[Mapbender-commits] r5888 - in trunk/mapbender/http: javascripts php
svn_mapbender at osgeo.org
svn_mapbender at osgeo.org
Sat Apr 10 09:51:03 EDT 2010
Author: verenadiewald
Date: 2010-04-10 09:51:03 -0400 (Sat, 10 Apr 2010)
New Revision: 5888
Added:
trunk/mapbender/http/javascripts/mod_confirmLogin.php
trunk/mapbender/http/php/mod_confirmLogin_server.php
trunk/mapbender/http/php/mod_registerUser_server.php
Modified:
trunk/mapbender/http/php/mod_editFilteredUser.php
Log:
new mode for password insertion -> admin can send mail to new mapbender user to set password
Added: trunk/mapbender/http/javascripts/mod_confirmLogin.php
===================================================================
--- trunk/mapbender/http/javascripts/mod_confirmLogin.php (rev 0)
+++ trunk/mapbender/http/javascripts/mod_confirmLogin.php 2010-04-10 13:51:03 UTC (rev 5888)
@@ -0,0 +1,207 @@
+<?php
+# $Id: mod_confirmLogin.php
+# http://www.mapbender.org/index.php/mod_confirmLogin.php
+# Copyright (C) 2002 CCGIS
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+include_once dirname(__FILE__) . "/../../conf/mapbender.conf";
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET;?>">
+<title>Confirm Login</title>
+
+<?php
+$userId = $_GET["user_id"];
+if (!is_numeric($userId)) {
+ echo "User ID not valid!";
+ die;
+}
+
+$userName = $_GET["user_name"];
+$pattern = "/[a-z0-9_-]/i";
+if (!preg_match($pattern, $userName)) {
+ echo "User Name not valid!";
+ die;
+}
+
+$userTicket = $_GET["user_ticket"];
+$pattern = "/[a-z0-9]{30}/i";
+if (!preg_match($pattern, $userTicket)) {
+ echo "User Ticket not valid!";
+ die;
+}
+?>
+<style type="text/css">
+<!--
+body{
+ font-family: Arial, Helvetica, sans-serif;
+ font-size: 10px;
+}
+-->
+</style>
+<script type='text/javascript' src="../extensions/jquery.js"></script>
+<script type="text/javascript">
+<?php
+echo "var userId = ".$_REQUEST['user_id'].";\n";
+echo "var userName = '".htmlentities($userName, ENT_QUOTES, CHARSET)."';\n";
+echo "var userTicket = '".htmlentities($userTicket, ENT_QUOTES, CHARSET)."';\n";
+?>
+
+/*
+ * Check if ticket number for this user is valid
+ *
+ * @return boolean return true if ticket number is valid
+ */
+function checkTicketNumber () {
+ var parameters = {
+ "command" : "checkTicket",
+ "userId" : userId,
+ userTicket : userTicket
+ };
+ $.post("../php/mod_confirmLogin_server.php", parameters, function (json, status) {
+ if(status == 'success') {
+ if (json == 'true') {
+ createInsertFields();
+ }
+ else {
+ $("#contentDiv").text("You are not authorized. Please request a new ticket from your administrator to set your password.");
+ }
+ }
+ });
+}
+
+/*
+ * Creates table with insert fields
+ *
+ */
+function createInsertFields() {
+ //create table
+ var $table = $("<table></table>");
+ $table.appendTo("#contentDiv");
+ //create lines and fields
+ var $tr1 = $("<tr><td>User name:</td><td><input type='text' readonly id='userName'/></td><td></td></tr>");
+ var $tr2 = $("<tr><td>Password:</td><td><input type='password' id='userPw'/></td><td id='spanTd'></td></tr>");
+ var $tr3 = $("<tr><td>Confirm password:</td><td><input type='password' id='userPw2'/></td><td></td></tr>");
+ $tr1.appendTo($table);
+ $tr2.appendTo($table);
+ $tr3.appendTo($table);
+
+ //fill in field userName
+ $("#userName").val(userName);
+
+ //set keyup event for password check
