admin/Facilitor
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

FSN#25917 Self registratie kan beter

Browse Source 
svn path=/Website/trunk/; revision=17432
This commit is contained in:
Jos Groot Lipman
2013-04-02 13:32:50 +00:00
parent 3e4fd29f8f
commit bf2db0262f
6 changed files with 126 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
APPL/API/shorturl.asp
View File

@@ -17,8 +17,6 @@
dat is in tegenspraak met het betekenisloos zijn van de u-param
Als je dat wilt moet je maar BOOKMARK's gebruiken
*/
LCL_Disable = 1;
ANONYMOUS_Allowed = 1;
%>
<!-- #include file="../Shared/common.inc"-->
@@ -28,21 +26,30 @@
// For flexiblity reasons: Literal or runtime parameter(s), just pass through...
var rest = String(Request.ServerVariables("QUERY_STRING")); // Request.ServerVariables("QUERY_STRING") is url-encoded,
// dat is hier safer dan Request.QueryString
rest = rest.substring(("u="+u).length+1);
// Strip eventuele leading &fac_id=XXXX er ook af.
rest = rest.substring(rest.indexOf("u=")).substring(("u="+u).length+1);
var sql = "SELECT fac_bookmark_path,"
+ " fac_bookmark_query,"
+ " prs_perslid_key_auth,"
+ " fac_bookmark_unauth_url"
+ " fac_bookmark_unauth_url,"
+ " fac_bookmark_expire"
+ " FROM fac_bookmark"
+ " WHERE fac_bookmark_id = " + safe.quoted_sql(u)
+ " AND (fac_bookmark_expire IS NULL OR fac_bookmark_expire > SYSDATE)";
+ " WHERE fac_bookmark_id = " + safe.quoted_sql(u);
var oRs = Oracle.Execute(sql);
if (oRs.Eof)
{
Response.Write("BOOKMARK URL NOT FOUND");
Response.End;
shared.simpel_page(L("lcl_fac_bookmark_unknown"));
}
if (oRs("fac_bookmark_expire").Value != null)
{
var expire = new Date(oRs("fac_bookmark_expire").Value);
if (expire <= new Date)
{
shared.simpel_page(L("lcl_fac_bookmark_expired"));
}
}
var url = oRs("fac_bookmark_path").Value;
if (oRs("prs_perslid_key_auth").Value)

18
APPL/PRS/prs.inc
View File

@@ -260,8 +260,24 @@ prs =
result.writesys = user.checkAutorisation("WEB_PRSSYS", true)!=null;
return result;
}
},
set_flag: function(prs_key, flagbit)
{
var sql = "UPDATE prs_perslid"
+ " SET prs_perslid_flags = prs_perslid_flags + " + flagbit // Kan omdat we verderop afdwingen dat flag 0 was
+ " WHERE prs_perslid_key = " + prs_key
+ " AND BITAND(prs_perslid_flags, " + flagbit + ") = 0";
Oracle.Execute(sql);
},
clear_flag: function(prs_key, flagbit)
{
var sql = "UPDATE prs_perslid"
+ " SET prs_perslid_flags = BITAND(prs_perslid_flags, 255-" + flagbit + ")"
+ " WHERE prs_perslid_key = " + prs_key
+ " AND BITAND(prs_perslid_flags, " + flagbit + ") = " + flagbit;
Oracle.Execute(sql);
}
}
%>

