From b4a25438d5f52746860cc60a0ae37971b98f52e0 Mon Sep 17 00:00:00 2001 From: Starbeamrainbowlabs Date: Tue, 15 May 2018 19:28:26 +0100 Subject: [PATCH] Add set-password action --- core.php | 2 -- modules/feature-user-table.php | 41 +++++++++++++++++++++++++++++++++- 2 files changed, 40 insertions(+), 3 deletions(-) diff --git a/core.php b/core.php index f57ddf2..321f773 100644 --- a/core.php +++ b/core.php @@ -82,8 +82,6 @@ if(isset($_SESSION[$settings->sessionprefix . "-user"]) and isset($_SESSION[$settings->sessionprefix . "-pass"])) { // Grab the session variables - // Note that the 'pass' field here is actually a hash of the password set - // by the login action $env->user = $_SESSION[$settings->sessionprefix . "-user"]; // The user is logged in diff --git a/modules/feature-user-table.php b/modules/feature-user-table.php index 70a6658..afb8c18 100644 --- a/modules/feature-user-table.php +++ b/modules/feature-user-table.php @@ -50,7 +50,7 @@ register_module([ $content .= "(None provided)\n"; $content .= ""; if(module_exists("feature-user-preferences")) - $content .= "
+ $content .= " @@ -71,6 +71,14 @@ register_module([ exit(page_renderer::render_main("User Table - $settings->sitename", $content)); }); + + /* + * ██ ██ ███████ ███████ ██████ █████ ██████ ██████ + * ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ + * ██ ██ ███████ █████ ██████ █████ ███████ ██ ██ ██ ██ + * ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ ██ + * ██████ ███████ ███████ ██ ██ ██ ██ ██████ ██████ + */ add_action("user-add", function() { global $settings, $env; @@ -145,6 +153,37 @@ https://github.com/sbrl/Pepperminty-Wiki/ exit(page_renderer::render_main("Add User - $settings->sitename", $content)); }); + add_action("set-password", function() { + global $env, $settings; + + if(!$env->is_admin) { + http_response_400(401); + exit(page_renderer::render_main("Error - Set Password - $settings->sitename", "

Error: You aren't logged in as a moderator, so you don't have permission to set a user's password.

")); + } + if(empty($_POST["user"])) { + http_response_code(400); + exit(page_renderer::render_main("Error - Set Password - $settings->sitename", "

Error: No username was provided via the 'user' POST parameter.

")); + } + if(empty($_POST["new-pass"])) { + http_response_code(400); + exit(page_renderer::render_main("Error - Set Password - $settings->sitename", "

Error: No password was provided via the 'new-pass' POST parameter.

")); + } + + if(empty($settings->users->{$_POST["user"]})) { + http_response_code(404); + exit(page_renderer::render_main("User not found - Set Password - $settings->sitename", "

Error: No user called {$_POST["user"]} was found, so their password can't be set. Perhaps you forgot to create the user first?

")); + } + + $settings->users->{$_POST["user"]}->password = hash_password($_POST["new-pass"]); + if(!save_settings()) { + http_response_code(503); + exit(page_renderer::render_main("Server Error - Set Password - $settings->sitename", "

Error: $settings->sitename couldn't save the settings back to disk! Please context $settings->admindetails_name, whose email address can be found at the bottom of this page.

")); + } + + exit(page_renderer::render_main("Set Password - $settings->sitename", "

" . htmlentities($_POST["user"]) . "'s password has been set successfully. Go back to the user table.

")); + }); + + if($env->is_admin) add_help_section("949-user-table", "Managing User Accounts", "

As a moderator on $settings->sitename, you can use the User Table to adminstrate the user accounts on $settings->sitename. It allows you to perform actions such as adding and removing accounts, and resetting passwords.

"); } ]);