Updated connexion form
(may not work - not tested) * Remember me option * IP ban system (if IP differs from session stored one) * Ban system if too many attempts
This commit is contained in:
parent
25425649f7
commit
f468fef559
1
TODO
1
TODO
@ -5,6 +5,7 @@
|
|||||||
* htmlspecialchars => on users objects
|
* htmlspecialchars => on users objects
|
||||||
* handle negative amounts
|
* handle negative amounts
|
||||||
* Refactor load method to avoir load_* methods !
|
* Refactor load method to avoir load_* methods !
|
||||||
|
* Empêcher deux fois le même login
|
||||||
|
|
||||||
install.php :
|
install.php :
|
||||||
=============
|
=============
|
||||||
|
73
inc/Ban.inc.php
Normal file
73
inc/Ban.inc.php
Normal file
@ -0,0 +1,73 @@
|
|||||||
|
<?php
|
||||||
|
define('DATA_DIR', 'data'); // Data subdirectory
|
||||||
|
define('IPBANS_FILENAME', DATADIR.'/ipbans.php'); // File storage for failures and bans.
|
||||||
|
define('BAN_AFTER', 5); // Ban IP after this many failures.
|
||||||
|
define('BAN_DURATION', 1800); // Ban duration for IP address after login failures (in seconds) (1800 sec. = 30 minutes)
|
||||||
|
if (!is_dir(DATADIR)) { mkdir(DATADIR,0705); chmod(DATADIR,0705); }
|
||||||
|
if (!is_file(DATADIR.'/.htaccess')) { file_put_contents(DATADIR.'/.htaccess',"Allow from none\nDeny from all\n"); } // Protect data files.
|
||||||
|
|
||||||
|
function logm($message)
|
||||||
|
{
|
||||||
|
$t = strval(date('Y/m/d_H:i:s')).' - '.$_SERVER["REMOTE_ADDR"].' - '.strval($message)."\n";
|
||||||
|
file_put_contents(DATADIR.'/log.txt',$t,FILE_APPEND);
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
// ------------------------------------------------------------------------------------------
|
||||||
|
// Brute force protection system
|
||||||
|
// Several consecutive failed logins will ban the IP address for 30 minutes.
|
||||||
|
if (!is_file(IPBANS_FILENAME)) file_put_contents(IPBANS_FILENAME, "<?php\n\$GLOBALS['IPBANS']=".var_export(array('FAILURES'=>array(),'BANS'=>array()),true).";\n?>");
|
||||||
|
include IPBANS_FILENAME;
|
||||||
|
// Signal a failed login. Will ban the IP if too many failures:
|
||||||
|
function ban_loginFailed()
|
||||||
|
{
|
||||||
|
$ip=$_SERVER["REMOTE_ADDR"]; $gb=$GLOBALS['IPBANS'];
|
||||||
|
if (!isset($gb['FAILURES'][$ip])) $gb['FAILURES'][$ip]=0;
|
||||||
|
$gb['FAILURES'][$ip]++;
|
||||||
|
if ($gb['FAILURES'][$ip]>(BAN_AFTER-1))
|
||||||
|
{
|
||||||
|
$gb['BANS'][$ip]=time()+BAN_DURATION;
|
||||||
|
logm('IP address banned from login');
|
||||||
|
}
|
||||||
|
$GLOBALS['IPBANS'] = $gb;
|
||||||
|
file_put_contents(IPBANS_FILENAME, "<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>");
|
||||||
|
}
|
||||||
|
|
||||||
|
// Signals a successful login. Resets failed login counter.
|
||||||
|
function ban_loginOk()
|
||||||
|
{
|
||||||
|
$ip=$_SERVER["REMOTE_ADDR"]; $gb=$GLOBALS['IPBANS'];
|
||||||
|
unset($gb['FAILURES'][$ip]); unset($gb['BANS'][$ip]);
|
||||||
|
$GLOBALS['IPBANS'] = $gb;
|
||||||
|
file_put_contents(IPBANS_FILENAME, "<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>");
|
||||||
|
logm('Login ok.');
|
||||||
|
}
|
||||||
|
|
||||||
|
// Checks if the user CAN login. If 'true', the user can try to login.
|
||||||
|
function ban_canLogin()
|
||||||
|
{
|
||||||
|
$ip=$_SERVER["REMOTE_ADDR"]; $gb=$GLOBALS['IPBANS'];
|
||||||
|
if (isset($gb['BANS'][$ip]))
|
||||||
|
{
|
||||||
|
// User is banned. Check if the ban has expired:
|
||||||
|
if ($gb['BANS'][$ip]<=time())
|
||||||
|
{ // Ban expired, user can try to login again.
