mirror of
https://github.com/Mowie/Mowie
synced 2024-06-01 16:46:41 +00:00
When performing critical operations (such as user deletion) the system now asks you to confirm your password
This commit is contained in:
konrad
parent
b365dc88ed
commit
4ce47c209f
|
|
@ -1373,6 +1373,59 @@ header .stream{
|
|||
display: block;
|
||||
}
|
||||
|
||||
/*Confirm Window*/
|
||||
.overlay {
|
||||
position: fixed;
|
||||
left: 0;
|
||||
right: 0;
|
||||
top: 0;
|
||||
bottom: 0;
|
||||
background: rgba(0, 0, 0, 0.4);
|
||||
z-index: 99;
|
||||
}
|
||||
|
||||
.window-confirm, .window-confirm .head {
|
||||
text-align: center;
|
||||
left: calc(50vw - 175px);
|
||||
width: 100%;
|
||||
max-width: 350px;
|
||||
top: 40px;
|
||||
background: #fff;
|
||||
padding: 10px 10px 20px;
|
||||
box-shadow: 0 2px 2px 0 rgba(0, 0, 0, .14), 0 3px 1px -2px rgba(0, 0, 0, .2), 0 1px 5px 0 rgba(0, 0, 0, .12);
|
||||
z-index: 1;
|
||||
border-radius: 2px;
|
||||
position: fixed;
|
||||
overflow: auto;
|
||||
max-height: calc(100vh - 80px);
|
||||
height: auto;
|
||||
}
|
||||
|
||||
.window-confirm .head {
|
||||
margin: -10px -10px 10px 0;
|
||||
text-align: left;
|
||||
padding: 10px 10px;
|
||||
background: #eaeaea;
|
||||
border-radius: 2px 2px 0 0;
|
||||
-moz-user-select: -moz-none;
|
||||
-webkit-user-select: none;
|
||||
user-select: none;
|
||||
cursor: default;
|
||||
position: fixed;
|
||||
}
|
||||
|
||||
.window-confirm .head .closeMsg {
|
||||
color: #212121;
|
||||
}
|
||||
|
||||
.window-confirm .head .closeMsg:hover {
|
||||
color: #5d5d5d;
|
||||
}
|
||||
|
||||
.window-confirm #content {
|
||||
margin-top: 30px;
|
||||
}
|
||||
|
||||
@media screen and (max-width: 450px) {
|
||||
header .options span.usr_info {
|
||||
display: none;
|
||||
|
|
|
|||
|
|
@ -87,7 +87,6 @@ tinymce();
|
|||
$appUri = '../apps/';
|
||||
foreach ($apps->getApps() as $app => $appconf)
|
||||
{
|
||||
|
||||
require $appUri . $app . '/config.php';
|
||||
if (isset($_CONF['general_conf']) && $_CONF['general_conf'] != '' && file_exists($appUri . $app . '/' . $_CONF['general_conf']))
|
||||
{
|
||||
|
|
|
|||
|
|
@ -88,6 +88,14 @@ $lang['general_database'] = 'Datenbank';
|
|||
$lang['general_create_backup'] = 'Datenbank Backup erstellen';
|
||||
$lang['general_go_phpmyadmin'] = 'Zu phpmyadmin';
|
||||
|
||||
//Legitimation
|
||||
$lang['legitimate_title'] = 'Legitimierung benötigt';
|
||||
$lang['legitimate_text'] = 'Dieser Vorgang benötigt eine Passwortbestätigung.';
|
||||
$lang['legitimate_confirm'] = 'Bestätigen';
|
||||
$lang['legitimate_abort'] = 'Abbrechen';
|
||||
$lang['legitimate_error'] = 'Beim Legitimieren ist ein Fehler aufgetreten.';
|
||||
$lang['legitimate_fail'] = 'Falsches Passwort.';
|
||||
|
||||
/*
|
||||
* Manage Admins
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -5,10 +5,12 @@ require_once '../inc/config.php';
|
|||
require_once '../inc/libs/password.php';
|
||||
require_once '../inc/libs/functions.php';
|
||||
|
||||
if(isset($_POST['username']))
|
||||
{
|
||||
$db->setCol('system_admins');
|
||||
$db->data['username'] = $_POST['username'];
|
||||
$db->get();
