From 20194953b0fd8a92e88f95b7687f76c7d7e7c092 Mon Sep 17 00:00:00 2001
From: SofianeLasri <alasri250@gmail.com>
Date: Sat, 18 Sep 2021 16:21:24 +0200
Subject: [PATCH] Remplace of netId in users settings
---
vbcms-admin/backTasks.php | 20 ++++++++++----------
vbcms-admin/includes/settings/users.php | 15 ++++++++-------
vbcms-admin/login.php | 8 ++++----
vbcms-core/adminHandler.php | 5 +----
4 files changed, 23 insertions(+), 25 deletions(-)
diff --git a/vbcms-admin/backTasks.php b/vbcms-admin/backTasks.php
index caef394..e51ad4e 100644
--- a/vbcms-admin/backTasks.php
+++ b/vbcms-admin/backTasks.php
@@ -144,9 +144,9 @@ if (isset($_GET["getNotifications"])) {
$fixedAssoc = $bdd->prepare("UPDATE `vbcms-baseModulesAssoc` SET extensionName = ? WHERE name = ?");
$fixedAssoc->execute([$extName, $assocName]);
}
-} elseif (isset($_GET["getNetIdLocalAccount"])&&!empty($_GET["getNetIdLocalAccount"]) && verifyUserPermission($_SESSION['user_id'], "vbcms", 'manageUsersSettings')){
- $localAccountExist = $bdd->prepare("SELECT * FROM `vbcms-localAccounts` WHERE netIdAssoc = ?");
- $localAccountExist->execute([$_GET["getNetIdLocalAccount"]]);
+} elseif (isset($_GET["getLocalAccount"])&&!empty($_GET["getLocalAccount"]) && verifyUserPermission($_SESSION['user_id'], "vbcms", 'manageUsersSettings')){
+ $localAccountExist = $bdd->prepare("SELECT * FROM `vbcms-localAccounts` WHERE userIdAssoc = ?");
+ $localAccountExist->execute([$_GET["getLocalAccount"]]);
$localAccountExist = $localAccountExist->fetch(PDO::FETCH_ASSOC);
echo json_encode($localAccountExist);
@@ -219,17 +219,17 @@ if (isset($_GET["getNotifications"])) {
} else {
echo translate('error').': '.translate('thisIsNotJSON');
}
-} elseif (isset($_GET["setNetIdLocalAccount"])&&!empty($_GET["setNetIdLocalAccount"]) && (isset($_POST)&&!empty($_POST)) && verifyUserPermission($_SESSION['user_id'], "vbcms", 'manageUsersSettings')) {
- $localAccountExist = $bdd->prepare("SELECT * FROM `vbcms-localAccounts` WHERE netIdAssoc = ?");
- $localAccountExist->execute([$_GET["setNetIdLocalAccount"]]);
+} elseif (isset($_GET["setLocalAccount"])&&!empty($_GET["setLocalAccount"]) && (isset($_POST)&&!empty($_POST)) && verifyUserPermission($_SESSION['user_id'], "vbcms", 'manageUsersSettings')) {
+ $localAccountExist = $bdd->prepare("SELECT * FROM `vbcms-localAccounts` WHERE userIdAssoc = ?");
+ $localAccountExist->execute([$_GET["setLocalAccount"]]);
$localAccountExist = $localAccountExist->fetch(PDO::FETCH_ASSOC);
if(!empty($localAccountExist)){
- $modify = $bdd->prepare("UPDATE `vbcms-localAccounts` SET username = ?, password = ? WHERE netIdAssoc = ?");
- $modify->execute([$_POST['localUserUsername'], password_hash($_POST['localUserPassword1'], PASSWORD_DEFAULT), $_GET["setNetIdLocalAccount"]]);
+ $modify = $bdd->prepare("UPDATE `vbcms-localAccounts` SET username = ?, password = ? WHERE userIdAssoc = ?");
+ $modify->execute([$_POST['localUserUsername'], password_hash($_POST['localUserPassword1'], PASSWORD_DEFAULT), $_GET["setLocalAccount"]]);
}else{
- $query = $bdd->prepare('INSERT INTO `vbcms-localAccounts` (`netIdAssoc`, `username`, `password`, `profilePic`) VALUES (?,?,?,?)');
- $query->execute([$_GET["setNetIdLocalAccount"], $_POST['localUserUsername'], password_hash($_POST['localUserPassword1'], PASSWORD_DEFAULT), VBcmsGetSetting("websiteUrl")."vbcms-admin/images/misc/programmer.png"]);
+ $query = $bdd->prepare('INSERT INTO `vbcms-localAccounts` (`userIdAssoc`, `username`, `password`, `profilePic`) VALUES (?,?,?,?)');
+ $query->execute([$_GET["setLocalAccount"], $_POST['localUserUsername'], password_hash($_POST['localUserPassword1'], PASSWORD_DEFAULT), VBcmsGetSetting("websiteUrl")."vbcms-admin/images/misc/programmer.png"]);
}
} elseif(isset($_GET)&&!empty($_GET)){
echo "Commande \"".array_key_first($_GET)."(".$_GET[array_key_first($_GET)].")\" non reconnue.";
diff --git a/vbcms-admin/includes/settings/users.php b/vbcms-admin/includes/settings/users.php
index 90e6d76..72aab9e 100644
--- a/vbcms-admin/includes/settings/users.php
+++ b/vbcms-admin/includes/settings/users.php
@@ -2,6 +2,7 @@
<div class="flex-grow-1 d-flex flex-column">
<div class="mt-2">
