From 807e4208832288dbbd876056621a36f58e836d42 Mon Sep 17 00:00:00 2001 From: Felix Favre Date: Tue, 16 Dec 2014 00:54:50 +0100 Subject: [PATCH] only log if api key was reset on purpose --- includes/controller/users_controller.php | 60 ++++++++++++------------ includes/model/User_model.php | 5 +- includes/pages/user_shifts.php | 2 +- 3 files changed, 34 insertions(+), 33 deletions(-) diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php index f54cf066..2bccc609 100644 --- a/includes/controller/users_controller.php +++ b/includes/controller/users_controller.php @@ -5,13 +5,13 @@ */ function users_controller() { global $privileges, $user; - + if (! isset($user)) redirect(page_link_to('')); - + if (! isset($_REQUEST['action'])) $_REQUEST['action'] = 'list'; - + switch ($_REQUEST['action']) { default: case 'list': @@ -27,33 +27,33 @@ function users_controller() { function user_controller() { global $privileges, $user; - + if (isset($_REQUEST['user_id'])) { $user_source = User($_REQUEST['user_id']); } else $user_source = $user; - + $admin_user_privilege = in_array('admin_user', $privileges); - + $shifts = Shifts_by_user($user_source); foreach ($shifts as &$shift) { $shift['needed_angeltypes'] = sql_select("SELECT DISTINCT `AngelTypes`.* FROM `ShiftEntry` JOIN `AngelTypes` ON `ShiftEntry`.`TID`=`AngelTypes`.`id` WHERE `ShiftEntry`.`SID`=" . sql_escape($shift['SID']) . " ORDER BY `AngelTypes`.`name`"); foreach ($shift['needed_angeltypes'] as &$needed_angeltype) { $needed_angeltype['users'] = sql_select(" - SELECT `ShiftEntry`.`freeloaded`, `User`.* - FROM `ShiftEntry` - JOIN `User` ON `ShiftEntry`.`UID`=`User`.`UID` - WHERE `ShiftEntry`.`SID`=" . sql_escape($shift['SID']) . " + SELECT `ShiftEntry`.`freeloaded`, `User`.* + FROM `ShiftEntry` + JOIN `User` ON `ShiftEntry`.`UID`=`User`.`UID` + WHERE `ShiftEntry`.`SID`=" . sql_escape($shift['SID']) . " AND `ShiftEntry`.`TID`=" . sql_escape($needed_angeltype['id'])); } } - + if ($user_source['api_key'] == "") - User_reset_api_key($user_source); - + User_reset_api_key($user_source, false); + return array( $user_source['Nick'], - User_view($user_source, $admin_user_privilege, User_is_freeloader($user_source), User_angeltypes($user_source), User_groups($user_source), $shifts, $user['UID'] == $user_source['UID']) + User_view($user_source, $admin_user_privilege, User_is_freeloader($user_source), User_angeltypes($user_source), User_groups($user_source), $shifts, $user['UID'] == $user_source['UID']) ); } @@ -62,24 +62,24 @@ function user_controller() { */ function users_list_controller() { global $privileges; - + if (! in_array('admin_user', $privileges)) redirect(page_link_to('')); - + $order_by = 'Nick'; if (isset($_REQUEST['OrderBy']) && in_array($_REQUEST['OrderBy'], User_sortable_columns())) $order_by = $_REQUEST['OrderBy']; - + $users = Users($order_by); if ($users === false) engelsystem_error('Unable to load users.'); - + foreach ($users as &$user) $user['freeloads'] = count(ShiftEntries_freeloaded_by_user($user)); - + return array( _('All users'), - Users_view($users, $order_by, User_arrived_count(), User_active_count(), User_force_active_count(), ShiftEntries_freeleaded_count(), User_tshirts_count()) + Users_view($users, $order_by, User_arrived_count(), User_active_count(), User_force_active_count(), ShiftEntries_freeleaded_count(), User_tshirts_count()) ); } @@ -96,10 +96,10 @@ function user_password_recovery_controller() { error(_("Token is not correct.")); redirect(page_link_to('login')); } - + if (isset($_REQUEST['submit'])) { $ok = true; - + if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) { if ($_REQUEST['password'] != $_REQUEST['password2']) { $ok = false; @@ -109,22 +109,22 @@ function user_password_recovery_controller() { $ok = false; error(_("Your password is to short (please use at least 6 characters).")); } - + if ($ok) { $result = set_password($user_source['UID'], $_REQUEST['password']); if ($result === false) engelsystem_error(_("Password could not be updated.")); - + success(_("Password saved.")); redirect(page_link_to('login')); } } - + return User_password_set_view(); } else { if (isset($_REQUEST['submit'])) { $ok = true; - + if (isset($_REQUEST['email']) && strlen(strip_request_item('email')) > 0) { $email = strip_request_item('email'); if (check_email($email)) { @@ -143,7 +143,7 @@ function user_password_recovery_controller() { $ok = false; error(_("Please enter your e-mail.")); } - + if ($ok) { $token = User_generate_password_recovery_token($user_source); if ($token === false) @@ -151,12 +151,12 @@ function user_password_recovery_controller() { $result = engelsystem_email_to_user($user_source, _("Password recovery"), sprintf(_("Please visit %s to recover your password."), page_link_to_absolute('user_password_recovery') . '&token=' . $token)); if ($result === false) engelsystem_error("Unable to send password recovery email."); - + success(_("We sent an email containing your password recovery link.")); redirect(page_link_to('login')); } } - + return User_password_recovery_view(); } } @@ -168,4 +168,4 @@ function user_password_recovery_title() { return _("Password recovery"); } -?> \ No newline at end of file +?> diff --git a/includes/model/User_model.php b/includes/model/User_model.php index 95ba32be..a6c12f9d 100644 --- a/includes/model/User_model.php +++ b/includes/model/User_model.php @@ -191,12 +191,13 @@ function User_by_password_recovery_token($token) { * * @param User $user */ -function User_reset_api_key(&$user) { +function User_reset_api_key(&$user, $log = true) { $user['api_key'] = md5($user['Nick'] . time() . rand()); $result = sql_query("UPDATE `User` SET `api_key`='" . sql_escape($user['api_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1"); if ($result === false) return false; - engelsystem_log(sprintf("API key resetted (%s).",User_Nick_render($user))); + if ($log) + engelsystem_log(sprintf("API key resetted (%s).",User_Nick_render($user))); } /** diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php index 242d83af..a536c1ac 100644 --- a/includes/pages/user_shifts.php +++ b/includes/pages/user_shifts.php @@ -749,7 +749,7 @@ function view_user_shifts() { } if ($user['api_key'] == "") - User_reset_api_key($user); + User_reset_api_key($user, false); return page(array( '
',