We use cookies to ensure you get the best experience on our website
Home Explore Help
Register Sign In
0ct0pu5
/
forkbb
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

* When changing your group or admin group, you must enter a password

Visman 6 years ago
parent
d1331ecae6
commit
feb06dd233
5 changed files with 69 additions and 29 deletions
Unified View Show Diff Stats
  1. 56 16
      app/Models/Pages/Admin/Users/Action.php
  2. 6 0
      app/lang/en/common.po
  3. 0 6
      app/lang/en/profile.po
  4. 6 0
      app/lang/ru/common.po
  5. 1 7
      app/lang/ru/profile.po

+ 56 - 16
app/Models/Pages/Admin/Users/Action.php
View File 

@@ -238,19 +238,28 @@ class Action extends Users
 
      */
 
      */
 
     protected function change(array $args, $method, $profile)
 
     protected function change(array $args, $method, $profile)
 
     {
 
     {
 
+        $rulePass = 'absent';
 
+
 
         if ($profile) {
 
         if ($profile) {
 
             $user = $this->c->users->load((int) $args['ids']);
 
             $user = $this->c->users->load((int) $args['ids']);
 
             $link = $this->c->Router->link('EditUserProfile', ['id' => $user->id]);
 
             $link = $this->c->Router->link('EditUserProfile', ['id' => $user->id]);
 
+
 
+            if ($user->isAdmin || $user->id === $this->user->id) {
 
+                $rulePass = 'required|string:trim|check_password';
 
+            }
 
         } else {
 
         } else {
 
             $link = $this->c->Router->link('AdminUsers');
 
             $link = $this->c->Router->link('AdminUsers');
 
         }
 
         }
 
 
 
         if ('POST' === $method) {
 
         if ('POST' === $method) {
 
             $v = $this->c->Validator->reset()
 
             $v = $this->c->Validator->reset()
 
-                ->addRules([
 
+                ->addValidators([
 
+                    'check_password' => [$this, 'vCheckPassword'],
 
+                ])->addRules([
 
                     'token'     => 'token:AdminUsersAction',
 
                     'token'     => 'token:AdminUsersAction',
 
                     'new_group' => 'required|integer|in:' . \implode(',', \array_keys($this->groupListForChange($profile))),
 
                     'new_group' => 'required|integer|in:' . \implode(',', \array_keys($this->groupListForChange($profile))),
 
                     'confirm'   => 'required|integer|in:0,1',
 
                     'confirm'   => 'required|integer|in:0,1',
 
+                    'password'  => $rulePass,
 
                     'move'      => 'string',
 
                     'move'      => 'string',
 
                 ])->addAliases([
 
                 ])->addAliases([
 
                 ])->addArguments([
 
                 ])->addArguments([
 
@@ -259,46 +268,69 @@ class Action extends Users
 
 
 
             $redirect = $this->c->Redirect;
 
             $redirect = $this->c->Redirect;
 
 
 
-            if (! $v->validation($_POST) || $v->confirm !== 1) {
 
-                return $redirect->url($link)->message('No confirm redirect');
 
-            }
 
+            if ($v->validation($_POST)) {
 
+                if ($v->confirm !== 1) {
 
+                    return $redirect->url($link)->message('No confirm redirect');
 
+                }
 
 
 
-            $this->c->users->changeGroup($v->new_group, ...$this->userList);
 
+                $this->c->users->changeGroup($v->new_group, ...$this->userList);
 
 
 
-            $this->c->Cache->delete('stats');       //???? перенести в manager
 
-            $this->c->Cache->delete('forums_mark'); //???? с авто обновлением кеша
 
+                $this->c->Cache->delete('stats');       //???? перенести в manager
 
+                $this->c->Cache->delete('forums_mark'); //???? с авто обновлением кеша
 
 
 
-            if ($profile) {
 
-                if ($this->c->ProfileRules->setUser($user)->editProfile) {
 
-                    $redirect->url($link);
 
+                if ($profile) {
 
+                    if ($this->c->ProfileRules->setUser($user)->editProfile) {
 
+                        $redirect->url($link);
 
+                    } else {
 
+                        $redirect->page('User', ['id' => $user->id, 'name' => $user->username]);
 
+                    }
 
                 } else {
 
                 } else {
 
-                    $redirect->page('User', ['id' => $user->id, 'name' => $user->username]);
 
+                    $redirect->page('AdminUsers');
 
                 }
 
                 }
 
-            } else {
 
-                $redirect->page('AdminUsers');
 
+                return $redirect->message('Users move redirect');
 
+
 
             }
 
             }
 
-            return $redirect->message('Users move redirect');
 
+
 
+            $this->fIswev = $v->getErrors();
 
         }
 
         }
 
 
 
         $this->nameTpl    = 'admin/form';
 
         $this->nameTpl    = 'admin/form';
 
         $this->classForm  = 'change-group';
 
         $this->classForm  = 'change-group';
 
         $this->titleForm  = \ForkBB\__('Change user group');
 
         $this->titleForm  = \ForkBB\__('Change user group');
 
         $this->aCrumbs[]  = [$this->c->Router->link('AdminUsersAction', $args), \ForkBB\__('Change user group')];
 
         $this->aCrumbs[]  = [$this->c->Router->link('AdminUsersAction', $args), \ForkBB\__('Change user group')];
 
-        $this->form       = $this->formChange($args, $profile, $link);
 
+        $this->form       = $this->formChange($args, $profile, $link, $rulePass !== 'absent');
 
 
 
         return $this;
 
         return $this;
 
     }
 
     }
 
 
 
+    /**
 
+     * Проверяет пароль на совпадение с текущим пользователем
 
+     *
 
+     * @param Validator $v
 
+     * @param string $password
 
+     *
 
+     * @return string
 
+     */
 
+    public function vCheckPassword(Validator $v, $password)
 
+    {
 
+        if (! \password_verify($password, $this->user->password)) {
 
+            $v->addError('Invalid passphrase');
 
+        }
 
+
 
+        return $password;
 
+    }
 
+
 
     /**
 
     /**
 
      * Создает массив данных для формы изменения группы пользователей
 
      * Создает массив данных для формы изменения группы пользователей
 
      *
 
      *
 
      * @param array $args
 
      * @param array $args
 
      * @param bool $profile
 
      * @param bool $profile
 
      * @param string $linkCancel
 
      * @param string $linkCancel
 
+     * @param bool $checkPass
 
      *
 
      *
 
      * @return array
 
      * @return array
 
      */
 
      */
 
-    protected function formChange(array $args, $profile, $linkCancel)
 
+    protected function formChange(array $args, $profile, $linkCancel, $checkPass)
 
     {
 
     {
 
         $yn    = [1 => \ForkBB\__('Yes'), 0 => \ForkBB\__('No')];
 
         $yn    = [1 => \ForkBB\__('Yes'), 0 => \ForkBB\__('No')];
 
         $names = \implode(', ', $this->nameList($this->userList));
 
         $names = \implode(', ', $this->nameList($this->userList));
 
@@ -340,6 +372,14 @@ class Action extends Users
 
             ],
 
             ],
 
         ];
 
         ];
 
 
 
+        if ($checkPass) {
 
+            $form['sets']['options']['fields']['password'] = [
 
+                'type'      => 'password',
 
+                'caption'   => \ForkBB\__('Your passphrase'),
 
+                'required'  => true,
 
+            ];
 
+        }
 
+
 
         return $form;
 
         return $form;
 
     }
 
     }
 
 }
 
 }

+ 6 - 0
app/lang/en/common.po
View File 

@@ -510,3 +510,9 @@ msgstr "Yes"
 
 
 
 msgid "No"
 
 msgid "No"
 
 msgstr "No"
 
 msgstr "No"
 
+
 
+msgid "Your passphrase"
 
+msgstr "Your passphrase"
 
+
 
+msgid "Invalid passphrase"
 
+msgstr "Invalid passphrase"

+ 0 - 6
app/lang/en/profile.po
View File 

@@ -444,12 +444,6 @@ msgstr "Signature has only capital letters"
 
 msgid "To change email"
 
 msgid "To change email"
 
 msgstr "Change email address"
 
 msgstr "Change email address"
 
 
 
-msgid "Your passphrase"
 
-msgstr "Your passphrase"
 
-
 
-msgid "Invalid passphrase"
 
-msgstr "Invalid passphrase"
 
-
 
 msgid "Email is old redirect"
 
 msgid "Email is old redirect"
 
 msgstr "Email address is not changed. Redirecting …"
 
 msgstr "Email address is not changed. Redirecting …"

+ 6 - 0
app/lang/ru/common.po
View File 

@@ -512,3 +512,9 @@ msgstr "Да"
 
 
 
 msgid "No"
 
 msgid "No"
 
 msgstr "Нет"
 
 msgstr "Нет"
 
+
 
+msgid "Your passphrase"
 
+msgstr "Ваша кодовая фраза"
 
+
 
+msgid "Invalid passphrase"
 
+msgstr "Неверная кодовая фраза"

+ 1 - 7
app/lang/ru/profile.po
View File 

@@ -444,12 +444,6 @@ msgstr "Текст подписи содержит только заглавны
 
 msgid "To change email"
 
 msgid "To change email"
 
 msgstr "Изменить адрес электронной почты"
 
 msgstr "Изменить адрес электронной почты"
 
 
 
-msgid "Your passphrase"
 
-msgstr "Ваша кодовая фраза"
 
-
 
-msgid "Invalid passphrase"
 
-msgstr "Неверная кодовая фраза"
 
-
 
 msgid "Email is old redirect"
 
 msgid "Email is old redirect"
 
 msgstr "Адрес электронной почты оставлен без изменений. Переадресация …"
 
 msgstr "Адрес электронной почты оставлен без изменений. Переадресация …"
 
 
 
@@ -511,7 +505,7 @@ msgid "Pagination"
 
 msgstr "Постраничный вывод"
 
 msgstr "Постраничный вывод"
 
 
 
 msgid "Board configuration redirect"
 
 msgid "Board configuration redirect"
 
-msgstr "Настройка форума обновлены. Переадресация …"
 
+msgstr "Настройки форума обновлены. Переадресация …"
 
 
 
 msgid "Group"
 
 msgid "Group"
 
 msgstr "Группа"
 
 msgstr "Группа"

Contact | Legal | Takedown | Status
Self-hosted public services - About
NibbleSpot by 0ct0pu5