<button class="btn btn-sm btn-brown" data-toggle="modal" data-target="#inviteUserModal"><i class="fas fa-envelope"></i> <?=translate('inviteUser')?></button>
+ <button class="btn btn-outline-brown btn-sm" data-toggle="modal" data-target="#createUserModal"><i class="fas fa-user-plus"></i> <?=translate('localAccountCreation')?></button>
<!--<a href="#" class="btn btn-outline-brown btn-sm"><i class="fas fa-user-plus"></i> <?=translate('localAccountCreation')?></a>-->
</div>
<?php
@@ -58,8 +59,8 @@
if($user['id']!=$_SESSION['user_id']){
echo ('<a href="#" onclick="toogle(\'edit-'.$user['username'].'\')" class="text-brown">'.translate("modifyUser").'</a>');
}
- if($user['auth']=='vbcms.net'){
- echo('<a href="#" onclick="editLocalAccount(\''.$user['authId'].'\')" class="text-brown">'.translate("modifyLocalAccount").'</a>');
+ if($user['auth']=='vbcms'){
+ echo('<a href="#" onclick="editLocalAccount(\''.$user['id'].'\')" class="text-brown">'.translate("modifyLocalAccount").'</a>');
}
echo('</small></div>
</div>');
@@ -210,8 +211,8 @@ window.addEventListener('load', function() {
}, false);
})();
-function editLocalAccount(netId) {
- $.get("<?=VBcmsGetSetting("websiteUrl")?>vbcms-admin/backTasks/?getNetIdLocalAccount="+netId, function(data) {
+function editLocalAccount(id) {
+ $.get("<?=VBcmsGetSetting("websiteUrl")?>vbcms-admin/backTasks/?getNetIdLocalAccount="+id, function(data) {
var json = JSON.parse(data);
if(!jQuery.isEmptyObject(json)){
$("#localUserUsername").val(json.username);
@@ -219,7 +220,7 @@ function editLocalAccount(netId) {
$("#localUserUsername").val("");
}
});
- $("#registerBtn").attr("onclick", "sendLocalAccountInfos('"+netId+"')");
+ $("#registerBtn").attr("onclick", "sendLocalAccountInfos('"+id+"')");
$('#localAccountCreationModal').modal('show');
}
@@ -230,8 +231,8 @@ $("#localUserPassword2").change(function() {
checkPassword();
});
-function sendLocalAccountInfos(netId){
- $.post( "<?=VBcmsGetSetting("websiteUrl")?>vbcms-admin/backTasks?setNetIdLocalAccount="+netId, $( "#localAccountCreationForm" ).serialize() )
+function sendLocalAccountInfos(id){
+ $.post( "<?=VBcmsGetSetting("websiteUrl")?>vbcms-admin/backTasks?setLocalAccount="+id, $( "#localAccountCreationForm" ).serialize() )
.done(function( data ) {
if(data!=""){
SnackBar({
diff --git a/vbcms-admin/login.php b/vbcms-admin/login.php
index 5860f6e..e0fe376 100644
--- a/vbcms-admin/login.php
+++ b/vbcms-admin/login.php
@@ -19,15 +19,15 @@ if (isset($_POST['login'])) { // Ne s'éxécute que si le formulaire de connexio
$user = $response->fetch(PDO::FETCH_ASSOC);
if(!empty($user)){
if(hash_equals($user["password"], crypt($_POST["password"], $user["password"]))){
- $_SESSION['auth'] = "vbcms.net";
+ $_SESSION['auth'] = "vbcms";
$_SESSION['loginType'] = "local";
- $userDetails = $bdd->prepare("SELECT * FROM `vbcms-users` WHERE authId=? AND auth='vbcms.net'");
- $userDetails->execute([$user["netIdAssoc"]]);
+ $userDetails = $bdd->prepare("SELECT * FROM `vbcms-users` WHERE id=? AND auth='vbcms.net'");
+ $userDetails->execute([$user["userIdAssoc"]]);
$userDetails = $userDetails->fetch(PDO::FETCH_ASSOC);
$_SESSION['user_id'] = $userDetails['id'];
- $_SESSION['netId'] = $user['netIdAssoc'];
+ $_SESSION['netId'] = null;
$_SESSION['user_username'] = $user['username'];
$userProfilPic = $bdd->prepare("SELECT value FROM `vbcms-usersSettings` WHERE userId = ? AND name = 'profilPic'");
diff --git a/vbcms-core/adminHandler.php b/vbcms-core/adminHandler.php
index 02f9cee..bd0c352 100644
--- a/vbcms-core/adminHandler.php
+++ b/vbcms-core/adminHandler.php
@@ -16,10 +16,7 @@ if (!isset($_SESSION["user_id"]) && $urlPath[2]!="login") { // Si l'utilisateur
// On va vérifier qu'il a accès au panel admin
if ($_SESSION['accessAdmin']!= 1){
- if ($_SERVER['HTTP_HOST'] != "vbcms.net") {
- session_destroy(); // On détruit la session
- }
-
+ session_destroy(); // On détruit la session
// Le message d'erreur sera à changer, je ne l'ai pas encore fait car je dois refaire le drm
header("Location: ".$url["scheme"]."://".$url["host"]."/vbcms-admin/login?err=403");
exit(); // Pour être sûr qu'il n'y ai pas de problèmes
--
GitLab