|
||||||
|
logm('Ban lifted.');
|
||||||
|
unset($gb['FAILURES'][$ip]); unset($gb['BANS'][$ip]);
|
||||||
|
file_put_contents(IPBANS_FILENAME, "<?php\n\$GLOBALS['IPBANS']=".var_export($gb,true).";\n?>");
|
||||||
|
return true; // Ban has expired, user can login.
|
||||||
|
}
|
||||||
|
return false; // User is banned.
|
||||||
|
}
|
||||||
|
return true; // User is not banned.
|
||||||
|
}
|
||||||
|
|
||||||
|
// Returns user IP
|
||||||
|
function user_IPs()
|
||||||
|
{
|
||||||
|
$ip = $_SERVER["REMOTE_ADDR"];
|
||||||
|
// Then we use more HTTP headers to prevent session hijacking from users behind the same proxy.
|
||||||
|
if (isset($_SERVER['HTTP_X_FORWARDED_FOR'])) { $ip=$ip.'_'.$_SERVER['HTTP_X_FORWARDED_FOR']; }
|
||||||
|
if (isset($_SERVER['HTTP_CLIENT_IP'])) { $ip=$ip.'_'.$_SERVER['HTTP_CLIENT_IP']; }
|
||||||
|
return $ip;
|
||||||
|
}
|
83
index.php
83
index.php
@ -1,11 +1,12 @@
|
|||||||
<?php
|
<?php
|
||||||
// Include necessary files
|
// Include necessary files
|
||||||
if(!file_exists('data/config.php')) header('location: install.php');
|
if(!file_exists('data/config.php')) { header('location: install.php'); exit(); }
|
||||||
require_once('data/config.php');
|
require_once('data/config.php');
|
||||||
require_once('inc/User.class.php');
|
require_once('inc/User.class.php');
|
||||||
require_once('inc/Invoices.class.php');
|
require_once('inc/Invoices.class.php');
|
||||||
require_once('inc/rain.tpl.class.php');
|
require_once('inc/rain.tpl.class.php');
|
||||||
require_once('inc/functions.php');
|
require_once('inc/functions.php');
|
||||||
|
require_once('inc/Banc.inc.php');
|
||||||
raintpl::$tpl_dir = 'tpl/';
|
raintpl::$tpl_dir = 'tpl/';
|
||||||
raintpl::$cache_dir = 'tmp/';
|
raintpl::$cache_dir = 'tmp/';
|
||||||
|
|
||||||
@ -17,9 +18,30 @@
|
|||||||
$tpl->assign('error', '');
|
$tpl->assign('error', '');
|
||||||
$tpl->assign('base_url', htmlspecialchars(BASE_URL));
|
$tpl->assign('base_url', htmlspecialchars(BASE_URL));
|
||||||
$tpl->assign('currency', htmlspecialchars(CURRENCY));
|
$tpl->assign('currency', htmlspecialchars(CURRENCY));
|
||||||
|
$tpl->assign('email_webmaster', htmlspecialchars(EMAIL_WEBMASTER));
|
||||||
|
|
||||||
|
// Set sessions parameters
|
||||||
|
ini_set('session.use_cookies', 1);
|
||||||
|
ini_set('session.use_only_cookies', 1);
|
||||||
|
ini_set('session.use_trans_sid', false);
|
||||||
|
session_name('bouffeatulm');
|
||||||
|
|
||||||
|
// Regenerate session if needed
|
||||||
|
$cookie = session_get_cookie_params();
|
||||||
|
$cookie_dir = ''; if(dirname($_SERVER['SCRIPT_NAME']) != '/') $cookie_dir = dirname($_SERVER['SCRIPT_NAME']);
|
||||||
|
session_set_cookie_params($cookie['lifetime'], $cookie_dir, $_SERVER['HTTP_HOST']);
|
||||||
|
session_regenerate_id(true);
|
||||||
|
|
||||||
// Handle current user status
|
// Handle current user status
|
||||||
session_start();
|
if(session_id() == '') session_start();
|
||||||
|
|
||||||
|
// If IP has changed, logout
|
||||||
|
if(user_ip() != $_SESSION['ip']) {
|
||||||
|
session_destroy();
|
||||||
|
header('location: index.php?do=connect');
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
$current_user = new User();
|
$current_user = new User();
|
||||||
if(isset($_SESSION['current_user'])) {
|
if(isset($_SESSION['current_user'])) {
|
||||||
$current_user->sessionRestore($_SESSION['current_user'], true);
|
$current_user->sessionRestore($_SESSION['current_user'], true);
|
||||||
@ -32,6 +54,7 @@
|
|||||||
// If not connected, redirect to connection page
