From 4e9882d6dd4109b56683ae5a00d472c0b40ee08e Mon Sep 17 00:00:00 2001 From: Starbeamrainbowlabs Date: Tue, 15 May 2018 19:38:32 +0100 Subject: [PATCH] Bugfix user table unauthorised message --- build/index.php | 72 +++++++++++++++++++++++++++++----- module_index.json | 8 ++-- modules/feature-user-table.php | 2 +- 3 files changed, 68 insertions(+), 14 deletions(-) diff --git a/build/index.php b/build/index.php index ddf9644..49039ae 100644 --- a/build/index.php +++ b/build/index.php @@ -396,7 +396,7 @@ if($settings->sessionprefix == "auto") ///////////////////////////////////////////////////////////////////////////// /** The version of Pepperminty Wiki currently running. */ $version = "v0.17-dev"; -$commit = "5961d11e765945453569c0a85b62d05d5f459f39"; +$commit = "116b643c6a9d3c6198151880f444507750e5c4cb"; /// Environment /// /** Holds information about the current request environment. */ $env = new stdClass(); @@ -468,8 +468,6 @@ if(isset($_SESSION[$settings->sessionprefix . "-user"]) and isset($_SESSION[$settings->sessionprefix . "-pass"])) { // Grab the session variables - // Note that the 'pass' field here is actually a hash of the password set - // by the login action $env->user = $_SESSION[$settings->sessionprefix . "-user"]; // The user is logged in @@ -2990,7 +2988,7 @@ function render_comments($comments_data, $depth = 0) register_module([ "name" => "Settings GUI", - "version" => "0.1.2", + "version" => "0.1.3", "author" => "Starbeamrainbowlabs", "description" => "The module everyone has been waiting for! Adds a web based gui that lets mods change the wiki settings.", "id" => "feature-guiconfig", @@ -3025,7 +3023,7 @@ register_module([ $content = "

Master Control Panel

\n"; $content .= "

This page lets you configure $settings->sitename's master settings. Please be careful - you can break things easily on this page if you're not careful!

\n"; - $content .= "

You're currently running Pepperminty WIki $version+" . substr($commit, 0, 7) . ".

\n"; + $content .= "

You're currently running Pepperminty Wiki $version+" . substr($commit, 0, 7) . ".

\n"; $content .= "

Actions

"; $content .= "\n"; @@ -3131,8 +3129,6 @@ SCRIPT; * ██ ██ ██ ██ ██ ██ * ███████ ██ ██ ████ ███████ */ - - add_action("configure-save", function () { global $env, $settings, $paths, $defaultCSS; @@ -5897,7 +5893,7 @@ register_module([ if(!$env->is_logged_in || !$env->is_admin) { http_response_code(401); - exit(page_renderer::render_main("Unauthorised - User Table - $settings->sitename", "

Only moderators (or better) may access the user table. You could try logging out and then logging in again as a moderator, or alternatively visit the user list instead, if that's what you're after.

")); + exit(page_renderer::render_main("Unauthorised - User Table - $settings->sitename", "

Only moderators (or better) may access the user table. You could try logging out and then logging in again as a moderator, or alternatively visit the user list instead, if that's what you're after.

")); } $content = "

User Table

@@ -5914,7 +5910,7 @@ register_module([ $content .= "(None provided)\n"; $content .= ""; if(module_exists("feature-user-preferences")) - $content .= "
+ $content .= " @@ -5935,6 +5931,23 @@ register_module([ exit(page_renderer::render_main("User Table - $settings->sitename", $content)); }); + /** + * @api {post} ?action=user-add Add a user + * @apiName UserAdd + * @apiGroup Settings + * @apiPermission Moderator + * + * @apiParam {string} user The username for the new user. + * @apiParam {string} email Optional. Specifies the email address for the new user account. + */ + + /* + * ██ ██ ███████ ███████ ██████ █████ ██████ ██████ + * ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ + * ██ ██ ███████ █████ ██████ █████ ███████ ██ ██ ██ ██ + * ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ + * ██████ ███████ ███████ ██ ██ ██ ██ ██████ ██████ + */ add_action("user-add", function() { global $settings, $env; @@ -6009,6 +6022,47 @@ https://github.com/sbrl/Pepperminty-Wiki/ exit(page_renderer::render_main("Add User - $settings->sitename", $content)); }); + + /** + * @api {post} ?action=user-add Set a user's password + * @apiName UserAdd + * @apiGroup Settings + * @apiPermission Moderator + * + * @apiParam {string} user The username of the accunt to set the password for. + * @apiParam {string} new-pass The new password for the specified username. + */ + add_action("set-password", function() { + global $env, $settings; + + if(!$env->is_admin) { + http_response_400(401); + exit(page_renderer::render_main("Error - Set Password - $settings->sitename", "

Error: You aren't logged in as a moderator, so you don't have permission to set a user's password.

")); + } + if(empty($_POST["user"])) { + http_response_code(400); + exit(page_renderer::render_main("Error - Set Password - $settings->sitename", "

Error: No username was provided via the 'user' POST parameter.

")); + } + if(empty($_POST["new-pass"])) { + http_response_code(400); + exit(page_renderer::render_main("Error - Set Password - $settings->sitename", "

Error: No password was provided via the 'new-pass' POST parameter.

")); + } + + if(empty($settings->users->{$_POST["user"]})) { + http_response_code(404); + exit(page_renderer::render_main("User not found - Set Password - $settings->sitename", "

Error: No user called {$_POST["user"]} was found, so their password can't be set. Perhaps you forgot to create the user first?

")); + } + + $settings->users->{$_POST["user"]}->password = hash_password($_POST["new-pass"]); + if(!save_settings()) { + http_response_code(503); + exit(page_renderer::render_main("Server Error - Set Password - $settings->sitename", "

Error: $settings->sitename couldn't save the settings back to disk! Please context $settings->admindetails_name, whose email address can be found at the bottom of this page.

")); + } + + exit(page_renderer::render_main("Set Password - $settings->sitename", "

" . htmlentities($_POST["user"]) . "'s password has been set successfully. Go back to the user table.

")); + }); + + if($env->is_admin) add_help_section("949-user-table", "Managing User Accounts", "

As a moderator on $settings->sitename, you can use the User Table to adminstrate the user accounts on $settings->sitename. It allows you to perform actions such as adding and removing accounts, and resetting passwords.

"); } ]); diff --git a/module_index.json b/module_index.json index 7de3a68..ddda4a1 100755 --- a/module_index.json +++ b/module_index.json @@ -59,16 +59,16 @@ "author": "Starbeamrainbowlabs", "description": "Adds threaded comments to the bottom of every page.", "id": "feature-comments", - "lastupdate": 1523989232, + "lastupdate": 1526409370, "optional": false }, { "name": "Settings GUI", - "version": "0.1.2", + "version": "0.1.3", "author": "Starbeamrainbowlabs", "description": "The module everyone has been waiting for! Adds a web based gui that lets mods change the wiki settings.", "id": "feature-guiconfig", - "lastupdate": 1526250969, + "lastupdate": 1526403579, "optional": false }, { @@ -140,7 +140,7 @@ "author": "Starbeamrainbowlabs", "description": "Adds a organiser page that lets moderators (or better) control the reegistered user accounts, and perform adminstrative actions such as password resets, and adding \/ removing accounts.", "id": "feature-user-table", - "lastupdate": 1526250680, + "lastupdate": 1526409428, "optional": false }, { diff --git a/modules/feature-user-table.php b/modules/feature-user-table.php index 99ba818..f4a63bb 100644 --- a/modules/feature-user-table.php +++ b/modules/feature-user-table.php @@ -33,7 +33,7 @@ register_module([ if(!$env->is_logged_in || !$env->is_admin) { http_response_code(401); - exit(page_renderer::render_main("Unauthorised - User Table - $settings->sitename", "

Only moderators (or better) may access the user table. You could try logging out and then logging in again as a moderator, or alternatively visit the user list instead, if that's what you're after.

")); + exit(page_renderer::render_main("Unauthorised - User Table - $settings->sitename", "

Only moderators (or better) may access the user table. You could try logging out and then logging in again as a moderator, or alternatively visit the user list instead, if that's what you're after.

")); } $content = "

User Table