|
||||
if($db->data[0]['id'] != '')
|
||||
if (isset($db->data[0]) && $db->data[0]['id'] != '')
|
||||
{
|
||||
if (password_verify($_POST['pw'], $db->data[0]['pass']))
|
||||
{
|
||||
|
|
@ -39,8 +41,7 @@ if($db->data[0]['id'] != '')
|
|||
{
|
||||
echo '2fa';
|
||||
exit;
|
||||
}
|
||||
else
|
||||
} else
|
||||
{
|
||||
require_once '../inc/libs/2fa.php';
|
||||
$authenticator = new php2FA();
|
||||
|
|
@ -49,15 +50,13 @@ if($db->data[0]['id'] != '')
|
|||
{
|
||||
echo 'success';
|
||||
stream_message('{user} has logged in.', 4);
|
||||
}
|
||||
else
|
||||
} else
|
||||
{
|
||||
echo '2fafail';
|
||||
exit;
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
} else
|
||||
{
|
||||
echo 'success';
|
||||
}
|
||||
|
|
@ -70,6 +69,31 @@ if($db->data[0]['id'] != '')
|
|||
$_SESSION['guestview'] = 'true';
|
||||
|
||||
stream_message('{user} has logged in.', 4);
|
||||
} else
|
||||
{
|
||||
echo 'fail';
|
||||
}
|
||||
} else
|
||||
{
|
||||
echo 'fail';
|
||||
}
|
||||
}
|
||||
|
||||
//Check for password - needed for user's confirmation
|
||||
if(isset($_GET['checkPassword']))
|
||||
{
|
||||
if(is_loggedin())
|
||||
{
|
||||
if(isset($_POST['pw']))
|
||||
{
|
||||
$db->setCol('system_admins');
|
||||
$db->data['id'] = $_SESSION['userid'];
|
||||
$db->get();
|
||||
if (isset($db->data[0]) && $db->data[0]['id'] != '')
|
||||
{
|
||||
if (password_verify($_POST['pw'], $db->data[0]['pass']))
|
||||
{
|
||||
echo 'success';
|
||||
}
|
||||
else
|
||||
{
|
||||
|
|
@ -80,3 +104,10 @@ else
|
|||
{
|
||||
echo 'fail';
|
||||
}
|
||||
}
|
||||
}
|
||||
else
|
||||
{
|
||||
echo 'login first.';
|
||||
}
|
||||
}
|
||||
|
|
@ -50,6 +50,7 @@ if (hasPerm('manage_admins'))
|
|||
<div class="main">
|
||||
<div class="form">
|
||||
<form action="<?php echo $_SERVER['REQUEST_URI']?>" method="POST">
|
||||
<input type="hidden" name="askPW" value="askPW">
|
||||
<p><span><?php echo $lang->get('admins_cn_username'); ?>:</span><input type="text" name="userN"/>
|
||||
</p>
|
||||
<p><span><?php echo $lang->get('admins_cn_password'); ?>:</span><input type="password" name="pw1"/>
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ if (hasPerm('edit_permissions'))
|
|||
}
|
||||
} else
|
||||
{
|
||||
echo '<div class="main"><form action="'.$_SERVER['REQUEST_URI'].'" method="post">';
|
||||
echo '<div class="main"><form action="'.$_SERVER['REQUEST_URI'].'" method="post"><input type="hidden" name="askPW" value="askPW">';
|
||||
//Admin Groups
|
||||
$db->get();
|
||||
$role_names = [];
|
||||
|
|
|
|||
|
|
@ -42,6 +42,7 @@ if (hasPerm('manage_groups'))
|
|||
?>
|
||||
<div class="main" style="text-align: center">
|
||||
<form action="<?php echo $_SERVER['REQUEST_URI']?>" method="post">
|
||||
<input type="hidden" name="askPW" value="askPW">
|
||||
<p><?php echo $lang->get('admins_roles_delete_confirm');?></p>
|
||||
<input type="submit" name="del" value="<?php echo $lang->get('general_yes');?>"/>
|
||||
<a href="roles.php?members=<?php echo $_GET['members']; ?>" class="button btn_del"><?php echo $lang->get('general_no');?></a>
|
||||
|
|
