Skip to content

Commit

Permalink
Implementation of New User Statuses Locked and New Password
Browse files Browse the repository at this point in the history 
For issue #757
Need to finish New Email status and add config option to require all accounts to have email addresses.
  • Loading branch information
@eSilverStrike
eSilverStrike committed Dec 21, 2017
1 parent dde7fdb commit d72439f
Show file tree
Hide file tree
Showing 10 changed files with 156 additions and 33 deletions.
12 changes: 8 additions & 4 deletions language/english.php
View file
Expand Up @@ -448,7 +448,8 @@
'tfa_backup_code' => 'Backup Codes',
'tfa_download' => 'Download Backup Codes',
'tfa_new_backup_code' => 'Generate a new set of backup codes',
'tfa_generate_confirm' => 'Go ahead?'
'tfa_generate_confirm' => 'Go ahead?',
'desc_new_pwd_status' => 'You are required to enter a new password for your account. You can enter a new password for your account below. <em>Please note you will not be able to do anything with your account until your password is updated.</em>'
);

###############################################################################
Expand Down Expand Up @@ -1178,7 +1179,10 @@
89 => 'Check to make this a default group for new users',
90 => 'Apply "Default Group" change to existing user accounts',
91 => 'Send password to user',
'autotag_desc_user' => '[user: name alternate title] - Displays a link to a User using the Username as the title. An alternate title may be specified but is not required.'
'autotag_desc_user' => '[user: name alternate title] - Displays a link to a User using the Username as the title. An alternate title may be specified but is not required.',
'USER_ACCOUNT_LOCKED' => 'Locked',
'USER_ACCOUNT_NEW_EMAIL' => 'New Email Required',
'USER_ACCOUNT_NEW_PASSWORD' => 'New Password Required'
);

###############################################################################
Expand Down Expand Up @@ -1458,7 +1462,7 @@
14 => 'The topic and all its articles and blocks have been successfully deleted.',
15 => 'Your comment has been submitted for review and will be published when approved by a moderator.',
16 => 'You have been unsubscribed. You will no longer be notified of new replies.',
17 => '',
17 => 'Your user account has been locked and access to it has been disabled. For more information please contact the Admin.',
18 => '',
19 => '',
20 => '',
Expand Down Expand Up @@ -1488,7 +1492,7 @@
44 => 'The plugin was successfully installed!',
45 => 'The plugin was successfully deleted.',
46 => '',
47 => '',
47 => 'Sorry you cannot currently request the password for your account. For more information please contact the Admin.',
48 => "Thank you for applying for a membership with {$_CONF['site_name']}. Our team will review your application. If approved, your password will be emailed to you at the email address you just entered.",
49 => 'Your group has been successfully saved.',
50 => 'The group has been successfully deleted.',
Expand Down
14 changes: 9 additions & 5 deletions language/english_utf-8.php
View file
Expand Up @@ -448,7 +448,8 @@
'tfa_backup_code' => 'Backup Codes',
'tfa_download' => 'Download Backup Codes',
'tfa_new_backup_code' => 'Generate a new set of backup codes',
'tfa_generate_confirm' => 'Go ahead?'
'tfa_generate_confirm' => 'Go ahead?',
'desc_new_pwd_status' => 'You are required to enter a new password for your account. You can enter a new password for your account below. <em>Please note you will not be able to do anything with your account until your password is updated.</em>'
);

###############################################################################
Expand Down Expand Up @@ -1178,7 +1179,10 @@
89 => 'Check to make this a default group for new users',
90 => 'Apply "Default Group" change to existing user accounts',
91 => 'Send password to user',
'autotag_desc_user' => '[user: name alternate title] - Displays a link to a User using the Username as the title. An alternate title may be specified but is not required.'
'autotag_desc_user' => '[user: name alternate title] - Displays a link to a User using the Username as the title. An alternate title may be specified but is not required.',
'USER_ACCOUNT_LOCKED' => 'Locked',
'USER_ACCOUNT_NEW_EMAIL' => 'New Email Required',
'USER_ACCOUNT_NEW_PASSWORD' => 'New Password Required'
);

