Merge pull request #2 from dignajar/master

New pull request
bludit · Nov 9, 2015 · 1052acc · 1052acc
2 parents 6007467 + 6a7dbae
commit 1052acc
Show file tree

Hide file tree

Showing 19 changed files with 442 additions and 89 deletions.
diff --git a/admin/controllers/add-user.php b/admin/controllers/add-user.php
@@ -18,30 +18,44 @@ function addUser($args)
 	global $dbUsers;
 	global $Language;
 
-	// Check if the username already exist in db.
-	if( Text::isEmpty($args['username']) )
+	// Check empty username
+	if( Text::isEmpty($args['new_username']) )
 	{
-		Alert::set($Language->g('username-field-is-empty'));
+		Alert::set($Language->g('username-field-is-empty'), ALERT_STATUS_FAIL);
 		return false;
 	}
 
-	if( $dbUsers->userExists($args['username']) )
+	// Check already exist username
+	if( $dbUsers->userExists($args['new_username']) )
 	{
-		Alert::set($Language->g('username-already-exists'));
+		Alert::set($Language->g('username-already-exists'), ALERT_STATUS_FAIL);
 		return false;
 	}
 
-	// Validate password.
-	if( ($args['password'] != $args['confirm-password'] ) || Text::isEmpty($args['password']) )
+	// Password length
+	if( strlen($args['new_password']) < 6 )
 	{
-		Alert::set($Language->g('The password and confirmation password do not match'));
+		Alert::set($Language->g('Password must be at least 6 characters long'), ALERT_STATUS_FAIL);
 		return false;
 	}
 
-	// Add the user.
-	if( $dbUsers->add($args) )
+	// Check new password and confirm password are equal
+	if( $args['new_password'] != $args['confirm_password'] )
 	{
-		Alert::set($Language->g('user-has-been-added-successfully'));
+		Alert::set($Language->g('The password and confirmation password do not match'), ALERT_STATUS_FAIL);
+		return false;
+	}
+
+	// Filter form fields
+	$tmp = array();
+	$tmp['username'] = $args['new_username'];
+	$tmp['password'] = $args['new_password'];
+	$tmp['role']	 = $args['role'];
+
+	// Add the user to the database
+	if( $dbUsers->add($tmp) )
+	{
+		Alert::set($Language->g('user-has-been-added-successfully'), ALERT_STATUS_OK);
 		return true;
 	}
 	else

diff --git a/admin/controllers/edit-user.php b/admin/controllers/edit-user.php
@@ -17,26 +17,6 @@ function editUser($args)
 	}
 }
 
-function setPassword($username, $new_password, $confirm_password)
-{
-	global $dbUsers;
-	global $Language;
-
-	if( ($new_password===$confirm_password) && !Text::isEmpty($new_password) )
-	{
-		if( $dbUsers->setPassword($username, $new_password) ) {
-			Alert::set($Language->g('The changes have been saved'));
-		}
-		else {
-			Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to change the user password.');
-		}
-	}
-	else {
-		Alert::set($Language->g('The password and confirmation password do not match'));
-		return false;
-	}
-}
-
 function deleteUser($args, $deleteContent=false)
 {
 	global $dbUsers;
@@ -92,10 +72,6 @@ function deleteUser($args, $deleteContent=false)
 	elseif(isset($_POST['delete-user-associate'])) {
 		deleteUser($_POST, false);
 	}
-	elseif( !empty($_POST['new-password']) && !empty($_POST['confirm-password']) ) {
-		setPassword($_POST['username'], $_POST['new-password'], $_POST['confirm-password']);
-		editUser($_POST);
-	}
 	else {
 		editUser($_POST);
 	}

