From f613bf4ab8b4c818c9381d4e5e1af5fe5d0a6052 Mon Sep 17 00:00:00 2001 From: Nik Okuntseff Date: Thu, 29 Nov 2018 15:19:25 +0000 Subject: [PATCH] Finished refactoring ttAdmin class. --- WEB-INF/lib/ttAdmin.class.php | 80 ++++--------------------- WEB-INF/lib/ttClientHelper.class.php | 2 +- WEB-INF/lib/ttExpenseHelper.class.php | 4 +- WEB-INF/lib/ttGroupHelper.class.php | 6 +- WEB-INF/lib/ttOrgImportHelper.class.php | 6 +- WEB-INF/lib/ttTeamHelper.class.php | 2 +- WEB-INF/lib/ttTimeHelper.class.php | 4 +- WEB-INF/lib/ttUserHelper.class.php | 4 +- WEB-INF/templates/footer.tpl | 2 +- admin_options.php | 31 +++++++--- 10 files changed, 47 insertions(+), 94 deletions(-) diff --git a/WEB-INF/lib/ttAdmin.class.php b/WEB-INF/lib/ttAdmin.class.php index d0a1b8dc..0e0532ce 100644 --- a/WEB-INF/lib/ttAdmin.class.php +++ b/WEB-INF/lib/ttAdmin.class.php @@ -26,20 +26,13 @@ // | https://www.anuko.com/time_tracker/credits.htm // +----------------------------------------------------------------------+ -import('ttUser'); import('ttRoleHelper'); // ttAdmin class is used to perform admin tasks. +// Used as namespace, as it is a collection of static functions that we call +// from admin pages to administer the site as a whole. class ttAdmin { - var $err = null; // Error object, passed to us as reference. - // We use it to communicate errors to caller. - - // Constructor. - function __construct(&$err = null) { - $this->err = $err; - } - // getSubgroups rerurns an array of subgroups for a group. static function getSubgroups($group_id) { $mdb2 = getConnection(); @@ -118,7 +111,7 @@ class ttAdmin { // Mark group deleted. global $user; - $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id); + $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id; $sql = "update tt_groups set status = null $modified_part where id = $group_id"; $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) return false; @@ -133,7 +126,7 @@ class ttAdmin { $mdb2 = getConnection(); global $user; - $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id); + $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id; // Update group name if it changed. if ($fields['old_group_name'] != $fields['new_group_name']) { @@ -157,57 +150,9 @@ class ttAdmin { return true; } - // validateUserInfo validates account information entered by user. - function validateUserInfo($fields) { - global $i18n; + // updateSelf updates admin account with new information. + static function updateSelf($fields) { global $user; - global $auth; - - $result = true; - - if (!ttValidString($fields['name'])) { - $this->err->add($i18n->get('error.field'), $i18n->get('label.person_name')); - $result = false; - } - if (!ttValidString($fields['login'])) { - $this->err->add($i18n->get('error.field'), $i18n->get('label.login')); - $result = false; - } - // If we change login, it must be unique. - if ($fields['login'] != $user->login) { - if (ttUserHelper::getUserByLogin($fields['login'])) { - $this->err->add($i18n->get('error.user_exists')); - $result = false; - } - } - if (!$auth->isPasswordExternal() && ($fields['password1'] || $fields['password2'])) { - if (!ttValidString($fields['password1'])) { - $this->err->add($i18n->get('error.field'), $i18n->get('label.password')); - $result = false; - } - if (!ttValidString($fields['password2'])) { - $this->err->add($i18n->get('error.field'), $i18n->get('label.confirm_password')); - $result = false; - } - if ($fields['password1'] !