Skip to content

Commit

Permalink
Option to add password on the interface when you create a new admin (#…
Browse files Browse the repository at this point in the history 
…399)

* option to add password on the interface

Signed-off-by: Xheni Myrtaj <myrtajxheni@gmail.com>

* add confirm password input

Signed-off-by: Xheni Myrtaj <myrtajxheni@gmail.com>

* add js to compare passwords and password length

Signed-off-by: Xheni Myrtaj <myrtajxheni@gmail.com>

* Apply changes to make the strings translatable

Signed-off-by: Xheni Myrtaj <myrtajxheni@gmail.com>

* Add missing label

Signed-off-by: Xheni Myrtaj <myrtajxheni@gmail.com>

* Add both options, apply js changes

Signed-off-by: Xheni Myrtaj <myrtajxheni@gmail.com>
  • Loading branch information
@xh3n1
xh3n1 authored and Sam Tuke committed Oct 2, 2018
1 parent 616e8df commit 4236629
Show file tree
Hide file tree
Showing 2 changed files with 118 additions and 30 deletions.
104 changes: 74 additions & 30 deletions public_html/lists/admin/admin.php
View file
Expand Up @@ -3,7 +3,7 @@
require_once dirname(__FILE__).'/accesscheck.php';

$start = sprintf('%d', !empty($_GET['start']) ? $_GET['start'] : 0);
echo PageLinkActionButton('admins', $GLOBALS['I18N']->get('List of Administrators'), "start=$start");
echo PageLinkActionButton('admins', s('List of Administrators'), "start=$start");

require dirname(__FILE__).'/structure.php';

Expand All @@ -28,14 +28,14 @@
$noaccess = 1;
}
if ($noaccess) {
echo Error($GLOBALS['I18N']->get('No Access'));
echo Error(s('No Access'));

return;
}

if (!empty($_POST['change'])) {
if (!verifyToken()) { //# csrf check, should be added in more places
echo Error($GLOBALS['I18N']->get('No Access'));
echo Error(s('No Access'));

return;
}
Expand All @@ -50,9 +50,15 @@
$totalres = Sql_fetch_Row($result);
$total = $totalres[0];
if (!$total) {

if (isset($_REQUEST['adminpassword'])) {
$adminpass = $_REQUEST['adminpassword'];
} else {
$adminpass = random_bytes(32);
}
Sql_Query(sprintf('insert into %s (loginname,namelc,password,email,created) values("%s","%s","%s","%s",now())',
$tables['admin'], strtolower(normalize($_POST['loginname'])),
strtolower(normalize($_POST['loginname'])), encryptPass(random_bytes(32)),
strtolower(normalize($_POST['loginname'])), encryptPass($adminpass),
sql_escape($_POST['email'])));
$id = Sql_Insert_Id($tables['admin'], 'id');
} else {
Expand Down Expand Up @@ -95,9 +101,7 @@
if (!empty($_POST['updatepassword'])) {
//Send token email.
echo sendAdminPasswordToken($id).'<br/>';
//# check for password changes
} elseif (isset($_POST['password'])) {
// Sql_Query("update {$tables["admin"]} set password = \"".sql_escape($_POST['password'])."\" where id = $id");

}
if (isset($_POST['attribute']) && is_array($_POST['attribute'])) {
foreach ($_POST['attribute'] as $key => $val) {
Expand All @@ -115,31 +119,32 @@
$GLOBALS['tables']['admin'], adminName($_SESSION['logindetails']['id']), sql_escape(serialize($privs)),
$id));

echo $GLOBALS['I18N']->get('Changes saved');
echo s('Changes saved');
echo '</div>';
} else {
Error($GLOBALS['I18N']->get('Error adding new admin, login name and/or email not inserted, email not valid or admin already exists'));
Error(s('Error adding new admin, login name and/or email not inserted, email not valid or admin already exists'));
}
}

if (!empty($_GET['delete'])) {
$delete = sprintf('%d', $_GET['delete']);
// delete the index in delete
echo $GLOBALS['I18N']->get('Deleting')." $delete ..\n";
echo s('Deleting')." $delete ..\n";
if ($delete != $_SESSION['logindetails']['id']) {
Sql_query(sprintf('delete from %s where id = %d', $GLOBALS['tables']['admin'], $delete));
Sql_query(sprintf('delete from %s where adminid = %d', $GLOBALS['tables']['admin_attribute'], $delete));
echo '..'.$GLOBALS['I18N']->get('Done');
echo '..'.s('Done');
} else {
echo '..'.$GLOBALS['I18N']->get('Failed, you cannot delete yourself');
echo '..'.s('Failed, you cannot delete yourself');
}
echo "<br /><hr/><br />\n";
}

