mirror of
https://github.com/pandorafms/pandorafms.git
synced 2025-07-30 09:15:15 +02:00
#9527 Fixed new user
This commit is contained in:
Daniel Maya
parent
9ae4c7ca67
commit
d46174adb8
@ -265,71 +265,75 @@ $delete_user = (bool) get_parameter('user_del', false);
|
|||||||
if ($delete_user === true) {
|
if ($delete_user === true) {
|
||||||
// Delete user.
|
// Delete user.
|
||||||
$id_user = get_parameter('delete_user', 0);
|
$id_user = get_parameter('delete_user', 0);
|
||||||
if (users_is_admin($id_user) === true && users_is_admin() === false) {
|
if ($id_user !== 0) {
|
||||||
db_pandora_audit(
|
if (users_is_admin($id_user) === true && users_is_admin() === false) {
|
||||||
AUDIT_LOG_ACL_VIOLATION,
|
|
||||||
'Trying to delete admininstrator user by non administrator user '.$config['id_user']
|
|
||||||
);
|
|
||||||
|
|
||||||
include 'general/noaccess.php';
|
|
||||||
exit;
|
|
||||||
}
|
|
||||||
|
|
||||||
// Only allow delete user if is not the actual user.
|
|
||||||
if ($id_user != $config['id_user']) {
|
|
||||||
$user_row = users_get_user_by_id($id_user);
|
|
||||||
|
|
||||||
$result = delete_user($id_user);
|
|
||||||
|
|
||||||
if ($result) {
|
|
||||||
db_pandora_audit(
|
db_pandora_audit(
|
||||||
AUDIT_LOG_USER_MANAGEMENT,
|
AUDIT_LOG_ACL_VIOLATION,
|
||||||
__('Deleted user %s', io_safe_output($id_user))
|
'Trying to delete admininstrator user by non administrator user '.$config['id_user']
|
||||||
);
|
);
|
||||||
|
|
||||||
|
include 'general/noaccess.php';
|
||||||
|
exit;
|
||||||
}
|
}
|
||||||
|
|
||||||
ui_print_result_message(
|
// Only allow delete user if is not the actual user.
|
||||||
$result,
|
if ($id_user != $config['id_user']) {
|
||||||
__('Successfully deleted'),
|
$user_row = users_get_user_by_id($id_user);
|
||||||
__('There was a problem deleting the user')
|
|
||||||
);
|
|
||||||
|
|
||||||
// Delete the user in all the consoles.
|
$result = delete_user($id_user);
|
||||||
if (is_metaconsole() === true && isset($_GET['delete_all'])) {
|
|
||||||
$servers = metaconsole_get_servers();
|
if ($result) {
|
||||||
foreach ($servers as $server) {
|
db_pandora_audit(
|
||||||
// Connect to the remote console.
|
AUDIT_LOG_USER_MANAGEMENT,
|
||||||
if (metaconsole_connect($server) === NOERR) {
|
__('Deleted user %s', io_safe_output($id_user))
|
||||||
// Delete the user.
|
);
|
||||||
$result = delete_user($id_user);
|
}
|
||||||
|
|
||||||
|
ui_print_result_message(
|
||||||
|
$result,
|
||||||
|
__('Successfully deleted'),
|
||||||
|
__('There was a problem deleting the user')
|
||||||
|
);
|
||||||
|
|
||||||
|
// Delete the user in all the consoles.
|
||||||
|
if (is_metaconsole() === true && isset($_GET['delete_all'])) {
|
||||||
|
$servers = metaconsole_get_servers();
|
||||||
|
foreach ($servers as $server) {
|
||||||
|
// Connect to the remote console.
|
||||||
|
if (metaconsole_connect($server) === NOERR) {
|
||||||
|
// Delete the user.
|
||||||
|
$result = delete_user($id_user);
|
||||||
|
if ($result) {
|
||||||
|
db_pandora_audit(
|
||||||
|
AUDIT_LOG_USER_MANAGEMENT,
|
||||||
|
__('Deleted user %s from metaconsole', io_safe_input($id_user))
|
||||||
|
);
|
||||||
|
}
|
||||||
|
|
||||||
|
// Restore the db connection.
|
||||||
|
metaconsole_restore_db();
|
||||||
|
}
|
||||||
|
|
||||||
|
// Log to the metaconsole too.
|
||||||
if ($result) {
|
if ($result) {
|
||||||
db_pandora_audit(
|
db_pandora_audit(
|
||||||
AUDIT_LOG_USER_MANAGEMENT,
|
AUDIT_LOG_USER_MANAGEMENT,
|
||||||
__('Deleted user %s from metaconsole', io_safe_input($id_user))
|
__('Deleted user %s from %s', io_safe_input($id_user), io_safe_input($server['server_name']))
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
// Restore the db connection.
