMASTER', '".$_POST['email_webmaster']."');\n";
|
||||
elseif(strpos($line_number, 'date_default_timezone_set') !== FALSE)
|
||||
$config[$line_number] = "\tdate_default_timezone_set('".$_POST['timezone']."');\n";
|
||||
}
|
||||
foreach($config as $line_number=>$line) {
|
||||
if(strpos($line, "MYSQL_HOST") !== FALSE)
|
||||
$config[$line_number] = "\tdefine('MYSQL_HOST', '".$_POST['mysql_host']."');\n";
|
||||
elseif(strpos($line, "MYSQL_LOGIN") !== FALSE)
|
||||
$config[$line_number] = "\tdefine('MYSQL_LOGIN', '".$_POST['mysql_login']."');\n";
|
||||
elseif(strpos($line, "MYSQL_PASSWORD") !== FALSE && !empty($_POST['mysql_password']))
|
||||
$config[$line_number] = "\tdefine('MYSQL_PASSWORD', '".$_POST['mysql_password']."');\n";
|
||||
elseif(strpos($line, "MYSQL_DB") !== FALSE)
|
||||
$config[$line_number] = "\tdefine('MYSQL_DB', '".$_POST['mysql_db']."');\n";
|
||||
elseif(strpos($line, "MYSQL_PREFIX") !== FALSE && !empty($_POST['mysql_prefix']))
|
||||
$config[$line_number] = "\tdefine('MYSQL_PREFIX', '".$_POST['mysql_prefix']."');\n";
|
||||
elseif(strpos($line, "INSTANCE_TITLE") !== FALSE)
|
||||
$config[$line_number] = "\tdefine('INSTANCE_TITLE', '".$_POST['instance_title']."');\n";
|
||||
elseif(strpos($line, "BASE_URL") !== FALSE)
|
||||
$config[$line_number] = "\tdefine('BASE_URL', '".$_POST['base_url']."');\n";
|
||||
elseif(strpos($line, "CURRENCY") !== FALSE)
|
||||
$config[$line_number] = "\tdefine('CURRENCY', '".$_POST['currency']."');\n";
|
||||
elseif(strpos($line, "EMAIL_WEBMASTER") !== FALSE)
|
||||
$config[$line_number] = "\tdefine('EMAIL_WEBMASTER', '".$_POST['email_webmaster']."');\n";
|
||||
elseif(strpos($line_number, 'date_default_timezone_set') !== FALSE)
|
||||
$config[$line_number] = "\tdate_default_timezone_set('".$_POST['timezone']."');\n";
|
||||
}
|
||||
|
||||
if(file_put_contents("data/config.php", $config)) {
|
||||
header('location: index.php');
|
||||
exit();
|
||||
if(file_put_contents("data/config.php", $config)) {
|
||||
header('location: index.php');
|
||||
exit();
|
||||
}
|
||||
else {
|
||||
$tpl->assign('error', 'Unable to write data/config.php file.');
|
||||
}
|
||||
}
|
||||
else {
|
||||
$tpl->assign('error', 'Unable to write data/config.php file.');
|
||||
$tpl->assign('error', 'Token error. Please resubmit the form.');
|
||||
}
|
||||
}
|
||||
|
||||
@ -282,29 +296,34 @@
|
||||
if(!empty($_POST['date_year'])) $date_year = $_POST['date_year'];
|
||||
if(!empty($_POST['users_in'])) $users_in = $_POST['users_in'];
|
||||
|
||||
if(!empty($_POST['what']) && !empty($_POST['amount']) && (float) $_POST['amount'] != 0 && !empty($_POST['date_day']) && !empty($_POST['date_month']) && !empty($_POST['date_year']) && !empty($_POST['users_in']) && check_token(600, 'new_invoice')) {
|
||||
$invoice = new Invoice();
|
||||
if(!empty($_POST['what']) && !empty($_POST['amount']) && (float) $_POST['amount'] != 0 && !empty($_POST['date_day']) && !empty($_POST['date_month']) && !empty($_POST['date_year']) && !empty($_POST['users_in'])) {
|
||||
if(check_token(600, 'new_invoice')) {
|
||||
$invoice = new Invoice();
|
||||
|
||||
if(!empty($_POST['id']))
|
||||
$invoice->setId($_POST['id']);
|
||||
if(!empty($_POST['id']))
|
||||
$invoice->setId($_POST['id']);
|
||||
|
||||
$invoice->setWhat($_POST['what']);
|
||||
$invoice->setAmount($_POST['amount']);
|
||||
$invoice->setBuyer($current_user->getId());
|
||||
$invoice->setDate($date_day, $date_month, $date_year);
|
||||
$invoice->setWhat($_POST['what']);
|
||||
$invoice->setAmount($_POST['amount']);
|
||||
