[Mapbender-commits] r5909 - branches/3_dev/http/plugins

svn_mapbender at osgeo.org svn_mapbender at osgeo.org
Sun Apr 11 06:49:24 EDT 2010 

Author: astrid_emde
Date: 2010-04-11 06:49:23 -0400 (Sun, 11 Apr 2010)
New Revision: 5909

Added:
   branches/3_dev/http/plugins/mod_confirmLogin.php
   branches/3_dev/http/plugins/mod_confirmLogin_server.php
Log:
set your password

Added: branches/3_dev/http/plugins/mod_confirmLogin.php
===================================================================
--- branches/3_dev/http/plugins/mod_confirmLogin.php	                        (rev 0)
+++ branches/3_dev/http/plugins/mod_confirmLogin.php	2010-04-11 10:49:23 UTC (rev 5909)
@@ -0,0 +1,203 @@
+<?php
+# $Id: mod_confirmLogin.php  
+# http://www.mapbender.org/index.php/mod_confirmLogin.php
+# License:
+# Copyright (c) 2009, Open Source Geospatial Foundation
+# This program is dual licensed under the GNU General Public License 
+# and Simplified BSD license.  
+# http://svn.osgeo.org/mapbender/trunk/mapbender/license/license.txt
+
+require_once dirname(__FILE__) . "/../../core/globalSettings.php";
+?>
+<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=<?php echo CHARSET;?>">	
+<title>Confirm Login</title>
+
+<?php 
+$userId = $_GET["user_id"];
+if (!is_numeric($userId)) {
+	echo _mb("User ID not valid!");
+	die;
+}
+
+$userName = $_GET["user_name"];
+$pattern = "/[a-z0-9_-]/i";
+if (!preg_match($pattern, $userName)) {
+	echo _mb("User Name not valid!");
+	die;
+}
+
+$userTicket = $_GET["user_ticket"];
+$pattern = "/[a-z0-9]{30}/i";
+if (!preg_match($pattern, $userTicket)) {
+	echo _mb("User Ticket not valid!");
+	die;
+}
+?>
+<style type="text/css">
+<!--
+body{
+	font-family: Arial, Helvetica, sans-serif;
+	font-size: 10px;
+}
+-->
+</style>
+<script type="text/javascript" src="../extensions/jquery-ui-1.8.custom/js/jquery-1.4.2.min.js"></script>
+<script type="text/javascript">
+<?php 
+echo "var userId = ".$_REQUEST['user_id'].";\n";
+echo "var userName = '".htmlentities($userName, ENT_QUOTES, CHARSET)."';\n";
+echo "var userTicket = '".htmlentities($userTicket, ENT_QUOTES, CHARSET)."';\n";
+?>
+
+/*
+ * Check if ticket number for this user is valid
+ *
+ * @return boolean return true if ticket number is valid
+ */
+function checkTicketNumber () {
+	var parameters = {
+		"command" : "checkTicket",
+		"userId" : userId,
+		userTicket : userTicket
+	};
+	$.post("../php/mod_confirmLogin_server.php", parameters, function (json, status) {
+		if(status == 'success') {
+			if (json == 'true') {
+				createInsertFields();
+			}
+			else {
+				$("#contentDiv").text("You are not authorized. Please request a new ticket from your administrator to set your password.");
+			}
+		}
+	});
+}
+
+/*
+ * Creates table with insert fields
+ *
+ */
+function createInsertFields() {
+	//create table
+	var $table = $("<table></table>");
+	$table.appendTo("#contentDiv");
+	//create lines and fields
+	var $tr1 = $("<tr><td><?php echo _mb("User name"); ?>:</td><td><input type='text' readonly id='userName'/></td><td></td></tr>");
+	var $tr2 = $("<tr><td><?php echo _mb("Password"); ?>:</td><td><input type='password' id='userPw'/></td><td id='spanTd'></td></tr>");
+	var $tr3 = $("<tr><td><?php echo _mb("Confirm password"); ?>:</td><td><input type='password' id='userPw2'/></td><td></td></tr>");
+	$tr1.appendTo($table);
+	$tr2.appendTo($table);
+	$tr3.appendTo($table);
+	
+	//fill in field userName 
+	$("#userName").val(userName);
+	
+	//set keyup event for password check
+	$("#userPw").keyup(function () {
+		checkSafety(this.value);
+	});
+	
+	//create span for pwd safety message
+	$("<span />").attr("id","pwdSafetyMsg").appendTo("#spanTd");
+	
+	//set div and button for saving pw
+	var $buttonDiv = $("<div><input type='button' value='<?php echo _mb("Save"); ?>'></div");
+	$buttonDiv.click(function () {
+    	savePwd();	  
+    });
+	$buttonDiv.appendTo("#contentDiv");
+}
+
+/*
+ * Save new password
+ *
+ */
+function savePwd() {
+	if(checkPassword()) {
+		var parameters = {
+			command : "savePwd",
+			userId : userId,
+			userTicket : userTicket,
+			userPassword : document.getElementById("userPw").value
+		};
+		$.post("../php/mod_confirmLogin_server.php", parameters, function (json, status) {
+			if(status == 'success') {
+				if (json == 'true') {
+					var $loginHref = $("<div style='margin-top:20px'><?php echo _mb("Your password has been saved."); ?><a href='../frames/login.php'>Login</a></div");
+					$loginHref.appendTo("#contentDiv");
+				}
+				else {
+					var $errorMsg = $("<div style='margin-top:20px'><?php _mb("Error saving password. Please contact your administrator."); ?></div");
+					$errorMsg.appendTo("#contentDiv");
+				}	
+			}
+		});
+	}
+}
+
+/*
+ * Check if password and password confirmation are inserted correctly 
+ *
+ */
+function checkPassword() {
+	var newPw = document.getElementById("userPw");
+	var newPwConfirm = document.getElementById("userPw2");
+	if(newPw.value == '' || newPwConfirm.value == '' || newPw.value != newPwConfirm.value) {
+		alert("<?php echo _mb("Password verification failed. Please insert password twice!"); ?>");
+	    newPw.value = "";
+	    newPwConfirm.value = "";
+	    newPw.focus();
+	    $("#pwdSafetyMsg").html("");
+	    return false;
+	}
+	else {
+		return true;	
+	}
+}
+
+function checkSafety(pwdString){
+	var pwdMsg = "";
+	var pwdPoints = pwdString.length;
+	
+	var hasLetter = new RegExp("[a-z]");
+	var hasCaps	= new RegExp("[A-Z]");
+	var hasNumbers = new RegExp("[0-9]");
+	var hasSymbols = new RegExp("\\W");
+	
+	if(hasLetter.test(pwdString)){ pwdPoints += 4; }
+	if(hasCaps.test(pwdString)){ pwdPoints += 4; }
+	if(hasNumbers.test(pwdString)){ pwdPoints += 4; }
+	if(hasSymbols.test(pwdString)){ pwdPoints += 4; }
+	
+	if(pwdPoints >= 12) {
+		$("#pwdSafetyMsg").css("color","#0f0");
+		pwdMsg = "<?php echo _mb("Your password is strong!"); ?>";
+	} 
+	else if(pwdPoints >= 8) {
+		$("#pwdSafetyMsg").css("color","#00f");
+		pwdMsg = "<?php echo _mb("Your password is medium!"); ?>";
+	} 
+	else if(pwdPoints >= 6) {
+		$("#pwdSafetyMsg").css("color","#fa0");
+		pwdMsg = "<?php echo _mb("Your password is weak!"); ?>";
+	} 
+	else {
+		$("#pwdSafetyMsg").css("color","#f00");
+		pwdMsg = "<?php echo _mb("Your password is very weak!"); ?>";
+	}
+	
+	$("#pwdSafetyMsg").html(pwdMsg);
+}
+
+</script>
+</head>
+
+<body onload='checkTicketNumber();'>
+	<div id='contentDiv'>
+	</div>
+</body>
+
+</html>
+

Added: branches/3_dev/http/plugins/mod_confirmLogin_server.php
===================================================================
--- branches/3_dev/http/plugins/mod_confirmLogin_server.php	                        (rev 0)
+++ branches/3_dev/http/plugins/mod_confirmLogin_server.php	2010-04-11 10:49:23 UTC (rev 5909)
@@ -0,0 +1,50 @@
+<?php
+require_once(dirname(__FILE__)."/../../core/globalSettings.php");
+require_once(dirname(__FILE__)."/../../core/lib/class_User.php");
+
+$command = $_POST["command"];
+$pattern = "/[a-z]/i";
+if (!preg_match($pattern, $command)) {
+	echo _mb("Command not valid!");
+	die;
+}
+
+$userId = $_POST["userId"];
+if (!is_numeric($userId)) {
+	echo _mb("User ID not valid!");
+	die;
+}
+
+$userTicket = $_POST["userTicket"];
+$pattern = "/[a-z0-9]{30}/i";
+if (!preg_match($pattern, $userTicket)) {
+	echo _mb("User Ticket not valid!");
+	die;
+}
+
+$userPassword = $_POST["userPassword"];
+
+$user = new user();
+$user->id = $userId;
+$user->load();
+
+
+
+if($command == 'checkTicket') {
+	if($user->validUserPasswordTicket($userTicket)) {
+		echo "true";
+	}
+	else {
+		echo "false";
+	}
+}
+
+if($command == 'savePwd') {
+	if($user->setPassword($userPassword,$userTicket)) {
+		echo "true";
+	}
+	else {
+		echo "false";
+	}
+}
+?>

More information about the Mapbender_commits mailing list