ShaYmez
/
FreeSTAR-Status-Engine
mirror of https://github.com/ShaYmez/FreeSTAR-Status-Engine.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fixed some todos & added email validation

This commit is contained in:
Vojtěch Sajdl 2018-01-13 00:16:38 +01:00
parent f310aac8b5
commit 54d499eb42
No known key found for this signature in database
GPG Key ID: 5D4EB1361A272390
7 changed files with 38 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
admin/index.php
View File

@ -9,8 +9,6 @@ if(isset($_COOKIE['user'])&&!isset($_SESSION['user']))
User::restore_session();
}
//TODO: CHeck if user deactivated
if (!isset($_SESSION['user']))
{
if (isset($_GET['do']) && $_GET['do']=="lost-password")

2
admin/lost-password.php
View File

@ -13,7 +13,7 @@ Template::render_header(_("Lost password"));
$user->change_password($_POST['token']);
if (isset($message)){?>
<p class="alert alert-danger"><?php echo $message?></p>
<a href="<?php echo WEB_URL;?>/admin/?do=lost-password<?php echo "&id=".$_POST['id']."&token=".$_POST['token'];?>"><?php echo _("Go back");?> </a>
<a href="<?php echo WEB_URL;?>/admin/?do=lost-password<?php echo "&amp;id=".$_POST['id']."&amp;token=".$_POST['token'];?>"><?php echo _("Go back");?> </a>
<?php
}
else{?>

2
admin/new-user.php
View File

@ -9,7 +9,7 @@ Template::render_header(_("New user"), true); ?>
<h2>Add new user</h2>
</div>
<form action="<?php echo WEB_URL;?>/admin/?do=new-user&new=user" method="POST" class="form-horizontal">
<form action="<?php echo WEB_URL;?>/admin/?do=new-user&amp;new=user" method="POST" class="form-horizontal">
<?php if (isset($message))
{?>
<p class="alert alert-danger"><?php echo $message?></p>

6
admin/settings.php
View File

@ -22,7 +22,7 @@ if (isset($message)){
<section>
<h3 class="pull-left"><?php echo _("Services");?></h3>
<?php if ($user->get_rank() <= 1){?>
<form action="?do=settings&new=service" method="post">
<form action="?do=settings&amp;new=service" method="post">
<div class="input-group pull-right new-service">
<input class="form-control" name="service" placeholder="Name" type="text" value="<?php echo ((isset($_POST['service']))?htmlspecialchars($_POST['service']):''); ?>" maxlength="50" required>
<span class="input-group-btn">
@ -52,7 +52,7 @@ while($result = $query->fetch_assoc())
echo "<td>".$result['name']."</td>";
if ($user->get_rank()<=1)
{
echo '<td><a href="'.WEB_URL.'/admin/?do=settings&delete='.$result['id'].'" class="pull-right delete-service"><i class="fa fa-trash"></i></a></td>';
echo '<td><a href="'.WEB_URL.'/admin/?do=settings&amp;delete='.$result['id'].'" class="pull-right delete-service"><i class="fa fa-trash"></i></a></td>';
}
echo "</tr>";
}?>
@ -74,7 +74,7 @@ while($result = $query->fetch_assoc())
{
echo "<tr>";
echo "<td>".$result['id']."</td>";
echo "<td><a href='".WEB_URL."/admin/?do=user&id=".$result['id']."'>".$result['username']."</a></td>";
echo "<td><a href='".WEB_URL."/admin/?do=user&amp;id=".$result['id']."'>".$result['username']."</a></td>";
echo "<td>".$result['name']."</td>";
echo "<td>".$result['surname']."</td>";
echo "<td><a href=\"mailto:".$result['email']."\">".$result['email']."</a></td>";

