flashii/misuzu
flashii/misuzu
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Disallow e-mail and password changing from test site.

Browse source
This commit is contained in:
flash 2018-04-14 05:10:47 +02:00
parent aea66a62fb
commit afa9495f29
3 changed files with 124 additions and 110 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

105
public/settings.php
View file

@ -91,6 +91,7 @@ if (!array_key_exists($settings_mode, $settings_modes)) {
$settings_errors = [];
$prevent_registration = $app->config->get('Auth', 'prevent_registration', 'bool', false);
$avatar_filename = "{$settings_user->user_id}.msz";
$avatar_max_width = $app->config->get('Avatar', 'max_width', 'int', 4000);
$avatar_max_height = $app->config->get('Avatar', 'max_height', 'int', 4000);
@ -130,68 +131,70 @@ if ($_SERVER['REQUEST_METHOD'] === 'POST') {
}
}
if (!empty($_POST['current_password'])
if (!$prevent_registration) {
if (!empty($_POST['current_password'])
|| (
(isset($_POST['password']) || isset($_OST['email']))
&& (!empty($_POST['password']['new']) || !empty($_POST['email']['new']))
)
) {
if (!$settings_user->verifyPassword($_POST['current_password'])) {
$settings_errors[] = "Your current password was incorrect.";
break;
}
if (!empty($_POST['email']['new'])) {
if (empty($_POST['email']['confirm']) || $_POST['email']['new'] !== $_POST['email']['confirm']) {
$settings_errors[] = "The given e-mail addresses did not match.";
) {
if (!$settings_user->verifyPassword($_POST['current_password'])) {
$settings_errors[] = "Your current password was incorrect.";
break;
}
if ($_POST['email']['new'] === $settings_user->email) {
$settings_errors[] = "This is your e-mail address already!";
break;
}
$email_validate = User::validateEmail($_POST['email']['new'], true);
if ($email_validate !== '') {
switch ($email_validate) {
case 'dns':
$settings_errors[] = "No valid MX record exists for this domain.";
break;
case 'format':
$settings_errors[] = "The given e-mail address was incorrectly formatted.";
break;
case 'in-use':
$settings_errors[] = "This e-mail address has already been used by another user.";
break;
default:
$settings_errors[] = "Unknown e-mail validation error.";
if (!empty($_POST['email']['new'])) {
if (empty($_POST['email']['confirm']) || $_POST['email']['new'] !== $_POST['email']['confirm']) {
$settings_errors[] = "The given e-mail addresses did not match.";
break;
}
break;
if ($_POST['email']['new'] === $settings_user->email) {
$settings_errors[] = "This is your e-mail address already!";
break;
}
$email_validate = User::validateEmail($_POST['email']['new'], true);
if ($email_validate !== '') {
switch ($email_validate) {
case 'dns':
$settings_errors[] = "No valid MX record exists for this domain.";
break;
case 'format':
$settings_errors[] = "The given e-mail address was incorrectly formatted.";
break;
case 'in-use':
$settings_errors[] = "This e-mail address has already been used by another user.";
break;
default:
$settings_errors[] = "Unknown e-mail validation error.";
}
break;
}
$settings_user->email = $_POST['email']['new'];
}
$settings_user->email = $_POST['email']['new'];
}
if (!empty($_POST['password']['new'])) {
if (empty($_POST['password']['confirm'])
if (!empty($_POST['password']['new'])) {
if (empty($_POST['password']['confirm'])
|| $_POST['password']['new'] !== $_POST['password']['confirm']) {
$settings_errors[] = "The given passwords did not match.";
break;
$settings_errors[] = "The given passwords did not match.";
break;
}
$password_validate = User::validatePassword($_POST['password']['new'], true);
if ($password_validate !== '') {
$settings_errors[] = "The given passwords was too weak.";
break;
}
$settings_user->password = $_POST['password']['new'];
}
$password_validate = User::validatePassword($_POST['password']['new'], true);
if ($password_validate !== '') {
$settings_errors[] = "The given passwords was too weak.";
break;
}
$settings_user->password = $_POST['password']['new'];
}
}
@ -351,7 +354,7 @@ $app->templating->var('settings_title', $settings_modes[$settings_mode]);
switch ($settings_mode) {
case 'account':
$app->templating->vars(compact('settings_profile_fields'));
$app->templating->vars(compact('settings_profile_fields', 'prevent_registration'));
break;
case 'avatar':