== $fields['password2']) { - $this->err->add($i18n->get('error.not_equal'), $i18n->get('label.password'), $i18n->get('label.confirm_password')); - $result = false; - } - } - if (!ttValidEmail($fields['email'], true)) { - $this->err->add($i18n->get('error.field'), $i18n->get('label.email')); - $result = false; - } - - return $result; - } - - // updateSelf validates user input and updates admin account with new information. - function updateSelf($fields) { - if (!$this->validateUserInfo($fields)) return false; // Can't continue as user input is invalid. - - global $user; - global $i18n; $mdb2 = getConnection(); // Update self. @@ -217,15 +162,10 @@ class ttAdmin { $password_part = ', password = md5('.$mdb2->quote($fields['password1']).')'; $name_part = ', name = '.$mdb2->quote($fields['name']); $email_part = ', email = '.$mdb2->quote($fields['email']); - $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id); - $sql = 'update tt_users set '.$login_part.$password_part.$name_part.$email_part.$modified_part.'where id = '.$user_id; + $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id; + $sql = 'update tt_users set '.$login_part.$password_part.$name_part.$email_part.$modified_part.' where id = '.$user_id; $affected = $mdb2->exec($sql); - if (is_a($affected, 'PEAR_Error')) { - $this->err->add($i18n->get('error.db')); - return false; - } - - return true; + return (!is_a($affected, 'PEAR_Error')); } // getGroupName obtains group name. @@ -282,7 +222,7 @@ class ttAdmin { // Add modified info to sql for some tables, depending on table name. if ($table_name == 'tt_users') { global $user; - $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id); + $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id; } $sql = "update $table_name set status = null $modified_part where group_id = $group_id"; diff --git a/WEB-INF/lib/ttClientHelper.class.php b/WEB-INF/lib/ttClientHelper.class.php index 3ae662a1..24d00d23 100644 --- a/WEB-INF/lib/ttClientHelper.class.php +++ b/WEB-INF/lib/ttClientHelper.class.php @@ -121,7 +121,7 @@ class ttClientHelper { } // Handle time records. - $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id); + $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id; if ($delete_client_entries) { $sql = 'update tt_log set status = NULL'.$modified_part." where client_id = $id"; $affected = $mdb2->exec($sql); diff --git a/WEB-INF/lib/ttExpenseHelper.class.php b/WEB-INF/lib/ttExpenseHelper.class.php index 622e035c..b11e71fd 100644 --- a/WEB-INF/lib/ttExpenseHelper.class.php +++ b/WEB-INF/lib/ttExpenseHelper.class.php @@ -46,7 +46,7 @@ class ttExpenseHelper { $invoice_id = $fields['invoice_id']; $status = $fields['status']; $paid = (int) $fields['paid']; - $created = ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$mdb2->quote($user->id); + $created = ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$user->id; $sql = "insert into tt_expense_items". " (date, user_id, group_id, org_id, client_id, project_id, name, cost, invoice_id, paid, created, created_ip, created_by, status)". @@ -75,7 +75,7 @@ class ttExpenseHelper { if ($user->can('manage_invoices') && $user->isPluginEnabled('ps')) { $paid_part = $fields['paid'] ? ', paid = 1' : ', paid = 0'; } - $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id); + $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id; $sql = "UPDATE tt_expense_items set date = ".$mdb2->quote($date).", user_id = $user_id, client_id = ".$mdb2->quote($client_id). ", project_id = ".$mdb2->quote($project_id).", name = ".$mdb2->quote($name). diff --git a/WEB-INF/lib/ttGroupHelper.class.php b/WEB-INF/lib/ttGroupHelper.class.php index 39cdb780..8b02c85e 100644 --- a/WEB-INF/lib/ttGroupHelper.class.php +++ b/WEB-INF/lib/ttGroupHelper.class.php @@ -119,7 +119,7 @@ class ttGroupHelper { $values .= ', '.$mdb2->quote($attrs['lock_spec']); $values .= ', '.(int)$attrs['workday_minutes']; $values .= ', '.$mdb2->quote($attrs['config']); - $values .= ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$mdb2->quote($user->id); + $values .= ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$user->id; $values .= ')'; $sql = 'insert into tt_groups '.$columns.$values; @@ -207,7 +207,7 @@ class ttGroupHelper { } // Mark group deleted. - $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id); + $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id; $sql = "update tt_groups set status = null $modified_part where id = $group_id and org_id = $org_id"; $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) return false; @@ -223,7 +223,7 @@ class ttGroupHelper { // Add modified info to sql for some tables, depending on table name. if ($table_name == 'tt_users') { - $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id); + $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id; } $org_id = $user->org_id; // The only security measure we use here for match. diff --git a/WEB-INF/lib/ttOrgImportHelper.class.php b/WEB-INF/lib/ttOrgImportHelper.class.php index b5a28c8e..345b1d2e 100644 --- a/WEB-INF/lib/ttOrgImportHelper.class.php +++ b/WEB-INF/lib/ttOrgImportHelper.class.php @@ -636,7 +636,7 @@ class ttOrgImportHelper { $values .= ', '.$mdb2->quote($fields['lock_spec']); $values .= ', '.(int)$fields['workday_minutes']; $values .= ', '.$mdb2->quote($fields['config']); - $values .= ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$mdb2->quote($user->id); + $values .= ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$user->id; $values .= ')'; $sql = 'insert into tt_groups '.$columns.$values; @@ -695,7 +695,7 @@ class ttOrgImportHelper { $invoice_id = $fields['invoice_id']; $status = $fields['status']; $paid = (int) $fields['paid']; - $created = ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$mdb2->quote($user->id); + $created = ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$user->id; $sql = "insert into tt_expense_items". " (date, user_id, group_id, org_id, client_id, project_id, name, cost, invoice_id, paid, created, created_ip, created_by, status)". @@ -950,7 +950,7 @@ class ttOrgImportHelper { ", ".$mdb2->quote($invoice_id). ", ".$mdb2->quote($comment). ", $billable, $paid". - ", now(), ".$mdb2->quote($_SERVER['REMOTE_ADDR']).", ".$mdb2->quote($user->id). + ", now(), ".$mdb2->quote($_SERVER['REMOTE_ADDR']).", ".$user->id. ", ". $mdb2->quote($status).")"; $affected = $mdb2->exec($sql); if (is_a($affected, 'PEAR_Error')) { diff --git a/WEB-INF/lib/ttTeamHelper.class.php b/WEB-INF/lib/ttTeamHelper.class.php index 5a3dd2fb..08c52f45 100644 --- a/WEB-INF/lib/ttTeamHelper.class.php +++ b/WEB-INF/lib/ttTeamHelper.class.php @@ -106,7 +106,7 @@ class ttTeamHelper { if (!$val['id'] || !$val['role_id']) return false; - $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id); + $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id; // Promote user. $sql = "update tt_users set role_id = $user->role_id".$modified_part." where id = $user_id and group_id = $user->group_id"; diff --git a/WEB-INF/lib/ttTimeHelper.class.php b/WEB-INF/lib/ttTimeHelper.class.php index 24506780..5f8852ef 100644 --- a/WEB-INF/lib/ttTimeHelper.class.php +++ b/WEB-INF/lib/ttTimeHelper.class.php @@ -418,7 +418,7 @@ class ttTimeHelper { if ('00:00' == $finish) $finish = '24:00'; } - $created_v = ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$mdb2->quote($user->id); + $created_v = ', now(), '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', '.$user->id; if (!$billable) $billable = 0; if (!$paid) $paid = 0; @@ -474,7 +474,7 @@ class ttTimeHelper { if ($user->can('manage_invoices') && $user->isPluginEnabled('ps')) { $paid_part = $fields['paid'] ? ', paid = 1' : ', paid = 0'; } - $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id); + $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id; $start = ttTimeHelper::to24HourFormat($start); $finish = ttTimeHelper::to24HourFormat($finish); diff --git a/WEB-INF/lib/ttUserHelper.class.php b/WEB-INF/lib/ttUserHelper.class.php index d1e11268..2ff774ff 100644 --- a/WEB-INF/lib/ttUserHelper.class.php +++ b/WEB-INF/lib/ttUserHelper.class.php @@ -111,7 +111,7 @@ class ttUserHelper { $status_v = ', '.$mdb2->quote($fields['status']); } $created_ip_v = ', '.$mdb2->quote($_SERVER['REMOTE_ADDR']); - $created_by_v = ', '.$mdb2->quote($user->id); + $created_by_v = ', '.$user->id; $sql = "insert into tt_users (name, login, password, group_id, org_id, role_id, client_id, rate, email, created, created_ip, created_by $status_f) values (". $mdb2->quote($fields['name']).", ".$mdb2->quote($fields['login']). @@ -176,7 +176,7 @@ class ttUserHelper { $status_part = ", status = $status"; } - $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id); + $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$user->id; $sql = "update tt_users set login = ".$mdb2->quote($fields['login']). "$pass_part, name = ".$mdb2->quote($fields['name']). diff --git a/WEB-INF/templates/footer.tpl b/WEB-INF/templates/footer.tpl index 321397a8..9f23d86b 100644 --- a/WEB-INF/templates/footer.tpl +++ b/WEB-INF/templates/footer.tpl @@ -12,7 +12,7 @@
-
 Anuko Time Tracker 1.18.28.4538 | Copyright © Anuko | +  Anuko Time Tracker 1.18.28.4539 | Copyright © Anuko | {$i18n.footer.credits} | {$i18n.footer.license} | {$i18n.footer.improve} diff --git a/admin_options.php b/admin_options.php index 226a8a5e..164ff33a 100644 --- a/admin_options.php +++ b/admin_options.php @@ -29,6 +29,7 @@ require_once('initialize.php'); import('form.Form'); import('ttUserHelper'); +import('ttAdmin'); // Access check. if (!ttAccessAllowed('administer_site')) { @@ -61,18 +62,30 @@ $form->addInput(array('type'=>'text','maxlength'=>'100','name'=>'email','value'= $form->addInput(array('type'=>'submit','name'=>'btn_submit','value'=>$i18n->get('button.submit'))); if ($request->isPost()) { - // Create fields array for ttAdmin instance. - $fields = array( - 'name' => $cl_name, + // Validate user input. + if (!ttValidString($cl_name)) + $err->add($i18n->get('error.field'), $i18n->get('label.person_name')); + if (!ttValidString($cl_login)) + $err->add($i18n->get('error.field'), $i18n->get('label.login')); + // If we change login, it must be unique. + if ($cl_login != $user->login && ttUserHelper::getUserByLogin($cl_login)) + $err->add($i18n->get('error.user_exists')); + if (!$auth->isPasswordExternal() && ($cl_password1 || $cl_password2)) { + if (!ttValidString($cl_password1)) + $err->add($i18n->get('error.field'), $i18n->get('label.password')); + if (!ttValidString($cl_password2)) + $err->add($i18n->get('error.field'), $i18n->get('label.confirm_password')); + if ($cl_password1 !== $cl_password2) + $err->add($i18n->get('error.not_equal'), $i18n->get('label.password'), $i18n->get('label.confirm_password')); + } + if (!ttValidEmail($cl_email, true)) + $err->add($i18n->get('error.field'), $i18n->get('label.email')); + + if ($err->no() && ttAdmin::updateSelf(array('name' => $cl_name, 'login' => $cl_login, 'password1' => $cl_password1, 'password2' => $cl_password2, - 'email' => $cl_email); - - import('ttAdmin'); - $admin = new ttAdmin($err); - $result = $admin->updateSelf($fields); - if ($result) { + 'email' => $cl_email))) { header('Location: admin_groups.php'); exit(); } -- 2.20.1