From bde9999ab047052540e9b57ce39d7932bcb00f9d Mon Sep 17 00:00:00 2001 From: Nik Okuntseff Date: Wed, 28 Nov 2018 22:16:52 +0000 Subject: [PATCH] Refactored admin_group_editp.php. --- WEB-INF/lib/ttAdmin.class.php | 12 +++--- WEB-INF/templates/footer.tpl | 2 +- admin_group_edit.php | 70 +++++++++++++++++++++++------------ 3 files changed, 53 insertions(+), 31 deletions(-) diff --git a/WEB-INF/lib/ttAdmin.class.php b/WEB-INF/lib/ttAdmin.class.php index 2e0e6957..6a16034e 100644 --- a/WEB-INF/lib/ttAdmin.class.php +++ b/WEB-INF/lib/ttAdmin.class.php @@ -236,17 +236,18 @@ class ttAdmin { return $result; } - // updateGroup validates user input and updates the group with new information. - function updateGroup($group_id, $fields) { - if (!$this->validateGroupInfo($fields)) return false; // Can't continue as user input is invalid. + // updateGroup updates a (top) group with new information. + static function updateGroup($fields) { + $group_id = (int)$fields['group_id']; + if (!$group_id) return false; // Nothing to update. - global $user; $mdb2 = getConnection(); + global $user; + $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id); // Update group name if it changed. if ($fields['old_group_name'] != $fields['new_group_name']) { $name_part = 'name = '.$mdb2->quote($fields['new_group_name']); - $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id); $sql = 'update tt_groups set '.$name_part.$modified_part.' where id = '.$group_id; $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) return false; @@ -259,7 +260,6 @@ class ttAdmin { $password_part = ', password = md5('.$mdb2->quote($fields['password1']).')'; $name_part = ', name = '.$mdb2->quote($fields['user_name']); $email_part = ', email = '.$mdb2->quote($fields['email']); - $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id); $sql = 'update tt_users set '.$login_part.$password_part.$name_part.$email_part.$modified_part.'where id = '.$user_id; $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) return false; diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index 77022528..587079ff 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.18.28.4536 | Copyright © Anuko | +  Anuko Time Tracker 1.18.28.4537 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} diff --git a/admin_group_edit.php b/admin_group_edit.php index bb0fc413..5e34e807 100644 --- a/admin_group_edit.php +++ b/admin_group_edit.php @@ -36,13 +36,14 @@ if (!ttAccessAllowed('administer_site')) { header('Location: access_denied.php'); exit(); } +$group_id = (int)$request->getParameter('id'); +$group_details = ttAdmin::getGroupDetails($group_id); +if (!($group_id && $group_details)) { + header('Location: access_denied.php'); + exit(); +} // End of access checks. -$group_id = $request->getParameter('id'); - -$admin = new ttAdmin(); -$group_details = $admin->getGroupDetails($group_id); - if ($request->isPost()) { $cl_group_name = trim($request->getParameter('group_name')); $cl_manager_name = trim($request->getParameter('manager_name')); @@ -77,26 +78,47 @@ $form->addInput(array('type'=>'submit','name'=>'btn_cancel','value'=>$i18n->get( if ($request->isPost()) { if ($request->getParameter('btn_save')) { - // Create fields array for ttAdmin instance. - $fields = array( - 'old_group_name' => $group_details['group_name'], - 'new_group_name' => $cl_group_name, - 'user_id' => $group_details['manager_id'], - 'user_name' => $cl_manager_name, - 'old_login' => $group_details['manager_login'], - 'new_login' => $cl_manager_login, - 'password1' => $cl_password1, - 'password2' => $cl_password2, - 'email' => $cl_manager_email); - import('ttAdmin'); - $admin = new ttAdmin($err); - $result = $admin->updateGroup($group_id, $fields); - if ($result) { - header('Location: admin_groups.php'); - exit(); - } else - $err->add($i18n->get('error.db')); + // Validate user input. + if (!ttValidString($cl_group_name)) + $err->add($i18n->get('error.field'), $i18n->get('label.group_name')); + if (!ttValidString($cl_manager_name)) + $err->add($i18n->get('error.field'), $i18n->get('label.manager_name')); + if (!ttValidString($cl_manager_login)) + $err->add($i18n->get('error.field'), $i18n->get('label.manager_login')); + // If we change login, it must be unique. + if ($cl_manager_login != $group_details['manager_login']) { + if (ttUserHelper::getUserByLogin($cl_manager_login)) { + $err->add($i18n->get('error.user_exists')); + } + } + if (!$auth->isPasswordExternal() && ($cl_password1 || $cl_password2)) { + if (!ttValidString($cl_password1)) + $err->add($i18n->get('error.field'), $i18n->get('label.password')); + if (!ttValidString($cl_password2)) + $err->add($i18n->get('error.field'), $i18n->get('label.confirm_password')); + if ($cl_password1 !== $cl_password2) + $err->add($i18n->get('error.not_equal'), $i18n->get('label.password'), $i18n->get('label.confirm_password')); + } + if (!ttValidEmail($cl_manager_email, true)) + $err->add($i18n->get('error.field'), $i18n->get('label.email')); + + if ($err->no()) { + if (ttAdmin::updateGroup(array('group_id' => $group_id, + 'old_group_name' => $group_details['group_name'], + 'new_group_name' => $cl_group_name, + 'user_id' => $group_details['manager_id'], + 'user_name' => $cl_manager_name, + 'old_login' => $group_details['manager_login'], + 'new_login' => $cl_manager_login, + 'password1' => $cl_password1, + 'password2' => $cl_password2, + 'email' => $cl_manager_email))) { + header('Location: admin_groups.php'); + exit(); + } else + $err->add($i18n->get('error.db')); + } } if ($request->getParameter('btn_cancel')) { -- 2.20.1