diff --git a/TODO b/TODO index 239e9b5..99affff 100755 --- a/TODO +++ b/TODO @@ -1,6 +1,6 @@ * Check database creation in install.php * Don't display the whole balance table if not admin - +* Notifications by e-mail for users Improvements : ============== diff --git a/inc/User.class.php b/inc/User.class.php index a78b36b..e3f16db 100644 --- a/inc/User.class.php +++ b/inc/User.class.php @@ -3,15 +3,17 @@ require_once('data/config.php'); require_once('Storage.class.php'); class User extends Storage { - protected $id = 0, $login, $display_name, $password, $admin, $json_token; + protected $id = 0, $login, $email, $display_name, $password, $admin, $json_token, $notifications; protected $TABLE_NAME = "Users"; protected $fields = array( 'id'=>'key', 'login'=>'string', + 'email'=>'string', 'display_name'=>'string', 'password'=>'password', 'admin'=>'bool', 'json_token'=>'string', + 'notifications'=>'int' ); public function __construct() { @@ -32,6 +34,10 @@ class User extends Storage { return $this->id; } + public function getEmail() { + return $this->email; + } + public function getAdmin() { return $this->admin; } @@ -40,6 +46,10 @@ class User extends Storage { return $this->json_token; } + public function getNotifications() { + return $this->notifications; + } + // Setters // ======= public function setId($id) { @@ -50,6 +60,16 @@ class User extends Storage { $this->login = $login; } + public function setEmail($email) { + if(filter_var($email, FILTER_VALIDATE_EMAIL) !== false) { + $this->email = $email; + return true; + } + else { + return false; + } + } + public function setDisplayName($display_name) { $this->display_name = $display_name; } @@ -66,6 +86,26 @@ class User extends Storage { $this->json_token = $token; } + public function setNotifications($notifications) { + switch($notifications) { + case 1: + $this->notifications = 1; + break; + + case 2: + $this->notifications = 2; + break; + + case 3: + $this->notifications = 3; + break; + + default: + $this->notifications = 3; + break; + } + } + // Password functions // ================== public function encrypt($text) { @@ -99,10 +139,10 @@ class User extends Storage { // =============== public function sessionStore($serialize = true) { if($serialize) { - return serialize(array('id'=>$this->id, 'login'=>$this->login, 'display_name'=>$this->display_name, 'password'=>$this->password, 'admin'=>$this->admin, 'json_token'=>$this->json_token)); + return serialize(array('id'=>$this->id, 'login'=>$this->login, 'email'=>$this->email, 'display_name'=>$this->display_name, 'password'=>$this->password, 'admin'=>$this->admin, 'json_token'=>$this->json_token, 'notifications'=>$this->notifications)); } else { - return array('id'=>$this->id, 'login'=>$this->login, 'display_name'=>$this->display_name, 'password'=>$this->password, 'admin'=>$this->admin, 'json_token'=>$this->json_token); + return array('id'=>$this->id, 'login'=>$this->login, 'email'=>$this->email, 'display_name'=>$this->display_name, 'password'=>$this->password, 'admin'=>$this->admin, 'json_token'=>$this->json_token, 'notifications'=>$this->notifications); } } @@ -114,10 +154,12 @@ class User extends Storage { $this->setId($user_data['id']); $this->setLogin($user_data['login']); + $this->setEmail($user_data['email']); $this->setDisplayName($user_data['display_name']); $this->setPassword($user_data['password']); $this->setAdmin($user_data['admin']); $this->setJsonToken($user_data['json_token']); + $this->setNotifications($user_data['notifications']); } // Check wether a user already exists or not @@ -137,9 +179,11 @@ class User extends Storage { public function secureDisplay() { $this->id = (int) $this->id; $this->login = htmlspecialchars($this->login); + $this->email = htmlspecialchars($this->email); $this->display_name = htmlspecialchars($this->display_name); $this->admin = (int) $this->admin; $this->json_token = htmlspecialchars($this->json_token); + $this->notifications = (int) $this->notifications; return $this; } diff --git a/index.php b/index.php index 90ce2c0..11c6d5a 100644 --- a/index.php +++ b/index.php @@ -12,7 +12,8 @@ 'unauthorized'=>array('fr'=>'Vous n\'avez pas le droit de faire cette action.', 'en'=>'You are not authorized to do that.'), 'no_users'=>array('fr'=>'Vous devez ajouter au moins un autre utilisateur.', 