Index: branches/2.8.x/CHANGELOG =================================================================== --- branches/2.8.x/CHANGELOG (revision 1303) +++ branches/2.8.x/CHANGELOG (revision 1304) @@ -11,7 +11,9 @@ ! = Update/Change ------------------------------------- 2.8.1 ------------------------------------- -07-Mar-2010 Dietmar Woellbrink (Luisehahne) +17-Mar-2010 Dietmar Woellbrink (Luisehahne) +# Ticket #956 Useraccounts, now e-mail is required +09-Mar-2010 Dietmar Woellbrink (Luisehahne) # Fixed e-mail preg pattern, because issues with some php versions 07-Mar-2010 Dietmar Woellbrink (Luisehahne) # fixed search_modext.php ( Tks to Thorn ) Index: branches/2.8.x/wb/admin/interface/version.php =================================================================== --- branches/2.8.x/wb/admin/interface/version.php (revision 1303) +++ branches/2.8.x/wb/admin/interface/version.php (revision 1304) @@ -52,6 +52,6 @@ // check if defined to avoid errors during installation (redirect to admin panel fails if PHP error/warnings are enabled) if(!defined('VERSION')) define('VERSION', '2.8.x'); -if(!defined('REVISION')) define('REVISION', '1303'); +if(!defined('REVISION')) define('REVISION', '1304'); ?> \ No newline at end of file Index: branches/2.8.x/wb/admin/users/save.php =================================================================== --- branches/2.8.x/wb/admin/users/save.php (revision 1303) +++ branches/2.8.x/wb/admin/users/save.php (revision 1304) @@ -1,102 +1,112 @@ - - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - -// Print admin header -require('../../config.php'); -require_once(WB_PATH.'/framework/class.admin.php'); -$admin = new admin('Access', 'users_modify'); - -// Create new database object -$database = new database(); - -// Check if user id is a valid number and doesnt equal 1 -if(!isset($_POST['user_id']) OR !is_numeric($_POST['user_id']) OR $_POST['user_id'] == 1) { - header("Location: index.php"); - exit(0); -} else { - $user_id = $_POST['user_id']; -} - -// Gather details entered -$groups_id = (isset($_POST['groups'])) ? implode(",", $admin->add_slashes($_POST['groups'])) : ''; -$active = $admin->add_slashes($_POST['active'][0]); -$username_fieldname = $admin->get_post_escaped('username_fieldname'); -$username = strtolower($admin->get_post_escaped($username_fieldname)); -$password = $admin->get_post('password'); -$password2 = $admin->get_post('password2'); -$display_name = $admin->get_post_escaped('display_name'); -$email = $admin->get_post_escaped('email'); -$home_folder = $admin->get_post_escaped('home_folder'); - -// Create a javascript back link -$js_back = "javascript: history.go(-1);"; - -// Check values -if($groups_id == "") { - $admin->print_error($MESSAGE['USERS']['NO_GROUP'], $js_back); -} -if(strlen($username) < 2) { - $admin->print_error($MESSAGE['USERS']['USERNAME_TOO_SHORT'], $js_back); -} -if($password != "") { - if(strlen($password) < 2) { - $admin->print_error($MESSAGE['USERS']['PASSWORD_TOO_SHORT'], $js_back); - } - if($password != $password2) { - $admin->print_error($MESSAGE['USERS']['PASSWORD_MISMATCH'], $js_back); - } -} -if($email != "") { - if($admin->validate_email($email) == false) { - $admin->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back); - } -} - -// Prevent from renaming user to "admin" -if($username != 'admin') { - $username_code = ", username = '$username'"; -} else { - $username_code = ''; -} - -// Update the database -if($password == "") { - $query = "UPDATE ".TABLE_PREFIX."users SET groups_id = '$groups_id', active = '$active'$username_code, display_name = '$display_name', home_folder = '$home_folder', email = '$email' WHERE user_id = '$user_id'"; -} else { - // MD5 supplied password - $md5_password = md5($password); - $query = "UPDATE ".TABLE_PREFIX."users SET groups_id = '$groups_id', active = '$active'$username_code, display_name = '$display_name', home_folder = '$home_folder', email = '$email', password = '$md5_password' WHERE user_id = '$user_id'"; -} -$database->query($query); -if($database->is_error()) { - $admin->print_error($database->get_error()); -} else { - $admin->print_success($MESSAGE['USERS']['SAVED']); -} - -// Print admin footer -$admin->print_footer(); - +add_slashes($_POST['groups'])) : ''; +$active = $admin->add_slashes($_POST['active'][0]); +$username_fieldname = $admin->get_post_escaped('username_fieldname'); +$username = strtolower($admin->get_post_escaped($username_fieldname)); +$password = $admin->get_post('password'); +$password2 = $admin->get_post('password2'); +$display_name = $admin->get_post_escaped('display_name'); +$email = $admin->get_post_escaped('email'); +$home_folder = $admin->get_post_escaped('home_folder'); + +// Create a javascript back link +$js_back = "javascript: history.go(-1);"; + +// Check values +if($groups_id == "") { + $admin->print_error($MESSAGE['USERS']['NO_GROUP'], $js_back); +} +if(strlen($username) < 2) { + $admin->print_error($MESSAGE['USERS']['USERNAME_TOO_SHORT'], $js_back); +} +if($password != "") { + if(strlen($password) < 2) { + $admin->print_error($MESSAGE['USERS']['PASSWORD_TOO_SHORT'], $js_back); + } + if($password != $password2) { + $admin->print_error($MESSAGE['USERS']['PASSWORD_MISMATCH'], $js_back); + } +} + +if($email != "") +{ + if($admin->validate_email($email) == false) + { + $admin->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back); + } +} else { // e-mail must be present + $admin->print_error($MESSAGE['SIGNUP']['NO_EMAIL'], $js_back); +} + +// Check if the email already exists +$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE email = '".$admin->add_slashes($_POST['email'])."'"); +if($results->numRows() > 0) +{ + if(isset($MESSAGE['USERS']['EMAIL_TAKEN'])) + { + $admin->print_error($MESSAGE['USERS']['EMAIL_TAKEN'], $js_back); + } else { + $admin->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back); + } +} + +// Prevent from renaming user to "admin" +if($username != 'admin') { + $username_code = ", username = '$username'"; +} else { + $username_code = ''; +} + +// Update the database +if($password == "") { + $query = "UPDATE ".TABLE_PREFIX."users SET groups_id = '$groups_id', active = '$active'$username_code, display_name = '$display_name', home_folder = '$home_folder', email = '$email' WHERE user_id = '$user_id'"; +} else { + // MD5 supplied password + $md5_password = md5($password); + $query = "UPDATE ".TABLE_PREFIX."users SET groups_id = '$groups_id', active = '$active'$username_code, display_name = '$display_name', home_folder = '$home_folder', email = '$email', password = '$md5_password' WHERE user_id = '$user_id'"; +} +$database->query($query); +if($database->is_error()) { + $admin->print_error($database->get_error()); +} else { + $admin->print_success($MESSAGE['USERS']['SAVED']); +} + +// Print admin footer +$admin->print_footer(); + ?> \ No newline at end of file Property changes on: branches/2.8.x/wb/admin/users/save.php ___________________________________________________________________ Modified: svn:keywords ## -1 +1,4 ## -Id \ No newline at end of property +Id +Revision +HeadURL +Date \ No newline at end of property Index: branches/2.8.x/wb/admin/users/users.php =================================================================== --- branches/2.8.x/wb/admin/users/users.php (revision 1303) +++ branches/2.8.x/wb/admin/users/users.php (revision 1304) @@ -40,7 +40,8 @@ exit(0); } -if($_POST['action'] == 'modify') { +if($_POST['action'] == 'modify') +{ // Print header $admin = new admin('Access', 'users_modify'); // Get existing values @@ -71,7 +72,7 @@ } // Add groups to list $template->set_block('main_block', 'group_list_block', 'group_list'); - $results = $database->query("SELECT group_id, name FROM ".TABLE_PREFIX."groups WHERE group_id != '1'"); + $results = $database->query("SELECT group_id, name FROM ".TABLE_PREFIX."groups WHERE group_id != '1' ORDER BY name"); if($results->numRows() > 0) { $template->set_var('ID', ''); $template->set_var('NAME', $TEXT['PLEASE_SELECT'].'