Ask current password to change user profile

This commit is contained in:
Frederic Guillot 2017-01-03 21:44:39 -05:00
parent 99a6307415
commit 26bd973777
16 changed files with 67 additions and 5 deletions

View File

@ -26,7 +26,7 @@ Router\post_action('profile', function () {
$user_id = SessionStorage::getInstance()->getUserId(); $user_id = SessionStorage::getInstance()->getUserId();
$values = Request\values(); $values = Request\values();
Helper\check_csrf_values($values); Helper\check_csrf_values($values);
list($valid, $errors) = Validator\User\validate_modification($values); list($valid, $errors) = Validator\User\validate_profile_modification($user_id, $values);
if ($valid) { if ($valid) {
$new_password = empty($values['password']) ? null : $values['password']; $new_password = empty($values['password']) ? null : $values['password'];

View File

@ -251,4 +251,7 @@ return array(
// 'Edit' => '', // 'Edit' => '',
// 'The user id required' => '', // 'The user id required' => '',
// 'The username must be unique' => '', // 'The username must be unique' => '',
// 'Current Password' => '',
// 'New Password' => '',
// 'Wrong password' => '',
); );

View File

@ -251,4 +251,7 @@ return array(
// 'Edit' => '', // 'Edit' => '',
// 'The user id required' => '', // 'The user id required' => '',
// 'The username must be unique' => '', // 'The username must be unique' => '',
// 'Current Password' => '',
// 'New Password' => '',
// 'Wrong password' => '',
); );

View File

@ -251,4 +251,7 @@ return array(
'Edit' => 'Bearbeiten', 'Edit' => 'Bearbeiten',
'The user id required' => 'Die Benutzer-ID wird benötigt', 'The user id required' => 'Die Benutzer-ID wird benötigt',
'The username must be unique' => 'Der Benutzername muss einmalig sein', 'The username must be unique' => 'Der Benutzername muss einmalig sein',
// 'Current Password' => '',
// 'New Password' => '',
// 'Wrong password' => '',
); );

View File

@ -251,4 +251,7 @@ return array(
// 'Edit' => '', // 'Edit' => '',
// 'The user id required' => '', // 'The user id required' => '',
// 'The username must be unique' => '', // 'The username must be unique' => '',
// 'Current Password' => '',
// 'New Password' => '',
// 'Wrong password' => '',
); );

View File

@ -251,4 +251,7 @@ return array(
'Edit' => 'Modifier', 'Edit' => 'Modifier',
'The user id required' => 'L\'ID de l\'utilisateur est obligatoire', 'The user id required' => 'L\'ID de l\'utilisateur est obligatoire',
'The username must be unique' => 'Le nom d\'utilisateur doit être unique', 'The username must be unique' => 'Le nom d\'utilisateur doit être unique',
'Current Password' => 'Mot de passe actuel',
'New Password' => 'Nouveau mot de passe',
'Wrong password' => 'Mauvais mot de passe',
); );

View File

@ -251,4 +251,7 @@ return array(
// 'Edit' => '', // 'Edit' => '',
// 'The user id required' => '', // 'The user id required' => '',
// 'The username must be unique' => '', // 'The username must be unique' => '',
// 'Current Password' => '',
// 'New Password' => '',
// 'Wrong password' => '',
); );

View File

@ -253,4 +253,7 @@ return array(
// 'Edit' => '', // 'Edit' => '',
// 'The user id required' => '', // 'The user id required' => '',
// 'The username must be unique' => '', // 'The username must be unique' => '',
// 'Current Password' => '',
// 'New Password' => '',
// 'Wrong password' => '',
); );

View File

@ -251,4 +251,7 @@ return array(
// 'Edit' => '', // 'Edit' => '',
// 'The user id required' => '', // 'The user id required' => '',
// 'The username must be unique' => '', // 'The username must be unique' => '',
// 'Current Password' => '',
// 'New Password' => '',
// 'Wrong password' => '',
); );

View File

@ -251,4 +251,7 @@ return array(
// 'Edit' => '', // 'Edit' => '',
// 'The user id required' => '', // 'The user id required' => '',
// 'The username must be unique' => '', // 'The username must be unique' => '',
// 'Current Password' => '',
// 'New Password' => '',
// 'Wrong password' => '',
); );

View File

@ -251,4 +251,7 @@ return array(
// 'Edit' => '', // 'Edit' => '',
// 'The user id required' => '', // 'The user id required' => '',
// 'The username must be unique' => '', // 'The username must be unique' => '',
// 'Current Password' => '',
// 'New Password' => '',
// 'Wrong password' => '',
); );

View File

@ -251,4 +251,7 @@ return array(
// 'Edit' => '', // 'Edit' => '',
// 'The user id required' => '', // 'The user id required' => '',
// 'The username must be unique' => '', // 'The username must be unique' => '',
// 'Current Password' => '',
// 'New Password' => '',
// 'Wrong password' => '',
); );

View File

@ -251,4 +251,7 @@ return array(
// 'Edit' => '', // 'Edit' => '',
// 'The user id required' => '', // 'The user id required' => '',
// 'The username must be unique' => '', // 'The username must be unique' => '',
// 'Current Password' => '',
// 'New Password' => '',
// 'Wrong password' => '',
); );

View File

@ -251,4 +251,7 @@ return array(
// 'Edit' => '', // 'Edit' => '',
// 'The user id required' => '', // 'The user id required' => '',
// 'The username must be unique' => '', // 'The username must be unique' => '',
// 'Current Password' => '',
// 'New Password' => '',
// 'Wrong password' => '',
); );

View File

@ -23,13 +23,16 @@
<?php echo Miniflux\Helper\form_hidden('id', $values) ?> <?php echo Miniflux\Helper\form_hidden('id', $values) ?>
<?php echo Miniflux\Helper\form_label(t('Username'), 'username') ?> <?php echo Miniflux\Helper\form_label(t('Username'), 'username') ?>
<?php echo Miniflux\Helper\form_text('username', $values, $errors, array('required')) ?><br/> <?php echo Miniflux\Helper\form_text('username', $values, $errors, array('required')) ?>
<?php echo Miniflux\Helper\form_label(t('Password'), 'password') ?> <?php echo Miniflux\Helper\form_label(t('Current Password'), 'current_password') ?>
<?php echo Miniflux\Helper\form_password('password', $values, $errors) ?><br/> <?php echo Miniflux\Helper\form_password('current_password', $values, $errors, array('required')) ?>
<?php echo Miniflux\Helper\form_label(t('New Password'), 'password') ?>
<?php echo Miniflux\Helper\form_password('password', $values, $errors) ?>
<?php echo Miniflux\Helper\form_label(t('Confirmation'), 'confirmation') ?> <?php echo Miniflux\Helper\form_label(t('Confirmation'), 'confirmation') ?>
<?php echo Miniflux\Helper\form_password('confirmation', $values, $errors) ?><br/> <?php echo Miniflux\Helper\form_password('confirmation', $values, $errors) ?>
</div> </div>
<div class="form-actions"> <div class="form-actions">

View File

@ -10,6 +10,26 @@ use PicoDb\Database;
use SimpleValidator\Validator; use SimpleValidator\Validator;
use SimpleValidator\Validators; use SimpleValidator\Validators;
function validate_profile_modification($user_id, array $values)
{
list($result, $errors) = validate_modification($values);
if ($result) {
$user = UserModel\get_user_by_id($user_id);
$password = ! empty($values['current_password']) ? $values['current_password'] : '';
if (! password_verify($password, $user['password'])) {
$result = false;
$errors['current_password'][] = t('Wrong password');
}
}
return array(
$result,
$errors,
);
}
function validate_modification(array $values) function validate_modification(array $values)
{ {
$v = new Validator($values, array( $v = new Validator($values, array(