only log if api key was reset on purpose

author: Felix Favre <gnomus@gnomus.de> 2014-12-16 00:54:50 +0100
committer: Felix Favre <gnomus@gnomus.de> 2014-12-16 00:54:50 +0100
commit: 807e4208832288dbbd876056621a36f58e836d42 (patch)
tree: 0afd60270963169187b3a11cb23e62d22a2fc2db
parent: d2e59e8f86f643ca3f9776a334f0eb38b6efe2a5 (diff)
3 files changed, 34 insertions, 33 deletions
diff --git a/includes/controller/users_controller.php b/includes/controller/users_controller.php
index f54cf066..2bccc609 100644
--- a/includes/controller/users_controller.php
+++ b/includes/controller/users_controller.php
@@ -5,13 +5,13 @@
  */
 function users_controller() {
   global $privileges, $user;
-  
+
   if (! isset($user))
     redirect(page_link_to(''));
-  
+
   if (! isset($_REQUEST['action']))
     $_REQUEST['action'] = 'list';
-  
+
   switch ($_REQUEST['action']) {
     default:
     case 'list':
@@ -27,33 +27,33 @@ function users_controller() {
 
 function user_controller() {
   global $privileges, $user;
-  
+
   if (isset($_REQUEST['user_id'])) {
     $user_source = User($_REQUEST['user_id']);
   } else
     $user_source = $user;
-  
+
   $admin_user_privilege = in_array('admin_user', $privileges);
-  
+
   $shifts = Shifts_by_user($user_source);
   foreach ($shifts as &$shift) {
     $shift['needed_angeltypes'] = sql_select("SELECT DISTINCT `AngelTypes`.* FROM `ShiftEntry` JOIN `AngelTypes` ON `ShiftEntry`.`TID`=`AngelTypes`.`id` WHERE `ShiftEntry`.`SID`=" . sql_escape($shift['SID']) . "  ORDER BY `AngelTypes`.`name`");
     foreach ($shift['needed_angeltypes'] as &$needed_angeltype) {
       $needed_angeltype['users'] = sql_select("
-          SELECT `ShiftEntry`.`freeloaded`, `User`.* 
-          FROM `ShiftEntry` 
-          JOIN `User` ON `ShiftEntry`.`UID`=`User`.`UID` 
-          WHERE `ShiftEntry`.`SID`=" . sql_escape($shift['SID']) . " 
+          SELECT `ShiftEntry`.`freeloaded`, `User`.*
+          FROM `ShiftEntry`
+          JOIN `User` ON `ShiftEntry`.`UID`=`User`.`UID`
+          WHERE `ShiftEntry`.`SID`=" . sql_escape($shift['SID']) . "
           AND `ShiftEntry`.`TID`=" . sql_escape($needed_angeltype['id']));
     }
   }
-  
+
   if ($user_source['api_key'] == "")
-    User_reset_api_key($user_source);
-  
+    User_reset_api_key($user_source, false);
+
   return array(
       $user_source['Nick'],
-      User_view($user_source, $admin_user_privilege, User_is_freeloader($user_source), User_angeltypes($user_source), User_groups($user_source), $shifts, $user['UID'] == $user_source['UID']) 
+      User_view($user_source, $admin_user_privilege, User_is_freeloader($user_source), User_angeltypes($user_source), User_groups($user_source), $shifts, $user['UID'] == $user_source['UID'])
   );
 }
 
@@ -62,24 +62,24 @@ function user_controller() {
  */
 function users_list_controller() {
   global $privileges;
-  
+
   if (! in_array('admin_user', $privileges))
     redirect(page_link_to(''));
-  
+
   $order_by = 'Nick';
   if (isset($_REQUEST['OrderBy']) && in_array($_REQUEST['OrderBy'], User_sortable_columns()))
     $order_by = $_REQUEST['OrderBy'];
-  
+
   $users = Users($order_by);
   if ($users === false)
     engelsystem_error('Unable to load users.');
-  
+
   foreach ($users as &$user)
     $user['freeloads'] = count(ShiftEntries_freeloaded_by_user($user));
-  
+
   return array(
       _('All users'),
-      Users_view($users, $order_by, User_arrived_count(), User_active_count(), User_force_active_count(), ShiftEntries_freeleaded_count(), User_tshirts_count()) 
+      Users_view($users, $order_by, User_arrived_count(), User_active_count(), User_force_active_count(), ShiftEntries_freeleaded_count(), User_tshirts_count())
   );
 }
 
