mirror of
https://github.com/tuxis-ie/nsedit.git
synced 2025-04-19 20:09:14 +03:00
Merge pull request #123 from richard-underwood/issue-122
Modified users jtable to use id & fixed user deletion.
This commit is contained in:
Tuxis Internet Engineering V.O.F
GitHub
commit
b34d7ee2f1
3 changed files with 41 additions and 25 deletions
|
|
@ -159,7 +159,7 @@ function add_user($username, $isadmin = FALSE, $password = '') {
|
|||
return $ret;
|
||||
}
|
||||
|
||||
function update_user($username, $isadmin, $password) {
|
||||
function update_user($id, $isadmin, $password) {
|
||||
if ($password && !preg_match('/\$6\$/', $password)) {
|
||||
$salt = bin2hex(openssl_random_pseudo_bytes(16));
|
||||
$password = crypt($password, '$6$'.$salt);
|
||||
|
|
@ -167,16 +167,23 @@ function update_user($username, $isadmin, $password) {
|
|||
|
||||
$db = get_db();
|
||||
|
||||
$q = $db->prepare('SELECT * FROM users WHERE id = ?');
|
||||
$q->bindValue(1, $id, SQLITE3_INTEGER);
|
||||
$result = $q->execute();
|
||||
$userinfo = $result->fetchArray(SQLITE3_ASSOC);
|
||||
$q->close();
|
||||
$username = $userinfo['emailaddress'];
|
||||
|
||||
if ($password) {
|
||||
$q = $db->prepare('UPDATE users SET isadmin = ?, password = ? WHERE emailaddress = ?');
|
||||
$q = $db->prepare('UPDATE users SET isadmin = ?, password = ? WHERE id = ?');
|
||||
$q->bindValue(1, (int)(bool)$isadmin, SQLITE3_INTEGER);
|
||||
$q->bindValue(2, $password, SQLITE3_TEXT);
|
||||
$q->bindValue(3, $username, SQLITE3_TEXT);
|
||||
$q->bindValue(3, $id, SQLITE3_INTEGER);
|
||||
writelog("Updating password and/or settings for $username. Admin: ".(int)(bool)$isadmin);
|
||||
} else {
|
||||
$q = $db->prepare('UPDATE users SET isadmin = ? WHERE emailaddress = ?');
|
||||
$q = $db->prepare('UPDATE users SET isadmin = ? WHERE id = ?');
|
||||
$q->bindValue(1, (int)(bool)$isadmin, SQLITE3_INTEGER);
|
||||
$q->bindValue(2, $username, SQLITE3_TEXT);
|
||||
$q->bindValue(2, $id, SQLITE3_INTEGER);
|
||||
writelog("Updating settings for $username. Admin: ".(int)(bool)$isadmin);
|
||||
}
|
||||
$ret = $q->execute();
|
||||
|
|
@ -185,15 +192,26 @@ function update_user($username, $isadmin, $password) {
|
|||
return $ret;
|
||||
}
|
||||
|
||||
function delete_user($username) {
|
||||
function delete_user($id) {
|
||||
$db = get_db();
|
||||
$q = $db->prepare('DELETE FROM users WHERE id = ?');
|
||||
$q->bindValue(1, $id, SQLITE3_INTEGER);
|
||||
$ret = $q->execute();
|
||||
$db->close();
|
||||
|
||||
writelog("Deleted user $username.");
|
||||
return $ret;
|
||||
$q = $db->prepare('SELECT * FROM users WHERE id = ?');
|
||||
$q->bindValue(1, $id, SQLITE3_INTEGER);
|
||||
$result = $q->execute();
|
||||
$userinfo = $result->fetchArray(SQLITE3_ASSOC);
|
||||
$q->close();
|
||||
|
||||
if($userinfo) {
|
||||
$q = $db->prepare('DELETE FROM users WHERE id = ?');
|
||||
$q->bindValue(1, $id, SQLITE3_INTEGER);
|
||||
$ret = $q->execute();
|
||||
$db->close();
|
||||
|
||||
writelog("Deleted user " . $userinfo['emailaddress'] . ".");
|
||||
return $ret;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
function valid_user($name) {
|
||||
|
|
|
|||
|
|
@ -991,12 +991,15 @@ $(document).ready(function () {
|
|||
deleteConfirmation: 'This user will be deleted. Are you sure?'
|
||||
},
|
||||
fields: {
|
||||
id: {
|
||||
key: true,
|
||||
type: 'hidden'
|
||||
},
|
||||
emailaddress: {
|
||||
title: 'User',
|
||||
key: true,
|
||||
display: displayContent('emailaddress'),
|
||||
inputClass: 'emailaddress',
|
||||
create: true,
|
||||
edit: false,
|
||||
listClass: 'emailaddress'
|
||||
},
|
||||
password: {
|
||||
|
|
|
|||
17
users.php
17
users.php
|
|
@ -64,20 +64,13 @@ case "create":
|
|||
break;
|
||||
|
||||
case "update":
|
||||
$id = isset($_POST['id']) ? intval($_POST['id']) : '';
|
||||
$emailaddress = isset($_POST['emailaddress']) ? $_POST['emailaddress'] : '';
|
||||
$isadmin = isset($_POST['isadmin']) ? $_POST['isadmin'] : '0';
|
||||
$password = isset($_POST['password']) ? $_POST['password'] : '';
|
||||
|
||||
if (!valid_user($emailaddress)) {
|
||||
jtable_respond(null, 'error', "Please only use ^[a-z0-9@_.-]+$ for usernames");
|
||||
}
|
||||
|
||||
if (!user_exists($emailaddress)) {
|
||||
jtable_respond(null, 'error', 'Cannot update not existing user');
|
||||
}
|
||||
|
||||
if (update_user($emailaddress, $isadmin, $password)) {
|
||||
$result = array('emailaddress' => $emailaddress, 'isadmin' => $isadmin);
|
||||
if ($id != '' and update_user($id, $isadmin, $password)) {
|
||||
$result = array('isadmin' => $isadmin);
|
||||
jtable_respond($result, 'single');
|
||||
} else {
|
||||
jtable_respond(null, 'error', 'Could not update user');
|
||||
|
|
@ -85,7 +78,9 @@ case "update":
|
|||
break;
|
||||
|
||||
case "delete":
|
||||
if ($emailaddress != '' and delete_user($emailaddress) !== FALSE) {
|
||||
$id = isset($_POST['id']) ? intval($_POST['id']) : '';
|
||||
|
||||
if ($id != '' and delete_user($id) !== FALSE) {
|
||||
jtable_respond(null, 'delete');
|
||||
} else {
|
||||
jtable_respond(null, 'error', 'Could not delete user');
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue