Prevents from adding two users with the same login + bug correction

This commit is contained in:
Phyks 2013-08-25 00:06:14 +02:00
parent c276d719cd
commit b9b2d9d5e9
7 changed files with 27 additions and 12 deletions

2
.gitignore vendored
View File

@ -1,4 +1,4 @@
*~
.*.sw*
old
data/config.php
data/

1
TODO
View File

@ -3,7 +3,6 @@
* htmlspecialchars => on users objects
* handle negative amounts
* Refactor load method to avoir load_* methods !
* Empêcher deux fois le même login
install.php :
=============

View File

@ -1,15 +1,15 @@
<?php
define('DATA_DIR', 'data'); // Data subdirectory
define('IPBANS_FILENAME', DATADIR.'/ipbans.php'); // File storage for failures and bans.
define('IPBANS_FILENAME', DATA_DIR.'/ipbans.php'); // File storage for failures and bans.
define('BAN_AFTER', 5); // Ban IP after this many failures.
define('BAN_DURATION', 1800); // Ban duration for IP address after login failures (in seconds) (1800 sec. = 30 minutes)
if (!is_dir(DATADIR)) { mkdir(DATADIR,0705); chmod(DATADIR,0705); }
if (!is_file(DATADIR.'/.htaccess')) { file_put_contents(DATADIR.'/.htaccess',"Allow from none\nDeny from all\n"); } // Protect data files.
if (!is_dir(DATA_DIR)) { mkdir(DATA_DIR,0705); chmod(DATA_DIR,0705); }
if (!is_file(DATA_DIR.'/.htaccess')) { file_put_contents(DATA_DIR.'/.htaccess',"Allow from none\nDeny from all\n"); } // Protect data files.
function logm($message)
{
$t = strval(date('Y/m/d_H:i:s')).' - '.$_SERVER["REMOTE_ADDR"].' - '.strval($message)."\n";
file_put_contents(DATADIR.'/log.txt',$t,FILE_APPEND);
file_put_contents(DATA_DIR.'/log.txt',$t,FILE_APPEND);
}
@ -63,7 +63,7 @@
}
// Returns user IP
function user_IPs()
function user_ip()
{
$ip = $_SERVER["REMOTE_ADDR"];
// Then we use more HTTP headers to prevent session hijacking from users behind the same proxy.

View File

@ -120,4 +120,13 @@ class User extends Storage {
return false;
}
}
public function isUnique() {
if(count($this->load_users(array('login'=>$this->login))) == 0) {
return true;
}
else {
return false;
}
}
}

View File

@ -6,7 +6,7 @@
require_once('inc/Invoices.class.php');
require_once('inc/rain.tpl.class.php');
require_once('inc/functions.php');
require_once('inc/Banc.inc.php');
require_once('inc/Ban.inc.php');
require_once('inc/CSRF.inc.php');
raintpl::$tpl_dir = 'tpl/';
raintpl::$cache_dir = 'tmp/';
@ -150,11 +150,16 @@
$user->setPassword($user->encrypt($_POST['password']));
}
$user->setAdmin($_POST['admin']);
$user->save();
if($user->isUnique()) {
$user->save();
header('location: index.php?do=edit_users');
exit();
}
else {
$tpl->assign('error', 'A user with the same login exists. Choose a different login.');
}
}
}
if(!empty($_GET['user_id']) || $_GET['do'] == 'add_user') {

View File

@ -29,6 +29,7 @@
</table>
{elseif condition="$view == 'edit_user'"}
<h2>Edit a user</h2>
{if condition="$error"}<p class="error">{$error}</p>{/if}
<form method="post" action="index.php?do=add_user" id="edit_user_form">
<p>
<label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" {if condition="$login_post != ''"} value="{$login_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getLogin().'"' : ''} {/if}/>

View File

@ -2,6 +2,7 @@
{if condition="!$show_settings"}
<h2>Edit homepage notice</h2>
{if condition="$error"}<p class="error">{$error}</p>{/if}
<form method="post" id="notice_form" action="index.php?do=edit_notice">
<p>
<label for="textarea_notice">Homepage notice :</label><br/>
@ -15,8 +16,8 @@
</form>
{else}
<h2>Change settings of your Bouffe@Ulm installation</h2>
{if condition="$error"}<p class="error">{$error}</p>{/if}
<form method="post" action="index.php?do=settings" id="settings_form">
<fieldset>
<legend>Database</legend>