only log if api key was reset on purpose

main
Felix Favre 10 years ago
parent d2e59e8f86
commit 807e420883

@ -5,13 +5,13 @@
*/ */
function users_controller() { function users_controller() {
global $privileges, $user; global $privileges, $user;
if (! isset($user)) if (! isset($user))
redirect(page_link_to('')); redirect(page_link_to(''));
if (! isset($_REQUEST['action'])) if (! isset($_REQUEST['action']))
$_REQUEST['action'] = 'list'; $_REQUEST['action'] = 'list';
switch ($_REQUEST['action']) { switch ($_REQUEST['action']) {
default: default:
case 'list': case 'list':
@ -27,33 +27,33 @@ function users_controller() {
function user_controller() { function user_controller() {
global $privileges, $user; global $privileges, $user;
if (isset($_REQUEST['user_id'])) { if (isset($_REQUEST['user_id'])) {
$user_source = User($_REQUEST['user_id']); $user_source = User($_REQUEST['user_id']);
} else } else
$user_source = $user; $user_source = $user;
$admin_user_privilege = in_array('admin_user', $privileges); $admin_user_privilege = in_array('admin_user', $privileges);
$shifts = Shifts_by_user($user_source); $shifts = Shifts_by_user($user_source);
foreach ($shifts as &$shift) { foreach ($shifts as &$shift) {
$shift['needed_angeltypes'] = sql_select("SELECT DISTINCT `AngelTypes`.* FROM `ShiftEntry` JOIN `AngelTypes` ON `ShiftEntry`.`TID`=`AngelTypes`.`id` WHERE `ShiftEntry`.`SID`=" . sql_escape($shift['SID']) . " ORDER BY `AngelTypes`.`name`"); $shift['needed_angeltypes'] = sql_select("SELECT DISTINCT `AngelTypes`.* FROM `ShiftEntry` JOIN `AngelTypes` ON `ShiftEntry`.`TID`=`AngelTypes`.`id` WHERE `ShiftEntry`.`SID`=" . sql_escape($shift['SID']) . " ORDER BY `AngelTypes`.`name`");
foreach ($shift['needed_angeltypes'] as &$needed_angeltype) { foreach ($shift['needed_angeltypes'] as &$needed_angeltype) {
$needed_angeltype['users'] = sql_select(" $needed_angeltype['users'] = sql_select("
SELECT `ShiftEntry`.`freeloaded`, `User`.* SELECT `ShiftEntry`.`freeloaded`, `User`.*
FROM `ShiftEntry` FROM `ShiftEntry`
JOIN `User` ON `ShiftEntry`.`UID`=`User`.`UID` JOIN `User` ON `ShiftEntry`.`UID`=`User`.`UID`
WHERE `ShiftEntry`.`SID`=" . sql_escape($shift['SID']) . " WHERE `ShiftEntry`.`SID`=" . sql_escape($shift['SID']) . "
AND `ShiftEntry`.`TID`=" . sql_escape($needed_angeltype['id'])); AND `ShiftEntry`.`TID`=" . sql_escape($needed_angeltype['id']));
} }
} }
if ($user_source['api_key'] == "") if ($user_source['api_key'] == "")
User_reset_api_key($user_source); User_reset_api_key($user_source, false);
return array( return array(
$user_source['Nick'], $user_source['Nick'],
User_view($user_source, $admin_user_privilege, User_is_freeloader($user_source), User_angeltypes($user_source), User_groups($user_source), $shifts, $user['UID'] == $user_source['UID']) User_view($user_source, $admin_user_privilege, User_is_freeloader($user_source), User_angeltypes($user_source), User_groups($user_source), $shifts, $user['UID'] == $user_source['UID'])
); );
} }
@ -62,24 +62,24 @@ function user_controller() {
*/ */
function users_list_controller() { function users_list_controller() {
global $privileges; global $privileges;
if (! in_array('admin_user', $privileges)) if (! in_array('admin_user', $privileges))
redirect(page_link_to('')); redirect(page_link_to(''));
$order_by = 'Nick'; $order_by = 'Nick';
if (isset($_REQUEST['OrderBy']) && in_array($_REQUEST['OrderBy'], User_sortable_columns())) if (isset($_REQUEST['OrderBy']) && in_array($_REQUEST['OrderBy'], User_sortable_columns()))
$order_by = $_REQUEST['OrderBy']; $order_by = $_REQUEST['OrderBy'];
$users = Users($order_by); $users = Users($order_by);
if ($users === false) if ($users === false)
engelsystem_error('Unable to load users.'); engelsystem_error('Unable to load users.');
foreach ($users as &$user) foreach ($users as &$user)
$user['freeloads'] = count(ShiftEntries_freeloaded_by_user($user)); $user['freeloads'] = count(ShiftEntries_freeloaded_by_user($user));
return array( return array(
_('All users'), _('All users'),
Users_view($users, $order_by, User_arrived_count(), User_active_count(), User_force_active_count(), ShiftEntries_freeleaded_count(), User_tshirts_count()) Users_view($users, $order_by, User_arrived_count(), User_active_count(), User_force_active_count(), ShiftEntries_freeleaded_count(), User_tshirts_count())
); );
} }
@ -96,10 +96,10 @@ function user_password_recovery_controller() {
error(_("Token is not correct.")); error(_("Token is not correct."));
redirect(page_link_to('login')); redirect(page_link_to('login'));
} }
if (isset($_REQUEST['submit'])) { if (isset($_REQUEST['submit'])) {
$ok = true; $ok = true;
if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) { if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) {
if ($_REQUEST['password'] != $_REQUEST['password2']) { if ($_REQUEST['password'] != $_REQUEST['password2']) {
$ok = false; $ok = false;
@ -109,22 +109,22 @@ function user_password_recovery_controller() {
$ok = false; $ok = false;
error(_("Your password is to short (please use at least 6 characters).")); error(_("Your password is to short (please use at least 6 characters)."));
} }
if ($ok) { if ($ok) {
$result = set_password($user_source['UID'], $_REQUEST['password']); $result = set_password($user_source['UID'], $_REQUEST['password']);
if ($result === false) if ($result === false)
engelsystem_error(_("Password could not be updated.")); engelsystem_error(_("Password could not be updated."));
success(_("Password saved.")); success(_("Password saved."));
redirect(page_link_to('login')); redirect(page_link_to('login'));
} }
} }
return User_password_set_view(); return User_password_set_view();
} else { } else {
if (isset($_REQUEST['submit'])) { if (isset($_REQUEST['submit'])) {
$ok = true; $ok = true;
if (isset($_REQUEST['email']) && strlen(strip_request_item('email')) > 0) { if (isset($_REQUEST['email']) && strlen(strip_request_item('email')) > 0) {
$email = strip_request_item('email'); $email = strip_request_item('email');
if (check_email($email)) { if (check_email($email)) {
@ -143,7 +143,7 @@ function user_password_recovery_controller() {
$ok = false; $ok = false;
error(_("Please enter your e-mail.")); error(_("Please enter your e-mail."));
} }
if ($ok) { if ($ok) {
$token = User_generate_password_recovery_token($user_source); $token = User_generate_password_recovery_token($user_source);
if ($token === false) if ($token === false)
@ -151,12 +151,12 @@ function user_password_recovery_controller() {
$result = engelsystem_email_to_user($user_source, _("Password recovery"), sprintf(_("Please visit %s to recover your password."), page_link_to_absolute('user_password_recovery') . '&token=' . $token)); $result = engelsystem_email_to_user($user_source, _("Password recovery"), sprintf(_("Please visit %s to recover your password."), page_link_to_absolute('user_password_recovery') . '&token=' . $token));
if ($result === false) if ($result === false)
engelsystem_error("Unable to send password recovery email."); engelsystem_error("Unable to send password recovery email.");
success(_("We sent an email containing your password recovery link.")); success(_("We sent an email containing your password recovery link."));
redirect(page_link_to('login')); redirect(page_link_to('login'));
} }
} }
return User_password_recovery_view(); return User_password_recovery_view();
} }
} }
@ -168,4 +168,4 @@ function user_password_recovery_title() {
return _("Password recovery"); return _("Password recovery");
} }
?> ?>

@ -191,12 +191,13 @@ function User_by_password_recovery_token($token) {
* *
* @param User $user * @param User $user
*/ */
function User_reset_api_key(&$user) { function User_reset_api_key(&$user, $log = true) {
$user['api_key'] = md5($user['Nick'] . time() . rand()); $user['api_key'] = md5($user['Nick'] . time() . rand());
$result = sql_query("UPDATE `User` SET `api_key`='" . sql_escape($user['api_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1"); $result = sql_query("UPDATE `User` SET `api_key`='" . sql_escape($user['api_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1");
if ($result === false) if ($result === false)
return false; return false;
engelsystem_log(sprintf("API key resetted (%s).",User_Nick_render($user))); if ($log)
engelsystem_log(sprintf("API key resetted (%s).",User_Nick_render($user)));
} }
/** /**

@ -749,7 +749,7 @@ function view_user_shifts() {
} }
if ($user['api_key'] == "") if ($user['api_key'] == "")
User_reset_api_key($user); User_reset_api_key($user, false);
return page(array( return page(array(
'<div class="col-md-12">', '<div class="col-md-12">',

Loading…
Cancel
Save