[Mapbender-commits] r5898 - in trunk/mapbender/http: classes javascripts php

svn_mapbender at osgeo.org svn_mapbender at osgeo.org
Sat Apr 10 11:56:46 EDT 2010 

Author: verenadiewald
Date: 2010-04-10 11:56:45 -0400 (Sat, 10 Apr 2010)
New Revision: 5898

Modified:
   trunk/mapbender/http/classes/class_user.php
   trunk/mapbender/http/javascripts/mod_confirmLogin.php
   trunk/mapbender/http/php/mod_confirmLogin_server.php
   trunk/mapbender/http/php/mod_editFilteredUser.php
Log:
restructuring of functionality setting password

Modified: trunk/mapbender/http/classes/class_user.php
===================================================================
--- trunk/mapbender/http/classes/class_user.php	2010-04-10 15:55:04 UTC (rev 5897)
+++ trunk/mapbender/http/classes/class_user.php	2010-04-10 15:56:45 UTC (rev 5898)
@@ -296,12 +296,64 @@
 		return true;
 	}
 
-	public function setPassword($newPassword)
-	{
-		//
-		return false;
+	
+	/*
+	*	@param	$userId the Mapbender user id
+	*	@param	$userTicket a user password ticket
+	*/
+	public function validUserPasswordTicket($userTicket) {
+		$sql = "SELECT * FROM mb_user ";
+		$sql .= "WHERE mb_user_id = $1 AND mb_user_password_ticket = $2";
+	    $v = array($this->id,$userTicket);
+		$t = array("i","s");
+		$res = db_prep_query($sql,$v,$t);
+		
+		if($row = db_fetch_array($res)){
+			if($row['mb_user_password_ticket'] == '' || $row['mb_user_password_ticket'] != $userTicket) {
+				return false;
+			}
+		}
+		else {
+			throw new Exception("Database error validating user ticket.");
+		}
+		return true;
 	}
+	
+	/*
+	*	@param	$newPassword values of the new password
+	*	@param	$newPassword Mapbender user id
+	*	@param	$newPassword Mapbender user ticket
+	*/
+	public function setPassword($newPassword,$userTicket) {
+		//set new password in db
+		$sql = "UPDATE mb_user SET mb_user_password = $1, mb_user_password_ticket = '' WHERE mb_user_id = $2 AND mb_user_password_ticket = $3";
+		$v = array(md5($newPassword),$this->id,$userTicket);
+		$t = array('s','i','s');
+		$update_result = db_prep_query($sql,$v,$t);
+
+		if(!$update_result)
+		{
+			throw new Exception("Database error updating user password");
+		}
+		return true;
+	}
   
+	
+	public function setNewUserPasswordTicket () {
+		$sql = "UPDATE mb_user SET mb_user_password_ticket = $1";			
+		$sql.=" WHERE mb_user_id = $2";
+	
+		$passwordTicket = substr(md5(uniqid(rand())),0,30);
+		
+		$v = array($passwordTicket,$this->id);
+		$t = array('s','i');     
+		$res = db_prep_query($sql,$v,$t);	
+		if(!$res){
+			$e= new mb_exception(1);
+			throw new Exception("Error setting new user password ticket");
+		}
+		return true;
+	}
     /*
     * @return Array of Users
     * @param $filter UNUSED! string that must be contained in the username

Modified: trunk/mapbender/http/javascripts/mod_confirmLogin.php
===================================================================
--- trunk/mapbender/http/javascripts/mod_confirmLogin.php	2010-04-10 15:55:04 UTC (rev 5897)
+++ trunk/mapbender/http/javascripts/mod_confirmLogin.php	2010-04-10 15:56:45 UTC (rev 5898)
@@ -133,9 +133,14 @@
 		};
 		$.post("../php/mod_confirmLogin_server.php", parameters, function (json, status) {
 			if(status == 'success') {
-				alert(json);
-				var $loginHref = $("<div style='margin-top:20px'><a href='../frames/login.php'>Zum Login</a></div");
-				$loginHref.appendTo("#contentDiv");
+				if (json == 'true') {
+					var $loginHref = $("<div style='margin-top:20px'><a href='../frames/login.php'>Login</a></div");
+					$loginHref.appendTo("#contentDiv");
+				}
+				else {
+					var $errorMsg = $("<div style='margin-top:20px'>Error saving password. Please contact your administrator.</div");
+					$errorMsg.appendTo("#contentDiv");
+				}	
 			}
 		});
 	}

Modified: trunk/mapbender/http/php/mod_confirmLogin_server.php
===================================================================
--- trunk/mapbender/http/php/mod_confirmLogin_server.php	2010-04-10 15:55:04 UTC (rev 5897)
+++ trunk/mapbender/http/php/mod_confirmLogin_server.php	2010-04-10 15:56:45 UTC (rev 5898)
@@ -1,5 +1,6 @@
 <?php
 require_once(dirname(__FILE__)."/../../core/globalSettings.php");
+require_once(dirname(__FILE__)."/../classes/class_user.php");
 
 $command = $_POST["command"];
 $pattern = "/[a-z]/i";
@@ -26,38 +27,26 @@
 //if (!preg_match($pattern, $userTicket)) {
 //	echo "User Ticket not valid!";
 //	die;
-//}
+//}
 
-if($command == 'checkTicket') {
-	$sql = "SELECT * FROM mb_user ";
-	$sql .= "WHERE mb_user_id = $1 AND mb_user_password_ticket = $2";
-    $v = array($userId,$userTicket);
-	$t = array("i","s");
-	$res = db_prep_query($sql,$v,$t);
-    $row = db_fetch_array($res);
-    if ($row) {
-    	if($row['mb_user_password_ticket'] == '' || $row['mb_user_password_ticket'] != $userTicket) {
-    		echo "false";
-    	}
-    	else {
-    		echo "true";
-    	}		
-    }
-    else {
-    	echo "false";
-    }
+$user = new user();
+$user->id = $userId;
+
+if($command == 'checkTicket') {
+	if($user->validUserPasswordTicket($userTicket)) {
+		echo "true";
+	}
+	else {
+		echo "false";
+	}
 }
 
-if($command == 'savePwd') {
-	$sql = "UPDATE mb_user SET mb_user_password = $1, mb_user_password_ticket = '' WHERE mb_user_id = $2 AND mb_user_password_ticket = $3";
-	$v = array(md5($userPassword),$userId,$userTicket);
-	$t = array('s','i','s');
-	$res = db_prep_query($sql,$v,$t);
-	if($res){
-		echo "Password saved successfully.";
+if($command == 'savePwd') {
+	if($user->setPassword($userPassword,$userTicket)) {
+		echo "true";
+	}
+	else {
+		echo "false";
 	}
-	else {
-		echo "Error while saving password.";
-	}	
 }
 ?>

Modified: trunk/mapbender/http/php/mod_editFilteredUser.php
===================================================================
--- trunk/mapbender/http/php/mod_editFilteredUser.php	2010-04-10 15:55:04 UTC (rev 5897)
+++ trunk/mapbender/http/php/mod_editFilteredUser.php	2010-04-10 15:56:45 UTC (rev 5898)
@@ -21,6 +21,7 @@
 import_request_variables("PG");
 $e_id="editFilteredUser";
 require_once(dirname(__FILE__)."/../php/mb_validatePermission.php");
+require_once(dirname(__FILE__)."/../classes/class_user.php");
 $myUser = true;
 ?>
 <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
@@ -235,18 +236,9 @@
 }
 
 if($action == 'new_pw_ticket'){
-	$sql = "UPDATE mb_user SET mb_user_password_ticket = $1";			
-	$sql.=" WHERE mb_user_id = $2";
-
-	$tmpPW = md5(microtime());
-	$passwordTicket = substr(md5(uniqid(rand())),0,30);
-	
-	$v = array($passwordTicket,$selected_user);
-	$t = array('s','i');     
-	$res = db_prep_query($sql,$v,$t);	
-	if($res){
-		echo "<script language='JavaScript'>alert('New password ticket created.');</script>";
-	}
+	$user = new user();
+	$user->id = $selected_user;
+	$user->setNewUserPasswordTicket();
 }
 
 if (!isset($name) || $selected_user == 'new'){

More information about the Mapbender_commits mailing list