Prevents from adding two users with the same login + bug correction
This commit is contained in:
parent
c276d719cd
commit
b9b2d9d5e9
2
.gitignore
vendored
2
.gitignore
vendored
@ -1,4 +1,4 @@
|
||||
*~
|
||||
.*.sw*
|
||||
old
|
||||
data/config.php
|
||||
data/
|
||||
|
1
TODO
1
TODO
@ -3,7 +3,6 @@
|
||||
* htmlspecialchars => on users objects
|
||||
* handle negative amounts
|
||||
* Refactor load method to avoir load_* methods !
|
||||
* Empêcher deux fois le même login
|
||||
|
||||
install.php :
|
||||
=============
|
||||
|
@ -1,15 +1,15 @@
|
||||
<?php
|
||||
define('DATA_DIR', 'data'); // Data subdirectory
|
||||
define('IPBANS_FILENAME', DATADIR.'/ipbans.php'); // File storage for failures and bans.
|
||||
define('IPBANS_FILENAME', DATA_DIR.'/ipbans.php'); // File storage for failures and bans.
|
||||
define('BAN_AFTER', 5); // Ban IP after this many failures.
|
||||
define('BAN_DURATION', 1800); // Ban duration for IP address after login failures (in seconds) (1800 sec. = 30 minutes)
|
||||
if (!is_dir(DATADIR)) { mkdir(DATADIR,0705); chmod(DATADIR,0705); }
|
||||
if (!is_file(DATADIR.'/.htaccess')) { file_put_contents(DATADIR.'/.htaccess',"Allow from none\nDeny from all\n"); } // Protect data files.
|
||||
if (!is_dir(DATA_DIR)) { mkdir(DATA_DIR,0705); chmod(DATA_DIR,0705); }
|
||||
if (!is_file(DATA_DIR.'/.htaccess')) { file_put_contents(DATA_DIR.'/.htaccess',"Allow from none\nDeny from all\n"); } // Protect data files.
|
||||
|
||||
function logm($message)
|
||||
{
|
||||
$t = strval(date('Y/m/d_H:i:s')).' - '.$_SERVER["REMOTE_ADDR"].' - '.strval($message)."\n";
|
||||
file_put_contents(DATADIR.'/log.txt',$t,FILE_APPEND);
|
||||
file_put_contents(DATA_DIR.'/log.txt',$t,FILE_APPEND);
|
||||
}
|
||||
|
||||
|
||||
@ -63,7 +63,7 @@
|
||||
}
|
||||
|
||||
// Returns user IP
|
||||
function user_IPs()
|
||||
function user_ip()
|
||||
{
|
||||
$ip = $_SERVER["REMOTE_ADDR"];
|
||||
// Then we use more HTTP headers to prevent session hijacking from users behind the same proxy.
|
||||
|
@ -120,4 +120,13 @@ class User extends Storage {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
public function isUnique() {
|
||||
if(count($this->load_users(array('login'=>$this->login))) == 0) {
|
||||
return true;
|
||||
}
|
||||
else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
@ -6,7 +6,7 @@
|
||||
require_once('inc/Invoices.class.php');
|
||||
require_once('inc/rain.tpl.class.php');
|
||||
require_once('inc/functions.php');
|
||||
require_once('inc/Banc.inc.php');
|
||||
require_once('inc/Ban.inc.php');
|
||||
require_once('inc/CSRF.inc.php');
|
||||
raintpl::$tpl_dir = 'tpl/';
|
||||
raintpl::$cache_dir = 'tmp/';
|
||||
@ -150,11 +150,16 @@
|
||||
$user->setPassword($user->encrypt($_POST['password']));
|
||||
}
|
||||
$user->setAdmin($_POST['admin']);
|
||||
$user->save();
|
||||
|
||||
if($user->isUnique()) {
|
||||
$user->save();
|
||||
header('location: index.php?do=edit_users');
|
||||
exit();
|
||||
}
|
||||
else {
|
||||
$tpl->assign('error', 'A user with the same login exists. Choose a different login.');
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if(!empty($_GET['user_id']) || $_GET['do'] == 'add_user') {
|
||||
|
@ -29,6 +29,7 @@
|
||||
</table>
|
||||
{elseif condition="$view == 'edit_user'"}
|
||||
<h2>Edit a user</h2>
|
||||
{if condition="$error"}<p class="error">{$error}</p>{/if}
|
||||
<form method="post" action="index.php?do=add_user" id="edit_user_form">
|
||||
<p>
|
||||
<label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" {if condition="$login_post != ''"} value="{$login_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getLogin().'"' : ''} {/if}/>
|
||||
|
@ -2,6 +2,7 @@
|
||||
|
||||
{if condition="!$show_settings"}
|
||||
<h2>Edit homepage notice</h2>
|
||||
{if condition="$error"}<p class="error">{$error}</p>{/if}
|
||||
<form method="post" id="notice_form" action="index.php?do=edit_notice">
|
||||
<p>
|
||||
<label for="textarea_notice">Homepage notice :</label><br/>
|
||||
@ -15,8 +16,8 @@
|
||||
</form>
|
||||
|
||||
{else}
|
||||
|
||||
<h2>Change settings of your Bouffe@Ulm installation</h2>
|
||||
{if condition="$error"}<p class="error">{$error}</p>{/if}
|
||||
<form method="post" action="index.php?do=settings" id="settings_form">
|
||||
<fieldset>
|
||||
<legend>Database</legend>
|
||||
|
Loading…
Reference in New Issue
Block a user