From d46174adb8b3806159a536b98dada983efbf19b1 Mon Sep 17 00:00:00 2001 From: Daniel Maya Date: Tue, 20 Sep 2022 17:40:20 +0200 Subject: [PATCH] #9527 Fixed new user --- pandora_console/godmode/users/user_list.php | 106 +++++++++++--------- pandora_console/include/functions_api.php | 21 ++-- 2 files changed, 72 insertions(+), 55 deletions(-) diff --git a/pandora_console/godmode/users/user_list.php b/pandora_console/godmode/users/user_list.php index efc3321c2c..0069c350b6 100644 --- a/pandora_console/godmode/users/user_list.php +++ b/pandora_console/godmode/users/user_list.php @@ -265,71 +265,75 @@ $delete_user = (bool) get_parameter('user_del', false); if ($delete_user === true) { // Delete user. $id_user = get_parameter('delete_user', 0); - if (users_is_admin($id_user) === true && users_is_admin() === false) { - db_pandora_audit( - AUDIT_LOG_ACL_VIOLATION, - 'Trying to delete admininstrator user by non administrator user '.$config['id_user'] - ); - - include 'general/noaccess.php'; - exit; - } - - // Only allow delete user if is not the actual user. - if ($id_user != $config['id_user']) { - $user_row = users_get_user_by_id($id_user); - - $result = delete_user($id_user); - - if ($result) { + if ($id_user !== 0) { + if (users_is_admin($id_user) === true && users_is_admin() === false) { db_pandora_audit( - AUDIT_LOG_USER_MANAGEMENT, - __('Deleted user %s', io_safe_output($id_user)) + AUDIT_LOG_ACL_VIOLATION, + 'Trying to delete admininstrator user by non administrator user '.$config['id_user'] ); + + include 'general/noaccess.php'; + exit; } - ui_print_result_message( - $result, - __('Successfully deleted'), - __('There was a problem deleting the user') - ); + // Only allow delete user if is not the actual user. + if ($id_user != $config['id_user']) { + $user_row = users_get_user_by_id($id_user); - // Delete the user in all the consoles. - if (is_metaconsole() === true && isset($_GET['delete_all'])) { - $servers = metaconsole_get_servers(); - foreach ($servers as $server) { - // Connect to the remote console. - if (metaconsole_connect($server) === NOERR) { - // Delete the user. - $result = delete_user($id_user); + $result = delete_user($id_user); + + if ($result) { + db_pandora_audit( + AUDIT_LOG_USER_MANAGEMENT, + __('Deleted user %s', io_safe_output($id_user)) + ); + } + + ui_print_result_message( + $result, + __('Successfully deleted'), + __('There was a problem deleting the user') + ); + + // Delete the user in all the consoles. + if (is_metaconsole() === true && isset($_GET['delete_all'])) { + $servers = metaconsole_get_servers(); + foreach ($servers as $server) { + // Connect to the remote console. + if (metaconsole_connect($server) === NOERR) { + // Delete the user. + $result = delete_user($id_user); + if ($result) { + db_pandora_audit( + AUDIT_LOG_USER_MANAGEMENT, + __('Deleted user %s from metaconsole', io_safe_input($id_user)) + ); + } + + // Restore the db connection. + metaconsole_restore_db(); + } + + // Log to the metaconsole too. if ($result) { db_pandora_audit( AUDIT_LOG_USER_MANAGEMENT, - __('Deleted user %s from metaconsole', io_safe_input($id_user)) + __('Deleted user %s from %s', io_safe_input($id_user), io_safe_input($server['server_name'])) ); } - // Restore the db connection. - metaconsole_restore_db(); - } - - // Log to the metaconsole too. - if ($result) { - db_pandora_audit( - AUDIT_LOG_USER_MANAGEMENT, - __('Deleted user %s from %s', io_safe_input($id_user), io_safe_input($server['server_name'])) + ui_print_result_message( + $result, + __('Successfully deleted from %s', io_safe_input($server['server_name'])), + __('There was a problem deleting the user from %s', io_safe_input($server['server_name'])) ); } - - ui_print_result_message( - $result, - __('Successfully deleted from %s', io_safe_input($server['server_name'])), - __('There was a problem deleting the user from %s', io_safe_input($server['server_name'])) - ); } + } else { + ui_print_error_message(__('There was a problem deleting the user')); } } else { - ui_print_error_message(__('There was a problem deleting the user')); + ui_print_error_message(__('ID user cannot be empty')); } } else if (isset($_GET['profile_del'])) { // Delete profile. @@ -586,6 +590,10 @@ $rowPair = true; $iterator = 0; $cont = 0; foreach ($info as $user_id => $user_info) { + if (empty($user_id) === true) { + continue; + } + // User profiles. if ($user_is_admin || $user_id == $config['id_user'] || isset($group_um[0])) { $user_profiles = db_get_all_rows_field_filter( diff --git a/pandora_console/include/functions_api.php b/pandora_console/include/functions_api.php index d711432ef9..9acd2b60c4 100644 --- a/pandora_console/include/functions_api.php +++ b/pandora_console/include/functions_api.php @@ -9535,14 +9535,16 @@ function api_set_new_user($id, $thrash2, $other, $thrash3) { global $config; - // if (defined ('METACONSOLE')) { - // return; - // } if (!check_acl($config['id_user'], 0, 'UM')) { returnError('forbidden', 'string'); return; } + if (empty($id) === true) { + returnError('Id cannot be empty.'); + return; + } + $headers = getallheaders(); if (isset($headers['idk']) === false && is_management_allowed($headers['idk']) === false @@ -9566,6 +9568,11 @@ function api_set_new_user($id, $thrash2, $other, $thrash3) $values['section'] = $other['data'][11]; $values['session_time'] = $other['data'][12]; + if (empty($password) === true) { + returnError('Password cannot be empty.'); + return; + } + if (!create_user($id, $password, $values)) { returnError('The user could not created'); } else { @@ -11784,14 +11791,16 @@ function api_set_delete_user($id, $thrash1, $thrash2, $thrash3) { global $config; - // if (defined ('METACONSOLE')) { - // return; - // } if (!check_acl($config['id_user'], 0, 'UM')) { returnError('forbidden', 'string'); return; } + if (empty($id) === true) { + returnError('Id cannot be empty.'); + return; + } + $headers = getallheaders(); if (isset($headers['idk']) === false && is_management_allowed($headers['idk']) === false