Web   ·   Wiki   ·   Activities   ·   Blog   ·   Lists   ·   Chat   ·   Meeting   ·   Bugs   ·   Git   ·   Translate   ·   Archive   ·   People   ·   Donate
summaryrefslogtreecommitdiffstats
path: root/site/app/controllers/users_controller.php
diff options
context:
space:
mode:
Diffstat (limited to 'site/app/controllers/users_controller.php')
-rw-r--r--site/app/controllers/users_controller.php75
1 files changed, 25 insertions, 50 deletions
diff --git a/site/app/controllers/users_controller.php b/site/app/controllers/users_controller.php
index a848e4e..485571c 100644
--- a/site/app/controllers/users_controller.php
+++ b/site/app/controllers/users_controller.php
@@ -41,12 +41,12 @@
class UsersController extends AppController
{
var $name = 'Users';
- var $uses = array('User', 'Addon', 'Collection', 'Eventlog', 'Review', 'Version');
+ var $uses = array('User', 'Addon', 'Eventlog', 'Review', 'Version');
var $components = array('Amo', 'Email', 'Ldap', 'Session', 'Pagination', 'Recaptcha');
var $helpers = array('Html', 'Link', 'Javascript');
- var $beforeFilter = array('checkCSRF', 'getNamedArgs', '_checkSandbox', 'checkAdvancedSearch');
+ var $beforeFilter = array('checkCSRF', 'getNamedArgs', '_checkSandbox');
var $exceptionCSRF = array("/users/login", "/users/register", "/users/pwreset");
- var $layout = 'amo2009';
+ var $layout = 'mozilla';
var $namedArgs = true;
var $securityLevel = 'high';
@@ -110,7 +110,7 @@ class UsersController extends AppController
$this->Amo->clean($this->data);
$this->User->data = $this->data;
// hash password(s)
- $this->User->data['User']['password'] = $this->User->createPassword($this->User->data['User']['password']);
+ $this->User->data['User']['password'] = md5($this->User->data['User']['password']);
// compare passwords
if ($this->data['User']['password'] !== $this->data['User']['confirmpw'])
@@ -238,8 +238,7 @@ class UsersController extends AppController
} else {
// user found: send pw reset URL via email
$this->publish('data', $thisuser);
- $resetCode = $this->User->setResetCode($thisuser['User']['id']);
- $this->publish('resetcode', $resetCode);
+ $this->publish('resetcode', md5($thisuser['User']['password']));
$this->Email->template = 'email/pwreset';
$this->Email->to = $this->data['User']['email'];
$this->Email->subject = sprintf(_('user_email_pwreset_subject'), APP_PRETTYNAME);
@@ -250,16 +249,7 @@ class UsersController extends AppController
}
return;
}
-
- // id and/or code was sent, make sure the page isn't cached.
- $this->disableCache();
-
- // Remove 'id/resetcode' from the URI so it doesn't get echoed.
- $_SERVER['REQUEST_URI'] = preg_replace('@pwreset/.*$@', 'pwreset/', $_SERVER['REQUEST_URI']);
- if (isset($this->params['url']['url'])) {
- $this->params['url']['url'] = preg_replace('@pwreset/.*$@', 'pwreset/', $this->params['url']['url']);
- }
-
+
if (!$id || !$code) {
$this->flash(sprintf(_('error_missing_argument'), 'user_id or code'), '/', 3);
return;
@@ -271,8 +261,7 @@ class UsersController extends AppController
return;
}
- if (!$this->User->checkResetCode($id, $code)) {
- // TODO: update message re: expiration
+ if ($code !== md5($thisuser['User']['password'])) {
$this->flash(_('error_user_badconfirmationcode'), '/', 3);
return;
}
@@ -297,7 +286,7 @@ class UsersController extends AppController
// store new pw
$newpw = array();
- $newpw['User']['password'] = $this->User->createPassword($this->data['User']['password']);
+ $newpw['User']['password'] = md5($this->data['User']['password']);
$this->User->id = $id;
$this->User->save($newpw);
// success
@@ -356,7 +345,7 @@ class UsersController extends AppController
return;
}
- if ($this->User->checkPassword($someone['User'], $this->data['Login']['password'])) {
+ if (!empty($someone['User']['password']) && $someone['User']['password'] == md5($this->data['Login']['password'])) {
//Set expiration to two weeks if they check 'remember me'
$expirationTime = isset($this->data['Login']['remember']) ? 60*60*24*7*2 : 0;
@@ -414,10 +403,7 @@ class UsersController extends AppController
$this->pageTitle = _('users_edit_pagetitle').' :: '.sprintf(_('addons_home_pagetitle'), APP_PRETTYNAME);
$this->publish('cssAdd', array('forms', 'jquery-ui/flora/flora.tabs'));
$this->publish('jsAdd', array('jquery-ui/ui.core.min', 'jquery-ui/ui.tabs.min'));
-
- $translations = $this->User->getAllTranslations($sessionuser['id']);
- $this->set('translations', $translations);
-
+
if (empty($this->data)) {
$this->publish('userAddons', $this->Addon->getAddonsByUser($sessionuser['id']));
@@ -434,14 +420,12 @@ class UsersController extends AppController
$changed['nickname'] = $this->data['User']['nickname'];
$changed['emailhidden'] = $this->data['User']['emailhidden'];
$changed['homepage'] = $this->data['User']['homepage'];
- $changed['display_collections'] = $this->data['User']['display_collections'];
- $changed['display_collections_fav'] = $this->data['User']['display_collections_fav'];
if (!empty($this->data['User']['password']) &&
!empty($this->data['User']['newpassword'])) {
// trying to change the password
- if (!$this->User->checkPassword($sessionuser, $this->data['User']['password']))
+ if ($sessionuser['password'] !== md5($this->data['User']['password']))
$this->User->invalidate('password');
if ($this->data['User']['newpassword'] != $this->data['User']['confirmpw'])
$this->User->invalidate('confirmpw');
@@ -449,7 +433,7 @@ class UsersController extends AppController
// store the new chosen pw to the "edited" array.
// If we invalidated fields up here, it's not going to be
// stored anyway.
- $changed['password'] = $this->User->createPassword($this->data['User']['newpassword']);
+ $changed['password'] = md5($this->data['User']['newpassword']);
}
// nickname has to be unique
@@ -511,11 +495,6 @@ class UsersController extends AppController
}
// if we get here, the data was saved successfully
- // save author "about me"
- list($localizedFields, $unlocalizedFields) = $this->User->splitLocalizedFields($this->data['User']);
- $this->Amo->clean($localizedFields);
- $this->User->saveTranslations($sessionuser['id'], $this->params['form']['data']['User'], $localizedFields);
-
// send out confirmation email if necessary
if ($newemail !== false) {
$this->set('newemail', $newemail);
@@ -531,7 +510,11 @@ class UsersController extends AppController
// send out the confirmation email
$this->Email->template = 'email/emailchange';
$this->Email->to = $newemail;
- $this->Email->subject = sprintf(___('user_emailchange_subject'), APP_PRETTYNAME);
+ // @partial translation fallback, 5/6/08
+ if (_('user_emailchange_subject') != 'user_emailchange_subject')
+ $this->Email->subject = sprintf(_('user_emailchange_subject'), APP_PRETTYNAME);
+ else
+ $this->Email->subject = sprintf('Please confirm your email address change at %1$s Add-ons', APP_PRETTYNAME);
$result = $this->Email->send();
}
@@ -594,7 +577,13 @@ class UsersController extends AppController
// is the token expired (48 hours max)?
if (time()-$changedata[2] > 48*60*60) {
- $this->publish('errormsg', ___('error_user_emailchange_expired'));
+ // @partial translation fallback, 5/6/08
+ if (_('error_user_emailchange_expired') != 'error_user_emailchange_expired')
+ $this->publish('errormsg', _('error_user_emailchange_expired'));
+ else
+ $this->publish('errormsg', 'The email change has expired. Please change '
+ .'your email address again in your user profile and click the link '
+ .'in the confirmation email as soon as you receive it.');
$this->render();
return;
}
@@ -687,20 +676,6 @@ class UsersController extends AppController
}
$this->publish('reviews', $reviews);
- // get user's own and favorite collections, if they allowed that
- if ($thisuser['User']['display_collections']) {
- $coll_ids = $this->Collection->getCollectionsByUser($thisuser['User']['id']);
- $coll = $this->Collection->findAll(array('Collection.id'=>$coll_ids, 'listed'=>1),
- array('name', 'description', 'uuid', 'nickname', 'application_id'), 'Translation.name');
- $this->publish('coll', $coll);
- }
- if ($thisuser['User']['display_collections_fav']) {
- $coll_ids = $this->Collection->getSubscriptionsByUser($thisuser['User']['id']);
- $coll_fav = $this->Collection->findAll(array('Collection.id'=>$coll_ids, 'listed'=>1),
- array('name', 'description', 'uuid', 'nickname', 'application_id'), 'Translation.name');
- $this->publish('coll_fav', $coll_fav);
- }
-
if (!empty($thisuser['User']['nickname']))
$name = $thisuser['User']['nickname'];
else
@@ -738,7 +713,7 @@ class UsersController extends AppController
}
// password entered correctly?
- if (!$this->User->checkPassword($deluser, $this->data['User']['password'])) {
+ if (md5($this->data['User']['password']) != $deluser['password']) {
$this->set('deleteerror', 'password');
$this->data['User']['password'] = ''; // do not post back password
return;
generated by cgit v0.9.1 at 2024-05-07 10:36:52 (GMT)