1
0
Fork 0
mirror of https://github.com/sbrl/Pepperminty-Wiki.git synced 2024-12-22 13:45:02 +00:00

Bugfix user table unauthorised message

This commit is contained in:
Starbeamrainbowlabs 2018-05-15 19:38:32 +01:00
parent 116b643c6a
commit 4e9882d6dd
Signed by: sbrl
GPG key ID: 1BE5172E637709C2
3 changed files with 68 additions and 14 deletions

View file

@ -396,7 +396,7 @@ if($settings->sessionprefix == "auto")
/////////////////////////////////////////////////////////////////////////////
/** The version of Pepperminty Wiki currently running. */
$version = "v0.17-dev";
$commit = "5961d11e765945453569c0a85b62d05d5f459f39";
$commit = "116b643c6a9d3c6198151880f444507750e5c4cb";
/// Environment ///
/** Holds information about the current request environment. */
$env = new stdClass();
@ -468,8 +468,6 @@ if(isset($_SESSION[$settings->sessionprefix . "-user"]) and
isset($_SESSION[$settings->sessionprefix . "-pass"]))
{
// Grab the session variables
// Note that the 'pass' field here is actually a hash of the password set
// by the login action
$env->user = $_SESSION[$settings->sessionprefix . "-user"];
// The user is logged in
@ -2990,7 +2988,7 @@ function render_comments($comments_data, $depth = 0)
register_module([
"name" => "Settings GUI",
"version" => "0.1.2",
"version" => "0.1.3",
"author" => "Starbeamrainbowlabs",
"description" => "The module everyone has been waiting for! Adds a web based gui that lets mods change the wiki settings.",
"id" => "feature-guiconfig",
@ -3025,7 +3023,7 @@ register_module([
$content = "<h1>Master Control Panel</h1>\n";
$content .= "<p>This page lets you configure $settings->sitename's master settings. Please be careful - you can break things easily on this page if you're not careful!</p>\n";
$content .= "<p>You're currently running Pepperminty WIki $version+" . substr($commit, 0, 7) . ".</p>\n";
$content .= "<p>You're currently running Pepperminty Wiki $version+" . substr($commit, 0, 7) . ".</p>\n";
$content .= "<h2>Actions</h2>";
$content .= "<button class='action-invindex-rebuild' title='Rebuilds the index that is consulted when searching the wiki. Hit this button if some pages are not showing up.'>Rebuild Search Index</button>\n";
@ -3131,8 +3129,6 @@ SCRIPT;
* ██ ██ ██ ██ ██ ██
* ███████ ██ ██ ████ ███████
*/
add_action("configure-save", function () {
global $env, $settings, $paths, $defaultCSS;
@ -5897,7 +5893,7 @@ register_module([
if(!$env->is_logged_in || !$env->is_admin) {
http_response_code(401);
exit(page_renderer::render_main("Unauthorised - User Table - $settings->sitename", "<p>Only moderators (or better) may access the user table. You could try <a href='?action=logout'>logging out</a> and then <a href='?action=login&returnto%2Findex.hp%3Faction%3Duser-table'>logging in</a> again as a moderator, or alternatively visit the <a href='?action=user-list'>user list</a> instead, if that's what you're after.</p>"));
exit(page_renderer::render_main("Unauthorised - User Table - $settings->sitename", "<p>Only moderators (or better) may access the user table. You could try <a href='?action=logout'>logging out</a> and then <a href='?action=login&returnto=index.php%3Faction%3Duser-table'>logging in</a> again as a moderator, or alternatively visit the <a href='?action=user-list'>user list</a> instead, if that's what you're after.</p>"));
}
$content = "<h2>User Table</h2>
@ -5914,7 +5910,7 @@ register_module([
$content .= "<td><em>(None provided)</em></td>\n";
$content .= "<td>";
if(module_exists("feature-user-preferences"))
$content .= "<form method='post' action='?action=change-password' class='inline-form'>
$content .= "<form method='post' action='?action=set-password' class='inline-form'>
<input type='hidden' name='user' value='$username' />
<input type='password' name='new-pass' placeholder='New password' />
<input type='submit' value='Reset Password' />
@ -5935,6 +5931,23 @@ register_module([
exit(page_renderer::render_main("User Table - $settings->sitename", $content));
});
/**
* @api {post} ?action=user-add Add a user
* @apiName UserAdd
* @apiGroup Settings
* @apiPermission Moderator
*
* @apiParam {string} user The username for the new user.
* @apiParam {string} email Optional. Specifies the email address for the new user account.
*/
/*
* ██ ██ ███████ ███████ ██████ █████ ██████ ██████
* ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██
* ██ ██ ███████ █████ ██████ █████ ███████ ██ ██ ██ ██
* ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██
* ██████ ███████ ███████ ██ ██ ██ ██ ██████ ██████
*/
add_action("user-add", function() {
global $settings, $env;
@ -6009,6 +6022,47 @@ https://github.com/sbrl/Pepperminty-Wiki/
exit(page_renderer::render_main("Add User - $settings->sitename", $content));
});
/**
* @api {post} ?action=user-add Set a user's password
* @apiName UserAdd
* @apiGroup Settings
* @apiPermission Moderator
*
* @apiParam {string} user The username of the accunt to set the password for.
* @apiParam {string} new-pass The new password for the specified username.
*/
add_action("set-password", function() {
global $env, $settings;
if(!$env->is_admin) {
http_response_400(401);
exit(page_renderer::render_main("Error - Set Password - $settings->sitename", "<p>Error: You aren't logged in as a moderator, so you don't have permission to set a user's password.</p>"));
}
if(empty($_POST["user"])) {
http_response_code(400);
exit(page_renderer::render_main("Error - Set Password - $settings->sitename", "<p>Error: No username was provided via the 'user' POST parameter.</p>"));
}
if(empty($_POST["new-pass"])) {
http_response_code(400);
exit(page_renderer::render_main("Error - Set Password - $settings->sitename", "<p>Error: No password was provided via the 'new-pass' POST parameter.</p>"));
}
if(empty($settings->users->{$_POST["user"]})) {
http_response_code(404);
exit(page_renderer::render_main("User not found - Set Password - $settings->sitename", "<p>Error: No user called {$_POST["user"]} was found, so their password can't be set. Perhaps you forgot to create the user first?</p>"));
}
$settings->users->{$_POST["user"]}->password = hash_password($_POST["new-pass"]);
if(!save_settings()) {
http_response_code(503);
exit(page_renderer::render_main("Server Error - Set Password - $settings->sitename", "<p>Error: $settings->sitename couldn't save the settings back to disk! Please context $settings->admindetails_name, whose email address can be found at the bottom of this page.</p>"));
}
exit(page_renderer::render_main("Set Password - $settings->sitename", "<p>" . htmlentities($_POST["user"]) . "'s password has been set successfully. <a href='?action=user-table'>Go back</a> to the user table.</p>"));
});
if($env->is_admin) add_help_section("949-user-table", "Managing User Accounts", "<p>As a moderator on $settings->sitename, you can use the <a href='?action=user-table'>User Table</a> to adminstrate the user accounts on $settings->sitename. It allows you to perform actions such as adding and removing accounts, and resetting passwords.</p>");
}
]);