4
classes/constellation.php
View File

@ -39,7 +39,7 @@ class Constellation
{
if ($offset)
{
echo '<noscript><div class="centered"><a href="'.WEB_URL.'/?offset='.($offset-$limit+1).'&timestamp='.$timestamp.'" class="btn btn-default">'._("Back").'</a></div></noscript>';
echo '<noscript><div class="centered"><a href="'.WEB_URL.'/?offset='.($offset-$limit+1).'&amp;timestamp='.$timestamp.'" class="btn btn-default">'._("Back").'</a></div></noscript>';
}
echo "<h3>"._("Past incidents")."</h3>";
}
@ -59,7 +59,7 @@ class Constellation
}
if ($show)
{
echo '<div class="centered"><a href="'.WEB_URL.'/?offset='.($offset).'&timestamp='.$timestamp.'" id="loadmore" class="btn btn-default">'._("Load more").'</a></div>';
echo '<div class="centered"><a href="'.WEB_URL.'/?offset='.($offset).'&amp;timestamp='.$timestamp.'" id="loadmore" class="btn btn-default">'._("Load more").'</a></div>';
}
}
}

18
classes/incident.php
View File

@ -37,8 +37,20 @@ class Incident
* @param int ID
*/
public static function delete($id){
//TODO: This should check whether it's admin or their own post...
global $mysqli, $message;
global $mysqli, $message, $user;
if ($user->get_rank() > 1)
{
$stmt = $mysqli->prepare("SELECT count(*) as count FROM status WHERE id= ? AND user_id = ?");
$stmt->bind_param("ii", $id, $_SESSION['user']);
$stmt->execute();
$query = $stmt->get_result();
if (!$query->fetch_assoc()['count'])
{
$message = _("You don't have permission to do that!");
return;
}
}
$stmt = $mysqli->prepare("DELETE FROM services_status WHERE status_id = ?");
$stmt->bind_param("i", $id);
@ -164,7 +176,7 @@ class Incident
<div class="panel-footer clearfix">
<small><?php echo _("Posted by");?>: <?php echo $this->username;
if (isset($this->end_date)){?>
<span class="pull-right"><?php echo strtotime($this->end_date)>time()?_("Ending"):_("Ended");?>:&nbsp;<time class="pull-right timeago" datetime="<?php echo $this->end_date; ?>"><?php echo $this->end_date; ?></time></span>
<span class="pull-right"><?php echo strtotime($this->end_date)>time()?_("Ending"):_("Ended");?>: <time class="pull-right timeago" datetime="<?php echo $this->end_date; ?>"><?php echo $this->end_date; ?></time></span>
<?php } ?>
</small>
</div>

