- change edituser.php to allow editing of administrative privilages.
This commit is contained in:
Tony Lambregts
committed by
Jeremy Newman
Jeremy Newman
parent
981b904e71
commit
470305407e
125
edituser.php
125
edituser.php
@@ -1,55 +1,116 @@
|
|||||||
<?
|
<?
|
||||||
|
|
||||||
include("path.php");
|
include("path.php");
|
||||||
include(BASE."include/"."incl.php");
|
include(BASE."include/"."incl.php");
|
||||||
include(BASE."include/"."tableve.php");
|
|
||||||
include(BASE."include/"."qclass.php");
|
|
||||||
|
|
||||||
if(!havepriv("admin"))
|
if(!loggedin())
|
||||||
{
|
{
|
||||||
errorpage();
|
errorpage("You must be logged in to edit preferences");
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
if(!havepriv("admin"))
|
||||||
|
|
||||||
$user_fields = array("stamp", "userid", "username", "password", "realname", "email", "created", "status");
|
|
||||||
|
|
||||||
function make_fields($fields, $prefix)
|
|
||||||
{
|
{
|
||||||
$arr = array();
|
errorpage("You do not have sufficient rights to edit users");
|
||||||
while(list($idx, $field) = each($fields))
|
exit;
|
||||||
$arr[] = "$prefix.$field";
|
|
||||||
return $arr;
|
|
||||||
}
|
}
|
||||||
|
$user = new User();
|
||||||
|
$result = mysql_query("SELECT stamp, userid, username, realname, ".
|
||||||
|
"created, status, perm FROM user_list WHERE ".
|
||||||
|
"userid = '$userid'", $user->link);
|
||||||
|
if(!$result)
|
||||||
|
{
|
||||||
|
errorpage("You must be logged in to edit preferences");
|
||||||
|
exit;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
list($user->stamp, $user->userid, $user->username, $user->realname,
|
||||||
|
$user->created, $status, $perm) = mysql_fetch_row($result);
|
||||||
|
|
||||||
apidb_header("Edit User");
|
global $ext_username, $ext_password1, $ext_password2, $ext_realname, $ext_email, $ext_hasadmin;
|
||||||
|
|
||||||
$t = new TableVE("edit");
|
|
||||||
|
|
||||||
if($HTTP_POST_VARS)
|
if($HTTP_POST_VARS)
|
||||||
{
|
{
|
||||||
$t->update($HTTP_POST_VARS);
|
if ($ext_password == $ext_password2)
|
||||||
}
|
{
|
||||||
else
|
$passwd = $ext_password;
|
||||||
{
|
}
|
||||||
$qc = new qclass();
|
else if ($ext_password)
|
||||||
$qc->add_fields(make_fields($user_fields, "user_list"));
|
{
|
||||||
if($username)
|
addmsg("The Passwords you entered did not match.", "red");
|
||||||
$qc->add_where("username = '$username'");
|
}
|
||||||
|
|
||||||
|
if ($user->update($userid, $passwd, $ext_realname, $ext_email))
|
||||||
|
{
|
||||||
|
addmsg("Preferences Updated", "green");
|
||||||
|
}
|
||||||
else
|
else
|
||||||
$qc->add_where("userid = $userid");
|
{
|
||||||
$qc->resolve();
|
addmsg("There was a problem updating the user's info", "red");
|
||||||
|
}
|
||||||
|
if($ext_hasadmin=="on")
|
||||||
|
$user->addpriv("admin");
|
||||||
|
else
|
||||||
|
$user->delpriv("admin");
|
||||||
|
}
|
||||||
|
|
||||||
$query = $qc->get_query();
|
{
|
||||||
|
// show form
|
||||||
|
|
||||||
if(debugging())
|
|
||||||
echo "$query <br><br>\n";
|
|
||||||
|
|
||||||
$t->edit($query);
|
apidb_header("Edit User");
|
||||||
|
|
||||||
|
echo "<form method=post action='edituser.php'>\n";
|
||||||
|
echo html_frame_start("Data for user ID $userid", "80%");
|
||||||
|
echo html_table_begin("width='100%' border=0 align=left cellspacing=0 class='box-body'");
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
$ext_username = $user->lookup_username($userid);
|
||||||
|
$ext_realname = $user->lookup_realname($userid);
|
||||||
|
$ext_email = $user->lookup_email($userid);
|
||||||
|
if($user->checkpriv("admin"))
|
||||||
|
$ext_hasadmin = 'checked="true"';
|
||||||
|
else
|
||||||
|
$ext_hasadmin = "";
|
||||||
|
|
||||||
|
|
||||||
|
?>
|
||||||
|
<input type="hidden" name="userid" value="<?=$userid?>">
|
||||||
|
<tr>
|
||||||
|
<td> User Name </td>
|
||||||
|
<td> <b> <?=$ext_username?> </b> </td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td> Password </td>
|
||||||
|
<td> <input type="password" name="ext_password"> </td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td> Password (again) </td>
|
||||||
|
<td> <input type="password" name="ext_password2"> </td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td> Real Name </td>
|
||||||
|
<td> <input type="text" name="ext_realname" value="<?=$ext_realname?>"> </td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td> Email Address </td>
|
||||||
|
<td> <input type="text" name="ext_email" value="<?=$ext_email?>"> </td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td> Administrator </td>
|
||||||
|
<td> <input type="checkbox" name="ext_hasadmin" "<?=$ext_hasadmin?>"> </td>
|
||||||
|
</tr>
|
||||||
|
<tr>
|
||||||
|
<td colspan=2> </td>
|
||||||
|
</tr>
|
||||||
|
<?
|
||||||
|
|
||||||
|
echo html_table_end();
|
||||||
|
echo html_frame_end();
|
||||||
|
echo "<br> <div align=center> <input type=submit value='Update'> </div> <br>\n";
|
||||||
|
echo "</form>\n";
|
||||||
}
|
}
|
||||||
|
|
||||||
apidb_footer();
|
apidb_footer();
|
||||||
|
|
||||||
?>
|
?>
|
||||||
|
|||||||
@@ -229,8 +229,7 @@ class User {
|
|||||||
return 1;
|
return 1;
|
||||||
|
|
||||||
$result = mysql_query("INSERT INTO user_privs VALUES ($this->userid, '$priv')", $this->link);
|
$result = mysql_query("INSERT INTO user_privs VALUES ($this->userid, '$priv')", $this->link);
|
||||||
|
return $result;
|
||||||
return mysql_affected_rows($result);
|
|
||||||
}
|
}
|
||||||
|
|
||||||
function delpriv($priv)
|
function delpriv($priv)
|
||||||
@@ -239,7 +238,7 @@ class User {
|
|||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
$result = mysql_query("DELETE FROM user_privs WHERE userid = $this->userid AND priv = '$priv'", $this->link);
|
$result = mysql_query("DELETE FROM user_privs WHERE userid = $this->userid AND priv = '$priv'", $this->link);
|
||||||
return mysql_num_rows($result);
|
return $result;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|||||||
Reference in New Issue
Block a user