mirror
/
adsb-receiver
kopia lustrzana https://github.com/jprochazka/adsb-receiver
1
0
Forkuj 0
Kod Zgłoszenia Projekty Wydania Wiki Aktywność

Removed first login criteria. 

Added name and email to administrator data.
pull/113/head
Joe Prochazka 2016-02-29 14:01:51 -05:00
rodzic 249b5e5c09
commit fa3df022aa
3 zmienionych plików z 109 dodań i 66 usunięć
Pokaż statystyki Ściągnij plik aktualizacji Ściągnij plik porównania Expand all files Collapse all files

124
build/portal/html/admin/account.php
Wyświetl plik

@ -47,19 +47,49 @@
}
if ($common->postBack()) {
// Check that the user supplied a password matching the one currently stored in administrators.xml.
$authenticated = $account->authenticate($_SESSION['login'], $_POST['password'], FALSE, FALSE);
if (!$authenticated)
$passwordIncorrect = TRUE;
if ($_POST['password1'] != $_POST['password2'])
$didNotMatch = TRUE;
// Check that a name was supplied.
if (empty($_POST['name']))
$noName = TRUE;
if ($authenticated && $_POST['password1'] == $_POST['password2']) {
// Change the password stored in administrators.xml related to this users login.
$account->changePassword($_SESSION['login'], $_POST['password1']);
// Since the password has changed we will log the user out to clear older session variables.
$account->logout();
// Check that a vailid email address was supplied.
if (!filter_var($_POST['email'], FILTER_VALIDATE_EMAIL))
$invalidEmail = TRUE;
// Check that all password reset data was supplied.
if (!empty($_POST['password']) || !empty($_POST['password1']) || !empty($_POST['password2'])) {
// Process a password change request if the existing and new password were supplied.
if (!empty($_POST['password1']) && !empty($_POST['password1']) && !empty($_POST['password2'])) {
// Check that the user supplied a password matching the one currently stored in administrators.xml.
$authenticated = $account->authenticate($_SESSION['login'], $_POST['password'], FALSE, FALSE);
if (!$authenticated)
$passwordIncorrect = TRUE;
if ($_POST['password1'] != $_POST['password2'])
$notMatching = TRUE;
if ($authenticated && $_POST['password1'] == $_POST['password2']) {
// Change the password stored in administrators.xml related to this users login.
$account->changePassword($_SESSION['login'], $_POST['password1']);
// Since the password has changed we will log the user out to clear older session variables.
$account->logout();
}
}
} else {
// Only partial data was supplied to change the current password.
if (!empty($_POST['password']))
$noCurrent = TRUE;
if (!empty($_POST['password1']) || !empty($_POST['password2']))
$passwordMissing = TRUE;
}
// If validation passed make the requested changes to the administrator account data.
if (!$noName && !$invalidEmail && !$passwordIncorrect && !$noCurrent && !$notMatching && !$passwordMissing) {
$account->changeName($_SESSION['login'], $_POST['name'])
$account->changeEmail($_SESSION['login'], $_POST['email'])
if (!empty($_POST['password1']) && !empty($_POST['password1']) && !empty($_POST['password2']))
$account->changePassword($_SESSION['login'], $_POST['password1']);
}
}
@ -68,38 +98,9 @@
/////////////////////
// BEGIN HTML BODY //
if ($_SESSION['firstLogin'] && !$common->postBack()) {
?>
<div id="first-login-modal" class="modal fade in" role="dialog">
<div class="modal-dialog">
<div class="modal-content">
<div class="modal-body">
<strong>First time login detected.</strong><br />
You must change the default password before continuing.
</div>
</div>
</div>
</div>
<script>
$('#first-login-modal').modal('show');
</script>
<?php
}
?>
<h1>Account Management</h1>
<hr />
<h2>Change Password</h2>
<form id="change-password" method="post" action="account.php">
<div class="form-group">
<input type="password" class="form-control" name="password" id="password" placeholder="Current Password" required>
</div>
<div class="form-group">
<input type="password" class="form-control" name="password1" id="password1" placeholder="New Password" required>
</div>
<div class="form-group">
<input type="password" class="form-control" name="password2" id="password2" placeholder="Confirm Password" required>
</div>
<input type="submit" class="btn btn-default" value="Change Password">
<?php
if ($passwordIncorrect || $didNotMatch) {
?>
@ -107,13 +108,48 @@
<button type="button" class="close" data-dismiss="alert" aria-label="Close">
<span aria-hidden="true">&times;</span>
</button>
<?php ($passwordIncorrect ? print "You did not supply the correct current password for this account." : ''); ?>
<?php ($_SESSION['firstLogin'] || $passwordIncorrect && $didNotMatch ? print "<br />" : ''); ?>
<?php ($didNotMatch ? print "You must change your current password before continuing." : ''); ?>
<?php ($noName ? print "You must supply a name to associate with this account.<br />" : ''); ?>
<?php ($invalidEmail ? print "You must supply a valid email address to associate with this account.<br />" : ''); ?>
<?php ($passwordIncorrect || $noCurrent ? print "You did not supply the correct current password for this account.<br />" : ''); ?>
<?php ($notMatching || $passwordMissing ? print "The password and password confirmation did not match or are missing.<br />" : ''); ?>
</div>
<?php
}
?>
<h2>Change Password</h2>
<form id="change-password" method="post" action="account.php">
<div class="panel panel-default">
<div class="panel-heading">Account Settings</div>
<div class="panel-body">
<div class="form-group">
<input type="text" class="form-control" name="login" id="login" placeholder="Login" disabled>
</div>
<div class="form-group">
<input type="text" class="form-control" name="name" id="name" placeholder="Name" required>
</div>
<div class="form-group">
<input type="email" class="form-control" name="email" id="email" placeholder="Email Address" required>
</div>
</div>
</div>
<div class="panel panel-default">
<div class="panel-heading">Change Password</div>
<div class="panel-body">
<div class="form-group">
<input type="password" class="form-control" name="password" id="password" placeholder="Current Password" required>
</div>
<div class="form-group">
<input type="password" class="form-control" name="password1" id="password1" placeholder="New Password" required>
</div>
<div class="form-group">
<input type="password" class="form-control" name="password2" id="password2" placeholder="Confirm Password" required>
</div>
</div>
</div>
<input type="submit" class="btn btn-default" value="Submit">
</form>
<?php

