$mdb2 = getConnection();
// Check parameters.
- if (!$user_id || !isset($fields['login']))
+ if (!$user_id)
return false;
+ $group_id = $user->getGroup();
+ $org_id = $user->org_id;
+
// Prepare query parts.
+ if (isset($fields['login'])) {
+ $login_part = ", login = ".$mdb2->quote($fields['login']);
+ }
+
if (isset($fields['password']))
$pass_part = ', password = md5('.$mdb2->quote($fields['password']).')';
- if (in_array('manage_users', $user->rights)) {
+
+ if (isset($fields['name']))
+ $name_part = ', name = '.$mdb2->quote($fields['name']);
+
+ if ($user->can('manage_users')) {
if (isset($fields['role_id'])) {
$role_id = (int) $fields['role_id'];
- $role_id_part = ", role_id = $role_id";
+ $role_part = ", role_id = $role_id";
}
if (array_key_exists('client_id', $fields)) // Could be NULL.
$client_part = ", client_id = ".$mdb2->quote($fields['client_id']);
$rate_part = ", rate = ".$mdb2->quote($rate);
}
+ if (isset($fields['email']))
+ $email_part = ', email = '.$mdb2->quote($fields['email']);
+
if (isset($fields['status'])) {
$status = (int) $fields['status'];
$status_part = ", status = $status";
}
$modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id;
+ $parts = ltrim($login_part.$pass_part.$name_part.$role_part.$client_part.$rate_part.$email_part.$modified_part.$status_part, ',');
- $sql = "update tt_users set login = ".$mdb2->quote($fields['login']).
- "$pass_part, name = ".$mdb2->quote($fields['name']).
- "$role_id_part $client_part $rate_part $modified_part $status_part, email = ".$mdb2->quote($fields['email']).
- " where id = $user_id";
+ $sql = "update tt_users set $parts".
+ " where id = $user_id and group_id = $group_id and org_id = $org_id";
$affected = $mdb2->exec($sql);
if (is_a($affected, 'PEAR_Error')) return false;
<br>
<table cellspacing="0" cellpadding="4" width="100%" border="0">
<tr>
- <td align="center"> Anuko Time Tracker 1.18.29.4617 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+ <td align="center"> Anuko Time Tracker 1.18.29.4618 | Copyright © <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
<a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
<a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
<a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
<tr>
<td class="systemMenu" height="17" align="center">
<a class="systemMenu" href="logout.php">{$i18n.menu.logout}</a> ·
- {if $user->can('manage_own_settings')}
+ {if $user->exists() && $user->can('manage_own_settings')}
<a class="systemMenu" href="profile_edit.php">{$i18n.menu.profile}</a> ·
{/if}
{if $user->can('manage_basic_settings')}
header('Location: feature_disabled.php');
exit();
}
+// End of access checks.
if ($request->isPost()) {
$cl_name = trim($request->getParameter('name'));
header('Location: access_denied.php');
exit();
}
+if (!$user->exists()) {
+ header('Location: access_denied.php'); // No users in subgroup.
+ exit();
+}
// End of access checks.
-$can_manage_account = $user->can('manage_own_account');
+$can_manage_account = $user->behalfGroup ? $user->can('manage_subgroups') : $user->can('manage_own_account');
+if ($user->behalf_id) $user_details = $user->getUserDetails($user->behalf_id);
+$current_login = $user->behalf_id ? $user_details['login'] : $user->login;
if ($request->isPost()) {
$cl_name = trim($request->getParameter('name'));
}
$cl_email = trim($request->getParameter('email'));
} else {
- $cl_name = $user->name;
- $cl_login = $user->login;
- $cl_email = $user->email;
+ if ($user->behalf_id) {
+ $cl_name = $user_details['name'];
+ $cl_login = $user_details['login'];
+ $cl_email = $user_details['email'];
+ } else {
+ $cl_name = $user->name;
+ $cl_login = $user->login;
+ $cl_email = $user->email;
+ }
}
$form = new Form('profileForm');
if (!ttValidString($cl_login)) $err->add($i18n->get('error.field'), $i18n->get('label.login'));
// New login must be unique.
- if ($cl_login != $user->login && ttUserHelper::getUserByLogin($cl_login))
+ if ($cl_login != $current_login && ttUserHelper::getUserByLogin($cl_login))
$err->add($i18n->get('error.user_exists'));
if (!$auth->isPasswordExternal() && ($cl_password1 || $cl_password2)) {
// Finished validating user input.
if ($err->no()) {
- $update_result = ttUserHelper::update($user->id, array(
- 'name' => $cl_name,
- 'login' => $cl_login,
- 'password' => $cl_password1,
- 'email' => $cl_email,
- 'status' => ACTIVE));
+ $fields = $can_manage_account ?
+ array('name'=>$cl_name,'login'=>$cl_login,'password'=>$cl_password1,'email'=>$cl_email) :
+ array('password'=>$cl_password1);
+ $update_result = ttUserHelper::update($user->getUser(), $fields);
if ($update_result) {
header('Location: time.php');
exit();