kopia lustrzana https://github.com/jprochazka/adsb-receiver
Removed first login criteria.
Added name and email to administrator data.pull/113/head
rodzic
249b5e5c09
commit
fa3df022aa
|
@ -47,19 +47,49 @@
|
|||
}
|
||||
|
||||
if ($common->postBack()) {
|
||||
// Check that the user supplied a password matching the one currently stored in administrators.xml.
|
||||
$authenticated = $account->authenticate($_SESSION['login'], $_POST['password'], FALSE, FALSE);
|
||||
|
||||
if (!$authenticated)
|
||||
$passwordIncorrect = TRUE;
|
||||
if ($_POST['password1'] != $_POST['password2'])
|
||||
$didNotMatch = TRUE;
|
||||
// Check that a name was supplied.
|
||||
if (empty($_POST['name']))
|
||||
$noName = TRUE;
|
||||
|
||||
if ($authenticated && $_POST['password1'] == $_POST['password2']) {
|
||||
// Change the password stored in administrators.xml related to this users login.
|
||||
$account->changePassword($_SESSION['login'], $_POST['password1']);
|
||||
// Since the password has changed we will log the user out to clear older session variables.
|
||||
$account->logout();
|
||||
// Check that a vailid email address was supplied.
|
||||
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
|
||||
$invalidEmail = TRUE;
|
||||
|
||||
// Check that all password reset data was supplied.
|
||||
if (!empty($_POST['password']) || !empty($_POST['password1']) || !empty($_POST['password2'])) {
|
||||
|
||||
// Process a password change request if the existing and new password were supplied.
|
||||
if (!empty($_POST['password1']) && !empty($_POST['password1']) && !empty($_POST['password2'])) {
|
||||
|
||||
// Check that the user supplied a password matching the one currently stored in administrators.xml.
|
||||
$authenticated = $account->authenticate($_SESSION['login'], $_POST['password'], FALSE, FALSE);
|
||||
if (!$authenticated)
|
||||
$passwordIncorrect = TRUE;
|
||||
if ($_POST['password1'] != $_POST['password2'])
|
||||
$notMatching = TRUE;
|
||||
|
||||
if ($authenticated && $_POST['password1'] == $_POST['password2']) {
|
||||
// Change the password stored in administrators.xml related to this users login.
|
||||
$account->changePassword($_SESSION['login'], $_POST['password1']);
|
||||
|
||||
// Since the password has changed we will log the user out to clear older session variables.
|
||||
$account->logout();
|
||||
}
|
||||
}
|
||||
} else {
|
||||
// Only partial data was supplied to change the current password.
|
||||
if (!empty($_POST['password']))
|
||||
$noCurrent = TRUE;
|
||||
if (!empty($_POST['password1']) || !empty($_POST['password2']))
|
||||
$passwordMissing = TRUE;
|
||||
}
|
||||
|
||||
// If validation passed make the requested changes to the administrator account data.
|
||||
if (!$noName && !$invalidEmail && !$passwordIncorrect && !$noCurrent && !$notMatching && !$passwordMissing) {
|
||||
$account->changeName($_SESSION['login'], $_POST['name'])
|
||||
$account->changeEmail($_SESSION['login'], $_POST['email'])
|
||||
if (!empty($_POST['password1']) && !empty($_POST['password1']) && !empty($_POST['password2']))
|
||||
$account->changePassword($_SESSION['login'], $_POST['password1']);
|
||||
}
|
||||
}
|
||||
|
||||
|
@ -68,38 +98,9 @@
|
|||
/////////////////////
|
||||
// BEGIN HTML BODY //
|
||||
|
||||
if ($_SESSION['firstLogin'] && !$common->postBack()) {
|
||||
?>
|
||||
<div id="first-login-modal" class="modal fade in" role="dialog">
|
||||
<div class="modal-dialog">
|
||||
<div class="modal-content">
|
||||
<div class="modal-body">
|
||||
<strong>First time login detected.</strong><br />
|
||||
You must change the default password before continuing.
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
<script>
|
||||
$('#first-login-modal').modal('show');
|
||||
</script>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
<h1>Account Management</h1>
|
||||
<hr />
|
||||
<h2>Change Password</h2>
|
||||
<form id="change-password" method="post" action="account.php">
|
||||
<div class="form-group">
|
||||
<input type="password" class="form-control" name="password" id="password" placeholder="Current Password" required>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<input type="password" class="form-control" name="password1" id="password1" placeholder="New Password" required>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<input type="password" class="form-control" name="password2" id="password2" placeholder="Confirm Password" required>
|
||||
</div>
|
||||
<input type="submit" class="btn btn-default" value="Change Password">
|
||||
<?php
|
||||
if ($passwordIncorrect || $didNotMatch) {
|
||||
?>
|
||||
|
@ -107,13 +108,48 @@
|
|||
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
|
||||
<span aria-hidden="true">×</span>
|
||||
</button>
|
||||
<?php ($passwordIncorrect ? print "You did not supply the correct current password for this account." : ''); ?>
|
||||
<?php ($_SESSION['firstLogin'] || $passwordIncorrect && $didNotMatch ? print "<br />" : ''); ?>
|
||||
<?php ($didNotMatch ? print "You must change your current password before continuing." : ''); ?>
|
||||
<?php ($noName ? print "You must supply a name to associate with this account.<br />" : ''); ?>
|
||||
<?php ($invalidEmail ? print "You must supply a valid email address to associate with this account.<br />" : ''); ?>
|
||||
<?php ($passwordIncorrect || $noCurrent ? print "You did not supply the correct current password for this account.<br />" : ''); ?>
|
||||
<?php ($notMatching || $passwordMissing ? print "The password and password confirmation did not match or are missing.<br />" : ''); ?>
|
||||
</div>
|
||||
<?php
|
||||
}
|
||||
?>
|
||||
<h2>Change Password</h2>
|
||||
<form id="change-password" method="post" action="account.php">
|
||||
|
||||
<div class="panel panel-default">
|
||||
<div class="panel-heading">Account Settings</div>
|
||||
<div class="panel-body">
|
||||
<div class="form-group">
|
||||
<input type="text" class="form-control" name="login" id="login" placeholder="Login" disabled>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<input type="text" class="form-control" name="name" id="name" placeholder="Name" required>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<input type="email" class="form-control" name="email" id="email" placeholder="Email Address" required>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<div class="panel panel-default">
|
||||
<div class="panel-heading">Change Password</div>
|
||||
<div class="panel-body">
|
||||
<div class="form-group">
|
||||
<input type="password" class="form-control" name="password" id="password" placeholder="Current Password" required>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<input type="password" class="form-control" name="password1" id="password1" placeholder="New Password" required>
|
||||
</div>
|
||||
<div class="form-group">
|
||||
<input type="password" class="form-control" name="password2" id="password2" placeholder="Confirm Password" required>
|
||||
</div>
|
||||
</div>
|
||||
</div>
|
||||
|
||||
<input type="submit" class="btn btn-default" value="Submit">
|
||||
</form>
|
||||
<?php
|
||||
|
||||
|
|
|
@ -30,34 +30,28 @@
|
|||
|
||||
class account {
|
||||
|
||||
/////////////////////////////////////////////////////////
|
||||
// Check if the administrator is authenticated or not.
|
||||
// Authentication
|
||||
////////////////////
|
||||
|
||||
// Check if the administrator is authenticated or not.
|
||||
function isAuthenticated() {
|
||||
// Check if the remeber me cookie is set and if so set sessions variables using the stored values.
|
||||
if (isset($_COOKIE['login']) && isset($_COOKIE['authenticated']) && isset($_COOKIE['firstLogin']) && $_COOKIE['authenticated']) {
|
||||
if (isset($_COOKIE['login']) && isset($_COOKIE['authenticated']) && $_COOKIE['authenticated']) {
|
||||
$_SESSION['authenticated'] = TRUE;
|
||||
$_SESSION['login'] = $_COOKIE['login'];
|
||||
$_SESSION['firstLogin'] = $_COOKIE['firstLogin'];
|
||||
} else {
|
||||
// Unset any cookies pertaining to user authentication since something is wrong or missing.
|
||||
unset($_COOKIE["authenticated"]);
|
||||
unset($_COOKIE["login"]);
|
||||
unset($_COOKIE["firstLogin"]);
|
||||
}
|
||||
// Make sure that the session variable Authenticated is set to TRUE and that the session Login variable is set.
|
||||
if (isset($_SESSION['login']) && isset($_SESSION['authenticated']) && isset($_SESSION['firstLogin']) && $_SESSION['authenticated']) {
|
||||
if ($_SESSION['firstLogin'] && basename($_SERVER['PHP_SELF']) != "account.php") {
|
||||
header ("Location: account.php");
|
||||
}
|
||||
if (isset($_SESSION['login']) && isset($_SESSION['authenticated']) && $_SESSION['authenticated']) {
|
||||
return TRUE;
|
||||
}
|
||||
return FALSE;
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
// Authenticate an administrator by comparing their supplied login and password with the ones stored in administrators.xml.
|
||||
|
||||
function authenticate($login, $password, $remember = FALSE, $forward = TRUE, $origin = NULL) {
|
||||
$common = new common();
|
||||
// Get all the administrators from the administrators.xml file.
|
||||
|
@ -69,12 +63,10 @@
|
|||
// Set the session variable Authenticated to TRUE and assign the variable Login the supplied login.
|
||||
$_SESSION['authenticated'] = TRUE;
|
||||
$_SESSION['login'] = $login;
|
||||
$_SESSION['firstLogin'] = $common->stringToBoolean($administrator->firstLogin);
|
||||
// If the user wishes to be remembered set a cookie containg the authenticated and login variables.
|
||||
if ($remember) {
|
||||
setcookie("authenticated", TRUE, time() + (10 * 365 * 24 * 60 * 60));
|
||||
setcookie("login", $login, time() + (10 * 365 * 24 * 60 * 60));
|
||||
setcookie("firstLogin", $common->stringToBoolean($administrator->firstLogin), time() + (10 * 365 * 24 * 60 * 60));
|
||||
}
|
||||
// Forward the user if the $forward variable is set to TRUE.
|
||||
if ($forward) {
|
||||
|
@ -94,30 +86,44 @@
|
|||
return FALSE;
|
||||
}
|
||||
|
||||
//////////////////////////////////////////////////////////////////////////////////////////////////
|
||||
// Logs the user out by deleting current session varialbes related to administrative functions.
|
||||
|
||||
function logout() {
|
||||
// Unset any session variables pertaining to user authentication.
|
||||
unset($_SESSION['authenticated']);
|
||||
unset($_SESSION['login']);
|
||||
unset($_SESSION['firstLogin']);
|
||||
// Unset any cookies pertaining to user authentication.
|
||||
unset($_COOKIE["authenticated"]);
|
||||
unset($_COOKIE["login"]);
|
||||
unset($_COOKIE["firstLogin"]);
|
||||
// Redirect the user to the main homepage.
|
||||
header ("Location: login.php");
|
||||
}
|
||||
|
||||
////////////////////////////////////////////////////////////////////////////////////////////
|
||||
// Change a password stored for an existing administrator in the file administrators.xml.
|
||||
// Change administrator settings.
|
||||
////////////////////////////////////
|
||||
|
||||
// Change the name associated to an existing administrator in the file administrators.xml.
|
||||
function changeName($login, $name) {
|
||||
$administrators = simplexml_load_file($_SERVER['DOCUMENT_ROOT']."/data/administrators.xml") or die("Error: Cannot create administrators object");
|
||||
foreach ($administrators->xpath("administrator[login='".$login."']") as $administrator) {
|
||||
$administrator->name = $name;
|
||||
}
|
||||
file_put_contents($_SERVER['DOCUMENT_ROOT']."/data/administrators.xml", $administrators->asXML());
|
||||
}
|
||||
|
||||
// Change the name associated to an existing administrator in the file administrators.xml.
|
||||
function changeEmail($login, $email) {
|
||||
$administrators = simplexml_load_file($_SERVER['DOCUMENT_ROOT']."/data/administrators.xml") or die("Error: Cannot create administrators object");
|
||||
foreach ($administrators->xpath("administrator[login='".$login."']") as $administrator) {
|
||||
$administrator->email = $email;
|
||||
}
|
||||
file_put_contents($_SERVER['DOCUMENT_ROOT']."/data/administrators.xml", $administrators->asXML());
|
||||
}
|
||||
|
||||
// Change a password stored for an existing administrator in the file administrators.xml.
|
||||
function changePassword($login, $password) {
|
||||
$administrators = simplexml_load_file($_SERVER['DOCUMENT_ROOT']."/data/administrators.xml") or die("Error: Cannot create administrators object");
|
||||
foreach ($administrators->xpath("administrator[login='".$login."']") as $administrator) {
|
||||
$administrator->password = password_hash($password, PASSWORD_DEFAULT);
|
||||
$administrator->firstLogin = "FALSE";
|
||||
}
|
||||
file_put_contents($_SERVER['DOCUMENT_ROOT']."/data/administrators.xml", $administrators->asXML());
|
||||
}
|
||||
|
|
|
@ -1,8 +1,9 @@
|
|||
<?xml version="1.0" encoding="utf-8"?>
|
||||
<administrators>
|
||||
<administrator>
|
||||
<name>Administrator</name>
|
||||
<email>noreply@adsbreceiver.net</email>
|
||||
<login>admin</login>
|
||||
<password>$2y$10$ZII5KKsaL0vz.18kO7O1p.LO4fHnxqs40sbQqtJuIkOEHTDXx6ovC</password>
|
||||
<firstLogin>FALSE</firstLogin>
|
||||
<password>$2y$10$ZII5KKsaL0vz.18kO7O1p.LO4fHnxqs40sbQqtJuIkOEHTDXx6ovC</password
|
||||
</administrator>
|
||||
</administrators>
|
||||
|
|
Ładowanie…
Reference in New Issue