Commit 574efcf4e085717934d4bc2ddb3d5651634f4b28
1 parent
a84c060a
- corrected bug in user-editing which caused password to re-md5.
- added "doLimitedUpdate" utility method to User.inc, to blacklist update of s ome fields. (nbm, please review.) - added password-editing into userEdit. git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@4226 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
3 changed files
with
132 additions
and
3 deletions
lib/users/User.inc
| ... | ... | @@ -24,6 +24,9 @@ |
| 24 | 24 | * @author Rob Cherry, Jam Warehouse (Pty) Ltd, South Africa |
| 25 | 25 | * @package lib.unitmanagement |
| 26 | 26 | */ |
| 27 | + | |
| 28 | +require_once(KT_LIB_DIR . '/database/dbutil.inc'); | |
| 29 | + | |
| 27 | 30 | class User extends KTEntity { |
| 28 | 31 | /** user's login name */ |
| 29 | 32 | var $sUserName; |
| ... | ... | @@ -181,7 +184,39 @@ class User extends KTEntity { |
| 181 | 184 | function &get($iId) { |
| 182 | 185 | return KTEntityUtil::get('User', $iId); |
| 183 | 186 | } |
| 184 | - | |
| 187 | + | |
| 188 | + /** | |
| 189 | + * update the datastore, without overwriting the password. | |
| 190 | + * | |
| 191 | + * only works for a subset of the db values. | |
| 192 | + */ | |
| 193 | + function doLimitedUpdate() { | |
| 194 | + $sQuery = 'UPDATE ' . $this->_table() . ' SET '; | |
| 195 | + $aParams = array(); | |
| 196 | + | |
| 197 | + $blacklist = array( | |
| 198 | + "sPassword" => 1, | |
| 199 | + ); | |
| 200 | + | |
| 201 | + $aParts = array(); // quick workaround to make the join less hurtful. | |
| 202 | + | |
| 203 | + foreach ($this->_aFieldToSelect as $attr => $column) { | |
| 204 | + if (!array_key_exists($attr, $blacklist)) { | |
| 205 | + $val = $this->$attr; | |
| 206 | + $aParts[] = $column . ' = ?'; | |
| 207 | + $aParams[] = $val; | |
| 208 | + } | |
| 209 | + } | |
| 210 | + $sQuery .= join(', ', $aParts); | |
| 211 | + | |
| 212 | + $sQuery .= ' WHERE id = ? '; | |
| 213 | + $aParams[] = $this->getId(); | |
| 214 | + | |
| 215 | + $res = DBUtil::runQuery(array($sQuery, $aParams)); | |
| 216 | + return $res; | |
| 217 | + } | |
| 218 | + | |
| 219 | + | |
| 185 | 220 | /** |
| 186 | 221 | * Static function |
| 187 | 222 | * Get a list of users | ... | ... |
presentation/lookAndFeel/knowledgeTree/administration/usermanagement/userManagement.php
| ... | ... | @@ -2,6 +2,8 @@ |
| 2 | 2 | |
| 3 | 3 | //require_once('../../../../../config/dmsDefaults.php'); |
| 4 | 4 | |
| 5 | +require_once(KT_LIB_DIR . '/database/dbutil.inc'); | |
| 6 | + | |
| 5 | 7 | require_once(KT_LIB_DIR . '/users/User.inc'); |
| 6 | 8 | require_once(KT_LIB_DIR . '/groups/GroupUtil.php'); |
| 7 | 9 | require_once(KT_LIB_DIR . '/groups/Group.inc'); |
| ... | ... | @@ -131,6 +133,73 @@ class KTUserAdminDispatcher extends KTAdminDispatcher { |
| 131 | 133 | return $oTemplate->render($aTemplateData); |
| 132 | 134 | } |
| 133 | 135 | |
| 136 | + | |
| 137 | + function do_setPassword() { | |
| 138 | + $this->aBreadcrumbs[] = array('action' => 'userManagement', 'name' => 'User Management'); | |
| 139 | + $this->oPage->setBreadcrumbDetails('change user password'); | |
| 140 | + $this->oPage->setTitle("Change User Password"); | |
| 141 | + | |
| 142 | + $user_id = KTUtil::arrayGet($_REQUEST, 'user_id'); | |
| 143 | + $oUser =& User::get($user_id); | |
| 144 | + | |
| 145 | + if (PEAR::isError($oUser) || $oUser == false) { | |
| 146 | + $this->errorRedirectToMain('Please select a user first.'); | |
| 147 | + exit(0); | |
| 148 | + } | |
| 149 | + | |
| 150 | + $this->aBreadcrumbs[] = array('name' => $oUser->getName()); | |
| 151 | + | |
| 152 | + $edit_fields = array(); | |
| 153 | + $edit_fields[] = new KTPasswordWidget('Password','Specify an initial password for the user.', 'password', null, $this->oPage, true); | |
| 154 | + $edit_fields[] = new KTPasswordWidget('Confirm Password','Confirm the password specified above.', 'confirm_password', null, $this->oPage, true); | |
| 155 | + | |
| 156 | + $oTemplating = new KTTemplating; | |
| 157 | + $oTemplate = $oTemplating->loadTemplate("ktcore/principals/updatepassword"); | |
| 158 | + $aTemplateData = array( | |
| 159 | + "context" => $this, | |
| 160 | + "edit_fields" => $edit_fields, | |
| 161 | + "edit_user" => $oUser, | |
| 162 | + ); | |
| 163 | + return $oTemplate->render($aTemplateData); | |
| 164 | + } | |
| 165 | + | |
| 166 | + function do_updatePassword() { | |
| 167 | + $user_id = KTUtil::arrayGet($_REQUEST, 'user_id'); | |
| 168 | + | |
| 169 | + $password = KTUtil::arrayGet($_REQUEST, 'password'); | |
| 170 | + $confirm_password = KTUtil::arrayGet($_REQUEST, 'confirm_password'); | |
| 171 | + | |
| 172 | + if (empty($password)) { | |
| 173 | + $this->errorRedirectToMain("You must specify a password for the user."); | |
| 174 | + } else if ($password !== $confirm_password) { | |
| 175 | + $this->errorRedirectToMain("The passwords you specified do not match."); | |
| 176 | + } | |
| 177 | + // FIXME more validation would be useful. | |
| 178 | + // validated and ready.. | |
| 179 | + $this->startTransaction(); | |
| 180 | + | |
| 181 | + $oUser =& User::get($user_id); | |
| 182 | + if (PEAR::isError($oUser) || $oUser == false) { | |
| 183 | + $this->errorRedirectToMain("Please select a user to modify first."); | |
| 184 | + } | |
| 185 | + | |
| 186 | + | |
| 187 | + // FIXME this almost certainly has side-effects. do we _really_ want | |
| 188 | + $oUser->setPassword(md5($password)); // | |
| 189 | + | |
| 190 | + $res = $oUser->update(); | |
| 191 | + //$res = $oUser->doLimitedUpdate(); // ignores a fix blacklist of items. | |
| 192 | + | |
| 193 | + | |
| 194 | + if (PEAR::isError($res) || ($res == false)) { | |
| 195 | + $this->errorRedirectoToMain('Failed to update user.'); | |
| 196 | + } | |
| 197 | + | |
| 198 | + $this->commitTransaction(); | |
| 199 | + $this->successRedirectToMain('User information updated.'); | |
| 200 | + | |
| 201 | + } | |
| 202 | + | |
| 134 | 203 | function do_editUserSource() { |
| 135 | 204 | $user_id = KTUtil::arrayGet($_REQUEST, 'user_id'); |
| 136 | 205 | $oUser =& $this->oValidator->validateUser($user_id); |
| ... | ... | @@ -230,7 +299,14 @@ class KTUserAdminDispatcher extends KTAdminDispatcher { |
| 230 | 299 | $oUser->setMobile($mobile_number); |
| 231 | 300 | $oUser->setMaxSessions($max_sessions); |
| 232 | 301 | |
| 233 | - $res = $oUser->update(); // FIXME res? | |
| 302 | + // old system used the very evil store.php. | |
| 303 | + // here we need to _force_ a limited update of the object, via a db statement. | |
| 304 | + // | |
| 305 | + // $res = $oUser->update(); | |
| 306 | + $res = $oUser->doLimitedUpdate(); // ignores a fix blacklist of items. | |
| 307 | + | |
| 308 | + | |
| 309 | + | |
| 234 | 310 | if (PEAR::isError($res) || ($res == false)) { |
| 235 | 311 | $this->errorRedirectoToMain('Failed to update user.'); |
| 236 | 312 | } |
| ... | ... | @@ -354,4 +430,4 @@ class KTUserAdminDispatcher extends KTAdminDispatcher { |
| 354 | 430 | //$oDispatcher = new KTUserAdminDispatcher (); |
| 355 | 431 | //$oDispatcher->dispatch(); |
| 356 | 432 | |
| 357 | 433 | -?> |
| 434 | +?> | |
| 358 | 435 | \ No newline at end of file | ... | ... |
templates/ktcore/principals/updatepassword.smarty
0 → 100644
| 1 | +<h2>Change User's Password</h2> | |
| 2 | + | |
| 3 | +<form action="{$smarty.server.PHP_SELF}" method="POST"> | |
| 4 | + <input type="hidden" name="action" value="updatePassword" /> | |
| 5 | + <input type="hidden" name="user_id" value="{$edit_user->getId()}" /> | |
| 6 | + <fieldset> | |
| 7 | + <legend>Change User's Password</legend> | |
| 8 | + <p class="descriptiveText">Change the user's password.</p> | |
| 9 | + {foreach item=oWidget from=$edit_fields} | |
| 10 | + {$oWidget->render()} | |
| 11 | + {/foreach} | |
| 12 | + | |
| 13 | + <div class="form_actions"> | |
| 14 | + <input type="submit" value="change password" /> | |
| 15 | + <a href="?action=main" class="ktCancelLink">Cancel</a> | |
| 16 | + </div> | |
| 17 | + </fieldset> | |
| 18 | +</form> | ... | ... |