35
APPL/PRS/prs_approve.asp Normal file
View File

@@ -0,0 +1,35 @@
<%@ LANGUAGE = JavaScript %>
<% /*
$Revision$
$Id$
File: prs_approve.asp
Description: Bevestig de toegang van een gebruiker. Handig als hij te
laat in zijn e-mail heeft geklikt
Parameters: prs_key
Context: Vanuit prs_show_perslid voor unapproved users
Result: JSON object
Note: Gebruiker kan het in eerste instantie zelf via self_register_confirm
*/
JSON_Result = 1;
%>
<!--#include file="../Shared/common.inc"-->
<!--#include file="../Shared/json2.js" -->
<!--#include file="./prs.inc" -->
<%
protectRequest.validateToken();
user.checkAutorisation("WEB_PRSSYS", true) || user.checkAutorisation("WEB_FACMGT"); // Minimaal
var prs_key = getFParamInt("prs_key");
prs.clear_flag(prs_key, 2); // 2=unapproved
// FUTURE Extension: mail naar gebruiker dat hij geactiveerd is.
result = {success: true};
Response.Write(JSON.stringify(result));
%>

35
APPL/PRS/prs_show_perslid.asp
View File

@@ -144,6 +144,19 @@ oRs.Close();
FcltMgr.openModalDetail(url, "<%=L("lcl_password_link")%>");
}
function prs_approve()
{
if (confirm(L("lcl_prs_approve")))
{
var data = { prs_key: <%=prs_key%> };
protectRequest.dataToken(data);
$.post("prs_approve.asp",
data,
FcltCallbackRefresh,
"json");
}
}
function prs_gotoautgroup()
{
var url = "appl/facmgtVB/fac_persoongroeprecord.asp?prs_perslid_key=<%=prs_key%>";
@@ -154,6 +167,9 @@ oRs.Close();
<body id="showbody">
<%
var thisPrs = prs.prs_perslid(prs_key, { withWL: true, withPhoto: true }); // geeft ook alle informatie
var prs_user = new Perslid(prs_key);
var buttons = [];
if (prsauthparams.writeman || prsauthparams.writeuse) {
buttons = [ {title: L("lcl_change"), action:"prs_change()", icon: "wijzigen.png" } ];
@@ -169,7 +185,10 @@ oRs.Close();
buttons.push( {title: L("lcl_prs_frame_substitutes"), icon: "group.png", action: "prs_substitute()"});
}
if (prsauthparams.writesys || xfunc.canWrite("WEB_FACMGT")) {
if (prsauthparams.writesys || xfunc.canWrite("WEB_FACMGT"))
{
if (prs_user.isUnapprovedUser())
buttons.push( { title: L("lcl_prs_approve"), icon: "accept.png", action: "prs_approve()" });
buttons.push( { title: L("lcl_password_title"), icon: "wall_brick.png", action: "prs_changepwd()" });
}
@@ -182,7 +201,7 @@ oRs.Close();
<div id="show">
<form name=u2>
<% BLOCK_START("prsPerslid", L("lcl_prs_basisblok"));
var thisPrs = prs.prs_perslid(prs_key, { withWL: true, withPhoto: true }); // geeft ook alle informatie
%> <tr valign="center"><td colspan="2"></td><td rowspan="20">
<img id='photo' src="<%=thisPrs.photopaththumb %>">
</td></tr>
@@ -207,6 +226,17 @@ oRs.Close();
var wl = thisPrs.werklocatie.alg_locatie_key? thisPrs.werklocatie.aanduiding : "";
ROFIELDTR('fld', L("lcl_prs_work_location"), wl, {suppressEmpty: true});
if (prsauthparams.writesys || xfunc.canWrite("WEB_FACMGT")) // Die kunnen ook approve'n
{
var flagtxt = [];
if (prs_user.isSystemUser()) flagtxt.push(L("lcl_prs_flags_system"));
if (prs_user.isUnapprovedUser()) flagtxt.push(L("lcl_prs_flags_unapproved"));
if (prs_user.isGroupedUser()) flagtxt.push(L("lcl_prs_flags_grouped"));
if (prs_user.isBlockedUser()) flagtxt.push(L("lcl_prs_flags_blocked"));
if (flagtxt.length)
ROFIELDTR("fld", L("lcl_prs_flags"), flagtxt.join("\n"));
}
BLOCK_END();
BLOCK_START("prsPerslid2", L("lcl_prs_organisatieblok"));
@@ -284,7 +314,6 @@ oRs.Close();
if ((prs_key == user_key) && anyOverrule)
{
var thisUser = new Perslid(prs_key); // geeft ook alle informatie
BLOCK_START("prsNoti", L("lcl_noti_prsvoorkeur"));
CHECKBOXTR(L("lcl_noti_niks"), "fldfacnoti", "noti0", thisUser.noti_niks(), { html: " disabled" });
CHECKBOXTR(L("lcl_noti_portal"), "fldfacnoti", "noti1", thisUser.noti_portal(), { html: " disabled" });

