flashii/misuzu
flashii/misuzu
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Disallow e-mail and password changing from test site.

Browse source
This commit is contained in:
flash 2018-04-14 05:10:47 +02:00
parent aea66a62fb
commit afa9495f29
3 changed files with 124 additions and 110 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

105
public/settings.php
View file

@ -91,6 +91,7 @@ if (!array_key_exists($settings_mode, $settings_modes)) {
$settings_errors = []; $settings_errors = [];
$prevent_registration = $app->config->get('Auth', 'prevent_registration', 'bool', false);
$avatar_filename = "{$settings_user->user_id}.msz"; $avatar_filename = "{$settings_user->user_id}.msz";
$avatar_max_width = $app->config->get('Avatar', 'max_width', 'int', 4000); $avatar_max_width = $app->config->get('Avatar', 'max_width', 'int', 4000);
$avatar_max_height = $app->config->get('Avatar', 'max_height', 'int', 4000); $avatar_max_height = $app->config->get('Avatar', 'max_height', 'int', 4000);
@ -130,68 +131,70 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
} }
} }
if (!empty($_POST['current_password']) if (!$prevent_registration) {
if (!empty($_POST['current_password'])
|| ( || (
(isset($_POST['password']) || isset($_OST['email'])) (isset($_POST['password']) || isset($_OST['email']))
&& (!empty($_POST['password']['new']) || !empty($_POST['email']['new'])) && (!empty($_POST['password']['new']) || !empty($_POST['email']['new']))
) )
) { ) {
if (!$settings_user->verifyPassword($_POST['current_password'])) { if (!$settings_user->verifyPassword($_POST['current_password'])) {
$settings_errors[] = "Your current password was incorrect."; $settings_errors[] = "Your current password was incorrect.";
break;
}
if (!empty($_POST['email']['new'])) {
if (empty($_POST['email']['confirm']) || $_POST['email']['new'] !== $_POST['email']['confirm']) {
$settings_errors[] = "The given e-mail addresses did not match.";
break; break;
} }
if ($_POST['email']['new'] === $settings_user->email) { if (!empty($_POST['email']['new'])) {
$settings_errors[] = "This is your e-mail address already!"; if (empty($_POST['email']['confirm']) || $_POST['email']['new'] !== $_POST['email']['confirm']) {
break; $settings_errors[] = "The given e-mail addresses did not match.";
} break;
$email_validate = User::validateEmail($_POST['email']['new'], true);
if ($email_validate !== '') {
switch ($email_validate) {
case 'dns':
$settings_errors[] = "No valid MX record exists for this domain.";
break;
case 'format':
$settings_errors[] = "The given e-mail address was incorrectly formatted.";
break;
case 'in-use':
$settings_errors[] = "This e-mail address has already been used by another user.";
break;
default:
$settings_errors[] = "Unknown e-mail validation error.";
} }
break;
if ($_POST['email']['new'] === $settings_user->email) {
$settings_errors[] = "This is your e-mail address already!";
break;
}
$email_validate = User::validateEmail($_POST['email']['new'], true);
if ($email_validate !== '') {
switch ($email_validate) {
case 'dns':
$settings_errors[] = "No valid MX record exists for this domain.";
break;
case 'format':
$settings_errors[] = "The given e-mail address was incorrectly formatted.";
break;
case 'in-use':
$settings_errors[] = "This e-mail address has already been used by another user.";
break;
default:
$settings_errors[] = "Unknown e-mail validation error.";
}
break;
}
$settings_user->email = $_POST['email']['new'];
} }
$settings_user->email = $_POST['email']['new']; if (!empty($_POST['password']['new'])) {
} if (empty($_POST['password']['confirm'])
if (!empty($_POST['password']['new'])) {
if (empty($_POST['password']['confirm'])
|| $_POST['password']['new'] !== $_POST['password']['confirm']) { || $_POST['password']['new'] !== $_POST['password']['confirm']) {
$settings_errors[] = "The given passwords did not match."; $settings_errors[] = "The given passwords did not match.";
break; break;
}
$password_validate = User::validatePassword($_POST['password']['new'], true);
if ($password_validate !== '') {
$settings_errors[] = "The given passwords was too weak.";
break;
}
$settings_user->password = $_POST['password']['new'];
} }
$password_validate = User::validatePassword($_POST['password']['new'], true);
if ($password_validate !== '') {
$settings_errors[] = "The given passwords was too weak.";
break;
}
$settings_user->password = $_POST['password']['new'];
} }
} }
@ -351,7 +354,7 @@ $app->templating->var('settings_title', $settings_modes[$settings_mode]);
switch ($settings_mode) { switch ($settings_mode) {
case 'account': case 'account':
$app->templating->vars(compact('settings_profile_fields')); $app->templating->vars(compact('settings_profile_fields', 'prevent_registration'));
break; break;
case 'avatar': case 'avatar':

10
views/mio/_layout/meta.twig
View file

@ -3,15 +3,15 @@
{% set site_twitter = site_twitter|default(globals.site_twitter) %} {% set site_twitter = site_twitter|default(globals.site_twitter) %}
{% if title is defined %} {% if title is defined %}
{% set title = title ~ ' :: ' ~ globals.site_name %} {% set browser_title = title ~ ' :: ' ~ globals.site_name %}
{% else %} {% else %}
{% set title = globals.site_name %} {% set browser_title = globals.site_name %}
{% endif %} {% endif %}
<title>{{ title }}</title> <title>{{ browser_title }}</title>
<meta name="twitter:title" content="{{ title|slice(0, 70) }}"> <meta name="twitter:title" content="{{ title|default(globals.site_name)|slice(0, 70) }}">
<meta property="og:title" content="{{ title }}"> <meta property="og:title" content="{{ title|default(globals.site_name) }}">
<meta property="og:site_name" content="{{ globals.site_name }}"> <meta property="og:site_name" content="{{ globals.site_name }}">
{% if description|length > 0 %} {% if description|length > 0 %}

119
views/mio/settings/account.twig
View file

@ -19,68 +19,79 @@
</div> </div>
<div class="mio__settings__account__column mio__settings__account__column--no-margin"> <div class="mio__settings__account__column mio__settings__account__column--no-margin">
<div class="mio__settings__account__row"> {% if prevent_registration %}
<div class="mio__settings__account__column"> <div class="mio__settings__account__row">
<div class="mio__settings__account__title">E-mail</div> <div class="mio__settings__account__column">
<div class="mio__settings__account__title">E-mail and Password changing</div>
<label class="mio__settings__account__input"> <div style="text-align: center; padding: 5px;"> <!-- PUT CSS IN CSS FILE -->
<div class="mio__settings__account__input__name"> <a class="mio__input__button" href="https://flashii.net/settings.php?m=account">visit main site</a>
New E-mail Address
</div> </div>
<div class="mio__settings__account__input__value"> </div>
<input type="text" name="email[new]" class="mio__input__text mio__settings__account__input__value__text">
</div>
</label>
<label class="mio__settings__account__input">
<div class="mio__settings__account__input__name">
Confirmation
</div>
<div class="mio__settings__account__input__value">
<input type="text" name="email[confirm]" class="mio__input__text mio__settings__account__input__value__text">
</div>
</label>
</div> </div>
</div> {% else %}
<div class="mio__settings__account__row">
<div class="mio__settings__account__column">
<div class="mio__settings__account__title">E-mail</div>
<div class="mio__settings__account__row"> <label class="mio__settings__account__input">
<div class="mio__settings__account__column"> <div class="mio__settings__account__input__name">
<div class="mio__settings__account__title">Password</div> New E-mail Address
</div>
<div class="mio__settings__account__input__value">
<input type="text" name="email[new]" class="mio__input__text mio__settings__account__input__value__text">
</div>
</label>
<label class="mio__settings__account__input"> <label class="mio__settings__account__input">
<div class="mio__settings__account__input__name"> <div class="mio__settings__account__input__name">
New Password Confirmation
</div> </div>
<div class="mio__settings__account__input__value"> <div class="mio__settings__account__input__value">
<input type="password" name="password[new]" class="mio__input__text mio__settings__account__input__value__text"> <input type="text" name="email[confirm]" class="mio__input__text mio__settings__account__input__value__text">
</div> </div>
</label> </label>
</div>
<label class="mio__settings__account__input">
<div class="mio__settings__account__input__name">
Confirmation
</div>
<div class="mio__settings__account__input__value">
<input type="password" name="password[confirm]" class="mio__input__text mio__settings__account__input__value__text">
</div>
</label>
</div> </div>
</div>
<div class="mio__settings__account__row"> <div class="mio__settings__account__row">
<div class="mio__settings__account__column"> <div class="mio__settings__account__column">
<div class="mio__settings__account__title">Confirmation</div> <div class="mio__settings__account__title">Password</div>
<label class="mio__settings__account__input"> <label class="mio__settings__account__input">
<div class="mio__settings__account__input__name"> <div class="mio__settings__account__input__name">
Current Password New Password
</div> </div>
<div class="mio__settings__account__input__value"> <div class="mio__settings__account__input__value">
<input type="password" name="current_password" placeholder="only needed for e-mail and password updating" class="mio__input__text mio__settings__account__input__value__text"> <input type="password" name="password[new]" class="mio__input__text mio__settings__account__input__value__text">
</div> </div>
</label> </label>
<label class="mio__settings__account__input">
<div class="mio__settings__account__input__name">
Confirmation
</div>
<div class="mio__settings__account__input__value">
<input type="password" name="password[confirm]" class="mio__input__text mio__settings__account__input__value__text">
</div>
</label>
</div>
</div> </div>
</div>
<div class="mio__settings__account__row">
<div class="mio__settings__account__column">
<div class="mio__settings__account__title">Confirmation</div>
<label class="mio__settings__account__input">
<div class="mio__settings__account__input__name">
Current Password
</div>
<div class="mio__settings__account__input__value">
<input type="password" name="current_password" placeholder="only needed for e-mail and password updating" class="mio__input__text mio__settings__account__input__value__text">
</div>
</label>
</div>
</div>
{% endif %}
</div> </div>
</div> </div>