From 7ca15b5853146dd809f2ad3f5b2e1d9dab4f8dd4 Mon Sep 17 00:00:00 2001
From: Nik Okuntseff <support@anuko.com>
Date: Fri, 23 Mar 2018 11:56:01 +0000
Subject: [PATCH] Refactored admin_options.php to use ttAdmin instance.

---
 WEB-INF/lib/ttAdmin.class.php       | 82 +++++++++++++++++++++++++----
 WEB-INF/lib/ttRegistrator.class.php | 15 +++---
 WEB-INF/templates/footer.tpl        |  2 +-
 admin_options.php                   | 45 +++-------------
 4 files changed, 89 insertions(+), 55 deletions(-)

diff --git a/WEB-INF/lib/ttAdmin.class.php b/WEB-INF/lib/ttAdmin.class.php
index 87fe00bc..6008dcab 100644
--- a/WEB-INF/lib/ttAdmin.class.php
+++ b/WEB-INF/lib/ttAdmin.class.php
@@ -31,8 +31,8 @@ import('ttUser');
 // ttAdmin class is used to perform admin tasks.
 class ttAdmin {
 
-  var $err = null;        // Error object, passed to us as reference.
-                          // We use it to communicate errors to caller.
+  var $err = null; // Error object, passed to us as reference.
+                   // We use it to communicate errors to caller.
 
   // Constructor.
   function __construct(&$err = null) {
@@ -65,22 +65,19 @@ class ttAdmin {
     // Mark user binds as deleted.
     $sql = "update tt_user_project_binds set status = NULL where user_id = $user_id";
     $affected = $mdb2->exec($sql);
-    if (is_a($affected, 'PEAR_Error'))
-      return false;
+    if (is_a($affected, 'PEAR_Error')) return false;
 
     // Mark favorite reports as deleted.
     $sql = "update tt_fav_reports set status = NULL where user_id = $user_id";
     $affected = $mdb2->exec($sql);
-    if (is_a($affected, 'PEAR_Error'))
-      return false;
+    if (is_a($affected, 'PEAR_Error')) return false;
 
     // Mark user as deleted.
     global $user;
     $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id);
     $sql = "update tt_users set status = NULL $modified_part where id = $user_id";
     $affected = $mdb2->exec($sql);
-    if (is_a($affected, 'PEAR_Error'))
-      return false;
+    if (is_a($affected, 'PEAR_Error')) return false;
 
     return true;
   }
@@ -104,6 +101,7 @@ class ttAdmin {
       $affected = $mdb2->exec($sql);
       if (is_a($affected, 'PEAR_Error')) return false;
     }
+
     return true;
   }
 
@@ -264,8 +262,74 @@ class ttAdmin {
     return true;
   }
 
+  // validateUserInfo validates account information entered by user.
+  function validateUserInfo($fields) {
+    global $i18n;
+    global $user;
+    global $auth;
+
+    $result = true;
+
+    if (!ttValidString($fields['name'])) {
+      $this->err->add($i18n->getKey('error.field'), $i18n->getKey('label.person_name'));
+      $result = false;
+    }
+    if (!ttValidString($fields['login'])) {
+      $this->err->add($i18n->getKey('error.field'), $i18n->getKey('label.login'));
+      $result = false;
+    }
+    // If we change login, it must be unique.
+    if ($fields['login'] != $user->login) {
+      if (ttUserHelper::getUserByLogin($fields['login'])) {
+        $this->err->add($i18n->getKey('error.user_exists'));
+        $result = false;
+      }
+    }
+    if (!$auth->isPasswordExternal() && ($fields['password1'] || $fields['password2'])) {
+      if (!ttValidString($fields['password1'])) {
+        $this->err->add($i18n->getKey('error.field'), $i18n->getKey('label.password'));
+        $result = false;
+      }
+      if (!ttValidString($fields['password2'])) {
+        $this->err->add($i18n->getKey('error.field'), $i18n->getKey('label.confirm_password'));
+        $result = false;
+      }
+      if ($fields['password1'] !== $fields['password2']) {
+        $this->err->add($i18n->getKey('error.not_equal'), $i18n->getKey('label.password'), $i18n->getKey('label.confirm_password'));
+        $result = false;
+      }
+    }
+    if (!ttValidEmail($fields['email'], true)) {
+      $this->err->add($i18n->getKey('error.field'), $i18n->getKey('label.email'));
+      $result = false;
+    }
+
+    return $result;
+  }
+
   // updateSelf validates user input and updates admin account with new information.
   function updateSelf($fields) {
-    return false; // Not yet implemeneted.
+    if (!$this->validateUserInfo($fields)) return false; // Can't continue as user input is invalid.
+
+    global $user;
+    global $i18n;
+    $mdb2 = getConnection();
+
+    // Update self.
+    $user_id = $user->id;
+    $login_part = 'login = '.$mdb2->quote($fields['login']);
+    if ($fields['password1'])
+      $password_part = ', password = md5('.$mdb2->quote($fields['password1']).')';
+    $name_part = ', name = '.$mdb2->quote($fields['name']);
+    $email_part = ', email = '.$mdb2->quote($fields['email']);
+    $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id);
+    $sql = 'update tt_users set '.$login_part.$password_part.$name_part.$email_part.$modified_part.'where id = '.$user_id;
+    $affected = $mdb2->exec($sql);
+    if (is_a($affected, 'PEAR_Error')) {
+      $this->err->add($i18n->getKey('error.db'));
+      return false;
+    }
+
+    return true;
   }
 }
diff --git a/WEB-INF/lib/ttRegistrator.class.php b/WEB-INF/lib/ttRegistrator.class.php
index 3ac6166d..71f49e69 100644
--- a/WEB-INF/lib/ttRegistrator.class.php
+++ b/WEB-INF/lib/ttRegistrator.class.php
@@ -81,7 +81,7 @@ class ttRegistrator {
 
   // The register function registers a user in Time Tracker.
   function register() {
-    if ($this->err->yes()) return; // There are errors, do not proceed.
+    if ($this->err->yes()) return false; // There are errors, do not proceed.
 
     global $i18n;
 
@@ -89,30 +89,33 @@ class ttRegistrator {
     if (ttUserHelper::getUserByLogin($this->login)) {
       // User login already exists.
       $this->err->add($i18n->getKey('error.user_exists'));
-      return;
+      return false;
     }
 
     // Create a new group.
     $this->group_id = $this->createGroup();
     if (!$this->group_id) {
       $this->err->add($i18n->getKey('error.db'));
-      return;
+      return false;
     }
 
     import('ttRoleHelper');
     if (!ttRoleHelper::createPredefinedRoles($this->group_id, $this->lang)) {
       $err->add($i18n->getKey('error.db'));
-      return;
+      return false;
     }
     $this->role_id = ttRoleHelper::getTopManagerRoleID();
     $this->user_id = $this->createUser();
 
     if (!$this->user_id) {
       $err->add($i18n->getKey('error.db'));
-      return;
+      return false;
     }
 
-    $this->setCreatedBy($this->user_id);
+    if (!$this->setCreatedBy($this->user_id))
+      return false;
+
+    return true;
   }
 
   // The createGroup function creates a group in Time Tracker as part
diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl
index 4dc0027e..efe88efd 100644
--- a/WEB-INF/templates/footer.tpl
+++ b/WEB-INF/templates/footer.tpl
@@ -12,7 +12,7 @@
       <br>
       <table cellspacing="0" cellpadding="4" width="100%" border="0">
         <tr>
-          <td align="center">&nbsp;Anuko Time Tracker 1.17.66.4139 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
+          <td align="center">&nbsp;Anuko Time Tracker 1.17.66.4140 | Copyright &copy; <a href="https://www.anuko.com/lp/tt_3.htm" target="_blank">Anuko</a> |
             <a href="https://www.anuko.com/lp/tt_4.htm" target="_blank">{$i18n.footer.credits}</a> |
             <a href="https://www.anuko.com/lp/tt_5.htm" target="_blank">{$i18n.footer.license}</a> |
             <a href="https://www.anuko.com/lp/tt_7.htm" target="_blank">{$i18n.footer.improve}</a>
diff --git a/admin_options.php b/admin_options.php
index e728c830..14cb3f54 100644
--- a/admin_options.php
+++ b/admin_options.php
@@ -61,9 +61,6 @@ $form->addInput(array('type'=>'text','maxlength'=>'100','name'=>'email','value'=
 $form->addInput(array('type'=>'submit','name'=>'btn_submit','value'=>$i18n->getKey('button.submit')));
 
 if ($request->isPost()) {
-/*
- * This is work in progress... refactoring to replace the block below.
-
   // Create fields array for ttAdmin instance.
   $fields = array(
     'name' => $cl_name,
@@ -72,42 +69,12 @@ if ($request->isPost()) {
     'password2' => $cl_password2,
     'email' => $cl_email);
 
-    import('ttAdmin');
-    $admin = new ttAdmin($err);
-    $result = $admin->updateSelf($fields);
-    if ($result) {
-      header('Location: admin_teams.php');
-      exit();
-    }
- */
-
-  // Validate user input.
-  if (!ttValidString($cl_name)) $err->add($i18n->getKey('error.field'), $i18n->getKey('label.person_name'));
-  if (!ttValidString($cl_login)) $err->add($i18n->getKey('error.field'), $i18n->getKey('label.login'));
-  // New login must be unique.
-  if ($cl_login != $user->login && ttUserHelper::getUserByLogin($cl_login))
-    $err->add($i18n->getKey('error.user_exists'));
-  if (!$auth->isPasswordExternal() && ($cl_password1 || $cl_password2)) {
-    if (!ttValidString($cl_password1)) $err->add($i18n->getKey('error.field'), $i18n->getKey('label.password'));
-    if (!ttValidString($cl_password2)) $err->add($i18n->getKey('error.field'), $i18n->getKey('label.confirm_password'));
-    if ($cl_password1 !== $cl_password2)
-      $err->add($i18n->getKey('error.not_equal'), $i18n->getKey('label.password'), $i18n->getKey('label.confirm_password'));
-  }
-  if (!ttValidEmail($cl_email, true)) $err->add($i18n->getKey('error.field'), $i18n->getKey('label.email'));
-  // Finished validating user input.
-
-  if ($err->no()) {
-    if (ttUserHelper::update($user->id, array(
-      'name' => $cl_name,
-      'login' => $cl_login,
-      'password' => $cl_password1,
-      'email' => $cl_email,
-      'status' => ACTIVE))) {
-      header('Location: admin_teams.php');
-      exit();
-    } else {
-      $err->add($i18n->getKey('error.db'));
-    }
+  import('ttAdmin');
+  $admin = new ttAdmin($err);
+  $result = $admin->updateSelf($fields);
+  if ($result) {
+    header('Location: admin_teams.php');
+    exit();
   }
 } // isPost
 
-- 
2.20.1