Revision 2098
Added by darkviper over 10 years ago
save.php | ||
---|---|---|
23 | 23 |
} |
24 | 24 |
/* -------------------------------------------------------- */ |
25 | 25 |
|
26 |
function save_user($admin, &$aActionRequest)
|
|
26 |
function save_user($admin, $aActionRequest) |
|
27 | 27 |
{ |
28 | 28 |
// Create a javascript back link |
29 | 29 |
// $js_back = ADMIN_URL.'/users/index.php'; |
30 | 30 |
unset($aActionRequest['save']); |
31 | 31 |
|
32 | 32 |
$aActionRequest['modify']= 'change'; |
33 |
$database = WbDatabase::getInstance(); |
|
34 |
$mLang = Translate::getInstance(); |
|
33 |
$oDb = WbDatabase::getInstance(); |
|
34 |
$oTrans = Translate::getInstance(); |
|
35 |
$oTrans->enableAddon('admin\\users'); |
|
35 | 36 |
$bRetVal = 0; |
36 | 37 |
$iMinPassLength = 6; |
37 | 38 |
|
38 | 39 |
if( !$admin->checkFTAN() ) |
39 | 40 |
{ |
40 |
msgQueue::add($mLang->MESSAGE_GENERIC_SECURITY_ACCESS);
|
|
41 |
msgQueue::add($oTrans->MESSAGE_GENERIC_SECURITY_ACCESS);
|
|
41 | 42 |
return $bRetVal; |
42 | 43 |
} |
43 | 44 |
|
44 | 45 |
// Check if user id is a valid number and doesnt equal 1 |
45 | 46 |
if(!isset($aActionRequest['user_id']) OR !is_numeric($aActionRequest['user_id']) OR $aActionRequest['user_id'] == 1) { |
46 |
msgQueue::add('::'.$mLang->MESSAGE_GENERIC_NOT_UPGRADED);
|
|
47 |
msgQueue::add('::'.$oTrans->MESSAGE_GENERIC_NOT_UPGRADED);
|
|
47 | 48 |
return $bRetVal; |
48 | 49 |
} else { |
49 | 50 |
$user_id = intval($aActionRequest['user_id']); |
... | ... | |
52 | 53 |
if( ($user_id < 2 ) ) |
53 | 54 |
{ |
54 | 55 |
// if($admin_header) { $admin->print_header(); } |
55 |
msgQueue::add($mLang->MESSAGE_GENERIC_SECURITY_OFFENSE);
|
|
56 |
msgQueue::add($oTrans->MESSAGE_GENERIC_SECURITY_OFFENSE);
|
|
56 | 57 |
return $bRetVal; |
57 | 58 |
} |
58 | 59 |
// Get existing values |
59 |
$sql = 'SELECT * FROM `'.TABLE_PREFIX.'users` ' ; |
|
60 |
$sql .= 'WHERE user_id = '.$user_id.' '; |
|
61 |
$sql .= 'AND user_id != 1 '; |
|
62 |
|
|
63 |
if($oRes = $database->query($sql)){ |
|
60 |
$sql = 'SELECT * FROM `'.$oDb->TablePrefix.'users` ' |
|
61 |
. 'WHERE `user_id`='.$user_id.' ' |
|
62 |
. 'AND `user_id` != 1'; |
|
63 |
if(($oRes = $oDb->doQuery($sql))) { |
|
64 | 64 |
$olduser = $oRes->fetchRow(MYSQL_ASSOC); |
65 | 65 |
} |
66 | 66 |
|
... | ... | |
83 | 83 |
|
84 | 84 |
// Check values |
85 | 85 |
if($groups_id == "") { |
86 |
msgQueue::add($mLang->MESSAGE_USERS_NO_GROUP);
|
|
86 |
msgQueue::add($oTrans->MESSAGE_USERS_NO_GROUP);
|
|
87 | 87 |
} else { |
88 | 88 |
$aGroups_id = explode(',', $groups_id); |
89 | 89 |
//if user is in administrator-group, get this group else just get the first one |
... | ... | |
93 | 93 |
//$admin->is_group_match($admin->get_groups_id(), '1' ) |
94 | 94 |
if(!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username)) |
95 | 95 |
{ |
96 |
msgQueue::add( $mLang->MESSAGE_USERS_NAME_INVALID_CHARS);
|
|
96 |
msgQueue::add( $oTrans->MESSAGE_USERS_NAME_INVALID_CHARS);
|
|
97 | 97 |
} |
98 | 98 |
|
99 | 99 |
if($password != "") { |
100 | 100 |
if(strlen($password) < $iMinPassLength ) { |
101 |
msgQueue::add($mLang->MESSAGE['USERS_PASSWORD_TOO_SHORT']);
|
|
101 |
msgQueue::add($oTrans->MESSAGE['USERS_PASSWORD_TOO_SHORT']);
|
|
102 | 102 |
} |
103 | 103 |
|
104 | 104 |
$pattern = '/[^'.$admin->password_chars.']/'; |
105 | 105 |
if (preg_match($pattern, $password)) { |
106 |
msgQueue::add($mLang->MESSAGE_PREFERENCES_INVALID_CHARS);
|
|
106 |
msgQueue::add($oTrans->MESSAGE_PREFERENCES_INVALID_CHARS);
