From 2864aceb8117d0644b264ceca4d0f84fd028538f Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 16 Jul 2009 10:58:42 -0700 Subject: Add missing ) dropped in 8f9a943f. --- modules/user/controllers/password.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'modules/user/controllers') diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php index ed3b9736..2af1b879 100644 --- a/modules/user/controllers/password.php +++ b/modules/user/controllers/password.php @@ -74,7 +74,7 @@ class Password_Controller extends Controller { log::success( "user", - t("Password reset email sent for user %name", array("name" => p::clean($user->name))); + t("Password reset email sent for user %name", array("name" => p::clean($user->name)))); } else { // Don't include the username here until you're sure that it's XSS safe log::warning( -- cgit v1.2.3 From 80f48b084af874fea52ed29f06a1337954b137bf Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Tue, 21 Jul 2009 13:02:20 -0700 Subject: In the logout link, urlencode the continue url so that ampersands, etc don't break encapsulation. In the logout controller, don't run the url through url::redirect because that uses url::site(). Just set the Location header directly. This fixes ticket #483. --- modules/user/controllers/logout.php | 11 ++++++----- modules/user/views/login.html.php | 2 +- 2 files changed, 7 insertions(+), 6 deletions(-) (limited to 'modules/user/controllers') diff --git a/modules/user/controllers/logout.php b/modules/user/controllers/logout.php index 63971789..099b1952 100644 --- a/modules/user/controllers/logout.php +++ b/modules/user/controllers/logout.php @@ -19,18 +19,19 @@ */ class Logout_Controller extends Controller { public function index() { - access::verify_csrf(); + //access::verify_csrf(); $user = user::active(); user::logout(); log::info("user", t("User %name logged out", array("name" => p::clean($user->name))), html::anchor("user/$user->id", p::clean($user->name))); - if ($this->input->get("continue")) { - $item = url::get_item_from_uri($this->input->get("continue")); + if ($continue_url = $this->input->get("continue")) { + $item = url::get_item_from_uri($continue_url); if (access::can("view", $item)) { - url::redirect($this->input->get("continue")); + // Don't use url::redirect() because it'll call url::site() and munge the continue url. + header("Location: $continue_url"); } else { - url::redirect(""); + url::redirect("albums/1"); } } } diff --git a/modules/user/views/login.html.php b/modules/user/views/login.html.php index 42bff4da..10ed31b2 100644 --- a/modules/user/views/login.html.php +++ b/modules/user/views/login.html.php @@ -15,7 +15,7 @@ p::clean($user->display_name()) . '')) ?>
  • - " + " id="gLogoutLink">
    • -- cgit v1.2.3 From 1fbdf1a1e00a176686b051bb932d998ad683b2be Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 23 Jul 2009 10:33:04 -0700 Subject: Add form processing events: user_add_form_admin admin adding a user user_edit_form_admin admin editing a user user_add_form_admin_completed successfully added a user (admin) user_edit_form user editing their own settings user_edit_form_completed successfully edited a user (admin and user editing own settings) --- modules/user/controllers/admin_users.php | 4 +++- modules/user/controllers/users.php | 1 + modules/user/helpers/user.php | 6 ++++++ 3 files changed, 10 insertions(+), 1 deletion(-) (limited to 'modules/user/controllers') diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php index b5dc6cb5..0a0086ff 100644 --- a/modules/user/controllers/admin_users.php +++ b/modules/user/controllers/admin_users.php @@ -48,8 +48,10 @@ class Admin_Users_Controller extends Controller { $desired_locale = $form->add_user->locale->value; $user->locale = $desired_locale == "none" ? null : $desired_locale; } - $user->save(); + + module::event("user_add_form_admin_completed", $user, $form); + message::success(t("Created user %user_name", array("user_name" => p::clean($user->name)))); print json_encode(array("result" => "success")); } else { diff --git a/modules/user/controllers/users.php b/modules/user/controllers/users.php index 46f799c5..0bf2e81d 100644 --- a/modules/user/controllers/users.php +++ b/modules/user/controllers/users.php @@ -39,6 +39,7 @@ class Users_Controller extends REST_Controller { $user->locale = $desired_locale == "none" ? null : $desired_locale; } $user->save(); + module::event("user_edit_form_completed", $user, $form); message::success(t("User information updated.")); print json_encode( diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php index 53e9052c..a153ab69 100644 --- a/modules/user/helpers/user.php +++ b/modules/user/helpers/user.php @@ -36,6 +36,8 @@ class user_Core { $group->input("url")->label(t("URL"))->id("gUrl")->value($user->url); $group->submit("")->value(t("Save")); $form->add_rules_from($user); + + module::event("user_edit_form", $user); return $form; } @@ -56,6 +58,8 @@ class user_Core { $group->submit("")->value(t("Modify User")); $form->add_rules_from($user); $form->edit_user->password->rules("-required"); + + module::event("user_edit_form_admin", $user); return $form; } @@ -75,6 +79,8 @@ class user_Core { $group->submit("")->value(t("Add User")); $user = ORM::factory("user"); $form->add_rules_from($user); + + module::event("user_add_form_admin", $user); return $form; } -- cgit v1.2.3 From 00cd2b646d535e48a21b0b7ceff028ad1bdc2c28 Mon Sep 17 00:00:00 2001 From: Tim Almdal Date: Sat, 25 Jul 2009 15:00:57 -0700 Subject: fix for ticket #574. The user->url database wasn't being set when the user was updated via the admin panel. --- modules/user/controllers/admin_users.php | 1 + 1 file changed, 1 insertion(+) (limited to 'modules/user/controllers') diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php index 0a0086ff..043a4ee5 100644 --- a/modules/user/controllers/admin_users.php +++ b/modules/user/controllers/admin_users.php @@ -130,6 +130,7 @@ class Admin_Users_Controller extends Controller { $user->password = $form->edit_user->password->value; } $user->email = $form->edit_user->email->value; + $user->url = $form->edit_user->url->value; if ($form->edit_user->locale) { $desired_locale = $form->edit_user->locale->value; $user->locale = $desired_locale == "none" ? null : $desired_locale; -- cgit v1.2.3 From 67d4ae21d5f7363f54782c23d2a7ff1d9e9f0505 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Wed, 29 Jul 2009 17:43:12 -0700 Subject: Clean up user form events. Thanks to Ben Smith (glooper). --- modules/user/controllers/admin_users.php | 2 +- modules/user/helpers/user.php | 11 ++++++----- 2 files changed, 7 insertions(+), 6 deletions(-) (limited to 'modules/user/controllers') diff --git a/modules/user/controllers/admin_users.php b/modules/user/controllers/admin_users.php index 043a4ee5..f87602b8 100644 --- a/modules/user/controllers/admin_users.php +++ b/modules/user/controllers/admin_users.php @@ -49,7 +49,6 @@ class Admin_Users_Controller extends Controller { $user->locale = $desired_locale == "none" ? null : $desired_locale; } $user->save(); - module::event("user_add_form_admin_completed", $user, $form); message::success(t("Created user %user_name", array("user_name" => p::clean($user->name)))); @@ -141,6 +140,7 @@ class Admin_Users_Controller extends Controller { $user->admin = $form->edit_user->admin->checked; } $user->save(); + module::event("user_edit_form_admin_completed", $user, $form); message::success(t("Changed user %user_name", array("user_name" => p::clean($user->name)))); print json_encode(array("result" => "success")); diff --git a/modules/user/helpers/user.php b/modules/user/helpers/user.php index b1722a1e..69a6ecb3 100644 --- a/modules/user/helpers/user.php +++ b/modules/user/helpers/user.php @@ -34,15 +34,16 @@ class user_Core { ->matches($group->password); $group->input("email")->label(t("Email"))->id("gEmail")->value($user->email); $group->input("url")->label(t("URL"))->id("gUrl")->value($user->url); - $group->submit("")->value(t("Save")); $form->add_rules_from($user); module::event("user_edit_form", $user, $form); + $group->submit("")->value(t("Save")); return $form; } static function get_edit_form_admin($user) { - $form = new Forge("admin/users/edit_user/$user->id", "", "post", array("id" => "gEditUserForm")); + $form = new Forge( + "admin/users/edit_user/$user->id", "", "post", array("id" => "gEditUserForm")); $group = $form->group("edit_user")->label(t("Edit User")); $group->input("name")->label(t("Username"))->id("gUsername")->value($user->name); $group->inputs["name"]->error_messages( @@ -55,11 +56,11 @@ class user_Core { $group->input("email")->label(t("Email"))->id("gEmail")->value($user->email); $group->input("url")->label(t("URL"))->id("gUrl")->value($user->url); $group->checkbox("admin")->label(t("Admin"))->id("gAdmin")->checked($user->admin); - $group->submit("")->value(t("Modify User")); $form->add_rules_from($user); $form->edit_user->password->rules("-required"); module::event("user_edit_form_admin", $user, $form); + $group->submit("")->value(t("Modify User")); return $form; } @@ -76,11 +77,11 @@ class user_Core { $group->input("url")->label(t("URL"))->id("gUrl"); self::_add_locale_dropdown($group); $group->checkbox("admin")->label(t("Admin"))->id("gAdmin"); - $group->submit("")->value(t("Add User")); $user = ORM::factory("user"); $form->add_rules_from($user); - module::event("user_add_form_admin", $user); + module::event("user_add_form_admin", $user, $form); + $group->submit("")->value(t("Add User")); return $form; } -- cgit v1.2.3 From e586389f6573d4b4b817990064b61276d068b766 Mon Sep 17 00:00:00 2001 From: Bharat Mediratta Date: Thu, 27 Aug 2009 13:29:39 -0700 Subject: Don't ask for csrf when we're resetting passwords. They're not gonna have one. Duh! Fixes #642. --- modules/user/controllers/password.php | 2 -- 1 file changed, 2 deletions(-) (limited to 'modules/user/controllers') diff --git a/modules/user/controllers/password.php b/modules/user/controllers/password.php index 2af1b879..7c432701 100644 --- a/modules/user/controllers/password.php +++ b/modules/user/controllers/password.php @@ -29,8 +29,6 @@ class Password_Controller extends Controller { } public function do_reset() { - access::verify_csrf(); - if (request::method() == "post") { $this->_change_password(); } else { -- cgit v1.2.3