From a4cd04f121bc5fea6a9e99ded7cdb586fafa5ad6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fernando=20M=C3=A9ndez?= <45081533+FerMdez@users.noreply.github.com> Date: Mon, 10 May 2021 11:52:45 +0200 Subject: [PATCH] Add files via upload --- assets/php/common/user_dao.php | 32 ++++++------ panel_user/includes/formChangeEmail.php | 14 ++--- panel_user/includes/formChangeName.php | 13 ++--- panel_user/includes/formChangePass.php | 68 +++++++++++-------------- 4 files changed, 57 insertions(+), 70 deletions(-) diff --git a/assets/php/common/user_dao.php b/assets/php/common/user_dao.php index f4acf1a..127fe2f 100644 --- a/assets/php/common/user_dao.php +++ b/assets/php/common/user_dao.php @@ -43,6 +43,7 @@ $resul->free(); return $users; } + //Create a new User. public function createUser($id, $username, $email, $password, $rol){ $password = $this->encryptPass($password); @@ -51,7 +52,7 @@ VALUES ( '%s', '%s', '%s', '%s', '%s')", $id, $username, $email, $password, $rol ); - $resul = mysqli_query($this->mysqli, $sql) /*or die ('Error into query database')*/; + $resul = mysqli_query($this->mysqli, $sql); return $resul; } @@ -59,9 +60,10 @@ //Returns a query to check if the user name exists. public function selectUser($username, $password){ $username = $this->mysqli->real_escape_string($username); + $password = $this->mysqli->real_escape_string($password); $sql = sprintf( "SELECT * FROM users WHERE username = '%s'", $username ); - $resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database'); + $resul = mysqli_query($this->mysqli, $sql); $resul->data_seek(0); while ($fila = $resul->fetch_assoc()) { @@ -76,19 +78,6 @@ return $user; } - //Returns a query to check if the user pass matches. - public function selectPass($username, $password){ - $username = $this->mysqli->real_escape_string($username); - $password = $this->mysqli->real_escape_string($password); - $password = $this->encryptPass($password); - - $sql = sprintf( "SELECT * FROM users WHERE username = '%s' AND passwd = '%s'", $username, $password); - $resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database'); - - //return $this->mysqli->query($sql); - return $resul; - } - //Returns a query to get the user's data. public function userData($id){ $sql = sprintf( "SELECT * FROM users WHERE id = '%d'", $id ); @@ -109,6 +98,19 @@ } + //Change userpass by id. + public function changeUserPass($id, $password){ + $id = $this->mysqli->real_escape_string($id); + $password = $this->mysqli->real_escape_string($password); + $password = $this->encryptPass($password); + + $sql = sprintf( "UPDATE users SET passwd = '%s' WHERE id = '%d'", $password, $id ); + $resul = mysqli_query($this->mysqli, $sql) or die ('Error into query database'); + + return $resul; + + } + //Create a new User Data Transfer Object. public function loadUser($id, $username, $email, $password, $rol){ return new User($id, $username, $email, $password, $rol); diff --git a/panel_user/includes/formChangeEmail.php b/panel_user/includes/formChangeEmail.php index 5a0d523..d40de4f 100644 --- a/panel_user/includes/formChangeEmail.php +++ b/panel_user/includes/formChangeEmail.php @@ -23,15 +23,9 @@ class FormChangeEmail extends Form { $html = '
'.$htmlErroresGlobales.'
Nuevo email de usuario -
- -
-
- -
-
- -
+ + +
@@ -53,7 +47,7 @@ class FormChangeEmail extends Form { $password = $datos['pass'] ?? null; if ( empty($password) || mb_strlen($password) < 4 ) { - $result['pass'] = "El password tiene que tener una longitud de al menos 4 caracteres."; + $result['pass'] = "El password tiene que tener\n una longitud de al menos\n 4 caracteres."; } $password2 = $datos['repass'] ?? null; if ( empty($password2) || strcmp($password, $password2) !== 0 ) { diff --git a/panel_user/includes/formChangeName.php b/panel_user/includes/formChangeName.php index c4dff9f..94fca63 100644 --- a/panel_user/includes/formChangeName.php +++ b/panel_user/includes/formChangeName.php @@ -40,8 +40,8 @@ class FormChangeName extends Form { $nombre = $datos['new_name'] ?? null; $nombre = strtolower($nombre); - if ( empty($nombre) || mb_strlen($nombre) < 3 ) { - $result['new_name'] = "El nombre tiene que tener\n una longitud de al menos\n 3 caracteres."; + if ( empty($nombre) || mb_strlen($nombre) < 3 || mb_strlen($nombre) > 8 ) { + $result['new_name'] = "El nombre tiene que tener\n una longitud de al menos\n 3 caracteres\n y menos de 8 caracteres."; } $password = $datos['pass'] ?? null; @@ -57,13 +57,14 @@ class FormChangeName extends Form { $bd = new UserDAO("complucine"); $user = $bd->selectUser(unserialize($_SESSION['user'])->getName(), $password); if (!$user) { - $result[] = "Ha ocurrido un problema al actualizar el nombre de usuario."; + $result[] = "Ha ocurrido un problema\nal actualizar el nombre de usuario."; $_SESSION['message'] = "

Ha ocurrido un probrema

-

No hemos podido actualizar su nombre de usuario.