echo '<div class="panel">';

if ($id) {
echo '<h3>'.$GLOBALS['I18N']->get('Edit Administrator').': ';
$addAdmin = false;
echo '<h3>'.s('Edit Administrator').': ';
$result = Sql_query("SELECT * FROM {$tables['admin']} where id = $id");
$data = sql_fetch_assoc($result);
echo $data['loginname'].'</h3>';
Expand All @@ -148,15 +153,16 @@
$data['loginname']);
}
} else {
$addAdmin = true;
$data = array();
echo '<h3>'.$GLOBALS['I18N']->get('Add a new Administrator').'</h3>';
echo '<h3>'.s('Add a new Administrator').'</h3>';
}

echo '<div class="content">';
//var_dump($data);

echo formStart(' class="adminAdd"');
printf('<input type="hidden" name="id" value="%d" /><table class="adminDetails" border="1">', $id);
printf('<input type="hidden" name="id" value="%d" /><table class="adminDetails" border="1">', $id);

if (isset($data['privileges'])) {
$privileges = unserialize($data['privileges']);
Expand All @@ -179,45 +185,81 @@
//If key is 'password' and the passwords are encrypted, locate two radio buttons to allow an update.
if ($b == 'Password') {
$changeAdminPass = !empty($_SESSION['firstinstall']);
if ($addAdmin===true){

echo ' <tr>
<td>'.s('Choose how to set password').'</td>
<td>
<input type="radio" id="passwordoption1" name="passwordoption" value="1" checked="checked">'.s('Send email').'
<input type="radio" id= "passwordoption0" name="passwordoption" value="0" >'.s('Create password').'
</td>
</tr>
<tr id="passrow">
<td>
<label for="adminpassword">'.s('Create password').'</label>
</td>
<td>
<input type="password" name="adminpassword" id="adminpassword" value="" >
<span id= "shortpassword">'.s('Password must be at least 8 characters').'</span>
</td>
</tr>
<tr id="confirmrow">
<td>
<label for="confirmpassword">'.s('Confirm password').'</label>
</td>
<td>
<input type="password" name="confirmpassword" id="confirmpassword" value="">
<span id= "notmatching">'.s('Not matching').'</span>
</td>
</tr>';


}

if ($changeAdminPass) {
$checkNo = '';
$checkYes = 'checked="checked"';
} else {
$checkYes = '';
$checkNo = 'checked="checked"';
}

printf('<tr><td>%s (%s)</td><td>%s<input type="radio" name="updatepassword" value="0" %s>%s</input>
if ($addAdmin===false) {
printf('<tr><td>%s (%s)</td><td>%s<input type="radio" name="updatepassword" value="0" %s>%s</input>
<input type="radio" name="updatepassword" value="1" %s>%s</input></td></tr>
',
$GLOBALS['I18N']->get('Password'), $GLOBALS['I18N']->get('hidden'),
$GLOBALS['I18N']->get('Update it?') ,
$checkNo,
$GLOBALS['I18N']->get('No'), $checkYes, $GLOBALS['I18N']->get('Yes'));
s('Password'), s('hidden'),
s('Update it?'),
$checkYes, s('Yes'), $checkNo, s('No'));
}
} else {
if ($b != 'Password') {
printf('<tr><td>%s</td><td>%s</td></tr>', $GLOBALS['I18N']->get($b), $data[$key]);
if ($addAdmin !==true) {
printf('<tr><td>%s</td><td>%s</td></tr>', s($b), $data[$key]);
}
} else {
printf('<tr><td>%s</td><td><input type="text" name="%s" value="%s" size="30" /></td></tr>'."\n",
$GLOBALS['I18N']->get('Password'), $key, stripslashes($data[$key]));
s('Password'), $key, stripslashes($data[$key]));
}
}
}
} elseif ($key == 'loginname' && $data[$key] == 'admin') {
printf('<tr><td>'.$GLOBALS['I18N']->get('Login Name').'</td><td>admin</td>');
printf('<tr><td>'.s('Login Name').'</td><td>admin</td>');
echo '<td><input type="hidden" name="loginname" value="admin" /></td></tr>';
} elseif ($key == 'superuser' || $key == 'disabled') {
if ($accesslevel == 'all') {
//If key is 'superuser' or 'disable' locate a boolean combo box.
printf('<tr><td>%s</td><td>', $GLOBALS['I18N']->get($val[1]));
printf('<tr><td>%s</td><td>', s($val[1]));
printf('<select name="%s" size="1">', $key);
echo '<option value="1" '.(!empty($data[$key]) ? ' selected="selected"' : '').'>'.$GLOBALS['I18N']->get('Yes').'</option>';
echo '<option value="0" '.(empty($data[$key]) ? ' selected="selected"' : '').'>'.$GLOBALS['I18N']->get('No').'</option></select>';
echo '<option value="1" '.(!empty($data[$key]) ? ' selected="selected"' : '').'>'.s('Yes').'</option>';
echo '<option value="0" '.(empty($data[$key]) ? ' selected="selected"' : '').'>'.s('No').'</option></select>';
echo '</td></tr>'."\n";
}
} elseif (!empty($val[1]) && !strpos($key, '_')) {

