Changeset 102
- Timestamp:
- 31/05/05 09:29:13 (4 years ago)
- Files:
-
- TODO (modified) (3 diffs)
- admin.lib.php (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
- Modified
- Copied
- Moved
TODO
r99 r102 3 3 Bugs to be fixed 4 4 ---------------- 5 * Fix login process - password errors currently result in the login box being printed in the wrong place 5 * Change from using md5() to crypt() for passwords - using md5() makes it 6 obvious if you're using the same password as someone else. Dez will do this 7 later today. 6 8 7 9 Bugs that have been fixed 8 10 ------------------------- 9 11 * Fixed in rev 95: CRITICAL - any user can edit any other user's blog entries 10 * 95: SEVERE - blog entry short-titles should not have to be unique across the whole blog system - they should use the username too 12 * 95: SEVERE - blog entry short-titles should not have to be unique across 13 the whole blog system - they should use the username too 14 * 102: Fix login process - password errors currently result in the login box 15 being printed in the wrong place 11 16 12 17 New Features … … 14 19 * Posting of new entries [DONE] 15 20 * Edit existing entries [DONE] 21 * Edit user settings [DONE] 22 * Nice listing of posts to edit, so you dont have to know what they are called [DONE] 16 23 * Delete entries 17 24 * Manage comments (delete, approve and so forth) 18 * Edit user settings [form done]19 * Nice listing of posts to edit, so you dont have to know what they are called [DONE]20 25 21 26 Wishlist … … 24 29 * Set up Trac to manage this project 25 30 * Allow each blogger to use their own set of categories for entries. However 26 long you make the list, you're not going to cover everything and it would27 be cumbersome to find the right category. I think it would be better to let28 users choose their own categories appropriate to their blog.31 long you make the list, you're not going to cover everything and it would 32 be cumbersome to find the right category. I think it would be better to let 33 users choose their own categories appropriate to their blog. admin.lib.php
r101 r102 103 103 } 104 104 if($this->sessionError) { 105 $this->printLoginForm();105 //$this->printLoginForm(); 106 106 } 107 107 else { … … 110 110 if ($sqlNum != 1) { 111 111 $this->sessionError=_("Invalid Username or Password"); 112 $this->printLoginForm();112 //$this->printLoginForm(); 113 113 } 114 114 else { … … 301 301 function updateSettings() 302 302 { 303 //to be written 303 $name = ''; 304 $title = ''; 305 $description = ''; 306 $css = 'blog.css'; 307 308 //sanitise name 309 if (isset($_POST['name']) && trim($_POST['name']) != "" && (int)$_POST['name'] == 0) { 310 $name = addslashes(urldecode($_POST['name'])); 311 } else { 312 $this->inputError = _("Bad Input - Realname"); 313 $err = 1; 314 } 315 316 //sanitise title 317 if (isset($_POST['title']) && trim($_POST['title']) != "" && (int)$_POST['title'] == 0) { 318 $title = addslashes(urldecode($_POST['title'])); 319 } else { 320 $this->inputError = _("Bad Input - Title"); 321 $err = 1; 322 } 323 324 //sanitise description 325 if (isset($_POST['description']) && trim($_POST['description']) != "" && (int)$_POST['description'] == 0) { 326 $description = addslashes(urldecode($_POST['description'])); 327 } else { 328 $this->inputError = _("Bad Input - Description"); 329 $err = 1; 330 } 331 332 //sanitise css 333 if (isset($_POST['css'])) { // if its not set its defaulted... 334 if (trim($_POST['css']) != "" && (int)$_POST['css'] == 0 && is_file($_POST['css'])) { 335 $css = $_POST['css']; 336 } else { 337 $this->inputError = _("Bad Input - CSS location"); 338 $err = 1; 339 } 340 } 341 342 //sanitise password and encrypt 343 if ($_POST['pass1'] != "") { 344 if ((isset($_POST['pass1']) && trim($_POST['pass1']) != "" && (int)$_POST['pass1'] == 0) && ($_POST['pass1']==$_POST['pass2'])) { 345 $password = md5($_POST['pass1']); 346 $setpass = true; 347 } else { 348 $this->inputError = _("Bad Input - Password"); 349 $err = 1; 350 } 351 } else { 352 $setpass = false; 353 } 354 355 if ($err == 0) { // and update... 356 $query = "UPDATE USERS SET name='{$name}', title='{$title}', description='{$description}', css='{$css}'"; 357 if ($setpass) $query .= ", password='{$password}'"; 358 $query .= " WHERE username='{$this->userName}';"; 359 if (!db_query($query)) { 360 error(2,_("Database Insertion failed.")); 361 } else { 362 print(_("User updated")); 363 } 364 } else { 365 error(4,$this->inputError); 366 } 304 367 } 305 368
