Change user password, Disable user, improve comments on functions

2021-01-26 22:31:12 +01:00 · 2021-01-26 22:31:12 +01:00 · 71f1742c45
commit 71f1742c45
parent 3b37cb2905
7 changed files with 135 additions and 146 deletions
--- a/bl-kernel/admin/views/edit-user.php
+++ b/bl-kernel/admin/views/edit-user.php
@ -137,13 +137,21 @@
 			'tip' => $L->g('this-token-is-similar-to-a-password-it-should-not-be-shared')
 		));
-		echo Bootstrap::formTitle(array('title' => $L->g('Password')));
+		echo Bootstrap::formTitle(array('title' => $L->g('Change password')));
-		echo '
+		echo Bootstrap::formInputText(array(
-		<div class="form-group">
+			'name' => 'newPassword',
-			<a href="' . HTML_PATH_ADMIN_ROOT . 'user-password/' . $user->username() . '" class="btn btn-primary me-2">' . $L->g('Change password') . '</a>
+			'label' => $L->g('New password'),
-		</div>
+			'type' => 'password',
-		';
+			'value' => '',
 		));
 		echo Bootstrap::formInputText(array(
 			'name' => 'confirmPassword',
 			'label' => $L->g('Confirm password'),
 			'type' => 'password',
 			'value' => '',
 		));
 		?>
 	</div>
 	<!-- End Tab security -->
@ -247,6 +255,77 @@
 <script>
 	$(document).ready(function() {
 		$('#btnSave').on('click', function() {
 			var username = $('#username').val();
 			var newPassword = $('#newPassword').val();
 			var confirmPassword = $('#confirmPassword').val();
 			// Change the password if the user write a new one in the input
 			if (newPassword) {
 				if (newPassword.length < PASSWORD_LENGTH) {
 					showAlertError("<?php $L->p('Password must be at least 6 characters long') ?>");
 					return false;
 				}
 				if (newPassword !== confirmPassword) {
 					showAlertError("<?php $L->p('The password and confirmation password do not match') ?>");
 					return false;
 				}
 				bootbox.confirm({
 					message: '<?php $L->p('Are you sure you want to change the password') ?>',
 					buttons: {
 						cancel: {
 							label: '<i class="fa fa-times"></i><?php $L->p('Cancel') ?>',
 							className: 'btn-sm btn-secondary'
 						},
 						confirm: {
 							label: '<i class="fa fa-check"></i><?php $L->p('Confirm') ?>',
 							className: 'btn-sm btn-primary'
 						}
 					},
 					closeButton: false,
 					callback: function(result) {
 						if (result) {
 							// The user accepted the action to change the password
 							var args = {
 								username: username,
 								password: $('#newPassword').val()
 							};
 							api.editUser(args).then(function(response) {
 								if (response.status == 0) {
 									logs('User password changed. Username: ' + response.data.key);
 									showAlertInfo("<?php $L->p('The changes have been saved') ?>");
 								} else {
 									logs('An error occurred while trying to change the user password.');
 									showAlertError(response.message);
 								}
 							});
 						}
 						$('#newPassword').val('');
 						$('#confirmPassword').val('');
 						return true;
 					}
 				});
 			}
 			// Edit the user properties
 			var args = {
 				username: username,
 				role: $('#role').val(),
 				email: $('#email').val()
 			};
 			api.editUser(args).then(function(response) {
 				if (response.status == 0) {
 					logs('User edited. Username: ' + response.data.key);
 				} else {
 					logs('An error occurred while trying to edit the user.');
 					showAlertError(response.message);
 				}
 			});
 		});
 		$('#inputProfilePicture').on("change", function(e) {
 			var inputProfilePicture = $('#inputProfilePicture')[0].files;
 			var username = $('#username').val();
@ -311,7 +390,7 @@
 						};
 						api.deleteProfilePicture(args).then(function(response) {
