- corrected bug in user-editing which caused password to re-md5.

- added "doLimitedUpdate" utility method to User.inc, to blacklist update of s ome fields. (nbm, please review.) - added password-editing into userEdit. git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@4226 c91229c3-7414-0410-bfa2-8a42b809f60b

- corrected bug in user-editing which caused password to re-md5.
- added "doLimitedUpdate" utility method to User.inc, to blacklist update of s ome fields. (nbm, please review.) - added password-editing into userEdit. git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@4226 c91229c3-7414-0410-bfa2-8a42b809f60b
bshuttle
1 parent a84c060a
Showing 3 changed files with 132 additions and 3 deletions
lib/users/User.inc
presentation/lookAndFeel/knowledgeTree/administration/usermanagement/userManagement.php
templates/ktcore/principals/updatepassword.smarty
@@ -24,6 +24,9 @@
  * @author Rob Cherry, Jam Warehouse (Pty) Ltd, South Africa
  * @package lib.unitmanagement
  */
+ 
+require_once(KT_LIB_DIR . '/database/dbutil.inc'); 
+ 
 class User extends KTEntity {
     /** user's login name */
     var $sUserName;
@@ -181,7 +184,39 @@ class User extends KTEntity {
     function &get($iId) {
         return KTEntityUtil::get('User', $iId);
     }
-
+	
+	/**
+	* update the datastore, without overwriting the password.
+	*
+	* only works for a subset of the db values.
+	*/
+	function doLimitedUpdate() {
+		$sQuery = 'UPDATE ' . $this->_table() . ' SET ';
+		$aParams = array();
+		
+		$blacklist = array(
+			"sPassword" => 1,
+		);
+		
+		$aParts = array(); // quick workaround to make the join less hurtful.
+		
+		foreach ($this->_aFieldToSelect as $attr => $column) {
+			if (!array_key_exists($attr, $blacklist)) {
+				$val = $this->$attr;
+				$aParts[] = $column . ' = ?';
+				$aParams[] = $val;  
+			} 
+		}
+		$sQuery .= join(', ', $aParts);
+		
+		$sQuery .= ' WHERE id = ? ';
+		$aParams[] = $this->getId();
+		
+		$res = DBUtil::runQuery(array($sQuery, $aParams));
+		return $res;
+	}
+	
+	
     /**
     * Static function
     * Get a list of users
@@ -2,6 +2,8 @@
 //require_once('../../../../../config/dmsDefaults.php');
+require_once(KT_LIB_DIR . '/database/dbutil.inc');
+
 require_once(KT_LIB_DIR . '/users/User.inc');
 require_once(KT_LIB_DIR . '/groups/GroupUtil.php');
 require_once(KT_LIB_DIR . '/groups/Group.inc');
@@ -131,6 +133,73 @@ class KTUserAdminDispatcher extends KTAdminDispatcher {
         return $oTemplate->render($aTemplateData);
     }
+
+    function do_setPassword() {
+        $this->aBreadcrumbs[] = array('action' => 'userManagement', 'name' => 'User Management');
+        $this->oPage->setBreadcrumbDetails('change user password');
+        $this->oPage->setTitle("Change User Password");
+        
+        $user_id = KTUtil::arrayGet($_REQUEST, 'user_id');
+        $oUser =& User::get($user_id);
+        
+        if (PEAR::isError($oUser) || $oUser == false) {
+            $this->errorRedirectToMain('Please select a user first.');
+            exit(0);
+        }
+        
+        $this->aBreadcrumbs[] = array('name' => $oUser->getName());
+        
+        $edit_fields = array();
+        $edit_fields[] =  new KTPasswordWidget('Password','Specify an initial password for the user.', 'password', null, $this->oPage, true);        
+        $edit_fields[] =  new KTPasswordWidget('Confirm Password','Confirm the password specified above.', 'confirm_password', null, $this->oPage, true);        
+        
+        $oTemplating = new KTTemplating;        
+        $oTemplate = $oTemplating->loadTemplate("ktcore/principals/updatepassword");
+        $aTemplateData = array(
+            "context" => $this,
+            "edit_fields" => $edit_fields,
+            "edit_user" => $oUser,
+        );
+        return $oTemplate->render($aTemplateData);
+    }
+    
+    function do_updatePassword() {
+        $user_id = KTUtil::arrayGet($_REQUEST, 'user_id');
+        
+        $password = KTUtil::arrayGet($_REQUEST, 'password');
+        $confirm_password = KTUtil::arrayGet($_REQUEST, 'confirm_password');        
+        
+        if (empty($password)) { 
+            $this->errorRedirectToMain("You must specify a password for the user.");
+        } else if ($password !== $confirm_password) {
+            $this->errorRedirectToMain("The passwords you specified do not match.");
+        }
+        // FIXME more validation would be useful.
+        // validated and ready..
+        $this->startTransaction();
+        
+        $oUser =& User::get($user_id);
+        if (PEAR::isError($oUser) || $oUser == false) {
+            $this->errorRedirectToMain("Please select a user to modify first.");
+        }
+        
+        
+        // FIXME this almost certainly has side-effects.  do we _really_ want 
+        $oUser->setPassword(md5($password)); // 
+        
+        $res = $oUser->update(); 
+        //$res = $oUser->doLimitedUpdate(); // ignores a fix blacklist of items.
+        
+        
+        if (PEAR::isError($res) || ($res == false)) {
+            $this->errorRedirectoToMain('Failed to update user.');
+        }
+        
+        $this->commitTransaction();
+        $this->successRedirectToMain('User information updated.');
+        
+    }
+
     function do_editUserSource() {
         $user_id = KTUtil::arrayGet($_REQUEST, 'user_id');
         $oUser =& $this->oValidator->validateUser($user_id);
@@ -230,7 +299,14 @@ class KTUserAdminDispatcher extends KTAdminDispatcher {
         $oUser->setMobile($mobile_number);
         $oUser->setMaxSessions($max_sessions);
-        $res = $oUser->update(); // FIXME res?
+        // old system used the very evil store.php.
+        // here we need to _force_ a limited update of the object, via a db statement.
+        //
+        // $res = $oUser->update(); 
+        $res = $oUser->doLimitedUpdate(); // ignores a fix blacklist of items.
+        
+        
+        
         if (PEAR::isError($res) || ($res == false)) {
             $this->errorRedirectoToMain('Failed to update user.');
         }
@@ -354,4 +430,4 @@ class KTUserAdminDispatcher extends KTAdminDispatcher {
 //$oDispatcher = new KTUserAdminDispatcher ();
 //$oDispatcher->dispatch();
 -?>
+?>
 \ No newline at end of file
+<h2>Change User's Password</h2>
+
+<form action="{$smarty.server.PHP_SELF}" method="POST">
+   <input type="hidden" name="action" value="updatePassword" />
+   <input type="hidden" name="user_id" value="{$edit_user->getId()}" />
+   <fieldset>
+      <legend>Change User's Password</legend>
+      <p class="descriptiveText">Change the user's password.</p>
+      {foreach item=oWidget from=$edit_fields}
+        {$oWidget->render()}
+      {/foreach}
+      
+      <div class="form_actions">
+         <input type="submit" value="change password" />
+         <a href="?action=main" class="ktCancelLink">Cancel</a>
+      </div>
+   </fieldset>
+</form>