|
|
107 | 107 |
} |
108 | 108 |
|
109 | 109 |
if(($password != $password2) ) { |
110 |
msgQueue::add($mLang->MESSAGE_USERS_PASSWORD_MISMATCH);
|
|
110 |
msgQueue::add($oTrans->MESSAGE_USERS_PASSWORD_MISMATCH);
|
|
111 | 111 |
} |
112 | 112 |
} |
113 | 113 |
// check that display_name is unique in whoole system (prevents from User-faking) |
114 |
$sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
|
|
114 |
$sql = 'SELECT COUNT(*) FROM `'.$oDb->TablePrefix.'users` ';
|
|
115 | 115 |
$sql .= 'WHERE `user_id` <> '.(int)$user_id.' AND `display_name` LIKE "'.$display_name.'"'; |
116 |
if( $database->get_one($sql) > 0 ){
|
|
117 |
msgQueue::add($mLang->MESSAGE_USERS_USERNAME_TAKEN.' ('.$mLang->TEXT_DISPLAY_NAME.')');
|
|
118 |
msgQueue::add($mLang->MESSAGE_MEDIA_CANNOT_RENAME);
|
|
116 |
if( $oDb->getOne($sql) > 0 ){
|
|
117 |
msgQueue::add($oTrans->MESSAGE_USERS_USERNAME_TAKEN.' ('.$oTrans->TEXT_DISPLAY_NAME.')');
|
|
118 |
msgQueue::add($oTrans->MESSAGE_MEDIA_CANNOT_RENAME);
|
|
119 | 119 |
} |
120 | 120 |
// |
121 | 121 |
if( ($admin->get_user_id() != '1' ) ) |
122 | 122 |
{ |
123 | 123 |
if(findStringInFileList($display_name, dirname(__FILE__).'/disallowedNames')) { |
124 |
msgQueue::add( $mLang->TEXT_ERROR.' '.$mLang->TEXT_DISPLAY_NAME.' ('.$display_name.')' );
|
|
124 |
msgQueue::add( $oTrans->TEXT_ERROR.' '.$oTrans->TEXT_DISPLAY_NAME.' ('.$display_name.')' );
|
|
125 | 125 |
} |
126 | 126 |
} |
127 | 127 |
|
... | ... | |
131 | 131 |
{ |
132 | 132 |
if($admin->validate_email($email) == false) |
133 | 133 |
{ |
134 |
msgQueue::add($mLang->MESSAGE_USERS_INVALID_EMAIL.' ('.$email.')');
|
|
134 |
msgQueue::add($oTrans->MESSAGE_USERS_INVALID_EMAIL.' ('.$email.')');
|
|
135 | 135 |
} |
136 | 136 |
} else { // e-mail must be present |
137 |
msgQueue::add($mLang->MESSAGE_SIGNUP_NO_EMAIL);
|
|
137 |
msgQueue::add($oTrans->MESSAGE_SIGNUP_NO_EMAIL);
|
|
138 | 138 |
} |
139 | 139 |
|
140 |
$sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` '.
|
|
140 |
$sql = 'SELECT COUNT(*) FROM `'.$oDb->TablePrefix.'users` '.
|
|
141 | 141 |
'WHERE `email` LIKE \''.$email.'\' '. |
142 | 142 |
'AND `user_id` <> '.(int)$user_id; |
143 | 143 |
// Check if the email already exists |
144 |
if( ($iFoundUser = $database->get_one($sql)) != null ) {
|
|
144 |
if( ($iFoundUser = $oDb->getOne($sql)) != null ) {
|
|
145 | 145 |
if($iFoundUser) { |
146 |
if(isset($mLang->MESSAGE_USERS_EMAIL_TAKEN))
|
|
146 |
if(isset($oTrans->MESSAGE_USERS_EMAIL_TAKEN))
|
|
147 | 147 |
{ |
148 |
msgQueue::add($mLang->MESSAGE_USERS_EMAIL_TAKEN.' ('.$email.')');
|
|
148 |
msgQueue::add($oTrans->MESSAGE_USERS_EMAIL_TAKEN.' ('.$email.')');
|
|
149 | 149 |
} else { |
150 |
msgQueue::add($mLang->MESSAGE_USERS_INVALID_EMAIL.' ('.$email.')');
|
|
150 |
msgQueue::add($oTrans->MESSAGE_USERS_INVALID_EMAIL.' ('.$email.')');
|
|
151 | 151 |
} |
152 | 152 |
} |
153 | 153 |
} |
... | ... | |
174 | 174 |
$sHomeFolder = WB_PATH.MEDIA_DIRECTORY.'/home/'.( media_filename($username) ); |
175 | 175 |
if ( sizeof(createFolderProtectFile( $sHomeFolder )) ) |
176 | 176 |
{ |
177 |
// msgQueue::add($mLang->MESSAGE_MEDIA_DIR_NOT_MADE);
|
|
177 |
// msgQueue::add($oTrans->MESSAGE_MEDIA_DIR_NOT_MADE);
|
|
178 | 178 |
} |
179 | 179 |
} |
180 | 180 |
|
181 |
$sql = 'UPDATE `'.TABLE_PREFIX.'users` SET ';
|
|
181 |
$sql = 'UPDATE `'.$oDb->TablePrefix.'users` SET ';
|
|
182 | 182 |
// Update the database |
183 | 183 |
if($password == "") { |
184 |
$sql .= '`group_id` = '.intval($group_id).', '.
