From 8bac0a32a83513007c107d890e85bbcb1e97b497 Mon Sep 17 00:00:00 2001 From: chriskl Date: Mon, 19 May 2003 13:10:59 +0000 Subject: [PATCH] superuser can change anyone's password. xhtml fixes. printVal run --- users.php | 93 ++++++++++++++++++++++++++++++++++--------------------- 1 file changed, 57 insertions(+), 36 deletions(-) diff --git a/users.php b/users.php index 38b18283..f3c3787d 100644 --- a/users.php +++ b/users.php @@ -3,7 +3,7 @@ /** * Manage users in a database cluster * - * $Id: users.php,v 1.11 2003/05/16 06:49:02 chriskl Exp $ + * $Id: users.php,v 1.12 2003/05/19 13:10:59 chriskl Exp $ */ // Include application functions @@ -23,7 +23,7 @@ global $data, $misc; global $PHP_SELF, $lang; - echo "

{$lang['strusers']}: ", htmlspecialchars($_SESSION['webdbUsername']), ": {$lang['straccount']}

\n"; + echo "

{$lang['strusers']}: ", $misc->printVal($_SESSION['webdbUsername']), ": {$lang['straccount']}

\n"; $misc->printMsg($msg); $userdata = &$data->getUser($_SESSION['webdbUsername']); @@ -33,10 +33,10 @@ $userdata->f[$data->uFields['ucreatedb']] = $data->phpBool($userdata->f[$data->uFields['ucreatedb']]); echo "\n"; echo "\n"; - echo "\n"; + echo "\n"; echo "\n"; echo "\n"; - echo "\n"; + echo "\n"; echo "
{$lang['strusername']}{$lang['strsuper']}{$lang['strcreatedb']}{$lang['strexpires']}
", htmlspecialchars($userdata->f[$data->uFields['uname']]), "
", $misc->printVal($userdata->f[$data->uFields['uname']]), "", (($userdata->f[$data->uFields['usuper']]) ? $lang['stryes'] : $lang['strno']), "", (($userdata->f[$data->uFields['ucreatedb']]) ? $lang['stryes'] : $lang['strno']), "", htmlspecialchars($userdata->f[$data->uFields['uexpires']]), "
", $misc->printVal($userdata->f[$data->uFields['uexpires']]), "
\n"; } else echo "

{$lang['strnodata']}

\n"; @@ -52,7 +52,7 @@ global $PHP_SELF, $lang, $conf; if ($confirm) { - echo "

{$lang['strusers']}: ", htmlspecialchars($_SESSION['webdbUsername']), ": {$lang['strchangepassword']}

\n"; + echo "

{$lang['strusers']}: ", $misc->printVal($_SESSION['webdbUsername']), ": {$lang['strchangepassword']}

\n"; $misc->printMsg($msg); if (!isset($_POST['password'])) $_POST['password'] = ''; @@ -89,19 +89,6 @@ } } - /** - * Function to save after editing a user - */ - function doSaveEdit() { - global $data, $lang; - - $status = $data->setUser($_POST['username'], '', isset($_POST['formCreateDB']), isset($_POST['formSuper']), $_POST['formExpires']); - if ($status == 0) - doProperties($lang['struserupdated']); - else - doEdit($lang['struserupdatedbad']); - } - /** * Function to allow editing of a user */ @@ -109,7 +96,7 @@ global $data, $misc; global $PHP_SELF, $lang; - echo "

{$lang['strusers']}: ", htmlspecialchars($_REQUEST['username']), ": {$lang['stredit']}

\n"; + echo "

{$lang['strusers']}: ", $misc->printVal($_REQUEST['username']), ": {$lang['stredit']}

\n"; $misc->printMsg($msg); $userdata = &$data->getUser($_REQUEST['username']); @@ -117,19 +104,31 @@ if ($userdata->recordCount() > 0) { $userdata->f[$data->uFields['ucreatedb']] = $data->phpBool($userdata->f[$data->uFields['ucreatedb']]); $userdata->f[$data->uFields['usuper']] = $data->phpBool($userdata->f[$data->uFields['usuper']]); + + if (!isset($_POST['formPassword'])) $_POST['formPassword'] = ''; + if (!isset($_POST['formConfirm'])) $_POST['formConfirm'] = ''; + if (!isset($_POST['formExpires'])) $_POST['formExpires'] = $userdata->f[$data->uFields['uexpires']]; + echo "
\n"; echo "\n"; - echo "\n"; - echo "\n"; + echo ""; + echo "\n"; + echo "\n"; echo "\n"; echo "\n"; - echo "\n"; + echo "\n"; + echo "
{$lang['strusername']}{$lang['strsuper']}{$lang['strcreatedb']}{$lang['strexpires']}
", htmlspecialchars($userdata->f[$data->uFields['uname']]), "
{$lang['strusername']}{$lang['strsuper']}{$lang['strcreatedb']}{$lang['strexpires']}
", $misc->printVal($userdata->f[$data->uFields['uname']]), "f[$data->uFields['usuper']]) ? ' checked="checked"' : '', " />f[$data->uFields['ucreatedb']]) ? ' checked="checked"' : '', " />f[$data->uFields['uexpires']]), "\" />

