Point808/yaptc
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

password change implemented, 4+ char requirement

Browse Source
This commit is contained in:
Josh North 2015-02-23 03:09:15 -05:00
parent 742dcdbd3a
commit 6541972a3c
5 changed files with 59 additions and 33 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
includes/functions.inc.php
View File

@ -17,7 +17,17 @@ $stmt->execute(array(
':userid' => $userid, ':userid' => $userid,
':firstname' => $firstname, ':firstname' => $firstname,
':lastname' => $lastname, ':lastname' => $lastname,
':email' => $email ':email' => $email,
));
}
// Update user profile
function updateUserPassword($yaptc_db, $userid, $password)
{
$stmt = $yaptc_db->prepare("UPDATE users SET password = :password WHERE id = :userid;");
$stmt->execute(array(
':userid' => $userid,
':password' => $password,
)); ));
} }
@ -45,7 +55,7 @@ function killSession()
function getSessionAccess($yaptc_db) function getSessionAccess($yaptc_db)
{ {
if (isset($_SESSION['user_id'])) { if (isset($_SESSION['user_id'])) {
$query3 = "SELECT users.id as userid, usertypes.typename AS usertype FROM users, usertypes WHERE users.id = :id"; $query3 = "SELECT users.id as userid, usertypes.typename AS usertype FROM yaptc.users INNER JOIN yaptc.usertypes ON users.usertype = usertypes.id WHERE users.id = :id";
$stmt3 = $yaptc_db->prepare($query3); $stmt3 = $yaptc_db->prepare($query3);
$stmt3->execute(array( $stmt3->execute(array(
':id' => $_SESSION['user_id'] ':id' => $_SESSION['user_id']

14
index.php
View File

@ -24,17 +24,15 @@ else: ?>
<h2 class="content-subhead">Quick Punch</h2> <h2 class="content-subhead">Quick Punch</h2>
<p>Clicking the button below will immediately enter a new punch for you depending on your current status. Any notes you enter will be attached to the punch for your administrator to review.</p> <p>Clicking the button below will immediately enter a new punch for you depending on your current status. Any notes you enter will be attached to the punch for your administrator to review.</p>
<form class="pure-form pure-form-stacked" action="index.php" method="post"> <form class="pure-form pure-form-stacked" action="index.php" method="post">
<fieldset> <fieldset id="punch">
<input class="pure-input-1" type="text" name="notes" placeholder="Enter notes if needed" maxlength="255" value="<?php if (isset($notes)): echo $notes; endif; ?>"> <input type="text" name="notes" placeholder="Enter notes if needed" maxlength="255" value="<?php if (isset($notes)): echo $notes; endif; ?>">
<div class="pure-controls">
<?php if ($status == "In"): ?> <?php if ($status == "In"): ?>
<button type="submit" class="pure-button button-xlarge button-success pure-button-disabled">Punch IN</button> <button type="submit" class="pure-button button-success pure-button-disabled">Punch IN</button>
<button type="submit" class="pure-button button-xlarge button-error">Punch OUT</button> <button type="submit" class="pure-button button-error">Punch OUT</button>
<?php elseif ($status == "Out"): ?> <?php elseif ($status == "Out"): ?>
<button type="submit" class="pure-button button-xlarge button-success">Punch IN</button> <button type="submit" class="pure-button button-success">Punch IN</button>
<button type="submit" class="pure-button button-xlarge button-error pure-button-disabled">Punch OUT</button> <button type="submit" class="pure-button button-error pure-button-disabled">Punch OUT</button>
<?php endif; ?> <?php endif; ?>
</div>
</fieldset> </fieldset>
</form> </form>

