AppDB Modified edituser.php
Tony Lambregts
tony_lambregts at telusplanet.net
Wed Apr 21 17:25:11 CDT 2004
There was no way to add administrative privilages to a user this patch fixes
that problem. Also the previously unused functions addpriv() and delpriv()
needed fixing.
Change log: change edituser.php to allow editing of administrative
privilages.
Files changed: edituser.php
user.php
--
Tony Lambregts
Index: edituser.php
===================================================================
RCS file: /home/wine/appdb/edituser.php,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 edituser.php
--- edituser.php 15 Mar 2004 16:22:00 -0000 1.1.1.1
+++ edituser.php 21 Apr 2004 21:14:01 -0000
@@ -1,55 +1,116 @@
<?
-
+
include("path.php");
include(BASE."include/"."incl.php");
-include(BASE."include/"."tableve.php");
-include(BASE."include/"."qclass.php");
-if(!havepriv("admin"))
+if(!loggedin())
{
- errorpage();
+ errorpage("You must be logged in to edit preferences");
exit;
}
-
-
-$user_fields = array("stamp", "userid", "username", "password", "realname", "email", "created", "status");
-
-function make_fields($fields, $prefix)
+if(!havepriv("admin"))
{
- $arr = array();
- while(list($idx, $field) = each($fields))
- $arr[] = "$prefix.$field";
- return $arr;
+ errorpage("You do not have sufficient rights to edit users");
+ exit;
}
+ $user = new User();
+ $result = mysql_query("SELECT stamp, userid, username, realname, ".
+ "created, status, perm FROM user_list WHERE ".
+ "userid = '$userid'", $user->link);
+ if(!$result)
+ {
+ errorpage("You must be logged in to edit preferences");
+ exit;
+ }
+ list($user->stamp, $user->userid, $user->username, $user->realname,
+ $user->created, $status, $perm) = mysql_fetch_row($result);
-apidb_header("Edit User");
-
-$t = new TableVE("edit");
+ global $ext_username, $ext_password1, $ext_password2, $ext_realname, $ext_email, $ext_hasadmin;
if($HTTP_POST_VARS)
{
- $t->update($HTTP_POST_VARS);
+ if ($ext_password == $ext_password2)
+ {
+ $passwd = $ext_password;
+ }
+ else if ($ext_password)
+ {
+ addmsg("The Passwords you entered did not match.", "red");
+ }
+
+ if ($user->update($userid, $passwd, $ext_realname, $ext_email))
+ {
+ addmsg("Preferences Updated", "green");
+ }
+ else
+ {
+ addmsg("There was a problem updating the user's info", "red");
+ }
+ if($ext_hasadmin=="on")
+ $user->addpriv("admin");
+ else
+ $user->delpriv("admin");
}
-else
+
{
- $qc = new qclass();
- $qc->add_fields(make_fields($user_fields, "user_list"));
- if($username)
- $qc->add_where("username = '$username'");
- else
- $qc->add_where("userid = $userid");
- $qc->resolve();
+ // show form
- $query = $qc->get_query();
- if(debugging())
- echo "$query <br><br>\n";
+ apidb_header("Edit User");
- $t->edit($query);
+ echo "<form method=post action='edituser.php'>\n";
+ echo html_frame_start("Data for user ID $userid", "80%");
+ echo html_table_begin("width='100%' border=0 align=left cellspacing=0 class='box-body'");
+
+
+
+ $ext_username = $user->lookup_username($userid);
+ $ext_realname = $user->lookup_realname($userid);
+ $ext_email = $user->lookup_email($userid);
+ if($user->checkpriv("admin"))
+ $ext_hasadmin = 'checked="true"';
+ else
+ $ext_hasadmin = "";
+
+
+?>
+ <input type="hidden" name="userid" value="<?=$userid?>">
+ <tr>
+ <td> User Name </td>
+ <td> <b> <?=$ext_username?> </b> </td>
+ </tr>
+ <tr>
+ <td> Password </td>
+ <td> <input type="password" name="ext_password"> </td>
+ </tr>
+ <tr>
+ <td> Password (again) </td>
+ <td> <input type="password" name="ext_password2"> </td>
+ </tr>
+ <tr>
+ <td> Real Name </td>
+ <td> <input type="text" name="ext_realname" value="<?=$ext_realname?>"> </td>
+ </tr>
+ <tr>
+ <td> Email Address </td>
+ <td> <input type="text" name="ext_email" value="<?=$ext_email?>"> </td>
+ </tr>
+ <tr>
+ <td> Administrator </td>
+ <td> <input type="checkbox" name="ext_hasadmin" "<?=$ext_hasadmin?>"> </td>
+ </tr>
+ <tr>
+ <td colspan=2> </td>
+ </tr>
+<?
+
+ echo html_table_end();
+ echo html_frame_end();
+ echo "<br> <div align=center> <input type=submit value='Update'> </div> <br>\n";
+ echo "</form>\n";
}
apidb_footer();
-
?>
Index: include/user.php
===================================================================
RCS file: /home/wine/appdb/include/user.php,v
retrieving revision 1.1.1.1
diff -u -r1.1.1.1 user.php
--- include/user.php 15 Mar 2004 16:22:03 -0000 1.1.1.1
+++ include/user.php 21 Apr 2004 21:14:30 -0000
@@ -229,8 +229,7 @@
return 1;
$result = mysql_query("INSERT INTO user_privs VALUES ($this->userid, '$priv')", $this->link);
-
- return mysql_affected_rows($result);
+ return $result;
}
function delpriv($priv)
@@ -239,7 +238,7 @@
return 0;
$result = mysql_query("DELETE FROM user_privs WHERE userid = $this->userid AND priv = '$priv'", $this->link);
- return mysql_num_rows($result);
+ return $result;
}
More information about the wine-patches
mailing list