[Phplib-commit] CVS: php-lib/pages/admin new_user_md5.php3,1.7,1.8
Brought to you by:
nhruby,
richardarcher
Menu
▾
▴
[Phplib-commit] CVS: php-lib/pages/admin new_user_md5.php3,1.7,1.8
|
From: Richard A. <ric...@us...> - 2001-08-29 12:36:45
|
Update of /cvsroot/phplib/php-lib/pages/admin
In directory usw-pr-cvs1:/tmp/cvs-serv4497/pages/admin
Modified Files:
new_user_md5.php3
Log Message:
Sync with -stable:
Changes to new_user_md5.php3 to increase reliability:
- added debug output and a plain text warning
- check whether a new password was entered - if not, leave old password alone
- rewrite the Javascript to fix Mozilla and IE5 problems
- remove the deprecated if: ... else: coding style
Check to see if db query returned any results in local.inc
Modify Javascript in cr*loginform.ihtml to fix IE5 problem
Index: new_user_md5.php3
===================================================================
RCS file: /cvsroot/phplib/php-lib/pages/admin/new_user_md5.php3,v
retrieving revision 1.7
retrieving revision 1.8
diff -C2 -d -r1.7 -r1.8
*** new_user_md5.php3 2001/08/15 08:23:04 1.7
--- new_user_md5.php3 2001/08/29 12:36:42 1.8
***************
*** 109,112 ****
--- 109,126 ----
###
+ ## Some debug output - can be useful to see what's going on
+ #$debug_output = "<br>\n";
+ #reset($HTTP_POST_VARS);
+ #while(list($var,$value)=each($HTTP_POST_VARS)) {
+ # $debug_output .= "$var: $value<br>\n";
+ #}
+ #reset($HTTP_POST_VARS);
+ #my_msg($debug_output);
+
+ # Notify the user if a plain text password is received
+ if(!empty($password)) {
+ my_error("<b>Warning:</b> plain text password received. Is Javascript enabled?");
+ }
+
## Get a database connection
$db = new DB_Example;
***************
*** 123,126 ****
--- 137,147 ----
}
+ ## Find out if a new password was entered
+ if ($password == md5("*******")) {
+ $new_password = false;
+ } else {
+ $new_password = true;
+ }
+
## $perms array will be unset if a user has had all perms removed.
## If so, set $perms to an empty array to prevent errors from implode.
***************
*** 180,183 ****
--- 201,208 ----
## Handle users changing their own password...
if (!$perm->have_perm("admin")) {
+ if (!$new_password) {
+ my_error("Please fill out a new <b>Password</b> ");
+ break;
+ }
$query = "update auth_user_md5 set p_password='$password' where p_user_id='$u_id'";
$db->query($query);
***************
*** 199,203 ****
## Update user information.
$permlist = addslashes(implode($perms,","));
! $query = "update auth_user_md5 set p_username='$username', p_password='$password', p_perms='$permlist' where p_user_id='$u_id'";
$db->query($query);
if ($db->affected_rows() == 0) {
--- 224,233 ----
## Update user information.
$permlist = addslashes(implode($perms,","));
! if (!$new_password) {
! $password_query = "";
! } else {
! $password_query = "p_password='$password',";
! }
! $query = "update auth_user_md5 set p_username='$username', $password_query p_perms='$permlist' where p_user_id='$u_id'";
$db->query($query);
if ($db->affected_rows() == 0) {
***************
*** 237,240 ****
--- 267,280 ----
?>
+ <script language="javascript">
+ <!--
+ function doHashPass(theForm) {
+ theForm.hashpass.value = MD5(theForm.password.value);
+ theForm.password.value = "";
+ return true;
+ }
+ // -->
+ </script>
+
<table border=0 bgcolor="#eeeeee" align="center" cellspacing=2 cellpadding=4 width=540>
<tr valign=top align=left>
***************
*** 246,299 ****
<?php
! if ($perm->have_perm("admin")):
?>
<!-- create a new user -->
! <script language="javascript">
! <!--
! function doAddUser() {
! document.add.hashpass.value = MD5(document.add.password.value);
! document.add.password.value = "";
! document.add.submit();
! }
! // -->
! </script>
! <form name="add" method="post" action="<?php $sess->pself_url() ?>">
<tr valign=middle align=left>
<td><input type="text" name="username" size=12 maxlength=32 value=""></td>
<td><input type="test" name="password" size=12 maxlength=32 value=""></td>
<td><?php print $perm->perm_sel("perms","user");?></td>
! <td align=right><input onClick="doAddUser(); return true;" type="submit" name="create" value="Create User"></td>
<input type="hidden" name="hashpass" value="">
</tr>
</form>
<?php
- endif;
- ?>
-
- <script language="javascript">
- <!--
- function doEditUser() {
- document.edit.hashpass.value = MD5(document.edit.password.value);
- document.edit.password.value = "";
- document.edit.submit();
- }
- // -->
- </script>
-
- <?
## Traverse the result set
$db->query("select * from auth_user_md5 order by p_username");
! while ($db->next_record()):
?>
<!-- existing user -->
! <form name="edit" method="post" action="<?php $sess->pself_url() ?>">
<input type="hidden" name="hashpass" value="">
<tr valign=middle align=left>
<?php
! if ($perm->have_perm("admin")):
! ?>
<td><input type="text" name="username" size=12 maxlength=32 value="<?php $db->p("username") ?>"></td>
<td><input type="text" name="password" size=12 maxlength=32 value="*******"></td>
--- 286,317 ----
<?php
! if ($perm->have_perm("admin")) {
?>
<!-- create a new user -->
! <form name="add" method="post" action="<?php $sess->pself_url() ?>" onSubmit="doHashPass(this)">
<tr valign=middle align=left>
<td><input type="text" name="username" size=12 maxlength=32 value=""></td>
<td><input type="test" name="password" size=12 maxlength=32 value=""></td>
<td><?php print $perm->perm_sel("perms","user");?></td>
! <td align=right><input type="submit" name="create" value="Create User"></td>
<input type="hidden" name="hashpass" value="">
</tr>
</form>
<?php
+ } // end if admin
## Traverse the result set
$db->query("select * from auth_user_md5 order by p_username");
! while ($db->next_record()) {
?>
<!-- existing user -->
! <form method="post" action="<?php $sess->pself_url() ?>" onSubmit="doHashPass(this)">
<input type="hidden" name="hashpass" value="">
<tr valign=middle align=left>
<?php
! if ($perm->have_perm("admin")) {
! ?>
<td><input type="text" name="username" size=12 maxlength=32 value="<?php $db->p("username") ?>"></td>
<td><input type="text" name="password" size=12 maxlength=32 value="*******"></td>
***************
*** 303,311 ****
<input type="hidden" name="u_id" value="<?php $db->p("user_id") ?>">
<input type="submit" name="u_kill" value="Kill">
! <input onClick="doEditUser(); return true;" type="submit" name="u_edit" value="Change">
</td>
<?php
! elseif ($auth->auth["uname"] == $db->f("username")):
! ?>
<td><?php $db->p("username") ?></td>
<td><input type="text" name="password" size=12 maxlength=32 value="*******"></td>
--- 321,329 ----
<input type="hidden" name="u_id" value="<?php $db->p("user_id") ?>">
<input type="submit" name="u_kill" value="Kill">
! <input type="submit" name="u_edit" value="Change">
</td>
<?php
! } elseif ($auth->auth["uname"] == $db->f("username")) {
! ?>
<td><?php $db->p("username") ?></td>
<td><input type="text" name="password" size=12 maxlength=32 value="*******"></td>
***************
*** 313,319 ****
<td align=right>
<input type="hidden" name="u_id" value="<?php $db->p("user_id") ?>">
! <input onClick="doEditUser(); return true;" type="submit" name="u_edit" value="Change">
</td>
! <?php else: ?>
<td><?php $db->p("username") ?></td>
<td>**********</td>
--- 331,339 ----
<td align=right>
<input type="hidden" name="u_id" value="<?php $db->p("user_id") ?>">
! <input type="submit" name="u_edit" value="Change">
</td>
! <?php
! } else {
! ?>
<td><?php $db->p("username") ?></td>
<td>**********</td>
***************
*** 321,330 ****
<td align=right> </td>
<?php
! endif;
! ?>
</tr>
</form>
<?php
! endwhile;
?>
</table>
--- 341,350 ----
<td align=right> </td>
<?php
! }
! ?>
</tr>
</form>
<?php
! } // while next record
?>
</table>
|
