Added administrative password change feature

2 years ago · c76e8fe9d3
parent 4266a211e0
commit c76e8fe9d3
6 changed files with 59 additions and 6 deletions
--- a/images/key_add.png
+++ b/images/key_add.png
--- a/lang/de.php
+++ b/lang/de.php
@ -42,6 +42,7 @@ $lang = array(
    'lang_logout' => 'Abmelden',
    'lang_options' => 'Optionen',
    'lang_option_none' => '(kein)',
+    'lang_pass_set' => 'Neues Kennwort einstellen',
    'lang_reset' => 'Zur&uuml;cksetzen',
    'lang_search' => 'Suche',
    'lang_statistics' => 'Statistik',
--- a/lang/en.php
+++ b/lang/en.php
@ -42,6 +42,7 @@ $lang = array(
    'lang_logout' => 'Logout',
    'lang_options' => 'Options',
    'lang_option_none' => '(none)',
+    'lang_pass_set' => 'Set new password',
    'lang_reset' => 'Reset',
    'lang_search' => 'Search',
    'lang_statistics' => 'Statistics',
--- a/tpl/useredit.tpl
+++ b/tpl/useredit.tpl
@ -60,7 +60,7 @@
        {$lang_user_role_add}
    </td>
    <td class="value">
-        <img src="images/page_add.png" alt="[Add]">
+        <img src="images/add.png" alt="[Add]">
        <input type="checkbox" name="role_add" {if in_array('add', $user->role)} checked="checked"{/if}
    </td>
 </tr>
@ -69,7 +69,7 @@
        {$lang_user_role_edit}
    </td>
    <td class="value">
-        <img src="images/page_edit.png" alt="[Edit]">
+        <img src="images/edit.png" alt="[Edit]">
        <input type="checkbox" name="role_edit" {if in_array('edit', $user->role)} checked="checked"{/if}
    </td>
 </tr>
@ -79,7 +79,7 @@
        {$lang_user_role_delete}
    </td>
    <td class="value">
-        <img src="images/page_delete.png" alt="[Delete]">
+        <img src="images/delete.png" alt="[Delete]">
        <input type="checkbox" name="role_delete" {if in_array('delete', $user->role)} checked="checked"{/if}
    </td>
 </tr>
--- a/tpl/userview.tpl
+++ b/tpl/userview.tpl
@ -50,13 +50,13 @@
    </td>
    <td class="value">
 {if in_array('add', $user->role)}
-        <img src="images/page_add.png" alt="{$lang_user_role_add}"{if $suser_tooltips} title="{$lang_user_role_add}"{/if} />
+        <img src="images/add.png" alt="{$lang_user_role_add}"{if $suser_tooltips} title="{$lang_user_role_add}"{/if} />
 {/if}
 {if in_array('edit', $user->role)}
-        <img src="images/page_edit.png" alt="{$lang_user_role_edit}"{if $suser_tooltips} title="{$lang_user_role_edit}"{/if} />
+        <img src="images/edit.png" alt="{$lang_user_role_edit}"{if $suser_tooltips} title="{$lang_user_role_edit}"{/if} />
 {/if}
 {if in_array('delete', $user->role)}
-        <img src="images/page_delete.png" alt="{$lang_user_role_delete}"{if $suser_tooltips} title="{$lang_user_role_delete}"{/if} />
+        <img src="images/delete.png" alt="{$lang_user_role_delete}"{if $suser_tooltips} title="{$lang_user_role_delete}"{/if} />
 {/if}
 {if in_array('manage', $user->role)}
        <img src="images/manage.png" alt="{$lang_user_role_manage}"{if $suser_tooltips} title="{$lang_user_role_manage}"{/if} />
@ -66,4 +66,22 @@
 {/if}
    </td>
 </tr>
+{if $suser_manage}
+<tr>
+    <td class="label">
+{if $newpass}
+        {$lang_options_newpassword1}
+{else}
+        {$lang_pass_set}
+{/if}
+    </td>
+    <td class="value">
+{if $newpass}
+    {$newpass}
+{else}
+        <a href="{$g_scriptname}?f=pass&amp;id={$user->id}"><img src="images/key_add.png" alt="{$lang_reset}"{if $suser_tooltips} title="{$lang_pass_set}"{/if} /></a>
+{/if}
+    </td>
+</tr>
+{/if}
 </table>
--- a/user.php
+++ b/user.php
@ -18,6 +18,23 @@ if (isset($_REQUEST['id'])) {
    $id = (int) $_REQUEST['id'] or $id = 0;
 }

+function makepwd($length) {
+    mt_srand((double) microtime() * 1000000);
+    $digits = "0123456789";
+    $chars = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz";
+    $umlauts = "ÄÖÜäöüß";
+    $specials = "!§$%&/()=?[]{}+~*#.,;:<>|";
+    $vocals = "AEIOUaeiou";
+    $consonants = "BCDFGHJKLMNPQRSTVWXYZbcdfghjklmnpqrstvwxyz";
+    $passwd = '';
+    $possible = $chars . $digits;
+    $l = strlen($possible)-1;
+    for ($k = 0; $k < $length; $k += 1) {
+        $passwd .= $possible[mt_rand(0, $l)];
+    }
+    return $passwd;
+}
+
 // ========== ACTIONS START ===================================================
 switch ($submit = form_get_action()) {

@ -28,6 +45,22 @@ switch ($submit = form_get_action()) {
    case 'edit':  $action = ACT_EDIT; break;
    case 'del':   $action = ACT_DELETE; break;

+    case 'pass':
+        // Create new random password to display once
+        $newpass = makepwd(8);
+        $sql = "UPDATE user SET user_pass=:pass WHERE user_id=:id";
+        $sth = $dbh->prepare($sql);
+        $sth->bindValue(':id', $id, PDO::PARAM_INT);
+        $sth->bindValue(':pass', password_hash($newpass, PASSWORD_BCRYPT), PDO::PARAM_STR);
+        try {
+            $sth->execute();
+        } catch (PDOException $e) {
+            $g_warning->Add($e->getMessage());
+        }
+        $smarty->assign('newpass', $newpass);
+        $action = ACT_VIEW;
+        break;
+
    case 'insert':
        $user_name = strtolower(sanitize($_POST['user_name']));
        $user_displayname = sanitize($_POST['user_displayname']);