Bug corrections

This commit is contained in:
Phyks 2013-08-25 23:06:47 +02:00
parent eda37541b3
commit 8272ffb725
7 changed files with 115 additions and 71 deletions

15
TODO
View File

@ -17,3 +17,18 @@ inc/Invoices.class.php :
Manage paybacks : Manage paybacks :
================= =================
* TODO : Payback system
Tests :
=======
* Remember me ?
* Add a bill
* Edit a bill
* Change settings
Tests passed (quick tests) :
============================
* Connection form
* Edit notice
* Add / Edit user
* Change password

View File

@ -65,7 +65,7 @@ class User extends Storage {
$user_data = $this->load(array('login'=>$this->login)); $user_data = $this->load(array('login'=>$this->login));
if(count($user_data) == 1) { if(count($user_data) == 1) {
$this->setId($user_data[0]['id']); $this->setId($user_data[0]['id']);
$this->setDisplayName($user_data[0]['admin']); $this->setDisplayName($user_data[0]['display_name']);
$this->setAdmin($user_data[0]['admin']); $this->setAdmin($user_data[0]['admin']);
$this->setPassword($user_data[0]['password']); $this->setPassword($user_data[0]['password']);
@ -122,7 +122,7 @@ class User extends Storage {
} }
public function isUnique() { public function isUnique() {
if(count($this->load_users(array('login'=>$this->login))) == 0) { if(count($this->load_users(array('login'=>$this->login))) == 0 && count($this->load_users(array('display_name'=>$this->display_name)))) {
return true; return true;
} }
else { else {

View File

@ -118,17 +118,23 @@
case 'password': case 'password':
if(!empty($_POST['password']) && !empty($_POST['password_confirm'])) { if(!empty($_POST['password']) && !empty($_POST['password_confirm'])) {
if($_POST['password'] == $_POST['password_confirm']) { if($_POST['password'] == $_POST['password_confirm']) {
if(check_token(600, 'password')) {
$current_user->setPassword($current_user->encrypt($_POST['password'])); $current_user->setPassword($current_user->encrypt($_POST['password']));
$current_user->save(); $current_user->save();
header('location: index.php'); header('location: index.php');
exit(); exit();
} }
else {
$tpl->assign('error', 'Token error. Please resubmit the form.');
}
}
else { else {
$tpl->assign('error', 'The content of the two password fields doesn\'t match.'); $tpl->assign('error', 'The content of the two password fields doesn\'t match.');
} }
} }
$tpl->assign('view', 'password'); $tpl->assign('view', 'password');
$tpl->assign('token', generate_token('password'));
$tpl->draw('edit_users'); $tpl->draw('edit_users');
break; break;
@ -140,7 +146,7 @@
} }
if(!empty($_POST['login']) && !empty($_POST['display_name']) && (!empty($_POST['password']) || !empty($_POST['user_id'])) && isset($_POST['admin'])) { if(!empty($_POST['login']) && !empty($_POST['display_name']) && (!empty($_POST['password']) || !empty($_POST['user_id'])) && isset($_POST['admin'])) {
if(check_token('edit_users')) { if(check_token(600, 'edit_users')) {
$user = new User(); $user = new User();
if(!empty($_POST['user_id'])) { if(!empty($_POST['user_id'])) {
$user->setId($_POST['user_id']); $user->setId($_POST['user_id']);
@ -152,15 +158,18 @@
} }
$user->setAdmin($_POST['admin']); $user->setAdmin($_POST['admin']);
if($user->isUnique()) { if(!empty($_POST['user_id']) || $user->isUnique()) {
$user->save(); $user->save();
header('location: index.php?do=edit_users'); header('location: index.php?do=edit_users');
exit(); exit();
} }
else { else {
$tpl->assign('error', 'A user with the same login exists. Choose a different login.'); $tpl->assign('error', 'A user with the same login or display name already exists. Choose a different login.');
} }
} }
else {
$tpl->assign('error', 'Token error. Please resubmit the form.');
}
} }
if(!empty($_GET['user_id']) || $_GET['do'] == 'add_user') { if(!empty($_GET['user_id']) || $_GET['do'] == 'add_user') {
@ -212,7 +221,8 @@
break; break;
case 'settings': case 'settings':
if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_db']) && !empty($_POST['currency']) && !empty($_POST['instance_title']) && !empty($_POST['base_url']) && !empty($_POST['timezone']) && !empty($_POST['email_webmaster']) && check_token(600, 'settings')) { if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_db']) && !empty($_POST['currency']) && !empty($_POST['instance_title']) && !empty($_POST['base_url']) && !empty($_POST['timezone']) && !empty($_POST['email_webmaster'])) {
if(check_token(600, 'settings')) {
if(!is_writable('data/')) { if(!is_writable('data/')) {
$tpl>assign('error', 'The script can\'t write in data/ dir, check permissions set on this folder.'); $tpl>assign('error', 'The script can\'t write in data/ dir, check permissions set on this folder.');
} }
@ -249,6 +259,10 @@
$tpl->assign('error', 'Unable to write data/config.php file.'); $tpl->assign('error', 'Unable to write data/config.php file.');
} }
} }
else {
$tpl->assign('error', 'Token error. Please resubmit the form.');
}
}
$tpl->assign('mysql_host', MYSQL_HOST); $tpl->assign('mysql_host', MYSQL_HOST);
$tpl->assign('mysql_login', MYSQL_LOGIN); $tpl->assign('mysql_login', MYSQL_LOGIN);
@ -282,7 +296,8 @@
if(!empty($_POST['date_year'])) $date_year = $_POST['date_year']; if(!empty($_POST['date_year'])) $date_year = $_POST['date_year'];
if(!empty($_POST['users_in'])) $users_in = $_POST['users_in']; if(!empty($_POST['users_in'])) $users_in = $_POST['users_in'];
if(!empty($_POST['what']) && !empty($_POST['amount']) && (float) $_POST['amount'] != 0 && !empty($_POST['date_day']) && !empty($_POST['date_month']) && !empty($_POST['date_year']) && !empty($_POST['users_in']) && check_token(600, 'new_invoice')) { if(!empty($_POST['what']) && !empty($_POST['amount']) && (float) $_POST['amount'] != 0 && !empty($_POST['date_day']) && !empty($_POST['date_month']) && !empty($_POST['date_year']) && !empty($_POST['users_in'])) {
if(check_token(600, 'new_invoice')) {
$invoice = new Invoice(); $invoice = new Invoice();
if(!empty($_POST['id'])) if(!empty($_POST['id']))
@ -306,6 +321,10 @@
header('location: index.php'); header('location: index.php');
exit(); exit();
} }
else {
$tpl->assign('error', 'Token error. Please resubmit the form.');
}
}
$users_list = new User(); $users_list = new User();
$users_list = $users_list->load_users(); $users_list = $users_list->load_users();