+

No hemos podido actualizar su nombre de usuario, + revisa que la contraseña introducida sea correcta.

@@ -72,7 +73,7 @@ class FormChangeName extends Form { "; } else { $user = $bd->selectUser($nombre, $password); - if (!$user){ + if ($user){ $result[] = "El nombre de usuario ya existe."; } else { $bd->changeUserName(unserialize($_SESSION['user'])->getId(), $nombre); @@ -102,4 +103,4 @@ class FormChangeName extends Form { return htmlspecialchars(trim(strip_tags($input))); } } -?> +?> \ No newline at end of file diff --git a/panel_user/includes/formChangePass.php b/panel_user/includes/formChangePass.php index b99209a..db6e938 100644 --- a/panel_user/includes/formChangePass.php +++ b/panel_user/includes/formChangePass.php @@ -14,28 +14,22 @@ class FormChangePass extends Form { // Se generan los mensajes de error si existen. $htmlErroresGlobales = self::generaListaErroresGlobales($errores); - $errorNombre = self::createMensajeError($errores, 'nombre', 'span', array('class' => 'error')); + $errorOldPass = self::createMensajeError($errores, 'old_pass', 'span', array('class' => 'error')); $errorPassword = self::createMensajeError($errores, 'pass', 'span', array('class' => 'error')); $errorPassword2 = self::createMensajeError($errores, 'repass', 'span', array('class' => 'error')); - $html = '
'.$htmlErroresGlobales.' -
- Contraseña Actual -
- -
-
- -
-
- -
+ $html = "
+ 
".$htmlErroresGlobales."
+ Nueva Contraseña + 
".$errorOldPass."
+ 
".$errorPassword."
+ 
".$errorPassword2."
-
- - +
+ +
-
'; +
"; return $html; } @@ -46,12 +40,12 @@ class FormChangePass extends Form { $old_pass = $datos['old_pass'] ?? null; if ( empty($old_pass) || mb_strlen($old_pass) < 4 ) { - $result['old_pass'] = "El password tiene que tener una longitud de al menos 4 caracteres."; + $result['old_pass'] = "El password tiene que tener\n una longitud de al menos\n 4 caracteres."; } $password = $datos['pass'] ?? null; if ( empty($password) || mb_strlen($password) < 4 ) { - $result['pass'] = "El password tiene que tener una longitud de al menos 4 caracteres."; + $result['pass'] = "El password tiene que tener una\n longitud de al menos\n 4 caracteres."; } $password2 = $datos['repass'] ?? null; if ( empty($password2) || strcmp($password, $password2) !== 0 ) { @@ -60,33 +54,30 @@ class FormChangePass extends Form { if (count($result) === 0) { $bd = new UserDAO("complucine"); - $user = $bd->selectUser(unserialize($_SESSION['user'])->getName(), $password); + $user = $bd->selectUser(unserialize($_SESSION['user'])->getName(), $old_pass); if (!$user) { - $result[] = "El usuario no existe."; - $_SESSION['message'] = "
-
-
-
-

Ha ocurrido un probrema

-

No hemos podido actualizar su nombre de usuario.

- + $result[] = "Ha ocurrido un problema\nal actualizar la contraseña."; + $_SESSION['message'] = "
+
+
+
+

Ha ocurrido un probrema

+

No hemos podido actualizar su contraseña de usuario, + revisa que la contraseña actual sea correcta.

+ +
+
-
-
- "; - } else { - //$bd->changeUserName(unserialize($_SESSION['user'])->getId(), $username); - $user = $bd->selectUser($username, $password); - if (!$user){ - $result[] = "Ha ocurrido un probrema al actualizar contraseña."; - }else{ + "; + } else { + $bd->changeUserPass(unserialize($_SESSION['user'])->getId(), $password); $_SESSION['message'] = "

Operacion realizada con exito

-

Se ha modificado su contraseña correctamente.

+

Se ha modificado su contraseña de usuario correctamente.

@@ -96,7 +87,6 @@ class FormChangePass extends Form { $result = './?option=manage_profile'; } } - } return $result; }