Prevents from adding two users with the same login + bug correction

This commit is contained in:
Phyks 2013-08-25 00:06:14 +02:00
parent c276d719cd
commit b9b2d9d5e9
7 changed files with 27 additions and 12 deletions

2
.gitignore vendored
View File

@ -1,4 +1,4 @@
*~ *~
.*.sw* .*.sw*
old old
data/config.php data/

1
TODO
View File

@ -3,7 +3,6 @@
* htmlspecialchars => on users objects * htmlspecialchars => on users objects
* handle negative amounts * handle negative amounts
* Refactor load method to avoir load_* methods ! * Refactor load method to avoir load_* methods !
* Empêcher deux fois le même login
install.php : install.php :
============= =============

View File

@ -1,15 +1,15 @@
<?php <?php
define('DATA_DIR', 'data'); // Data subdirectory define('DATA_DIR', 'data'); // Data subdirectory
define('IPBANS_FILENAME', DATADIR.'/ipbans.php'); // File storage for failures and bans. define('IPBANS_FILENAME', DATA_DIR.'/ipbans.php'); // File storage for failures and bans.
define('BAN_AFTER', 5); // Ban IP after this many failures. define('BAN_AFTER', 5); // Ban IP after this many failures.
define('BAN_DURATION', 1800); // Ban duration for IP address after login failures (in seconds) (1800 sec. = 30 minutes) define('BAN_DURATION', 1800); // Ban duration for IP address after login failures (in seconds) (1800 sec. = 30 minutes)
if (!is_dir(DATADIR)) { mkdir(DATADIR,0705); chmod(DATADIR,0705); } if (!is_dir(DATA_DIR)) { mkdir(DATA_DIR,0705); chmod(DATA_DIR,0705); }
if (!is_file(DATADIR.'/.htaccess')) { file_put_contents(DATADIR.'/.htaccess',"Allow from none\nDeny from all\n"); } // Protect data files. if (!is_file(DATA_DIR.'/.htaccess')) { file_put_contents(DATA_DIR.'/.htaccess',"Allow from none\nDeny from all\n"); } // Protect data files.
function logm($message) function logm($message)
{ {
$t = strval(date('Y/m/d_H:i:s')).' - '.$_SERVER["REMOTE_ADDR"].' - '.strval($message)."\n"; $t = strval(date('Y/m/d_H:i:s')).' - '.$_SERVER["REMOTE_ADDR"].' - '.strval($message)."\n";
file_put_contents(DATADIR.'/log.txt',$t,FILE_APPEND); file_put_contents(DATA_DIR.'/log.txt',$t,FILE_APPEND);
} }
@ -63,7 +63,7 @@
} }
// Returns user IP // Returns user IP
function user_IPs() function user_ip()
{ {
$ip = $_SERVER["REMOTE_ADDR"]; $ip = $_SERVER["REMOTE_ADDR"];
// Then we use more HTTP headers to prevent session hijacking from users behind the same proxy. // Then we use more HTTP headers to prevent session hijacking from users behind the same proxy.

View File

@ -120,4 +120,13 @@ class User extends Storage {
return false; return false;
} }
} }
public function isUnique() {
if(count($this->load_users(array('login'=>$this->login))) == 0) {
return true;
}
else {
return false;
}
}
} }

View File

@ -6,7 +6,7 @@
require_once('inc/Invoices.class.php'); require_once('inc/Invoices.class.php');
require_once('inc/rain.tpl.class.php'); require_once('inc/rain.tpl.class.php');
require_once('inc/functions.php'); require_once('inc/functions.php');
require_once('inc/Banc.inc.php'); require_once('inc/Ban.inc.php');
require_once('inc/CSRF.inc.php'); require_once('inc/CSRF.inc.php');
raintpl::$tpl_dir = 'tpl/'; raintpl::$tpl_dir = 'tpl/';
raintpl::$cache_dir = 'tmp/'; raintpl::$cache_dir = 'tmp/';
@ -150,11 +150,16 @@
$user->setPassword($user->encrypt($_POST['password'])); $user->setPassword($user->encrypt($_POST['password']));
} }
$user->setAdmin($_POST['admin']); $user->setAdmin($_POST['admin']);
$user->save();
if($user->isUnique()) {
$user->save();
header('location: index.php?do=edit_users'); header('location: index.php?do=edit_users');
exit(); exit();
} }
else {
$tpl->assign('error', 'A user with the same login exists. Choose a different login.');
}
}
} }
if(!empty($_GET['user_id']) || $_GET['do'] == 'add_user') { if(!empty($_GET['user_id']) || $_GET['do'] == 'add_user') {

View File

@ -29,6 +29,7 @@
</table> </table>
{elseif condition="$view == 'edit_user'"} {elseif condition="$view == 'edit_user'"}
<h2>Edit a user</h2> <h2>Edit a user</h2>
{if condition="$error"}<p class="error">{$error}</p>{/if}
<form method="post" action="index.php?do=add_user" id="edit_user_form"> <form method="post" action="index.php?do=add_user" id="edit_user_form">
<p> <p>
<label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" {if condition="$login_post != ''"} value="{$login_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getLogin().'"' : ''} {/if}/> <label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" {if condition="$login_post != ''"} value="{$login_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getLogin().'"' : ''} {/if}/>

View File

@ -2,6 +2,7 @@
{if condition="!$show_settings"} {if condition="!$show_settings"}
<h2>Edit homepage notice</h2> <h2>Edit homepage notice</h2>
{if condition="$error"}<p class="error">{$error}</p>{/if}
<form method="post" id="notice_form" action="index.php?do=edit_notice"> <form method="post" id="notice_form" action="index.php?do=edit_notice">
<p> <p>
<label for="textarea_notice">Homepage notice :</label><br/> <label for="textarea_notice">Homepage notice :</label><br/>
@ -15,8 +16,8 @@
</form> </form>
{else} {else}
<h2>Change settings of your Bouffe@Ulm installation</h2> <h2>Change settings of your Bouffe@Ulm installation</h2>
{if condition="$error"}<p class="error">{$error}</p>{/if}
<form method="post" action="index.php?do=settings" id="settings_form"> <form method="post" action="index.php?do=settings" id="settings_form">
<fieldset> <fieldset>
<legend>Database</legend> <legend>Database</legend>