ZwiiCMS-Team/ZwiiCMS
ZwiiCMS-Team
/
ZwiiCMS
3
3
Fork 2
Code Releases 143 Activity

Forçage de mot de passe si vide + redirection après reset

This commit is contained in:
Fred Tempez 2023-11-09 09:51:52 +01:00
parent 28927ad747
commit 4176043958
1 changed files with 11 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
core/module/user/user.php
View File

@ -265,9 +265,9 @@ class user extends common
if (
$this->isPost()
) {
$oldPassword = $this->getData(['user', $this->getUrl(2), 'password']);
// Double vérification pour le mot de passe
if ($this->getUser('group') < self::GROUP_ADMIN) {
$newPassword = $this->getData(['user', $this->getUrl(2), 'password']);
if ($this->getInput('userEditNewPassword')) {
// L'ancien mot de passe est correct
if (password_verify(html_entity_decode($this->getInput('userEditOldPassword')), $this->getData(['user', $this->getUrl(2), 'password']))) {
@ -287,7 +287,10 @@ class user extends common
}
}
} else {
if ($this->getInput('userEditNewPassword') === $this->getInput('userEditConfirmPassword')) {
if (
!empty($this->getInput('userEditNewPassword'))
&& $this->getInput('userEditNewPassword') === $this->getInput('userEditConfirmPassword')
) {
$newPassword = $this->getInput('userEditNewPassword', helper::FILTER_PASSWORD);
// Déconnexion de l'utilisateur si il change le mot de passe de son propre compte
if ($this->getUser('id') === $this->getUrl(2)) {
@ -296,7 +299,7 @@ class user extends common
}
}
}
// Modification du groupe
if (
$this->getUser('group') === self::GROUP_ADMIN
@ -332,7 +335,7 @@ class user extends common
'pseudo' => $this->getInput('userEditPseudo', helper::FILTER_STRING_SHORT, true),
'signature' => $this->getInput('userEditSignature', helper::FILTER_INT, true),
'mail' => $this->getInput('userEditMail', helper::FILTER_MAIL, true),
'password' => $newPassword ? $newPassword : $this->getData(['user', $this->getUrl(2)], 'password'),
'password' => empty($newPassword) ? $oldPassword : $newPassword,
'connectFail' => $this->getData(['user', $this->getUrl(2), 'connectFail']),
'connectTimeout' => $this->getData(['user', $this->getUrl(2), 'connectTimeout']),
'accessUrl' => $this->getData(['user', $this->getUrl(2), 'accessUrl']),
@ -1010,7 +1013,7 @@ class user extends common
]);
} else {
$logStatus = 'Connexion réussie';
$redirect = $this->getUrl(2) ? helper::baseUrl() . str_replace('_', '/', str_replace('__', '#', $this->getUrl(2))) : helper::baseUrl();
$redirect = ($this->getUrl(2) && strpos($this->getUrl(2), 'user_reset') !== 0) ? helper::baseUrl() . str_replace('_', '/', str_replace('__', '#', $this->getUrl(2))) : helper::baseUrl();
// Valeurs en sortie
$this->addOutput([
'notification' => sprintf(helper::translate('Bienvenue %s %s'), $this->getData(['user', $userId, 'firstname']), $this->getData(['user', $userId, 'lastname'])),
@ -1091,6 +1094,7 @@ class user extends common
// Id unique incorrecte
or $this->getUrl(3) !== md5(json_encode($this->getData(['user', $this->getUrl(2)])))
) {
// Valeurs en sortie
$this->addOutput([
'access' => false
@ -1100,7 +1104,7 @@ class user extends common
else {
// Soumission du formulaire
if (
// Tous les suers peuvent réinitialiser
// Tous les users peuvent réinitialiser
// $this->getUser('permission', __CLASS__, __FUNCTION__) === true &&
$this->isPost()
) {
@ -1123,8 +1127,7 @@ class user extends common
// Valeurs en sortie
$this->addOutput([
'notification' => helper::translate('Nouveau mot de passe enregistré'),
//'redirect' => helper::baseUrl() . 'user/login/' . str_replace('/', '_', $this->getUrl()),
'redirect' => helper::baseUrl(),
'redirect' => helper::baseUrl() . 'user/login/' . str_replace('/', '_', $this->getUrl()),
'state' => true
]);
}