Private GIT
Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
P
phpipam
Manage
Activity
Members
Labels
Plan
Issues
Issue boards
Milestones
Wiki
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Releases
Package registry
Model registry
Operate
Environments
Terraform modules
Monitor
Incidents
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
Community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
vlbox
phpipam
Commits
a8793a98
Commit
a8793a98
authored
1 year ago
by
phpipam
Browse files
Options
Downloads
Patches
Plain Diff
Fixed user cannot be deleted
parent
fd6bc398
No related branches found
No related tags found
No related merge requests found
Changes
2
Show whitespace changes
Inline
Side-by-side
Showing
2 changed files
app/admin/users/edit-result.php
+65
-57
65 additions, 57 deletions
app/admin/users/edit-result.php
app/admin/users/edit.php
+5
-6
5 additions, 6 deletions
app/admin/users/edit.php
with
70 additions
and
63 deletions
app/admin/users/edit-result.php
+
65
−
57
View file @
a8793a98
...
@@ -29,10 +29,6 @@ $_POST = $Admin->trim_array_objects ($_POST);
...
@@ -29,10 +29,6 @@ $_POST = $Admin->trim_array_objects ($_POST);
# validate csrf cookie
# validate csrf cookie
$User
->
Crypto
->
csrf_cookie
(
"validate"
,
"user"
,
$_POST
[
'csrf_cookie'
])
===
false
?
$Result
->
show
(
"danger"
,
_
(
"Invalid CSRF cookie"
),
true
)
:
""
;
$User
->
Crypto
->
csrf_cookie
(
"validate"
,
"user"
,
$_POST
[
'csrf_cookie'
])
===
false
?
$Result
->
show
(
"danger"
,
_
(
"Invalid CSRF cookie"
),
true
)
:
""
;
# fetch auth method
$auth_method
=
$Admin
->
fetch_object
(
"usersAuthMethod"
,
"id"
,
$_POST
[
'authMethod'
]);
$auth_method
!==
false
?
:
$Result
->
show
(
"danger"
,
_
(
"Invalid authentication method"
),
true
);
/* checks */
/* checks */
# ID must be numeric
# ID must be numeric
...
@@ -40,6 +36,13 @@ if($_POST['action']=="edit"||$_POST['action']=="delete") {
...
@@ -40,6 +36,13 @@ if($_POST['action']=="edit"||$_POST['action']=="delete") {
if
(
!
is_numeric
(
$_POST
[
'userId'
]))
{
$Result
->
show
(
"danger"
,
_
(
"Invalid ID"
),
true
);
}
if
(
!
is_numeric
(
$_POST
[
'userId'
]))
{
$Result
->
show
(
"danger"
,
_
(
"Invalid ID"
),
true
);
}
}
}
# Add / edit actions
if
(
$_POST
[
'action'
]
!=
"delete"
)
{
// validate authMethod
$auth_method
=
$Admin
->
fetch_object
(
"usersAuthMethod"
,
"id"
,
$_POST
[
'authMethod'
]);
$auth_method
!==
false
?
:
$Result
->
show
(
"danger"
,
_
(
"Invalid authentication method"
),
true
);
# if password changes check and hash passwords
# if password changes check and hash passwords
if
(
$auth_method
->
type
!=
"local"
)
{
$_POST
[
'password1'
]
=
""
;
$_POST
[
'password2'
]
=
""
;
}
if
(
$auth_method
->
type
!=
"local"
)
{
$_POST
[
'password1'
]
=
""
;
$_POST
[
'password2'
]
=
""
;
}
if
((
!
is_blank
(
@
$_POST
[
'password1'
])
||
(
@
$_POST
[
'action'
]
==
"add"
)
&&
$auth_method
->
type
==
"local"
))
{
if
((
!
is_blank
(
@
$_POST
[
'password1'
])
||
(
@
$_POST
[
'action'
]
==
"add"
)
&&
$auth_method
->
type
==
"local"
))
{
...
@@ -74,10 +77,6 @@ if ($_POST['action']=="add") {
...
@@ -74,10 +77,6 @@ if ($_POST['action']=="add") {
{
$Result
->
show
(
"danger"
,
_
(
"User"
)
.
" "
.
$_POST
[
'username'
]
.
" "
.
_
(
"already exists!"
),
true
);
}
{
$Result
->
show
(
"danger"
,
_
(
"User"
)
.
" "
.
$_POST
[
'username'
]
.
" "
.
_
(
"already exists!"
),
true
);
}
}
}
}
}
# admin user cannot be deleted
if
(
$_POST
[
'action'
]
==
"delete"
&&
$_POST
[
'userId'
]
==
1
)
{
$Result
->
show
(
"danger"
,
_
(
"Admin user cannot be deleted"
),
true
);
}
# admin user cannot be disabled
if
(
$_POST
[
'disabled'
]
==
"Yes"
&&
$_POST
[
'userId'
]
==
1
)
{
$Result
->
show
(
"danger"
,
_
(
"Admin user cannot be disabled"
),
true
);
}
# custom fields check
# custom fields check
$myFields
=
$Tools
->
fetch_custom_fields
(
'users'
);
$myFields
=
$Tools
->
fetch_custom_fields
(
'users'
);
...
@@ -98,6 +97,13 @@ if(sizeof($myFields) > 0) {
...
@@ -98,6 +97,13 @@ if(sizeof($myFields) > 0) {
if
(
$myField
[
'Null'
]
==
"NO"
&&
is_blank
(
$_POST
[
$myField
[
'name'
]]))
{
$Result
->
show
(
"danger"
,
$myField
[
'name'
]
.
" "
.
_
(
"can not be empty!"
),
true
);
}
if
(
$myField
[
'Null'
]
==
"NO"
&&
is_blank
(
$_POST
[
$myField
[
'name'
]]))
{
$Result
->
show
(
"danger"
,
$myField
[
'name'
]
.
" "
.
_
(
"can not be empty!"
),
true
);
}
}
}
}
}
}
# admin user cannot be deleted
if
(
$_POST
[
'action'
]
==
"delete"
&&
$_POST
[
'userId'
]
==
1
)
{
$Result
->
show
(
"danger"
,
_
(
"Admin user cannot be deleted"
),
true
);
}
# admin user cannot be disabled
if
(
$_POST
[
'disabled'
]
==
"Yes"
&&
$_POST
[
'userId'
]
==
1
)
{
$Result
->
show
(
"danger"
,
_
(
"Admin user cannot be disabled"
),
true
);
}
/* update */
/* update */
...
@@ -124,6 +130,7 @@ if($_POST['action']=="add") {
...
@@ -124,6 +130,7 @@ if($_POST['action']=="add") {
}
}
# custom fields
# custom fields
if
(
isset
(
$myFields
))
{
if
(
sizeof
(
$myFields
)
>
0
)
{
if
(
sizeof
(
$myFields
)
>
0
)
{
foreach
(
$myFields
as
$myField
)
{
foreach
(
$myFields
as
$myField
)
{
# replace possible ___ back to spaces!
# replace possible ___ back to spaces!
...
@@ -132,6 +139,7 @@ if (sizeof($myFields)>0) {
...
@@ -132,6 +139,7 @@ if (sizeof($myFields)>0) {
if
(
isset
(
$_POST
[
$myField
[
'nameTest'
]]))
{
$values
[
$myField
[
'name'
]]
=
$_POST
[
$myField
[
'nameTest'
]];}
if
(
isset
(
$_POST
[
$myField
[
'nameTest'
]]))
{
$values
[
$myField
[
'name'
]]
=
$_POST
[
$myField
[
'nameTest'
]];}
}
}
}
}
}
# update pass ?
# update pass ?
if
(
!
is_blank
(
@
$_POST
[
'password1'
])
||
(
@
$_POST
[
'action'
]
==
"add"
&&
$auth_method
->
type
==
"local"
))
{
if
(
!
is_blank
(
@
$_POST
[
'password1'
])
||
(
@
$_POST
[
'action'
]
==
"add"
&&
$auth_method
->
type
==
"local"
))
{
$values
[
'password'
]
=
$_POST
[
'password1'
];
$values
[
'password'
]
=
$_POST
[
'password1'
];
...
...
This diff is collapsed.
Click to expand it.
app/admin/users/edit.php
+
5
−
6
View file @
a8793a98
...
@@ -97,7 +97,11 @@ $(document).ready(function(){
...
@@ -97,7 +97,11 @@ $(document).ready(function(){
<!-- username -->
<!-- username -->
<tr>
<tr>
<td>
<?php
print
_
(
'Username'
);
?>
</td>
<td>
<?php
print
_
(
'Username'
);
?>
</td>
<td><input
type=
"text"
class=
"form-control input-sm"
name=
"username"
value=
"
<?php
print
@
$user
[
'username'
];
?>
"
<?php
if
(
$_POST
[
'action'
]
==
"edit"
||
$_POST
[
'action'
]
==
"delete"
)
print
'readonly disabled'
;
?>
<?php
print
$disabled
;
?>
></td>
<td>
<input
type=
"text"
class=
"form-control input-sm"
name=
"username"
value=
"
<?php
print
@
$user
[
'username'
];
?>
"
<?php
if
(
$_POST
[
'action'
]
==
"edit"
||
$_POST
[
'action'
]
==
"delete"
)
print
'readonly disabled'
;
?>
<?php
print
$disabled
;
?>
></td>
<input
type=
"hidden"
name=
"userId"
value=
"
<?php
print
@
$user
[
'id'
];
?>
"
>
<input
type=
"hidden"
name=
"action"
value=
"
<?php
print
escape_input
(
$_POST
[
'action'
]);
?>
"
>
<input
type=
"hidden"
name=
"csrf_cookie"
value=
"
<?php
print
$csrf
;
?>
"
>
<td
class=
"info2"
>
<td
class=
"info2"
>
<?php
if
(
$_POST
[
'action'
]
==
"add"
)
{
?>
<?php
if
(
$_POST
[
'action'
]
==
"add"
)
{
?>
<a
class=
'btn btn-xs btn-default adsearchuser'
rel=
'tooltip'
title=
'Search AD for user details'
><i
class=
'fa fa-search'
></i></a>
<a
class=
'btn btn-xs btn-default adsearchuser'
rel=
'tooltip'
title=
'Search AD for user details'
><i
class=
'fa fa-search'
></i></a>
...
@@ -141,11 +145,6 @@ $(document).ready(function(){
...
@@ -141,11 +145,6 @@ $(document).ready(function(){
<option
value=
"User"
<?php
if
(
@
$user
[
'role'
]
==
"User"
||
$_POST
[
'action'
]
==
"add"
)
print
"selected"
;
?>
>
<?php
print
_
(
'Normal User'
);
?>
</option>
<option
value=
"User"
<?php
if
(
@
$user
[
'role'
]
==
"User"
||
$_POST
[
'action'
]
==
"add"
)
print
"selected"
;
?>
>
<?php
print
_
(
'Normal User'
);
?>
</option>
</select>
</select>
<input
type=
"hidden"
name=
"userId"
value=
"
<?php
print
@
$user
[
'id'
];
?>
"
>
<input
type=
"hidden"
name=
"action"
value=
"
<?php
print
escape_input
(
$_POST
[
'action'
]);
?>
"
>
<input
type=
"hidden"
name=
"csrf_cookie"
value=
"
<?php
print
$csrf
;
?>
"
>
</td>
</td>
<td
class=
"info2"
>
<?php
print
_
(
'Select user role'
);
?>
<td
class=
"info2"
>
<?php
print
_
(
'Select user role'
);
?>
<ul>
<ul>
...
...
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment