diff options
Diffstat (limited to 'site/app/controllers/users_controller.php')
-rw-r--r-- | site/app/controllers/users_controller.php | 75 |
1 files changed, 25 insertions, 50 deletions
diff --git a/site/app/controllers/users_controller.php b/site/app/controllers/users_controller.php index a848e4e..485571c 100644 --- a/site/app/controllers/users_controller.php +++ b/site/app/controllers/users_controller.php @@ -41,12 +41,12 @@ class UsersController extends AppController { var $name = 'Users'; - var $uses = array('User', 'Addon', 'Collection', 'Eventlog', 'Review', 'Version'); + var $uses = array('User', 'Addon', 'Eventlog', 'Review', 'Version'); var $components = array('Amo', 'Email', 'Ldap', 'Session', 'Pagination', 'Recaptcha'); var $helpers = array('Html', 'Link', 'Javascript'); - var $beforeFilter = array('checkCSRF', 'getNamedArgs', '_checkSandbox', 'checkAdvancedSearch'); + var $beforeFilter = array('checkCSRF', 'getNamedArgs', '_checkSandbox'); var $exceptionCSRF = array("/users/login", "/users/register", "/users/pwreset"); - var $layout = 'amo2009'; + var $layout = 'mozilla'; var $namedArgs = true; var $securityLevel = 'high'; @@ -110,7 +110,7 @@ class UsersController extends AppController $this->Amo->clean($this->data); $this->User->data = $this->data; // hash password(s) - $this->User->data['User']['password'] = $this->User->createPassword($this->User->data['User']['password']); + $this->User->data['User']['password'] = md5($this->User->data['User']['password']); // compare passwords if ($this->data['User']['password'] !== $this->data['User']['confirmpw']) @@ -238,8 +238,7 @@ class UsersController extends AppController } else { // user found: send pw reset URL via email $this->publish('data', $thisuser); - $resetCode = $this->User->setResetCode($thisuser['User']['id']); - $this->publish('resetcode', $resetCode); + $this->publish('resetcode', md5($thisuser['User']['password'])); $this->Email->template = 'email/pwreset'; $this->Email->to = $this->data['User']['email']; $this->Email->subject = sprintf(_('user_email_pwreset_subject'), APP_PRETTYNAME); @@ -250,16 +249,7 @@ class UsersController extends AppController } return; } - - // id and/or code was sent, make sure the page isn't cached. - $this->disableCache(); - - // Remove 'id/resetcode' from the URI so it doesn't get echoed. - $_SERVER['REQUEST_URI'] = preg_replace('@pwreset/.*$@', 'pwreset/', $_SERVER['REQUEST_URI']); - if (isset($this->params['url']['url'])) { - $this->params['url']['url'] = preg_replace('@pwreset/.*$@', 'pwreset/', $this->params['url']['url']); - } - + if (!$id || !$code) { $this->flash(sprintf(_('error_missing_argument'), 'user_id or code'), '/', 3); return; @@ -271,8 +261,7 @@ class UsersController extends AppController return; } - if (!$this->User->checkResetCode($id, $code)) { - // TODO: update message re: expiration + if ($code !== md5($thisuser['User']['password'])) { $this->flash(_('error_user_badconfirmationcode'), '/', 3); return; } @@ -297,7 +286,7 @@ class UsersController extends AppController // store new pw $newpw = array(); - $newpw['User']['password'] = $this->User->createPassword($this->data['User']['password']); + $newpw['User']['password'] = md5($this->data['User']['password']); $this->User->id = $id; $this->User->save($newpw); // success @@ -356,7 +345,7 @@ class UsersController extends AppController return; } - if ($this->User->checkPassword($someone['User'], $this->data['Login']['password'])) { + if (!empty($someone['User']['password']) && $someone['User']['password'] == md5($this->data['Login']['password'])) { //Set expiration to two weeks if they check 'remember me' $expirationTime = isset($this->data['Login']['remember']) ? 60*60*24*7*2 : 0; @@ -414,10 +403,7 @@ class UsersController extends AppController $this->pageTitle = _('users_edit_pagetitle').' :: '.sprintf(_('addons_home_pagetitle'), APP_PRETTYNAME); $this->publish('cssAdd', array('forms', 'jquery-ui/flora/flora.tabs')); $this->publish('jsAdd', array('jquery-ui/ui.core.min', 'jquery-ui/ui.tabs.min')); - - $translations = $this->User->getAllTranslations($sessionuser['id']); - $this->set('translations', $translations); - + if (empty($this->data)) { $this->publish('userAddons', $this->Addon->getAddonsByUser($sessionuser['id'])); @@ -434,14 +420,12 @@ class UsersController extends AppController $changed['nickname'] = $this->data['User']['nickname']; $changed['emailhidden'] = $this->data['User']['emailhidden']; $changed['homepage'] = $this->data['User']['homepage']; - $changed['display_collections'] = $this->data['User']['display_collections']; - $changed['display_collections_fav'] = $this->data['User']['display_collections_fav']; if (!empty($this->data['User']['password']) && !empty($this->data['User']['newpassword'])) { // trying to change the password - if (!$this->User->checkPassword($sessionuser, $this->data['User']['password'])) + if ($sessionuser['password'] !== md5($this->data['User']['password'])) $this->User->invalidate('password'); if ($this->data['User']['newpassword'] != $this->data['User']['confirmpw']) $this->User->invalidate('confirmpw'); @@ -449,7 +433,7 @@ class UsersController extends AppController // store the new chosen pw to the "edited" array. // If we invalidated fields up here, it's not going to be // stored anyway. - $changed['password'] = $this->User->createPassword($this->data['User']['newpassword']); + $changed['password'] = md5($this->data['User']['newpassword']); } // nickname has to be unique @@ -511,11 +495,6 @@ class UsersController extends AppController } // if we get here, the data was saved successfully - // save author "about me" - list($localizedFields, $unlocalizedFields) = $this->User->splitLocalizedFields($this->data['User']); - $this->Amo->clean($localizedFields); - $this->User->saveTranslations($sessionuser['id'], $this->params['form']['data']['User'], $localizedFields); - // send out confirmation email if necessary if ($newemail !== false) { $this->set('newemail', $newemail); @@ -531,7 +510,11 @@ class UsersController extends AppController // send out the confirmation email $this->Email->template = 'email/emailchange'; $this->Email->to = $newemail; - $this->Email->subject = sprintf(___('user_emailchange_subject'), APP_PRETTYNAME); + // @partial translation fallback, 5/6/08 + if (_('user_emailchange_subject') != 'user_emailchange_subject') + $this->Email->subject = sprintf(_('user_emailchange_subject'), APP_PRETTYNAME); + else + $this->Email->subject = sprintf('Please confirm your email address change at %1$s Add-ons', APP_PRETTYNAME); $result = $this->Email->send(); } @@ -594,7 +577,13 @@ class UsersController extends AppController // is the token expired (48 hours max)? if (time()-$changedata[2] > 48*60*60) { - $this->publish('errormsg', ___('error_user_emailchange_expired')); + // @partial translation fallback, 5/6/08 + if (_('error_user_emailchange_expired') != 'error_user_emailchange_expired') + $this->publish('errormsg', _('error_user_emailchange_expired')); + else + $this->publish('errormsg', 'The email change has expired. Please change ' + .'your email address again in your user profile and click the link ' + .'in the confirmation email as soon as you receive it.'); $this->render(); return; } @@ -687,20 +676,6 @@ class UsersController extends AppController } $this->publish('reviews', $reviews); - // get user's own and favorite collections, if they allowed that - if ($thisuser['User']['display_collections']) { - $coll_ids = $this->Collection->getCollectionsByUser($thisuser['User']['id']); - $coll = $this->Collection->findAll(array('Collection.id'=>$coll_ids, 'listed'=>1), - array('name', 'description', 'uuid', 'nickname', 'application_id'), 'Translation.name'); - $this->publish('coll', $coll); - } - if ($thisuser['User']['display_collections_fav']) { - $coll_ids = $this->Collection->getSubscriptionsByUser($thisuser['User']['id']); - $coll_fav = $this->Collection->findAll(array('Collection.id'=>$coll_ids, 'listed'=>1), - array('name', 'description', 'uuid', 'nickname', 'application_id'), 'Translation.name'); - $this->publish('coll_fav', $coll_fav); - } - if (!empty($thisuser['User']['nickname'])) $name = $thisuser['User']['nickname']; else @@ -738,7 +713,7 @@ class UsersController extends AppController } // password entered correctly? - if (!$this->User->checkPassword($deluser, $this->data['User']['password'])) { + if (md5($this->data['User']['password']) != $deluser['password']) { $this->set('deleteerror', 'password'); $this->data['User']['password'] = ''; // do not post back password return; |