###############################################################################
Expand Down Expand Up @@ -1459,7 +1463,7 @@
14 => 'The topic and all its articles and blocks have been successfully deleted.',
15 => 'Your comment has been submitted for review and will be published when approved by a moderator.',
16 => 'You have been unsubscribed. You will no longer be notified of new replies.',
17 => '',
17 => 'Your user account has been locked and access to it has been disabled. For more information please contact the Admin.',
18 => '',
19 => '',
20 => '',
Expand All @@ -1471,7 +1475,7 @@
26 => '',
27 => 'Message successfully sent.',
28 => 'The plugin has been successfully saved',
29 => 'Sorry, you do not have access to this administration page. Please note that all attempts to access unauthorized features are logged',
29 => 'Sorry, you do not have access to this administration page. Please note that all attempts to access unauthorized features are logged.',
30 => 'Access Denied',
31 => '',
32 => '',
Expand All @@ -1489,7 +1493,7 @@
44 => 'The plugin was successfully installed!',
45 => 'The plugin was successfully deleted.',
46 => '',
47 => '',
47 => 'Sorry you cannot currently request the password for your account. For more information please contact the Admin.',
48 => "Thank you for applying for a membership with {$_CONF['site_name']}. Our team will review your application. If approved, your password will be emailed to you at the email address you just entered.",
49 => 'Your group has been successfully saved.',
50 => 'The group has been successfully deleted.',
Expand Down
12 changes: 8 additions & 4 deletions language/japanese_utf-8.php
View file
Expand Up @@ -456,7 +456,8 @@
'tfa_backup_code' => 'バックアップコード',
'tfa_download' => 'バックアップコードをダウンロード',
'tfa_new_backup_code' => 'バックアップコードを生成し直す',
'tfa_generate_confirm' => '実行してもよいですか?'
'tfa_generate_confirm' => '実行してもよいですか?',
'desc_new_pwd_status' => 'You are required to enter a new password for your account. You can enter a new password for your account below. <em>Please note you will not be able to do anything with your account until your password is updated.</em>'
);

###############################################################################
Expand Down Expand Up @@ -1182,7 +1183,10 @@
89 => '新規登録ユーザーのデフォルトグループをチェック',
90 => '登録済みユーザーアカウントにデフォルトグループを追加する',
91 => 'パスワードをメールで送信する',
'autotag_desc_user' => '[user: name alternate title] - ユーザー名をタイトルとしてユーザーへのリンクを表示します。別のタイトルを指定できますが、必須ではありません。'
'autotag_desc_user' => '[user: name alternate title] - ユーザー名をタイトルとしてユーザーへのリンクを表示します。別のタイトルを指定できますが、必須ではありません。',
'USER_ACCOUNT_LOCKED' => 'Locked',
'USER_ACCOUNT_NEW_EMAIL' => 'New Email Required',
'USER_ACCOUNT_NEW_PASSWORD' => 'New Password Required'
);

###############################################################################
Expand Down Expand Up @@ -1460,7 +1464,7 @@
14 => '話題とその話題に属するすべての記事とブロックを削除しました',
15 => 'あなたのコメントは投稿済みです。管理者の承認後に公開されます。',
16 => 'あなたは登録を解除しました。今後、新たな通知を受けることはありません。',
17 => '',
17 => 'Your user account has been locked and access to it has been disabled. For more information please contact the Admin.',
18 => '',
19 => '',
20 => '',
Expand Down Expand Up @@ -1490,7 +1494,7 @@
44 => 'プラグインをインストールしました!',
45 => 'プラグインを削除しました。',
46 => '',
47 => '',
47 => 'Sorry you cannot currently request the password for your account. For more information please contact the Admin.',
48 => "{$_CONF['site_name']}にご登録ありがとうございます。管理者の間で審査します。登録を承認すると、あなたの入力したメールアドレスにパスワードを送信します。",
49 => 'グループを保存しました。',
50 => 'グループを削除しました。',
Expand Down
23 changes: 18 additions & 5 deletions public_html/admin/user.php
View file
Expand Up @@ -291,23 +291,29 @@ function edituser($uid = 0, $msg = 0)
USER_ACCOUNT_ACTIVE => $LANG28[45],
);

