[geeklog-cvs] geeklog-1.3/public_html/admin user.php,1.65,1.66
dhaun at geeklog.net
dhaun at geeklog.net
Sun Jan 18 09:40:28 EST 2004
- Previous message (by thread): [geeklog-cvs] geeklog-1.3/plugins/staticpages functions.inc,1.28,1.29
- Next message (by thread): [geeklog-cvs] geeklog-1.3/public_html/admin block.php,1.54,1.55 event.php,1.44,1.45 group.php,1.33,1.34 link.php,1.39,1.40 poll.php,1.36,1.37 story.php,1.110,1.111 topic.php,1.39,1.40
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /usr/cvs/geeklog/geeklog-1.3/public_html/admin
In directory geeklog_prod:/tmp/cvs-serv23742
Modified Files:
user.php
Log Message:
Don't let Group Admins assign themselves to the Root group (bug #135).
Index: user.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/admin/user.php,v
retrieving revision 1.65
retrieving revision 1.66
diff -C2 -d -r1.65 -r1.66
*** user.php 13 Jan 2004 19:15:52 -0000 1.65
--- user.php 18 Jan 2004 14:40:26 -0000 1.66
***************
*** 88,92 ****
COM_getBlockTemplate ('_msg_block', 'header'));
$retval .= $LANG_ACCESS['editrootmsg'];
! COM_accessLog("User {$_USER['username']} tried to edit a root account with insufficient privileges.");
$retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
return $retval;
--- 88,92 ----
COM_getBlockTemplate ('_msg_block', 'header'));
$retval .= $LANG_ACCESS['editrootmsg'];
! COM_accessLog("User {$_USER['username']} tried to edit a Root account with insufficient privileges.");
$retval .= COM_endBlock (COM_getBlockTemplate ('_msg_block', 'footer'));
return $retval;
***************
*** 159,163 ****
$user_templates->set_var('lang_securitygroups', $LANG_ACCESS['securitygroups']);
$user_templates->set_var('lang_groupinstructions', $LANG_ACCESS['securitygroupsmsg']);
!
if (!empty($uid)) {
$usergroups = SEC_getUserGroups($uid);
--- 159,163 ----
$user_templates->set_var('lang_securitygroups', $LANG_ACCESS['securitygroups']);
$user_templates->set_var('lang_groupinstructions', $LANG_ACCESS['securitygroupsmsg']);
!
if (!empty($uid)) {
$usergroups = SEC_getUserGroups($uid);
***************
*** 171,175 ****
$selected .= DB_getItem($_TABLES['groups'],'grp_id',"grp_name='Logged-in Users'");
}
! $user_templates->set_var('group_options', COM_checkList($_TABLES['groups'],'grp_id,grp_name','',$selected));
$user_templates->parse('group_edit', 'groupedit', true);
} else {
--- 171,181 ----
$selected .= DB_getItem($_TABLES['groups'],'grp_id',"grp_name='Logged-in Users'");
}
! $where = '';
! if (!SEC_inGroup ('Root')) {
! $where = "grp_name <> 'Root'";
! }
! $user_templates->set_var ('group_options',
! COM_checkList ($_TABLES['groups'], 'grp_id,grp_name',
! $where, $selected));
$user_templates->parse('group_edit', 'groupedit', true);
} else {
***************
*** 284,288 ****
// if groups is -1 then this user isn't allowed to change any groups so ignore
! if (is_array($groups)) {
if ($_USER_VERBOSE) COM_errorLog("deleting all group_assignments for user $uid/$username",1);
DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE ug_uid = $uid");
--- 290,303 ----
// if groups is -1 then this user isn't allowed to change any groups so ignore
! if (is_array ($groups) && SEC_inGroup ('Group Admin')) {
! if (!SEC_inGroup ('Root')) {
! $rootgrp = DB_getItem ($_TABLES['groups'], 'grp_id',
! "grp_name = 'Root'");
! if (in_array ($rootgrp, $groups)) {
! COM_accessLog ("User {$_USER['username']} just tried to give Root permissions to user $username.");
! echo COM_refresh ($_CONF['site_admin_url'] . '/index.php');
! exit;
! }
! }
if ($_USER_VERBOSE) COM_errorLog("deleting all group_assignments for user $uid/$username",1);
DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE ug_uid = $uid");
***************
*** 565,572 ****
}
! function delete_user ($uid)
{
global $_CONF, $_TABLES;
// Ok, delete everything related to this user
--- 580,598 ----
}
! /**
! * Delete a user
! *
! */
! function deleteUser ($uid)
{
global $_CONF, $_TABLES;
+ if (!SEC_inGroup ('Root')) {
+ if (SEC_inGroup ('Root', $uid)) {
+ COM_accessLog ("User {$_USER['username']} just tried to delete Root user $uid.");
+ return COM_refresh ($_CONF['site_admin_url'] . '/user.php');
+ }
+ }
+
// Ok, delete everything related to this user
***************
*** 594,597 ****
--- 620,625 ----
// now delete the user itself
DB_delete ($_TABLES['users'], 'uid', $uid);
+
+ return COM_refresh ($_CONF['site_admin_url'] . '/user.php?msg=22');
}
***************
*** 602,607 ****
$display .= COM_refresh ($_CONF['site_admin_url'] . '/user.php');
} else {
! delete_user ($uid);
! $display .= COM_refresh ($_CONF['site_admin_url'] . '/user.php?msg=22');
}
} else if (($mode == $LANG28[20]) && !empty ($LANG28[20])) { // save
--- 630,634 ----
$display .= COM_refresh ($_CONF['site_admin_url'] . '/user.php');
} else {
! $display .= deleteUser ($uid);
}
} else if (($mode == $LANG28[20]) && !empty ($LANG28[20])) { // save
- Previous message (by thread): [geeklog-cvs] geeklog-1.3/plugins/staticpages functions.inc,1.28,1.29
- Next message (by thread): [geeklog-cvs] geeklog-1.3/public_html/admin block.php,1.54,1.55 event.php,1.44,1.45 group.php,1.33,1.34 link.php,1.39,1.40 poll.php,1.36,1.37 story.php,1.110,1.111 topic.php,1.39,1.40
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the geeklog-cvs
mailing list