10
views/mio/_layout/meta.twig
View file

@ -3,15 +3,15 @@
{% set site_twitter = site_twitter|default(globals.site_twitter) %}
{% if title is defined %}
{% set title = title ~ ' :: ' ~ globals.site_name %}
{% set browser_title = title ~ ' :: ' ~ globals.site_name %}
{% else %}
{% set title = globals.site_name %}
{% set browser_title = globals.site_name %}
{% endif %}
<title>{{ title }}</title>
<title>{{ browser_title }}</title>
<meta name="twitter:title" content="{{ title|slice(0, 70) }}">
<meta property="og:title" content="{{ title }}">
<meta name="twitter:title" content="{{ title|default(globals.site_name)|slice(0, 70) }}">
<meta property="og:title" content="{{ title|default(globals.site_name) }}">
<meta property="og:site_name" content="{{ globals.site_name }}">
{% if description|length > 0 %}

119
views/mio/settings/account.twig
View file

@ -19,68 +19,79 @@
</div>
<div class="mio__settings__account__column mio__settings__account__column--no-margin">
<div class="mio__settings__account__row">
<div class="mio__settings__account__column">
<div class="mio__settings__account__title">E-mail</div>
<label class="mio__settings__account__input">
<div class="mio__settings__account__input__name">
New E-mail Address
{% if prevent_registration %}
<div class="mio__settings__account__row">
<div class="mio__settings__account__column">
<div class="mio__settings__account__title">E-mail and Password changing</div>
<div style="text-align: center; padding: 5px;"> <!-- PUT CSS IN CSS FILE -->
<a class="mio__input__button" href="https://flashii.net/settings.php?m=account">visit main site</a>
</div>
<div class="mio__settings__account__input__value">
<input type="text" name="email[new]" class="mio__input__text mio__settings__account__input__value__text">
</div>
</label>
<label class="mio__settings__account__input">
<div class="mio__settings__account__input__name">
Confirmation
</div>
<div class="mio__settings__account__input__value">
<input type="text" name="email[confirm]" class="mio__input__text mio__settings__account__input__value__text">
</div>
</label>
</div>
</div>
</div>
{% else %}
<div class="mio__settings__account__row">
<div class="mio__settings__account__column">
<div class="mio__settings__account__title">E-mail</div>
<div class="mio__settings__account__row">
<div class="mio__settings__account__column">
<div class="mio__settings__account__title">Password</div>
<label class="mio__settings__account__input">
<div class="mio__settings__account__input__name">
New E-mail Address
</div>
<div class="mio__settings__account__input__value">
<input type="text" name="email[new]" class="mio__input__text mio__settings__account__input__value__text">
</div>
</label>
<label class="mio__settings__account__input">
<div class="mio__settings__account__input__name">
New Password
</div>
<div class="mio__settings__account__input__value">
<input type="password" name="password[new]" class="mio__input__text mio__settings__account__input__value__text">
</div>
</label>
<label class="mio__settings__account__input">
<div class="mio__settings__account__input__name">
Confirmation
</div>
<div class="mio__settings__account__input__value">
<input type="password" name="password[confirm]" class="mio__input__text mio__settings__account__input__value__text">
</div>
</label>
<label class="mio__settings__account__input">
<div class="mio__settings__account__input__name">
Confirmation
</div>
<div class="mio__settings__account__input__value">
<input type="text" name="email[confirm]" class="mio__input__text mio__settings__account__input__value__text">
</div>
</label>
</div>
</div>
</div>
<div class="mio__settings__account__row">
<div class="mio__settings__account__column">
<div class="mio__settings__account__title">Confirmation</div>
<div class="mio__settings__account__row">
<div class="mio__settings__account__column">
<div class="mio__settings__account__title">Password</div>
<label class="mio__settings__account__input">
<div class="mio__settings__account__input__name">
Current Password
</div>
<div class="mio__settings__account__input__value">
<input type="password" name="current_password" placeholder="only needed for e-mail and password updating" class="mio__input__text mio__settings__account__input__value__text">
</div>
</label>
<label class="mio__settings__account__input">
<div class="mio__settings__account__input__name">
New Password
</div>
<div class="mio__settings__account__input__value">
<input type="password" name="password[new]" class="mio__input__text mio__settings__account__input__value__text">
</div>
</label>
<label class="mio__settings__account__input">
<div class="mio__settings__account__input__name">
Confirmation
</div>
<div class="mio__settings__account__input__value">
<input type="password" name="password[confirm]" class="mio__input__text mio__settings__account__input__value__text">
</div>
</label>
</div>
</div>
</div>
<div class="mio__settings__account__row">
<div class="mio__settings__account__column">
<div class="mio__settings__account__title">Confirmation</div>
<label class="mio__settings__account__input">
<div class="mio__settings__account__input__name">
Current Password
</div>
<div class="mio__settings__account__input__value">
<input type="password" name="current_password" placeholder="only needed for e-mail and password updating" class="mio__input__text mio__settings__account__input__value__text">
</div>
</label>
</div>
</div>
{% endif %}
</div>
</div>