diff --git a/template/password-reset-show.php b/template/password-reset-show.php new file mode 100644 index 0000000..d2c37d2 --- /dev/null +++ b/template/password-reset-show.php @@ -0,0 +1,49 @@ +. + +/* + * This is the template for an User + * + * Called from: + * user.php + * + * Available variables: + * $new_password string|null + */ + +// unuseful when load directly +defined( 'BOZ_PHP' ) or die; +?> + +

+ +
+ /> +

+ +

+ + + __( "Login Again" ), + 'url' => + http_build_get_query( + menu_entry( 'login' )->getURL(), [ + 'user_uid' => $user->getUserUID(), + ] + ), + ] ) ?> diff --git a/template/user.php b/template/user.php index 7e118e4..f3f061a 100644 --- a/template/user.php +++ b/template/user.php @@ -1,132 +1,131 @@ . /* * This is the template for an User * * Called from: * user.php * * Available variables: * $user object|null * $new_password string|null * $user_domains object|null (generator) */ // unuseful when load directly defined( 'BOZ_PHP' ) or die; ?>
getUserEmail() ) : '' ?> class="form-control" />
getUserName() ) : '' ?> class="form-control" />
getUserSurname() ) : '' ?> class="form-control" />
getUserUID() ) : '' ?> class="form-control" />
valid() ): ?>

- -
- /> - +
+
+

[ 'actor' => $user, ], ] ) ?>
diff --git a/www/user.php b/www/user.php index eb66119..ad4eed2 100644 --- a/www/user.php +++ b/www/user.php @@ -1,209 +1,224 @@ . /* * This is the single User creation/edit page */ // load framework require '../load.php'; // this page is not public require_permission( 'backend' ); // wanted informations $user = null; // URL paramenters (user_uid) list( $user_uid ) = url_parts( 1, 0 ); // eventually retrieve mailforward from database if( $user_uid ) { $user = ( new UserAPI() ) ->whereUserUID( $user_uid ) ->whereUserIsEditable() ->queryRow(); // 404 if( !$user || !$user->isUserEditable() ) { PageNotFound::spawn(); } } else { // to create an FTP user, must edit all FTP users require_permission( 'edit-user-all' ); } // register save User action if( is_action( 'save-user' ) ) { $email = $_POST['email'] ?? null; $uid = $_POST['uid'] ?? null; $name = $_POST['name'] ?? null; $surname = $_POST['surname'] ?? null; if( $email && $uid && $name && $surname ) { $email = (string) $email; // data to be saved $data = []; $data['user_email'] = $email; $data['user_name'] = $name; $data['user_surname'] = $surname; if( $user ) { // update existing User ( new UserAPI() ) ->whereUser( $user ) ->update( $data ); } else { // insert new User $data['user_uid'] = $uid; $data['user_active'] = 0; // disable login as default $data['user_password'] = '!'; // assign an invalid password $data['user_role'] = 'user'; // assign low privileges $data[] = new DBCol( 'user_registration_date', 'NOW()', '-' ); ( new UserAPI() ) ->insertRow( $data ); } // POST -> redirect -> GET (See Other) http_redirect( User::permalink( $uid ), 303 ); } } // end register Save user action // add a Domain to the user if( is_action( 'add-domain' ) ){ // check for permissions if( !has_permission( 'edit-user-all' ) ) { error_die( "Not authorized to add a Domain" ); } // get the Domain by name $domain_name = $_POST['domain_name'] ?? null; if( !$domain_name ) { die( "Please fill that damn Domain name" ); } // search the Domain name $domain = ( new DomainAPI() ) ->whereDomainName( $domain_name ) ->queryRow(); query( 'START TRANSACTION' ); // domain ID to be assigned to the User $domain_ID = null; // does the Domain already exist? if( $domain ) { $domain_ID = $domain->getDomainID(); } else { // can I add this Domain? if( has_permission( 'edit-domain-all' ) ) { // add this Domain ( new DomainAPI() ) ->insertRow( [ 'domain_name' => $domain_name, 'domain_active' => 1, new DBCol( 'domain_born', 'NOW()', '-' ), ] ); $domain_ID = last_inserted_ID(); } } if( $domain_ID ) { $is_domain_mine = ( new DomainUserAPI() ) ->whereUser( $user ) ->whereDomainID( $domain_ID ) ->queryRow(); // is it already mine? if( !$is_domain_mine ) { // associate this domain to myself ( new DomainUserAPI() ) ->insertRow( [ 'domain_ID' => $domain_ID, 'user_ID' => $user->getUserID(), new DBCol( 'domain_user_creation_date', 'NOW()', '-' ), ] ); } } else { die( "this Domain is not registered and can't be added" ); } query( 'COMMIT' ); } // end add Domain to User // register action to generate a new password $new_password = null; if( is_action( 'change-password' ) && $user ) { // generate a new password and save $new_password = generate_password(); $encrypted = User::encryptPassword( $new_password ); ( new UserAPI() ) ->whereUser( $user ) ->update( [ User::IS_ACTIVE => 1, User::PASSWORD => $encrypted, ] ); - // do not refresh the page + // clean the session to avoid invalid cookie logins + if( $user->isUserMyself() ) { + logout(); + } + + // do not refresh the page or the new password cannot be shown } // expose the User domains $user_domains = []; if( $user ) { // get User domains $user_domains = ( new DomainUserAPI() ) ->joinDomain() ->whereUser( $user ) ->orderByDomainName() ->queryGenerator(); } // spawn header Header::spawn( [ 'uid' => false, 'title-prefix' => __( "User" ), 'title' => $user ? $user->getUserUID() : __( "create" ), ] ); // spawn the page content -template( 'user', [ - 'user' => $user, - 'new_password' => $new_password, - 'user_domains' => $user_domains, -] ); +if( $new_password ) { + + template( 'password-reset-show', [ + 'user' => $user, + 'new_password' => $new_password, + ] ); + +} else { + + template( 'user', [ + 'user' => $user, + 'user_domains' => $user_domains, + ] ); + +} // spawn the footer Footer::spawn();