| [ Index ] |
|
Code source de WebCalendar 1.0.5 |
1 <?php 2 /* $Id */ 3 4 // There is the potential for a lot of mischief from users trying to 5 // access this file in ways the shouldn't. Users may try to type in 6 // a URL to get around functions that are not being displayed on the 7 // web page to them. 8 9 include_once 'includes/init.php'; 10 load_user_layers (); 11 12 $error = ""; 13 if ( ! $is_admin ) 14 $user = $login; 15 $action = getValue ( "action" ); 16 17 // Handle delete 18 if ( ( $action == "Delete" || $action == translate ("Delete") ) && 19 $formtype == "edituser" ) { 20 if ( $is_admin ) { 21 if ( $admin_can_delete_user ) { 22 user_delete_user ( $user ); // will also delete user's events 23 } else { 24 $error = translate("Deleting users not supported") . "."; 25 } 26 } else { 27 $error = translate("You are not authorized") . "."; 28 } 29 } 30 31 // Handle update of password 32 else if ( $formtype == "setpassword" && strlen ( $user ) ) { 33 if ( $upassword1 != $upassword2 ) { 34 $error = translate("The passwords were not identical") . "."; 35 } else if ( strlen ( $upassword1 ) ) { 36 if ( $user_can_update_password ) 37 user_update_user_password ( $user, $upassword1 ); 38 else 39 $error = translate("You are not authorized") . "."; 40 } else 41 $error = translate("You have not entered a password") . "."; 42 } 43 44 // Handle update of user info 45 else if ( $formtype == "edituser" ) { 46 if ( strlen ( $add ) && $is_admin ) { 47 if ( $upassword1 != $upassword2 ) { 48 $error = translate( "The passwords were not identical" ) . "."; 49 } else { 50 if ( addslashes ( $user ) != $user ) { 51 // This error should get caught before here anyhow, so 52 // no need to translate this. This is just in case :-) 53 $error = "Invalid characters in login."; 54 } else if ( empty ( $user ) || $user == "" ) { 55 // Username can not be blank. This is currently the only place that 56 // calls user_add_user that is located in $user_inc 57 $error = translate( "Username can not be blank" ) . "."; 58 } else { 59 user_add_user ( $user, $upassword1, $ufirstname, $ulastname, 60 $uemail, $uis_admin ); 61 } 62 } 63 } else if ( strlen ( $add ) && ! $is_admin ) { 64 $error = translate("You are not authorized") . "."; 65 } else { 66 // Don't allow a user to change themself to an admin by setting 67 // uis_admin in the URL by hand. They must be admin beforehand. 68 if ( ! $is_admin ) 69 $uis_admin = "N"; 70 user_update_user ( $user, $ufirstname, $ulastname, 71 $uemail, $uis_admin ); 72 } 73 } 74 75 $nextURL = empty ( $is_admin ) ? "adminhome.php" : "users.php"; 76 77 if ( ! empty ( $error ) ) { 78 print_header( '', '', '', true ); 79 80 ?> 81 <h2><?php etranslate("Error")?></h2> 82 <blockquote> 83 <?php 84 echo $error; 85 //if ( $sql != "" ) 86 // echo "<br /><br /><strong>SQL:</strong> $sql"; 87 //?> 88 </blockquote> 89 </body> 90 </html> 91 <?php } else if ( empty ($error) ) { 92 ?><html><head></head><body onload="alert('<?php etranslate("Changes successfully saved");?>'); window.parent.location.href='<?php echo $nextURL;?>';"> 93 </body></html><?php } ?>
titre
Description
Corps
titre
Description
Corps
titre
Description
Corps
titre
Corps
| Généré le : Fri Nov 30 19:09:19 2007 | par Balluche grâce à PHPXref 0.7 |
|
|