$allow_ban = true;

$allow_other_statuses = true;
// do not allow to ban yourself or forcing new email or password
if (!empty($uid)) {
if ($A['uid'] == $_USER['uid']) {
$allow_ban = false; // do not allow to ban yourself
$allow_other_statuses = false; // do not allow to ban yourself or forcing new email or password
} elseif (SEC_inGroup('Root', $A['uid'])) { // editing a Root user?
$count_root_sql = "SELECT COUNT(ug_uid) AS root_count FROM {$_TABLES['group_assignments']} WHERE ug_main_grp_id = 1 GROUP BY ug_uid;";
$count_root_result = DB_query($count_root_sql);
$C = DB_fetchArray($count_root_result); // how many are left?
if ($C['root_count'] < 2) {
$allow_ban = false; // prevent banning the last root user
$allow_other_statuses = false; // prevent banning the last root user
}
}
}

if ($allow_ban) {
if ($allow_other_statuses) {
$statusarray[USER_ACCOUNT_DISABLED] = $LANG28[42];
$statusarray[USER_ACCOUNT_LOCKED] = $LANG28['USER_ACCOUNT_LOCKED'];
$statusarray[USER_ACCOUNT_NEW_EMAIL] = $LANG28['USER_ACCOUNT_NEW_EMAIL'];
// Only for non remote accounts
if (empty($A['remoteservice'])) {
$statusarray[USER_ACCOUNT_NEW_PASSWORD] = $LANG28['USER_ACCOUNT_NEW_PASSWORD'];
}
}

if (($_CONF['usersubmission'] == 1) && !empty($uid)) {
Expand Down Expand Up @@ -550,6 +556,11 @@ function saveusers($uid, $username, $fullname, $passwd, $passwd_conf, $email, $r
if (!empty($service)) {
$passwd = '';
$passwd_conf = '';

// Make sure User Status is not some how USER_ACCOUNT_NEW_PASSWORD for remote users
if ($userstatus == USER_ACCOUNT_NEW_PASSWORD) {
$userstatus = USER_ACCOUNT_ACTIVE;
}
}

$passwd_changed = true;
Expand Down Expand Up @@ -697,6 +708,7 @@ function saveusers($uid, $username, $fullname, $passwd, $passwd_conf, $email, $r
$username = GLText::remove4byteUtf8Chars($username);
$username = DB_escapeString($username);
$curphoto = DB_escapeString($curphoto);

DB_query("UPDATE {$_TABLES['users']} SET username = '$username', fullname = '$fullname', email = '$email', homepage = '$homepage', sig = '$signature', photo = '$curphoto', status='$userstatus' WHERE uid = $uid");
DB_query("UPDATE {$_TABLES['userinfo']} SET pgpkey='$pgpkey',about='$about',location='$location' WHERE uid=$uid");
if ($passwd_changed && !empty($passwd)) {
Expand All @@ -710,6 +722,7 @@ function saveusers($uid, $username, $fullname, $passwd, $passwd_conf, $email, $r
) {
USER_createAndSendPassword($username, $email, $uid);
}

if ($userstatus == USER_ACCOUNT_DISABLED) {
SESS_endUserSession($uid);
}
Expand Down
2 changes: 1 addition & 1 deletion public_html/layout/denim/users/newpassword.thtml
View file
Expand Up @@ -20,7 +20,7 @@
{captcha}

<div class="submit">
<input type="hidden" name="mode" value="setnewpwd"{xhtml}>
<input type="hidden" name="mode" value="{mode}"{xhtml}>
<input type="hidden" name="uid" value="{user_id}"{xhtml}>
<input type="hidden" name="rid" value="{request_id}"{xhtml}>
<button type="submit" value="{lang_setnewpwd}" class="uk-button uk-button-primary">{lang_setnewpwd}</button>
Expand Down
2 changes: 1 addition & 1 deletion public_html/layout/modern_curve/users/newpassword.thtml
View file
Expand Up @@ -21,7 +21,7 @@

