From 1d9fd419ba198b4c22f6aad4f648762e06ac6a7a Mon Sep 17 00:00:00 2001 From: rmenor Date: Wed, 30 May 2012 13:05:27 +0200 Subject: [PATCH 1/4] Prevent a user not admin to view the list of users --- views/profile/changepassword.php | 6 ++++-- views/profile/edit.php | 4 +++- views/profile/profile.php | 4 +++- 3 files changed, 10 insertions(+), 4 deletions(-) diff --git a/views/profile/changepassword.php b/views/profile/changepassword.php index afa7ee6..47da923 100644 --- a/views/profile/changepassword.php +++ b/views/profile/changepassword.php @@ -7,7 +7,9 @@ ((UserModule::isAdmin()) ?array('label'=>UserModule::t('Manage Users'), 'url'=>array('/user/admin')) :array()), - array('label'=>UserModule::t('List User'), 'url'=>array('/user')), + ((UserModule::isAdmin()) + ? array('label'=>UserModule::t('List User'), 'url'=>array('/user')) + :array()), array('label'=>UserModule::t('Profile'), 'url'=>array('/user/profile')), array('label'=>UserModule::t('Edit'), 'url'=>array('edit')), array('label'=>UserModule::t('Logout'), 'url'=>array('/user/logout')), @@ -49,4 +51,4 @@ endWidget(); ?> - \ No newline at end of file + diff --git a/views/profile/edit.php b/views/profile/edit.php index 62377cf..deb43fd 100644 --- a/views/profile/edit.php +++ b/views/profile/edit.php @@ -7,7 +7,9 @@ ((UserModule::isAdmin()) ?array('label'=>UserModule::t('Manage Users'), 'url'=>array('/user/admin')) :array()), - array('label'=>UserModule::t('List User'), 'url'=>array('/user')), + ((UserModule::isAdmin()) + ? array('label'=>UserModule::t('List User'), 'url'=>array('/user')) + :array()), array('label'=>UserModule::t('Profile'), 'url'=>array('/user/profile')), array('label'=>UserModule::t('Change password'), 'url'=>array('changepassword')), array('label'=>UserModule::t('Logout'), 'url'=>array('/user/logout')), diff --git a/views/profile/profile.php b/views/profile/profile.php index 785420e..2a8b8e8 100644 --- a/views/profile/profile.php +++ b/views/profile/profile.php @@ -6,7 +6,9 @@ ((UserModule::isAdmin()) ?array('label'=>UserModule::t('Manage Users'), 'url'=>array('/user/admin')) :array()), - array('label'=>UserModule::t('List User'), 'url'=>array('/user')), + ((UserModule::isAdmin()) + ? array('label'=>UserModule::t('List User'), 'url'=>array('/user')) + :array()), array('label'=>UserModule::t('Edit'), 'url'=>array('edit')), array('label'=>UserModule::t('Change password'), 'url'=>array('changepassword')), array('label'=>UserModule::t('Logout'), 'url'=>array('/user/logout')), From 144360334fdd82bdf32ce5b950211ce6e2a7bc43 Mon Sep 17 00:00:00 2001 From: rmenor Date: Wed, 30 May 2012 13:27:13 +0200 Subject: [PATCH 2/4] Erased reference to createtime --- models/User.php | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/models/User.php b/models/User.php index 388c008..c127b88 100644 --- a/models/User.php +++ b/models/User.php @@ -16,8 +16,6 @@ class User extends CActiveRecord * @var string $password * @var string $email * @var string $activkey - * @var integer $createtime - * @var integer $lastvisit * @var integer $superuser * @var integer $status * @var timestamp $create_at @@ -96,9 +94,7 @@ public function attributeLabels() 'email'=>UserModule::t("E-mail"), 'verifyCode'=>UserModule::t("Verification Code"), 'activkey' => UserModule::t("activation key"), - 'createtime' => UserModule::t("Registration date"), 'create_at' => UserModule::t("Registration date"), - 'lastvisit_at' => UserModule::t("Last visit"), 'superuser' => UserModule::t("Superuser"), 'status' => UserModule::t("Status"), @@ -196,4 +192,4 @@ public function getLastvisit() { public function setLastvisit($value) { $this->lastvisit_at=date('Y-m-d H:i:s',$value); } -} \ No newline at end of file +} From 3afaa7960e737580003baeff7adb2364753eb3bb Mon Sep 17 00:00:00 2001 From: rmenor Date: Thu, 28 Jun 2012 09:04:17 +0200 Subject: [PATCH 3/4] Fix redirect Redirect would only work if the src of the application was in the base directory. This commit checks to see if the users return url hasn't changed and then redirects it to the location as defined in config/main.php. Thanks to Alan Hollis --- controllers/LoginController.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/controllers/LoginController.php b/controllers/LoginController.php index 8fe624c..ff39188 100644 --- a/controllers/LoginController.php +++ b/controllers/LoginController.php @@ -18,7 +18,7 @@ public function actionLogin() // validate user input and redirect to previous page if valid if($model->validate()) { $this->lastViset(); - if (Yii::app()->user->returnUrl=='/index.php') + if (Yii::app()->getBaseUrl()."