Add template, allow users to change username/password
This commit is contained in:
parent
1097f21947
commit
a5e24bbceb
111
account.php
Normal file
111
account.php
Normal file
|
@ -0,0 +1,111 @@
|
|||
<?php session_start();
|
||||
/* curload
|
||||
* Simple file uploading using POST requests
|
||||
* Licensed under the GNU Affero General Public License version 3.0
|
||||
*/
|
||||
|
||||
include "config.php";
|
||||
include "core.php";
|
||||
|
||||
$html = "";
|
||||
$html = printHeader($html);
|
||||
|
||||
$Username = "";
|
||||
$Password = "";
|
||||
$ID = -1;
|
||||
$Primary = 0;
|
||||
$IsCurrentUser = false;
|
||||
|
||||
// make sure a username and password is specified for authentication
|
||||
if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
|
||||
$Username = $_SESSION['username'];
|
||||
$Password = $_SESSION['password'];
|
||||
} else {
|
||||
print "Username and password must be specified.";
|
||||
die();
|
||||
}
|
||||
|
||||
if (isset($_REQUEST['id'])) {
|
||||
$ID = $_REQUEST['id'];
|
||||
} else {
|
||||
$ID = -1; // use the username and password to determine
|
||||
}
|
||||
|
||||
$Authorized = 0;
|
||||
|
||||
$Database = createTables($sqlDB);
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
|
||||
// check permissions
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($ID == -1 && $line['username'] == $Username && $Username != "" && $line['password'] != "" && $Password == $line['password']) {
|
||||
$ID = $line['id'];
|
||||
$SelUsername = $line['username'];
|
||||
$IsCurrentUser = true;
|
||||
$Authorized = 1;
|
||||
|
||||
break;
|
||||
} else if ($line['username'] == $Username && $Username != "" && $line['password'] != "" && $Password == $line['password']) { // We're logged into an admin account
|
||||
$UserDatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
$Primary = $line['primaryadmin'];
|
||||
$IsCurrentUser = false;
|
||||
|
||||
while ($uline = $UserDatabaseQuery->fetchArray()) {
|
||||
if ($ID == $uline['id'] && ($Primary && $uline['usertype'] == 2 || $uline['usertype'] != 2)) {
|
||||
$SelUsername = $uline['username'];
|
||||
$Authorized = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($Authorized == 0) {
|
||||
die();
|
||||
}
|
||||
|
||||
$html .= "\t\t\t<h1>Account options</h1>\n";
|
||||
$html .= "\t\t\t\t<p>This is where you can change account options.</p>\n";
|
||||
|
||||
if ($allowPasswordChange || $IsCurrentUser) {
|
||||
$html .= "\t\t\t\t<h2>Change password</h2>\n";
|
||||
$html .= "\t\t\t\t\t<p>If you need to change your password, you can do so here:</p>\n";
|
||||
$html .= "\t\t\t\t\t<form action=\"change.php\" method=\"post\" class=\"changePass\">\n";
|
||||
|
||||
if ($IsCurrentUser) {
|
||||
$html .= "\t\t\t\t\t\t<label for=\"curpass\">Current password</label>\n";
|
||||
$html .= "\t\t\t\t\t\t<input type=\"password\" name=\"curpass\" placeholder=\"Current password\">\n";
|
||||
}
|
||||
|
||||
$html .= "\t\t\t\t\t\t<label for=\"newpass\">New password</label>\n";
|
||||
$html .= "\t\t\t\t\t\t<input type=\"password\" name=\"newpass\" placeholder=\"New password\">\n";
|
||||
$html .= "\t\t\t\t\t\t<label for=\"newpassc\">Confirm</label>\n";
|
||||
$html .= "\t\t\t\t\t\t<input type=\"password\" name=\"newpassc\" placeholder=\"Confirm\">\n";
|
||||
$html .= "\t\t\t\t\t\t<input type=\"hidden\" name=\"action\" value=\"pass\">\n";
|
||||
$html .= "\t\t\t\t\t\t<input type=\"hidden\" name=\"id\"\" value=\"$ID\">\n";
|
||||
$html .= "\t\t\t\t\t\t<input type=\"submit\" value=\"Change password\" name=\"change\">\n";
|
||||
$html .= "\t\t\t\t\t</form>\n";
|
||||
}
|
||||
|
||||
if ($allowUsernameChange || !$IsCurrentUser) {
|
||||
$html .= "\t\t\t\t<h2>Change username</h2>\n";
|
||||
$html .= "\t\t\t\t\t<p>If you need to change your username, you can do so here:</p>\n";
|
||||
$html .= "\t\t\t\t\t<form action=\"change.php\" method=\"post\" class=\"changeUser\">\n";
|
||||
|
||||
if ($IsCurrentUser) {
|
||||
$html .= "\t\t\t\t\t\t<label for=\"curusername\">Current username</label>\n";
|
||||
$html .= "\t\t\t\t\t\t<input type=\"text\" name=\"curusername\" placeholder=\"Current username\">\n";
|
||||
}
|
||||
|
||||
$html .= "\t\t\t\t\t\t<label for=\"newusername\">New username</label>\n";
|
||||
$html .= "\t\t\t\t\t\t<input type=\"text\" name=\"newusername\" placeholder=\"New username\">\n";
|
||||
$html .= "\t\t\t\t\t\t<input type=\"hidden\" name=\"action\" value=\"username\">\n";
|
||||
$html .= "\t\t\t\t\t\t<input type=\"hidden\" name=\"id\"\" value=\"$ID\">\n";
|
||||
$html .= "\t\t\t\t\t\t<input type=\"submit\" value=\"Change username\" name=\"change\">\n";
|
||||
$html .= "\t\t\t\t\t</form>\n";
|
||||
}
|
||||
|
||||
$html = printFooter($html);
|
||||
print "$html";
|
||||
|
||||
?>
|
|
@ -224,6 +224,7 @@ if ($Action == "files") {
|
|||
|
||||
if ($Primary == 1 && $line['primaryadmin'] != 1) { // primary admins cannot be removed
|
||||
$html .= "\t\t\t\t\t\t<td class=\"adminRemove\"><a href=\"/remove-user.php?redir=admin&id=$ID&type=2\">Remove</a></td>\n";
|
||||
$html .= "\t\t\t\t\t\t<td class=\"adminEdit\"><a href=\"/account.php?redir=admin&id=$ID\">Edit</a></td>\n";
|
||||
}
|
||||
|
||||
$html .= "\t\t\t\t\t</tr>\n";
|
||||
|
|
137
change.php
Normal file
137
change.php
Normal file
|
@ -0,0 +1,137 @@
|
|||
<?php session_start();
|
||||
/* curload
|
||||
* Simple file uploading using POST requests
|
||||
* Licensed under the GNU Affero General Public License version 3.0
|
||||
*/
|
||||
|
||||
include "config.php";
|
||||
include "core.php";
|
||||
|
||||
$Username = "";
|
||||
$Password = "";
|
||||
$CurUsername = "";
|
||||
$CurPassword = "";
|
||||
$Action = "";
|
||||
$ID = 0;
|
||||
$Primary = 0;
|
||||
$IsCurrentUser = false;
|
||||
|
||||
// make sure a username and password is specified for authentication
|
||||
if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
|
||||
$Username = $_SESSION['username'];
|
||||
$Password = $_SESSION['password'];
|
||||
} else {
|
||||
header("Location: /");
|
||||
die();
|
||||
}
|
||||
|
||||
if (isset($_REQUEST['id'])) {
|
||||
$ID = $_REQUEST['id'];
|
||||
} else {
|
||||
$ID = -1; // use the username and password to determine
|
||||
}
|
||||
|
||||
// action
|
||||
if (isset($_REQUEST['action'])) {
|
||||
$Action = $_REQUEST['action'];
|
||||
} else {
|
||||
header("Location: /");
|
||||
die();
|
||||
}
|
||||
|
||||
$Authorized = 0;
|
||||
|
||||
$Database = createTables($sqlDB);
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
|
||||
// check permissions
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($ID == -1 && $line['username'] == $Username && $Username != "" && $line['password'] != "" && $Password == $line['password']) {
|
||||
$ID = $line['id'];
|
||||
$Authorized = 1;
|
||||
$IsCurrentUser = true;
|
||||
$CurUsername = $line['username'];
|
||||
$CurPassword = $line['password'];
|
||||
|
||||
break;
|
||||
} else if ($line['username'] == $Username && $Username != "" && $line['password'] != "" && $Password == $line['password']) { // We're logged into an admin account
|
||||
$UserDatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
$Primary = $line['primaryadmin'];
|
||||
|
||||
while ($uline = $UserDatabaseQuery->fetchArray()) {
|
||||
if ($ID == $uline['id'] && ($Primary && $uline['usertype'] == 2 || $uline['usertype'] != 2)) {
|
||||
$CurUsername = $uline['username'];
|
||||
$CurPassword = $uline['password'];
|
||||
$Authorized = 1;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if ($Authorized == 0) {
|
||||
header("Location: /");
|
||||
die();
|
||||
}
|
||||
|
||||
// perform the action
|
||||
if ($Action == "pass" && ($allowPasswordChange || !$IsCurrentUser)) {
|
||||
if (!isset($_REQUEST['newpass']) || !isset($_REQUEST['newpassc'])) {
|
||||
header("Location: /");
|
||||
die();
|
||||
}
|
||||
|
||||
if ($_REQUEST['newpass'] != $_REQUEST['newpassc']) {
|
||||
header("Location: /");
|
||||
die();
|
||||
}
|
||||
|
||||
$NewPassword = htmlspecialchars(generatePassword($_REQUEST['newpass']));
|
||||
|
||||
if (!password_verify($_REQUEST['curpass'], $CurPassword) && $IsCurrentUser) {
|
||||
header("Location: /");
|
||||
die();
|
||||
}
|
||||
|
||||
$Database->exec("UPDATE users SET password='$NewPassword' WHERE id='$ID'");
|
||||
} else if ($Action == "username" && ($allowUsernameChange || !$IsCurrentUser)) {
|
||||
if (!isset($_REQUEST['newusername'])) {
|
||||
header("Location: /");
|
||||
die();
|
||||
}
|
||||
|
||||
if (!isset($_REQUEST['curusername']) && $IsCurrentUser) {
|
||||
header("Location: /");
|
||||
die();
|
||||
}
|
||||
|
||||
$NewUsername = htmlspecialchars($_REQUEST['newusername']);
|
||||
|
||||
if ($CurUsername != $_REQUEST['curusername'] && $IsCurrentUser) {
|
||||
header("Location: /");
|
||||
die();
|
||||
}
|
||||
|
||||
// make sure no duplicates can exist
|
||||
$UserDatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
while ($uline = $UserDatabaseQuery->fetchArray()) {
|
||||
if ($uline['username'] == $NewUsername) {
|
||||
header("Location: /");
|
||||
die();
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
// change it
|
||||
$Database->exec("UPDATE users SET username='$NewUsername' WHERE id='$ID'");
|
||||
$Database->exec("UPDATE uploads SET username='$NewUsername' WHERE username='$CurUsername'");
|
||||
} else {
|
||||
header("Location: /");
|
||||
die();
|
||||
}
|
||||
|
||||
if ($IsCurrentUser) {
|
||||
header('Location: login.php?logout=true');
|
||||
die();
|
||||
}
|
||||
?>
|
|
@ -25,6 +25,8 @@ enable_upload_removal = true
|
|||
enable_user_upload_removal = false
|
||||
|
||||
[credentials]
|
||||
allow_change_username = true
|
||||
allow_change_password = true
|
||||
sqldb = curload.sql
|
||||
|
||||
[logging]
|
||||
|
|
|
@ -17,6 +17,7 @@ $storeIssued = true;
|
|||
$storeLastUsage = true;
|
||||
$storeUploads = true;
|
||||
$publicUploading = false;
|
||||
$allowPasswordChange = true;
|
||||
$renameDuplicates = true;
|
||||
$replaceOriginal = false;
|
||||
$logoHeaderSize = 16;
|
||||
|
@ -61,6 +62,8 @@ $instanceName = $configEntries['instance_name'];
|
|||
$instanceDescription = $configEntries['instance_description'];
|
||||
$footerText = $configEntries['footer_text'];
|
||||
$publicUploading = $configEntries['public_uploading'];
|
||||
$allowUsernameChange = $configEntries['allow_change_username'];
|
||||
$allowPasswordChange = $configEntries['allow_change_password'];
|
||||
$renameDuplicates = $configEntries['rename_duplicates'];
|
||||
$replaceOriginal = $configEntries['replace_original'];
|
||||
$enableUploadRemoval = $configEntries['enable_upload_removal'];
|
||||
|
|
2
core.php
2
core.php
|
@ -68,6 +68,8 @@ function printHeader($html) {
|
|||
if (!isset($_SESSION['type'])) {
|
||||
$html .= "\t\t\t\t<small id='login'><a id='login' href=\"login.php\">Log in</a></small>\n";
|
||||
} else {
|
||||
$Username = $_SESSION['username'];
|
||||
$html .= "\t\t\t\t<small id='username'><a id='username' href=\"account.php\">$Username</a></small>\n";
|
||||
$html .= "\t\t\t\t<small id='logout'><a id='logout' href=\"login.php?logout=true\">Log out</a></small>\n";
|
||||
}
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@
|
|||
float: right;
|
||||
}
|
||||
|
||||
#login, #logout {
|
||||
#login, #logout, #username {
|
||||
padding-left: 5px;
|
||||
float: right;
|
||||
}
|
||||
|
|
41
templates/template-for-checking-password.php
Normal file
41
templates/template-for-checking-password.php
Normal file
|
@ -0,0 +1,41 @@
|
|||
<?php session_start();
|
||||
/* curload
|
||||
* Simple file uploading using POST requests
|
||||
* Licensed under the GNU Affero General Public License version 3.0
|
||||
*/
|
||||
|
||||
include "config.php";
|
||||
include "core.php";
|
||||
|
||||
$Username = "";
|
||||
$Password = "";
|
||||
$id = 0;
|
||||
|
||||
if (isset($_SESSION['username']) && isset($_SESSION['password'])) {
|
||||
$Username = $_SESSION['username'];
|
||||
$Password = $_SESSION['password'];
|
||||
} else {
|
||||
print "Username and password must be specified.";
|
||||
die();
|
||||
}
|
||||
|
||||
$Authorized = 0;
|
||||
|
||||
$Database = createTables($sqlDB);
|
||||
$DatabaseQuery = $Database->query('SELECT * FROM users');
|
||||
|
||||
while ($line = $DatabaseQuery->fetchArray()) {
|
||||
if ($line['username'] == $Username && $Username != "" && $line['password'] != "" && $Password == $line['password']) {
|
||||
$id = $line['id'];
|
||||
$Authorized = 1;
|
||||
|
||||
break;
|
||||
}
|
||||
}
|
||||
|
||||
if ($Authorized == 0) {
|
||||
die();
|
||||
}
|
||||
|
||||
// Do whatever the fuck you want here
|
||||
?>
|
Loading…
Reference in a new issue