password change implemented, 4+ char requirement
This commit is contained in:
parent
742dcdbd3a
commit
6541972a3c
@ -17,7 +17,17 @@ $stmt->execute(array(
|
||||
':userid' => $userid,
|
||||
':firstname' => $firstname,
|
||||
':lastname' => $lastname,
|
||||
':email' => $email
|
||||
':email' => $email,
|
||||
));
|
||||
}
|
||||
|
||||
// Update user profile
|
||||
function updateUserPassword($yaptc_db, $userid, $password)
|
||||
{
|
||||
$stmt = $yaptc_db->prepare("UPDATE users SET password = :password WHERE id = :userid;");
|
||||
$stmt->execute(array(
|
||||
':userid' => $userid,
|
||||
':password' => $password,
|
||||
));
|
||||
}
|
||||
|
||||
@ -45,7 +55,7 @@ function killSession()
|
||||
function getSessionAccess($yaptc_db)
|
||||
{
|
||||
if (isset($_SESSION['user_id'])) {
|
||||
$query3 = "SELECT users.id as userid, usertypes.typename AS usertype FROM users, usertypes WHERE users.id = :id";
|
||||
$query3 = "SELECT users.id as userid, usertypes.typename AS usertype FROM yaptc.users INNER JOIN yaptc.usertypes ON users.usertype = usertypes.id WHERE users.id = :id";
|
||||
$stmt3 = $yaptc_db->prepare($query3);
|
||||
$stmt3->execute(array(
|
||||
':id' => $_SESSION['user_id']
|
||||
|
||||
14
index.php
14
index.php
@ -24,17 +24,15 @@ else: ?>
|
||||
<h2 class="content-subhead">Quick Punch</h2>
|
||||
<p>Clicking the button below will immediately enter a new punch for you depending on your current status. Any notes you enter will be attached to the punch for your administrator to review.</p>
|
||||
<form class="pure-form pure-form-stacked" action="index.php" method="post">
|
||||
<fieldset>
|
||||
<input class="pure-input-1" type="text" name="notes" placeholder="Enter notes if needed" maxlength="255" value="<?php if (isset($notes)): echo $notes; endif; ?>">
|
||||
<div class="pure-controls">
|
||||
<fieldset id="punch">
|
||||
<input type="text" name="notes" placeholder="Enter notes if needed" maxlength="255" value="<?php if (isset($notes)): echo $notes; endif; ?>">
|
||||
<?php if ($status == "In"): ?>
|
||||
<button type="submit" class="pure-button button-xlarge button-success pure-button-disabled">Punch IN</button>
|
||||
<button type="submit" class="pure-button button-xlarge button-error">Punch OUT</button>
|
||||
<button type="submit" class="pure-button button-success pure-button-disabled">Punch IN</button>
|
||||
<button type="submit" class="pure-button button-error">Punch OUT</button>
|
||||
<?php elseif ($status == "Out"): ?>
|
||||
<button type="submit" class="pure-button button-xlarge button-success">Punch IN</button>
|
||||
<button type="submit" class="pure-button button-xlarge button-error pure-button-disabled">Punch OUT</button>
|
||||
<button type="submit" class="pure-button button-success">Punch IN</button>
|
||||
<button type="submit" class="pure-button button-error pure-button-disabled">Punch OUT</button>
|
||||
<?php endif; ?>
|
||||
</div>
|
||||
</fieldset>
|
||||
</form>
|
||||
|
||||
|
||||
50
profile.php
50
profile.php
@ -11,8 +11,33 @@ else:
|
||||
//********** BEGIN CONTENT **********// ?>
|
||||
|
||||
<?php
|
||||
if (!empty($_POST)):
|
||||
if (empty($_POST['password']) && empty($_POST['newpassword2'])):
|
||||
updateUserProfile($yaptc_db, $_SESSION['user_id'], $_POST['firstname'], $_POST['lastname'], $_POST['email']);
|
||||
header('Location: ' . $_SERVER['PHP_SELF']);
|
||||
elseif ($_POST['password'] != $_POST['newpassword2']):
|
||||
$errors['newpassword2'] = "New passwords do not match.";
|
||||
elseif (!empty($_POST['password']) && ($_POST['password'] = $_POST['newpassword2'])):
|
||||
require_once($yaptc_lib . "phpass-0.3/PasswordHash.php");
|
||||
$query = "SELECT users.id, users.password, users.created, users.username, users.firstname, users.lastname, users.email, usertypes.typename AS usertype FROM users, usertypes WHERE users.id = :id";
|
||||
$hasher = new PasswordHash(8, FALSE);
|
||||
$password = $hasher->HashPassword($_POST['password']);
|
||||
updateUserPassword($yaptc_db, $_SESSION['user_id'], $password);
|
||||
updateUserProfile($yaptc_db, $_SESSION['user_id'], $_POST['firstname'], $_POST['lastname'], $_POST['email']);
|
||||
echo $_POST['password'];
|
||||
echo $password;
|
||||
header('Location: ' . $_SERVER['PHP_SELF']);
|
||||
|
||||
|
||||
endif;
|
||||
|
||||
|
||||
endif;
|
||||
?>
|
||||
|
||||
|
||||
<?php
|
||||
|
||||
$query = "SELECT users.id, users.password, users.created, users.username, users.firstname, users.lastname, users.email, usertypes.typename AS usertype FROM yaptc.users INNER JOIN yaptc.usertypes ON users.usertype = usertypes.id WHERE users.id = :id";
|
||||
$stmt = $yaptc_db->prepare($query);
|
||||
$stmt->execute(array(':id' => $_SESSION['user_id']));
|
||||
$user = $stmt->fetchObject();
|
||||
@ -24,7 +49,7 @@ $query = "SELECT users.id, users.password, users.created, users.username, users.
|
||||
|
||||
<h2 class="content-subhead">Profile Information</h2>
|
||||
<p>You may make changes to your user profile below if you wish. Updates will take effect immediately on pressing "Save".</p>
|
||||
<p>PASSWORD CHANGE IS NOT CURRENTLY IMPLEMENTED</p>
|
||||
<p>To change your password, enter a new password twice below and press save.</p>
|
||||
<form class="pure-form pure-form-stacked" action="profile.php" method="post">
|
||||
<fieldset id="update">
|
||||
<div class="pure-g">
|
||||
@ -45,11 +70,10 @@ $query = "SELECT users.id, users.password, users.created, users.username, users.
|
||||
<input type="text" name="email" maxlength="100" value="<?php echo $user->email; ?>">
|
||||
</div>
|
||||
<div class="pure-u-1 pure-u-md-1-3">
|
||||
<label for="newpassword1">New Password</label>
|
||||
<input type="password" name="newpassword1" maxlength="50" disabled>
|
||||
<label for="password">New Password</label>
|
||||
<input type="password" name="password" maxlength="50">
|
||||
<label for="newpassword2">Confirm Password</label>
|
||||
<input type="password" name="newpassword2" maxlength="50" disabled>
|
||||
<?php echo isset($errors['newpassword2']) ? $errors['newpassword2'] : ''; ?>
|
||||
<input type="password" name="newpassword2" maxlength="50">
|
||||
</div>
|
||||
<div class="pure-controls pure-u-1">
|
||||
<button type="submit" class="pure-input-1 pure-button button-success ">Save</button>
|
||||
@ -58,20 +82,6 @@ $query = "SELECT users.id, users.password, users.created, users.username, users.
|
||||
</fieldset>
|
||||
</form>
|
||||
|
||||
<?php
|
||||
if (!empty($_POST)):
|
||||
if (empty($_POST['newpassword1']) && empty($_POST['newpassword2'])):
|
||||
updateUserProfile($yaptc_db, $_SESSION['user_id'], $_POST['firstname'], $_POST['lastname'], $_POST['email'], $_POST['newpassword1'], $_POST['newpassword2']);
|
||||
header('Location: ' . $_SERVER['PHP_SELF']);
|
||||
elseif (!empty($_POST['newpassword1']) || !empty($_POST['newpassword2'])):
|
||||
$errors['newpassword2'] = "New passwords do not match.";
|
||||
elseif ($_POST['newpassword1'] != $_POST['newpassword2']):
|
||||
$errors['newpassword2'] = "New passwords do not match.";
|
||||
|
||||
endif;
|
||||
//otherwise what?
|
||||
endif;
|
||||
?>
|
||||
|
||||
|
||||
|
||||
|
||||
@ -10,6 +10,7 @@ killSession();
|
||||
else: ?>
|
||||
<!-- ********** BEGIN CONTENT ********** -->
|
||||
|
||||
<?php if ($userLogged == true && $userAccess == "Administrator"): ?>
|
||||
<h2 class="content-subhead">Punch History</h2>
|
||||
<p>Below is your company punch history. The below drop-down can be used to select pre-configured reports. Other reports are currently being written.</p>
|
||||
<form class="pure-form pure-form-stacked" action="reports.php" method="post">
|
||||
@ -51,6 +52,9 @@ else: ?>
|
||||
<?php else: ?>
|
||||
<p>No query to display. Please select from the dropdown above...</p>
|
||||
<?php endif; ?>
|
||||
<?php else: ?>
|
||||
<h2 class="content-subhead">NOT AUTHORIZED!</h2>
|
||||
<?php endif; ?>
|
||||
|
||||
<!-- ********** END CONTENT ********** -->
|
||||
<?php endif; require_once($yaptc_inc . "footer.inc.php"); ?>
|
||||
|
||||
10
users.php
10
users.php
@ -10,8 +10,9 @@ killSession();
|
||||
else: ?>
|
||||
<!-- ********** BEGIN CONTENT ********** -->
|
||||
|
||||
<?php if ($userLogged == true && $userAccess == "Administrator"): ?>
|
||||
<h2 class="content-subhead">Add User</h2>
|
||||
<p>All fields are required! Password must be 8+ characters. Username and email must be unique.</p>
|
||||
<p>All fields are required! Password must be 4+ characters. Username and email must be unique.</p>
|
||||
<?php
|
||||
require_once($yaptc_lib . "phpass-0.3/PasswordHash.php");
|
||||
if (!empty($_POST['newuser']))
|
||||
@ -28,9 +29,9 @@ if (!empty($_POST['newuser']))
|
||||
{
|
||||
$errors['password'] = "Password cannot be empty.";
|
||||
}
|
||||
if (strlen($_POST['password']) < 8)
|
||||
if (strlen($_POST['password']) < 4)
|
||||
{
|
||||
$errors['password'] = "Password must be at least 8 charcaters.";
|
||||
$errors['password'] = "Password must be at least 4 charcaters.";
|
||||
}
|
||||
if (empty($_POST['password_confirm']))
|
||||
{
|
||||
@ -194,6 +195,9 @@ echo "<td>" . $row['usertype'] . "</td>";
|
||||
</tbody>
|
||||
</table>
|
||||
|
||||
<?php else: ?>
|
||||
<h2 class="content-subhead">NOT AUTHORIZED!</h2>
|
||||
<?php endif; ?>
|
||||
|
||||
<!-- ********** END CONTENT ********** -->
|
||||
<?php endif; require_once($yaptc_inc . "footer.inc.php"); ?>
|
||||
|
||||
Loading…
Reference in New Issue
Block a user