jostreff/nsedit
1
0
Fork 0
mirror of https://github.com/tuxis-ie/nsedit.git synced 2025-04-18 19:59:30 +03:00
Code Issues Projects Releases Packages Wiki Activity Actions

Modified users jtable to use id & fixed user deletion.

Browse source
This commit is contained in:
Richard Underwood 2016-09-20 10:10:54 +01:00
parent b16af25052
commit 083cb9429c
3 changed files with 41 additions and 25 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

42
includes/misc.inc.php
View file

@ -159,7 +159,7 @@ function add_user($username, $isadmin = FALSE, $password = '') {
return $ret; return $ret;
} }
function update_user($username, $isadmin, $password) { function update_user($id, $isadmin, $password) {
if ($password && !preg_match('/\$6\$/', $password)) { if ($password && !preg_match('/\$6\$/', $password)) {
$salt = bin2hex(openssl_random_pseudo_bytes(16)); $salt = bin2hex(openssl_random_pseudo_bytes(16));
$password = crypt($password, '$6$'.$salt); $password = crypt($password, '$6$'.$salt);
@ -167,16 +167,23 @@ function update_user($username, $isadmin, $password) {
$db = get_db(); $db = get_db();
$q = $db->prepare('SELECT * FROM users WHERE id = ?');
$q->bindValue(1, $id, SQLITE3_INTEGER);
$result = $q->execute();
$userinfo = $result->fetchArray(SQLITE3_ASSOC);
$q->close();
$username = $userinfo['emailaddress'];
if ($password) { if ($password) {
$q = $db->prepare('UPDATE users SET isadmin = ?, password = ? WHERE emailaddress = ?'); $q = $db->prepare('UPDATE users SET isadmin = ?, password = ? WHERE id = ?');
$q->bindValue(1, (int)(bool)$isadmin, SQLITE3_INTEGER); $q->bindValue(1, (int)(bool)$isadmin, SQLITE3_INTEGER);
$q->bindValue(2, $password, SQLITE3_TEXT); $q->bindValue(2, $password, SQLITE3_TEXT);
$q->bindValue(3, $username, SQLITE3_TEXT); $q->bindValue(3, $id, SQLITE3_INTEGER);
writelog("Updating password and/or settings for $username. Admin: ".(int)(bool)$isadmin); writelog("Updating password and/or settings for $username. Admin: ".(int)(bool)$isadmin);
} else { } else {
$q = $db->prepare('UPDATE users SET isadmin = ? WHERE emailaddress = ?'); $q = $db->prepare('UPDATE users SET isadmin = ? WHERE id = ?');
$q->bindValue(1, (int)(bool)$isadmin, SQLITE3_INTEGER); $q->bindValue(1, (int)(bool)$isadmin, SQLITE3_INTEGER);
$q->bindValue(2, $username, SQLITE3_TEXT); $q->bindValue(2, $id, SQLITE3_INTEGER);
writelog("Updating settings for $username. Admin: ".(int)(bool)$isadmin); writelog("Updating settings for $username. Admin: ".(int)(bool)$isadmin);
} }
$ret = $q->execute(); $ret = $q->execute();
@ -185,15 +192,26 @@ function update_user($username, $isadmin, $password) {
return $ret; return $ret;
} }
function delete_user($username) { function delete_user($id) {
$db = get_db(); $db = get_db();
$q = $db->prepare('DELETE FROM users WHERE id = ?');
$q->bindValue(1, $id, SQLITE3_INTEGER);
$ret = $q->execute();
$db->close();
writelog("Deleted user $username."); $q = $db->prepare('SELECT * FROM users WHERE id = ?');
return $ret; $q->bindValue(1, $id, SQLITE3_INTEGER);
$result = $q->execute();
$userinfo = $result->fetchArray(SQLITE3_ASSOC);
$q->close();
if($userinfo) {
$q = $db->prepare('DELETE FROM users WHERE id = ?');
$q->bindValue(1, $id, SQLITE3_INTEGER);
$ret = $q->execute();
$db->close();
writelog("Deleted user " . $userinfo['emailaddress'] . ".");
return $ret;
} else {
return false;
}
} }
function valid_user($name) { function valid_user($name) {

7
index.php
View file

@ -991,12 +991,15 @@ $(document).ready(function () {
deleteConfirmation: 'This user will be deleted. Are you sure?' deleteConfirmation: 'This user will be deleted. Are you sure?'
}, },
fields: { fields: {
id: {
key: true,
type: 'hidden'
},
emailaddress: { emailaddress: {
title: 'User', title: 'User',
key: true,
display: displayContent('emailaddress'), display: displayContent('emailaddress'),
inputClass: 'emailaddress', inputClass: 'emailaddress',
create: true, edit: false,
listClass: 'emailaddress' listClass: 'emailaddress'
}, },
password: { password: {

17
users.php
View file

@ -64,20 +64,13 @@ case "create":
break; break;
case "update": case "update":
$id = isset($_POST['id']) ? intval($_POST['id']) : '';
$emailaddress = isset($_POST['emailaddress']) ? $_POST['emailaddress'] : ''; $emailaddress = isset($_POST['emailaddress']) ? $_POST['emailaddress'] : '';
$isadmin = isset($_POST['isadmin']) ? $_POST['isadmin'] : '0'; $isadmin = isset($_POST['isadmin']) ? $_POST['isadmin'] : '0';
$password = isset($_POST['password']) ? $_POST['password'] : ''; $password = isset($_POST['password']) ? $_POST['password'] : '';
if (!valid_user($emailaddress)) { if ($id != '' and update_user($id, $isadmin, $password)) {
jtable_respond(null, 'error', "Please only use ^[a-z0-9@_.-]+$ for usernames"); $result = array('isadmin' => $isadmin);
}
if (!user_exists($emailaddress)) {
jtable_respond(null, 'error', 'Cannot update not existing user');
}
if (update_user($emailaddress, $isadmin, $password)) {
$result = array('emailaddress' => $emailaddress, 'isadmin' => $isadmin);
jtable_respond($result, 'single'); jtable_respond($result, 'single');
} else { } else {
jtable_respond(null, 'error', 'Could not update user'); jtable_respond(null, 'error', 'Could not update user');
@ -85,7 +78,9 @@ case "update":
break; break;
case "delete": case "delete":
if ($emailaddress != '' and delete_user($emailaddress) !== FALSE) { $id = isset($_POST['id']) ? intval($_POST['id']) : '';
if ($id != '' and delete_user($id) !== FALSE) {
jtable_respond(null, 'delete'); jtable_respond(null, 'delete');
} else { } else {
jtable_respond(null, 'error', 'Could not delete user'); jtable_respond(null, 'error', 'Could not delete user');