Revision 2098
Added by darkviper over 10 years ago
| save.php | ||
|---|---|---|
| 23 | 23 |
} |
| 24 | 24 |
/* -------------------------------------------------------- */ |
| 25 | 25 |
|
| 26 |
function save_user($admin, &$aActionRequest)
|
|
| 26 |
function save_user($admin, $aActionRequest) |
|
| 27 | 27 |
{
|
| 28 | 28 |
// Create a javascript back link |
| 29 | 29 |
// $js_back = ADMIN_URL.'/users/index.php'; |
| 30 | 30 |
unset($aActionRequest['save']); |
| 31 | 31 |
|
| 32 | 32 |
$aActionRequest['modify']= 'change'; |
| 33 |
$database = WbDatabase::getInstance(); |
|
| 34 |
$mLang = Translate::getInstance(); |
|
| 33 |
$oDb = WbDatabase::getInstance(); |
|
| 34 |
$oTrans = Translate::getInstance(); |
|
| 35 |
$oTrans->enableAddon('admin\\users');
|
|
| 35 | 36 |
$bRetVal = 0; |
| 36 | 37 |
$iMinPassLength = 6; |
| 37 | 38 |
|
| 38 | 39 |
if( !$admin->checkFTAN() ) |
| 39 | 40 |
{
|
| 40 |
msgQueue::add($mLang->MESSAGE_GENERIC_SECURITY_ACCESS);
|
|
| 41 |
msgQueue::add($oTrans->MESSAGE_GENERIC_SECURITY_ACCESS);
|
|
| 41 | 42 |
return $bRetVal; |
| 42 | 43 |
} |
| 43 | 44 |
|
| 44 | 45 |
// Check if user id is a valid number and doesnt equal 1 |
| 45 | 46 |
if(!isset($aActionRequest['user_id']) OR !is_numeric($aActionRequest['user_id']) OR $aActionRequest['user_id'] == 1) {
|
| 46 |
msgQueue::add('::'.$mLang->MESSAGE_GENERIC_NOT_UPGRADED);
|
|
| 47 |
msgQueue::add('::'.$oTrans->MESSAGE_GENERIC_NOT_UPGRADED);
|
|
| 47 | 48 |
return $bRetVal; |
| 48 | 49 |
} else {
|
| 49 | 50 |
$user_id = intval($aActionRequest['user_id']); |
| ... | ... | |
| 52 | 53 |
if( ($user_id < 2 ) ) |
| 53 | 54 |
{
|
| 54 | 55 |
// if($admin_header) { $admin->print_header(); }
|
| 55 |
msgQueue::add($mLang->MESSAGE_GENERIC_SECURITY_OFFENSE);
|
|
| 56 |
msgQueue::add($oTrans->MESSAGE_GENERIC_SECURITY_OFFENSE);
|
|
| 56 | 57 |
return $bRetVal; |
| 57 | 58 |
} |
| 58 | 59 |
// Get existing values |
| 59 |
$sql = 'SELECT * FROM `'.TABLE_PREFIX.'users` ' ; |
|
| 60 |
$sql .= 'WHERE user_id = '.$user_id.' '; |
|
| 61 |
$sql .= 'AND user_id != 1 '; |
|
| 62 |
|
|
| 63 |
if($oRes = $database->query($sql)){
|
|
| 60 |
$sql = 'SELECT * FROM `'.$oDb->TablePrefix.'users` ' |
|
| 61 |
. 'WHERE `user_id`='.$user_id.' ' |
|
| 62 |
. 'AND `user_id` != 1'; |
|
| 63 |
if(($oRes = $oDb->doQuery($sql))) {
|
|
| 64 | 64 |
$olduser = $oRes->fetchRow(MYSQL_ASSOC); |
| 65 | 65 |
} |
| 66 | 66 |
|
| ... | ... | |
| 83 | 83 |
|
| 84 | 84 |
// Check values |
| 85 | 85 |
if($groups_id == "") {
|
| 86 |
msgQueue::add($mLang->MESSAGE_USERS_NO_GROUP);
|
|
| 86 |
msgQueue::add($oTrans->MESSAGE_USERS_NO_GROUP);
|
|
| 87 | 87 |
} else {
|
| 88 | 88 |
$aGroups_id = explode(',', $groups_id);
|
| 89 | 89 |
//if user is in administrator-group, get this group else just get the first one |
| ... | ... | |
| 93 | 93 |
//$admin->is_group_match($admin->get_groups_id(), '1' ) |
