From 9eb76b2c4a9c95929113805d339bd2809077c6bb Mon Sep 17 00:00:00 2001 From: Josh North Date: Wed, 16 Jun 2021 23:17:53 -0400 Subject: [PATCH] consolidation, cleanup, security, users and admin page updates and fixes --- profile.php | 171 ++++++---- src/Language/de.lang.ini.example | 6 +- src/Language/en.lang.ini.example | 6 +- src/Language/es.lang.ini.example | 6 +- src/Language/fr.lang.ini.example | 6 +- users.php | 544 +++++++++++++++++-------------- 6 files changed, 423 insertions(+), 316 deletions(-) diff --git a/profile.php b/profile.php index 3da2c1d..4822c61 100644 --- a/profile.php +++ b/profile.php @@ -84,99 +84,126 @@ (string)FILTER_SANITIZE_STRING, + 'form_data_passwordinitial' => (string)FILTER_SANITIZE_STRING, + 'form_data_passwordconfirm' => (string)FILTER_SANITIZE_STRING, + 'form_data_firstname' => (string)FILTER_SANITIZE_STRING, + 'form_data_lastname' => (string)FILTER_SANITIZE_STRING, + 'form_data_email' => (string)FILTER_SANITIZE_STRING +]); + $minpasslength = $StaticFunctions->getMinPass(); - if (isset($_POST['saveprofile'])): - if (empty($_POST['password']) && empty($_POST['newpassword2'])): - $Users->setUserInfo($session_user["0"]["users_id"], $_POST['firstname'], $_POST['lastname'], $_POST['email'], $session_user["0"]["users_usertypeid"], $session_user["0"]["users_password"]); - header('Location: ' . $_SERVER['PHP_SELF']); - elseif (strlen($_POST['password']) < $minpasslength): + if (isset($form_data['form_data_saveprofile'])): + if (empty($form_data['form_data_passwordinitial']) && empty($form_data['form_data_passwordconfirm'])): + $Users->setUserInfo($session_user["0"]["users_id"], $form_data['form_data_firstname'], $form_data['form_data_lastname'], $form_data['form_data_email'], $session_user["0"]["users_usertypeid"], $session_user["0"]["users_password"]); + header('Location: profile.php'); + elseif (strlen($form_data['form_data_passwordinitial']) < $minpasslength): echo "Password must be at least $minpasslength characters."; - elseif (!empty($_POST['password']) && empty($_POST['newpassword2'])): + elseif (!empty($form_data['form_data_passwordinitial']) && empty($form_data['form_data_passwordconfirm'])): echo "Please confirm password if you wish to change it"; - elseif ($_POST['password'] != $_POST['newpassword2']): + elseif ($form_data['form_data_passwordinitial'] != $form_data['form_data_passwordconfirm']): echo "New passwords do not match"; - elseif (!empty($_POST['password']) && ($_POST['password'] = $_POST['newpassword2'])): + elseif (!empty($form_data['form_data_passwordinitial']) && ($form_data['form_data_passwordinitial'] = $form_data['form_data_passwordconfirm'])): // change pass require_once("src/Misc/PasswordHash.php"); $hasher = new PasswordHash(8, FALSE); - $password = $hasher->HashPassword($_POST['password']); - $Users->setUserInfo($session_user["0"]["users_id"], $_POST['firstname'], $_POST['lastname'], $_POST['email'], $session_user["0"]["users_usertypeid"], $password); - header('Location: ' . $_SERVER['PHP_SELF']); + $password = $hasher->HashPassword($form_data['form_data_passwordinitial']); + $Users->setUserInfo($session_user["0"]["users_id"], $form_data['form_data_firstname'], $form_data['form_data_lastname'], $form_data['form_data_email'], $session_user["0"]["users_usertypeid"], $password); + header('Location: profile.php'); endif; endif; ?> -
-
+
+