 							if (response.status == 0) {
-								logs('Profile picture deleted. Username: ' + response.data.username);
+								logs('Profile picture deleted. Username: ' + response.data.key);
 								showAlertInfo("<?php $L->p('The changes have been saved') ?>");
 								$('#profilePicturePreview').attr('src', '<?php echo HTML_PATH_CORE_IMG . 'default.svg' ?>');
 							} else {
@ -347,10 +426,10 @@
 							username: $('#username').val(),
 							disable: true
 						};
-						api.disableUser(args).then(function(response) {
+						api.editUser(args).then(function(response) {
 							if (response.status == 0) {
-								logs('User disabled. Username: ' + response.data.username);
+								logs('User disabled. Username: ' + response.data.key);
-								showAlertInfo("<?php $L->p('The changes have been saved') ?>");
+								window.location.replace(HTML_PATH_ADMIN_ROOT + 'users');
 							} else {
 								logs("An error occurred while trying to disable the user.");
 								showAlertError(response.message);
--- a/bl-kernel/admin/views/user-password.php
+++ b/bl-kernel/admin/views/user-password.php
@ -1,60 +0,0 @@
 <?php defined('BLUDIT') or die('Bludit CMS.'); ?>
 <?php echo Bootstrap::formOpen(array('id'=>'jsform', 'class'=>'tab-content')); ?>
 <div class="align-middle">
 	<div class="float-end mt-1">
 		<button type="submit" class="btn btn-primary btn-sm" name="save"><?php $L->p('Save') ?></button>
 		<a class="btn btn-secondary btn-sm" href="<?php echo HTML_PATH_ADMIN_ROOT.'edit-user/'.$user->username() ?>" role="button"><?php $L->p('Cancel') ?></a>
 	</div>
 	<?php echo Bootstrap::pageTitle(array('title'=>$L->g('Change password'), 'icon'=>'user')); ?>
 </div>
 <?php
 	// Token CSRF
 	echo Bootstrap::formInputHidden(array(
 		'name'=>'tokenCSRF',
 		'value'=>$security->getTokenCSRF()
 	));
 	// Username
 	echo Bootstrap::formInputHidden(array(
 		'name'=>'username',
 		'value'=>$user->username()
 	));
 	// Username disabled
 	echo Bootstrap::formInputText(array(
 		'name'=>'usernameDisabled',
 		'label'=>$L->g('Username'),
 		'value'=>$user->username(),
 		'class'=>'',
 		'placeholder'=>'',
 		'disabled'=>true,
 		'tip'=>''
 	));
 	// New password
 	echo Bootstrap::formInputText(array(
 		'name'=>'newPassword',
 		'label'=>$L->g('New password'),
 		'type'=>'password',
 		'value'=>'',
 		'class'=>'',
 		'placeholder'=>'',
 		'tip'=>''
 	));
 	// Confirm password
 	echo Bootstrap::formInputText(array(
 		'name'=>'confirmPassword',
 		'label'=>$L->g('Confirm new password'),
 		'type'=>'password',
 		'value'=>'',
 		'class'=>'',
 		'placeholder'=>'',
 		'tip'=>''
 	));
 ?>
 <?php echo Bootstrap::formClose(); ?>
--- a/bl-kernel/admin/views/users.php
+++ b/bl-kernel/admin/views/users.php
@ -31,7 +31,7 @@ foreach ($list as $username) {
 		echo '<td class="pt-3 pb-3"><a href="'.HTML_PATH_ADMIN_ROOT.'edit-user/'.$username.'">'.$username.'</a></td>';
 		echo '<td class="pt-3 pb-3 d-none d-lg-table-cell">'.$user->nickname().'</td>';
 		echo '<td class="pt-3 pb-3">'.$user->email().'</td>';
-		echo '<td class="pt-3 pb-3">'.($user->enabled()?'<b>'.$L->g('Enabled').'</b>':$L->g('Disabled')).'</td>';
+		echo '<td class="pt-3 pb-3">'.($user->enabled()?'<b>'.$L->g('Enabled').'</b>':'<b class="text-danger">'.$L->g('Disabled').'</b>').'</td>';
 		if ($user->role()=='admin') {
 			echo '<td class="pt-3 pb-3">'.$L->g('Administrator').'</td>';
 		} elseif ($user->role()=='editor') {
--- a/bl-kernel/functions.php
+++ b/bl-kernel/functions.php
@ -2,10 +2,10 @@
 /* ----------------------------------------------------------------------------
 	Global functions
-	These function provides connectivity beteween differens objects and databases.
+	These functions provide connectivity between different objects and databases.
 	These function should provide different checks and logic before add/edit/delete into the databases.
-	For example the creation of a user should check:
+	For example, the creation of a user should check:
 	- if the user already exists
 	- if the username is not empty
 	- if the password match with the differents security rules such as min length
@ -13,8 +13,8 @@
 /*	Create a new page === Bludit v4
-	@args			array			The array $args supports all the keys from the variable $dbFields of the class pages.class.php. If you don't pass all the keys, the default values are used.
+	@args			array			The array $args supports all the keys from the variable $dbFields of the class pages.class.php
-	@return		string/bool	Returns the page key if the page is successfully created, FALSE otherwise
+	@return			string/bool		Returns the page key on successful create, FALSE otherwise
 */
 function createPage($args) {
 	global $pages;
@ -47,15 +47,15 @@ function createPage($args) {
 	}
 	Log::set(__FUNCTION__.LOG_SEP.'Something happened when you tried to create the page.', LOG_TYPE_ERROR);
-	deletePage($key);
+	deletePage(array('key'=>$key));
 	return false;
 }
 /*	Edit a page === Bludit v4
-	@args			array			The array $args supports all the keys from the variable $dbFields of the class pages.class.php. If you don't pass all the keys, the default values are used.
+	@args				array			The array $args supports all the keys from the variable $dbFields of the class pages.class.php
-	@args['key']	string			The key of the page to be edited
+	@args['key']		string			The key of the page to be edited
-	@return		string/bool	Returns the page key if the page is successfully edited, FALSE otherwise
+	@return				string/bool		Returns the page key on successful edit, FALSE otherwise
 */
 function editPage($args) {
 	global $pages;
@ -98,16 +98,16 @@ function editPage($args) {
 /*	Delete a page === Bludit v4
-	@key			string			The key of the page to be deleted
+	@key			string			Array => (key: string)
-	@return		string/bool	Returns TRUE if the page is successfully deleted, FALSE otherwise
+	@return			string/bool		Returns the page key on successful delete, FALSE otherwise
 */
-function deletePage($key) {
+function deletePage($args) {
 	global $pages;
 	global $syslog;
-	if ($pages->delete($key)) {
+	if ($pages->delete($args['key'])) {
 		// Call the plugins after page deleted
-		execPluginsByHook('afterPageDelete', array($key));
+		execPluginsByHook('afterPageDelete', array($args['key']));
 		// Reindex categories and tags
 		reindexCategories();
@ -116,7 +116,7 @@ function deletePage($key) {
 		// Add to syslog
 		$syslog->add(array(
 			'dictionaryKey'=>'content-deleted',
-			'notes'=>$key
+			'notes'=>$args['key']
 		));
 		Log::set(__FUNCTION__.LOG_SEP.'Page deleted.', LOG_TYPE_INFO);
@ -130,7 +130,7 @@ function deletePage($key) {
 /*	Create a new category === Bludit v4
 	@args			array			Array => (name: string, template: string, description: string)
-	@return		string/bool	Returns the category key if the category is successfully created, FALSE otherwise
+	@return			string/bool		Returns the category key on successful create, FALSE otherwise
 */
 function createCategory($args) {
 	global $categories;
@ -159,7 +159,7 @@ function createCategory($args) {
 /*	Edit a category === Bludit v4
 	@args			array			Array => (key: string, name: string, friendlyURL: string, template: string, description: string)
-	@return		string/bool	Returns the category key if the category is successfully edited, FALSE otherwise
+	@return			string/bool		Returns the category key on successful edit, FALSE otherwise
 */
 function editCategory($args) {
 	global $pages;
@ -190,7 +190,7 @@ function editCategory($args) {
 		return false;
 	}
-	// Change the category key inside the pages database
+	// Re-link all pages with the new category key
 	if ($args['key']!==$finalKey) {
 		$pages->changeCategory($args['key'], $finalKey);
 	}
@ -207,7 +207,7 @@ function editCategory($args) {
 /*	Delete a category === Bludit v4
 	@args			array			Array => (key: string)
-	@return		bool			Returns TRUE if the category was deleted, FALSE otherwise
+	@return			bool			Returns TRUE on successful delete, FALSE otherwise
 */
 function deleteCategory($args) {
 	global $categories;
@ -235,8 +235,8 @@ function deleteCategory($args) {
 /*	Create a new user === Bludit v4
 	This function should check everthing, such as empty username, emtpy password, password lenght, etc
-	@args			array			The array $args supports all the keys from the variable $dbFields of the class pages.class.php. If you don't pass all the keys, the default values are used.
+	@args			array				The array $args supports all the keys from the variable $dbFields of the class users.class.php
-	@return		string/bool	Returns the page key if the page is successfully created, FALSE otherwise
+	@return			string/bool			Returns the username on successful create, FALSE otherwise
 */
 function createUser($args) {
 	global $users;
@ -271,9 +271,10 @@ function createUser($args) {
 /*	Edit an user === Bludit v4
-	@args				array			The array $args supports all the keys from the variable $dbFields of the class users.class.php. If you don't pass all the keys, the default values are used.
+	@args				array			The array $args supports all the keys from the variable $dbFields of the class users.class.php
 	@args['disable']	bool			If you set this variable the user will be disabled
-	@return				string/bool		Returns the username if the user was successfully disabled, FALSE otherwise
+	@args['password']	string			If you set this variable a new password will be set for the user
 	@return				string/bool		Returns the username on successful edit, FALSE otherwise
 */
 function editUser($args) {
 	global $users;
@ -289,9 +290,10 @@ function editUser($args) {
 		return false;
 	}
 	// Disable the user
 	// Your should pass the argument 'disable'
 	if (isset($args['disable'])) {
-		$login = new Login();
+		if (Session::get('role')!=='admin') {
 		if ($login->role()!=='admin') {
 			Log::set(__FUNCTION__.LOG_SEP.'Only the administrator can disable users.', LOG_TYPE_ERROR);
 			return false;
 		}
@ -319,12 +321,12 @@ function editUser($args) {
 }
 /*	Upload a profile picture === Bludit v4
-	The profile picture is saved in PATH_UPLOADS_PROFILES.$username.png
+	The profile picture is store in PATH_UPLOADS_PROFILES.$username.png
-	@username	string	Username
+	@username		string		Username
-	@_FILE		array	https://www.php.net/manual/en/reserved.variables.files.php
+	@_FILE			array		https://www.php.net/manual/en/reserved.variables.files.php
-	@return		array
+	@return			array
 */
 function uploadProfilePicture($username) {
 	if (!isset($_FILES['file'])) {
@ -392,9 +394,9 @@ function uploadProfilePicture($username) {
 /*	Delete a profile picture === Bludit v4
-	@username	string	Username
+	@username		string		Username
-	@return		bool	Returns TRUE if the profile pictures is deleted succesfully, FALSE otherwise
+	@return			bool		Returns TRUE on successful delete, FALSE otherwise
 */
 function deleteProfilePicture($username) {
 	// Check path traversal
@ -419,10 +421,10 @@ function deleteProfilePicture($username) {