...'); @@ -88,12 +89,14 @@ $template->parse('group_list', 'group_list_block', true); } } + // Only allow the user to add a user to the Administrators group if they belong to it - if(in_array(1, $admin->get_groups_id())) { + if(in_array(1, $admin->get_groups_id())) + { $template->set_var('ID', '1'); $users_groups = $admin->get_groups_name(); $template->set_var('NAME', $users_groups[1]); - + $in_group = FALSE; foreach($admin->get_groups_id() as $cur_gid){ if (in_array($cur_gid, explode(",", $user['groups_id']))) { @@ -115,7 +118,7 @@ $template->parse('group_list', 'group_list_block', true); } } - + // Generate username field name $username_fieldname = 'username_'; $salt = "abchefghjkmnpqrstuvwxyz0123456789"; Index: branches/2.8.x/wb/admin/users/index.php =================================================================== --- branches/2.8.x/wb/admin/users/index.php (revision 1303) +++ branches/2.8.x/wb/admin/users/index.php (revision 1304) @@ -30,7 +30,7 @@ // Get existing value from database $database = new database(); -$query = "SELECT user_id, username, display_name FROM ".TABLE_PREFIX."users WHERE user_id != '1' ORDER BY username"; +$query = "SELECT user_id, username, display_name FROM ".TABLE_PREFIX."users WHERE user_id != '1' ORDER BY display_name,username"; $results = $database->query($query); if($database->is_error()) { $admin->print_error($database->get_error(), 'index.php'); Index: branches/2.8.x/wb/admin/users/add.php =================================================================== --- branches/2.8.x/wb/admin/users/add.php (revision 1303) +++ branches/2.8.x/wb/admin/users/add.php (revision 1304) @@ -1,106 +1,105 @@ - - Copyright (C) 2004-2009, Ryan Djurovich - - Website Baker is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2 of the License, or - (at your option) any later version. - - Website Baker is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. - - You should have received a copy of the GNU General Public License - along with Website Baker; if not, write to the Free Software - Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - -*/ - -// Print admin header -require('../../config.php'); -require_once(WB_PATH.'/framework/class.admin.php'); -$admin = new admin('Access', 'users_add'); - -// Create new database object -$database = new database(); - -// Get details entered -$groups_id = implode(",", $admin->add_slashes($_POST['groups'])); //should check permissions -$groups_id = trim($groups_id, ','); // there will be an additional ',' when "Please Choose" was selected, too -$active = $admin->add_slashes($_POST['active'][0]); -$username_fieldname = $admin->get_post_escaped('username_fieldname'); -$username = strtolower($admin->get_post_escaped($username_fieldname)); -$password = $admin->get_post('password'); -$password2 = $admin->get_post('password2'); -$display_name = $admin->get_post_escaped('display_name'); -$email = $admin->get_post_escaped('email'); -$home_folder = $admin->get_post_escaped('home_folder'); -$default_language = DEFAULT_LANGUAGE; - -// Create a javascript back link -$js_back = 'javascript: history.go(-1);'; - -// Check values -if($groups_id == '') { - $admin->print_error($MESSAGE['USERS']['NO_GROUP'], $js_back); -} -if(strlen($username) < 2) { - $admin->print_error($MESSAGE['USERS']['USERNAME_TOO_SHORT'], $js_back); -} -if(strlen($password) < 2) { - $admin->print_error($MESSAGE['USERS']['PASSWORD_TOO_SHORT'], $js_back); -} -if($password != $password2) { - $admin->print_error($MESSAGE['USERS']['PASSWORD_MISMATCH'], $js_back); -} -if($email != '') { - if($admin->validate_email($email) == false) { - $admin->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back); - } -} - -// choose group_id from groups_id - workaround for still remaining calls to group_id (to be cleaned-up) -$gid_tmp = explode(',', $groups_id); -if(in_array('1', $gid_tmp)) $group_id = '1'; // if user is in administrator-group, get this group -else $group_id = $gid_tmp[0]; // else just get the first one -unset($gid_tmp); - -// Check if username already exists -$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE username = '$username'"); -if($results->numRows() > 0) { - $admin->print_error($MESSAGE['USERS']['USERNAME_TAKEN'], $js_back); -} - -// Check if the email already exists -$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE email = '".