<ul class="submit">
<li>
<input type="hidden" name="mode" value="setnewpwd"{xhtml}>
<input type="hidden" name="mode" value="{mode}"{xhtml}>
<input type="hidden" name="uid" value="{user_id}"{xhtml}>
<input type="hidden" name="rid" value="{request_id}"{xhtml}>
<input type="submit" value="{lang_setnewpwd}" class="submit"{xhtml}>
Expand Down
31 changes: 30 additions & 1 deletion public_html/lib-common.php
View file
Expand Up @@ -3464,7 +3464,36 @@ function COM_formatEmailAddress($name, $address)
*/
function COM_mail($to, $subject, $message, $from = '', $html = false, $priority = 0, $optional = null, array $attachments = array())
{
return Geeklog\Mail::send($to, $subject, $message, $from, $html, $priority, $optional, $attachments);
global $_TABLES;

// Need to check email address to ensure they are not from accounts that have a status of locked or new email. If so we need to remove them so no email sent
// Email addresses without accounts are not affected
if (is_array($to)) {
foreach($to as $key => $value) {
$email = $key;
// If no status exists then assume no user account and email is being sent to someone else (which is fine and should be sent)
$status = DB_getItem($_TABLES['users'], 'status', "email = '$email'");
if ($status == USER_ACCOUNT_DISABLED || $status == USER_ACCOUNT_LOCKED || $status = USER_ACCOUNT_NEW_EMAIL) {
unset($array[$key]);
}
}
if (count($to) > 0) {
return Geeklog\Mail::send($to, $subject, $message, $from, $html, $priority, $optional, $attachments);
} else {
return false;
}
} else {
$email = $to;
// If no status exists then assume no user account and email is being sent to someone else (which is fine and should be sent)
$status = DB_getItem($_TABLES['users'], 'status', "email = '$email'");

if ($status != USER_ACCOUNT_DISABLED && $status != USER_ACCOUNT_LOCKED && $status != USER_ACCOUNT_NEW_EMAIL) {
return Geeklog\Mail::send($to, $subject, $message, $from, $html, $priority, $optional, $attachments);
} else {
return false;
}

}
}

/**
Expand Down
54 changes: 46 additions & 8 deletions public_html/users.php
View file
Expand Up @@ -112,6 +112,9 @@ function USER_requestPassword($username)
$A = DB_fetchArray($result);
if (($_CONF['usersubmission'] == 1) && ($A['status'] == USER_ACCOUNT_AWAITING_APPROVAL)) {
COM_redirect($_CONF['site_url'] . '/index.php?msg=48');
} elseif (($_CONF['usersubmission'] == 0) && ($A['status'] != USER_ACCOUNT_ACTIVE || $A['status'] != USER_ACCOUNT_AWAITING_APPROVAL)) {
// Don't send password for these accounts with statuses of Locked, Disabled, New Email, New Password
COM_redirect($_CONF['site_url'] . '/index.php?msg=47');
}
$reqid = substr(md5(uniqid(rand(), 1)), 1, 16);
DB_change($_TABLES['users'], 'pwrequestid', "$reqid",
Expand Down Expand Up @@ -153,7 +156,7 @@ function USER_requestPassword($username)
* @param string $requestId request id for password change
* @return string new password form
*/
function USER_newPasswordForm($uid, $requestId)
function USER_newPasswordForm($uid, $requestId = "")
{
global $_CONF, $_TABLES, $LANG04;

Expand All @@ -162,9 +165,16 @@ function USER_newPasswordForm($uid, $requestId)

$passwordForm->set_var('user_id', $uid);
$passwordForm->set_var('user_name', DB_getItem($_TABLES['users'], 'username', "uid = '{$uid}'"));
$passwordForm->set_var('request_id', $requestId);