@ -69,6 +70,7 @@ if (hasPerm('manage_groups'))
|
|||
?>
|
||||
<div class="main" style="text-align: center">
|
||||
<form action="<?php echo $_SERVER['REQUEST_URI']?>" method="post">
|
||||
<input type="hidden" name="askPW" value="askPW">
|
||||
<p><?php echo $lang->get('admins_roles_user_delete_confirm');?></p>
|
||||
<input type="submit" name="del" value="<?php echo $lang->get('general_yes');?>"/>
|
||||
<a href="roles.php?members=<?php echo $_GET['members']; ?>" class="button btn_del"><?php echo $lang->get('general_no');?></a>
|
||||
|
|
@ -133,6 +135,7 @@ if (hasPerm('manage_groups'))
|
|||
{
|
||||
?>
|
||||
<form action="<?php echo $_SERVER['REQUEST_URI']?>" method="post">
|
||||
<input type="hidden" name="askPW" value="askPW">
|
||||
<?php echo $lang->get('admins_roles_add_user');?>:
|
||||
<select name="user">
|
||||
<?php
|
||||
|
|
@ -173,6 +176,7 @@ if (hasPerm('manage_groups'))
|
|||
<div class="main">
|
||||
<h2><?php echo $lang->get('admins_roles_create_group');?></h2>
|
||||
<form action="<?php echo $_SERVER['REQUEST_URI']?>" method="post">
|
||||
<input type="hidden" name="askPW" value="askPW">
|
||||
<input type="text" name="group_name" placeholder="<?php echo $lang->get('admins_roles_group_name');?>"/><br/>
|
||||
<input type="submit" name="submit" value="<?php echo $lang->get('admins_roles_create_group');?>"/>
|
||||
</form>
|
||||
|
|
|
|||
|
|
@ -275,6 +275,7 @@ if (hasPerm('manage_admins') || $uid == $_SESSION['userid'])
|
|||
?>
|
||||
<div class="main">
|
||||
<form action="<?php echo $_SERVER['REQUEST_URI']?>" class="form" method="post">
|
||||
<input type="hidden" name="askPW" value="askPW">
|
||||
<p><span><?php echo $lang->get('username'); ?>:</span><input name="username"
|
||||
value="<?php echo $db->data[0]['username'] ?>"/>
|
||||
</p>
|
||||
|
|
|
|||
|
|
@ -58,8 +58,7 @@ if (!isset($_GET['direct']))
|
|||
}
|
||||
|
||||
//showStream
|
||||
function showStream()
|
||||
{
|
||||
function showStream() {
|
||||
$('#streamContent').fadeToggle(100, function () {
|
||||
if ($('#streamContent').is(":visible")) {
|
||||
$.getJSON('<?php echo $MCONF['home_uri'];?>admin/stream.php?getStream&limit=10', function (streamData) {
|
||||
|
|
@ -73,6 +72,32 @@ if (!isset($_GET['direct']))
|
|||
});
|
||||
}
|
||||
|
||||
function closeW() {
|
||||
$('.overlay').fadeOut(200);
|
||||
$('.overlay').html('');
|
||||
}
|
||||
|
||||
function sendPost(ctx, requestData) {
|
||||
$.ajax({
|
||||
url: ctx.canonicalPath,
|
||||
type: 'POST',
|
||||
cache: false,
|
||||
data: requestData,
|
||||
beforeSend: function () {
|
||||
showTopLoader();
|
||||
},
|
||||
complete: function () {
|
||||
hideTopLoader();
|
||||
},
|
||||
success: function (result) {
|
||||
$("#loader").html(result);
|
||||
},
|
||||
error: function (xhr, status, error) {
|
||||
console.log(status, error);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
$(document).ready(function () {
|
||||
|
||||
//Router
|
||||
|
|
@ -90,12 +115,20 @@ if (!isset($_GET['direct']))
|
|||
var isAjax = false;
|
||||
var requestData = 'direct=true';
|
||||
var editorname = '';
|
||||
var needsPwConfirm = false;