$invoice->setBuyer($current_user->getId());
|
||||
$invoice->setDate($date_day, $date_month, $date_year);
|
||||
|
||||
$users_in = '';
|
||||
$guests = array();
|
||||
foreach($_POST['users_in'] as $user) {
|
||||
$users_in .= ($users_in != '') ? ', ' : '';
|
||||
$users_in .= $user.'('.(!empty($_POST['guest_user_'.$user]) ? (int) $_POST['guest_user_'.$user] : '0').')';
|
||||
$guests[$user] = (int) $_POST['guest_user_'.$user];
|
||||
$users_in = '';
|
||||
$guests = array();
|
||||
foreach($_POST['users_in'] as $user) {
|
||||
$users_in .= ($users_in != '') ? ', ' : '';
|
||||
$users_in .= $user.'('.(!empty($_POST['guest_user_'.$user]) ? (int) $_POST['guest_user_'.$user] : '0').')';
|
||||
$guests[$user] = (int) $_POST['guest_user_'.$user];
|
||||
}
|
||||
$invoice->setUsersIn($users_in);
|
||||
|
||||
$invoice->save();
|
||||
header('location: index.php');
|
||||
exit();
|
||||
}
|
||||
else {
|
||||
$tpl->assign('error', 'Token error. Please resubmit the form.');
|
||||
}
|
||||
$invoice->setUsersIn($users_in);
|
||||
|
||||
$invoice->save();
|
||||
header('location: index.php');
|
||||
exit();
|
||||
}
|
||||
|
||||
$users_list = new User();
|
||||
|
||||
@ -35,13 +35,13 @@
|
||||
</table>
|
||||
<?php }elseif( $view == 'edit_user' ){ ?>
|
||||
|
||||
<h2>Edit a user</h2>
|
||||
<form method="post" action="index.php?do=add_user" id="edit_user_form">
|
||||
<h2><?php echo $user_id != -1 ? 'Edit' : 'Add';?> a user</h2>
|
||||
<form method="post" action="index.php?do=<?php echo $user_id != -1 ? 'edit_users' : 'add_user';?>" id="edit_user_form">
|
||||
<p>
|
||||
<label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" <?php if( $login_post != '' ){ ?> value="<?php echo $login_post;?>" <?php }else{ ?> <?php echo $user_id != -1 ? 'value="'.$user_data->getLogin().'"' : '';?> <?php } ?>/>
|
||||
</p>
|
||||
<p>
|
||||
<label for="display_name" class="label-block">Displayed name : </label><input type="text" name="display_name" id="display_name" <?php if( $display_name_post != '' ){ ?> value="<?php echo $display_name_post;?>" {/else} <?php echo $user_id != -1 ? 'value="'.$user_data->getDisplayName().'"' : '';?> <?php } ?>/>
|
||||
<label for="display_name" class="label-block">Displayed name : </label><input type="text" name="display_name" id="display_name" <?php if( $display_name_post != '' ){ ?> value="<?php echo $display_name_post;?>" <?php }else{ ?> <?php echo $user_id != -1 ? 'value="'.$user_data->getDisplayName().'"' : '';?> <?php } ?>/>
|
||||
</p>
|
||||
<p>
|
||||
<label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/>
|
||||
@ -60,6 +60,7 @@
|
||||
<input type="submit" value="<?php echo $user_id != -1 ? 'Edit' : 'Add';?>"/>
|
||||
<?php if( $user_id != -1 ){ ?><input type="hidden" name="user_id" value="<?php echo $user_id;?>"/><?php } ?>
|
||||
|
||||
<input type="hidden" name="token" value="<?php echo $token;?>"/>
|
||||
</p>
|
||||
</form>
|
||||
|
||||
@ -69,7 +70,7 @@
|
||||
<form method="post" action="index.php?do=password" id="edit_password_form">
|
||||
<p><label for="password" class="label-block">New password : </label><input type="password" id="password" name="password"/></p>
|
||||
<p><label for="password_confirm" class="label-block">Confirm new password : </label><input type="password" id="password_confirm" name="password_confirm"/></p>
|
||||
<p class="center"><input type="submit" value="Update"/></p>
|
||||
<p class="center"><input type="submit" value="Update"/><input type="hidden" name="token" value="<?php echo $token;?>"</p>
|
||||
</form>
|
||||
<?php } ?>
|