| 94 | 94 |
if(!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username))
|
| 95 | 95 |
{
|
| 96 |
msgQueue::add( $mLang->MESSAGE_USERS_NAME_INVALID_CHARS);
|
|
| 96 |
msgQueue::add( $oTrans->MESSAGE_USERS_NAME_INVALID_CHARS);
|
|
| 97 | 97 |
} |
| 98 | 98 |
|
| 99 | 99 |
if($password != "") {
|
| 100 | 100 |
if(strlen($password) < $iMinPassLength ) {
|
| 101 |
msgQueue::add($mLang->MESSAGE['USERS_PASSWORD_TOO_SHORT']);
|
|
| 101 |
msgQueue::add($oTrans->MESSAGE['USERS_PASSWORD_TOO_SHORT']);
|
|
| 102 | 102 |
} |
| 103 | 103 |
|
| 104 | 104 |
$pattern = '/[^'.$admin->password_chars.']/'; |
| 105 | 105 |
if (preg_match($pattern, $password)) {
|
| 106 |
msgQueue::add($mLang->MESSAGE_PREFERENCES_INVALID_CHARS);
|
|
| 106 |
msgQueue::add($oTrans->MESSAGE_PREFERENCES_INVALID_CHARS);
|
|
| 107 | 107 |
} |
| 108 | 108 |
|
| 109 | 109 |
if(($password != $password2) ) {
|
| 110 |
msgQueue::add($mLang->MESSAGE_USERS_PASSWORD_MISMATCH);
|
|
| 110 |
msgQueue::add($oTrans->MESSAGE_USERS_PASSWORD_MISMATCH);
|
|
| 111 | 111 |
} |
| 112 | 112 |
} |
| 113 | 113 |
// check that display_name is unique in whoole system (prevents from User-faking) |
| 114 |
$sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
|
|
| 114 |
$sql = 'SELECT COUNT(*) FROM `'.$oDb->TablePrefix.'users` ';
|
|
| 115 | 115 |
$sql .= 'WHERE `user_id` <> '.(int)$user_id.' AND `display_name` LIKE "'.$display_name.'"'; |
| 116 |
if( $database->get_one($sql) > 0 ){
|
|
| 117 |
msgQueue::add($mLang->MESSAGE_USERS_USERNAME_TAKEN.' ('.$mLang->TEXT_DISPLAY_NAME.')');
|
|
| 118 |
msgQueue::add($mLang->MESSAGE_MEDIA_CANNOT_RENAME);
|
|
| 116 |
if( $oDb->getOne($sql) > 0 ){
|
|
| 117 |
msgQueue::add($oTrans->MESSAGE_USERS_USERNAME_TAKEN.' ('.$oTrans->TEXT_DISPLAY_NAME.')');
|
|
| 118 |
msgQueue::add($oTrans->MESSAGE_MEDIA_CANNOT_RENAME);
|
|
| 119 | 119 |
} |
| 120 | 120 |
// |
| 121 | 121 |
if( ($admin->get_user_id() != '1' ) ) |
| 122 | 122 |
{
|
| 123 | 123 |
if(findStringInFileList($display_name, dirname(__FILE__).'/disallowedNames')) {
|
| 124 |
msgQueue::add( $mLang->TEXT_ERROR.' '.$mLang->TEXT_DISPLAY_NAME.' ('.$display_name.')' );
|
|
| 124 |
msgQueue::add( $oTrans->TEXT_ERROR.' '.$oTrans->TEXT_DISPLAY_NAME.' ('.$display_name.')' );
|
|
| 125 | 125 |
} |
| 126 | 126 |
} |
| 127 | 127 |
|
| ... | ... | |
| 131 | 131 |
{
|
| 132 | 132 |
if($admin->validate_email($email) == false) |
| 133 | 133 |
{
|
| 134 |
msgQueue::add($mLang->MESSAGE_USERS_INVALID_EMAIL.' ('.$email.')');
|
|
| 134 |
msgQueue::add($oTrans->MESSAGE_USERS_INVALID_EMAIL.' ('.$email.')');
|
|
| 135 | 135 |
} |
| 136 | 136 |
} else { // e-mail must be present
|
| 137 |
msgQueue::add($mLang->MESSAGE_SIGNUP_NO_EMAIL);
|
|
| 137 |
msgQueue::add($oTrans->MESSAGE_SIGNUP_NO_EMAIL);
|
|
| 138 | 138 |
} |
| 139 | 139 |
|
| 140 |
$sql = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` '.
