Update user_edit.php

2018-11-08 00:58:16 -07:00 · 2018-11-08 00:58:16 -07:00 · 474f08e100
parent fe98a1939c
commit 474f08e100
1 changed files with 372 additions and 403 deletions
--- a/core/users/user_edit.php
+++ b/core/users/user_edit.php
@ -35,10 +35,8 @@
 	$text = $language->get();

 //get user uuid
-	if (
-		(is_uuid($_REQUEST["id"]) && permission_exists('user_edit')) ||
-		(is_uuid($_REQUEST["id"]) && $_REQUEST["id"] == $_SESSION['user_uuid'])
-		)  {
+	if ((is_uuid($_REQUEST["id"]) && permission_exists('user_edit')) ||
+		(is_uuid($_REQUEST["id"]) && $_REQUEST["id"] == $_SESSION['user_uuid']))  {
 		$user_uuid = check_str($_REQUEST["id"]);
 		$action = 'edit';
 	}
@ -95,7 +93,8 @@
 			return;
 	}

-if (count($_POST) > 0 && $_POST["persistform"] != "1") {
+//prepare the data
+	if (count($_POST) > 0) {

 		//get the HTTP values and set as variables
 			if (permission_exists('user_edit') && $action == 'edit') {
@ -125,8 +124,18 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") {
 				$message_key = check_str($_POST["message_key"]);
 			}

+		//get the password requirements
+			$required['length'] = $_SESSION['user']['password_length']['numeric'];
+			$required['number'] = ($_SESSION['user']['password_number']['boolean'] == 'true') ? true : false;
+			$required['lowercase'] = ($_SESSION['user']['password_lowercase']['boolean'] == 'true') ? true : false;
+			$required['uppercase'] = ($_SESSION['user']['password_uppercase']['boolean'] == 'true') ? true : false;
+			$required['special'] = ($_SESSION['user']['password_special']['boolean'] == 'true') ? true : false;
+
 		//check required values
-		if ($username == '') { $msg_error = $text['message-required'].$text['label-username']; }
+			$msg = '';
+			if ($username == '') {
+				$msg .= $text['message-required'].$text['label-username']."<br>\n";
+			}
 			if (permission_exists('user_edit') && $action == 'edit') {
 				if ($username != $username_old && $username != '') {
 					$sql = "select count(*) as num_rows from v_users where username = '".$username."'";
@ -138,40 +147,58 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") {
 						$prep_statement->execute();
 						$row = $prep_statement->fetch(PDO::FETCH_ASSOC);
 						if (0 < $row['num_rows']) {
-						$msg_error = $text['message-username_exists'];
+							$msg .= $text['message-username_exists']."<br>\n";
 						}
 					}
 					unset($sql);
 				}
 			}
-		if ($password != '' && $password != $password_confirm) { $msg_error = $text['message-password_mismatch']; }
+			if ($password != '' && $password != $password_confirm) {
+				$msg .= $text['message-password_mismatch']."<br>\n";
+			}
 			if (permission_exists('user_add') && $action == 'add') {
-			if ($password == '') { $msg_error = $text['message-password_blank']; }
-			if ($user_email == '') { $msg_error = $text['message-required'].$text['label-email']; }
-			if ($group_uuid_name == '') { $msg_error = $text['message-required'].$text['label-group']; }
+				if ($password == '') {
+					$msg .= $text['message-password_blank']."<br>\n";
+				}
+				if ($user_email == '') {
+					$msg .= $text['message-required'].$text['label-email']."<br>\n";
+				}
+				if ($group_uuid_name == '') {
+					$msg .= $text['message-required'].$text['label-group']."<br>\n";
+				}
 			}

