Browse code
Codingstyle PSR12 + array syntax
Hanno Böck authored on 30/10/2021 21:18:17
Showing 1 changed files
| ... | ... |
@@ -23,8 +23,8 @@ require_once("inc/debug.php");
|
| 23 | 23 |
function list_subusers() |
| 24 | 24 |
{
|
| 25 | 25 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 26 |
- $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid=?", array($uid));
|
|
| 27 |
- $subusers = array(); |
|
| 26 |
+ $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid=?", [$uid]);
|
|
| 27 |
+ $subusers = []; |
|
| 28 | 28 |
while ($item = $result->fetch()) {
|
| 29 | 29 |
$item['modules'] = explode(',', $item['modules']);
|
| 30 | 30 |
$subusers[] = $item; |
| ... | ... |
@@ -36,7 +36,7 @@ function list_subusers() |
| 36 | 36 |
|
| 37 | 37 |
function load_subuser($id) |
| 38 | 38 |
{
|
| 39 |
- $args = array(":id" => $id, ":uid" => $_SESSION['userinfo']['uid']);
|
|
| 39 |
+ $args = [":id" => $id, ":uid" => $_SESSION['userinfo']['uid']]; |
|
| 40 | 40 |
|
| 41 | 41 |
$result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid=:uid AND id=:id", $args);
|
| 42 | 42 |
$item = $result->fetch(); |
| ... | ... |
@@ -47,7 +47,7 @@ function load_subuser($id) |
| 47 | 47 |
|
| 48 | 48 |
function available_modules() |
| 49 | 49 |
{
|
| 50 |
- $modules = array(); |
|
| 50 |
+ $modules = []; |
|
| 51 | 51 |
$allmodules = get_modules_info(); |
| 52 | 52 |
|
| 53 | 53 |
// Das su-Modul ist hierfuer unwichtig |
| ... | ... |
@@ -63,16 +63,16 @@ function available_modules() |
| 63 | 63 |
|
| 64 | 64 |
function delete_subuser($id) |
| 65 | 65 |
{
|
| 66 |
- $args = array(":id" => $id, ":uid" => $_SESSION['userinfo']['uid']);
|
|
| 66 |
+ $args = [":id" => $id, ":uid" => $_SESSION['userinfo']['uid']]; |
|
| 67 | 67 |
|
| 68 | 68 |
db_query("DELETE FROM system.subusers WHERE id=:id AND uid=:uid", $args);
|
| 69 | 69 |
} |
| 70 | 70 |
|
| 71 | 71 |
function empty_subuser() |
| 72 | 72 |
{
|
| 73 |
- $subuser = array("id" => null,
|
|
| 73 |
+ $subuser = ["id" => null, |
|
| 74 | 74 |
"username" => $_SESSION['userinfo']['username'].'_', |
| 75 |
- "modules" => array('index'));
|
|
| 75 |
+ "modules" => ['index'], ]; |
|
| 76 | 76 |
return $subuser; |
| 77 | 77 |
} |
| 78 | 78 |
|
| ... | ... |
@@ -89,7 +89,7 @@ function new_subuser($username, $requested_modules, $password) |
| 89 | 89 |
} |
| 90 | 90 |
DEBUG($requested_modules); |
| 91 | 91 |
$allmods = available_modules(); |
| 92 |
- $modules = array(); |
|
| 92 |
+ $modules = []; |
|
| 93 | 93 |
foreach ($requested_modules as $mod) {
|
| 94 | 94 |
if (isset($allmods[$mod])) {
|
| 95 | 95 |
$modules[] = $mod; |
| ... | ... |
@@ -105,10 +105,10 @@ function new_subuser($username, $requested_modules, $password) |
| 105 | 105 |
system_failure("Unsicheres Passwort: ".$result);
|
| 106 | 106 |
} |
| 107 | 107 |
|
| 108 |
- $args = array(":uid" => $_SESSION['userinfo']['uid'],
|
|
| 108 |
+ $args = [":uid" => $_SESSION['userinfo']['uid'], |
|
| 109 | 109 |
":username" => $username, |
| 110 | 110 |
":password" => hash("sha256", $password),
|
| 111 |
- ":modules" => implode(',', $modules));
|
|
| 111 |
+ ":modules" => implode(',', $modules), ];
|
|
| 112 | 112 |
|
| 113 | 113 |
db_query("INSERT INTO system.subusers (uid, username, password, modules) VALUES (:uid, :username, :password, :modules)", $args);
|
| 114 | 114 |
} |
| ... | ... |
@@ -141,7 +141,7 @@ function edit_subuser($id, $username, $requested_modules, $password) |
| 141 | 141 |
system_failure("Module nicht als array erhalten!");
|
| 142 | 142 |
} |
| 143 | 143 |
$allmods = available_modules(); |
| 144 |
- $modules = array(); |
|
| 144 |
+ $modules = []; |
|
| 145 | 145 |
foreach ($requested_modules as $mod) {
|
| 146 | 146 |
if (isset($allmods[$mod])) {
|
| 147 | 147 |
$modules[] = $mod; |
| ... | ... |
@@ -151,10 +151,10 @@ function edit_subuser($id, $username, $requested_modules, $password) |
| 151 | 151 |
system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
|
| 152 | 152 |
} |
| 153 | 153 |
|
| 154 |
- $args = array(":uid" => $_SESSION['userinfo']['uid'],
|
|
| 154 |
+ $args = [":uid" => $_SESSION['userinfo']['uid'], |
|
| 155 | 155 |
":id" => $id, |
| 156 | 156 |
":username" => $username, |
| 157 |
- ":modules" => implode(',', $modules));
|
|
| 157 |
+ ":modules" => implode(',', $modules), ];
|
|
| 158 | 158 |
|
| 159 | 159 |
$pwchange = ''; |
| 160 | 160 |
if ($password) {
|
Browse code
remove whitespace in empty lines
Hanno authored on 26/06/2018 23:36:40
Showing 1 changed files
| ... | ... |
@@ -37,7 +37,7 @@ function list_subusers() |
| 37 | 37 |
function load_subuser($id) |
| 38 | 38 |
{
|
| 39 | 39 |
$args = array(":id" => $id, ":uid" => $_SESSION['userinfo']['uid']);
|
| 40 |
- |
|
| 40 |
+ |
|
| 41 | 41 |
$result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid=:uid AND id=:id", $args);
|
| 42 | 42 |
$item = $result->fetch(); |
| 43 | 43 |
$item['modules'] = explode(',', $item['modules']);