|
|
| 140 |
$sql = 'SELECT COUNT(*) FROM `'.$oDb->TablePrefix.'users` '.
|
|
| 141 | 141 |
'WHERE `email` LIKE \''.$email.'\' '. |
| 142 | 142 |
'AND `user_id` <> '.(int)$user_id; |
| 143 | 143 |
// Check if the email already exists |
| 144 |
if( ($iFoundUser = $database->get_one($sql)) != null ) {
|
|
| 144 |
if( ($iFoundUser = $oDb->getOne($sql)) != null ) {
|
|
| 145 | 145 |
if($iFoundUser) {
|
| 146 |
if(isset($mLang->MESSAGE_USERS_EMAIL_TAKEN))
|
|
| 146 |
if(isset($oTrans->MESSAGE_USERS_EMAIL_TAKEN))
|
|
| 147 | 147 |
{
|
| 148 |
msgQueue::add($mLang->MESSAGE_USERS_EMAIL_TAKEN.' ('.$email.')');
|
|
| 148 |
msgQueue::add($oTrans->MESSAGE_USERS_EMAIL_TAKEN.' ('.$email.')');
|
|
| 149 | 149 |
} else {
|
| 150 |
msgQueue::add($mLang->MESSAGE_USERS_INVALID_EMAIL.' ('.$email.')');
|
|
| 150 |
msgQueue::add($oTrans->MESSAGE_USERS_INVALID_EMAIL.' ('.$email.')');
|
|
| 151 | 151 |
} |
| 152 | 152 |
} |
| 153 | 153 |
} |
| ... | ... | |
| 174 | 174 |
$sHomeFolder = WB_PATH.MEDIA_DIRECTORY.'/home/'.( media_filename($username) ); |
| 175 | 175 |
if ( sizeof(createFolderProtectFile( $sHomeFolder )) ) |
| 176 | 176 |
{
|
| 177 |
// msgQueue::add($mLang->MESSAGE_MEDIA_DIR_NOT_MADE);
|
|
| 177 |
// msgQueue::add($oTrans->MESSAGE_MEDIA_DIR_NOT_MADE);
|
|
| 178 | 178 |
} |
| 179 | 179 |
} |
| 180 | 180 |
|
| 181 |
$sql = 'UPDATE `'.TABLE_PREFIX.'users` SET ';
|
|
| 181 |
$sql = 'UPDATE `'.$oDb->TablePrefix.'users` SET ';
|
|
| 182 | 182 |
// Update the database |
| 183 | 183 |
if($password == "") {
|
| 184 |
$sql .= '`group_id` = '.intval($group_id).', '.
|
|
| 185 |
'`groups_id` = \''.$database->escapeString($groups_id).'\', '.
|
|
| 186 |
'`username` = \''.$database->escapeString($username).'\', '.