46
build/portal/html/classes/account.class.php
Wyświetl plik

@ -30,34 +30,28 @@
class account {
/////////////////////////////////////////////////////////
// Check if the administrator is authenticated or not.
// Authentication
////////////////////
// Check if the administrator is authenticated or not.
function isAuthenticated() {
// Check if the remeber me cookie is set and if so set sessions variables using the stored values.
if (isset($_COOKIE['login']) && isset($_COOKIE['authenticated']) && isset($_COOKIE['firstLogin']) && $_COOKIE['authenticated']) {
if (isset($_COOKIE['login']) && isset($_COOKIE['authenticated']) && $_COOKIE['authenticated']) {
$_SESSION['authenticated'] = TRUE;
$_SESSION['login'] = $_COOKIE['login'];
$_SESSION['firstLogin'] = $_COOKIE['firstLogin'];
} else {
// Unset any cookies pertaining to user authentication since something is wrong or missing.
unset($_COOKIE["authenticated"]);
unset($_COOKIE["login"]);
unset($_COOKIE["firstLogin"]);
}
// Make sure that the session variable Authenticated is set to TRUE and that the session Login variable is set.
if (isset($_SESSION['login']) && isset($_SESSION['authenticated']) && isset($_SESSION['firstLogin']) && $_SESSION['authenticated']) {
if ($_SESSION['firstLogin'] && basename($_SERVER['PHP_SELF']) != "account.php") {
header ("Location: account.php");
}
if (isset($_SESSION['login']) && isset($_SESSION['authenticated']) && $_SESSION['authenticated']) {
return TRUE;
}
return FALSE;
}
//////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////////
// Authenticate an administrator by comparing their supplied login and password with the ones stored in administrators.xml.
function authenticate($login, $password, $remember = FALSE, $forward = TRUE, $origin = NULL) {
$common = new common();
// Get all the administrators from the administrators.xml file.
@ -69,12 +63,10 @@
// Set the session variable Authenticated to TRUE and assign the variable Login the supplied login.
$_SESSION['authenticated'] = TRUE;
$_SESSION['login'] = $login;
$_SESSION['firstLogin'] = $common->stringToBoolean($administrator->firstLogin);
// If the user wishes to be remembered set a cookie containg the authenticated and login variables.
if ($remember) {
setcookie("authenticated", TRUE, time() + (10 * 365 * 24 * 60 * 60));
setcookie("login", $login, time() + (10 * 365 * 24 * 60 * 60));
setcookie("firstLogin", $common->stringToBoolean($administrator->firstLogin), time() + (10 * 365 * 24 * 60 * 60));
}
// Forward the user if the $forward variable is set to TRUE.
if ($forward) {
@ -94,30 +86,44 @@
return FALSE;
}
//////////////////////////////////////////////////////////////////////////////////////////////////
// Logs the user out by deleting current session varialbes related to administrative functions.
function logout() {
// Unset any session variables pertaining to user authentication.
unset($_SESSION['authenticated']);
unset($_SESSION['login']);
unset($_SESSION['firstLogin']);
// Unset any cookies pertaining to user authentication.
unset($_COOKIE["authenticated"]);
unset($_COOKIE["login"]);
unset($_COOKIE["firstLogin"]);
// Redirect the user to the main homepage.
header ("Location: login.php");
}
////////////////////////////////////////////////////////////////////////////////////////////
// Change a password stored for an existing administrator in the file administrators.xml.
// Change administrator settings.
////////////////////////////////////
// Change the name associated to an existing administrator in the file administrators.xml.
function changeName($login, $name) {
$administrators = simplexml_load_file($_SERVER['DOCUMENT_ROOT']."/data/administrators.xml") or die("Error: Cannot create administrators object");
foreach ($administrators->xpath("administrator[login='".$login."']") as $administrator) {
$administrator->name = $name;
}
file_put_contents($_SERVER['DOCUMENT_ROOT']."/data/administrators.xml", $administrators->asXML());
}
// Change the name associated to an existing administrator in the file administrators.xml.
function changeEmail($login, $email) {
$administrators = simplexml_load_file($_SERVER['DOCUMENT_ROOT']."/data/administrators.xml") or die("Error: Cannot create administrators object");
foreach ($administrators->xpath("administrator[login='".$login."']") as $administrator) {
$administrator->email = $email;
}
file_put_contents($_SERVER['DOCUMENT_ROOT']."/data/administrators.xml", $administrators->asXML());
}
// Change a password stored for an existing administrator in the file administrators.xml.
function changePassword($login, $password) {
$administrators = simplexml_load_file($_SERVER['DOCUMENT_ROOT']."/data/administrators.xml") or die("Error: Cannot create administrators object");
foreach ($administrators->xpath("administrator[login='".$login."']") as $administrator) {
$administrator->password = password_hash($password, PASSWORD_DEFAULT);
$administrator->firstLogin = "FALSE";
}
file_put_contents($_SERVER['DOCUMENT_ROOT']."/data/administrators.xml", $administrators->asXML());
}

5
build/portal/html/data/administrators.xml
Wyświetl plik

@ -1,8 +1,9 @@
<?xml version="1.0" encoding="utf-8"?>
<administrators>
<administrator>
<name>Administrator</name>
<email>noreply@adsbreceiver.net</email>
<login>admin</login>
<password>$2y$10$ZII5KKsaL0vz.18kO7O1p.LO4fHnxqs40sbQqtJuIkOEHTDXx6ovC</password>
<firstLogin>FALSE</firstLogin>
<password>$2y$10$ZII5KKsaL0vz.18kO7O1p.LO4fHnxqs40sbQqtJuIkOEHTDXx6ovC</password
</administrator>
</administrators>