'en'=>'You must add at least one more user beside you.'), 'what_unknown,'=>array('fr'=>'Vous devez renseigner un objet pour la dépense.', 'en'=>'You must add something to describe this invoice in "what" field.'), - 'incorrect_amount'=>array('fr'=>'Montant incorrect ou nul.', 'en'=>'Incorrect amount or amount is zero.') + 'incorrect_amount'=>array('fr'=>'Montant incorrect ou nul.', 'en'=>'Incorrect amount or amount is zero.'), + 'email_invalid'=>array('fr'=>'L\'adresse e-mail est invalide.', 'en'=>'Incorrect e-mail address.') ); // Include necessary files @@ -162,23 +163,35 @@ break; case 'password': - if(!empty($_POST['password']) && !empty($_POST['password_confirm'])) { - if($_POST['password'] == $_POST['password_confirm']) { - if(check_token(600, 'password')) { - $current_user->setPassword($current_user->encrypt($_POST['password'])); - $current_user->save(); + if(!empty($_POST['email'])) { + if(check_token(600, 'password')) { + if(!empty($_POST['password']) && !empty($_POST['password_confirm'])) { + if($_POST['password'] == $_POST['password_confirm']) { + $current_user->setPassword($current_user->encrypt($_POST['password'])); + } + else { + $error = true; + $tpl->assign('error', $errors['password_mismatch'][LANG]); + } + } + if($current_user->setEmail($_POST['email']) === false) { + $error = true; + $tpl->assign('error', $errors['email_invalid'][LANG]); + } + + $current_user->save(); + + if(!empty($error)) { header('location: index.php?'.$get_redir); exit(); } - else { - $tpl->assign('error', $errors['token_error'][LANG]); - } } else { - $tpl->assign('error', $errors['password_mismatch'][LANG]); + $tpl->assign('error', $errors['token_error'][LANG]); } } + $tpl->assign('view', 'password'); $tpl->assign('json_token', htmlspecialchars($current_user->getJsonToken())); $tpl->assign('token', generate_token('password')); @@ -192,7 +205,7 @@ exit(); } - if(!empty($_POST['login']) && !empty($_POST['display_name']) && (!empty($_POST['password']) || !empty($_POST['user_id'])) && isset($_POST['admin'])) { + if(!empty($_POST['login']) && !empty($_POST['display_name']) && !empty($_POST['email']) && (!empty($_POST['password']) || !empty($_POST['user_id'])) && isset($_POST['admin'])) { if(check_token(600, 'edit_users')) { $user = new User(); if(!empty($_POST['user_id'])) { @@ -208,18 +221,23 @@ } $user->setAdmin($_POST['admin']); - if(!empty($_POST['user_id']) || $user->isUnique()) { - $user->save(); + if($user->setEmail($_POST['email']) !== false) { + if(!empty($_POST['user_id']) || $user->isUnique()) { + $user->save(); - // Clear the cache - ($cached_files = glob(raintpl::$cache_dir."*.rtpl.php")) or ($cached_files = array()); - array_map("unlink", $cached_files); + // Clear the cache + ($cached_files = glob(raintpl::$cache_dir."*.rtpl.php")) or ($cached_files = array()); + array_map("unlink", $cached_files); - header('location: index.php?do=edit_users&'.$get_redir); - exit(); + header('location: index.php?do=edit_users&'.$get_redir); + exit(); + } + else { + $tpl->assign('error', $errors['user_already_exists'][LANG]); + } } else { - $tpl->assign('error', $errors['user_already_exists'][LANG]); + $tpl->assign('error', $errors['email_invalid'][LANG]); } } else { @@ -245,6 +263,7 @@ $tpl->assign('view', 'list_users'); } $tpl->assign('login_post', (!empty($_POST['login']) ? htmlspecialchars($_POST['login']) : '')); + $tpl->assign('email_post', (!empty($_POST['email']) ? htmlspecialchars($_POST['email']) : '')); $tpl->assign('display_name_post', (!empty($_POST['display_name']) ? htmlspecialchars($_POST['display_name']) : '')); $tpl->assign('admin_post', (isset($_POST['admin']) ? (int) $_POST['admin'] : -1)); $tpl->assign('token', generate_token('edit_users')); diff --git a/tpl/default_en/edit_users.html b/tpl/default_en/edit_users.html index 6a1637c..c265e61 100644 --- a/tpl/default_en/edit_users.html +++ b/tpl/default_en/edit_users.html @@ -8,6 +8,7 @@
getDisplayName().'"' : ''} {/if}/>
++ getEmail().'"' : ''} {/if}/> +
++ + +
{if condition="$user_id != -1"} @@ -60,6 +73,18 @@
diff --git a/tpl/default_fr/edit_users.html b/tpl/default_fr/edit_users.html index 39d5ed1..1d649d6 100644 --- a/tpl/default_fr/edit_users.html +++ b/tpl/default_fr/edit_users.html @@ -8,6 +8,7 @@getDisplayName().'"' : ''} {/if}/>
++ getEmail().'"' : ''} {/if}/> +
++ + +