|
| ... | ... |
@@ -64,7 +64,7 @@ function available_modules() |
| 64 | 64 |
function delete_subuser($id) |
| 65 | 65 |
{
|
| 66 | 66 |
$args = array(":id" => $id, ":uid" => $_SESSION['userinfo']['uid']);
|
| 67 |
- |
|
| 67 |
+ |
|
| 68 | 68 |
db_query("DELETE FROM system.subusers WHERE id=:id AND uid=:uid", $args);
|
| 69 | 69 |
} |
| 70 | 70 |
|
| ... | ... |
@@ -99,7 +99,7 @@ function new_subuser($username, $requested_modules, $password) |
| 99 | 99 |
if (count($modules) == 0) {
|
| 100 | 100 |
system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
|
| 101 | 101 |
} |
| 102 |
- |
|
| 102 |
+ |
|
| 103 | 103 |
$result = strong_password($password); |
| 104 | 104 |
if ($result !== true) {
|
| 105 | 105 |
system_failure("Unsicheres Passwort: ".$result);
|
| ... | ... |
@@ -150,7 +150,7 @@ function edit_subuser($id, $username, $requested_modules, $password) |
| 150 | 150 |
if (count($modules) == 0) {
|
| 151 | 151 |
system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
|
| 152 | 152 |
} |
| 153 |
- |
|
| 153 |
+ |
|
| 154 | 154 |
$args = array(":uid" => $_SESSION['userinfo']['uid'],
|
| 155 | 155 |
":id" => $id, |
| 156 | 156 |
":username" => $username, |
Browse code
Fix coding style with php-cs-checker, see https://cs.sensiolabs.org/
Hanno authored on 26/06/2018 13:58:19
Showing 1 changed files
| ... | ... |
@@ -8,7 +8,7 @@ Written 2008-2018 by schokokeks.org Hosting, namely |
| 8 | 8 |
|
| 9 | 9 |
To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. |
| 10 | 10 |
|
| 11 |
-You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
| 11 |
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
| 12 | 12 |
http://creativecommons.org/publicdomain/zero/1.0/ |
| 13 | 13 |
|
| 14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
| ... | ... |
@@ -22,155 +22,150 @@ require_once("inc/debug.php");
|
| 22 | 22 |
|
| 23 | 23 |
function list_subusers() |
| 24 | 24 |
{
|
| 25 |
- $uid = (int) $_SESSION['userinfo']['uid']; |
|
| 26 |
- $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid=?", array($uid));
|
|
| 27 |
- $subusers = array(); |
|
| 28 |
- while ($item = $result->fetch()) |
|
| 29 |
- {
|
|
| 30 |
- $item['modules'] = explode(',', $item['modules']);
|
|
| 31 |
- $subusers[] = $item; |
|
| 32 |
- } |
|
| 33 |
- DEBUG($subusers); |
|
| 34 |
- return $subusers; |
|
| 25 |
+ $uid = (int) $_SESSION['userinfo']['uid']; |
|
| 26 |
+ $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid=?", array($uid));
|
|
| 27 |
+ $subusers = array(); |
|
| 28 |
+ while ($item = $result->fetch()) {
|
|
| 29 |
+ $item['modules'] = explode(',', $item['modules']);
|
|
| 30 |
+ $subusers[] = $item; |
|
| 31 |
+ } |
|
| 32 |
+ DEBUG($subusers); |
|
| 33 |
+ return $subusers; |
|
| 35 | 34 |
} |
| 36 | 35 |
|
| 37 | 36 |
|
| 38 |
-function load_subuser($id) {
|
|
| 39 |
- $args = array(":id" => $id, ":uid" => $_SESSION['userinfo']['uid']);
|
|
| 37 |
+function load_subuser($id) |
|
| 38 |
+{
|
|
| 39 |
+ $args = array(":id" => $id, ":uid" => $_SESSION['userinfo']['uid']);
|
|
| 40 | 40 |
|
| 41 |
- $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid=:uid AND id=:id", $args);
|
|
| 42 |
- $item = $result->fetch(); |
|
| 43 |
- $item['modules'] = explode(',', $item['modules']);
|
|
| 44 |
- return $item; |
|
| 41 |
+ $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid=:uid AND id=:id", $args);
|
|
| 42 |
+ $item = $result->fetch(); |
|
| 43 |
+ $item['modules'] = explode(',', $item['modules']);
|
|
| 44 |
+ return $item; |
|
| 45 | 45 |
} |
| 46 | 46 |
|
| 47 | 47 |
|
| 48 | 48 |
function available_modules() |
| 49 | 49 |
{
|
| 50 |
- $modules = array(); |
|
| 51 |
- $allmodules = get_modules_info(); |
|
| 52 |
- |
|
| 53 |
- // Das su-Modul ist hierfuer unwichtig |
|
| 54 |
- unset($allmodules['su']); |
|
| 55 |
- |
|
| 56 |
- foreach ($allmodules as $modname => $modinfo) |
|
| 57 |
- {
|
|
| 58 |
- if (isset($modinfo['permission'])) |
|
| 59 |
- $modules[$modname] = $modinfo['permission']; |
|
| 60 |
- } |
|
| 61 |
- return $modules; |
|
| 50 |
+ $modules = array(); |
|
| 51 |
+ $allmodules = get_modules_info(); |
|
| 52 |
+ |
|
| 53 |
+ // Das su-Modul ist hierfuer unwichtig |
|
| 54 |
+ unset($allmodules['su']); |
|
| 55 |
+ |
|
| 56 |
+ foreach ($allmodules as $modname => $modinfo) {
|
|
| 57 |
+ if (isset($modinfo['permission'])) {
|
|
| 58 |
+ $modules[$modname] = $modinfo['permission']; |
|
| 59 |
+ } |
|
| 60 |
+ } |
|
| 61 |
+ return $modules; |
|
| 62 | 62 |
} |
| 63 | 63 |
|
| 64 |
-function delete_subuser($id) {
|
|
| 65 |
- $args = array(":id" => $id, ":uid" => $_SESSION['userinfo']['uid']);
|
|
| 64 |
+function delete_subuser($id) |
|
| 65 |
+{
|
|
| 66 |
+ $args = array(":id" => $id, ":uid" => $_SESSION['userinfo']['uid']);
|
|
| 66 | 67 |
|
| 67 |
- db_query("DELETE FROM system.subusers WHERE id=:id AND uid=:uid", $args);
|
|
| 68 |