 /*	Upload a file to a page === Bludit v4
 	The files is saved in
-	@pageKey	string	Page key
+	@pageKey		string		Page key
-	@_FILE		array	https://www.php.net/manual/en/reserved.variables.files.php
+	@_FILE			array		https://www.php.net/manual/en/reserved.variables.files.php
-	@return		array
+	@return			array
 */
 function uploadPageFile($pageKey) {
 	global $site;
@ -932,40 +934,6 @@ function editSettings($args) {
 	return false;
 }
 function changeUserPassword($args) {
 	global $users;
 	global $L;
 	global $syslog;
 	// Arguments
 	$username = $args['username'];
 	$newPassword = $args['newPassword'];
 	$confirmPassword = $args['confirmPassword'];
 	// Password length
 	if (Text::length($newPassword) < 6) {
 		Alert::set($L->g('Password must be at least 6 characters long'), ALERT_STATUS_FAIL);
 		return false;
 	}
 	if ($newPassword!=$confirmPassword) {
 		Alert::set($L->g('The password and confirmation password do not match'), ALERT_STATUS_FAIL);
 		return false;
 	}
 	if ($users->setPassword(array('username'=>$username, 'password'=>$newPassword))) {
 		// Add to syslog
 		$syslog->add(array(
 			'dictionaryKey'=>'user-password-changed',
 			'notes'=>$username
 		));
 		Alert::set($L->g('The changes have been saved'), ALERT_STATUS_OK);
 		return true;
 	}
 	return false;
 }
 // Returns true if the user is allowed to proceed
 function checkRole($allowRoles, $redirect=true) {
--- a/bl-kernel/js/api.js
+++ b/bl-kernel/js/api.js
@ -268,13 +268,13 @@ class API {
 		}
 	}
-	/*	Disable an user
+	/*	Edit an user
-		@args				array		Array => (username: string, enabled: bool)
+		@args				array		Arguments can be any of the fields from an user
 		@return				string		The username
 	*/
-	async disableUser(args) {
+	async editUser(args) {
-		var url = this.apiURL + 'users/' + args['username'];
+		var url = this.apiURL + "users/" + args['username'];
 		var body = Object.assign({}, this.body, args);
 		try {
 			var response = await fetch(url, {
--- a/bl-languages/en.json
+++ b/bl-languages/en.json
@ -390,9 +390,11 @@
    "start-typing-to-see-a-list-of-suggestions": "Start typing to see a list of suggestions.",
    "view": "View",
    "confirm": "Confirm",
    "current-password": "Current password",
    "are-you-sure-you-want-to-disable-this-user": "Are you sure you want to disable this user?",
    "are-you-sure-you-want-to-delete-the-profile-picture": "Are you sure you want to delete the profile picture?",
    "are-you-sure-you-want-to-delete-this-user": "Are you sure you want to delete this user?",
    "are-you-sure-you-want-to-delete-this-page": "Are you sure you want to delete this page?",
-    "are-you-sure-you-want-to-delete-this-category?": "Are you sure you want to delete this category?"
+    "are-you-sure-you-want-to-delete-this-category?": "Are you sure you want to delete this category?",
    "are-you-sure-you-want-to-change-the-password?": "Are you sure you want to change the password?"
 }
--- a/bl-plugins/api/plugin.php
+++ b/bl-plugins/api/plugin.php
@ -195,7 +195,7 @@ class pluginAPI extends Plugin {
 			if (!empty($parmC)) {
 				$key = $parmB.'/'.$parmC;
 			}
-			$data = $this->deletePage($key);
+			$data = $this->deletePage(array('key'=>$key));
 		}
 		// (GET) /api/settings
 		elseif ( ($method==='GET') && ($parmA==='settings') && empty($parmB) && $writePermissions ) {
@ -520,9 +520,9 @@ class pluginAPI extends Plugin {
 		);
 	}
-	private function deletePage($key)
+	private function deletePage($args)
 	{
-		if (deletePage($key)) {
+		if (deletePage($args)) {
 			return array(
 				'status'=>'0',
 				'message'=>'Page deleted.'