printf('<tr><td>%s</td><td><input type="text" name="%s" value="%s" size="30" /></td></tr>'."\n",
$GLOBALS['I18N']->get($val[1]), $key, htmlspecialchars(stripslashes($data[$key])));
s($val[1]), $key, htmlspecialchars(stripslashes($data[$key])));
}
}
$res = Sql_Query("select
Expand Down Expand Up @@ -268,8 +310,10 @@
<label for="settings"><input type="checkbox" name="settings" ' .$checked['settings'].'/>'.s('Change Settings').'</label>
</div>';
echo '</td></tr>';

echo '<tr><td colspan="2"><input class="submit" type="submit" name="change" value="'.$GLOBALS['I18N']->get('Save Changes').'" /></td></tr></table>';
if (!empty($_POST['passwordoption'])) {
echo sendAdminPasswordToken($id).'<br/>';
}
echo '<tr><td colspan="2"><input class="submit" type="submit" name="change" id ="savechanges" value="' . s('Save Changes') . '" /></td></tr></table>';

echo '</div>'; // content
echo '</div>'; // panel
Expand Down
44 changes: 44 additions & 0 deletions public_html/lists/admin/js/phplistapp.js
View file
Expand Up @@ -296,6 +296,8 @@ $(document).ready(function () {
}
});



$("a.savechanges").click(function () {
if (changed) {
document.sendmessageform.followupto.value = this.href;
Expand Down Expand Up @@ -332,13 +334,55 @@ $(document).ready(function () {
}
});

$("#passrow").hide();
$("#confirmrow").hide();

$('input[type=radio][name=passwordoption]').change(function() {
if($("#passwordoption1").is(':checked'))
{
$("#passrow").hide();
$("#confirmrow").hide();
} else if($("#passwordoption0").is(':checked'))
{
$("#passrow").show();
$("#confirmrow").show();
$('#shortpassword').prop('required',true);
$('#confirmpassword').prop('required',true);
}
});
$(document).ready(function () {


$('#notmatching, #shortpassword').hide();
$('#adminpassword, #confirmpassword').on('keyup', function () {
if ($('#adminpassword').val().length < 8){
$('#shortpassword').show();
$('#shortpassword').css('color', 'red');
$("#savechanges").attr('disabled', 'disabled');
}else if ($('#adminpassword').val().length >= 8){
$('#shortpassword').hide();
if ($('#adminpassword').val() === $('#confirmpassword').val()) {
$('#notmatching').hide();
$("#savechanges").removeAttr('disabled');
} else {
$('#notmatching').show();
$('#notmatching').css('color', 'red');
$("#savechanges").attr('disabled', 'disabled');
}


}
});
});

$("#initialadminpassword").keyup(function () {
if (this.value.length >= 8) {
$("#initialisecontinue").removeAttr('disabled');
} else if (this.value.length < 8) {
$("#initialisecontinue").attr('disabled', 'disabled');
}
});

$("#initialiseform").submit(function () {
$("#dialog").dialog({
minHeight: 400,
Expand Down

0 comments on commit 4236629

Please sign in to comment.