||||
|
||||
|
||||
@ -4,19 +4,25 @@
|
||||
<?php if( !$show_settings ){ ?>
|
||||
|
||||
<h2>Edit homepage notice</h2>
|
||||
<?php if( $error ){ ?><p class="error"><?php echo $error;?></p><?php } ?>
|
||||
|
||||
<form method="post" id="notice_form" action="index.php?do=edit_notice">
|
||||
<p>
|
||||
<label for="textarea_notice">Homepage notice :</label><br/>
|
||||
<textarea name="notice" rows="15" id="textarea_notice"><?php echo $notice;?></textarea>
|
||||
</p>
|
||||
<p><em>Note :</em> You can use HTML formatting in this form.</p>
|
||||
<input type="submit" value="Submit"/>
|
||||
<p>
|
||||
<input type="submit" value="Submit"/>
|
||||
<input type="hidden" name="token" value="<?php echo $token;?>"/>
|
||||
</p>
|
||||
</form>
|
||||
|
||||
<?php }else{ ?>
|
||||
|
||||
|
||||
<h2>Change settings of your Bouffe@Ulm installation</h2>
|
||||
<?php if( $error ){ ?><p class="error"><?php echo $error;?></p><?php } ?>
|
||||
|
||||
<form method="post" action="index.php?do=settings" id="settings_form">
|
||||
<fieldset>
|
||||
<legend>Database</legend>
|
||||
@ -50,7 +56,7 @@
|
||||
</p>
|
||||
<p><label for="email_webmaster">Webmaster's email : </label><input type="text" name="email_webmaster" id="email_webmaster" value="<?php echo $email_webmaster;?>"/></p>
|
||||
</fieldset>
|
||||
<p class="center"><input type="submit" value="Update settings"></p>
|
||||
<p class="center"><input type="submit" value="Update settings"><input type="hidden" name="token" value="<?php echo $token;?>"/></p>
|
||||
</form>
|
||||
|
||||
<?php } ?>
|
||||
|
||||
@ -28,14 +28,13 @@
|
||||
{/loop}
|
||||
</table>
|
||||
{elseif condition="$view == 'edit_user'"}
|
||||
<h2>Edit a user</h2>
|
||||
{if condition="$error"}<p class="error">{$error}</p>{/if}
|
||||
<form method="post" action="index.php?do=add_user" id="edit_user_form">
|
||||
<h2>{$user_id != -1 ? 'Edit' : 'Add'} a user</h2>
|
||||
<form method="post" action="index.php?do={$user_id != -1 ? 'edit_users' : 'add_user'}" id="edit_user_form">
|
||||
<p>
|
||||
<label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" {if condition="$login_post != ''"} value="{$login_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getLogin().'"' : ''} {/if}/>
|
||||
</p>
|
||||
<p>
|
||||
<label for="display_name" class="label-block">Displayed name : </label><input type="text" name="display_name" id="display_name" {if condition="$display_name_post != ''"} value="{$display_name_post}" {/else} {$user_id != -1 ? 'value="'.$user_data->getDisplayName().'"' : ''} {/if}/>
|
||||
<label for="display_name" class="label-block">Displayed name : </label><input type="text" name="display_name" id="display_name" {if condition="$display_name_post != ''"} value="{$display_name_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getDisplayName().'"' : ''} {/if}/>
|
||||
</p>
|
||||
<p>
|
||||
<label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/>
|
||||
|
||||
@ -1,5 +1,9 @@
|
||||
{include="header"}
|
||||
|
||||
{if condition="$error != ''"}
|
||||
<p class="error">{$error}</p>
|
||||
{/if}
|
||||
|
||||
<h2>Add a bill</h2>
|
||||
|
||||
<form method="post" action="index.php?do=new_invoice" id="invoice_form">
|
||||
@ -38,7 +42,7 @@
|
||||
<p>
|
||||
<input type="submit" value="Add"/>
|
||||
{if condition="$id != 0"}<input type="hidden" name="id" value="{$id}"/>{/if}
|
||||
<input type="hidden" name="token" value="{$token"}/>
|
||||
<input type="hidden" name="token" value="{$token}"/>
|
||||
</p>
|
||||
</form>
|
||||
|
||||
|
||||
Loading…
Reference in New Issue
Block a user