50
profile.php
View File

@ -11,8 +11,33 @@ else:
//********** BEGIN CONTENT **********// ?> //********** BEGIN CONTENT **********// ?>
<?php <?php
if (!empty($_POST)):
if (empty($_POST['password']) && empty($_POST['newpassword2'])):
updateUserProfile($yaptc_db, $_SESSION['user_id'], $_POST['firstname'], $_POST['lastname'], $_POST['email']);
header('Location: ' . $_SERVER['PHP_SELF']);
elseif ($_POST['password'] != $_POST['newpassword2']):
$errors['newpassword2'] = "New passwords do not match.";
elseif (!empty($_POST['password']) && ($_POST['password'] = $_POST['newpassword2'])):
require_once($yaptc_lib . "phpass-0.3/PasswordHash.php"); require_once($yaptc_lib . "phpass-0.3/PasswordHash.php");
$query = "SELECT users.id, users.password, users.created, users.username, users.firstname, users.lastname, users.email, usertypes.typename AS usertype FROM users, usertypes WHERE users.id = :id"; $hasher = new PasswordHash(8, FALSE);
$password = $hasher->HashPassword($_POST['password']);
updateUserPassword($yaptc_db, $_SESSION['user_id'], $password);
updateUserProfile($yaptc_db, $_SESSION['user_id'], $_POST['firstname'], $_POST['lastname'], $_POST['email']);
echo $_POST['password'];
echo $password;
header('Location: ' . $_SERVER['PHP_SELF']);
endif;
endif;
?>
<?php
$query = "SELECT users.id, users.password, users.created, users.username, users.firstname, users.lastname, users.email, usertypes.typename AS usertype FROM yaptc.users INNER JOIN yaptc.usertypes ON users.usertype = usertypes.id WHERE users.id = :id";
$stmt = $yaptc_db->prepare($query); $stmt = $yaptc_db->prepare($query);
$stmt->execute(array(':id' => $_SESSION['user_id'])); $stmt->execute(array(':id' => $_SESSION['user_id']));
$user = $stmt->fetchObject(); $user = $stmt->fetchObject();
@ -24,7 +49,7 @@ $query = "SELECT users.id, users.password, users.created, users.username, users.
<h2 class="content-subhead">Profile Information</h2> <h2 class="content-subhead">Profile Information</h2>
<p>You may make changes to your user profile below if you wish. Updates will take effect immediately on pressing "Save".</p> <p>You may make changes to your user profile below if you wish. Updates will take effect immediately on pressing "Save".</p>
<p>PASSWORD CHANGE IS NOT CURRENTLY IMPLEMENTED</p> <p>To change your password, enter a new password twice below and press save.</p>
<form class="pure-form pure-form-stacked" action="profile.php" method="post"> <form class="pure-form pure-form-stacked" action="profile.php" method="post">
<fieldset id="update"> <fieldset id="update">
<div class="pure-g"> <div class="pure-g">
@ -45,11 +70,10 @@ $query = "SELECT users.id, users.password, users.created, users.username, users.
<input type="text" name="email" maxlength="100" value="<?php echo $user->email; ?>"> <input type="text" name="email" maxlength="100" value="<?php echo $user->email; ?>">
</div> </div>
<div class="pure-u-1 pure-u-md-1-3"> <div class="pure-u-1 pure-u-md-1-3">
<label for="newpassword1">New Password</label> <label for="password">New Password</label>
<input type="password" name="newpassword1" maxlength="50" disabled> <input type="password" name="password" maxlength="50">
<label for="newpassword2">Confirm Password</label> <label for="newpassword2">Confirm Password</label>
<input type="password" name="newpassword2" maxlength="50" disabled> <input type="password" name="newpassword2" maxlength="50">
<?php echo isset($errors['newpassword2']) ? $errors['newpassword2'] : ''; ?>
</div> </div>
<div class="pure-controls pure-u-1"> <div class="pure-controls pure-u-1">
<button type="submit" class="pure-input-1 pure-button button-success ">Save</button> <button type="submit" class="pure-input-1 pure-button button-success ">Save</button>
@ -58,20 +82,6 @@ $query = "SELECT users.id, users.password, users.created, users.username, users.
</fieldset> </fieldset>
</form> </form>
<?php
if (!empty($_POST)):
if (empty($_POST['newpassword1']) && empty($_POST['newpassword2'])):
updateUserProfile($yaptc_db, $_SESSION['user_id'], $_POST['firstname'], $_POST['lastname'], $_POST['email'], $_POST['newpassword1'], $_POST['newpassword2']);
header('Location: ' . $_SERVER['PHP_SELF']);
elseif (!empty($_POST['newpassword1']) || !empty($_POST['newpassword2'])):
$errors['newpassword2'] = "New passwords do not match.";
elseif ($_POST['newpassword1'] != $_POST['newpassword2']):
$errors['newpassword2'] = "New passwords do not match.";
endif;
//otherwise what?
endif;
?>

4
reports.php
View File

@ -10,6 +10,7 @@ killSession();
else: ?> else: ?>
<!-- ********** BEGIN CONTENT ********** --> <!-- ********** BEGIN CONTENT ********** -->
<?php if ($userLogged == true && $userAccess == "Administrator"): ?>
<h2 class="content-subhead">Punch History</h2> <h2 class="content-subhead">Punch History</h2>
<p>Below is your company punch history. The below drop-down can be used to select pre-configured reports. Other reports are currently being written.</p> <p>Below is your company punch history. The below drop-down can be used to select pre-configured reports. Other reports are currently being written.</p>
<form class="pure-form pure-form-stacked" action="reports.php" method="post"> <form class="pure-form pure-form-stacked" action="reports.php" method="post">
@ -51,6 +52,9 @@ else: ?>
<?php else: ?> <?php else: ?>
<p>No query to display. Please select from the dropdown above...</p> <p>No query to display. Please select from the dropdown above...</p>
<?php endif; ?> <?php endif; ?>
<?php else: ?>
<h2 class="content-subhead">NOT AUTHORIZED!</h2>
<?php endif; ?>
<!-- ********** END CONTENT ********** --> <!-- ********** END CONTENT ********** -->
<?php endif; require_once($yaptc_inc . "footer.inc.php"); ?> <?php endif; require_once($yaptc_inc . "footer.inc.php"); ?>

10
users.php
View File

@ -10,8 +10,9 @@ killSession();
else: ?> else: ?>
<!-- ********** BEGIN CONTENT ********** --> <!-- ********** BEGIN CONTENT ********** -->
<?php if ($userLogged == true && $userAccess == "Administrator"): ?>
<h2 class="content-subhead">Add User</h2> <h2 class="content-subhead">Add User</h2>
<p>All fields are required! Password must be 8+ characters. Username and email must be unique.</p> <p>All fields are required! Password must be 4+ characters. Username and email must be unique.</p>
<?php <?php
require_once($yaptc_lib . "phpass-0.3/PasswordHash.php"); require_once($yaptc_lib . "phpass-0.3/PasswordHash.php");
if (!empty($_POST['newuser'])) if (!empty($_POST['newuser']))
@ -28,9 +29,9 @@ if (!empty($_POST['newuser']))
{ {
$errors['password'] = "Password cannot be empty."; $errors['password'] = "Password cannot be empty.";
} }
if (strlen($_POST['password']) < 8) if (strlen($_POST['password']) < 4)
{ {
$errors['password'] = "Password must be at least 8 charcaters."; $errors['password'] = "Password must be at least 4 charcaters.";
} }
if (empty($_POST['password_confirm'])) if (empty($_POST['password_confirm']))
{ {
@ -194,6 +195,9 @@ echo "<td>" . $row['usertype'] . "</td>";
</tbody> </tbody>
</table> </table>
<?php else: ?>
<h2 class="content-subhead">NOT AUTHORIZED!</h2>
<?php endif; ?>
<!-- ********** END CONTENT ********** --> <!-- ********** END CONTENT ********** -->
<?php endif; require_once($yaptc_inc . "footer.inc.php"); ?> <?php endif; require_once($yaptc_inc . "footer.inc.php"); ?>