View File

@ -35,13 +35,13 @@
</table> </table>
<?php }elseif( $view == 'edit_user' ){ ?> <?php }elseif( $view == 'edit_user' ){ ?>
<h2>Edit a user</h2> <h2><?php echo $user_id != -1 ? 'Edit' : 'Add';?> a user</h2>
<form method="post" action="index.php?do=add_user" id="edit_user_form"> <form method="post" action="index.php?do=<?php echo $user_id != -1 ? 'edit_users' : 'add_user';?>" id="edit_user_form">
<p> <p>
<label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" <?php if( $login_post != '' ){ ?> value="<?php echo $login_post;?>" <?php }else{ ?> <?php echo $user_id != -1 ? 'value="'.$user_data->getLogin().'"' : '';?> <?php } ?>/> <label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" <?php if( $login_post != '' ){ ?> value="<?php echo $login_post;?>" <?php }else{ ?> <?php echo $user_id != -1 ? 'value="'.$user_data->getLogin().'"' : '';?> <?php } ?>/>
</p> </p>
<p> <p>
<label for="display_name" class="label-block">Displayed name : </label><input type="text" name="display_name" id="display_name" <?php if( $display_name_post != '' ){ ?> value="<?php echo $display_name_post;?>" {/else} <?php echo $user_id != -1 ? 'value="'.$user_data->getDisplayName().'"' : '';?> <?php } ?>/> <label for="display_name" class="label-block">Displayed name : </label><input type="text" name="display_name" id="display_name" <?php if( $display_name_post != '' ){ ?> value="<?php echo $display_name_post;?>" <?php }else{ ?> <?php echo $user_id != -1 ? 'value="'.$user_data->getDisplayName().'"' : '';?> <?php } ?>/>
</p> </p>
<p> <p>
<label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/> <label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/>
@ -60,6 +60,7 @@
<input type="submit" value="<?php echo $user_id != -1 ? 'Edit' : 'Add';?>"/> <input type="submit" value="<?php echo $user_id != -1 ? 'Edit' : 'Add';?>"/>
<?php if( $user_id != -1 ){ ?><input type="hidden" name="user_id" value="<?php echo $user_id;?>"/><?php } ?> <?php if( $user_id != -1 ){ ?><input type="hidden" name="user_id" value="<?php echo $user_id;?>"/><?php } ?>
<input type="hidden" name="token" value="<?php echo $token;?>"/>
</p> </p>
</form> </form>
@ -69,7 +70,7 @@
<form method="post" action="index.php?do=password" id="edit_password_form"> <form method="post" action="index.php?do=password" id="edit_password_form">
<p><label for="password" class="label-block">New password : </label><input type="password" id="password" name="password"/></p> <p><label for="password" class="label-block">New password : </label><input type="password" id="password" name="password"/></p>
<p><label for="password_confirm" class="label-block">Confirm new password : </label><input type="password" id="password_confirm" name="password_confirm"/></p> <p><label for="password_confirm" class="label-block">Confirm new password : </label><input type="password" id="password_confirm" name="password_confirm"/></p>
<p class="center"><input type="submit" value="Update"/></p> <p class="center"><input type="submit" value="Update"/><input type="hidden" name="token" value="<?php echo $token;?>"</p>
</form> </form>
<?php } ?> <?php } ?>