+ $("#userPw").keyup(function () {
+ checkSafety(this.value);
+ });
+
+ //create span for pwd safety message
+ $("<span />").attr("id","pwdSafetyMsg").appendTo("#spanTd");
+
+ //set div and button for saving pw
+ var $buttonDiv = $("<div><input type='button' value='Save'></div");
+ $buttonDiv.click(function () {
+ savePwd();
+ });
+ $buttonDiv.appendTo("#contentDiv");
+}
+
+/*
+ * Save new password
+ *
+ */
+function savePwd() {
+ if(checkPassword()) {
+ var parameters = {
+ command : "savePwd",
+ userId : userId,
+ userTicket : userTicket,
+ userPassword : document.getElementById("userPw").value
+ };
+ $.post("../php/mod_confirmLogin_server.php", parameters, function (json, status) {
+ if(status == 'success') {
+ alert(json);
+ var $loginHref = $("<div style='margin-top:20px'><a href='../frames/login.php'>Zum Login</a></div");
+ $loginHref.appendTo("#contentDiv");
+ }
+ });
+ }
+}
+
+/*
+ * Check if password and password confirmation are inserted correctly
+ *
+ */
+function checkPassword() {
+ var newPw = document.getElementById("userPw");
+ var newPwConfirm = document.getElementById("userPw2");
+ if(newPw.value == '' || newPwConfirm.value == '' || newPw.value != newPwConfirm.value) {
+ alert("Password verification failed. Please insert password twice!");
+ newPw.value = "";
+ newPwConfirm.value = "";
+ newPw.focus();
+ $("#pwdSafetyMsg").html("");
+ return false;
+ }
+ else {
+ return true;
+ }
+}
+
+function checkSafety(pwdString){
+ var pwdMsg = "";
+ var pwdPoints = pwdString.length;
+
+ var hasLetter = new RegExp("[a-z]");
+ var hasCaps = new RegExp("[A-Z]");
+ var hasNumbers = new RegExp("[0-9]");
+ var hasSymbols = new RegExp("\\W");
+
+ if(hasLetter.test(pwdString)){ pwdPoints += 4; }
+ if(hasCaps.test(pwdString)){ pwdPoints += 4; }
+ if(hasNumbers.test(pwdString)){ pwdPoints += 4; }
+ if(hasSymbols.test(pwdString)){ pwdPoints += 4; }
+
+ if(pwdPoints >= 24) {
+ $("#pwdSafetyMsg").css("color","#0f0");
+ pwdMsg = "Your password is strong!";
+ }
+ else if(pwdPoints >= 16) {
+ $("#pwdSafetyMsg").css("color","#00f");
+ pwdMsg = "Your password is medium!";
+ }
+ else if(pwdPoints >= 12) {
+ $("#pwdSafetyMsg").css("color","#fa0");
+ pwdMsg = "Your password is weak!";
+ }
+ else {
+ $("#pwdSafetyMsg").css("color","#f00");
+ pwdMsg = "Your password is very weak!";
+ }
+
+ $("#pwdSafetyMsg").html(pwdMsg);
+}
+
+</script>
+</head>
+
+<body onload='checkTicketNumber();'>
+ <div id='contentDiv'>
+ </div>
+</body>
+
+</html>
+
Added: trunk/mapbender/http/php/mod_confirmLogin_server.php
===================================================================
--- trunk/mapbender/http/php/mod_confirmLogin_server.php (rev 0)
+++ trunk/mapbender/http/php/mod_confirmLogin_server.php 2010-04-10 13:51:03 UTC (rev 5888)
@@ -0,0 +1,63 @@
+<?php
+require_once(dirname(__FILE__)."/../../core/globalSettings.php");
+
+$command = $_POST["command"];
+$pattern = "/[a-z]/i";
+if (!preg_match($pattern, $command)) {
+ echo "Command not valid!";
+ die;
+}
+
+$userId = $_POST["userId"];
+if (!is_numeric($userId)) {
+ echo "User ID not valid!";
+ die;
+}
+
+$userTicket = $_POST["userTicket"];
+$pattern = "/[a-z0-9]{30}/i";
+if (!preg_match($pattern, $userTicket)) {
+ echo "User Ticket not valid!";
+ die;
+}
+
+$userPassword = $_POST["userPassword"];
+//$pattern = "/[a-z0-9A-Z]/";
+//if (!preg_match($pattern, $userTicket)) {
+// echo "User Ticket not valid!";
+// die;
+//}
+
+if($command == 'checkTicket') {
+ $sql = "SELECT * FROM mb_user ";
+ $sql .= "WHERE mb_user_id = $1 AND mb_user_password_ticket = $2";
+ $v = array($userId,$userTicket);
+ $t = array("i","s");
+ $res = db_prep_query($sql,$v,$t);
+ $row = db_fetch_array($res);
+ if ($row) {
+ if($row['mb_user_password_ticket'] == '' || $row['mb_user_password_ticket'] != $userTicket) {
+ echo "false";
+ }
+ else {
+ echo "true";
+ }
+ }
+ else {
+ echo "false";
+ }
+}
+
+if($command == 'savePwd') {
+ $sql = "UPDATE mb_user SET mb_user_password = $1, mb_user_password_ticket = '' WHERE mb_user_id = $2 AND mb_user_password_ticket = $3";
+ $v = array(md5($userPassword),$userId,$userTicket);
+ $t = array('s','i','s');
+ $res = db_prep_query($sql,$v,$t);
+ if($res){
+ echo "Password saved successfully.";
+ }
+ else {
+ echo "Error while saving password.";
+ }
+}
+?>
Modified: trunk/mapbender/http/php/mod_editFilteredUser.php
===================================================================
--- trunk/mapbender/http/php/mod_editFilteredUser.php 2010-04-10 11:59:02 UTC (rev 5887)
+++ trunk/mapbender/http/php/mod_editFilteredUser.php 2010-04-10 13:51:03 UTC (rev 5888)
@@ -35,8 +35,42 @@
$myPW = "**********";
echo "<script language='JavaScript'>var myPW = '".$myPW."';</script>";
?>
+<script type="text/javascript">
+<?php
+ include '../include/dyn_js.php';
+ include '../include/dyn_php.php';
+
+ $myPW = "**********";
+ echo "var myPW = '".$myPW."';";
+ echo "var withPasswordInsertion = '" . $withPasswordInsertion . "';";
+?>
+</script>
+<script type='text/javascript' src="../extensions/jquery.js"></script>
<script language="JavaScript">
+function sendRegisterData() {
+ if (document.form1.email.value == '') {
+ alert("Data could not be sent. No mail address given for this user.");
+ return false;
+ }
+ var parameters = {
+ command : "sendMailToCustomer",
+ userId : document.form1.selected_user.options[document.form1.selected_user.selectedIndex].value
+ };
+ $.post("../php/mod_registerUser_server.php", parameters, function (json, status) {
+ if(status == 'success') {
+ alert(json);
+ }
+ });
+}
+
+function callPick(obj){
+ dTarget = obj;
+ var dp = window.open('../tools/datepicker/datepicker.php?m=Jan_Feb_März_April_Mai_Juni_Juli_Aug_Sept_Okt_Nov_Dez&d=Mo_Di_Mi_Do_Fr_Sa_So&t=heute','dp','left=200,top=200,width=230,height=210,toolbar=0,location=0,directories=0,status=0,menubar=0,scrollbars=0');
+ dp.focus();
+ return false;
+}
+
function validate(val){
var ok = validateInput();
if(ok == 'true'){
@@ -50,13 +84,18 @@
if(val == 'delete'){
permission = confirm("Delete User?");
}
+ if(val == 'new_pw_ticket'){
+ permission = confirm("Set new password ticket for this user?");
+ }
if(permission === true){
- if(document.forms[0].password.value == myPW){
- document.forms[0].password.value = '';
- }
- document.forms[0].action.value = val;
- document.forms[0].submit();
- }
+ if(withPasswordInsertion == 'true'){
+ if(document.forms[0].password.value == myPW){
+ document.forms[0].password.value = '';
+ }
+ }
+ document.forms[0].action.value = val;
+ document.forms[0].submit();
+ }
}
}
function validateInput(){
@@ -66,22 +105,24 @@
document.forms[0].name.focus();
return 'false';
}
- if(document.forms[0].password.value === ''){
- alert(str_alert);
- document.forms[0].password.focus();