@@ -96,10 +96,10 @@ function user_password_recovery_controller() {
       error(_("Token is not correct."));
       redirect(page_link_to('login'));
     }
-    
+
     if (isset($_REQUEST['submit'])) {
       $ok = true;
-      
+
       if (isset($_REQUEST['password']) && strlen($_REQUEST['password']) >= MIN_PASSWORD_LENGTH) {
         if ($_REQUEST['password'] != $_REQUEST['password2']) {
           $ok = false;
@@ -109,22 +109,22 @@ function user_password_recovery_controller() {
         $ok = false;
         error(_("Your password is to short (please use at least 6 characters)."));
       }
-      
+
       if ($ok) {
         $result = set_password($user_source['UID'], $_REQUEST['password']);
         if ($result === false)
           engelsystem_error(_("Password could not be updated."));
-        
+
         success(_("Password saved."));
         redirect(page_link_to('login'));
       }
     }
-    
+
     return User_password_set_view();
   } else {
     if (isset($_REQUEST['submit'])) {
       $ok = true;
-      
+
       if (isset($_REQUEST['email']) && strlen(strip_request_item('email')) > 0) {
         $email = strip_request_item('email');
         if (check_email($email)) {
@@ -143,7 +143,7 @@ function user_password_recovery_controller() {
         $ok = false;
         error(_("Please enter your e-mail."));
       }
-      
+
       if ($ok) {
         $token = User_generate_password_recovery_token($user_source);
         if ($token === false)
@@ -151,12 +151,12 @@ function user_password_recovery_controller() {
         $result = engelsystem_email_to_user($user_source, _("Password recovery"), sprintf(_("Please visit %s to recover your password."), page_link_to_absolute('user_password_recovery') . '&token=' . $token));
         if ($result === false)
           engelsystem_error("Unable to send password recovery email.");
-        
+
         success(_("We sent an email containing your password recovery link."));
         redirect(page_link_to('login'));
       }
     }
-    
+
     return User_password_recovery_view();
   }
 }
@@ -168,4 +168,4 @@ function user_password_recovery_title() {
   return _("Password recovery");
 }
 
-?>
-\ No newline at end of file
+?>
diff --git a/includes/model/User_model.php b/includes/model/User_model.php
index 95ba32be..a6c12f9d 100644
--- a/includes/model/User_model.php
+++ b/includes/model/User_model.php
@@ -191,12 +191,13 @@ function User_by_password_recovery_token($token) {
  *
  * @param User $user
  */
-function User_reset_api_key(&$user) {
+function User_reset_api_key(&$user, $log = true) {
   $user['api_key'] = md5($user['Nick'] . time() . rand());
   $result = sql_query("UPDATE `User` SET `api_key`='" . sql_escape($user['api_key']) . "' WHERE `UID`='" . sql_escape($user['UID']) . "' LIMIT 1");
   if ($result === false)
     return false;
-  engelsystem_log(sprintf("API key resetted (%s).",User_Nick_render($user)));
+  if ($log)
+    engelsystem_log(sprintf("API key resetted (%s).",User_Nick_render($user)));
 }
 
 /**
diff --git a/includes/pages/user_shifts.php b/includes/pages/user_shifts.php
index 242d83af..a536c1ac 100644
--- a/includes/pages/user_shifts.php
+++ b/includes/pages/user_shifts.php
@@ -749,7 +749,7 @@ function view_user_shifts() {
   }
 
   if ($user['api_key'] == "")
-    User_reset_api_key($user);
+    User_reset_api_key($user, false);
 
   return page(array(
       '<div class="col-md-12">',
author	Felix Favre <gnomus@gnomus.de>	2014-12-16 00:54:50 +0100
committer	Felix Favre <gnomus@gnomus.de>	2014-12-16 00:54:50 +0100
commit	807e4208832288dbbd876056621a36f58e836d42 (patch)
tree	0afd60270963169187b3a11cb23e62d22a2fc2db
parent	d2e59e8f86f643ca3f9776a334f0eb38b6efe2a5 (diff)