View File

@ -4,19 +4,25 @@
<?php if( !$show_settings ){ ?> <?php if( !$show_settings ){ ?>
<h2>Edit homepage notice</h2> <h2>Edit homepage notice</h2>
<?php if( $error ){ ?><p class="error"><?php echo $error;?></p><?php } ?>
<form method="post" id="notice_form" action="index.php?do=edit_notice"> <form method="post" id="notice_form" action="index.php?do=edit_notice">
<p> <p>
<label for="textarea_notice">Homepage notice :</label><br/> <label for="textarea_notice">Homepage notice :</label><br/>
<textarea name="notice" rows="15" id="textarea_notice"><?php echo $notice;?></textarea> <textarea name="notice" rows="15" id="textarea_notice"><?php echo $notice;?></textarea>
</p> </p>
<p><em>Note :</em> You can use HTML formatting in this form.</p> <p><em>Note :</em> You can use HTML formatting in this form.</p>
<p>
<input type="submit" value="Submit"/> <input type="submit" value="Submit"/>
<input type="hidden" name="token" value="<?php echo $token;?>"/>
</p>
</form> </form>
<?php }else{ ?> <?php }else{ ?>
<h2>Change settings of your Bouffe@Ulm installation</h2> <h2>Change settings of your Bouffe@Ulm installation</h2>
<?php if( $error ){ ?><p class="error"><?php echo $error;?></p><?php } ?>
<form method="post" action="index.php?do=settings" id="settings_form"> <form method="post" action="index.php?do=settings" id="settings_form">
<fieldset> <fieldset>
<legend>Database</legend> <legend>Database</legend>
@ -50,7 +56,7 @@
</p> </p>
<p><label for="email_webmaster">Webmaster's email : </label><input type="text" name="email_webmaster" id="email_webmaster" value="<?php echo $email_webmaster;?>"/></p> <p><label for="email_webmaster">Webmaster's email : </label><input type="text" name="email_webmaster" id="email_webmaster" value="<?php echo $email_webmaster;?>"/></p>
</fieldset> </fieldset>
<p class="center"><input type="submit" value="Update settings"></p> <p class="center"><input type="submit" value="Update settings"><input type="hidden" name="token" value="<?php echo $token;?>"/></p>
</form> </form>
<?php } ?> <?php } ?>

View File

@ -28,14 +28,13 @@
{/loop} {/loop}
</table> </table>
{elseif condition="$view == 'edit_user'"} {elseif condition="$view == 'edit_user'"}
<h2>Edit a user</h2> <h2>{$user_id != -1 ? 'Edit' : 'Add'} a user</h2>
{if condition="$error"}<p class="error">{$error}</p>{/if} <form method="post" action="index.php?do={$user_id != -1 ? 'edit_users' : 'add_user'}" id="edit_user_form">
<form method="post" action="index.php?do=add_user" id="edit_user_form">
<p> <p>
<label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" {if condition="$login_post != ''"} value="{$login_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getLogin().'"' : ''} {/if}/> <label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" {if condition="$login_post != ''"} value="{$login_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getLogin().'"' : ''} {/if}/>
</p> </p>
<p> <p>
<label for="display_name" class="label-block">Displayed name : </label><input type="text" name="display_name" id="display_name" {if condition="$display_name_post != ''"} value="{$display_name_post}" {/else} {$user_id != -1 ? 'value="'.$user_data->getDisplayName().'"' : ''} {/if}/> <label for="display_name" class="label-block">Displayed name : </label><input type="text" name="display_name" id="display_name" {if condition="$display_name_post != ''"} value="{$display_name_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getDisplayName().'"' : ''} {/if}/>
</p> </p>
<p> <p>
<label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/> <label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/>

View File

@ -1,5 +1,9 @@
{include="header"} {include="header"}
{if condition="$error != ''"}
<p class="error">{$error}</p>
{/if}
<h2>Add a bill</h2> <h2>Add a bill</h2>
<form method="post" action="index.php?do=new_invoice" id="invoice_form"> <form method="post" action="index.php?do=new_invoice" id="invoice_form">
@ -38,7 +42,7 @@
<p> <p>
<input type="submit" value="Add"/> <input type="submit" value="Add"/>
{if condition="$id != 0"}<input type="hidden" name="id" value="{$id}"/>{/if} {if condition="$id != 0"}<input type="hidden" name="id" value="{$id}"/>{/if}
<input type="hidden" name="token" value="{$token"}/> <input type="hidden" name="token" value="{$token}"/>
</p> </p>
</form> </form>