Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fixed issue #14771: users email address could only be changed if he a…
…lso enters current password
  • Loading branch information
Trischi80 authored and olleharstedt committed May 6, 2021
1 parent 2e20711 commit 3171d76
Show file tree
Hide file tree
Showing 2 changed files with 42 additions and 26 deletions.
43 changes: 28 additions & 15 deletions application/controllers/admin/useraction.php
Expand Up @@ -619,13 +619,7 @@ public function personalsettings()
// Save Data
if (Yii::app()->request->getPost("action")) {
$oUserModel = User::model()->findByPk(Yii::app()->session['loginID']);
$oUserModel->lang = Yii::app()->request->getPost('lang');
$oUserModel->dateformat = Yii::app()->request->getPost('dateformat');
$oUserModel->htmleditormode = Yii::app()->request->getPost('htmleditormode');
$oUserModel->questionselectormode = Yii::app()->request->getPost('questionselectormode');
$oUserModel->templateeditormode = Yii::app()->request->getPost('templateeditormode');
$oUserModel->full_name = Yii::app()->request->getPost('fullname');
$oUserModel->email = Yii::app()->request->getPost('email');
$uresult = true;

if (Yii::app()->request->getPost('newpasswordshown') == "1") {
if (Yii::app()->getConfig('demoMode')) {
Expand All @@ -634,21 +628,40 @@ public function personalsettings()
}

$oldPassword = Yii::app()->request->getPost('oldpassword');

$newPassword = Yii::app()->request->getPost('password');
$repeatPassword = Yii::app()->request->getPost('repeatpassword');
$oUserModel->email = Yii::app()->request->getPost('email');

$error = $oUserModel->validateNewPassword($newPassword, $oldPassword, $repeatPassword);

if ($error !== '') {
Yii::app()->setFlashMessage(gT($error), 'error');
$this->getController()->redirect(array("admin/user/sa/personalsettings"));
//if only email should be changed, then just check the current password
$currentPasswordOk = $oUserModel->checkPassword($oldPassword);
if ($currentPasswordOk) {
$uresult = $oUserModel->save();
} else {
// We can update
$oUserModel->setPassword($newPassword);
Yii::app()->setFlashMessage(gT('The current password you entered is wrong!'), 'error');
$this->getController()->redirect(array("admin/user/sa/personalsettings"));
}

if ($newPassword !== '' && $repeatPassword!=='') {
$error = $oUserModel->validateNewPassword($newPassword, $oldPassword, $repeatPassword);

if ($error !== '') {
Yii::app()->setFlashMessage(gT($error), 'error');
$this->getController()->redirect(array("admin/user/sa/personalsettings"));
} else {
// We can update
$oUserModel->setPassword($newPassword);
}
}
}

$uresult = $oUserModel->save();
$oUserModel->lang = Yii::app()->request->getPost('lang');
$oUserModel->dateformat = Yii::app()->request->getPost('dateformat');
$oUserModel->htmleditormode = Yii::app()->request->getPost('htmleditormode');
$oUserModel->questionselectormode = Yii::app()->request->getPost('questionselectormode');
$oUserModel->templateeditormode = Yii::app()->request->getPost('templateeditormode');
$oUserModel->full_name = Yii::app()->request->getPost('fullname');
$uresult = $uresult && $oUserModel->save();
if ($uresult) {
if (Yii::app()->request->getPost('lang') == 'auto') {
$sLanguage = getBrowserLanguage();
Expand Down
25 changes: 14 additions & 11 deletions application/views/admin/user/personalsettings.php
Expand Up @@ -103,14 +103,6 @@
<hr/>
</div>
<div class="row">
<div class="col-sm-12 col-md-6">
<div class="form-group">
<?php echo TbHtml::label(gT("Email:"), 'lang', array('class'=>" control-label")); ?>
<div class="">
<?php echo TbHtml::emailField('email', $sEmailAdress,array('class'=>'form-control','maxlength'=>254)); ?>
</div>
</div>
</div>
<div class="col-sm-12 col-md-6">
<div class="form-group">
<?php echo TbHtml::label(gT("Full name:"), 'lang', array('class'=>" control-label")); ?>
Expand All @@ -125,9 +117,9 @@
</div>
<div class="row">
<div class="col-md-3">
<button class="btn btn-default btn-warning" id="selector__showChangePassword" style="color: white; outline: none;">
<button class="btn btn-default btn-warning " id="selector__showChangePassword" style="color: white; outline: none;">
<i class="fa fa-lock"></i>
<?=gT("Change password")?>
<?=gT("Change password and/or Email")?>
</button>

<br/>
Expand All @@ -137,7 +129,10 @@
<input type="hidden" id="newpasswordshown" name="newpasswordshown" value="0" />
<div class="col-md-6">
<div class="form-group">
<?php echo TbHtml::label(gT("Current password:"), 'lang', array('class'=>"control-label")); ?>
<label for="oldpassword" class="control-label">
<?php echo gT("Current password:"); ?>
<span class="required">*</span>
</label>
<div class="">
<?php echo TbHtml::passwordField('oldpassword', '',array('disabled'=>true, 'class'=>'form-control','autocomplete'=>"off",'placeholder'=>html_entity_decode(str_repeat("&#9679;",10),ENT_COMPAT,'utf-8'))); ?>
</div>
Expand All @@ -164,6 +159,14 @@
</div>
</div>
</div>
<div class="col-sm-12 col-md-6">
<div class="form-group">
<?php echo TbHtml::label(gT("Email:"), 'lang', array('class'=>" control-label")); ?>
<div class="">
<?php echo TbHtml::emailField('email', $sEmailAdress,array('class'=>'form-control','maxlength'=>254)); ?>
</div>
</div>
</div>
</div>
</div>
</div>
Expand Down

0 comments on commit 3171d76

Please sign in to comment.