gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-10-10 11:02:41 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

- handle new settings for password strength, expiration

Browse Source 
- prevent some XSS attacs
This commit is contained in:
steinm 2012-08-28 07:24:32 +00:00
parent 7d4c363e5a
commit ce2843ef6e
1 changed files with 40 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

45
out/out.UsrMgr.php
View File

@ -28,7 +28,7 @@ if (!$user->isAdmin()) {
UI::exitError(getMLText("admin_tools"),getMLText("access_denied")); UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
} }
$users = $dms->getAllUsers(); $users = $dms->getAllUsers($settings->_sortUsersInList);
if (is_bool($users)) { if (is_bool($users)) {
UI::exitError(getMLText("admin_tools"),getMLText("internal_error")); UI::exitError(getMLText("admin_tools"),getMLText("internal_error"));
@ -46,6 +46,7 @@ UI::globalNavigation();
UI::pageNavigation(getMLText("admin_tools"), "admin_tools"); UI::pageNavigation(getMLText("admin_tools"), "admin_tools");
?> ?>
<script type="text/javascript" src='../js/jquery.passwordstrength.js'></script>
<script language="JavaScript"> <script language="JavaScript">
function checkForm(num) function checkForm(num)
@ -57,8 +58,8 @@ function checkForm(num)
if ((num == '0') && (formObj.pwd.value == "")) msg += "<?php printMLText("js_no_pwd");?>\n"; if ((num == '0') && (formObj.pwd.value == "")) msg += "<?php printMLText("js_no_pwd");?>\n";
if ((formObj.pwd.value != formObj.pwdconf.value)&&(formObj.pwd.value != "" )&&(formObj.pwd.value != "" )) msg += "<?php printMLText("js_pwd_not_conf");?>\n"; if ((formObj.pwd.value != formObj.pwdconf.value)&&(formObj.pwd.value != "" )&&(formObj.pwd.value != "" )) msg += "<?php printMLText("js_pwd_not_conf");?>\n";
if (formObj.name.value == "") msg += "<?php printMLText("js_no_name");?>\n"; if (formObj.name.value == "") msg += "<?php printMLText("js_no_name");?>\n";
//if (formObj.email.value == "") msg += "<?php printMLText("js_no_email");?>\n"; if (formObj.email.value == "") msg += "<?php printMLText("js_no_email");?>\n";
if (formObj.comment.value == "") msg += "<?php printMLText("js_no_comment");?>\n"; //if (formObj.comment.value == "") msg += "<?php printMLText("js_no_comment");?>\n";
if (msg != "") if (msg != "")
{ {
alert(msg); alert(msg);
@ -82,6 +83,12 @@ function showUser(selectObj) {
obj.style.display = ""; obj.style.display = "";
} }
$(document).ready( function() {
$(".pwd").passStrength({
url: "../op/op.Ajax.php",
minscore: <?php echo (int) $settings->_passwordStrength; ?>
});
});
</script> </script>
<?php <?php
@ -100,7 +107,7 @@ UI::contentContainerStart();
$count=2; $count=2;
foreach ($users as $currUser) { foreach ($users as $currUser) {
if (isset($_GET["userid"]) && $currUser->getID()==$_GET["userid"]) $selected=$count; if (isset($_GET["userid"]) && $currUser->getID()==$_GET["userid"]) $selected=$count;
print "<option value=\"".$currUser->getID()."\">" . $currUser->getLogin(); print "<option value=\"".$currUser->getID()."\">" . htmlspecialchars($currUser->getLogin() . " - ". $currUser->getFullName());
$count++; $count++;
} }
?> ?>
@ -119,12 +126,22 @@ UI::contentContainerStart();
</tr> </tr>
<tr> <tr>
<td><?php printMLText("password");?>:</td> <td><?php printMLText("password");?>:</td>
<td><input name="pwd" type="Password"></td> <td><input class="pwd" name="pwd" type="Password"> <div id="outerstrength" style="min-width: 100px; height: 14px; display: inline-block; border: 1px solid black; padding: 1px;"><div id="innerstrength" style="width: 0px; height: 14px; display: inline-block; border: 0px; padding: 0px; background-color: red;">&nbsp;</div> <div id="strength" style="display: inline-block;"></div></div></td>
</tr> </tr>
<tr> <tr>
<td><?php printMLText("confirm_pwd");?>:</td> <td><?php printMLText("confirm_pwd");?>:</td>
<td><input type="Password" name="pwdconf"></td> <td><input type="Password" name="pwdconf"></td>
</tr> </tr>
<?php
if($settings->_passwordExpiration > 0) {
?>
<tr>
<td><?php printMLText("password_expiration");?>:</td>
<td><select name="pwdexpiration"><option value="<?php echo date('Y-m-d H:i:s'); ?>"><?php printMLText("now");?></option><option value="<?php echo date('Y-m-d H:i:s', time()+$settings->_passwordExpiration*86400); ?>"><?php printMLText("according_settings");?></option></select></td>
</tr>
<?php
}
?>
<tr> <tr>
<td><?php printMLText("user_name");?>:</td> <td><?php printMLText("user_name");?>:</td>
<td><input name="name"></td> <td><input name="name"></td>
@ -145,6 +162,10 @@ UI::contentContainerStart();
<td><?php printMLText("is_hidden");?>:</td> <td><?php printMLText("is_hidden");?>:</td>
<td><input type="checkbox" name="ishidden" value="1"></td> <td><input type="checkbox" name="ishidden" value="1"></td>
</tr> </tr>
<tr>
<td><?php printMLText("is_disabled");?>:</td>
<td><input type="checkbox" name="isdisabled" value="1"></td>
</tr>
<?php if ($settings->_enableUserImage){ ?> <?php if ($settings->_enableUserImage){ ?>
@ -250,6 +271,16 @@ UI::contentContainerStart();
<td><?php printMLText("confirm_pwd");?>:</td> <td><?php printMLText("confirm_pwd");?>:</td>
<td><input type="Password" name="pwdconf"></td> <td><input type="Password" name="pwdconf"></td>
</tr> </tr>
<?php
if($settings->_passwordExpiration > 0) {
?>
<tr>
<td><?php printMLText("password_expiration");?>:</td>
<td><select name="pwdexpiration"><option value="<?php echo date('Y-m-d H:i:s'); ?>"><?php printMLText("now");?></option><option value="<?php echo date('Y-m-d H:i:s', time()+$settings->_passwordExpiration*86400); ?>"><?php printMLText("according_settings");?></option></select> <?php echo $currUser->getPwdExpiration(); ?></td>
</tr>
<?php
}
?>
<tr> <tr>
<td><?php printMLText("user_name");?>:</td> <td><?php printMLText("user_name");?>:</td>
<td><input name="name" value="<?php print htmlspecialchars($currUser->getFullName());?>"></td> <td><input name="name" value="<?php print htmlspecialchars($currUser->getFullName());?>"></td>
@ -270,6 +301,10 @@ UI::contentContainerStart();
<td><?php printMLText("is_hidden");?>:</td> <td><?php printMLText("is_hidden");?>:</td>
<td><input type="checkbox" name="ishidden" value="1"<?php print ($currUser->isHidden() ? " checked='checked'" : "");?>></td> <td><input type="checkbox" name="ishidden" value="1"<?php print ($currUser->isHidden() ? " checked='checked'" : "");?>></td>
</tr> </tr>
<tr>
<td><?php printMLText("is_disabled");?>:</td>
<td><input type="checkbox" name="isdisabled" value="1"<?php print ($currUser->isDisabled() ? " checked='checked'" : "");?>></td>
</tr>
<?php if ($settings->_enableUserImage){ ?> <?php if ($settings->_enableUserImage){ ?>