From 37b29231e47a0c4458dc1c15d98588f16f07e1e2 Mon Sep 17 00:00:00 2001
From: Marius Cramer <m.cramer@pixcept.de>
Date: Thu, 06 Aug 2015 03:18:44 -0400
Subject: [PATCH] - don't set password via remoting if field is empty
---
interface/web/tools/user_settings.php | 76 ++++++++++++++++++++++++--------------
1 files changed, 48 insertions(+), 28 deletions(-)
diff --git a/interface/web/tools/user_settings.php b/interface/web/tools/user_settings.php
index d663814..5754245 100644
--- a/interface/web/tools/user_settings.php
+++ b/interface/web/tools/user_settings.php
@@ -38,57 +38,77 @@
* End Form configuration
******************************************/
-require_once('../../lib/config.inc.php');
-require_once('../../lib/app.inc.php');
+require_once '../../lib/config.inc.php';
+require_once '../../lib/app.inc.php';
//* Check permissions for module
$app->auth->check_module_permissions('tools');
+
+if($_SESSION['s']['user']['typ'] == 'admin') {
+ $app->auth->check_security_permissions('admin_allow_new_admin');
+}
// Loading classes
$app->uses('tpl,tform,tform_actions');
$app->load('tform_actions');
class page_action extends tform_actions {
-
+
function onLoad() {
- global $app, $conf, $tform_def_file;
+ global $app, $conf, $tform_def_file;
- // Loading template classes and initialize template
- if(!is_object($app->tpl)) $app->uses('tpl');
- if(!is_object($app->tform)) $app->uses('tform');
+ // Loading template classes and initialize template
+ if(!is_object($app->tpl)) $app->uses('tpl');
+ if(!is_object($app->tform)) $app->uses('tform');
- $app->tpl->newTemplate("tabbed_form.tpl.htm");
+ $app->tpl->newTemplate("tabbed_form.tpl.htm");
- // Load table definition from file
- $app->tform->loadFormDef($tform_def_file);
-
- // Importing ID
- $this->id = $_SESSION['s']['user']['userid'];
- $_POST['id'] = $_SESSION['s']['user']['userid'];
+ // Load table definition from file
+ $app->tform->loadFormDef($tform_def_file);
- if(count($_POST) > 1) {
- $this->dataRecord = $_POST;
- $this->onSubmit();
- } else {
- $this->onShow();
- }
- }
-
+ // Importing ID
+ $this->id = $app->functions->intval($_SESSION['s']['user']['userid']);
+ $_POST['id'] = $_SESSION['s']['user']['userid'];
+
+ if(count($_POST) > 1) {
+ $this->dataRecord = $_POST;
+ $this->onSubmit();
+ } else {
+ $this->onShow();
+ }
+ }
+
function onInsert() {
die('No inserts allowed.');
}
-
+
function onBeforeUpdate() {
global $app, $conf;
-
- if($_POST['passwort'] != $_POST['passwort2']) {
+
+ if($conf['demo_mode'] == true && $this->id <= 3) $app->tform->errorMessage .= 'This function is disabled in demo mode.';
+
+ if($_POST['passwort'] != $_POST['repeat_password']) {
$app->tform->errorMessage = $app->tform->lng('password_mismatch');
}
- $_SESSION['s']['user']['language'] = $_POST['language'];
- $_SESSION['s']['language'] = $_POST['language'];
+ if(preg_match('/[a-z]{2}/',$_POST['language'])) {
+ $_SESSION['s']['user']['language'] = $_POST['language'];
+ $_SESSION['s']['language'] = $_POST['language'];
+ } else {
+ $app->error('Invalid language.');
+ }
}
-
+ function onAfterUpdate() {
+ global $app;
+
+ if($_POST['passwort'] != '') {
+ $tmp_user = $app->db->queryOneRecord("SELECT passwort FROM sys_user WHERE userid = ?", $_SESSION['s']['user']['userid']);
+ $_SESSION['s']['user']['passwort'] = $tmp_user['passwort'];
+ unset($tmp_user);
+ }
+ }
+
+
}
$page = new page_action;
--
Gitblit v1.9.1