-		if ($msg_error != '') {
-			message::add($msg_error, 'negative');
-			if ($action == 'edit') {
-				header("Location: user_edit.php?id=".$user_uuid);
+			if (strlen($password) > 0) {
+				if (is_numeric($required['length']) && $required['length'] != 0) {
+					if (strlen($password) < $required['length']) {
+						$msg .= $text['message-required'].$text['label-characters']."<br>\n";
+					}
+				}
+				if ($required['number']) {
+					if (!preg_match('/(?=.*[\d])/', $password)) {
+						$msg .= $text['message-required'].$text['label-numbers']."<br>\n";
+					}
+				}
+				if ($required['lowercase']) {
+					if (!preg_match('/(?=.*[a-z])/', $password)) {
+						$msg .= $text['message-required'].$text['label-lowercase_letters']."<br>\n";
+					}
+				}
+				if ($required['uppercase']) {
+					if (!preg_match('/(?=.*[A-Z])/', $password)) {
+						$msg .= $text['message-required'].$text['label-uppercase_letters']."<br>\n";
+					}
+				}
+				if ($required['special']) {
+					if (!preg_match('/(?=.*[\W])/', $password)) {
+						$msg .= $text['message-required'].$text['label-special_characters']."<br>\n";
+					}
 				}
-			else {
-				header("Location: user_edit.php");
 			}
-			exit;
-		}
-
-		if (!check_password_strength($password, $text, 'user')) {
-			if ($action == 'edit') {
-				header("Location: user_edit.php?id=".$user_uuid);
-			}
-			else {
-				header("Location: user_edit.php");
-			}
-			exit;
 	}

+//save the data
+	if (strlen($msg) == 0) {
 		//set initial array indexes
 			$i = $n = $x = $c = 0;

@ -465,18 +492,7 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") {
 						$response = event_socket_request($fp, $cmd);
 					}
 			}
-
-	//redirect the browser
-		message::add($text['message-update']);
-		if ($_REQUEST['action'] == $text['button-add'] || !permission_exists('user_edit')) {
-			header("Location: user_edit.php?id=".$user_uuid);
 	}
-		else {
-			header("Location: users.php");
-		}
-		return;
-
-}

 //pre-populate the form
 	if ($action == 'edit') {
@ -531,6 +547,15 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") {
 	require_once "resources/header.php";
 	$document['title'] = $text['title-user_edit'];

+//show the error message
+	if (isset($msg) && strlen($msg) > 0) {
+		echo "<div align='center'>\n";
+		echo "<table><tr><td>\n";
+		echo $msg."<br />";
+		echo "</td></tr></table>\n";
+		echo "</div>\n";
+	}
+
 //show the content
 	echo "<script>\n";
 	echo "	function compare_passwords() {\n";
@ -558,49 +583,6 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") {
 	echo "		}\n";
 	echo "	}\n";

-	$req['length'] = $_SESSION['user']['password_length']['numeric'];
-	$req['number'] = ($_SESSION['user']['password_number']['boolean'] == 'true') ? true : false;
-	$req['lowercase'] = ($_SESSION['user']['password_lowercase']['boolean'] == 'true') ? true : false;
-	$req['uppercase'] = ($_SESSION['user']['password_uppercase']['boolean'] == 'true') ? true : false;
-	$req['special'] = ($_SESSION['user']['password_special']['boolean'] == 'true') ? true : false;
-
-	echo "	function check_password_strength(pwd) {\n";
-	echo "		if ($('#password').val() != '' || $('#password_confirm').val() != '') {\n";
-	echo "			var msg_errors = [];\n";
-	if (is_numeric($req['length']) && $req['length'] != 0) {
-		echo "		var re = /.{".$req['length'].",}/;\n"; //length
-		echo "		if (!re.test(pwd)) { msg_errors.push('".$req['length']."+ ".$text['label-characters']."'); }\n";
-	}
-	if ($req['number']) {
-		echo "		var re = /(?=.*[\d])/;\n";  //number
-		echo "		if (!re.test(pwd)) { msg_errors.push('1+ ".$text['label-numbers']."'); }\n";
-	}
-	if ($req['lowercase']) {
-		echo "		var re = /(?=.*[a-z])/;\n";  //lowercase
-		echo "		if (!re.test(pwd)) { msg_errors.push('1+ ".$text['label-lowercase_letters']."'); }\n";
-	}
-	if ($req['uppercase']) {
-		echo "		var re = /(?=.*[A-Z])/;\n";  //uppercase
-		echo "		if (!re.test(pwd)) { msg_errors.push('1+ ".$text['label-uppercase_letters']."'); }\n";
-	}
-	if ($req['special']) {
-		echo "		var re = /(?=.*[\W])/;\n";  //special
-		echo "		if (!re.test(pwd)) { msg_errors.push('1+ ".$text['label-special_characters']."'); }\n";
-	}
-	echo "			if (msg_errors.length > 0) {\n";
-	echo "				var msg = '".$text['message-password_requirements'].": ' + msg_errors.join(', ');\n";
-	echo "				display_message(msg, 'negative', '6000');\n";
-	echo "				return false;\n";
-	echo "			}\n";
-	echo "			else {\n";
-	echo "				return true;\n";
-	echo "			}\n";
-	echo "		}\n";
-	echo "		else {\n";
-	echo "			return true;\n";
-	echo "		}\n";
-	echo "	}\n";
-
 	echo "	function show_strength_meter() {\n";
 	echo "		$('#pwstrength_progress').slideDown();\n";
 	echo "	}\n";
@ -616,7 +598,7 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") {
 	if (permission_exists('user_add') || permission_exists('user_edit')) {
 		echo "	<input type='button' class='btn' onclick=\"window.location='users.php'\" value='".$text['button-back']."'>";
 	}
-	echo "	<input type='button' class='btn' value='".$text['button-save']."' onclick=\"document.getElementById('action').value = '".$text['button-save']."'; submit_form();\">";
+	echo "	<input type='submit' class='btn' value='".$text['button-save']."'>";
 	echo "</td>\n";
 	echo "</tr>\n";
 	echo "<tr>\n";
@ -848,17 +830,17 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") {
 		$sql .= "order by domain_uuid desc, group_name asc ";
 		$prep_statement = $db->prepare(check_sql($sql));
 		$prep_statement->execute();
-		$result = $prep_statement->fetchAll(PDO::FETCH_NAMED);
-		$result_count = count($result);
-		if ($result_count > 0) {
+		$groups = $prep_statement->fetchAll(PDO::FETCH_NAMED);
+		if (is_array($groups)) {
 			if (isset($assigned_groups)) { echo "<br />\n"; }
 			echo "<select name='group_uuid_name' class='formfld' style='width: auto; margin-right: 3px;'>\n";
 			echo "	<option value=''></option>\n";
-			foreach($result as $field) {
+			foreach($groups as $field) {
 				if ($field['group_name'] == "superadmin" && !if_group("superadmin")) { continue; }	//only show the superadmin group to other superadmins
 				if ($field['group_name'] == "admin" && (!if_group("superadmin") && !if_group("admin") )) { continue; }	//only show the admin group to other admins
 				if ( !isset($assigned_groups) || (isset($assigned_groups) && !in_array($field["group_uuid"], $assigned_groups)) ) {
-					echo "	<option value='".$field['group_uuid']."|".$field['group_name']."'>".$field['group_name'].(($field['domain_uuid'] != '') ? "@".$_SESSION['domains'][$field['domain_uuid']]['domain_name'] : null)."</option>\n";
+					if ($group_uuid_name == $field['group_uuid']."|".$field['group_name']) { $selected = "selected='selected'"; } else { $selected = ''; }
+					echo "	<option value='".$field['group_uuid']."|".$field['group_name']."' $selected>".$field['group_name'].(($field['domain_uuid'] != '') ? "@".$_SESSION['domains'][$field['domain_uuid']]['domain_name'] : null)."</option>\n";
 				}
 			}
 			echo "</select>";
@ -866,7 +848,7 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") {
 				echo "<input type='button' class='btn' value=\"".$text['button-add']."\" onclick=\"document.getElementById('action').value = '".$text['button-add']."'; submit_form();\">\n";
 			}
 		}
-		unset($sql, $prep_statement, $result);
+		unset($sql, $prep_statement, $groups);

 		echo "		</td>";
 		echo "	</tr>";
@ -944,26 +926,13 @@ if (count($_POST) > 0 && $_POST["persistform"] != "1") {
 		}
 	}
 	echo "			<br>";
-	echo "			<input type='button' class='btn' value='".$text['button-save']."' onclick=\"document.getElementById('action').value = '".$text['button-save']."'; if (check_password_strength(document.getElementById('password').value)) { submit_form(); }\">";
+	echo "			<input type='submit' class='btn' value='".$text['button-save']."'>";
 	echo "		</td>";
 	echo "	</tr>";
 	echo "</table>";
 	echo "<br><br>";
 	echo "</form>";

-	echo "<script>\n";
-	//capture enter key to submit form
-		echo "	$(window).keypress(function(event){\n";
-		echo "		if (event.which == 13) { submit_form(); }\n";
-		echo "	});\n";
-	// convert password fields to text
-		echo "	function submit_form() {\n";
-		echo "		$('input:password').css('visibility','hidden');\n";
-		echo "		$('input:password').attr({type:'text'});\n";
-		echo "		$('form#frm').submit();\n";
-		echo "	}\n";
-	echo "</script>\n";
-
 	if (permission_exists("user_edit") && permission_exists('user_setting_view') && $action == 'edit') {
 		require "user_settings.php";
 	}