$passwordForm->set_var('lang_explain', $LANG04[90]);
if (!empty($requestId)) {
// Used for form if User requests to set a new password
$passwordForm->set_var('request_id', $requestId);
$passwordForm->set_var('lang_explain', $LANG04[90]);
$passwordForm->set_var('mode', 'setnewpwd');
} else {
// Used for form if User status is set to require a new password on next login
$passwordForm->set_var('lang_explain', $LANG04['desc_new_pwd_status']);
$passwordForm->set_var('mode', 'setnewpwdstatus');
}
$passwordForm->set_var('lang_username', $LANG04[2]);
$passwordForm->set_var('lang_newpassword', $LANG04[4]);
$passwordForm->set_var('lang_newpassword_conf', $LANG04[108]);
Expand Down Expand Up @@ -998,7 +1008,7 @@ function USER_tryTwoFactorAuth()
);
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG12[26]));
} else {
$userName = Geeklog\Input::fPost('username');
$username = Geeklog\Input::fPost('username');
$email = Geeklog\Input::fPost('email');
if (empty($username) && !empty($email)) {
$username = DB_getItem($_TABLES['users'], 'username',
Expand All @@ -1012,6 +1022,33 @@ function USER_tryTwoFactorAuth()
}
break;

case 'newpwdstatus':
if (!empty($_USER['uid']) && ($_USER['uid'] > 1) && ($_USER['status'] == USER_ACCOUNT_NEW_PASSWORD)) {
$display .= USER_newPasswordForm($_USER['uid']);
$display = COM_createHTMLDocument($display, array('pagetitle' => $LANG04[92]));
} else {
// this request doesn't make sense - ignore it
COM_redirect($_CONF['site_url'] . '/index.php');
}
break;

case 'setnewpwdstatus':
if (!empty($_USER['uid']) && ($_USER['uid'] > 1) && ($_USER['status'] == USER_ACCOUNT_NEW_PASSWORD)) {
if ((empty($_POST['passwd'])) || ($_POST['passwd'] != $_POST['passwd_conf'])) {
COM_redirect($_CONF['site_url'] . '/users.php?mode=newpwdstatus');
} else {
SEC_updateUserPassword(Geeklog\Input::post('passwd'), $_USER['uid']);
DB_change($_TABLES['users'], 'status', USER_ACCOUNT_ACTIVE, 'uid', $uid);
DB_delete($_TABLES['sessions'], 'uid', $_USER['uid']);
COM_redirect($_CONF['site_url'] . '/users.php?msg=53');
}
} else {
// this request doesn't make sense - ignore it
COM_redirect($_CONF['site_url'] . '/index.php');
}

break;

case 'new':
if ($_CONF['disable_new_user_registration']) {
$display .= COM_showMessageText($LANG04[122], $LANG04[22]);
Expand All @@ -1031,7 +1068,6 @@ function USER_tryTwoFactorAuth()
case 'twofactorauth':
$display = USER_tryTwoFactorAuth();
break;

case 'tokenexpired':
// deliberate fallthrough (see below)
default:
Expand Down Expand Up @@ -1167,7 +1203,7 @@ function USER_tryTwoFactorAuth()
$status = -2; // User just visited login page no error. -1 = error
}

if ($status == USER_ACCOUNT_ACTIVE) { // logged in AOK.
if ($status == USER_ACCOUNT_ACTIVE OR $status == USER_ACCOUNT_NEW_EMAIL OR $status == USER_ACCOUNT_NEW_PASSWORD) { // logged in AOK.
if ($mode === 'tokenexpired') {
USER_resendRequest(); // won't come back
}
Expand All @@ -1180,8 +1216,10 @@ function USER_tryTwoFactorAuth()
$content = USER_getTwoFactorAuthForm();
$display = COM_createHTMLDocument($content, array());
} else {
USER_doLogin();
USER_doLogin(); // Never return
}
}elseif ($status == USER_ACCOUNT_LOCKED) {
COM_redirect($_CONF['site_url'] . '/index.php?msg=17');
} else {
$display = USER_loginFailed($loginname, $passwd, $service, $mode, $status);
}
Expand Down

0 comments on commit d72439f

Please sign in to comment.