|
// If not connected, redirect to connection page
|
||||||
if($current_user === false && (empty($_GET['do']) OR $_GET['do'] != 'connect')) {
|
if($current_user === false && (empty($_GET['do']) OR $_GET['do'] != 'connect')) {
|
||||||
header('location: index.php?do=connect');
|
header('location: index.php?do=connect');
|
||||||
|
exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
// Initialize empty $_GET['do'] if required to avoid error
|
// Initialize empty $_GET['do'] if required to avoid error
|
||||||
@ -44,17 +67,38 @@
|
|||||||
case 'connect':
|
case 'connect':
|
||||||
if($current_user !== false) {
|
if($current_user !== false) {
|
||||||
header('location: index.php');
|
header('location: index.php');
|
||||||
|
exit();
|
||||||
}
|
}
|
||||||
if(!empty($_POST['login']) && !empty($_POST['password'])) {
|
if(!empty($_POST['login']) && !empty($_POST['password'])) {
|
||||||
$user = new User();
|
$user = new User();
|
||||||
$user->setLogin($_POST['login']);
|
$user->setLogin($_POST['login']);
|
||||||
if($user->exists($_POST['login']) && $user->checkPassword($_POST['password'])) {
|
if(ban_canLogin() == false) {
|
||||||
$_SESSION['current_user'] = $user->sessionStore();
|
$error = "Unknown username / password.";
|
||||||
header('location: index.php');
|
|
||||||
exit();
|
|
||||||
}
|
}
|
||||||
else {
|
else {
|
||||||
$error = "Unknown username/password.";
|
if($user->exists($_POST['login']) && $user->checkPassword($_POST['password'])) {
|
||||||
|
ban_loginOk();
|
||||||
|
$_SESSION['current_user'] = $user->sessionStore();
|
||||||
|
$_SESSION['ip'] = user_ip();
|
||||||
|
|
||||||
|
if(!empty($_POST['remember_me'])) { // Handle remember me cookie
|
||||||
|
$_SESSION['remember_me'] = 31536000;
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
$_SESSION['remember_me'] = 0;
|
||||||
|
}
|
||||||
|
|
||||||
|
$cookie_dir = ''; if(dirname($_SERVER['SCRIPT_NAME']) != '/') $cookie_dir = dirname($_SERVER['SCRIPT_NAME']);
|
||||||
|
session_set_cookie_params($_SESSION['remember_me'], $cookie_dir, $_SERVER['HTTP_HOST']);
|
||||||
|
session_regenerate_id(true);
|
||||||
|
|
||||||
|
header('location: index.php');
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
else {
|
||||||
|
ban_loginFailed();
|
||||||
|
$error = "Unknown username/password.";
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
$tpl->assign('connection', true);
|
$tpl->assign('connection', true);
|
||||||
@ -72,7 +116,7 @@
|
|||||||
case 'password':
|
case 'password':
|
||||||
if(!empty($_POST['password']) && !empty($_POST['password_confirm'])) {
|
if(!empty($_POST['password']) && !empty($_POST['password_confirm'])) {
|
||||||
if($_POST['password'] == $_POST['password_confirm']) {
|
if($_POST['password'] == $_POST['password_confirm']) {
|
||||||
$current_user->setPassword($user->encrypt($_POST['password']));
|
$current_user->setPassword($current_user->encrypt($_POST['password']));
|
||||||
$current_user->save();
|
$current_user->save();
|
||||||
|
|
||||||
header('location: index.php');
|
header('location: index.php');
|
||||||
@ -90,6 +134,7 @@
|
|||||||
case 'add_user':
|
case 'add_user':
|
||||||
if(!$current_user->getAdmin()) {
|
if(!$current_user->getAdmin()) {
|
||||||
header('location: index.php');
|
header('location: index.php');
|
||||||
|
exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!empty($_POST['login']) && !empty($_POST['display_name']) && (!empty($_POST['password']) || !empty($_POST['user_id'])) && isset($_POST['admin'])) {
|
if(!empty($_POST['login']) && !empty($_POST['display_name']) && (!empty($_POST['password']) || !empty($_POST['user_id'])) && isset($_POST['admin'])) {
|
||||||
@ -98,7 +143,7 @@
|
|||||||
$user->setId($_POST['user_id']);
|
$user->setId($_POST['user_id']);
|
||||||
}
|
}
|
||||||
$user->setLogin($_POST['login']);
|
$user->setLogin($_POST['login']);
|
||||||
$user->setDisplayName($_POST['login']);
|
$user->setDisplayName($_POST['display_name']);
|
||||||
if(!empty($_POST['password'])) {
|
if(!empty($_POST['password'])) {
|
||||||
$user->setPassword($user->encrypt($_POST['password']));
|
$user->setPassword($user->encrypt($_POST['password']));
|
||||||
}
|
}
|
||||||
@ -157,7 +202,7 @@
|
|||||||
break;
|
break;
|
||||||
|
|
||||||
case 'settings':
|
case 'settings':
|
||||||
if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_db']) && !empty($_POST['currency']) && !empty($_POST['instance_title']) && !empty($_POST['base_url']) && !empty($_POST['timezone'])) {
|
if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_db']) && !empty($_POST['currency']) && !empty($_POST['instance_title']) && !empty($_POST['base_url']) && !empty($_POST['timezone']) && !empty($_POST['email_webmaster'])) {
|
||||||
if(!is_writable('data/')) {
|
if(!is_writable('data/')) {
|
||||||
$tpl>assign('error', 'The script can\'t write in data/ dir, check permissions set on this folder.');
|
$tpl>assign('error', 'The script can\'t write in data/ dir, check permissions set on this folder.');
|
||||||
}
|
}
|
||||||
@ -165,21 +210,23 @@
|
|||||||
|
|
||||||
foreach($config as $line_number=>$line) {
|
foreach($config as $line_number=>$line) {
|
||||||
if(strpos($line, "MYSQL_HOST") !== FALSE)
|
if(strpos($line, "MYSQL_HOST") !== FALSE)
|
||||||
$config[$line_number] = "\tdefine('".$_POST['mysql_host']."');\n";
|
$config[$line_number] = "\tdefine('MYSQL_HOST', '".$_POST['mysql_host']."');\n";
|
||||||
elseif(strpos($line, "MYSQL_LOGIN") !== FALSE)
|
elseif(strpos($line, "MYSQL_LOGIN") !== FALSE)
|
||||||
$config[$line_number] = "\tdefine('".$_POST['mysql_login']."');\n";
|
$config[$line_number] = "\tdefine('MYSQL_LOGIN', '".$_POST['mysql_login']."');\n";
|
||||||
elseif(strpos($line, "MYSQL_PASSWORD") !== FALSE && !empty($_POST['mysql_password']))
|
elseif(strpos($line, "MYSQL_PASSWORD") !== FALSE && !empty($_POST['mysql_password']))
|
||||||
$config[$line_number] = "\tdefine('".$_POST['mysql_password']."');\n";
|
$config[$line_number] = "\tdefine('MYSQL_PASSWORD', '".$_POST['mysql_password']."');\n";
|
||||||
elseif(strpos($line, "MYSQL_DB") !== FALSE)
|
elseif(strpos($line, "MYSQL_DB") !== FALSE)
|
||||||
$config[$line_number] = "\tdefine('".$_POST['mysql_db']."');\n";
|
$config[$line_number] = "\tdefine('MYSQL_DB', '".$_POST['mysql_db']."');\n";
|
||||||
elseif(strpos($line, "MYSQL_PREFIX") !== FALSE && !empty($_POST['mysql_prefix']))
|
elseif(strpos($line, "MYSQL_PREFIX") !== FALSE && !empty($_POST['mysql_prefix']))
|
||||||
$config[$line_number] = "\tdefine('".$_POST['mysql_prefix']."');\n";
|
$config[$line_number] = "\tdefine('MYSQL_PREFIX', '".$_POST['mysql_prefix']."');\n";
|
||||||
elseif(strpos($line, "INSTANCE_TITLE") !== FALSE)
|
elseif(strpos($line, "INSTANCE_TITLE") !== FALSE)
|
||||||
$config[$line_number] = "\tdefine('".$_POST['instance_title']."');\n";
|
$config[$line_number] = "\tdefine('INSTANCE_TITLE', '".$_POST['instance_title']."');\n";
|
||||||
elseif(strpos($line, "BASE_URL") !== FALSE)
|
elseif(strpos($line, "BASE_URL") !== FALSE)
|
||||||
$config[$line_number] = "\tdefine('".$_POST['base_url']."');\n";
|
$config[$line_number] = "\tdefine('BASE_URL', '".$_POST['base_url']."');\n";
|
||||||
elseif(strpos($line, "CURRENCY") !== FALSE)
|
elseif(strpos($line, "CURRENCY") !== FALSE)
|
||||||
$config[$line_number] = "\tdefine('".$_POST['currency']."');\n";
|
$config[$line_number] = "\tdefine('CURRENCY', '".$_POST['currency']."');\n";
|
||||||
|
elseif(strpos($line, "EMAIL_WEBMASTER") !== FALSE)
|
||||||
|
$config[$line_number] = "\tdefine('EMAIL_WEBMASTER', '".$_POST['email_webmaster']."');\n";
|
||||||
elseif(strpos($line_number, 'date_default_timezone_set') !== FALSE)
|
elseif(strpos($line_number, 'date_default_timezone_set') !== FALSE)
|
||||||
$config[$line_number] = "\tdate_default_timezone_set('".$_POST['timezone']."');\n";
|
$config[$line_number] = "\tdate_default_timezone_set('".$_POST['timezone']."');\n";
|
||||||
}
|
}
|
||||||
|
@ -11,7 +11,7 @@
|
|||||||
$block_form = true;
|
$block_form = true;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_db']) && !empty($_POST['admin_login']) && !empty($_POST['admin_password']) && !empty($_POST['currency']) && !empty($_POST['instance_title']) && !empty($_POST['base_url']) && !empty($_POST['timezone'])) {
|
if(!empty($_POST['mysql_host']) && !empty($_POST['mysql_login']) && !empty($_POST['mysql_db']) && !empty($_POST['admin_login']) && !empty($_POST['admin_password']) && !empty($_POST['currency']) && !empty($_POST['instance_title']) && !empty($_POST['base_url']) && !empty($_POST['timezone']) && !empty($_POST['email_webmaster'])) {
|
||||||
$mysql_host = $_POST['mysql_host'];
|
$mysql_host = $_POST['mysql_host'];
|
||||||
$mysql_login = $_POST['mysql_login'];
|
$mysql_login = $_POST['mysql_login'];
|
||||||
$mysql_db = $_POST['mysql_db'];
|
$mysql_db = $_POST['mysql_db'];
|
||||||
@ -36,6 +36,10 @@
|
|||||||
$error = 'Unable to connect to database, check your credentials and config.<br/>Error message : '.$e->getMessage().'.';
|
$error = 'Unable to connect to database, check your credentials and config.<br/>Error message : '.$e->getMessage().'.';
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(!filter_var($_POST['email_webmaster'], FILTER_VALIDATE_EMAIL)) {
|
||||||
|
$email = 'Webmaster\'s e-mail address is invalid.';
|
||||||
|
}
|
||||||
|
|
||||||
if(empty($error)) {
|
if(empty($error)) {
|
||||||
if(function_exists('mcrypt_create_iv')) {
|
if(function_exists('mcrypt_create_iv')) {
|
||||||
$salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
|
$salt = strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
|
||||||
@ -57,6 +61,7 @@
|
|||||||
define('BASE_URL', '".$_POST['base_url']."');
|
define('BASE_URL', '".$_POST['base_url']."');
|
||||||
define('SALT', '".$salt."');
|
define('SALT', '".$salt."');
|
||||||
define('CURRENCY', '".$_POST['currency']."');
|
define('CURRENCY', '".$_POST['currency']."');
|
||||||
|
define('EMAIL_WEBMASTER', '".$_POST['email_webmaster']."');
|
||||||
|
|
||||||
date_default_timezone_set('".$_POST['timezone']."');
|
date_default_timezone_set('".$_POST['timezone']."');
|
||||||
";
|
";
|
||||||
@ -126,6 +131,7 @@
|
|||||||
<label for="timezone">Timezone : </label><input type="text" name="timezone" id="timezone" value="<?php echo @date_default_timezone_get();?>"/><br/>
|
<label for="timezone">Timezone : </label><input type="text" name="timezone" id="timezone" value="<?php echo @date_default_timezone_get();?>"/><br/>
|
||||||
<em>For example :</em> Europe/Paris. See the doc for more info.
|
<em>For example :</em> Europe/Paris. See the doc for more info.
|
||||||
</p>
|
</p>
|
||||||
|
<p><label for="email_webmaster">Webmaster's email : </label><input type="text" name="email_webmaster" id="email_webmaster"/></p>
|
||||||
</fieldset>
|
</fieldset>
|
||||||
<fieldset>
|
<fieldset>
|
||||||
<legend>Administrator</legend>
|
<legend>Administrator</legend>
|
||||||
|
2
tmp/connexion.af3906cfde643ae7f290cfdc51cc9342.rtpl.php
Executable file → Normal file
2
tmp/connexion.af3906cfde643ae7f290cfdc51cc9342.rtpl.php
Executable file → Normal file
@ -6,7 +6,9 @@
|
|||||||
<form method="post" action="index.php?do=connect" id="connexion_form">
|
<form method="post" action="index.php?do=connect" id="connexion_form">
|
||||||
<p><label for="login" class="label-block">Username : </label><input type="text" name="login" id="login" value="<?php echo $user_post;?>"/></p>
|
<p><label for="login" class="label-block">Username : </label><input type="text" name="login" id="login" value="<?php echo $user_post;?>"/></p>
|
||||||
<p><label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/></p>
|
<p><label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/></p>
|
||||||
|
<p><input type="checkbox" name="remember_me" id="remember_me"/><label for="remember_me"> Remember me ?</label></p>
|
||||||
<p><input type="submit" value="Connect"/></p>
|
<p><input type="submit" value="Connect"/></p>
|
||||||
|
<p><a href="mailto:<?php echo $email_webmaster;?>?subject=<?php echo $instance_title;?>%20password">Forgotten password ?</a></p>
|
||||||
</form>
|
</form>
|
||||||
|
|
||||||
<?php $tpl = new RainTPL;$tpl_dir_temp = self::$tpl_dir;$tpl->assign( $this->var );$tpl->draw( dirname("footer") . ( substr("footer",-1,1) != "/" ? "/" : "" ) . basename("footer") );?>
|
<?php $tpl = new RainTPL;$tpl_dir_temp = self::$tpl_dir;$tpl->assign( $this->var );$tpl->draw( dirname("footer") . ( substr("footer",-1,1) != "/" ? "/" : "" ) . basename("footer") );?>
|
||||||
|
7
tmp/edit_users.af3906cfde643ae7f290cfdc51cc9342.rtpl.php
Executable file → Normal file
7
tmp/edit_users.af3906cfde643ae7f290cfdc51cc9342.rtpl.php
Executable file → Normal file
@ -15,6 +15,7 @@
|
|||||||
<tr>
|
<tr>
|
||||||
<th>Id</th>
|
<th>Id</th>
|
||||||
<th>Login</th>
|
<th>Login</th>
|
||||||
|
<th>Display Name</th>
|
||||||
<th>Is admin ?</th>
|
<th>Is admin ?</th>
|
||||||
<th>Edit</th>
|
<th>Edit</th>
|
||||||
<th>Delete</th>
|
<th>Delete</th>
|
||||||
@ -24,6 +25,7 @@
|
|||||||
<tr>
|
<tr>
|
||||||
<td><?php echo $value1->getId();?></td>
|
<td><?php echo $value1->getId();?></td>
|
||||||
<td><?php echo $value1->getLogin();?></td>
|
<td><?php echo $value1->getLogin();?></td>
|
||||||
|
<td><?php echo $value1->getDisplayName();?></td>
|
||||||
<td><?php echo $value1->getAdmin() ? "Yes" : "No";?></td>
|
<td><?php echo $value1->getAdmin() ? "Yes" : "No";?></td>
|
||||||
<td><a href="index.php?do=edit_users&user_id=<?php echo $value1->getId();?>">Edit</a></td>
|
<td><a href="index.php?do=edit_users&user_id=<?php echo $value1->getId();?>">Edit</a></td>
|
||||||
<td><?php if( $value1->getId() != $current_user->getId() ){ ?><a href="index.php?do=delete_user&user_id=<?php echo $value1->getId();?>">Delete</a><?php } ?></td>
|
<td><?php if( $value1->getId() != $current_user->getId() ){ ?><a href="index.php?do=delete_user&user_id=<?php echo $value1->getId();?>">Delete</a><?php } ?></td>
|
||||||
@ -36,7 +38,10 @@
|
|||||||
<h2>Edit a user</h2>
|
<h2>Edit a user</h2>
|
||||||
<form method="post" action="index.php?do=add_user" id="edit_user_form">
|
<form method="post" action="index.php?do=add_user" id="edit_user_form">
|
||||||
<p>
|
<p>
|
||||||
<label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" <?php if( $login_post != '' ){ ?> value="<?php echo $login_post;?>" <?php }else{ ?> <?php echo $user_id != -1 ? 'value="'.$user_data->getLogin().'"' : '';?> <?php } ?>/>
|
<label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" <?php if( $login_post != '' ){ ?> value="<?php echo $login_post;?>" <?php }else{ ?> <?php echo $user_id != -1 ? 'value="'.$user_data->getLogin().'"' : '';?> <?php } ?>/>
|
||||||
|
</p>
|
||||||
|
<p>
|
||||||
|
<label for="display_name" class="label-block">Displayed name : </label><input type="text" name="display_name" id="display_name" <?php if( $display_name_post != '' ){ ?> value="<?php echo $display_name_post;?>" {/else} <?php echo $user_id != -1 ? 'value="'.$user_data->getDisplayName().'"' : '';?> <?php } ?>/>
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
<label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/>
|
<label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/>
|
||||||
|
0
tmp/footer.36ba0f7e771a8681573a91518b54b424.rtpl.php
Executable file → Normal file
0
tmp/footer.36ba0f7e771a8681573a91518b54b424.rtpl.php
Executable file → Normal file
0
tmp/header.36ba0f7e771a8681573a91518b54b424.rtpl.php
Executable file → Normal file
0
tmp/header.36ba0f7e771a8681573a91518b54b424.rtpl.php
Executable file → Normal file
0
tmp/index.af3906cfde643ae7f290cfdc51cc9342.rtpl.php
Executable file → Normal file
0
tmp/index.af3906cfde643ae7f290cfdc51cc9342.rtpl.php
Executable file → Normal file
@ -1,56 +0,0 @@
|
|||||||
<?php if(!class_exists('raintpl')){exit;}?><?php $tpl = new RainTPL;$tpl_dir_temp = self::$tpl_dir;$tpl->assign( $this->var );$tpl->draw( dirname("header") . ( substr("header",-1,1) != "/" ? "/" : "" ) . basename("header") );?>
|
|
||||||
|
|
||||||
|
|
||||||
<h2>Add a bill</h2>
|
|
||||||
|
|
||||||
<form method="post" action="index.php?do=new_invoice" id="invoice_form">
|
|
||||||
<p>
|
|
||||||
<label for="what">What ? </label>
|
|
||||||
</p>
|
|
||||||
<textarea name="what" id="what" rows="10"><?php echo $what_post;?></textarea>
|
|
||||||
<p>
|
|
||||||
<label for="amount">Amount : </label>
|
|
||||||
<input type="text" name="amount" id="amount" <?php if( $amount_post != 0 ){ ?> value="<?php echo $amount_post;?>" <?php } ?> size="5"/> <?php echo $currency;?>
|
|
||||||
|
|
||||||
</p>
|
|
||||||
<p>
|
|
||||||
<label for="date_day">Date : </label>
|
|
||||||
<select name="date_day" id="date_day">
|
|
||||||
<?php $counter1=-1; if( isset($days) && is_array($days) && sizeof($days) ) foreach( $days as $key1 => $value1 ){ $counter1++; ?>
|
|
||||||
|
|
||||||
<option value="<?php echo $value1;?>" <?php if( $value1 == $day_post ){ ?>selected<?php } ?>><?php echo $value1;?></option>
|
|
||||||
<?php } ?>
|
|
||||||
|
|
||||||
</select> /
|
|
||||||
<select name="date_month" id="date_month" onchange="set_days_month_year();">
|
|
||||||
<?php $counter1=-1; if( isset($months) && is_array($months) && sizeof($months) ) foreach( $months as $key1 => $value1 ){ $counter1++; ?>
|
|
||||||
|
|
||||||
<option value="<?php echo $value1;?>" <?php if( $value1 == $month_post ){ ?>selected<?php } ?>><?php echo $value1;?></option>
|
|
||||||
<?php } ?>
|
|
||||||
|
|
||||||
</select> /
|
|
||||||
<select name="date_year" id="date_year" onchange="set_days_month_year();">
|
|
||||||
<?php $counter1=-1; if( isset($years) && is_array($years) && sizeof($years) ) foreach( $years as $key1 => $value1 ){ $counter1++; ?>
|
|
||||||
|
|
||||||
<option value="<?php echo $value1;?>" <?php if( $value1 == $year_post ){ ?>selected<?php } ?>><?php echo $value1;?></option>
|
|
||||||
<?php } ?>
|
|
||||||
|
|
||||||
</select>
|
|
||||||
</p>
|
|
||||||
<p>
|
|
||||||
Users in ?
|
|
||||||
<?php $counter1=-1; if( isset($users) && is_array($users) && sizeof($users) ) foreach( $users as $key1 => $value1 ){ $counter1++; ?>
|
|
||||||
|
|
||||||
<br/><input type="checkbox" name="users_in[]" value="<?php echo $value1->getId();?>" id="users_in_<?php echo $value1->getId();?>" <?php if( $current_user->getId() == $value1->getId() || in_array($value1->getId(), $users_in) ){ ?> checked <?php } ?>/> <label for="users_in_<?php echo $value1->getId();?>"><?php echo $value1->getDisplayName();?></label> and <input type="text" name="guest_user_<?php echo $value1->getId();?>" id="guest_user_<?php echo $value1->getId();?>" size="1" <?php if( in_array($value1->getId(), $users_in) ){ ?> value="<?php echo $guests[$value1->getId()];?>" <?php }else{ ?> value="0" <?php } ?> onkeyup="guest_user_label(<?php echo $value1->getId();?>);"/><label for="guest_user_<?php echo $value1->getId();?>" id="guest_user_<?php echo $value1->getId();?>_label"> guest</label>.
|
|
||||||
<?php } ?>
|
|
||||||
|
|
||||||
</p>
|
|
||||||
<p>
|
|
||||||
<input type="submit" value="Add"/>
|
|
||||||
<?php if( $id != 0 ){ ?><input type="hidden" name="id" value="<?php echo $id;?>"/><?php } ?>
|
|
||||||
|
|
||||||
</p>
|
|
||||||
</form>
|
|
||||||
|
|
||||||
<?php $tpl = new RainTPL;$tpl_dir_temp = self::$tpl_dir;$tpl->assign( $this->var );$tpl->draw( dirname("footer") . ( substr("footer",-1,1) != "/" ? "/" : "" ) . basename("footer") );?>
|
|
||||||
|
|
1
tmp/settings.af3906cfde643ae7f290cfdc51cc9342.rtpl.php
Executable file → Normal file
1
tmp/settings.af3906cfde643ae7f290cfdc51cc9342.rtpl.php
Executable file → Normal file
@ -48,6 +48,7 @@
|
|||||||
<label for="timezone">Timezone : </label><input type="text" name="timezone" id="timezone" value="<?php echo $timezone;?>"/><br/>
|
<label for="timezone">Timezone : </label><input type="text" name="timezone" id="timezone" value="<?php echo $timezone;?>"/><br/>
|
||||||
<em>For example :</em> Europe/Paris. See the doc for more info.
|
<em>For example :</em> Europe/Paris. See the doc for more info.
|
||||||
</p>
|
</p>
|
||||||
|
<p><label for="email_webmaster">Webmaster's email : </label><input type="text" name="email_webmaster" id="email_webmaster" value="<?php echo $email_webmaster;?>"/></p>
|
||||||
</fieldset>
|
</fieldset>
|
||||||
<p class="center"><input type="submit" value="Update settings"></p>
|
<p class="center"><input type="submit" value="Update settings"></p>
|
||||||
</form>
|
</form>
|
||||||
|
@ -5,7 +5,9 @@
|
|||||||
<form method="post" action="index.php?do=connect" id="connexion_form">
|
<form method="post" action="index.php?do=connect" id="connexion_form">
|
||||||
<p><label for="login" class="label-block">Username : </label><input type="text" name="login" id="login" value="{$user_post}"/></p>
|
<p><label for="login" class="label-block">Username : </label><input type="text" name="login" id="login" value="{$user_post}"/></p>
|
||||||
<p><label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/></p>
|
<p><label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/></p>
|
||||||
|
<p><input type="checkbox" name="remember_me" id="remember_me" value="1"/><label for="remember_me"> Remember me ?</label></p>
|
||||||
<p><input type="submit" value="Connect"/></p>
|
<p><input type="submit" value="Connect"/></p>
|
||||||
|
<p><a href="mailto:{$email_webmaster}?subject={$instance_title}%20password">Forgotten password ?</a></p>
|
||||||
</form>
|
</form>
|
||||||
|
|
||||||
{include="footer"}
|
{include="footer"}
|
||||||
|
@ -34,7 +34,7 @@
|
|||||||
<label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" {if condition="$login_post != ''"} value="{$login_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getLogin().'"' : ''} {/if}/>
|
<label for="login" class="label-block">Login : </label><input type="text" name="login" id="login" {if condition="$login_post != ''"} value="{$login_post}" {else} {$user_id != -1 ? 'value="'.$user_data->getLogin().'"' : ''} {/if}/>
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
<label for="display_name" class="label-block">Displayed name : </label><input type="text" name="display_name" id="display_name" {if condition="$display_name_post != ''"} value="{$display_name_post}" {/else} {$user_id != -& ? 'value="'.$user_data->getDisplayName().'"' : ''} {/if}/>
|
<label for="display_name" class="label-block">Displayed name : </label><input type="text" name="display_name" id="display_name" {if condition="$display_name_post != ''"} value="{$display_name_post}" {/else} {$user_id != -1 ? 'value="'.$user_data->getDisplayName().'"' : ''} {/if}/>
|
||||||
</p>
|
</p>
|
||||||
<p>
|
<p>
|
||||||
<label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/>
|
<label for="password" class="label-block">Password : </label><input type="password" name="password" id="password"/>
|
||||||
|
@ -45,6 +45,7 @@
|
|||||||
<label for="timezone">Timezone : </label><input type="text" name="timezone" id="timezone" value="{$timezone}"/><br/>
|
<label for="timezone">Timezone : </label><input type="text" name="timezone" id="timezone" value="{$timezone}"/><br/>
|
||||||
<em>For example :</em> Europe/Paris. See the doc for more info.
|
<em>For example :</em> Europe/Paris. See the doc for more info.
|
||||||
</p>
|
</p>
|
||||||
|
<p><label for="email_webmaster">Webmaster's email : </label><input type="text" name="email_webmaster" id="email_webmaster" value="{$email_webmaster}"/></p>
|
||||||
</fieldset>
|
</fieldset>
|
||||||
<p class="center"><input type="submit" value="Update settings"></p>
|
<p class="center"><input type="submit" value="Update settings"></p>
|
||||||
</form>
|
</form>
|
||||||
|
Loading…
Reference in New Issue
Block a user