|
|
185 |
'`groups_id` = \''.$database->escapeString($groups_id).'\', '.
|
|
186 |
'`username` = \''.$database->escapeString($username).'\', '.
|
|
184 |
$sql .= '`group_id` = '.intval($group_id).', '. |
|
185 |
'`groups_id` = \''.$oDb->escapeString($groups_id).'\', '.
|
|
186 |
'`username` = \''.$oDb->escapeString($username).'\', '.
|
|
187 | 187 |
'`active` = '.intval($active).', '. |
188 |
'`display_name` = \''.$database->escapeString($display_name).'\', '.
|
|
189 |
'`home_folder` = \''.$database->escapeString($home_folder).'\', '.
|
|
190 |
'`email` = \''.$database->escapeString($email).'\' '.
|
|
188 |
'`display_name` = \''.$oDb->escapeString($display_name).'\', '.
|
|
189 |
'`home_folder` = \''.$oDb->escapeString($home_folder).'\', '.
|
|
190 |
'`email` = \''.$oDb->escapeString($email).'\' '.
|
|
191 | 191 |
'WHERE `user_id` = '.intval($user_id).''; |
192 | 192 |
|
193 | 193 |
} else { |
194 | 194 |
|
195 |
$sql .= '`group_id` = '.intval($group_id).', '.
|
|
196 |
'`groups_id` = \''.$database->escapeString($groups_id).'\', '.
|
|
197 |
'`username` = \''.$database->escapeString($username).'\', '.
|
|
195 |
$sql .= '`group_id` = '.intval($group_id).', '. |
|
196 |
'`groups_id` = \''.$oDb->escapeString($groups_id).'\', '.
|
|
197 |
'`username` = \''.$oDb->escapeString($username).'\', '.
|
|
198 | 198 |
'`password` = \''.md5($password).'\', '. |
199 | 199 |
'`active` = '.intval($active).', '. |
200 |
'`display_name` = \''.$database->escapeString($display_name).'\', '.
|
|
201 |
'`home_folder` = \''.$database->escapeString($home_folder).'\', '.
|
|
202 |
'`email` = \''.$database->escapeString($email).'\' '.
|
|
200 |
'`display_name` = \''.$oDb->escapeString($display_name).'\', '.
|
|
201 |
'`home_folder` = \''.$oDb->escapeString($home_folder).'\', '.
|
|
202 |
'`email` = \''.$oDb->escapeString($email).'\' '.
|
|
203 | 203 |
'WHERE `user_id` = '.intval($user_id).''; |
204 | 204 |
|
205 | 205 |
} |
206 |
if($database->query($sql)) {
|
|
207 |
msgQueue::add($mLang->MESSAGE_USERS_SAVED, true);
|
|
206 |
if($oDb->doQuery($sql)) {
|
|
207 |
msgQueue::add($oTrans->MESSAGE_USERS_SAVED, true);
|
|
208 | 208 |
$bRetVal = $user_id; |
209 | 209 |
} |
210 |
if($database->is_error()) {
|
|
211 |
msgQueue::add( implode('<br />',explode(';',$database->get_error())) );
|
|
210 |
if($oDb->isError()) {
|
|
211 |
msgQueue::add( implode('<br />',explode(';',$oDb->getError())) );
|
|
212 | 212 |
} |
213 | 213 |
} else { |
214 |
msgQueue::add($mLang->MESSAGE_GENERIC_NOT_UPGRADED);
|
|
214 |
msgQueue::add($oTrans->MESSAGE_GENERIC_NOT_UPGRADED);
|
|
215 | 215 |
} |
216 | 216 |
|
217 | 217 |
// return $admin->getIDKEY($user_id); |
Also available in: Unified diff
! activate class Translate for all addons in admin/ (except pages/)
! class.admin >> add translation of the current theme to Translate