\n"; + echo "\n"; + echo ""; + echo "\n"; + echo "\n"; echo "
{$lang['strpassword']}{$lang['strconfirm']}
\n"; - echo "\n"; + echo "

\n"; echo "\n"; - echo " \n"; + echo "\n"; + echo "

\n"; echo "
\n"; } else echo "

{$lang['strnodata']}

\n"; @@ -139,6 +138,24 @@ urlencode($_REQUEST['username']), "\">{$lang['strproperties']}

\n"; } + /** + * Function to save after editing a user + */ + function doSaveEdit() { + global $data, $lang; + + // Check password + if ($_POST['formPassword'] != $_POST['formConfirm']) + doEdit($lang['strpasswordconfirm']); + else { + $status = $data->setUser($_POST['username'], $_POST['formPassword'], isset($_POST['formCreateDB']), isset($_POST['formSuper']), $_POST['formExpires']); + if ($status == 0) + doProperties($lang['struserupdated']); + else + doEdit($lang['struserupdatedbad']); + } + } + /** * Show read only properties for a user */ @@ -146,7 +163,7 @@ global $data, $misc; global $PHP_SELF, $lang; - echo "

{$lang['strusers']}: ", htmlspecialchars($_REQUEST['username']), ": {$lang['strproperties']}

\n"; + echo "

{$lang['strusers']}: ", $misc->printVal($_REQUEST['username']), ": {$lang['strproperties']}

\n"; $misc->printMsg($msg); $userdata = &$data->getUser($_REQUEST['username']); @@ -156,10 +173,10 @@ $userdata->f[$data->uFields['ucreatedb']] = $data->phpBool($userdata->f[$data->uFields['ucreatedb']]); echo "\n"; echo "\n"; - echo "\n"; + echo "\n"; echo "\n"; echo "\n"; - echo "\n"; + echo "\n"; echo "
{$lang['strusername']}{$lang['strsuper']}{$lang['strcreatedb']}{$lang['strexpires']}
", htmlspecialchars($userdata->f[$data->uFields['uname']]), "
", $misc->printVal($userdata->f[$data->uFields['uname']]), "", (($userdata->f[$data->uFields['usuper']]) ? $lang['stryes'] : $lang['strno']), "", (($userdata->f[$data->uFields['ucreatedb']]) ? $lang['stryes'] : $lang['strno']), "", htmlspecialchars($userdata->f[$data->uFields['uexpires']]), "
", $misc->printVal($userdata->f[$data->uFields['uexpires']]), "
\n"; } else echo "

{$lang['strnodata']}

\n"; @@ -173,18 +190,19 @@ * Show confirmation of drop and perform actual drop */ function doDrop($confirm) { - global $data; + global $data, $misc; global $PHP_SELF, $lang; if ($confirm) { - echo "

{$lang['strusers']}: ", htmlspecialchars($_REQUEST['username']), ": {$lang['strdrop']}

\n"; + echo "

{$lang['strusers']}: ", $misc->printVal($_REQUEST['username']), ": {$lang['strdrop']}

\n"; - echo "

", sprintf($lang['strconfdropuser'], htmlspecialchars($_REQUEST['username'])), "

\n"; + echo "

", sprintf($lang['strconfdropuser'], $misc->printVal($_REQUEST['username'])), "

\n"; echo "
\n"; echo "\n"; echo "\n"; - echo " \n"; + echo "\n"; + echo "\n"; echo "
\n"; } else { @@ -226,7 +244,8 @@ echo "\n"; echo "\n"; echo "\n"; - echo " \n"; + echo "\n"; + echo "\n"; echo "\n"; echo "

{$lang['strshowallusers']}

\n"; @@ -270,11 +289,13 @@ echo "{$lang['strcreatedb']}{$lang['strexpires']}{$lang['stractions']}\n"; $i = 0; while (!$users->EOF) { + $users->f[$data->uFields['usuper']] = $data->phpBool($users->f[$data->uFields['usuper']]); + $users->f[$data->uFields['ucreatedb']] = $data->phpBool($users->f[$data->uFields['ucreatedb']]); $id = (($i % 2) == 0 ? '1' : '2'); - echo "", htmlspecialchars($users->f[$data->uFields['uname']]), "\n"; - echo "", (htmlspecialchars($users->f[$data->uFields['usuper']])==='t') ? $lang['stryes'] : $lang['strno'], "\n"; - echo "", (htmlspecialchars($users->f[$data->uFields['ucreatedb']])==='t') ? $lang['stryes'] : $lang['strno'], "\n"; - echo "", htmlspecialchars($users->f[$data->uFields['uexpires']]), "\n"; + echo "", $misc->printVal($users->f[$data->uFields['uname']]), "\n"; + echo "", ($users->f[$data->uFields['usuper']]) ? $lang['stryes'] : $lang['strno'], "\n"; + echo "", ($users->f[$data->uFields['ucreatedb']]) ? $lang['stryes'] : $lang['strno'], "\n"; + echo "", $misc->printVal($users->f[$data->uFields['uexpires']]), "\n"; echo "f[$data->uFields['uname']]), "\">{$lang['strproperties']}\n"; echo "