/branches/2.8.x/wb/admin/users/save.php - Diff - WB 2.08.x - Tracking

« Previous | Next »

Revision 2065

Added by Dietmar almost 11 years ago

/admin/users bugfixes user deactivating and deleting

save.php
25	25
26	26	function save_user($admin, &$aActionRequest)
27	27	{
28		global $TEXT, $MESSAGE;
29	28	// Create a javascript back link
30	29	// $js_back = ADMIN_URL.'/users/index.php';
31	30	unset($aActionRequest['save']);
32	31
33	32	$aActionRequest['modify']= 'change';
34	33	$database = WbDatabase::getInstance();
	34	$mLang = Translate::getInstance();
35	35	$bRetVal = 0;
36	36	$iMinPassLength = 6;
37	37
38	38	if( !$admin->checkFTAN() )
39	39	{
40		msgQueue::add($MESSAGE['GENERIC_SECURITY_ACCESS']);
	40	msgQueue::add($mLang->MESSAGE_GENERIC_SECURITY_ACCESS);
41	41	return $bRetVal;
42	42	}
43	43
44	44	// Check if user id is a valid number and doesnt equal 1
45	45	if(!isset($aActionRequest['user_id']) OR !is_numeric($aActionRequest['user_id']) OR $aActionRequest['user_id'] == 1) {
46		msgQueue::add('::'.$MESSAGE['GENERIC_NOT_UPGRADED']);
	46	msgQueue::add('::'.$mLang->MESSAGE_GENERIC_NOT_UPGRADED);
47	47	return $bRetVal;
48	48	} else {
49	49	$user_id = intval($aActionRequest['user_id']);
...	...
52	52	if( ($user_id < 2 ) )
53	53	{
54	54	// if($admin_header) { $admin->print_header(); }
55		msgQueue::add($MESSAGE['GENERIC_SECURITY_OFFENSE']);
	55	msgQueue::add($mLang->MESSAGE_GENERIC_SECURITY_OFFENSE);
56	56	return $bRetVal;
57	57	}
58	58	// Get existing values
...	...
83	83
84	84	// Check values
85	85	if($groups_id == "") {
86		msgQueue::add($MESSAGE['USERS_NO_GROUP']);
	86	msgQueue::add($mLang->MESSAGE_USERS_NO_GROUP);
87	87	} else {
88	88	$aGroups_id = explode(',', $groups_id);
89	89	//if user is in administrator-group, get this group else just get the first one
...	...
93	93	//$admin->is_group_match($admin->get_groups_id(), '1' )
94	94	if(!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username))
95	95	{
96		msgQueue::add( $MESSAGE['USERS_NAME_INVALID_CHARS']);
	96	msgQueue::add( $mLang->MESSAGE_USERS_NAME_INVALID_CHARS);
97	97	}
98	98
99	99	if($password != "") {
100	100	if(strlen($password) < $iMinPassLength ) {
101		msgQueue::add($MESSAGE['USERS_PASSWORD_TOO_SHORT']);
	101	msgQueue::add($mLang->MESSAGE['USERS_PASSWORD_TOO_SHORT']);
102	102	}
103	103
104	104	$pattern = '/[^'.$admin->password_chars.']/';
105	105	if (preg_match($pattern, $password)) {
106		msgQueue::add($MESSAGE['PREFERENCES_INVALID_CHARS']);
	106	msgQueue::add($mLang->MESSAGE_PREFERENCES_INVALID_CHARS);
107	107	}
108	108
109	109	if(($password != $password2) ) {
110		msgQueue::add($MESSAGE['USERS_PASSWORD_MISMATCH']);
	110	msgQueue::add($mLang->MESSAGE_USERS_PASSWORD_MISMATCH);
111	111	}
112	112	}
113	113	// check that display_name is unique in whoole system (prevents from User-faking)
