return $result;
}
- // updateGroup validates user input and updates the group with new information.
- function updateGroup($group_id, $fields) {
- if (!$this->validateGroupInfo($fields)) return false; // Can't continue as user input is invalid.
+ // updateGroup updates a (top) group with new information.
+ static function updateGroup($fields) {
+ $group_id = (int)$fields['group_id'];
+ if (!$group_id) return false; // Nothing to update.
- global $user;
$mdb2 = getConnection();
+ global $user;
+ $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id);
// Update group name if it changed.
if ($fields['old_group_name'] != $fields['new_group_name']) {
$name_part = 'name = '.$mdb2->quote($fields['new_group_name']);
- $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id);
$sql = 'update tt_groups set '.$name_part.$modified_part.' where id = '.$group_id;
$affected = $mdb2->exec($sql);
if (is_a($affected, 'PEAR_Error')) return false;
$password_part = ', password = md5('.$mdb2->quote($fields['password1']).')';
$name_part = ', name = '.$mdb2->quote($fields['user_name']);
$email_part = ', email = '.$mdb2->quote($fields['email']);
- $modified_part = ', modified = now(), modified_ip = '.$mdb2->quote($_SERVER['REMOTE_ADDR']).', modified_by = '.$mdb2->quote($user->id);
$sql = 'update tt_users set '.$login_part.$password_part.$name_part.$email_part.$modified_part.'where id = '.$user_id;
$affected = $mdb2->exec($sql);
if (is_a($affected, 'PEAR_Error')) return false;
header('Location: access_denied.php');
exit();
}
+$group_id = (int)$request->getParameter('id');
+$group_details = ttAdmin::getGroupDetails($group_id);
+if (!($group_id && $group_details)) {
+ header('Location: access_denied.php');
+ exit();
+}
// End of access checks.
-$group_id = $request->getParameter('id');
-
-$admin = new ttAdmin();
-$group_details = $admin->getGroupDetails($group_id);
-
if ($request->isPost()) {
$cl_group_name = trim($request->getParameter('group_name'));
$cl_manager_name = trim($request->getParameter('manager_name'));
if ($request->isPost()) {
if ($request->getParameter('btn_save')) {
- // Create fields array for ttAdmin instance.
- $fields = array(
- 'old_group_name' => $group_details['group_name'],
- 'new_group_name' => $cl_group_name,
- 'user_id' => $group_details['manager_id'],
- 'user_name' => $cl_manager_name,
- 'old_login' => $group_details['manager_login'],
- 'new_login' => $cl_manager_login,
- 'password1' => $cl_password1,
- 'password2' => $cl_password2,
- 'email' => $cl_manager_email);
- import('ttAdmin');
- $admin = new ttAdmin($err);
- $result = $admin->updateGroup($group_id, $fields);
- if ($result) {
- header('Location: admin_groups.php');
- exit();
- } else
- $err->add($i18n->get('error.db'));
+ // Validate user input.
+ if (!ttValidString($cl_group_name))
+ $err->add($i18n->get('error.field'), $i18n->get('label.group_name'));
+ if (!ttValidString($cl_manager_name))
+ $err->add($i18n->get('error.field'), $i18n->get('label.manager_name'));
+ if (!ttValidString($cl_manager_login))
+ $err->add($i18n->get('error.field'), $i18n->get('label.manager_login'));
+ // If we change login, it must be unique.
+ if ($cl_manager_login != $group_details['manager_login']) {
+ if (ttUserHelper::getUserByLogin($cl_manager_login)) {
+ $err->add($i18n->get('error.user_exists'));
+ }
+ }
+ if (!$auth->isPasswordExternal() && ($cl_password1 || $cl_password2)) {
+ if (!ttValidString($cl_password1))
+ $err->add($i18n->get('error.field'), $i18n->get('label.password'));
+ if (!ttValidString($cl_password2))
+ $err->add($i18n->get('error.field'), $i18n->get('label.confirm_password'));
+ if ($cl_password1 !== $cl_password2)
+ $err->add($i18n->get('error.not_equal'), $i18n->get('label.password'), $i18n->get('label.confirm_password'));
+ }
+ if (!ttValidEmail($cl_manager_email, true))
+ $err->add($i18n->get('error.field'), $i18n->get('label.email'));
+
+ if ($err->no()) {
+ if (ttAdmin::updateGroup(array('group_id' => $group_id,
+ 'old_group_name' => $group_details['group_name'],
+ 'new_group_name' => $cl_group_name,
+ 'user_id' => $group_details['manager_id'],
+ 'user_name' => $cl_manager_name,
+ 'old_login' => $group_details['manager_login'],
+ 'new_login' => $cl_manager_login,
+ 'password1' => $cl_password1,
+ 'password2' => $cl_password2,
+ 'email' => $cl_manager_email))) {
+ header('Location: admin_groups.php');
+ exit();
+ } else
+ $err->add($i18n->get('error.db'));
+ }
}
if ($request->getParameter('btn_cancel')) {
projects / timetracker.git / commitdiff