diff --git a/application/controllers/Employees.php b/application/controllers/Employees.php index eeac6f19c..723fc8492 100644 --- a/application/controllers/Employees.php +++ b/application/controllers/Employees.php @@ -85,59 +85,91 @@ class Employees extends Persons */ public function save($employee_id = -1) { - $person_data = array( - 'first_name' => $this->input->post('first_name'), - 'last_name' => $this->input->post('last_name'), - 'gender' => $this->input->post('gender'), - 'email' => $this->input->post('email'), - 'phone_number' => $this->input->post('phone_number'), - 'address_1' => $this->input->post('address_1'), - 'address_2' => $this->input->post('address_2'), - 'city' => $this->input->post('city'), - 'state' => $this->input->post('state'), - 'zip' => $this->input->post('zip'), - 'country' => $this->input->post('country'), - 'comments' => $this->input->post('comments'), - ); - $grants_data = $this->input->post('grants') != NULL ? $this->input->post('grants') : array(); - - //Password has been changed OR first time password set - if($this->input->post('password') != '') + if($this->input->post('current_password') != '') { - $employee_data = array( - 'username' => $this->input->post('username'), - 'password' => password_hash($this->input->post('password'), PASSWORD_DEFAULT), - 'hash_version' => 2 + if($this->_check_password($employee_id,$this->input->post('current_password'))) + { + $employee_data = array( + 'username' => $this->input->post('username'), + 'password' => password_hash($this->input->post('password'), PASSWORD_DEFAULT), + 'hash_version' => 2 + ); + + if($this->Employee->change_password($employee_data, $employee_id)) + { + $employee_data = $this->xss_clean($employee_data); + + echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('employees_successful_change_password').' '. + $person_data['first_name'].' '.$person_data['last_name'], 'id' => $employee_id)); + } + else//failure + { + echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('employees_successful_change_password').' '. + $person_data['first_name'].' '.$person_data['last_name'], 'id' => -1)); + } + } + else + { + echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('employees_current_password_invalid').' '. + $person_data['first_name'].' '.$person_data['last_name'], 'id' => -1)); + } + } + else + { + $person_data = array( + 'first_name' => $this->input->post('first_name'), + 'last_name' => $this->input->post('last_name'), + 'gender' => $this->input->post('gender'), + 'email' => $this->input->post('email'), + 'phone_number' => $this->input->post('phone_number'), + 'address_1' => $this->input->post('address_1'), + 'address_2' => $this->input->post('address_2'), + 'city' => $this->input->post('city'), + 'state' => $this->input->post('state'), + 'zip' => $this->input->post('zip'), + 'country' => $this->input->post('country'), + 'comments' => $this->input->post('comments'), ); - } - else //Password not changed - { - $employee_data = array('username' => $this->input->post('username')); - } - - if($this->Employee->save_employee($person_data, $employee_data, $grants_data, $employee_id)) - { - $person_data = $this->xss_clean($person_data); - $employee_data = $this->xss_clean($employee_data); - - //New employee - if($employee_id == -1) + $grants_data = $this->input->post('grants') != NULL ? $this->input->post('grants') : array(); + + //Password has been changed OR first time password set + if($this->input->post('password') != '') { - echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('employees_successful_adding').' '. - $person_data['first_name'].' '.$person_data['last_name'], 'id' => $employee_data['person_id'])); + $employee_data = array( + 'username' => $this->input->post('username'), + 'password' => password_hash($this->input->post('password'), PASSWORD_DEFAULT), + 'hash_version' => 2 + ); } - else //Existing employee + else //Password not changed { - echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('employees_successful_updating').' '. - $person_data['first_name'].' '.$person_data['last_name'], 'id' => $employee_id)); + $employee_data = array('username' => $this->input->post('username')); } - } - else//failure - { - $person_data = $this->xss_clean($person_data); + + if($this->Employee->save_employee($person_data, $employee_data, $grants_data, $employee_id)) + { + $person_data = $this->xss_clean($person_data); + $employee_data = $this->xss_clean($employee_data); - echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('employees_error_adding_updating').' '. - $person_data['first_name'].' '.$person_data['last_name'], 'id' => -1)); + //New employee + if($employee_id == -1) + { + echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('employees_successful_adding').' '. + $person_data['first_name'].' '.$person_data['last_name'], 'id' => $employee_data['person_id'])); + } + else //Existing employee + { + echo json_encode(array('success' => TRUE, 'message' => $this->lang->line('employees_successful_updating').' '. + $person_data['first_name'].' '.$person_data['last_name'], 'id' => $employee_id)); + } + } + else//failure + { + $person_data = $this->xss_clean($person_data); + + echo json_encode(array('success' => FALSE, 'message' => $this->lang->line('employees_error_adding_updating').' '. + $person_data['first_name'].' '.$person_data['last_name'], 'id' => -1)); + } } } @@ -158,5 +190,33 @@ class Employees extends Persons echo json_encode(array('success' => FALSE,'message' => $this->lang->line('employees_cannot_be_deleted'))); } } + + /* + Loads the change password form + */ + public function change_password($employee_id = -1) + { + $person_info = $this->Employee->get_info($employee_id); + foreach(get_object_vars($person_info) as $property => $value) + { + $person_info->$property = $this->xss_clean($value); + } + $data['person_info'] = $person_info; + + $this->load->view("change_password", $data); + } + + private function _check_password($employee_id,$password) + { + $person_info = $this->Employee->get_info($employee_id); + if(password_verify($password, $person_info->password)) + { + return TRUE; + } + else + { + return FALSE; + } + } } ?> \ No newline at end of file diff --git a/application/language/en/employees_lang.php b/application/language/en/employees_lang.php index 81e0ec4fb..360d2b8a1 100644 --- a/application/language/en/employees_lang.php +++ b/application/language/en/employees_lang.php @@ -2,7 +2,10 @@ $lang["employees_basic_information"] = "Information"; $lang["employees_cannot_be_deleted"] = "Could not deleted selected employees, one or more of the employees has processed sales or you are trying to delete yourself :)"; +$lang["employees_change_password"] = "Change Password"; $lang["employees_confirm_delete"] = "Are you sure you want to delete the selected employees?"; +$lang["employees_current_password"] = "Current Password"; +$lang["employees_current_password_invalid"] = "Invalid Current Password"; $lang["employees_employee"] = "Employee"; $lang["employees_error_adding_updating"] = "Error adding/updating employee"; $lang["employees_error_deleting_demo_admin"] = "You can not delete the demo admin user"; @@ -14,6 +17,7 @@ $lang["employees_one_or_multiple"] = "employee(s)"; $lang["employees_password"] = "Password"; $lang["employees_password_minlength"] = "Passwords must be at least 8 characters"; $lang["employees_password_must_match"] = "Passwords do not match"; +$lang["employees_password_not_must_match"] = "Current password and new password should not be the same"; $lang["employees_password_required"] = "Password is required"; $lang["employees_permission_desc"] = "Check the boxes below to grant access to modules"; $lang["employees_permission_info"] = "Permissions"; @@ -22,6 +26,7 @@ $lang["employees_subpermission_required"] = "Add at least one grant for each mod $lang["employees_successful_adding"] = "You have successfully added employee"; $lang["employees_successful_deleted"] = "You have successfully deleted"; $lang["employees_successful_updating"] = "You have successfully updated employee"; +$lang["employees_successful_change_password"] = "Password successfully changed"; $lang["employees_update"] = "Update Employee"; $lang["employees_username"] = "Username"; $lang["employees_username_minlength"] = "The username must be at least 5 characters"; diff --git a/application/language/es/employees_lang.php b/application/language/es/employees_lang.php index b88d31bfd..245cecb7c 100644 --- a/application/language/es/employees_lang.php +++ b/application/language/es/employees_lang.php @@ -2,7 +2,10 @@ $lang["employees_basic_information"] = "Información Básica de Empleados"; $lang["employees_cannot_be_deleted"] = "No se pudieron borrar