Prevents from adding two users with the same login + bug correction
This commit is contained in:
parent
c276d719cd
commit
b9b2d9d5e9
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,4 +1,4 @@
|
|||||||
*~
|
*~
|
||||||
.*.sw*
|
.*.sw*
|
||||||
old
|
old
|
||||||
data/config.php
|
data/
|
||||||
|
1
TODO
1
TODO
@ -3,7 +3,6 @@
|
|||||||
* htmlspecialchars => on users objects
|
* htmlspecialchars => on users objects
|
||||||
* handle negative amounts
|
* handle negative amounts
|
||||||
* Refactor load method to avoir load_* methods !
|
* Refactor load method to avoir load_* methods !
|
||||||
* Empêcher deux fois le même login
|
|
||||||
|
|
||||||
install.php :
|
install.php :
|
||||||
=============
|
=============
|
||||||
|
@ -1,15 +1,15 @@
|
|||||||
<?php
|
<?php
|
||||||
define('DATA_DIR', 'data'); // Data subdirectory
|
define('DATA_DIR', 'data'); // Data subdirectory
|
||||||
define('IPBANS_FILENAME', DATADIR.'/ipbans.php'); // File storage for failures and bans.
|
define('IPBANS_FILENAME', DATA_DIR.'/ipbans.php'); // File storage for failures and bans.
|
||||||
define('BAN_AFTER', 5); // Ban IP after this many failures.
|
define('BAN_AFTER', 5); // Ban IP after this many failures.
|
||||||
define('BAN_DURATION', 1800); // Ban duration for IP address after login failures (in seconds) (1800 sec. = 30 minutes)
|
define('BAN_DURATION', 1800); // Ban duration for IP address after login failures (in seconds) (1800 sec. = 30 minutes)
|
||||||
if (!is_dir(DATADIR)) { mkdir(DATADIR,0705); chmod(DATADIR,0705); }
|
if (!is_dir(DATA_DIR)) { mkdir(DATA_DIR,0705); chmod(DATA_DIR,0705); }
|
||||||
if (!is_file(DATADIR.'/.htaccess')) { file_put_contents(DATADIR.'/.htaccess',"Allow from none\nDeny from all\n"); } // Protect data files.
|
if (!is_file(DATA_DIR.'/.htaccess')) { file_put_contents(DATA_DIR.'/.htaccess',"Allow from none\nDeny from all\n"); } // Protect data files.
|
||||||
|
|
||||||
function logm($message)
|
function logm($message)
|
||||||
{
|
{
|
||||||
$t = strval(date('Y/m/d_H:i:s')).' - '.$_SERVER["REMOTE_ADDR"].' - '.strval($message)."\n";
|
$t = strval(date('Y/m/d_H:i:s')).' - '.$_SERVER["REMOTE_ADDR"].' - '.strval($message)."\n";
|
||||||
file_put_contents(DATADIR.'/log.txt',$t,FILE_APPEND);
|
file_put_contents(DATA_DIR.'/log.txt',$t,FILE_APPEND);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
@ -63,7 +63,7 @@
|
|||||||
}
|
}
|
||||||
|
|
||||||
// Returns user IP
|
// Returns user IP
|
||||||
function user_IPs()
|
function user_ip()
|
||||||
{
|
{
|
||||||
$ip = $_SERVER["REMOTE_ADDR"];
|
$ip = $_SERVER["REMOTE_ADDR"];
|
||||||
// Then we use more HTTP headers to prevent session hijacking from users behind the same proxy.
|
// Then we use more HTTP headers to prevent session hijacking from users behind the same proxy.
|
||||||
|
@ -120,4 +120,13 @@ class User extends Storage {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public function isUnique() {
|
||||||
|
if(count($this->load_users(array('login'=>$this->login))) == 0) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -6,7 +6,7 @@
|
|||||||
require_once('inc/Invoices.class.php');
|
require_once('inc/Invoices.class.php');
|
||||||
require_once('inc/rain.tpl.class.php');
|
require_once('inc/rain.tpl.class.php');
|
||||||
require_once('inc/functions.php');
|
require_once('inc/functions.php');
|
||||||
require_once('inc/Banc.inc.php');
|
require_once('inc/Ban.inc.php');
|
||||||
require_once('inc/CSRF.inc.php');
|
require_once('inc/CSRF.inc.php');
|
||||||
raintpl::$tpl_dir = 'tpl/';
|
raintpl::$tpl_dir = 'tpl/';
|
||||||
raintpl::$cache_dir = 'tmp/';
|
raintpl::$cache_dir = 'tmp/';
|
||||||
@ -150,11 +150,16 @@
|
|||||||
$user->setPassword($user->encrypt($_POST['password']));
|
$user->setPassword($user->encrypt($_POST['password']));
|
||||||
}
|
}
|
||||||
$user->setAdmin($_POST['admin']);
|
$user->setAdmin($_POST['admin']);
|
||||||
$user->save();
|
|
||||||
|
|
||||||
|
if($user->isUnique()) {
|
||||||
|
$user->save();
|
||||||
header('location: index.php?do=edit_users');
|
header('location: index.php?do=edit_users');
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
|
else {
|
||||||
|
$tpl->assign('error', 'A user with the same login exists. Choose a different login.');
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!empty($_GET['user_id']) || $_GET['do'] == 'add_user') {
|
if(!empty($_GET['user_id']) || $_GET['do'] == 'add_user') {
|
||||||
|
@ -29,6 +29,7 @@
|
|||||||
</table>
|
</table>
|
||||||
{elseif condition="$view == 'edit_user'"}
|
{elseif condition="$view == 'edit_user'"}
|
||||||
<h2>Edit a user</h2>
|
<h2>Edit a user</h2>
|
||||||
|
{if condition="$error"}<p class="error">{$error}</p>{/if}
|
||||||
<form method="post" action="index.php?do=add_user" id="edit_user_form">
|
<form method="post" action="index.php?do=add_user" id="edit_user_form">
|
||||||
<p>
|
<p>
|
||||||
<label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" {if condition="$login_post != ''"} value="{$login_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getLogin().'"' : ''} {/if}/>
|
<label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" {if condition="$login_post != ''"} value="{$login_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getLogin().'"' : ''} {/if}/>
|
||||||
|
@ -2,6 +2,7 @@
|
|||||||
|
|
||||||
{if condition="!$show_settings"}
|
{if condition="!$show_settings"}
|
||||||
<h2>Edit homepage notice</h2>
|
<h2>Edit homepage notice</h2>
|
||||||
|
{if condition="$error"}<p class="error">{$error}</p>{/if}
|
||||||
<form method="post" id="notice_form" action="index.php?do=edit_notice">
|
<form method="post" id="notice_form" action="index.php?do=edit_notice">
|
||||||
<p>
|
<p>
|
||||||
<label for="textarea_notice">Homepage notice :</label><br/>
|
<label for="textarea_notice">Homepage notice :</label><br/>
|
||||||
@ -15,8 +16,8 @@
|
|||||||
</form>
|
</form>
|
||||||
|
|
||||||
{else}
|
{else}
|
||||||
|
|
||||||
<h2>Change settings of your Bouffe@Ulm installation</h2>
|
<h2>Change settings of your Bouffe@Ulm installation</h2>
|
||||||
|
{if condition="$error"}<p class="error">{$error}</p>{/if}
|
||||||
<form method="post" action="index.php?do=settings" id="settings_form">
|
<form method="post" action="index.php?do=settings" id="settings_form">
|
||||||
<fieldset>
|
<fieldset>
|
||||||
<legend>Database</legend>
|
<legend>Database</legend>
|
||||||
|
Loading…
Reference in New Issue
Block a user