114	114	$sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
115	115	$sql .= 'WHERE `user_id` <> '.(int)$user_id.' AND `display_name` LIKE "'.$display_name.'"';
116	116	if( $database->get_one($sql) > 0 ){
117		msgQueue::add($MESSAGE['USERS_USERNAME_TAKEN'].' ('.$TEXT['DISPLAY_NAME'].')');
118		msgQueue::add($MESSAGE['MEDIA_CANNOT_RENAME']);
	117	msgQueue::add($mLang->MESSAGE_USERS_USERNAME_TAKEN.' ('.$mLang->TEXT_DISPLAY_NAME.')');
	118	msgQueue::add($mLang->MESSAGE_MEDIA_CANNOT_RENAME);
119	119	}
120	120	//
121	121	if( ($admin->get_user_id() != '1' ) )
122	122	{
123	123	if(findStringInFileList($display_name, dirname(__FILE__).'/disallowedNames')) {
124		msgQueue::add( $TEXT['ERROR'].' '.$TEXT['DISPLAY_NAME'].' ('.$display_name.')' );
	124	msgQueue::add( $mLang->TEXT_ERROR.' '.$mLang->TEXT_DISPLAY_NAME.' ('.$display_name.')' );
125	125	}
126	126	}
127	127
...	...
131	131	{
132	132	if($admin->validate_email($email) == false)
133	133	{
134		msgQueue::add($MESSAGE['USERS_INVALID_EMAIL'].' ('.$email.')');
	134	msgQueue::add($mLang->MESSAGE_USERS_INVALID_EMAIL.' ('.$email.')');
135	135	}
136	136	} else { // e-mail must be present
137		msgQueue::add($MESSAGE['SIGNUP_NO_EMAIL']);
	137	msgQueue::add($mLang->MESSAGE_SIGNUP_NO_EMAIL);
138	138	}
139	139
140	140	$sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` '.
...	...
143	143	// Check if the email already exists
144	144	if( ($iFoundUser = $database->get_one($sql)) != null ) {
145	145	if($iFoundUser) {
146		if(isset($MESSAGE['USERS_EMAIL_TAKEN']))
	146	if(isset($mLang->MESSAGE_USERS_EMAIL_TAKEN))
147	147	{
148		msgQueue::add($MESSAGE['USERS_EMAIL_TAKEN'].' ('.$email.')');
	148	msgQueue::add($mLang->MESSAGE_USERS_EMAIL_TAKEN.' ('.$email.')');
149	149	} else {
150		msgQueue::add($MESSAGE['USERS_INVALID_EMAIL'].' ('.$email.')');
	150	msgQueue::add($mLang->MESSAGE_USERS_INVALID_EMAIL.' ('.$email.')');
151	151	}
152	152	}
153	153	}
...	...
174	174	$sHomeFolder = WB_PATH.MEDIA_DIRECTORY.'/home/'.( media_filename($username) );
175	175	if ( sizeof(createFolderProtectFile( $sHomeFolder )) )
176	176	{
177		// msgQueue::add($MESSAGE['MEDIA_DIR_NOT_MADE']);
	177	// msgQueue::add($mLang->MESSAGE_MEDIA_DIR_NOT_MADE);
178	178	}
179	179	}
180	180
...	...
204	204
205	205	}
206	206	if($database->query($sql)) {
207		msgQueue::add($MESSAGE['USERS_SAVED'], true);
	207	msgQueue::add($mLang->MESSAGE_USERS_SAVED, true);
208	208	$bRetVal = $user_id;
209	209	}
210	210	if($database->is_error()) {
211	211	msgQueue::add( implode('<br />',explode(';',$database->get_error())) );
212	212	}
213	213	} else {
214		msgQueue::add($MESSAGE['GENERIC_NOT_UPGRADED']);
	214	msgQueue::add($mLang->MESSAGE_GENERIC_NOT_UPGRADED);
215	215	}
216	216
217	217	// return $admin->getIDKEY($user_id);

Also available in: Unified diff

Project

General

Profile

WB 2.08.x

Revision 2065

Added by Dietmar almost 11 years ago