12
APPL/PRS/self_register_confirm.asp
View File

@@ -4,11 +4,11 @@
$Id$
File: confirm_email.asp
Description: Een zelf geregistreerde gebruiker krijgt in de e-mail een link naar
deze pagina om te bevestigen
Description: Een zelf geregistreerde gebruiker krijgt in de e-mail een
link naar deze pagina om te bevestigen
Context: E-mail is gestuurd vanuit self_register_save.asp
NOTE:
NOTE: Systeem beheerder kan het via show_perslid/prs_approve.asp ook
*/
ANONYMOUS_Allowed = 1;
@@ -26,11 +26,7 @@ var result = { success: 1, warning: "" };
var user_key = getQParamInt("user_key"); // is toch beschermd met HMAC
var sql = "UPDATE prs_perslid"
+ " SET prs_perslid_flags = BITAND(prs_perslid_flags, 255-2)" // 2 was 'onbevestigd'
+ " WHERE prs_perslid_key=" + user_key
+ " AND BITAND(prs_perslid_flags, 2) = 2";
oRs = Oracle.Execute(sql);
prs.clear_flag(user_key, 2); // 2=unapproved
// Niet doen, laat ze maar inloggen zodat je nog niets hebt aan een onderschepte e-mail, is veiliger
// doLogin(user_key)

25
APPL/PRS/self_register_save.asp
View File

@@ -35,13 +35,34 @@ if (!new RegExp(S("email_regexp_single"), "ig").test(email))
if (S("self_register_email_whitelist") && !new RegExp(S("self_register_email_whitelist"), "ig").test(email))
abort_with_warning(L("lcl_self_register_email_wrong")); // Email niet geaccepteerd
var sql = "SELECT prs_perslid_key"
var sql = "SELECT prs_perslid_key, "
+ " prs_perslid_aanmaak, "
+ " prs_perslid_flags"
+ " FROM prs_v_aanwezigperslid"
+ " WHERE (prs_perslid_email =" + safe.quoted_sql(email) + " OR "
+ " prs_perslid_oslogin = " + safe.quoted_sql(email) + ")";
oRs = Oracle.Execute(sql);
if (!oRs.eof)
abort_with_warning(L("lcl_self_register_duplicate"));
{
if (oRs("prs_perslid_flags") && 2) // Unappoved
{
var aanmaak = new Date(oRs("prs_perslid_aanmaak").Value);
var expire = new Date();
expire.setMinutes(expire.getMinutes() - S("self_register_expire"));
if (expire > aanmaak)
{
var sql = "DELETE prs_v_aanwezigperslid"
+ " WHERE (prs_perslid_email =" + safe.quoted_sql(email) + " OR "
+ " prs_perslid_oslogin = " + safe.quoted_sql(email) + ")"
+ " AND BITAND(prs_perslid_flags, 2) = 2";
Oracle.Execute(sql); // Cascadeert ook de bookmark weg trouwens
}
else
abort_with_warning(L("lcl_self_register_active")); // Er loopt nog een aanvraag
}
else
abort_with_warning(L("lcl_self_register_duplicate"));
}
var fields = [ { dbs: "prs_perslid_naam", typ: "varchar", frm: "prs_naam" },
{ dbs: "prs_perslid_voornaam", typ: "varchar", frm: "prs_vrnaam" },