+ db_query("DELETE FROM system.subusers WHERE id=:id AND uid=:uid", $args);
|
|
| 68 | 69 |
} |
| 69 | 70 |
|
| 70 | 71 |
function empty_subuser() |
| 71 | 72 |
{
|
| 72 |
- $subuser = array("id" => NULL,
|
|
| 73 |
- "username" => $_SESSION['userinfo']['username'].'_', |
|
| 73 |
+ $subuser = array("id" => null,
|
|
| 74 |
+ "username" => $_SESSION['userinfo']['username'].'_', |
|
| 74 | 75 |
"modules" => array('index'));
|
| 75 |
- return $subuser; |
|
| 76 |
+ return $subuser; |
|
| 76 | 77 |
} |
| 77 | 78 |
|
| 78 |
-function new_subuser($username, $requested_modules, $password) |
|
| 79 |
+function new_subuser($username, $requested_modules, $password) |
|
| 79 | 80 |
{
|
| 80 |
- $username = filter_input_username($username); |
|
| 81 |
- if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
|
|
| 82 |
- // Username nicht enthalten (FALSE) oder nicht am Anfang (>0) |
|
| 83 |
- system_failure("Ungültiger Benutzername!");
|
|
| 84 |
- } |
|
| 85 |
- |
|
| 86 |
- if (!is_array($requested_modules)) {
|
|
| 87 |
- system_failure("Module nicht als array erhalten!");
|
|
| 88 |
- } |
|
| 89 |
- DEBUG($requested_modules); |
|
| 90 |
- $allmods = available_modules(); |
|
| 91 |
- $modules = array(); |
|
| 92 |
- foreach ($requested_modules as $mod) {
|
|
| 93 |
- if (isset($allmods[$mod])) {
|
|
| 94 |
- $modules[] = $mod; |
|
| 81 |
+ $username = filter_input_username($username); |
|
| 82 |
+ if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
|
|
| 83 |
+ // Username nicht enthalten (FALSE) oder nicht am Anfang (>0) |
|
| 84 |
+ system_failure("Ungültiger Benutzername!");
|
|
| 85 |
+ } |
|
| 86 |
+ |
|
| 87 |
+ if (!is_array($requested_modules)) {
|
|
| 88 |
+ system_failure("Module nicht als array erhalten!");
|
|
| 89 |
+ } |
|
| 90 |
+ DEBUG($requested_modules); |
|
| 91 |
+ $allmods = available_modules(); |
|
| 92 |
+ $modules = array(); |
|
| 93 |
+ foreach ($requested_modules as $mod) {
|
|
| 94 |
+ if (isset($allmods[$mod])) {
|
|
| 95 |
+ $modules[] = $mod; |
|
| 96 |
+ } |
|
| 97 |
+ } |
|
| 98 |
+ DEBUG($modules); |
|
| 99 |
+ if (count($modules) == 0) {
|
|
| 100 |
+ system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
|
|
| 95 | 101 |
} |
| 96 |
- } |
|
| 97 |
- DEBUG($modules); |
|
| 98 |
- if (count($modules) == 0) {
|
|
| 99 |
- system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
|
|
| 100 |
- } |
|
| 101 | 102 |
|
| 102 |
- $result = strong_password($password); |
|
| 103 |
- if ($result !== true) {
|
|
| 104 |
- system_failure("Unsicheres Passwort: ".$result);
|
|
| 105 |
- } |
|
| 103 |
+ $result = strong_password($password); |
|
| 104 |
+ if ($result !== true) {
|
|
| 105 |
+ system_failure("Unsicheres Passwort: ".$result);
|
|
| 106 |
+ } |
|
| 106 | 107 |
|
| 107 |
- $args = array(":uid" => $_SESSION['userinfo']['uid'],
|
|
| 108 |
+ $args = array(":uid" => $_SESSION['userinfo']['uid'],
|
|
| 108 | 109 |
":username" => $username, |
| 109 | 110 |
":password" => hash("sha256", $password),
|
| 110 | 111 |
":modules" => implode(',', $modules));
|
| 111 | 112 |
|
| 112 |
- db_query("INSERT INTO system.subusers (uid, username, password, modules) VALUES (:uid, :username, :password, :modules)", $args);
|
|
| 113 |
+ db_query("INSERT INTO system.subusers (uid, username, password, modules) VALUES (:uid, :username, :password, :modules)", $args);
|
|
| 113 | 114 |
} |
| 114 | 115 |
|
| 115 | 116 |
|
| 116 |
-function edit_subuser($id, $username, $requested_modules, $password) |
|
| 117 |
+function edit_subuser($id, $username, $requested_modules, $password) |
|
| 117 | 118 |
{
|
| 118 |
- $uid = (int) $_SESSION['userinfo']['uid']; |
|
| 119 |
- |
|
| 120 |
- $id = (int) $id; |
|
| 121 |
- $my_subusers = list_subusers(); |
|
| 122 |
- $valid = false; |
|
| 123 |
- foreach ($my_subusers as $x) {
|
|
| 124 |
- if ($x['id'] == $id) {
|
|
| 125 |
- $valid = true; |
|
| 119 |
+ $uid = (int) $_SESSION['userinfo']['uid']; |
|
| 120 |
+ |
|
| 121 |
+ $id = (int) $id; |
|
| 122 |
+ $my_subusers = list_subusers(); |
|
| 123 |
+ $valid = false; |
|
| 124 |
+ foreach ($my_subusers as $x) {
|
|
| 125 |
+ if ($x['id'] == $id) {
|
|
| 126 |
+ $valid = true; |
|
| 127 |
+ } |
|
| 126 | 128 |
} |
| 127 |
- } |
|
| 128 |
- if (!$valid) {
|
|
| 129 |
- system_failure("Kann diesen Account nicht finden!");
|
|
| 130 |
- } |
|
| 131 |
- |
|
| 132 |
- $username = filter_input_username($username); |
|
| 133 |
- if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
|
|
| 134 |
- // Username nicht enthalten (FALSE) oder nicht am Anfang (>0) |
|
| 135 |
- system_failure("Ungültiger Benutzername!");
|
|
| 136 |
- } |
|
| 137 |
- |
|
| 138 |
- |
|
| 139 |
- if (!is_array($requested_modules)) {
|
|
| 140 |
- system_failure("Module nicht als array erhalten!");
|
|
| 141 |
- } |
|
| 142 |
- $allmods = available_modules(); |
|
| 143 |
- $modules = array(); |
|
| 144 |
- foreach ($requested_modules as $mod) {
|
|
| 145 |
- if (isset($allmods[$mod])) {
|
|
| 146 |
- $modules[] = $mod; |
|
| 129 |
+ if (!$valid) {
|
|
| 130 |
+ system_failure("Kann diesen Account nicht finden!");
|
|
| 131 |
+ } |
|
| 132 |
+ |
|
| 133 |
+ $username = filter_input_username($username); |
|
| 134 |
+ if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
|
|
| 135 |
+ // Username nicht enthalten (FALSE) oder nicht am Anfang (>0) |
|
| 136 |
+ system_failure("Ungültiger Benutzername!");
|
|
| 137 |
+ } |
|
| 138 |
+ |
|
| 139 |
+ |
|
| 140 |
+ if (!is_array($requested_modules)) {
|
|
| 141 |
+ system_failure("Module nicht als array erhalten!");
|
|
| 142 |
+ } |
|
| 143 |
+ $allmods = available_modules(); |
|
| 144 |
+ $modules = array(); |
|
| 145 |
+ foreach ($requested_modules as $mod) {
|
|
| 146 |
+ if (isset($allmods[$mod])) {
|
|
| 147 |
+ $modules[] = $mod; |
|
| 148 |
+ } |
|
| 149 |
+ } |
|
| 150 |
+ if (count($modules) == 0) {
|
|
| 151 |
+ system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
|
|
| 147 | 152 |
} |
| 148 |
- } |
|
| 149 |
- if (count($modules) == 0) {
|
|
| 150 |
- system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
|
|
| 151 |
- } |
|
| 152 | 153 |
|
| 153 |
- $args = array(":uid" => $_SESSION['userinfo']['uid'],
|
|
| 154 |
+ $args = array(":uid" => $_SESSION['userinfo']['uid'],
|
|
| 154 | 155 |
":id" => $id, |
| 155 | 156 |
":username" => $username, |
| 156 | 157 |
":modules" => implode(',', $modules));
|
| 157 | 158 |
|
| 158 |
- $pwchange = ''; |
|
| 159 |
- if ($password) {
|
|
| 160 |
- $result = strong_password($password); |
|
| 161 |
- if ($result !== true) {
|
|
| 162 |
- system_failure("Unsicheres Passwort: ".$result);
|
|
| 159 |
+ $pwchange = ''; |
|
| 160 |
+ if ($password) {
|
|
| 161 |
+ $result = strong_password($password); |
|
| 162 |
+ if ($result !== true) {
|
|
| 163 |
+ system_failure("Unsicheres Passwort: ".$result);
|
|
| 164 |
+ } |
|
| 165 |
+ $args[':password'] = hash("sha256", $password);
|
|
| 166 |
+ $pwchange = ", password=:password"; |
|
| 163 | 167 |
} |
| 164 |
- $args[':password'] = hash("sha256", $password);
|
|
| 165 |
- $pwchange = ", password=:password"; |
|
| 166 |
- } |
|
| 167 | 168 |
|
| 168 | 169 |
|
| 169 |
- db_query("UPDATE system.subusers SET username=:username, modules=:modules{$pwchange} WHERE id=:id AND uid=:uid", $args);
|
|
| 170 |
+ db_query("UPDATE system.subusers SET username=:username, modules=:modules{$pwchange} WHERE id=:id AND uid=:uid", $args);
|
|
| 170 | 171 |
} |
| 171 |
- |
|
| 172 |
- |
|
| 173 |
- |
|
| 174 |
- |
|
| 175 |
- |
|
| 176 |
- |
Browse code
Referenzen auf cracklib entfernt
Bernd Wurst authored on 09/02/2018 05:58:06
Showing 1 changed files
| ... | ... |
@@ -101,7 +101,7 @@ function new_subuser($username, $requested_modules, $password) |
| 101 | 101 |
|
| 102 | 102 |
$result = strong_password($password); |
| 103 | 103 |
if ($result !== true) {
|
| 104 |
- system_failure("Unsicheres Passwort. Die Meldung von cracklib lautet: ".$result);
|
|
| 104 |
+ system_failure("Unsicheres Passwort: ".$result);
|
|
| 105 | 105 |
} |
| 106 | 106 |
|
| 107 | 107 |
$args = array(":uid" => $_SESSION['userinfo']['uid'],
|
| ... | ... |
@@ -159,7 +159,7 @@ function edit_subuser($id, $username, $requested_modules, $password) |
| 159 | 159 |
if ($password) {
|
| 160 | 160 |
$result = strong_password($password); |
| 161 | 161 |
if ($result !== true) {
|
| 162 |
- system_failure("Unsicheres Passwort. Die Meldung von cracklib lautet: ".$result);
|
|
| 162 |
+ system_failure("Unsicheres Passwort: ".$result);
|
|
| 163 | 163 |
} |
| 164 | 164 |
$args[':password'] = hash("sha256", $password);
|
| 165 | 165 |
$pwchange = ", password=:password"; |
Browse code
Copyright year update
Bernd Wurst authored on 13/01/2018 06:07:05
Showing 1 changed files
Browse code
Lizenzinfos in eigenes Modul ausgelagert und Copyright auf 2014 angepasst
Bernd Wurst authored on 08/02/2014 05:45:07
Showing 1 changed files
Browse code
Modul subusers auf prepared statements umgestellt / Typo
Bernd Wurst authored on 06/02/2014 09:18:48
Showing 1 changed files
| ... | ... |
@@ -23,7 +23,7 @@ require_once("inc/debug.php");
|
| 23 | 23 |
function list_subusers() |
| 24 | 24 |
{
|
| 25 | 25 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 26 |
- $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid}");
|
|
| 26 |
+ $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid=?", array($uid));
|
|
| 27 | 27 |
$subusers = array(); |
| 28 | 28 |
while ($item = $result->fetch()) |
| 29 | 29 |
{
|
| ... | ... |
@@ -36,10 +36,9 @@ function list_subusers() |
| 36 | 36 |
|
| 37 | 37 |
|
| 38 | 38 |
function load_subuser($id) {
|
| 39 |
- $id = (int) $id; |
|
| 40 |
- $uid = (int) $_SESSION['userinfo']['uid']; |
|
| 39 |
+ $args = array(":id" => $id, ":uid" => $_SESSION['userinfo']['uid']);
|
|
| 41 | 40 |
|
| 42 |
- $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid} AND id={$id}");
|
|
| 41 |
+ $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid=:uid AND id=:id", $args);
|
|
| 43 | 42 |
$item = $result->fetch(); |
| 44 | 43 |
$item['modules'] = explode(',', $item['modules']);
|
| 45 | 44 |
return $item; |
| ... | ... |
@@ -63,23 +62,22 @@ function available_modules() |
| 63 | 62 |
} |
| 64 | 63 |
|
| 65 | 64 |
function delete_subuser($id) {
|
| 66 |
- $id = (int) $id; |
|
| 67 |
- $uid = (int) $_SESSION['userinfo']['uid']; |
|
| 65 |
+ $args = array(":id" => $id, ":uid" => $_SESSION['userinfo']['uid']);
|
|
| 68 | 66 |
|
| 69 |
- db_query("DELETE FROM system.subusers WHERE id={$id} AND uid={$uid}");
|
|
| 67 |
+ db_query("DELETE FROM system.subusers WHERE id=:id AND uid=:uid", $args);
|
|
| 70 | 68 |
} |
| 71 | 69 |
|
| 72 | 70 |
function empty_subuser() |
| 73 | 71 |
{
|
| 74 |
- $subuser = array("id" => NULL, "username" => $_SESSION['userinfo']['username'].'_', "modules" => array('index'));
|
|
| 72 |
+ $subuser = array("id" => NULL,
|
|
| 73 |
+ "username" => $_SESSION['userinfo']['username'].'_', |
|
| 74 |
+ "modules" => array('index'));
|
|
| 75 | 75 |
return $subuser; |
| 76 | 76 |
} |
| 77 | 77 |
|
| 78 | 78 |
function new_subuser($username, $requested_modules, $password) |
| 79 | 79 |
{
|
| 80 |
- $uid = (int) $_SESSION['userinfo']['uid']; |
|
| 81 |
- |
|
| 82 |
- $username = db_escape_string(filter_input_username($username)); |
|
| 80 |
+ $username = filter_input_username($username); |
|
| 83 | 81 |
if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
|
| 84 | 82 |
// Username nicht enthalten (FALSE) oder nicht am Anfang (>0) |
| 85 | 83 |
system_failure("Ungültiger Benutzername!");
|
| ... | ... |
@@ -100,15 +98,18 @@ function new_subuser($username, $requested_modules, $password) |
| 100 | 98 |
if (count($modules) == 0) {
|
| 101 | 99 |
system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
|
| 102 | 100 |
} |
| 103 |
- $modules = db_escape_string(implode(',', $modules));
|
|
| 104 | 101 |
|
| 105 | 102 |
$result = strong_password($password); |
| 106 | 103 |
if ($result !== true) {
|
| 107 | 104 |
system_failure("Unsicheres Passwort. Die Meldung von cracklib lautet: ".$result);
|
| 108 | 105 |
} |
| 109 |
- $password = hash("sha256", $password);
|
|
| 110 | 106 |
|
| 111 |
- db_query("INSERT INTO system.subusers (uid, username, password, modules) VALUES ({$uid}, '{$username}', '{$password}', '{$modules}')");
|
|
| 107 |
+ $args = array(":uid" => $_SESSION['userinfo']['uid'],
|
|
| 108 |
+ ":username" => $username, |
|
| 109 |
+ ":password" => hash("sha256", $password),
|
|
| 110 |
+ ":modules" => implode(',', $modules));
|
|
| 111 |
+ |
|
| 112 |
+ db_query("INSERT INTO system.subusers (uid, username, password, modules) VALUES (:uid, :username, :password, :modules)", $args);
|
|
| 112 | 113 |
} |
| 113 | 114 |
|
| 114 | 115 |
|
| ... | ... |
@@ -128,7 +129,7 @@ function edit_subuser($id, $username, $requested_modules, $password) |
| 128 | 129 |
system_failure("Kann diesen Account nicht finden!");
|
| 129 | 130 |
} |
| 130 | 131 |
|
| 131 |
- $username = db_escape_string(filter_input_username($username)); |
|
| 132 |
+ $username = filter_input_username($username); |
|
| 132 | 133 |
if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
|
| 133 | 134 |
// Username nicht enthalten (FALSE) oder nicht am Anfang (>0) |
| 134 | 135 |
system_failure("Ungültiger Benutzername!");
|
| ... | ... |
@@ -148,20 +149,24 @@ function edit_subuser($id, $username, $requested_modules, $password) |
| 148 | 149 |
if (count($modules) == 0) {
|
| 149 | 150 |
system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
|
| 150 | 151 |
} |
| 151 |
- $modules = db_escape_string(implode(',', $modules));
|
|
| 152 | 152 |
|
| 153 |
+ $args = array(":uid" => $_SESSION['userinfo']['uid'],
|
|
| 154 |
+ ":id" => $id, |
|
| 155 |
+ ":username" => $username, |
|
| 156 |
+ ":modules" => implode(',', $modules));
|
|
| 157 |
+ |
|
| 153 | 158 |
$pwchange = ''; |
| 154 | 159 |
if ($password) {
|
| 155 | 160 |
$result = strong_password($password); |
| 156 | 161 |
if ($result !== true) {
|
| 157 | 162 |
system_failure("Unsicheres Passwort. Die Meldung von cracklib lautet: ".$result);
|
| 158 | 163 |
} |
| 159 |
- $password = hash("sha256", $password);
|
|
| 160 |
- $pwchange = ", password='{$password}'";
|
|
| 164 |
+ $args[':password'] = hash("sha256", $password);
|
|
| 165 |
+ $pwchange = ", password=:password"; |
|
| 161 | 166 |
} |
| 162 | 167 |
|
| 163 | 168 |
|
| 164 |
- db_query("UPDATE system.subusers SET username='{$username}', modules='{$modules}'{$pwchange} WHERE id={$id} AND uid={$uid}");
|
|
| 169 |
+ db_query("UPDATE system.subusers SET username=:username, modules=:modules{$pwchange} WHERE id=:id AND uid=:uid", $args);
|
|
| 165 | 170 |
} |
| 166 | 171 |
|
| 167 | 172 |
|
Browse code
Umstellung auf PDO-Datenbankverbindung
Bernd Wurst authored on 01/02/2014 18:38:23
Showing 1 changed files
| ... | ... |
@@ -25,7 +25,7 @@ function list_subusers() |
| 25 | 25 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 26 | 26 |
$result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid}");
|
| 27 | 27 |
$subusers = array(); |
| 28 |
- while ($item = mysql_fetch_assoc($result)) |
|
| 28 |
+ while ($item = $result->fetch()) |
|
| 29 | 29 |
{
|
| 30 | 30 |
$item['modules'] = explode(',', $item['modules']);
|
| 31 | 31 |
$subusers[] = $item; |
| ... | ... |
@@ -40,7 +40,7 @@ function load_subuser($id) {
|
| 40 | 40 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 41 | 41 |
|
| 42 | 42 |
$result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid} AND id={$id}");
|
| 43 |
- $item = mysql_fetch_assoc($result); |
|
| 43 |
+ $item = $result->fetch(); |
|
| 44 | 44 |
$item['modules'] = explode(',', $item['modules']);
|
| 45 | 45 |
return $item; |
| 46 | 46 |
} |
| ... | ... |
@@ -79,7 +79,7 @@ function new_subuser($username, $requested_modules, $password) |
| 79 | 79 |
{
|
| 80 | 80 |
$uid = (int) $_SESSION['userinfo']['uid']; |
| 81 | 81 |
|
| 82 |
- $username = mysql_real_escape_string(filter_input_username($username)); |
|
| 82 |
+ $username = db_escape_string(filter_input_username($username)); |
|
| 83 | 83 |
if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
|
| 84 | 84 |
// Username nicht enthalten (FALSE) oder nicht am Anfang (>0) |
| 85 | 85 |
system_failure("Ungültiger Benutzername!");
|
| ... | ... |
@@ -100,7 +100,7 @@ function new_subuser($username, $requested_modules, $password) |
| 100 | 100 |
if (count($modules) == 0) {
|
| 101 | 101 |
system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
|
| 102 | 102 |
} |
| 103 |
- $modules = mysql_real_escape_string(implode(',', $modules));
|
|
| 103 |
+ $modules = db_escape_string(implode(',', $modules));
|
|
| 104 | 104 |
|
| 105 | 105 |
$result = strong_password($password); |
| 106 | 106 |
if ($result !== true) {
|
| ... | ... |
@@ -128,7 +128,7 @@ function edit_subuser($id, $username, $requested_modules, $password) |
| 128 | 128 |
system_failure("Kann diesen Account nicht finden!");
|
| 129 | 129 |
} |
| 130 | 130 |
|
| 131 |
- $username = mysql_real_escape_string(filter_input_username($username)); |
|
| 131 |
+ $username = db_escape_string(filter_input_username($username)); |
|
| 132 | 132 |
if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
|
| 133 | 133 |
// Username nicht enthalten (FALSE) oder nicht am Anfang (>0) |
| 134 | 134 |
system_failure("Ungültiger Benutzername!");
|
| ... | ... |
@@ -148,7 +148,7 @@ function edit_subuser($id, $username, $requested_modules, $password) |
| 148 | 148 |
if (count($modules) == 0) {
|
| 149 | 149 |
system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
|
| 150 | 150 |
} |
| 151 |
- $modules = mysql_real_escape_string(implode(',', $modules));
|
|
| 151 |
+ $modules = db_escape_string(implode(',', $modules));
|
|
| 152 | 152 |
|
| 153 | 153 |
$pwchange = ''; |
| 154 | 154 |
if ($password) {
|
Browse code
Updated copyright notice (2012 => 2013)
Bernd Wurst authored on 19/01/2013 10:49:50
Showing 1 changed files
Browse code
changed subusers module to only require systemuser privileges
Bernd Wurst authored on 19/03/2012 13:49:43
Showing 1 changed files
| ... | ... |
@@ -14,7 +14,7 @@ http://creativecommons.org/publicdomain/zero/1.0/ |
| 14 | 14 |
Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
| 15 | 15 |
*/ |
| 16 | 16 |
|
| 17 |
-require_role(ROLE_SYSTEMUSER | ROLE_CUSTOMER); |
|
| 17 |
+require_role(ROLE_SYSTEMUSER); |
|
| 18 | 18 |
require_once("inc/base.php");
|
| 19 | 19 |
require_once("inc/security.php");
|
| 20 | 20 |
require_once("inc/debug.php");
|
Browse code
Added license tags for CC0, README and COPYING
Bernd Wurst authored on 11/03/2012 15:40:04
Showing 1 changed files
| ... | ... |
@@ -1,4 +1,19 @@ |
| 1 | 1 |
<?php |
| 2 |
+/* |
|
| 3 |
+This file belongs to the Webinterface of schokokeks.org Hosting |
|
| 4 |
+ |
|
| 5 |
+Written 2008-2012 by schokokeks.org Hosting, namely |
|
| 6 |
+ Bernd Wurst <bernd@schokokeks.org> |
|
| 7 |
+ Hanno Böck <hanno@schokokeks.org> |
|
| 8 |
+ |
|
| 9 |
+To the extent possible under law, the author(s) have dedicated all copyright and related and neighboring rights to this software to the public domain worldwide. This software is distributed without any warranty. |
|
| 10 |
+ |
|
| 11 |
+You should have received a copy of the CC0 Public Domain Dedication along with this software. If not, see |
|
| 12 |
+http://creativecommons.org/publicdomain/zero/1.0/ |
|
| 13 |
+ |
|
| 14 |
+Nevertheless, in case you use a significant part of this code, we ask (but not require, see the license) that you keep the authors' names in place and return your changes to the public. We would be especially happy if you tell us what you're going to do with this code. |
|
| 15 |
+*/ |
|
| 16 |
+ |
|
| 2 | 17 |
require_role(ROLE_SYSTEMUSER | ROLE_CUSTOMER); |
| 3 | 18 |
require_once("inc/base.php");
|
| 4 | 19 |
require_once("inc/security.php");
|
Browse code
Lese Modul-Infos aus den info-Dateien der Module
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@2225 87cf0b9e-d624-0410-a070-f6ee81989793
bernd authored on 08/03/2012 14:33:21
Showing 1 changed files
| ... | ... |
@@ -4,26 +4,6 @@ require_once("inc/base.php");
|
| 4 | 4 |
require_once("inc/security.php");
|
| 5 | 5 |
require_once("inc/debug.php");
|
| 6 | 6 |
|
| 7 |
-// FIXME: Das sollten die Module selbst irgendwo anbieten! |
|
| 8 |
-$modinfo = array( |
|
| 9 |
- "index" => "An- und Abmelden", |
|
| 10 |
- "domains" => "Liste der Domains anzeigen", |
|
| 11 |
- "dns" => "DNS-Einträge verändern", |
|
| 12 |
- "mysql" => "MySQL-Datenbanken verwalten", |
|
| 13 |
- "jabber" => "Jabber-Accouns verwalten", |
|
| 14 |
- "vhosts" => "Webserver-Konfiguration verwalten", |
|
| 15 |
- "systemuser" => "Daten des System-Benutzeraccounts einsehen/ändern", |
|
| 16 |
-// "su" => "Das Webinterface unter einem beliebigen anderen Account ausführen", |
|
| 17 |
- "email" => "E-Mail-Adressen und/oder IMAP-Accounts verwalten", |
|
| 18 |
- "webapps" => "Automatische Installation von Web-Anwendungen", |
|
| 19 |
- "greylisting" => "Ausnahmeliste für Greylisting verwalten", |
|
| 20 |
- "invoice" => "Fällige und kommende Rechnungen anzeigen", |
|
| 21 |
- "mailman" => "Mailinglisten verwalten", |
|
| 22 |
- "ftpusers" => "Zugriff per FTP verwalten", |
|
| 23 |
- "subusers" => "Zusätzliche Admin-Zugänge verwalten"); |
|
| 24 |
-// FIXME: Dependancies der Module sollte man auch irgendwo speichern. |
|
| 25 |
- |
|
| 26 |
- |
|
| 27 | 7 |
|
| 28 | 8 |
function list_subusers() |
| 29 | 9 |
{
|
| ... | ... |
@@ -53,12 +33,16 @@ function load_subuser($id) {
|
| 53 | 33 |
|
| 54 | 34 |
function available_modules() |
| 55 | 35 |
{
|
| 56 |
- global $modinfo; |
|
| 57 | 36 |
$modules = array(); |
| 58 |
- foreach (config('modules') as $mod)
|
|
| 37 |
+ $allmodules = get_modules_info(); |
|
| 38 |
+ |
|
| 39 |
+ // Das su-Modul ist hierfuer unwichtig |
|
| 40 |
+ unset($allmodules['su']); |
|
| 41 |
+ |
|
| 42 |
+ foreach ($allmodules as $modname => $modinfo) |
|
| 59 | 43 |
{
|
| 60 |
- if (isset($modinfo[$mod])) |
|
| 61 |
- $modules[$mod] = $modinfo[$mod]; |
|
| 44 |
+ if (isset($modinfo['permission'])) |
|
| 45 |
+ $modules[$modname] = $modinfo['permission']; |
|
| 62 | 46 |
} |
| 63 | 47 |
return $modules; |
| 64 | 48 |
} |
Browse code
Berechtigungen für Subuser neu gestaltet. Sind jetzt automatisch Kunde und Systemuser.
git-svn-id: https://svn.schokokeks.org/repos/tools/webinterface/trunk@2072 87cf0b9e-d624-0410-a070-f6ee81989793
bernd authored on 23/11/2011 11:33:20
Showing 1 changed files
Browse code
Subusers-Modul in einer ersten funktionsfähigen Version
Bernd Wurst authored on 23/11/2011 11:00:31
Showing 1 changed files
| 1 | 1 |
new file mode 100644 |
| ... | ... |
@@ -0,0 +1,171 @@ |
| 1 |
+<?php |
|
| 2 |
+require_once("inc/base.php");
|
|
| 3 |
+require_once("inc/security.php");
|
|
| 4 |
+require_once("inc/debug.php");
|
|
| 5 |
+ |
|
| 6 |
+// FIXME: Das sollten die Module selbst irgendwo anbieten! |
|
| 7 |
+$modinfo = array( |
|
| 8 |
+ "index" => "An- und Abmelden", |
|
| 9 |
+ "domains" => "Liste der Domains anzeigen", |
|
| 10 |
+ "dns" => "DNS-Einträge verändern", |
|
| 11 |
+ "mysql" => "MySQL-Datenbanken verwalten", |
|
| 12 |
+ "jabber" => "Jabber-Accouns verwalten", |
|
| 13 |
+ "vhosts" => "Webserver-Konfiguration verwalten", |
|
| 14 |
+ "systemuser" => "Daten des System-Benutzeraccounts einsehen/ändern", |
|
| 15 |
+// "su" => "Das Webinterface unter einem beliebigen anderen Account ausführen", |
|
| 16 |
+ "email" => "E-Mail-Adressen und/oder IMAP-Accounts verwalten", |
|
| 17 |
+ "webapps" => "Automatische Installation von Web-Anwendungen", |
|
| 18 |
+ "greylisting" => "Ausnahmeliste für Greylisting verwalten", |
|
| 19 |
+ "invoice" => "Fällige und kommende Rechnungen anzeigen", |
|
| 20 |
+ "mailman" => "Mailinglisten verwalten", |
|
| 21 |
+ "ftpusers" => "Zugriff per FTP verwalten", |
|
| 22 |
+ "subusers" => "Zusätzliche Admin-Zugänge verwalten"); |
|
| 23 |
+// FIXME: Dependancies der Module sollte man auch irgendwo speichern. |
|
| 24 |
+ |
|
| 25 |
+ |
|
| 26 |
+ |
|
| 27 |
+function list_subusers() |
|
| 28 |
+{
|
|
| 29 |
+ $uid = (int) $_SESSION['userinfo']['uid']; |
|
| 30 |
+ $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid}");
|
|
| 31 |
+ $subusers = array(); |
|
| 32 |
+ while ($item = mysql_fetch_assoc($result)) |
|
| 33 |
+ {
|
|
| 34 |
+ $item['modules'] = explode(',', $item['modules']);
|
|
| 35 |
+ $subusers[] = $item; |
|
| 36 |
+ } |
|
| 37 |
+ DEBUG($subusers); |
|
| 38 |
+ return $subusers; |
|
| 39 |
+} |
|
| 40 |
+ |
|
| 41 |
+ |
|
| 42 |
+function load_subuser($id) {
|
|
| 43 |
+ $id = (int) $id; |
|
| 44 |
+ $uid = (int) $_SESSION['userinfo']['uid']; |
|
| 45 |
+ |
|
| 46 |
+ $result = db_query("SELECT id, username, modules FROM system.subusers WHERE uid={$uid} AND id={$id}");
|
|
| 47 |
+ $item = mysql_fetch_assoc($result); |
|
| 48 |
+ $item['modules'] = explode(',', $item['modules']);
|
|
| 49 |
+ return $item; |
|
| 50 |
+} |
|
| 51 |
+ |
|
| 52 |
+ |
|
| 53 |
+function available_modules() |
|
| 54 |
+{
|
|
| 55 |
+ global $modinfo; |
|
| 56 |
+ $modules = array(); |
|
| 57 |
+ foreach (config('modules') as $mod)
|
|
| 58 |
+ {
|
|
| 59 |
+ if (isset($modinfo[$mod])) |
|
| 60 |
+ $modules[$mod] = $modinfo[$mod]; |
|
| 61 |
+ } |
|
| 62 |
+ return $modules; |
|
| 63 |
+} |
|
| 64 |
+ |
|
| 65 |
+function delete_subuser($id) {
|
|
| 66 |
+ $id = (int) $id; |
|
| 67 |
+ $uid = (int) $_SESSION['userinfo']['uid']; |
|
| 68 |
+ |
|
| 69 |
+ db_query("DELETE FROM system.subusers WHERE id={$id} AND uid={$uid}");
|
|
| 70 |
+} |
|
| 71 |
+ |
|
| 72 |
+function empty_subuser() |
|
| 73 |
+{
|
|
| 74 |
+ $subuser = array("id" => NULL, "username" => $_SESSION['userinfo']['username'].'_', "modules" => array('index'));
|
|
| 75 |
+ return $subuser; |
|
| 76 |
+} |
|
| 77 |
+ |
|
| 78 |
+function new_subuser($username, $requested_modules, $password) |
|
| 79 |
+{
|
|
| 80 |
+ $uid = (int) $_SESSION['userinfo']['uid']; |
|
| 81 |
+ |
|
| 82 |
+ $username = mysql_real_escape_string(filter_input_username($username)); |
|
| 83 |
+ if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
|
|
| 84 |
+ // Username nicht enthalten (FALSE) oder nicht am Anfang (>0) |
|
| 85 |
+ system_failure("Ungültiger Benutzername!");
|
|
| 86 |
+ } |
|
| 87 |
+ |
|
| 88 |
+ if (!is_array($requested_modules)) {
|
|
| 89 |
+ system_failure("Module nicht als array erhalten!");
|
|
| 90 |
+ } |
|
| 91 |
+ DEBUG($requested_modules); |
|
| 92 |
+ $allmods = available_modules(); |
|
| 93 |
+ $modules = array(); |
|
| 94 |
+ foreach ($requested_modules as $mod) {
|
|
| 95 |
+ if (isset($allmods[$mod])) {
|
|
| 96 |
+ $modules[] = $mod; |
|
| 97 |
+ } |
|
| 98 |
+ } |
|
| 99 |
+ DEBUG($modules); |
|
| 100 |
+ if (count($modules) == 0) {
|
|
| 101 |
+ system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
|
|
| 102 |
+ } |
|
| 103 |
+ $modules = mysql_real_escape_string(implode(',', $modules));
|
|
| 104 |
+ |
|
| 105 |
+ $result = strong_password($password); |
|
| 106 |
+ if ($result !== true) {
|
|
| 107 |
+ system_failure("Unsicheres Passwort. Die Meldung von cracklib lautet: ".$result);
|
|
| 108 |
+ } |
|
| 109 |
+ $password = hash("sha256", $password);
|
|
| 110 |
+ |
|
| 111 |
+ db_query("INSERT INTO system.subusers (uid, username, password, modules) VALUES ({$uid}, '{$username}', '{$password}', '{$modules}')");
|
|
| 112 |
+} |
|
| 113 |
+ |
|
| 114 |
+ |
|
| 115 |
+function edit_subuser($id, $username, $requested_modules, $password) |
|
| 116 |
+{
|
|
| 117 |
+ $uid = (int) $_SESSION['userinfo']['uid']; |
|
| 118 |
+ |
|
| 119 |
+ $id = (int) $id; |
|
| 120 |
+ $my_subusers = list_subusers(); |
|
| 121 |
+ $valid = false; |
|
| 122 |
+ foreach ($my_subusers as $x) {
|
|
| 123 |
+ if ($x['id'] == $id) {
|
|
| 124 |
+ $valid = true; |
|
| 125 |
+ } |
|
| 126 |
+ } |
|
| 127 |
+ if (!$valid) {
|
|
| 128 |
+ system_failure("Kann diesen Account nicht finden!");
|
|
| 129 |
+ } |
|
| 130 |
+ |
|
| 131 |
+ $username = mysql_real_escape_string(filter_input_username($username)); |
|
| 132 |
+ if (strpos($username, $_SESSION['userinfo']['username']) !== 0) {
|
|
| 133 |
+ // Username nicht enthalten (FALSE) oder nicht am Anfang (>0) |
|
| 134 |
+ system_failure("Ungültiger Benutzername!");
|
|
| 135 |
+ } |
|
| 136 |
+ |
|
| 137 |
+ |
|
| 138 |
+ if (!is_array($requested_modules)) {
|
|
| 139 |
+ system_failure("Module nicht als array erhalten!");
|
|
| 140 |
+ } |
|
| 141 |
+ $allmods = available_modules(); |
|
| 142 |
+ $modules = array(); |
|
| 143 |
+ foreach ($requested_modules as $mod) {
|
|
| 144 |
+ if (isset($allmods[$mod])) {
|
|
| 145 |
+ $modules[] = $mod; |
|
| 146 |
+ } |
|
| 147 |
+ } |
|
| 148 |
+ if (count($modules) == 0) {
|
|
| 149 |
+ system_failure("Es sind (nach der Filterung) keine Module mehr übrig!");
|
|
| 150 |
+ } |
|
| 151 |
+ $modules = mysql_real_escape_string(implode(',', $modules));
|
|
| 152 |
+ |
|
| 153 |
+ $pwchange = ''; |
|
| 154 |
+ if ($password) {
|
|
| 155 |
+ $result = strong_password($password); |
|
| 156 |
+ if ($result !== true) {
|
|
| 157 |
+ system_failure("Unsicheres Passwort. Die Meldung von cracklib lautet: ".$result);
|
|
| 158 |
+ } |
|
| 159 |
+ $password = hash("sha256", $password);
|
|
| 160 |
+ $pwchange = ", password='{$password}'";
|
|
| 161 |
+ } |
|
| 162 |
+ |
|
| 163 |
+ |
|
| 164 |
+ db_query("UPDATE system.subusers SET username='{$username}', modules='{$modules}'{$pwchange} WHERE id={$id} AND uid={$uid}");
|
|
| 165 |
+} |
|
| 166 |
+ |
|
| 167 |
+ |
|
| 168 |
+ |
|
| 169 |
+ |
|
| 170 |
+ |
|
| 171 |
+ |