mirror of
https://github.com/Pathduck/gallery3.git
synced 2026-07-11 09:43:51 -04:00
Require the current password to change your password.
Fixes ticket #585. Separate out the password change form from the regular edit user form. Require the old password to enter a new one. While I'm at it, roll the password strength javascript into a Form_Script element so that we can get rid of the old view (which incidentally fixes a bug where the password strength meter would go away on form errors).
This commit is contained in:
@@ -20,7 +20,6 @@
|
||||
class Users_Controller extends Controller {
|
||||
public function update($id) {
|
||||
$user = user::lookup($id);
|
||||
|
||||
if ($user->guest || $user->id != identity::active_user()->id) {
|
||||
access::forbidden();
|
||||
}
|
||||
@@ -29,9 +28,6 @@ class Users_Controller extends Controller {
|
||||
try {
|
||||
$valid = $form->validate();
|
||||
$user->full_name = $form->edit_user->full_name->value;
|
||||
if ($form->edit_user->password->value) {
|
||||
$user->password = $form->edit_user->password->value;
|
||||
}
|
||||
$user->email = $form->edit_user->email->value;
|
||||
$user->url = $form->edit_user->url->value;
|
||||
|
||||
@@ -57,7 +53,38 @@ class Users_Controller extends Controller {
|
||||
|
||||
$user->save();
|
||||
module::event("user_edit_form_completed", $user, $form);
|
||||
message::success(t("User information updated."));
|
||||
message::success(t("User information updated"));
|
||||
print json_encode(
|
||||
array("result" => "success",
|
||||
"resource" => url::site("users/{$user->id}")));
|
||||
} else {
|
||||
print json_encode(array("result" => "error", "form" => (string) $form));
|
||||
}
|
||||
}
|
||||
|
||||
public function change_password($id) {
|
||||
$user = user::lookup($id);
|
||||
if ($user->guest || $user->id != identity::active_user()->id) {
|
||||
access::forbidden();
|
||||
}
|
||||
|
||||
$form = $this->_get_change_password_form($user);
|
||||
try {
|
||||
$valid = $form->validate();
|
||||
$user->password = $form->change_password->password->value;
|
||||
$user->validate();
|
||||
} catch (ORM_Validation_Exception $e) {
|
||||
// Translate ORM validation errors into form error messages
|
||||
foreach ($e->validation->errors() as $key => $error) {
|
||||
$form->change_password->inputs[$key]->add_error($error, 1);
|
||||
}
|
||||
$valid = false;
|
||||
}
|
||||
|
||||
if ($valid) {
|
||||
$user->save();
|
||||
module::event("user_change_password_form_completed", $user, $form);
|
||||
message::success(t("Password changed"));
|
||||
print json_encode(
|
||||
array("result" => "success",
|
||||
"resource" => url::site("users/{$user->id}")));
|
||||
@@ -72,22 +99,45 @@ class Users_Controller extends Controller {
|
||||
access::forbidden();
|
||||
}
|
||||
|
||||
$v = new View("user_form.html");
|
||||
$v->form = $this->_get_edit_form($user);
|
||||
print $v;
|
||||
print $this->_get_edit_form($user);
|
||||
}
|
||||
|
||||
public function form_change_password($id) {
|
||||
$user = user::lookup($id);
|
||||
if ($user->guest || $user->id != identity::active_user()->id) {
|
||||
access::forbidden();
|
||||
}
|
||||
|
||||
print $this->_get_change_password_form($user);
|
||||
}
|
||||
|
||||
private function _get_change_password_form($user) {
|
||||
$form = new Forge(
|
||||
"users/change_password/$user->id", "", "post", array("id" => "g-change-password-user-form"));
|
||||
$group = $form->group("change_password")->label(t("Change your password"));
|
||||
$group->password("old_password")->label(t("Old password"))->id("g-password")
|
||||
->callback("user::valid_password")
|
||||
->error_messages("invalid", t("Incorrect password"));
|
||||
$group->password("password")->label(t("New password"))->id("g-password")
|
||||
->error_messages("min_length", t("Your new password is too short"));
|
||||
$group->script("")
|
||||
->text(
|
||||
'$("form").ready(function(){$(\'input[name="password"]\').user_password_strength();});');
|
||||
$group->password("password2")->label(t("Confirm new password"))->id("g-password2")
|
||||
->matches($group->password)
|
||||
->error_messages("matches", t("The passwords you entered do not match"));
|
||||
|
||||
module::event("user_change_password_form", $user, $form);
|
||||
$group->submit("")->value(t("Save"));
|
||||
return $form;
|
||||
}
|
||||
|
||||
private function _get_edit_form($user) {
|
||||
$form = new Forge("users/update/$user->id", "", "post", array("id" => "g-edit-user-form"));
|
||||
$group = $form->group("edit_user")->label(t("Edit User: %name", array("name" => $user->name)));
|
||||
$group = $form->group("edit_user")->label(t("Edit your profile"));
|
||||
$group->input("full_name")->label(t("Full Name"))->id("g-fullname")->value($user->full_name)
|
||||
->error_messages("length", t("Your name is too long"));
|
||||
self::_add_locale_dropdown($group, $user);
|
||||
$group->password("password")->label(t("Password"))->id("g-password")
|
||||
->error_messages("min_length", t("Your password is too short"));
|
||||
$group->password("password2")->label(t("Confirm Password"))->id("g-password2")
|
||||
->matches($group->password)
|
||||
->error_messages("matches", t("The passwords you entered do not match"));
|
||||
$group->input("email")->label(t("Email"))->id("g-email")->value($user->email)
|
||||
->error_messages("email", t("You must enter a valid email address"))
|
||||
->error_messages("length", t("Your email address is too long"))
|
||||
|
||||
Reference in New Issue
Block a user