25
classes/user.php
View File

@ -97,7 +97,7 @@ class User
$stmt->bind_param("i", $this->id);
$stmt->execute();
$stmt->close();
header("Location: ".WEB_URL."/admin/?do=user&id=".$id);
header("Location: ".WEB_URL."/admin/?do=user&amp;id=".$id);
}else{
$message = _("You don't have the permission to do that!");
}
@ -138,6 +138,12 @@ class User
$username = $_POST['username'];
$email = $_POST['email'];
$pass = $_POST['password'];
if (!filter_var($email, FILTER_VALIDATE_EMAIL))
{
$message = "Invalid email!";
return;
}
$variables = array();
if (strlen($name)>50){
@ -153,6 +159,7 @@ class User
$variables[] = 'email: 60';
}
if (!empty($variables))
{
$message = _("Please mind the following character limits: ");
@ -308,16 +315,16 @@ class User
</div>
<div class="row">
<div class="col-md-2 col-md-offset-2"><strong><?php echo _("Username");?></strong></div>
<div class="col-md-6"><?php echo $this->username."&nbsp;"; if ($this->id!=$_SESSION['user'] && $user->get_rank()<=1 && ($user->get_rank()<$this->rank))
<div class="col-md-6"><?php echo $this->username." "; if ($this->id!=$_SESSION['user'] && $user->get_rank()<=1 && ($user->get_rank()<$this->rank))
{
echo "<a href='".WEB_URL."/admin/?do=user&id=".$this->id."&what=toggle'>";
echo "<a href='".WEB_URL."/admin/?do=user&amp;id=".$this->id."&amp;what=toggle'>";
echo "<i class='fa fa-".($this->active?"check success":"times danger")."'></i></a>";
}else{
echo "<i class='fa fa-".($this->active?"check success":"times danger")."'></i>";
}?></div>
</div>
<form action="<?php echo WEB_URL;?>/admin/?do=user&id=<?php echo $this->id; ?>" method="POST">
<form action="<?php echo WEB_URL;?>/admin/?do=user&amp;id=<?php echo $this->id; ?>" method="POST">
<div class="row">
<div class="col-md-2 col-md-offset-2"><strong><?php echo _("Role");?></strong></div>
<div class="col-md-6"><?php if ($user->get_rank() == 0 && $this->id != $_SESSION['user']){?> <div class="input-group"><select class="form-control" name="permission"><?php foreach ($permissions as $key => $value) {
@ -477,11 +484,11 @@ class User
$token = Token::new($id, 'passwd', $time);
$link = WEB_URL."/admin/?do=lost-password&id=$id&token=$token";
$link = WEB_URL."/admin/?do=lost-password&amp;id=$id&amp;token=$token";
$to = $email;
$user = new User($id);
$subject = _('Reset password') . ' - '.NAME;
$msg = sprintf(_( "Hi %s!<br>Below you will find link to change your password. The link is valid for 24hrs. If you didn't request this, feel free to ignore it. <br><br><a href=\"%s\">RESET PASSWORD</a><br><br>If the link doesn't work, copy & paste it into your browser: <br>%s"), $user->get_name(), $link, $link);
$msg = sprintf(_( "Hi %s!<br>Below you will find link to change your password. The link is valid for 24hrs. If you didn't request this, feel free to ignore it. <br><br><a href=\"%s\">RESET PASSWORD</a><br><br>If the link doesn't work, copy &amp; paste it into your browser: <br>%s"), $user->get_name(), $link, $link);
$headers = "Content-Type: text/html; charset=utf-8 ".PHP_EOL;
$headers .= "MIME-Version: 1.0 ".PHP_EOL;
$headers .= "From: ".MAILER_NAME.' <'.MAILER_ADDRESS.'>'.PHP_EOL;
@ -503,10 +510,10 @@ class User
$token = Token::new($id, 'email;$email', $time);
$link = WEB_URL."/admin/?do=change-email&id=$id&token=$token";
$link = WEB_URL."/admin/?do=change-email&amp;id=$id&amp;token=$token";
$to = $email;
$subject = _('Email change').' - '.NAME;
$msg = sprintf(_( "Hi %s!<br>Below you will find link to change your email. The link is valid for 24hrs. If you didn't request this, feel free to ignore it. <br><br><a href=\"%s\">CHANGE EMAIL</a><br><br>If the link doesn't work, copy & paste it into your browser: <br>%s"), $user->get_name(), $link, $link);
$msg = sprintf(_( "Hi %s!<br>Below you will find link to change your email. The link is valid for 24hrs. If you didn't request this, feel free to ignore it. <br><br><a href=\"%s\">CHANGE EMAIL</a><br><br>If the link doesn't work, copy &amp; paste it into your browser: <br>%s"), $user->get_name(), $link, $link);
$headers = "Content-Type: text/html; charset=utf-8 ".PHP_EOL;
$headers .= "MIME-Version: 1.0 ".PHP_EOL;
$headers .= "From: ".MAILER_NAME.' <'.MAILER_ADDRESS.'>'.PHP_EOL;
@ -581,7 +588,7 @@ class User
$stmt = $mysqli->prepare("UPDATE users SET permission=? WHERE id=?");
$stmt->bind_param("si", $permission, $id);
$stmt->execute();
header("Location: ".WEB_URL."/admin/?do=user&id=".$id);
header("Location: ".WEB_URL."/admin/?do=user&amp;id=".$id);
}
else{
$message = _("You don't have permission to do that!");