- return 'false';
+ if(withPasswordInsertion == 'true') {
+ if(document.forms[0].password.value === '') {
+ alert(str_alert);
+ document.forms[0].password.focus();
+ return 'false';
+ }
+ if((document.forms[0].password.value != myPW || document.forms[0].v_password.value !== '' )&& document.forms[0].password.value != document.forms[0].v_password.value){
+ alert("Password verification failed. You have to enter the same password twice!");
+ document.forms[0].password.value = myPW;
+ document.forms[0].password.focus();
+ return 'false';
+ }
}
- if((document.forms[0].password.value != myPW || document.forms[0].v_password.value !== '' )&& document.forms[0].password.value != document.forms[0].v_password.value){
- alert("Password verification failed. You have to enter the same password twice!");
- document.forms[0].password.value = myPW;
- document.forms[0].password.focus();
- return 'false';
- }
- if(document.forms[0].resolution.value === ''){
+ if(document.forms[0].resolution.value === '') {
document.forms[0].resolution.value = 72;
return 'true';
}
- if(document.forms[0].login_count.value === ''){
+ if(document.forms[0].login_count.value === '') {
document.forms[0].login_count.value = 0;
return 'true';
}
@@ -142,11 +183,19 @@
}
else{
$sql = "Insert INTO mb_user (mb_user_name, mb_user_password, mb_user_owner, mb_user_description, ";
- $sql .= "mb_user_email, mb_user_phone, mb_user_department, mb_user_resolution) VALUES ";
- $sql.= "($1,$2,$3,$4,$5,$6,$7,$8)";
- $tmpPW = md5($password);
- $v = array($name,$tmpPW,$owner_id,$description,$email,$phone,$department,$resolution);
- $t = array('s','s','i','s','s','s','s','i');
+ $sql .= "mb_user_email, mb_user_phone, mb_user_department, mb_user_resolution, mb_user_password_ticket) VALUES ";
+ $sql.= "($1,$2,$3,$4,$5,$6,$7,$8,$9)";
+ if($withPasswordInsertion == 'true') {
+ $tmpPW = md5($password);
+ $passwordTicket = "";
+ }
+ else {
+ $tmpPW = md5(microtime());
+ $passwordTicket = substr(md5(uniqid(rand())),0,30);
+ }
+
+ $v = array($name,$tmpPW,$owner_id,$description,$email,$phone,$department,$resolution,$passwordTicket);
+ $t = array('s','s','i','s','s','s','s','i','s');
$res = db_prep_query($sql,$v,$t);
$selected_user = db_insert_id($res,"mb_user","mb_user_id");
}
@@ -184,6 +233,22 @@
}
}
}
+
+if($action == 'new_pw_ticket'){
+ $sql = "UPDATE mb_user SET mb_user_password_ticket = $1";
+ $sql.=" WHERE mb_user_id = $2";
+
+ $tmpPW = md5(microtime());
+ $passwordTicket = substr(md5(uniqid(rand())),0,30);
+
+ $v = array($passwordTicket,$selected_user);
+ $t = array('s','i');
+ $res = db_prep_query($sql,$v,$t);
+ if($res){
+ echo "<script language='JavaScript'>alert('New password ticket created.');</script>";
+ }
+}
+
if (!isset($name) || $selected_user == 'new'){
$name = "";
$password = "";
@@ -271,28 +336,30 @@
echo "</td>";
echo "</tr>";
-#password
-echo "<tr>";
- echo "<td>Password: </td>";
- echo "<td>";
- echo "<input type='password' size='30' name='password' value='";
- if(isset($selected_user) && $selected_user != 'new'){
- echo $myPW;
- }
- echo "' >";
- echo "</td>";
-echo "</tr>";
+if($withPasswordInsertion == 'true') {
+ #password
+ echo "<tr>";
+ echo "<td>Password: </td>";
+ echo "<td>";
+ echo "<input type='password' size='30' name='password' value='";
+ if(isset($selected_user) && $selected_user != 'new'){
+ echo $myPW;
+ }
+ echo "' >";
+ echo "<input type='hidden' name='password_plain' value='".$password."'>";
+ echo "</td>";
+ echo "</tr>";
+
+ #confirm password
+ echo "<tr>";
+ echo "<td>Confirm password: </td>";
+ echo "<td>";
+ echo "<input type='password' size='30' name='v_password' value='";
+ echo "'>";
+ echo "</td>";
+ echo "</tr>";
+}
-#confirm password
-echo "<tr>";
- echo "<td>Confirm password: </td>";
- echo "<td>";
- echo "<input type='password' size='30' name='v_password' value='";
- echo "'>";
- echo "</td>";
-echo "</tr>";
-
-
#owner
echo "<tr>";
echo "<td>Owner: </td>";
@@ -359,6 +426,10 @@
if(Mapbender::session()->get("mb_user_id") == $owner_id && $selected_user != 'new' && $selected_user != '' ){
echo "<input type='button' value='save' onclick='validate(\"update\")'>";
echo "<input type='button' value='delete' onclick='validate(\"delete\")'>";
+ if($withPasswordInsertion != 'true') {
+ echo "<input type='button' value='Send login data to user' onclick='sendRegisterData();'>";
+ echo " <input type='button' value='New password ticket' onclick='validate(\"new_pw_ticket\");'>";
+ }
}
?>
<input type='hidden' name='action' value=''>
Added: trunk/mapbender/http/php/mod_registerUser_server.php
===================================================================
--- trunk/mapbender/http/php/mod_registerUser_server.php (rev 0)
+++ trunk/mapbender/http/php/mod_registerUser_server.php 2010-04-10 13:51:03 UTC (rev 5888)
@@ -0,0 +1,64 @@
+<?php
+# $Id:
+# http://www.mapbender.org/index.php
+# Copyright (C) 2002 CCGIS
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2, or (at your option)
+# any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+
+require_once(dirname(__FILE__)."/../php/mb_validateSession.php");
+require_once(dirname(__FILE__)."/../classes/class_administration.php");
+
+$command = $_REQUEST["command"];
+
+if($command == 'sendMailToCustomer') {
+
+ $admin = new administration();
+ $mailToAddr = $admin->getEmailByUserId($_REQUEST['userId']);
+ $mailToName = $admin->getUsernameByUserId($_REQUEST['userId']);
+
+ $sql = "SELECT * FROM mb_user ";
+ $sql .= "WHERE mb_user_id = $1";
+ $v = array($_REQUEST['userId']);
+ $t = array("i");
+ $res = db_prep_query($sql,$v,$t);
+ $row = db_fetch_array($res);
+ if ($row) {
+ $userId = $row["mb_user_id"];
+ $userName = $row["mb_user_name"];
+ $email = $row["mb_user_email"];
+ $ticket = $row["mb_user_password_ticket"];
+
+ $customerMessage = "You are now registered as a Mapbender User.\n";
+ $customerMessage .= "Your login name is: ".$userName."\n";
+ $customerMessage .= "Please set your own password using the following link: \n";
+ $mbUrl = substr(LOGIN, 0, -9);
+ $customerMessage .= $mbUrl."../javascripts/mod_confirmLogin.php?user_id=".$userId."&user_name=".$userName."&user_ticket=".$ticket."\n";
+ $customerMessage .= "Follow this link to login to Mapbender: \n";
+ $customerMessage .= LOGIN."\n";
+
+ if(!$admin->sendEmail("", "", $mailToAddr, $mailToName, utf8_decode("Your Mapbender account"), utf8_decode($customerMessage), $error_msg)) {
+ echo "Registry data could not be send. Please check mail address.";
+ }
+ else {
+ echo "Registry data has been sent successfully to new Mapbender user.";
+ }
+
+ }
+ else {
+ echo "User does not exists.";
+ }
+
+}
+?>
\ No newline at end of file
More information about the Mapbender_commits
mailing list