[geeklog-cvs] geeklog-1.3/public_html/admin user.php,1.59,1.59.2.1
dhaun at geeklog.net
dhaun at geeklog.net
Sun Jan 18 14:57:29 EST 2004
- Previous message (by thread): [geeklog-cvs] geeklog-1.3/public_html usersettings.php,1.80,1.81
- Next message (by thread): [geeklog-cvs] geeklog-1.3/public_html/admin block.php,1.52,1.52.2.1 event.php,1.39,1.39.2.1 group.php,1.28,1.28.2.1 link.php,1.34,1.34.2.1 poll.php,1.33,1.33.2.1 story.php,1.99,1.99.2.1 topic.php,1.37,1.37.2.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /usr/cvs/geeklog/geeklog-1.3/public_html/admin
In directory geeklog_prod:/tmp/cvs-serv3507
Modified Files:
Tag: geeklog_1_3_8_1_1
user.php
Log Message:
Don't let Group Admins assign themselves to the Root group (bug #135).
Index: user.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/admin/user.php,v
retrieving revision 1.59
retrieving revision 1.59.2.1
diff -C2 -d -r1.59 -r1.59.2.1
*** user.php 4 Aug 2003 19:42:06 -0000 1.59
--- user.php 18 Jan 2004 19:57:26 -0000 1.59.2.1
***************
*** 9,13 ****
// | Geeklog user administration page. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2003 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony at tonybibbs.com |
--- 9,13 ----
// | Geeklog user administration page. |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2004 by the following authors: |
// | |
// | Authors: Tony Bibbs - tony at tonybibbs.com |
***************
*** 167,171 ****
$selected .= DB_getItem($_TABLES['groups'],'grp_id',"grp_name='Logged-in Users'");
}
! $user_templates->set_var('group_options', COM_checkList($_TABLES['groups'],'grp_id,grp_name','',$selected));
$user_templates->parse('group_edit', 'groupedit', true);
} else {
--- 167,177 ----
$selected .= DB_getItem($_TABLES['groups'],'grp_id',"grp_name='Logged-in Users'");
}
! $where = '';
! if (!SEC_inGroup ('Root')) {
! $where .= "grp_name <> 'Root'";
! }
! $user_templates->set_var ('group_options',
! COM_checkList ($_TABLES['groups'], 'grp_id,grp_name',
! $where, $selected));
$user_templates->parse('group_edit', 'groupedit', true);
} else {
***************
*** 271,275 ****
// if groups is -1 then this user isn't allowed to change any groups so ignore
! if (is_array($groups)) {
if ($_USER_VERBOSE) COM_errorLog("deleting all group_assignments for user $uid/$username",1);
DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE ug_uid = $uid");
--- 277,290 ----
// if groups is -1 then this user isn't allowed to change any groups so ignore
! if (is_array ($groups) && SEC_inGroup ('Group Admin')) {
! if (!SEC_inGroup ('Root')) {
! $rootgrp = DB_getItem ($_TABLES['groups'], 'grp_id',
! "grp_name = 'Root'");
! if (in_array ($rootgrp, $groups)) {
! COM_accessLog ("User {$_USER['username']} just tried to give Root permissions to user $username.");
! echo COM_refresh ($_CONF['site_admin_url'] . '/index.php');
! exit;
! }
! }
if ($_USER_VERBOSE) COM_errorLog("deleting all group_assignments for user $uid/$username",1);
DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE ug_uid = $uid");
***************
*** 558,565 ****
}
! function delete_user ($uid)
{
global $_CONF, $_TABLES;
// Ok, delete everything related to this user
--- 573,587 ----
}
! function deleteUser ($uid)
{
global $_CONF, $_TABLES;
+ if (!SEC_inGroup ('Root')) {
+ if (SEC_inGroup ('Root', $uid)) {
+ COM_accessLog ("User {$_USER['username']} just tried to delete Root user $uid.");
+ return COM_refresh ($_CONF['site_admin_url'] . '/user.php');
+ }
+ }
+
// Ok, delete everything related to this user
***************
*** 587,590 ****
--- 609,614 ----
// now delete the user itself
DB_delete ($_TABLES['users'], 'uid', $uid);
+
+ return COM_refresh ($_CONF['site_admin_url'] . '/user.php?msg=22');
}
***************
*** 595,600 ****
$display .= COM_refresh ($_CONF['site_admin_url'] . '/user.php');
} else {
! delete_user ($uid);
! $display .= COM_refresh ($_CONF['site_admin_url'] . '/user.php?msg=22');
}
} else if (($mode == $LANG28[20]) && !empty ($LANG28[20])) { // save
--- 619,623 ----
$display .= COM_refresh ($_CONF['site_admin_url'] . '/user.php');
} else {
! $display .= deleteUser ($uid);
}
} else if (($mode == $LANG28[20]) && !empty ($LANG28[20])) { // save
- Previous message (by thread): [geeklog-cvs] geeklog-1.3/public_html usersettings.php,1.80,1.81
- Next message (by thread): [geeklog-cvs] geeklog-1.3/public_html/admin block.php,1.52,1.52.2.1 event.php,1.39,1.39.2.1 group.php,1.28,1.28.2.1 link.php,1.34,1.34.2.1 poll.php,1.33,1.33.2.1 story.php,1.99,1.99.2.1 topic.php,1.37,1.37.2.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the geeklog-cvs
mailing list