/index.php" === Yii::app()->user->returnUrl) $this->redirect(Yii::app()->controller->module->returnUrl); else $this->redirect(Yii::app()->user->returnUrl); @@ -36,4 +36,4 @@ private function lastViset() { $lastVisit->save(); } -} \ No newline at end of file +} From 7948a0e6fd290e46659226ae4911b702150ef9bc Mon Sep 17 00:00:00 2001 From: rmenor Date: Fri, 27 Jul 2012 11:23:02 +0200 Subject: [PATCH 4/4] Now the username can be the email --- data/schema.mysql.sql | 2 +- models/RegistrationForm.php | 4 ++-- models/User.php | 8 ++++---- 3 files changed, 7 insertions(+), 7 deletions(-) diff --git a/data/schema.mysql.sql b/data/schema.mysql.sql index 607451d..e64c69a 100644 --- a/data/schema.mysql.sql +++ b/data/schema.mysql.sql @@ -1,6 +1,6 @@ CREATE TABLE `tbl_users` ( `id` int(11) NOT NULL AUTO_INCREMENT, - `username` varchar(20) NOT NULL, + `username` varchar(128) NOT NULL, `password` varchar(128) NOT NULL, `email` varchar(128) NOT NULL, `activkey` varchar(128) NOT NULL DEFAULT '', diff --git a/models/RegistrationForm.php b/models/RegistrationForm.php index ca48c41..46d3059 100644 --- a/models/RegistrationForm.php +++ b/models/RegistrationForm.php @@ -11,13 +11,13 @@ class RegistrationForm extends User { public function rules() { $rules = array( array('username, password, verifyPassword, email', 'required'), - array('username', 'length', 'max'=>20, 'min' => 3,'message' => UserModule::t("Incorrect username (length between 3 and 20 characters).")), + array('username', 'length', 'max'=>128, 'min' => 3,'message' => UserModule::t("Incorrect username (length between 3 and 128 characters).")), array('password', 'length', 'max'=>128, 'min' => 4,'message' => UserModule::t("Incorrect password (minimal length 4 symbols).")), array('email', 'email'), array('username', 'unique', 'message' => UserModule::t("This user's name already exists.")), array('email', 'unique', 'message' => UserModule::t("This user's email address already exists.")), //array('verifyPassword', 'compare', 'compareAttribute'=>'password', 'message' => UserModule::t("Retype Password is incorrect.")), - array('username', 'match', 'pattern' => '/^[A-Za-z0-9_]+$/u','message' => UserModule::t("Incorrect symbols (A-z0-9).")), + array('username', 'match', 'pattern' => '/^[A-Za-z0-9_@.]+$/u','message' => UserModule::t("Incorrect symbols (A-z0-9@).")), ); if (!(isset($_POST['ajax']) && $_POST['ajax']==='registration-form')) { array_push($rules,array('verifyCode', 'captcha', 'allowEmpty'=>!UserModule::doCaptcha('registration'))); diff --git a/models/User.php b/models/User.php index c127b88..c891a89 100644 --- a/models/User.php +++ b/models/User.php @@ -47,12 +47,12 @@ public function rules() // NOTE: you should only define rules for those attributes that // will receive user inputs.CConsoleApplication return ((get_class(Yii::app())=='CConsoleApplication' || (get_class(Yii::app())!='CConsoleApplication' && Yii::app()->getModule('user')->isAdmin()))?array( - array('username', 'length', 'max'=>20, 'min' => 3,'message' => UserModule::t("Incorrect username (length between 3 and 20 characters).")), + array('username', 'length', 'max'=>128, 'min' => 3,'message' => UserModule::t("Incorrect username (length between 3 and 128 characters).")), array('password', 'length', 'max'=>128, 'min' => 4,'message' => UserModule::t("Incorrect password (minimal length 4 symbols).")), array('email', 'email'), array('username', 'unique', 'message' => UserModule::t("This user's name already exists.")), array('email', 'unique', 'message' => UserModule::t("This user's email address already exists.")), - array('username', 'match', 'pattern' => '/^[A-Za-z0-9_]+$/u','message' => UserModule::t("Incorrect symbols (A-z0-9).")), + array('username', 'match', 'pattern' => '/^[A-Za-z0-9_@.]+$/u','message' => UserModule::t("Incorrect symbols (A-z@0-9).")), array('status', 'in', 'range'=>array(self::STATUS_NOACTIVE,self::STATUS_ACTIVE,self::STATUS_BANNED)), array('superuser', 'in', 'range'=>array(0,1)), array('create_at', 'default', 'value' => date('Y-m-d H:i:s'), 'setOnEmpty' => true, 'on' => 'insert'), @@ -62,10 +62,10 @@ public function rules() array('id, username, password, email, activkey, create_at, lastvisit_at, superuser, status', 'safe', 'on'=>'search'), ):((Yii::app()->user->id==$this->id)?array( array('username, email', 'required'), - array('username', 'length', 'max'=>20, 'min' => 3,'message' => UserModule::t("Incorrect username (length between 3 and 20 characters).")), + array('username', 'length', 'max'=>128, 'min' => 3,'message' => UserModule::t("Incorrect username (length between 3 and 128 characters).")), array('email', 'email'), array('username', 'unique', 'message' => UserModule::t("This user's name already exists.")), - array('username', 'match', 'pattern' => '/^[A-Za-z0-9_]+$/u','message' => UserModule::t("Incorrect symbols (A-z0-9).")), + array('username', 'match', 'pattern' => '/^[A-Za-z0-9_@.]+$/u','message' => UserModule::t("Incorrect symbols (A-z@.0-9).")), array('email', 'unique', 'message' => UserModule::t("This user's email address already exists.")), ):array())); }