[pLog-svn] r6535 - plog/branches/lifetype-1.2/class/action/admin

Mon Jun 9 13:10:57 EDT 2008

Author: jondaley
Date: 2008-06-09 13:10:57 -0400 (Mon, 09 Jun 2008)
New Revision: 6535

Modified:
   plog/branches/lifetype-1.2/class/action/admin/adminupdateusersettingsaction.class.php
Log:
removed class variables, they aren't needed, and this way is more secure.  Removed use of RegisterField() I suspect these shouldn't ever be used.  An EmptyValidator() isn't useful, and makes it look like validation is happening.  fixed typo.  Made validate() function clearer, and less prone to errors

Modified: plog/branches/lifetype-1.2/class/action/admin/adminupdateusersettingsaction.class.php
===================================================================

--- plog/branches/lifetype-1.2/class/action/admin/adminupdateusersettingsaction.class.php	2008-06-09 16:50:52 UTC (rev 6534)
+++ plog/branches/lifetype-1.2/class/action/admin/adminupdateusersettingsaction.class.php	2008-06-09 17:10:57 UTC (rev 6535)
@@ -3,6 +3,7 @@
 	lt_include( PLOG_CLASS_PATH."class/action/admin/adminaction.class.php" );
     lt_include( PLOG_CLASS_PATH."class/data/validator/emailvalidator.class.php" );
 	lt_include( PLOG_CLASS_PATH."class/data/validator/integervalidator.class.php" );
+	lt_include( PLOG_CLASS_PATH."class/data/validator/stringvalidator.class.php" );
 	lt_include( PLOG_CLASS_PATH."class/data/validator/passwordvalidator.class.php" );	
     lt_include( PLOG_CLASS_PATH."class/dao/users.class.php" );
     lt_include( PLOG_CLASS_PATH."class/view/admin/adminuserprofileview.class.php" );
@@ -16,9 +17,6 @@
     class AdminUpdateUserSettingsAction extends AdminAction 
 	{
 
-        var $_userPassword;
-        var $_userConfirmPassword;
-
     	/**
          * Constructor. If nothing else, it also has to call the constructor of the parent
          * class, BlogAction with the same parameters
@@ -27,12 +25,13 @@
         {
         	$this->AdminAction( $actionInfo, $request );
 			
-            $this->registerField( "confirmPassword" );
-			$this->registerFieldValidator( "userFullName" new StringValidator(), true );
+			$this->registerFieldValidator( "userFullName", new StringValidator(), true );
 			$this->registerFieldValidator( "userEmail", new EmailValidator());
 			$this->registerFieldValidator( "userPictureId", new IntegerValidator());
 			$this->registerFieldValidator( "userAbout", new StringValidator(), true );
-			$this->registerFieldValidator( "userSettingsPassword", new StringValidator(), true );
+			$this->registerFieldValidator( "userSettingsPassword", new PasswordValidator(), true );
+            $this->registerFieldValidator( "confirmPassword", new PasswordValidator(), true );
+
 			$view = new AdminUserProfileView( $this->_blogInfo, $this->_userInfo );
 			$view->setErrorMessage( $this->_locale->tr("error_updating_user_settings"));
 			$this->setValidationErrorView( $view );
@@ -44,22 +43,15 @@
          */
         function validate()
         {
-            // if all correct, we can proceed
-            $this->_userPassword = trim($this->_request->getValue( "userSettingsPassword" ));
-            $this->_userConfirmPassword = trim($this->_request->getValue( "confirmPassword" ));
+            $userPassword = trim($this->_request->getValue( "userSettingsPassword" ));
+            $userConfirmPassword = trim($this->_request->getValue( "confirmPassword" ));
 			
-            $valid = parent::validate();		
+            if(!parent::validate())
+                return false;
 
-            // check that the password is correct and confirm it
-            if( $this->_userPassword != "" ) {
-            	$passwordVal = new PasswordValidator();
-            	if( !$passwordVal->validate( $this->_userPassword )) {
-					$this->_form->setFieldValidationStatus( "userSettingsPassword", false );					
-					$this->_view = $this->_validationErrorView;
-                	$this->setCommonData( true );
-                	return false;
-            	}
-            	if( $this->_userPassword != $this->_userConfirmPassword ) {
+            // check that the passwords match
+            if( $userPassword != "" || $userConfirmPassword != "") {
+            	if( $userPassword != $userConfirmPassword ) {
 					$this->_form->setFieldValidationStatus( "confirmPassword", false );
 					$this->_view = $this->_validationErrorView;
                 	$this->setCommonData( true );
@@ -67,7 +59,7 @@
             	}
             }
 			
-			return $valid;
+			return true;
         }
 
         /**
@@ -77,8 +69,9 @@
         {
         	// update the user information
             $this->_userInfo->setEmail( Textfilter::filterAllHTML($this->_request->getValue( "userEmail" )));
-            if( $this->_userPassword != "" )
-            	$this->_userInfo->setPassword( $this->_userPassword );
+            $userPassword = trim($this->_request->getValue( "userSettingsPassword" ));
+            if( $userPassword != "" )
+            	$this->_userInfo->setPassword( $userPassword );
             $this->_userInfo->setAboutMyself( Textfilter::filterAllHTML($this->_request->getValue( "userAbout" )));
             $this->_userInfo->setFullName( Textfilter::filterAllHTML($this->_request->getValue( "userFullName" )));
 			$this->_userInfo->setPictureId( $this->_request->getValue( "userPictureId" ));

