Private GIT

Skip to content
Snippets Groups Projects
Commit a8793a98 authored by phpipam's avatar phpipam
Browse files

Fixed user cannot be deleted

parent fd6bc398
No related branches found
No related tags found
No related merge requests found
...@@ -29,10 +29,6 @@ $_POST = $Admin->trim_array_objects ($_POST); ...@@ -29,10 +29,6 @@ $_POST = $Admin->trim_array_objects ($_POST);
# validate csrf cookie # validate csrf cookie
$User->Crypto->csrf_cookie ("validate", "user", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : ""; $User->Crypto->csrf_cookie ("validate", "user", $_POST['csrf_cookie']) === false ? $Result->show("danger", _("Invalid CSRF cookie"), true) : "";
# fetch auth method
$auth_method = $Admin->fetch_object ("usersAuthMethod", "id", $_POST['authMethod']);
$auth_method!==false ? : $Result->show("danger", _("Invalid authentication method"), true);
/* checks */ /* checks */
# ID must be numeric # ID must be numeric
...@@ -40,6 +36,13 @@ if($_POST['action']=="edit"||$_POST['action']=="delete") { ...@@ -40,6 +36,13 @@ if($_POST['action']=="edit"||$_POST['action']=="delete") {
if(!is_numeric($_POST['userId'])) { $Result->show("danger", _("Invalid ID"), true); } if(!is_numeric($_POST['userId'])) { $Result->show("danger", _("Invalid ID"), true); }
} }
# Add / edit actions
if($_POST['action']!="delete") {
// validate authMethod
$auth_method = $Admin->fetch_object ("usersAuthMethod", "id", $_POST['authMethod']);
$auth_method!==false ? : $Result->show("danger", _("Invalid authentication method"), true);
# if password changes check and hash passwords # if password changes check and hash passwords
if($auth_method->type != "local") { $_POST['password1'] = ""; $_POST['password2'] = ""; } if($auth_method->type != "local") { $_POST['password1'] = ""; $_POST['password2'] = ""; }
if((!is_blank(@$_POST['password1']) || (@$_POST['action']=="add") && $auth_method->type=="local")) { if((!is_blank(@$_POST['password1']) || (@$_POST['action']=="add") && $auth_method->type=="local")) {
...@@ -74,10 +77,6 @@ if ($_POST['action']=="add") { ...@@ -74,10 +77,6 @@ if ($_POST['action']=="add") {
{ $Result->show("danger", _("User")." ".$_POST['username']." "._("already exists!"), true); } { $Result->show("danger", _("User")." ".$_POST['username']." "._("already exists!"), true); }
} }
} }
# admin user cannot be deleted
if($_POST['action']=="delete" && $_POST['userId']==1) { $Result->show("danger", _("Admin user cannot be deleted"), true); }
# admin user cannot be disabled
if($_POST['disabled']=="Yes" && $_POST['userId']==1) { $Result->show("danger", _("Admin user cannot be disabled"), true); }
# custom fields check # custom fields check
$myFields = $Tools->fetch_custom_fields('users'); $myFields = $Tools->fetch_custom_fields('users');
...@@ -98,6 +97,13 @@ if(sizeof($myFields) > 0) { ...@@ -98,6 +97,13 @@ if(sizeof($myFields) > 0) {
if($myField['Null']=="NO" && is_blank($_POST[$myField['name']])) { $Result->show("danger", $myField['name']." "._("can not be empty!"), true); } if($myField['Null']=="NO" && is_blank($_POST[$myField['name']])) { $Result->show("danger", $myField['name']." "._("can not be empty!"), true); }
} }
} }
}
# admin user cannot be deleted
if($_POST['action']=="delete" && $_POST['userId']==1) { $Result->show("danger", _("Admin user cannot be deleted"), true); }
# admin user cannot be disabled
if($_POST['disabled']=="Yes" && $_POST['userId']==1) { $Result->show("danger", _("Admin user cannot be disabled"), true); }
/* update */ /* update */
...@@ -124,6 +130,7 @@ if($_POST['action']=="add") { ...@@ -124,6 +130,7 @@ if($_POST['action']=="add") {
} }
# custom fields # custom fields
if(isset($myFields)) {
if (sizeof($myFields)>0) { if (sizeof($myFields)>0) {
foreach($myFields as $myField) { foreach($myFields as $myField) {
# replace possible ___ back to spaces! # replace possible ___ back to spaces!
...@@ -132,6 +139,7 @@ if (sizeof($myFields)>0) { ...@@ -132,6 +139,7 @@ if (sizeof($myFields)>0) {
if(isset($_POST[$myField['nameTest']])) { $values[$myField['name']] = $_POST[$myField['nameTest']];} if(isset($_POST[$myField['nameTest']])) { $values[$myField['name']] = $_POST[$myField['nameTest']];}
} }
} }
}
# update pass ? # update pass ?
if(!is_blank(@$_POST['password1']) || (@$_POST['action']=="add" && $auth_method->type=="local")) { if(!is_blank(@$_POST['password1']) || (@$_POST['action']=="add" && $auth_method->type=="local")) {
$values['password'] = $_POST['password1']; $values['password'] = $_POST['password1'];
......
...@@ -97,7 +97,11 @@ $(document).ready(function(){ ...@@ -97,7 +97,11 @@ $(document).ready(function(){
<!-- username --> <!-- username -->
<tr> <tr>
<td><?php print _('Username'); ?></td> <td><?php print _('Username'); ?></td>
<td><input type="text" class="form-control input-sm" name="username" value="<?php print @$user['username']; ?>" <?php if($_POST['action']=="edit"||$_POST['action']=="delete") print 'readonly disabled'; ?> <?php print $disabled; ?>></td> <td>
<input type="text" class="form-control input-sm" name="username" value="<?php print @$user['username']; ?>" <?php if($_POST['action']=="edit"||$_POST['action']=="delete") print 'readonly disabled'; ?> <?php print $disabled; ?>></td>
<input type="hidden" name="userId" value="<?php print @$user['id']; ?>">
<input type="hidden" name="action" value="<?php print escape_input($_POST['action']); ?>">
<input type="hidden" name="csrf_cookie" value="<?php print $csrf; ?>">
<td class="info2"> <td class="info2">
<?php if($_POST['action']=="add") { ?> <?php if($_POST['action']=="add") { ?>
<a class='btn btn-xs btn-default adsearchuser' rel='tooltip' title='Search AD for user details'><i class='fa fa-search'></i></a> <a class='btn btn-xs btn-default adsearchuser' rel='tooltip' title='Search AD for user details'><i class='fa fa-search'></i></a>
...@@ -141,11 +145,6 @@ $(document).ready(function(){ ...@@ -141,11 +145,6 @@ $(document).ready(function(){
<option value="User" <?php if (@$user['role'] == "User" || $_POST['action'] == "add") print "selected"; ?>><?php print _('Normal User'); ?></option> <option value="User" <?php if (@$user['role'] == "User" || $_POST['action'] == "add") print "selected"; ?>><?php print _('Normal User'); ?></option>
</select> </select>
<input type="hidden" name="userId" value="<?php print @$user['id']; ?>">
<input type="hidden" name="action" value="<?php print escape_input($_POST['action']); ?>">
<input type="hidden" name="csrf_cookie" value="<?php print $csrf; ?>">
</td> </td>
<td class="info2"><?php print _('Select user role'); ?> <td class="info2"><?php print _('Select user role'); ?>
<ul> <ul>
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment