mirror of
https://github.com/tuxis-ie/nsedit.git
synced 2025-06-07 00:47:00 +03:00
Rewrite/Refactoring
- add a lot of permission checks:
zone edits were completely unchecked (after login); only list and creation were
protected.
- reduce regular expression usage
- don't use user provided names/ids/urls for requests; instead use them
to search for the zone in the list of all zones.
- rename 'label' to 'name' in template records ('name' is used in all
other places)
- make 'localhost' default $apisid
- add 'soa_edit' default
- remove gen_pw/pwgen caller; use openssl instead for random password
- fix a lot of bugs (editrecord, TXT quoting, name checking, ...)
- improve record sorting
This commit is contained in:
Stefan Bühler
parent
169983da70
commit
54fb62b471
5 changed files with 625 additions and 312 deletions
82
users.php
82
users.php
|
|
@ -5,48 +5,96 @@ include_once('includes/session.inc.php');
|
|||
include_once('includes/misc.inc.php');
|
||||
|
||||
if (!is_logged_in()) {
|
||||
header("Location: index.php");
|
||||
header('Status: 403');
|
||||
header('Location: ./index.php');
|
||||
jtable_respond(null, 'error', "Authentication required");
|
||||
}
|
||||
|
||||
if (!is_adminuser()) {
|
||||
header('Status: 403');
|
||||
jtable_respond(null, 'error', "You need adminprivileges to get here");
|
||||
}
|
||||
|
||||
if (isset($_GET['action'])) {
|
||||
$action = $_GET['action'];
|
||||
} else {
|
||||
if (!isset($_GET['action'])) {
|
||||
header('Status: 400');
|
||||
jtable_respond(null, 'error', 'No action given');
|
||||
}
|
||||
|
||||
if ($action == "list") {
|
||||
switch ($_GET['action']) {
|
||||
|
||||
case "list":
|
||||
$users = get_all_users();
|
||||
jtable_respond($users);
|
||||
} elseif ($action == "listoptions") {
|
||||
break;
|
||||
|
||||
case "listoptions":
|
||||
$users = get_all_users();
|
||||
$retusers = array();
|
||||
foreach ($users as $user) {
|
||||
$retusers[] = array (
|
||||
$retusers[] = array(
|
||||
'DisplayText' => $user['emailaddress'],
|
||||
'Value' => $user['emailaddress']);
|
||||
}
|
||||
jtable_respond($retusers, 'options');
|
||||
} elseif ($action == "create" or $action == "update") {
|
||||
if (valid_user($_POST['emailaddress']) === FALSE) {
|
||||
break;
|
||||
|
||||
case "create":
|
||||
$emailaddress = isset($_POST['emailaddress']) ? $_POST['emailaddress'] : '';
|
||||
$isadmin = isset($_POST['isadmin']) ? $_POST['isadmin'] : '0';
|
||||
$password = isset($_POST['password']) ? $_POST['password'] : '';
|
||||
|
||||
if (!valid_user($emailaddress)) {
|
||||
jtable_respond(null, 'error', "Please only use ^[a-z0-9@_.-]+$ for usernames");
|
||||
}
|
||||
$isadmin = $_POST['isadmin'] ? $_POST['isadmin'] : '0';
|
||||
if (add_user($_POST['emailaddress'], $isadmin, $_POST['password']) !== FALSE) {
|
||||
unset($_POST['password']);
|
||||
jtable_respond($_POST, 'single');
|
||||
} else {
|
||||
jtable_respond(null, 'error', 'Could not add/change this user');
|
||||
|
||||
if (!$password) {
|
||||
jtable_respond(null, 'error', 'Cannot create user without password');
|
||||
}
|
||||
} elseif ($action == "delete") {
|
||||
|
||||
if (user_exists($emailaddress)) {
|
||||
jtable_respond(null, 'error', 'User already exists');
|
||||
}
|
||||
|
||||
if (add_user($emailaddress, $isadmin, $password)) {
|
||||
$result = array('emailaddress' => $emailaddress, 'isadmin' => $isadmin);
|
||||
jtable_respond($result, 'single');
|
||||
} else {
|
||||
jtable_respond(null, 'error', 'Could not create user');
|
||||
}
|
||||
break;
|
||||
|
||||
case "update":
|
||||
$emailaddress = isset($_POST['emailaddress']) ? $_POST['emailaddress'] : '';
|
||||
$isadmin = isset($_POST['isadmin']) ? $_POST['isadmin'] : '0';
|
||||
$password = isset($_POST['password']) ? $_POST['password'] : '';
|
||||
|
||||
if (!valid_user($emailaddress)) {
|
||||
jtable_respond(null, 'error', "Please only use ^[a-z0-9@_.-]+$ for usernames");
|
||||
}
|
||||
|
||||
if (!user_exists($emailaddress)) {
|
||||
jtable_respond(null, 'error', 'Cannot update not existing user');
|
||||
}
|
||||
|
||||
if (update_user($emailaddress, $isadmin, $password)) {
|
||||
$result = array('emailaddress' => $emailaddress, 'isadmin' => $isadmin);
|
||||
jtable_respond($result, 'single');
|
||||
} else {
|
||||
jtable_respond(null, 'error', 'Could not update user');
|
||||
}
|
||||
break;
|
||||
|
||||
case "delete":
|
||||
if (delete_user($_POST['id']) !== FALSE) {
|
||||
jtable_respond(null, 'delete');
|
||||
} else {
|
||||
jtable_respond(null, 'error', 'Could not delete this user');
|
||||
jtable_respond(null, 'error', 'Could not delete user');
|
||||
}
|
||||
break;
|
||||
|
||||
default:
|
||||
jtable_respond(null, 'error', 'Invalid action');
|
||||
break;
|
||||
}
|
||||
|
||||
?>
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue