[geeklog-cvs] geeklog-1.3/public_html/admin user.php,1.46,1.46.4.1
dhaun at geeklog.net
dhaun at geeklog.net
Mon Jan 19 15:08:02 EST 2004
- Previous message (by thread): [geeklog-cvs] geeklog-1.3/docs history,1.145,1.146
- Next message (by thread): [geeklog-cvs] geeklog-1.3/public_html/admin block.php,1.45.2.1,1.45.2.1.2.1 event.php,1.35.2.1,1.35.2.1.2.1 group.php,1.23,1.23.4.1 link.php,1.30.2.1,1.30.2.1.2.1 poll.php,1.28.2.1,1.28.2.1.2.1 story.php,1.79.2.1,1.79.2.1.2.1 topic.php,1.31.2.1,1.31.2.1.2.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
Update of /usr/cvs/geeklog/geeklog-1.3/public_html/admin
In directory geeklog_prod:/tmp/cvs-serv8243
Modified Files:
Tag: geeklog_1_3_7sr2_1
user.php
Log Message:
Don't let Group Admins assign themselves to the Root group (bug #135).
Index: user.php
===================================================================
RCS file: /usr/cvs/geeklog/geeklog-1.3/public_html/admin/user.php,v
retrieving revision 1.46
retrieving revision 1.46.4.1
diff -C2 -d -r1.46 -r1.46.4.1
*** user.php 30 Dec 2002 13:28:53 -0000 1.46
--- user.php 19 Jan 2004 20:07:59 -0000 1.46.4.1
***************
*** 9,17 ****
// | |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000,2001 by the following authors: |
// | |
! // | Authors: Tony Bibbs - tony at tonybibbs.com |
! // | Mark Limburg - mlimburg at users.sourceforge.net |
! // | Jason Wittenburg - jwhitten at securitygeeks.com |
// +---------------------------------------------------------------------------+
// | |
--- 9,17 ----
// | |
// +---------------------------------------------------------------------------+
! // | Copyright (C) 2000-2004 by the following authors: |
// | |
! // | Authors: Tony Bibbs - tony at tonybibbs.com |
! // | Mark Limburg - mlimburg at users.sourceforge.net |
! // | Jason Whittenburg - jwhitten at securitygeeks.com |
// +---------------------------------------------------------------------------+
// | |
***************
*** 151,155 ****
$selected .= DB_getItem($_TABLES['groups'],'grp_id',"grp_name='Logged-in Users'");
}
! $user_templates->set_var('group_options', COM_checkList($_TABLES['groups'],'grp_id,grp_name','',$selected));
$user_templates->parse('group_edit', 'groupedit', true);
} else {
--- 151,161 ----
$selected .= DB_getItem($_TABLES['groups'],'grp_id',"grp_name='Logged-in Users'");
}
! $where = '';
! if (!SEC_inGroup ('Root')) {
! $where .= "grp_name <> 'Root'";
! }
! $user_templates->set_var ('group_options',
! COM_checkList ($_TABLES['groups'], 'grp_id,grp_name',
! $where, $selected));
$user_templates->parse('group_edit', 'groupedit', true);
} else {
***************
*** 236,240 ****
// if groups is -1 then this user isn't allowed to change any groups so ignore
! if (is_array($groups)) {
if ($_USER_VERBOSE) COM_errorLog("deleting all group_assignments for user $uid/$username",1);
DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE ug_uid = $uid");
--- 242,255 ----
// if groups is -1 then this user isn't allowed to change any groups so ignore
! if (is_array ($groups) && SEC_inGroup ('Group Admin')) {
! if (!SEC_inGroup ('Root')) {
! $rootgrp = DB_getItem ($_TABLES['groups'], 'grp_id',
! "grp_name = 'Root'");
! if (in_array ($rootgrp, $groups)) {
! COM_accessLog ("User {$_USER['username']} just tried to give Root permissions to user $username.");
! echo COM_refresh ($_CONF['site_admin_url'] . '/index.php');
! exit;
! }
! }
if ($_USER_VERBOSE) COM_errorLog("deleting all group_assignments for user $uid/$username",1);
DB_query("DELETE FROM {$_TABLES['group_assignments']} WHERE ug_uid = $uid");
***************
*** 520,523 ****
--- 535,570 ----
}
+ function deleteUser ($uid)
+ {
+ global $_CONF, $_TABLES, $_USER;
+
+ if (!SEC_inGroup ('Root')) {
+ if (SEC_inGroup ('Root', $uid)) {
+ COM_accessLog ("User {$_USER['username']} just tried to delete Root user $uid.");
+ return COM_refresh ($_CONF['site_admin_url'] . '/user.php');
+ }
+ }
+
+ // Ok, delete everything related to this user
+
+ // first, remove from all security groups
+ DB_delete ($_TABLES['group_assignments'], 'ug_uid', $uid);
+
+ // remove user information and preferences
+ DB_delete ($_TABLES['userprefs'], 'uid', $uid);
+ DB_delete ($_TABLES['userindex'], 'uid', $uid);
+ DB_delete ($_TABLES['usercomment'], 'uid', $uid);
+ DB_delete ($_TABLES['userinfo'], 'uid', $uid);
+
+ // avoid having orphand stories/comments by making them anonymous posts
+ DB_query ("UPDATE {$_TABLES['comments']} SET uid = 1 WHERE uid = $uid");
+ DB_query ("UPDATE {$_TABLES['stories']} SET uid = 1 WHERE uid = $uid");
+
+ // now delete the user itself
+ DB_delete ($_TABLES['users'], 'uid', $uid);
+
+ return COM_refresh ($_CONF['site_admin_url'] . '/user.php?msg=22');
+ }
+
// MAIN
if (($mode == $LANG28[19]) && !empty ($LANG28[19])) { // delete
***************
*** 526,542 ****
$display .= COM_refresh ($_CONF['site_admin_url'] . '/user.php');
} else {
! // Ok, delete everything related to this user
!
! // first, remove from all security groups
! DB_delete($_TABLES['group_assignments'],'ug_uid',$uid);
! DB_delete($_TABLES['userprefs'],'uid',$uid);
! DB_delete($_TABLES['userindex'],'uid',$uid);
! DB_delete($_TABLES['usercomment'],'uid',$uid);
! DB_delete($_TABLES['userinfo'],'uid',$uid);
!
! // what to do with orphan stories/comments?
!
! // now move delete the user itself
! DB_delete($_TABLES['users'],'uid',$uid,$_CONF['site_admin_url'] . '/user.php?msg=22');
}
} else if (($mode == $LANG28[20]) && !empty ($LANG28[20])) { // save
--- 573,577 ----
$display .= COM_refresh ($_CONF['site_admin_url'] . '/user.php');
} else {
! $display .= deleteUser ($uid);
}
} else if (($mode == $LANG28[20]) && !empty ($LANG28[20])) { // save
- Previous message (by thread): [geeklog-cvs] geeklog-1.3/docs history,1.145,1.146
- Next message (by thread): [geeklog-cvs] geeklog-1.3/public_html/admin block.php,1.45.2.1,1.45.2.1.2.1 event.php,1.35.2.1,1.35.2.1.2.1 group.php,1.23,1.23.4.1 link.php,1.30.2.1,1.30.2.1.2.1 poll.php,1.28.2.1,1.28.2.1.2.1 story.php,1.79.2.1,1.79.2.1.2.1 topic.php,1.31.2.1,1.31.2.1.2.1
- Messages sorted by:
[ date ]
[ thread ]
[ subject ]
[ author ]
More information about the geeklog-cvs
mailing list