+
+
+
+ +
- -

- -
+ +
+
+

+
+
+ +
+
+

+
+
+ +
-
-
-
- - " readonly /> -
-
-
-
- - " readonly /> -
-
-
-
- - " readonly /> -
-
-
-
-
-
- - " /> -
-
-
-
- - " /> -
-
-
-
- - " /> -
-
-
- -
-
-
- - -
-
-
-
- - +
+
+
+ + " readonly />
-
- +
+ + " readonly />
- +
+
+
+ + " readonly /> +
+
+
+
+ + " /> +
+
+
+
+
+
+ + " /> +
+
+
+
+ + " /> +
+
+
+ +
+
+
+ + +
+
+
+
+ + +
+
+
+
+ +
+
+
+
diff --git a/src/Language/de.lang.ini.example b/src/Language/de.lang.ini.example index b1db67c..8eb178f 100644 --- a/src/Language/de.lang.ini.example +++ b/src/Language/de.lang.ini.example @@ -1,5 +1,6 @@ ACCESS_LEVEL = 'Zugriffsebene' ACCOUNT = 'Konto' +ACCOUNT_INFO_AUTHLOCKED = 'Dieses System verwendet SSO-Authentifizierung. Die meisten Benutzerdaten dürfen hier nicht geändert werden.' ACCOUNT_INFO_DESC = 'Sie können Änderungen an Ihrem Benutzerprofil vornehmen. Um Ihr Passwort zu ändern, geben Sie ein neues Passwort zweimal ein und drücken Sie auf Speichern. Minimale Passwortlänge ist ' ACCOUNT_INFO_HEADER = 'Kontoinformationen' ACKNOWLEDGEMENT = 'Mit der Anmeldung erkenne ich an, dass ich die Regeln gelesen und verstanden habe und bin einverstanden, die Regeln dieses Dokuments zu befolgen, während ich Arbeiten innerhalb der Einrichtung verrichtet. Wir verfügen über eine bestehende Sicherheitsrichtlinie für Anlagen, die die Staatsangehörigkeit und die Staatsangehörigkeit der Besucher des Rechenzentrums berücksichtigt, um die US-Gesetze wie Exportkontroll- und Wirtschaftssanktionsgesetze einzuhalten. Unser Ziel besteht lediglich darin, diese US-Gesetze einzuhalten und den Zugang zu Personal nicht willkürlich zu verweigern.' @@ -147,8 +148,8 @@ STR_COMMON_VSIGNATURE = 'Unterschrift des Besuchers' STR_COMMON_YES = 'Ja' STR_REPORT_EXECUTE_TITLE = 'Bericht ausführen' STR_SIGNIN_MANUAL = 'Manuelle Anmeldung' -STR_TAGS_FORMCOMPLETE_TITLE = 'Formular vollständig' -STR_TAGS_FORMINCOMPLETE_TITLE = 'Formular unvollständig' +STR_TAGS_FORMCOMPLETE_TITLE = 'Vollständig' +STR_TAGS_FORMINCOMPLETE_TITLE = 'Unvollständig' STR_VENDORINFO_CHECKLISTCOMPLETED_DESC = 'Falls eine Checkliste erforderlich war, wurde diese ausgefüllt und eingereicht?' STR_VENDORINFO_CHECKLISTCOMPLETED_TITLE = 'Checkliste abgeschlossen' STR_VENDORINFO_CHECKLISTREQUIRED_DESC = 'Muss für diese Arbeit eine Checkliste ausgefüllt und abgegeben werden?' @@ -201,6 +202,7 @@ USER-USERNAME = 'Nutzername' USER-USERNAMENOTEMPTY = 'Der Benutzername darf nicht leer sein' USER-USERNAMEUSED = 'Benutzername bereits vergeben' USER-USERS = 'Benutzerverwaltung' +USER-SITES = 'Standortverwaltung' VALIDATIONS = 'Validierungen' VISITOR = 'Besucher' VOID = 'Leere' diff --git a/src/Language/en.lang.ini.example b/src/Language/en.lang.ini.example index 58c180f..d76d8f7 100644 --- a/src/Language/en.lang.ini.example +++ b/src/Language/en.lang.ini.example @@ -1,5 +1,6 @@ ACCESS_LEVEL = 'Access' ACCOUNT = 'Account' +ACCOUNT_INFO_AUTHLOCKED = 'This system is using SSO authentication. Most user details may not be changed here.' ACCOUNT_INFO_DESC = 'You may make changes to your user profile below. To change your password, enter