empleados. Uno o más empleados tiene ventas procesadas o estás tratando de borrarte a tí mismo(a)."; +$lang["employees_change_password"] = "Cambiar Contraseña"; $lang["employees_confirm_delete"] = "¿Seguro(a) que quieres borrar los empleados seleccionados?"; +$lang["employees_current_password"] = "Contraseña Actual"; +$lang["employees_current_password_invalid"] = "Contraseña Actual Inválida"; $lang["employees_employee"] = "Empleado"; $lang["employees_error_adding_updating"] = "Error al agregar/actualizar empleado"; $lang["employees_error_deleting_demo_admin"] = "No puedes borrar el usuario admin del demo"; @@ -14,6 +17,7 @@ $lang["employees_one_or_multiple"] = "empleado(s)"; $lang["employees_password"] = "Contraseña"; $lang["employees_password_minlength"] = "La contraseña debe tener, por lo menos, 8 caracteres"; $lang["employees_password_must_match"] = "Las Contraseñas no coinciden"; +$lang["employees_password_not_must_match"] = "Las contraseña actual y la nueva contraseña no deben ser iguales"; $lang["employees_password_required"] = "La Contraseña es requerida"; $lang["employees_permission_desc"] = "Activa las cajas debajo para permitir el acceso a los módulos"; $lang["employees_permission_info"] = "Permisos y Acceso del Empleado"; @@ -22,6 +26,7 @@ $lang["employees_subpermission_required"] = "Agregar al menos un permiso para ca $lang["employees_successful_adding"] = "Has agregado el empleado satisfactoriamente"; $lang["employees_successful_deleted"] = "Has borrado satisfactoriamente a"; $lang["employees_successful_updating"] = "Has actualizado el empleado satisfactoriamente"; +$lang["employees_successful_change_password"] = "Contraseña cambiada satisfactoriamente"; $lang["employees_update"] = "Actualizar Empleado"; $lang["employees_username"] = "Usuario"; $lang["employees_username_minlength"] = "El Usuario debe tener, por lo menos, 5 caracteres"; diff --git a/application/models/Employee.php b/application/models/Employee.php index dfeec9ff7..56f999a68 100644 --- a/application/models/Employee.php +++ b/application/models/Employee.php @@ -411,5 +411,24 @@ class Employee extends Person return $this->db->get()->result_array(); } + /* + Change password for the employee + */ + public function change_password($employee_data, $employee_id = FALSE) + { + $success = FALSE; + + //Run these queries as a transaction, we want to make sure we do all or nothing + $this->db->trans_start(); + + $this->db->where('person_id', $employee_id); + $success = $this->db->update('employees', $employee_data); + + $this->db->trans_complete(); + + $success &= $this->db->trans_status(); + + return $success; + } } ?> diff --git a/application/views/change_password.php b/application/views/change_password.php new file mode 100644 index 000000000..c61c57627 --- /dev/null +++ b/application/views/change_password.php @@ -0,0 +1,127 @@ +
lang->line('common_fields_required_message'); ?>
+ + + +person_id, array('id'=>'employee_form', 'class'=>'form-horizontal')); ?> +
+
+
+
+ lang->line('employees_username'), 'username', array('class'=>'required control-label col-xs-3')); ?> +
+
+ + 'username', + 'id'=>'username', + 'class'=>'form-control input-sm', + 'value'=>$person_info->username, + 'readonly'=>'true') + );?> +
+
+
+ + person_id == "" ? array('class'=>'required') : array(); ?> + +
+ lang->line('employees_current_password'), 'current_password', array_merge($password_label_attributes, array('class'=>'control-label col-xs-3'))); ?> +
+
+ + 'current_password', + 'id'=>'current_password', + 'class'=>'form-control input-sm') + );?> +
+
+
+ +
+ lang->line('employees_password'), 'password', array_merge($password_label_attributes, array('class'=>'control-label col-xs-3'))); ?> +
+
+ + 'password', + 'id'=>'password', + 'class'=>'form-control input-sm') + );?> +
+
+
+ +
+ lang->line('employees_repeat_password'), 'repeat_password', array_merge($password_label_attributes, array('class'=>'control-label col-xs-3'))); ?> +
+
+ + 'repeat_password', + 'id'=>'repeat_password', + 'class'=>'form-control input-sm') + );?> +
+
+
+
+
+
+ + + \ No newline at end of file diff --git a/application/views/configs/manage.php b/application/views/configs/manage.php index 58de68850..821b1ae54 100644 --- a/application/views/configs/manage.php +++ b/application/views/configs/manage.php @@ -1,5 +1,9 @@ load->view("partial/header"); ?> + +