Project

General

Profile

« Previous | Next » 

Revision 2098

Added by darkviper over 10 years ago

! activate class Translate for all addons in admin/ (except pages/)
! class.admin >> add translation of the current theme to Translate

View differences:

save.php
23 23
}
24 24
/* -------------------------------------------------------- */
25 25

  
26
	function save_user($admin, &$aActionRequest)
26
	function save_user($admin, $aActionRequest)
27 27
	{
28 28
        // Create a javascript back link
29 29
//        $js_back = ADMIN_URL.'/users/index.php';
30 30
        unset($aActionRequest['save']);
31 31

  
32 32
        $aActionRequest['modify']= 'change';
33
		$database = WbDatabase::getInstance();
34
		$mLang = Translate::getInstance();
33
		$oDb = WbDatabase::getInstance();
34
		$oTrans = Translate::getInstance();
35
        $oTrans->enableAddon('admin\\users');
35 36
        $bRetVal = 0;
36 37
    	$iMinPassLength = 6;
37 38

  
38 39
        if( !$admin->checkFTAN() )
39 40
        {
40
        	msgQueue::add($mLang->MESSAGE_GENERIC_SECURITY_ACCESS);
41
        	msgQueue::add($oTrans->MESSAGE_GENERIC_SECURITY_ACCESS);
41 42
            return $bRetVal;
42 43
        }
43 44

  
44 45
        // Check if user id is a valid number and doesnt equal 1
45 46
        if(!isset($aActionRequest['user_id']) OR !is_numeric($aActionRequest['user_id']) OR $aActionRequest['user_id'] == 1) {
46
        	msgQueue::add('::'.$mLang->MESSAGE_GENERIC_NOT_UPGRADED);
47
        	msgQueue::add('::'.$oTrans->MESSAGE_GENERIC_NOT_UPGRADED);
47 48
            return $bRetVal;
48 49
        } else {
49 50
        	$user_id = intval($aActionRequest['user_id']);
......
52 53
		if( ($user_id < 2 ) )
53 54
		{
54 55
			// if($admin_header) { $admin->print_header(); }
55
        	msgQueue::add($mLang->MESSAGE_GENERIC_SECURITY_OFFENSE);
56
        	msgQueue::add($oTrans->MESSAGE_GENERIC_SECURITY_OFFENSE);
56 57
            return $bRetVal;
57 58
		}
58 59
		// Get existing values
59
        $sql  = 'SELECT * FROM `'.TABLE_PREFIX.'users` ' ;
60
        $sql .= 'WHERE user_id = '.$user_id.' ';
61
        $sql .=   'AND user_id != 1 ';
62

  
63
        if($oRes = $database->query($sql)){
60
        $sql = 'SELECT * FROM `'.$oDb->TablePrefix.'users` '
61
             . 'WHERE `user_id`='.$user_id.' '
62
             . 'AND `user_id` != 1';
63
        if(($oRes = $oDb->doQuery($sql))) {
64 64
            $olduser = $oRes->fetchRow(MYSQL_ASSOC);
65 65
        }
66 66

  
......
83 83

  
84 84
        // Check values
85 85
        if($groups_id == "") {
86
        	msgQueue::add($mLang->MESSAGE_USERS_NO_GROUP);
86
        	msgQueue::add($oTrans->MESSAGE_USERS_NO_GROUP);
87 87
        } else {
88 88
            $aGroups_id = explode(',', $groups_id);
89 89
            //if user is in administrator-group, get this group else just get the first one
......
93 93
//$admin->is_group_match($admin->get_groups_id(), '1' )
94 94
        if(!preg_match('/^[a-z]{1}[a-z0-9_-]{2,}$/i', $username))
95 95
        {
96
        	msgQueue::add( $mLang->MESSAGE_USERS_NAME_INVALID_CHARS);
96
        	msgQueue::add( $oTrans->MESSAGE_USERS_NAME_INVALID_CHARS);
97 97
        }
98 98

  
99 99
        if($password != "") {
100 100
        	if(strlen($password) < $iMinPassLength ) {
101
        		msgQueue::add($mLang->MESSAGE['USERS_PASSWORD_TOO_SHORT']);
101
        		msgQueue::add($oTrans->MESSAGE['USERS_PASSWORD_TOO_SHORT']);
102 102
        	}
103 103

  
104 104
			$pattern = '/[^'.$admin->password_chars.']/';
105 105
			if (preg_match($pattern, $password)) {
106
				msgQueue::add($mLang->MESSAGE_PREFERENCES_INVALID_CHARS);
106
				msgQueue::add($oTrans->MESSAGE_PREFERENCES_INVALID_CHARS);
107 107
        	}
108 108

  
109 109
        	if(($password != $password2) ) {
110
        		msgQueue::add($mLang->MESSAGE_USERS_PASSWORD_MISMATCH);
110
        		msgQueue::add($oTrans->MESSAGE_USERS_PASSWORD_MISMATCH);
111 111
        	}
112 112
        }
113 113
// check that display_name is unique in whoole system (prevents from User-faking)
114
    	$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` ';
114
    	$sql  = 'SELECT COUNT(*) FROM `'.$oDb->TablePrefix.'users` ';
115 115
    	$sql .= 'WHERE `user_id` <> '.(int)$user_id.' AND `display_name` LIKE "'.$display_name.'"';
116
    	if( $database->get_one($sql) > 0 ){
117
            msgQueue::add($mLang->MESSAGE_USERS_USERNAME_TAKEN.' ('.$mLang->TEXT_DISPLAY_NAME.')');
118
            msgQueue::add($mLang->MESSAGE_MEDIA_CANNOT_RENAME);
116
    	if( $oDb->getOne($sql) > 0 ){
117
            msgQueue::add($oTrans->MESSAGE_USERS_USERNAME_TAKEN.' ('.$oTrans->TEXT_DISPLAY_NAME.')');
118
            msgQueue::add($oTrans->MESSAGE_MEDIA_CANNOT_RENAME);
119 119
        }
120 120
//
121 121
		if( ($admin->get_user_id() != '1' ) )
122 122
		{
123 123
            if(findStringInFileList($display_name, dirname(__FILE__).'/disallowedNames')) {
124
                msgQueue::add( $mLang->TEXT_ERROR.' '.$mLang->TEXT_DISPLAY_NAME.' ('.$display_name.')' );
124
                msgQueue::add( $oTrans->TEXT_ERROR.' '.$oTrans->TEXT_DISPLAY_NAME.' ('.$display_name.')' );
125 125
            }
126 126
		}
127 127

  
......
131 131
        {
132 132
        	if($admin->validate_email($email) == false)
133 133
            {
134
                msgQueue::add($mLang->MESSAGE_USERS_INVALID_EMAIL.' ('.$email.')');
134
                msgQueue::add($oTrans->MESSAGE_USERS_INVALID_EMAIL.' ('.$email.')');
135 135
        	}
136 136
        } else { // e-mail must be present
137
        	msgQueue::add($mLang->MESSAGE_SIGNUP_NO_EMAIL);
137
        	msgQueue::add($oTrans->MESSAGE_SIGNUP_NO_EMAIL);
138 138
        }
139 139

  
140
		$sql  = 'SELECT COUNT(*) FROM `'.TABLE_PREFIX.'users` '.
140
		$sql  = 'SELECT COUNT(*) FROM `'.$oDb->TablePrefix.'users` '.
141 141
                'WHERE `email` LIKE \''.$email.'\' '.
142 142
                  'AND `user_id` <> '.(int)$user_id;
143 143
        // Check if the email already exists
144
        if( ($iFoundUser = $database->get_one($sql)) != null ) {
144
        if( ($iFoundUser = $oDb->getOne($sql)) != null ) {
145 145
            if($iFoundUser) {
146
            	if(isset($mLang->MESSAGE_USERS_EMAIL_TAKEN))
146
            	if(isset($oTrans->MESSAGE_USERS_EMAIL_TAKEN))
147 147
                {
148
            		msgQueue::add($mLang->MESSAGE_USERS_EMAIL_TAKEN.' ('.$email.')');
148
            		msgQueue::add($oTrans->MESSAGE_USERS_EMAIL_TAKEN.' ('.$email.')');
149 149
            	} else {
150
            		msgQueue::add($mLang->MESSAGE_USERS_INVALID_EMAIL.' ('.$email.')');
150
            		msgQueue::add($oTrans->MESSAGE_USERS_INVALID_EMAIL.' ('.$email.')');
151 151
            	}
152 152
            }
153 153
        }
......
174 174
                $sHomeFolder = WB_PATH.MEDIA_DIRECTORY.'/home/'.( media_filename($username) );
175 175
                if ( sizeof(createFolderProtectFile( $sHomeFolder )) )
176 176
                {
177
    //            	msgQueue::add($mLang->MESSAGE_MEDIA_DIR_NOT_MADE);
177
    //            	msgQueue::add($oTrans->MESSAGE_MEDIA_DIR_NOT_MADE);
178 178
                }
179 179
            }
180 180