a new password twice below and press save. Minimum password length is ' ACCOUNT_INFO_HEADER = 'Account Information' ACKNOWLEDGEMENT = 'By signing in, I acknowledge I have read and understand the Rules and agree to follow the rules of that document while performing work inside the facility. We have an existing facility security policy that takes into account the nationality and citizenship of visitors to the data center in order to comply with U.S. laws such as export control and economic sanction laws. Our objective is only to comply with such U.S. laws and not to deny entrance to personnel arbitrarily.' @@ -147,8 +148,8 @@ STR_COMMON_VSIGNATURE = 'Visitor Signature' STR_COMMON_YES = 'Yes' STR_REPORT_EXECUTE_TITLE = 'Run Report' STR_SIGNIN_MANUAL = 'Manual Sign-In' -STR_TAGS_FORMCOMPLETE_TITLE = 'Form Complete' -STR_TAGS_FORMINCOMPLETE_TITLE = 'Form Incomplete' +STR_TAGS_FORMCOMPLETE_TITLE = 'Complete' +STR_TAGS_FORMINCOMPLETE_TITLE = 'Incomplete' STR_VENDORINFO_CHECKLISTCOMPLETED_DESC = 'If a checklist was required, has it been completed and submitted?' STR_VENDORINFO_CHECKLISTCOMPLETED_TITLE = 'Checklist Completed' STR_VENDORINFO_CHECKLISTREQUIRED_DESC = 'Does this work require that a checklist be completed and turned in?' @@ -201,6 +202,7 @@ USER-USERNAME = 'Username' USER-USERNAMENOTEMPTY = 'Username cannot be empty' USER-USERNAMEUSED = 'Username already in use' USER-USERS = 'User Management' +USER-SITES = 'Site Management' VALIDATIONS = 'Validations' VISITOR = 'Visitor' VOID = 'Void' diff --git a/src/Language/es.lang.ini.example b/src/Language/es.lang.ini.example index 239b0ec..3db3ff7 100644 --- a/src/Language/es.lang.ini.example +++ b/src/Language/es.lang.ini.example @@ -1,5 +1,6 @@ ACCESS_LEVEL = 'Nivel de acceso' ACCOUNT = 'Cuenta' +ACCOUNT_INFO_AUTHLOCKED = 'Este sistema utiliza autenticación SSO. Es posible que la mayoría de los detalles del usuario no se modifiquen aquí.' ACCOUNT_INFO_DESC = 'Puede realizar cambios en su perfil de usuario a continuación. Para cambiar su contraseña, ingrese una nueva contraseña dos veces abajo y presione guardar. La longitud mínima de la contraseña es ' ACCOUNT_INFO_HEADER = 'Información de la cuenta' ACKNOWLEDGEMENT = 'Al iniciar sesión, reconozco que he leído y entiendo las Reglas y acepto seguir las reglas de ese documento mientras realizo el trabajo dentro de la instalación. Tenemos una política de seguridad en las instalaciones que tiene en cuenta la nacionalidad y la ciudadanía de los visitantes del centro de datos para cumplir con las leyes de los EE. UU., Como las leyes de control de exportaciones y sanciones económicas. Nuestro objetivo es solo cumplir con las leyes de los EE. UU. Y no negar la entrada al personal de manera arbitraria.' @@ -147,8 +148,8 @@ STR_COMMON_VSIGNATURE = 'Firma del Visitante' STR_COMMON_YES = 'Sí' STR_REPORT_EXECUTE_TITLE = 'Sacar un reporte' STR_SIGNIN_MANUAL = 'Inicio de sesión manual' -STR_TAGS_FORMCOMPLETE_TITLE = 'Formulario completo' -STR_TAGS_FORMINCOMPLETE_TITLE = 'Formulario incompleto' +STR_TAGS_FORMCOMPLETE_TITLE = 'Completo' +STR_TAGS_FORMINCOMPLETE_TITLE = 'Incompleto' STR_VENDORINFO_CHECKLISTCOMPLETED_DESC = 'Si se requirió una lista de verificación, ¿se ha completado y enviado?' STR_VENDORINFO_CHECKLISTCOMPLETED_TITLE = 'Lista de verificación completada' STR_VENDORINFO_CHECKLISTREQUIRED_DESC = '¿Requiere este trabajo que se complete y se entregue una lista de verificación?' @@ -201,6 +202,7 @@ USER-USERNAME = 'Usuario' USER-USERNAMENOTEMPTY = 'El nombre de usuario no puede estar vacío' USER-USERNAMEUSED = 'Nombre de usuario ya está en uso' USER-USERS = 'Gestión de usuarios' +USER-SITES = 'Manejo de sitio' VALIDATIONS = 'Validaciones' VISITOR = 'Visitante' VOID = 'Invalidar' diff --git a/src/Language/fr.lang.ini.example b/src/Language/fr.lang.ini.example index 0653ad2..d715d30 100644 --- a/src/Language/fr.lang.ini.example +++ b/src/Language/fr.lang.ini.example @@ -1,5 +1,6 @@ ACCESS_LEVEL = 'Niveau d'accès' ACCOUNT = 'Compte' +ACCOUNT_INFO_AUTHLOCKED = 'Ce système utilise l'authentification SSO. La plupart des détails de l'utilisateur ne peuvent pas être modifiés ici.' ACCOUNT_INFO_DESC = 'Vous pouvez modifier votre profil d'utilisateur ci-dessous. Pour changer votre mot de passe, entrez un nouveau mot de passe deux fois ci-dessous et appuyez sur enregistrer. La longueur minimale du mot de passe est ' ACCOUNT_INFO_HEADER = 'Information sur le compte' ACKNOWLEDGEMENT = 'En me connectant, je reconnais avoir lu et compris les Règles et accepté de suivre les règles de ce document lors de l'exécution de travaux à l'intérieur de l'établissement. Nous avons une politique de sécurité des installations existante qui prend en compte la nationalité et la citoyenneté des visiteurs du centre de données afin de respecter les lois américaines, telles que les lois sur le contrôle des exportations et les sanctions économiques. Notre objectif est uniquement de nous conformer à ces lois américaines et non de refuser l'entrée au personnel de manière arbitraire.' @@ -147,8 +148,8 @@ STR_COMMON_VSIGNATURE = 'Visiteur Signature' STR_COMMON_YES = 'Oui' STR_REPORT_EXECUTE_TITLE = 'Rapport d'exécution' STR_SIGNIN_MANUAL = 'Connexion manuelle' -STR_TAGS_FORMCOMPLETE_TITLE = 'Formulaire rempli' -STR_TAGS_FORMINCOMPLETE_TITLE = 'Formulaire incomplet' +STR_TAGS_FORMCOMPLETE_TITLE = 'Rempli' +STR_TAGS_FORMINCOMPLETE_TITLE = 'Incomplet' STR_VENDORINFO_CHECKLISTCOMPLETED_DESC = 'Si une liste de contrôle était requise, a-t-elle été complétée et soumise ?' STR_VENDORINFO_CHECKLISTCOMPLETED_TITLE = 'Liste de contrôle terminée' STR_VENDORINFO_CHECKLISTREQUIRED_DESC = 'Ce travail nécessite-t-il qu'une liste de contrôle soit remplie et remise ?' @@ -201,6 +202,7 @@ USER-USERNAME = 'Nom d'utilisateur' USER-USERNAMENOTEMPTY = 'Le nom d'utilisateur ne peut pas être vide' USER-USERNAMEUSED = 'Nom d'utilisateur déjà utilisé' USER-USERS = 'Gestion des utilisateurs' +USER-SITES = 'Administration du site' VALIDATIONS = 'Endossements' VISITOR = 'Visiteur' VOID = 'Vide' diff --git a/users.php b/users.php index e433218..a4fd307 100644 --- a/users.php +++ b/users.php @@ -82,93 +82,117 @@ } else { ?> -

+

+getMinPass(); ?> -getUserInfo($_POST['editid'], "0", "0") - //$SiteInfo->addSite($_POST['sitename'], $_POST['timezone'], $_POST['region']); - //header('Location: ' . $_SERVER['PHP_SELF']); -?> - - -
-
-
-

-
-
-
-
-
-
-
- -
- " /> -
-
-
- -
- " /> -
-
-
-
-
- -
- " /> -
-
-
- -
- " /> -
-
-
-
-
- -
- -
-
-
-
-
- -
- -
-
-
-
- " /> - -
-
-
-
-
- getMinPass(); - ?> - - +// FILTER POSTED DATA +$form_data = filter_input_array(INPUT_POST, [ + 'edituser' => (string)FILTER_SANITIZE_STRING, + 'editid' => (string)FILTER_SANITIZE_STRING, + 'form_data_passwordconfirm' => (string)FILTER_SANITIZE_STRING, + 'form_data_firstname' => (string)FILTER_SANITIZE_STRING, + 'form_data_lastname' => (string)FILTER_SANITIZE_STRING, + 'form_data_email' => (string)FILTER_SANITIZE_STRING +]); + + + +if (!empty($form_data['edituser'])) { $edituser = $Users->getUserInfo($form_data['editid'], "0", "0") ?> + +
+
+ " /> +
+
+

+
+
+
+
+ + +
+
+ +
+
+

+
+
+ +
+
+

+
+
+ +
+
+
+
+ + " /> +
+
+
+
+ + " readonly/> +
+
+
+
+
+
+ + +
+
+
+
+ + " /> +
+
+
+
+
+
+ + " /> +
+
+
+
+ + " /> +
+
+
+
+
+
+ + +
+
+
+
+
+
+ + + @@ -286,130 +310,168 @@ if (0 === $row_count): else: $page_count = (int)ceil($row_count / $StaticFunctio - -
-
-
-

-
-
- -
+ +
+
+
+

+
+
+
    +
    • + +
    • + +
+
+
+ + +
+
+
+
+ + + + + + + + getUserInfo("%", $StaticFunctions->getPageRows(), $offset) as $row): ?> + + + + + + + + + + + + + + + +
+ getSite("0", $row['users_id'], "0", "0") as $sidrow) { ?> + + "; } elseif($sidrowcount==5) {echo '...'; break; } } ?> + +
+ + + +
+
+ + + +
+
+
+
+
+ + + + +
+ + getPageRows()); if($page_num1 > $page_count1): $page_num1 = 1; endif; endif; ?> - -
-
-
-

-
-
- -
-
-
  • ' . $transLang['STR_COMMON_PAGE'] . '
    • '; for ($i1 = 1; $i1 <= $page_count1; $i1++): echo '
  • ' . $i1 . '
    • '; endfor; echo ''; ?> - - - - - - - - listSite($StaticFunctions->getPageRows(), $offset1) as $row1): ?> - - - - - - - -
    -
    -
    - getMinPass(); - ?> + +
    +
    +
    +

    +
    +
    +
      +
      • + +
      • + +
    +
    +
    + + +
    +
    +
    +
    + + + + + + + + listSite($StaticFunctions->getPageRows(), $offset1) as $row1): ?> + + + + + + + +
    +
    +
    +
    +
    @@ -531,7 +602,8 @@ if (0 === $row_count1): else: $page_count1 = (int)ceil($row_count1 / $StaticFunc
    - + +