View file

@ -59,16 +59,16 @@
"author": "Starbeamrainbowlabs",
"description": "Adds threaded comments to the bottom of every page.",
"id": "feature-comments",
"lastupdate": 1523989232,
"lastupdate": 1526409370,
"optional": false
},
{
"name": "Settings GUI",
"version": "0.1.2",
"version": "0.1.3",
"author": "Starbeamrainbowlabs",
"description": "The module everyone has been waiting for! Adds a web based gui that lets mods change the wiki settings.",
"id": "feature-guiconfig",
"lastupdate": 1526250969,
"lastupdate": 1526403579,
"optional": false
},
{
@ -140,7 +140,7 @@
"author": "Starbeamrainbowlabs",
"description": "Adds a organiser page that lets moderators (or better) control the reegistered user accounts, and perform adminstrative actions such as password resets, and adding \/ removing accounts.",
"id": "feature-user-table",
"lastupdate": 1526250680,
"lastupdate": 1526409428,
"optional": false
},
{

View file

@ -33,7 +33,7 @@ register_module([
if(!$env->is_logged_in || !$env->is_admin) {
http_response_code(401);
exit(page_renderer::render_main("Unauthorised - User Table - $settings->sitename", "<p>Only moderators (or better) may access the user table. You could try <a href='?action=logout'>logging out</a> and then <a href='?action=login&returnto%2Findex.hp%3Faction%3Duser-table'>logging in</a> again as a moderator, or alternatively visit the <a href='?action=user-list'>user list</a> instead, if that's what you're after.</p>"));
exit(page_renderer::render_main("Unauthorised - User Table - $settings->sitename", "<p>Only moderators (or better) may access the user table. You could try <a href='?action=logout'>logging out</a> and then <a href='?action=login&returnto=index.php%3Faction%3Duser-table'>logging in</a> again as a moderator, or alternatively visit the <a href='?action=user-list'>user list</a> instead, if that's what you're after.</p>"));
}
$content = "<h2>User Table</h2>