|
|
| 184 |
$sql .= '`group_id` = '.intval($group_id).', '. |
|
| 185 |
'`groups_id` = \''.$oDb->escapeString($groups_id).'\', '.
|
|
| 186 |
'`username` = \''.$oDb->escapeString($username).'\', '.
|
|
| 187 | 187 |
'`active` = '.intval($active).', '. |
| 188 |
'`display_name` = \''.$database->escapeString($display_name).'\', '.
|
|
| 189 |
'`home_folder` = \''.$database->escapeString($home_folder).'\', '.
|
|
| 190 |
'`email` = \''.$database->escapeString($email).'\' '.
|
|
| 188 |
'`display_name` = \''.$oDb->escapeString($display_name).'\', '.
|
|
| 189 |
'`home_folder` = \''.$oDb->escapeString($home_folder).'\', '.
|
|
| 190 |
'`email` = \''.$oDb->escapeString($email).'\' '.
|
|
| 191 | 191 |
'WHERE `user_id` = '.intval($user_id).''; |
| 192 | 192 |
|
| 193 | 193 |
} else {
|
| 194 | 194 |
|
| 195 |
$sql .= '`group_id` = '.intval($group_id).', '.
|
|
| 196 |
'`groups_id` = \''.$database->escapeString($groups_id).'\', '.
|
|
| 197 |
'`username` = \''.$database->escapeString($username).'\', '.
|
|
| 195 |
$sql .= '`group_id` = '.intval($group_id).', '. |
|
| 196 |
'`groups_id` = \''.$oDb->escapeString($groups_id).'\', '.
|
|
| 197 |
'`username` = \''.$oDb->escapeString($username).'\', '.
|
|
| 198 | 198 |
'`password` = \''.md5($password).'\', '. |
| 199 | 199 |
'`active` = '.intval($active).', '. |
| 200 |
'`display_name` = \''.$database->escapeString($display_name).'\', '.
|
|
| 201 |
'`home_folder` = \''.$database->escapeString($home_folder).'\', '.
|
|
| 202 |
'`email` = \''.$database->escapeString($email).'\' '.
|
|
| 200 |
'`display_name` = \''.$oDb->escapeString($display_name).'\', '.
|
|
| 201 |
'`home_folder` = \''.$oDb->escapeString($home_folder).'\', '.
|
|
| 202 |
'`email` = \''.$oDb->escapeString($email).'\' '.
|
|
| 203 | 203 |
'WHERE `user_id` = '.intval($user_id).''; |
| 204 | 204 |
|
| 205 | 205 |
} |
| 206 |
if($database->query($sql)) {
|
|
| 207 |
msgQueue::add($mLang->MESSAGE_USERS_SAVED, true);
|
|
| 206 |
if($oDb->doQuery($sql)) {
|
|
| 207 |
msgQueue::add($oTrans->MESSAGE_USERS_SAVED, true);
|
|
| 208 | 208 |
$bRetVal = $user_id; |
| 209 | 209 |
} |
| 210 |
if($database->is_error()) {
|
|
| 211 |
msgQueue::add( implode('<br />',explode(';',$database->get_error())) );
|
|
| 210 |
if($oDb->isError()) {
|
|
| 211 |
msgQueue::add( implode('<br />',explode(';',$oDb->getError())) );
|
|
| 212 | 212 |
} |
| 213 | 213 |
} else {
|
| 214 |
msgQueue::add($mLang->MESSAGE_GENERIC_NOT_UPGRADED);
|
|
| 214 |
msgQueue::add($oTrans->MESSAGE_GENERIC_NOT_UPGRADED);
|
|
| 215 | 215 |
} |
| 216 | 216 |
|
| 217 | 217 |
// return $admin->getIDKEY($user_id); |
Also available in: Unified diff
! activate class Translate for all addons in admin/ (except pages/)
! class.admin >> add translation of the current theme to Translate