diff --git a/admin/controllers/user-password.php b/admin/controllers/user-password.php
@@ -0,0 +1,73 @@
+<?php defined('BLUDIT') or die('Bludit CMS.');
+
+// ============================================================================
+// Functions
+// ============================================================================
+
+function setPassword($username, $new_password, $confirm_password)
+{
+	global $dbUsers;
+	global $Language;
+
+	// Password length
+	if( strlen($new_password) < 6 )
+	{
+		Alert::set($Language->g('Password must be at least 6 characters long'), ALERT_STATUS_FAIL);
+		return false;
+	}
+
+	if($new_password===$confirm_password)
+	{
+		if( $dbUsers->setPassword($username, $new_password) ) {
+			Alert::set($Language->g('The changes have been saved'), ALERT_STATUS_OK);
+			return true;
+		}
+		else {
+			Log::set(__METHOD__.LOG_SEP.'Error occurred when trying to change the user password.');
+			return false;
+		}
+	}
+	else {
+		Alert::set($Language->g('The password and confirmation password do not match'), ALERT_STATUS_FAIL);
+		return false;
+	}
+}
+
+// ============================================================================
+// Main before POST
+// ============================================================================
+
+// ============================================================================
+// POST Method
+// ============================================================================
+
+if( $_SERVER['REQUEST_METHOD'] == 'POST' )
+{
+	// Prevent editors to administrate other users.
+	if($Login->role()!=='admin')
+	{
+		$_POST['username'] = $Login->username();
+		unset($_POST['role']);
+	}
+
+	if( setPassword($_POST['username'], $_POST['new_password'], $_POST['confirm_password']) ) {
+		Redirect::page('admin', 'users');
+	}
+}
+
+// ============================================================================
+// Main after POST
+// ============================================================================
+
+if($Login->role()!=='admin') {
+	$layout['parameters'] = $Login->username();
+}
+
+$_user = $dbUsers->getDb($layout['parameters']);
+
+// If the user doesn't exist, redirect to the users list.
+if($_user===false) {
+	Redirect::page('admin', 'users');
+}
+
+$_user['username'] = $layout['parameters'];
diff --git a/admin/themes/default/css/default.css b/admin/themes/default/css/default.css
@@ -99,9 +99,15 @@ button.delete-button:hover {
 	text-decoration: underline;
 }
 
+#jscontent {
+	height: 400px;
+}
+
+
+/* ----------- ALERT ----------- */
+
 #alert {
 	display: none;
-	background: rgba(48, 102, 187, 0.91);
 	color: #ffffff;
 	padding: 24px;
 	position: fixed;
@@ -110,8 +116,12 @@ button.delete-button:hover {
 	z-index: 100;
 }
 
-#jscontent {
-	height: 400px;
+.alert-ok {
+	background: rgba(48, 102, 187, 0.91);
+}
+
+.alert-fail {
+	background: rgba(187, 48, 48, 0.91);
 }
 
 /* ----------- LOGIN FORM ----------- */

diff --git a/admin/themes/default/index.php b/admin/themes/default/index.php
@@ -48,7 +48,7 @@
 });
 </script>
 
-<div id="alert">
+<div id="alert" class="<?php echo (Alert::status()==ALERT_STATUS_OK)?'alert-ok':'alert-fail'; ?>">
 <?php Alert::p() ?>
 </div>
 

diff --git a/admin/themes/default/init.php b/admin/themes/default/init.php
@@ -30,6 +30,7 @@ public static function formInputText($args)
 		$type = isset($args['type']) ? $args['type'] : 'text';
 		$class = empty($args['class']) ? '' : 'class="'.$args['class'].'"';
 		$placeholder = empty($args['placeholder']) ? '' : 'placeholder="'.$args['placeholder'].'"';
+		$disabled = empty($args['disabled']) ? '' : 'disabled';
 
 		$html  = '<div class="uk-form-row">';
 
@@ -39,7 +40,7 @@ public static function formInputText($args)
 
 		$html .= '<div class="uk-form-controls">';
 
-		$html .= '<input id="'.$id.'" name="'.$args['name'].'" type="'.$type.'" '.$class.' '.$placeholder.' value="'.$args['value'].'">';
+		$html .= '<input id="'.$id.'" name="'.$args['name'].'" type="'.$type.'" '.$class.' '.$placeholder.' autocomplete="off" '.$disabled.' value="'.$args['value'].'">';
 
 		if(!empty($args['tip'])) {
 			$html .= '<p class="uk-form-help-block">'.$args['tip'].'</p>';
@@ -158,6 +159,9 @@ public static function uploader()
 
 			$("#jsaddImage").on("click", function() {
 				var filename = $("#jsimageList option:selected").text();
+				if(!filename.trim()) {
+					return false;
+				}
 				var textareaValue = $("#jscontent").val();
 				$("#jscontent").val(textareaValue + "<img src=\""+filename+"\" alt=\"\">" + "\n");
 			});
@@ -186,6 +190,10 @@ public static function uploader()
 						bar.css("width", "100%").text("100%");
 						setTimeout(function() { progressbar.addClass("uk-hidden"); }, 250);
 						$("#jsimageList").prepend("<option value=\'"+response.filename+"\' selected=\'selected\'>"+response.filename+"</option>");
+					},
+
+					notallowed: function(file, settings) {
+						alert("'.$L->g('Supported image file types').' "+settings.allow);
 					}
 				};
 

diff --git a/admin/views/add-user.php b/admin/views/add-user.php
@@ -2,7 +2,7 @@
 
 HTML::title(array('title'=>$L->g('Add a new user'), 'icon'=>'user-plus'));
 
-HTML::formOpen(array('class'=>'uk-form-horizontal'));
+HTML::formOpen(array('id'=>'add-user-form', 'class'=>'uk-form-horizontal'));
 
 	// Security token
 	HTML::formInputHidden(array(
@@ -11,23 +11,23 @@
 	));
 
 	HTML::formInputText(array(
-		'name'=>'username',
+		'name'=>'new_username',
 		'label'=>$L->g('Username'),
-		'value'=>(isset($_POST['username'])?$_POST['username']:''),
+		'value'=>(isset($_POST['new_username'])?$_POST['new_username']:''),
 		'class'=>'uk-width-1-2 uk-form-medium',
 		'tip'=>''
 	));
 
 	HTML::formInputPassword(array(
-		'name'=>'password',
+		'name'=>'new_password',
 		'label'=>$L->g('Password'),
 		'value'=>'',
 		'class'=>'uk-width-1-2 uk-form-medium',
 		'tip'=>''
 	));
 
 	HTML::formInputPassword(array(
-		'name'=>'confirm-password',
+		'name'=>'confirm_password',
 		'label'=>$L->g('Confirm Password'),
 		'value'=>'',
 		'class'=>'uk-width-1-2 uk-form-medium',

diff --git a/admin/views/edit-user.php b/admin/views/edit-user.php
@@ -1,8 +1,8 @@
 <?php
 
-HTML::title(array('title'=>$L->g('Edit user').' :: '.$_user['username'], 'icon'=>'user'));
+HTML::title(array('title'=>$L->g('Edit user'), 'icon'=>'user'));
 
-HTML::formOpen(array('class'=>'uk-form-horizontal'));
+HTML::formOpen(array('id'=>'edit-user-profile-form','class'=>'uk-form-horizontal'));
 
 	// Security token
 	HTML::formInputHidden(array(
@@ -18,6 +18,15 @@
 
 	HTML::legend(array('value'=>$L->g('Profile')));
 
+	HTML::formInputText(array(
+		'name'=>'usernameDisable',
+		'label'=>$L->g('Username'),
+		'value'=>$_user['username'],
+		'class'=>'uk-width-1-2 uk-form-medium',
+		'disabled'=>true,
+		'tip'=>''
+	));
+
 	HTML::formInputText(array(
 		'name'=>'firstName',
 		'label'=>$L->g('First name'),
@@ -34,6 +43,13 @@
 		'tip'=>''
 	));
 
+	echo '<div class="uk-form-row">
+		<label class="uk-form-label">Password</label>
+		<div class="uk-form-controls">
+		<a href="'.HTML_PATH_ADMIN_ROOT.'user-password/'.$_user['username'].'">'.$L->g('Change password').'</a>
+		</div>
+	</div>';
+
 if($Login->role()==='admin') {
 
 	HTML::formSelect(array(
@@ -54,24 +70,6 @@
 		'tip'=>$L->g('email-will-not-be-publicly-displayed')
 	));
 
-	HTML::legend(array('value'=>$L->g('Change password')));
-
-	HTML::formInputPassword(array(
-		'name'=>'new-password',
-		'label'=>$L->g('New password'),
-		'value'=>'',
-		'class'=>'uk-width-1-2 uk-form-medium',
-		'tip'=>''
-	));
-
-	HTML::formInputPassword(array(
-		'name'=>'confirm-password',
-		'label'=>$L->g('Confirm Password'),
-		'value'=>'',
-		'class'=>'uk-width-1-2 uk-form-medium',
-		'tip'=>''
-	));
-
 	echo '<div class="uk-form-row">
 		<div class="uk-form-controls">
 		<button type="submit" class="uk-button uk-button-primary">'.$L->g('Save').'</button>

diff --git a/admin/views/new-post.php b/admin/views/new-post.php
@@ -44,7 +44,7 @@
 	// Tabs, general and advanced mode
 	echo '<ul class="uk-tab" data-uk-tab="{connect:\'#tab-options\'}">';
 	echo '<li><a href="">'.$L->g('General').'</a></li>';
-	echo '<li><a href="">Images</a></li>';
+	echo '<li><a href="">'.$L->g('Images').'</a></li>';
 	echo '<li><a href="">'.$L->g('Advanced').'</a></li>';
 	echo '</ul>';