Browse code

Primärer Useraccount kann damit nicht mehr geändert werden, wenn er zum Login benutzt wurde.

git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@566 87cf0b9e-d624-0410-a070-f6ee81989793

bernd authored on30/07/2007 13:02:41
Showing4 changed files
... ...
@@ -17,12 +17,19 @@ if (! customer_may_have_useraccounts())
17 17
 }
18 18
 else
19 19
 {
20
+  $primary = primary_useraccount();
20 21
   $accounts = list_useraccounts();
21 22
   output("<p>Folgende Benutzeraccounts haben Sie bisher:</p>");
22 23
   output("<table><tr><th>Benutzername</th><th>Name</th><th>Erstellt am</th><th>Speicherplatz</th></tr>");
23 24
   foreach ($accounts as $acc)
24 25
   {
25
-    output("<tr><td>".internal_link('edit.php', $acc->username, "uid={$acc->uid}")."</td><td>{$acc->name}</td><td>{$acc->erstellungsdatum}</td><td>{$acc->softquota} MB</td></tr>");
26
+
27
+    output("<tr><td>");
28
+    if ($acc->uid == $primary)
29
+      output($acc->username);
30
+    else
31
+      output(internal_link('edit.php', $acc->username, "uid={$acc->uid}"));
32
+    output("</td><td>{$acc->name}</td><td>{$acc->erstellungsdatum}</td><td>{$acc->softquota} MB</td></tr>");
26 33
   }
27 34
   output("</table><br />");
28 35
 }
... ...
@@ -9,11 +9,14 @@ require_role(ROLE_CUSTOMER);
9 9
 
10 10
 $title = "System-Benutzeraccounts";
11 11
 
12
-
13 12
 $account = get_account_details($_GET['uid']);
14 13
 
15 14
 output("<h3>Bearbeiten von Benutzer »{$account['username']}«</h3>");
16 15
 
16
+if ($account['uid'] == primary_useraccount())
17
+  system_failure('Aus Sicherheitsgründen können Sie diesen Account nicht ändern!');
18
+
19
+
17 20
 output(html_form('systemuser_edit', 'save.php', 'action=edit', '
18 21
 <table>
19 22
 <tr><td>Benutzername:</td><td><strong>'.$account['username'].'</strong></td></tr>
... ...
@@ -14,6 +14,18 @@ function customer_may_have_useraccounts()
14 14
 }
15 15
 
16 16
 
17
+function primary_useraccount()
18
+{
19
+  if (! ($_SESSION['role'] & ROLE_SYSTEMUSER))
20
+    return NULL;
21
+  $customerno = (int) $_SESSION['customerinfo']['customerno'];
22
+  $result = db_query("SELECT MIN(uid) AS uid FROM system.useraccounts WHERE kunde={$customerno}");
23
+  $uid = mysql_fetch_object($result)->uid;
24
+  DEBUG("primary useraccount: {$uid}");
25
+  return $uid;
26
+}
27
+
28
+
17 29
 
18 30
 function list_useraccounts()
19 31
 {
... ...
@@ -16,9 +16,8 @@ if ($_GET['action'] == 'new')
16 16
 {
17 17
   system_failure('not implemented');
18 18
   /*
19
-  check_form_token('jabber_new_account');
20
-  if (filter_input_username($_POST['local']) == '' ||
21
-      $_POST['domain'] == '' ||
19
+  check_form_token('systemuser_new');
20
+  if (filter_input_username($_POST['username']) == '' ||
22 21
       filter_shell($_POST['password']) == '')
23 22
   {
24 23
     input_error('Sie müssen alle Felder ausfüllen!');
... ...
@@ -35,8 +34,14 @@ elseif ($_GET['action'] == 'edit')
35 34
 {
36 35
   $error = false;
37 36
   check_form_token('systemuser_edit');
37
+  if ($_POST['uid'] == primary_useraccount())
38
+    system_failure('Aus Sicherheitsgründen können Sie diesen Account nicht ändern!');
39
+
38 40
   if ($_POST['newpass'] != '')
39 41
   {
42
+    //if (! strong_password($_POST['newpass']))
43
+    //  input_error('Das Passwort ist zu einfach');
44
+    //else
40 45
     if ($_POST['newpass2'] == '' ||
41 46
         $_POST['newpass'] != $_POST['newpass2'])
42 47
     {