|
||||
//console.log(typeof(tinyMCE));
|
||||
if (typeof(tinyMCE) != "undefined" && tinyMCE.activeEditor != null) {editorname = $('#' + tinyMCE.activeEditor.id).attr("name");}//Get the new Content, not the old
|
||||
if (typeof(tinyMCE) != "undefined" && tinyMCE.activeEditor != null) {
|
||||
editorname = $('#' + tinyMCE.activeEditor.id).attr("name");
|
||||
}//Get the new Content, not the old
|
||||
|
||||
for (var key in ctx.body) {
|
||||
if (!ctx.body.hasOwnProperty(key)) continue;
|
||||
|
||||
//Check users password
|
||||
if (key == 'askPW') {
|
||||
needsPwConfirm = true;
|
||||
}
|
||||
|
||||
//If we have content edited with tinymce, we want the new content to be passed with the POST-Request
|
||||
if (key == editorname) {
|
||||
console.log(tinyMCE);
|
||||
|
|
@ -106,27 +139,43 @@ if (!isset($_GET['direct']))
|
|||
if (key == 'ajax') isAjax = true;
|
||||
}
|
||||
|
||||
console.log(requestData);
|
||||
//Confirm user password
|
||||
if (needsPwConfirm) {
|
||||
$('#showMsg').html('<div class="overlay" style="display:none;"><div class="window-confirm"><div class="head"><?php echo $lang->get('legitimate_title')?><a onclick="closeW();" class="closeMsg"><i class="fa fa-close"></i></a></div><div id="content"></div></div></div>');
|
||||
$('#content').append('<p><?php echo $lang->get('legitimate_text')?></p><p><input type="password" placeholder="<?php echo $lang->get('password')?>" id="password_legitimate" autofocus/><input type="submit" value="<?php echo $lang->get('legitimate_confirm')?>" id="legitimateSmbt"/><a onclick="closeW();" class="button btn_del"><?php echo $lang->get('legitimate_abort')?></a></p><span id="sendMsg"></span>');
|
||||
$('#password_legitimate').focus();
|
||||
$(".overlay").fadeIn(250);
|
||||
|
||||
if(!isAjax) {
|
||||
$('#legitimateSmbt').click(function () {
|
||||
$.ajax({
|
||||
url: ctx.canonicalPath,
|
||||
url: 'login.php?checkPassword',
|
||||
type: 'POST',
|
||||
cache: false,
|
||||
data: requestData,
|
||||
beforeSend: function () {
|
||||
showTopLoader();
|
||||
},
|
||||
complete: function () {
|
||||
hideTopLoader();
|
||||
},
|
||||
success: function (result) {
|
||||
$("#loader").html(result);
|
||||
data: 'pw=' + $('#password_legitimate').val(),
|
||||
success: function (result) { // On success, display a message...
|
||||
if (result == 'success') {
|
||||
closeW();
|
||||
|
||||
//Send the request
|
||||
if (!isAjax) {
|
||||
sendPost(ctx, requestData);
|
||||
}
|
||||
} else if (result == 'fail') {
|
||||
$('#sendMsg').html('<p style="color:red;"><?php echo $lang->get('legitimate_fail')?></p>');
|
||||
} else {
|
||||
$('#sendMsg').html('<p style="color:red;"><?php echo $lang->get('legitimate_error')?></p>');
|
||||
}
|
||||
},
|
||||
error: function (xhr, status, error) {
|
||||
console.log(status, error);
|
||||
showMsg('<?php echo $lang->get('legitimate_error')?>');
|
||||
}
|
||||
});
|
||||
});
|
||||
} else {
|
||||
if (!isAjax) {
|
||||
sendPost(ctx, requestData);
|
||||
}
|
||||
}
|
||||
} else {//Otherwise display Contents
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user