$admin->add_slashes($_POST['email'])."'"); -if($results->numRows() > 0) { - if(isset($MESSAGE['USERS']['EMAIL_TAKEN'])) { - $admin->print_error($MESSAGE['USERS']['EMAIL_TAKEN'], $js_back); - } else { - $admin->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back); - } -} - -// MD5 supplied password -$md5_password = md5($password); - -// Inser the user into the database -$query = "INSERT INTO ".TABLE_PREFIX."users (group_id,groups_id,active,username,password,display_name,home_folder,email,timezone, language) VALUES ('$group_id', '$groups_id', '$active', '$username','$md5_password','$display_name','$home_folder','$email','-72000', '$default_language')"; -$database->query($query); -if($database->is_error()) { - $admin->print_error($database->get_error()); -} else { - $admin->print_success($MESSAGE['USERS']['ADDED']); -} - -// Print admin footer -$admin->print_footer(); - +add_slashes($_POST['groups'])); //should check permissions +$groups_id = trim($groups_id, ','); // there will be an additional ',' when "Please Choose" was selected, too +$active = $admin->add_slashes($_POST['active'][0]); +$username_fieldname = $admin->get_post_escaped('username_fieldname'); +$username = strtolower($admin->get_post_escaped($username_fieldname)); +$password = $admin->get_post('password'); +$password2 = $admin->get_post('password2'); +$display_name = $admin->get_post_escaped('display_name'); +$email = $admin->get_post_escaped('email'); +$home_folder = $admin->get_post_escaped('home_folder'); +$default_language = DEFAULT_LANGUAGE; + +// Create a javascript back link +$js_back = 'javascript: history.go(-1);'; + +// Check values +if($groups_id == '') { + $admin->print_error($MESSAGE['USERS']['NO_GROUP'], $js_back); +} +if(strlen($username) < 2) { + $admin->print_error($MESSAGE['USERS']['USERNAME_TOO_SHORT'], $js_back); +} +if(strlen($password) < 2) { + $admin->print_error($MESSAGE['USERS']['PASSWORD_TOO_SHORT'], $js_back); +} +if($password != $password2) { + $admin->print_error($MESSAGE['USERS']['PASSWORD_MISMATCH'], $js_back); +} +if($email != '') +{ + if($admin->validate_email($email) == false) + { + $admin->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back); + } +} else { // e-mail must be present + $admin->print_error($MESSAGE['SIGNUP']['NO_EMAIL'], $js_back); +} + +// choose group_id from groups_id - workaround for still remaining calls to group_id (to be cleaned-up) +$gid_tmp = explode(',', $groups_id); +if(in_array('1', $gid_tmp)) $group_id = '1'; // if user is in administrator-group, get this group +else $group_id = $gid_tmp[0]; // else just get the first one +unset($gid_tmp); + +// Check if username already exists +$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE username = '$username'"); +if($results->numRows() > 0) { + $admin->print_error($MESSAGE['USERS']['USERNAME_TAKEN'], $js_back); +} + +// Check if the email already exists +$results = $database->query("SELECT user_id FROM ".TABLE_PREFIX."users WHERE email = '".$admin->add_slashes($_POST['email'])."'"); +if($results->numRows() > 0) +{ + if(isset($MESSAGE['USERS']['EMAIL_TAKEN'])) + { + $admin->print_error($MESSAGE['USERS']['EMAIL_TAKEN'], $js_back); + } else { + $admin->print_error($MESSAGE['USERS']['INVALID_EMAIL'], $js_back); + } +} + +// MD5 supplied password +$md5_password = md5($password); + +// Inser the user into the database +$query = "INSERT INTO ".TABLE_PREFIX."users (group_id,groups_id,active,username,password,display_name,home_folder,email,timezone, language) VALUES ('$group_id', '$groups_id', '$active', '$username','$md5_password','$display_name','$home_folder','$email','-72000', '$default_language')"; +$database->query($query); +if($database->is_error()) { + $admin->print_error($database->get_error()); +} else { + $admin->print_success($MESSAGE['USERS']['ADDED']); +} + +// Print admin footer +$admin->print_footer(); + ?> \ No newline at end of file Property changes on: branches/2.8.x/wb/admin/users/add.php ___________________________________________________________________ Modified: svn:keywords ## -1 +1,4 ## -Id \ No newline at end of property +Id +Revision +HeadURL +Date \ No newline at end of property