  
181
			$sql  = 'UPDATE `'.TABLE_PREFIX.'users` SET ';
181
			$sql  = 'UPDATE `'.$oDb->TablePrefix.'users` SET ';
182 182
            // Update the database
183 183
            if($password == "") {
184
                $sql .= '`group_id`     = '.intval($group_id).', '.
185
                        '`groups_id`    = \''.$database->escapeString($groups_id).'\', '.
186
                        '`username` = \''.$database->escapeString($username).'\', '.
184
                $sql .= '`group_id` = '.intval($group_id).', '.
185
                        '`groups_id` = \''.$oDb->escapeString($groups_id).'\', '.
186
                        '`username` = \''.$oDb->escapeString($username).'\', '.
187 187
                        '`active` = '.intval($active).', '.
188
                        '`display_name` = \''.$database->escapeString($display_name).'\', '.
189
                        '`home_folder` = \''.$database->escapeString($home_folder).'\', '.
190
                        '`email` = \''.$database->escapeString($email).'\' '.
188
                        '`display_name` = \''.$oDb->escapeString($display_name).'\', '.
189
                        '`home_folder` = \''.$oDb->escapeString($home_folder).'\', '.
190
                        '`email` = \''.$oDb->escapeString($email).'\' '.
191 191
                        'WHERE `user_id` = '.intval($user_id).'';
192 192

  
193 193
            } else {
194 194

  
195
                $sql .= '`group_id`     = '.intval($group_id).', '.
196
                        '`groups_id`    = \''.$database->escapeString($groups_id).'\', '.
197
                        '`username` = \''.$database->escapeString($username).'\', '.
195
                $sql .= '`group_id` = '.intval($group_id).', '.
196
                        '`groups_id` = \''.$oDb->escapeString($groups_id).'\', '.
197
                        '`username` = \''.$oDb->escapeString($username).'\', '.
198 198
                        '`password` = \''.md5($password).'\', '.
199 199
                        '`active` = '.intval($active).', '.
200
                        '`display_name` = \''.$database->escapeString($display_name).'\', '.
201
                        '`home_folder` = \''.$database->escapeString($home_folder).'\', '.
202
                        '`email` = \''.$database->escapeString($email).'\' '.
200
                        '`display_name` = \''.$oDb->escapeString($display_name).'\', '.
201
                        '`home_folder` = \''.$oDb->escapeString($home_folder).'\', '.
202
                        '`email` = \''.$oDb->escapeString($email).'\' '.
203 203
                        'WHERE `user_id` = '.intval($user_id).'';
204 204

  
205 205
            }
206
            if($database->query($sql)) {
207
            	msgQueue::add($mLang->MESSAGE_USERS_SAVED, true);
206
            if($oDb->doQuery($sql)) {
207
            	msgQueue::add($oTrans->MESSAGE_USERS_SAVED, true);
208 208
                $bRetVal = $user_id;
209 209
            }
210
            if($database->is_error()) {
211
               msgQueue::add( implode('<br />',explode(';',$database->get_error())) );
210
            if($oDb->isError()) {
211
               msgQueue::add( implode('<br />',explode(';',$oDb->getError())) );
212 212
            }
213 213
       } else {
214
            	msgQueue::add($mLang->MESSAGE_GENERIC_NOT_UPGRADED);
214
            	msgQueue::add($oTrans->MESSAGE_GENERIC_NOT_UPGRADED);
215 215
       }
216 216

  
217 217
//        return $admin->getIDKEY($user_id);

Also available in: Unified diff