|
ui_print_result_message(
|
||||||
metaconsole_restore_db();
|
$result,
|
||||||
}
|
__('Successfully deleted from %s', io_safe_input($server['server_name'])),
|
||||||
|
__('There was a problem deleting the user from %s', io_safe_input($server['server_name']))
|
||||||
// Log to the metaconsole too.
|
|
||||||
if ($result) {
|
|
||||||
db_pandora_audit(
|
|
||||||
AUDIT_LOG_USER_MANAGEMENT,
|
|
||||||
__('Deleted user %s from %s', io_safe_input($id_user), io_safe_input($server['server_name']))
|
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
ui_print_result_message(
|
|
||||||
$result,
|
|
||||||
__('Successfully deleted from %s', io_safe_input($server['server_name'])),
|
|
||||||
__('There was a problem deleting the user from %s', io_safe_input($server['server_name']))
|
|
||||||
);
|
|
||||||
}
|
}
|
||||||
|
} else {
|
||||||
|
ui_print_error_message(__('There was a problem deleting the user'));
|
||||||
}
|
}
|
||||||
} else {
|
} else {
|
||||||
ui_print_error_message(__('There was a problem deleting the user'));
|
ui_print_error_message(__('ID user cannot be empty'));
|
||||||
}
|
}
|
||||||
} else if (isset($_GET['profile_del'])) {
|
} else if (isset($_GET['profile_del'])) {
|
||||||
// Delete profile.
|
// Delete profile.
|
||||||
@ -586,6 +590,10 @@ $rowPair = true;
|
|||||||
$iterator = 0;
|
$iterator = 0;
|
||||||
$cont = 0;
|
$cont = 0;
|
||||||
foreach ($info as $user_id => $user_info) {
|
foreach ($info as $user_id => $user_info) {
|
||||||
|
if (empty($user_id) === true) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
|
||||||
// User profiles.
|
// User profiles.
|
||||||
if ($user_is_admin || $user_id == $config['id_user'] || isset($group_um[0])) {
|
if ($user_is_admin || $user_id == $config['id_user'] || isset($group_um[0])) {
|
||||||
$user_profiles = db_get_all_rows_field_filter(
|
$user_profiles = db_get_all_rows_field_filter(
|
||||||
|
|||||||
@ -9535,14 +9535,16 @@ function api_set_new_user($id, $thrash2, $other, $thrash3)
|
|||||||
{
|
{
|
||||||
global $config;
|
global $config;
|
||||||
|
|
||||||
// if (defined ('METACONSOLE')) {
|
|
||||||
// return;
|
|
||||||
// }
|
|
||||||
if (!check_acl($config['id_user'], 0, 'UM')) {
|
if (!check_acl($config['id_user'], 0, 'UM')) {
|
||||||
returnError('forbidden', 'string');
|
returnError('forbidden', 'string');
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (empty($id) === true) {
|
||||||
|
returnError('Id cannot be empty.');
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
$headers = getallheaders();
|
$headers = getallheaders();
|
||||||
if (isset($headers['idk']) === false
|
if (isset($headers['idk']) === false
|
||||||
&& is_management_allowed($headers['idk']) === false
|
&& is_management_allowed($headers['idk']) === false
|
||||||
@ -9566,6 +9568,11 @@ function api_set_new_user($id, $thrash2, $other, $thrash3)
|
|||||||
$values['section'] = $other['data'][11];
|
$values['section'] = $other['data'][11];
|
||||||
$values['session_time'] = $other['data'][12];
|
$values['session_time'] = $other['data'][12];
|
||||||
|
|
||||||
|
if (empty($password) === true) {
|
||||||
|
returnError('Password cannot be empty.');
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
if (!create_user($id, $password, $values)) {
|
if (!create_user($id, $password, $values)) {
|
||||||
returnError('The user could not created');
|
returnError('The user could not created');
|
||||||
} else {
|
} else {
|
||||||
@ -11784,14 +11791,16 @@ function api_set_delete_user($id, $thrash1, $thrash2, $thrash3)
|
|||||||
{
|
{
|
||||||
global $config;
|
global $config;
|
||||||
|
|
||||||
// if (defined ('METACONSOLE')) {
|
|
||||||
// return;
|
|
||||||
// }
|
|
||||||
if (!check_acl($config['id_user'], 0, 'UM')) {
|
if (!check_acl($config['id_user'], 0, 'UM')) {
|
||||||
returnError('forbidden', 'string');
|
returnError('forbidden', 'string');
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (empty($id) === true) {
|
||||||
|
returnError('Id cannot be empty.');
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
$headers = getallheaders();
|
$headers = getallheaders();
|
||||||
if (isset($headers['idk']) === false
|
if (isset($headers['idk']) === false
|
||||||
&& is_management_allowed($headers['idk']) === false
|
&& is_management_allowed($headers['idk']) === false
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user