Navigation

← Previous Changeset
Next Changeset →

Changeset 192

Timestamp:

08/09/06 15:44:02 (2 years ago)

Author:

rollercow

Message:

More small sanity changes

Files:

admin.lib.php (modified) (11 diffs)

Legend:

: Unmodified
: Added
: Removed
: Modified
: Copied
: Moved

admin.lib.php

r191	r192
725	725	echo "</select><br />\n";
726	726	echo "<input type=\"submit\" name=\"delete\" value=\"Delete selected\" />\n";
	727	echo "</form>\n";
	728	//close and start a new form, so pressing enter in the 2nd bit of the form submits with addnew rather than delete
	729	echo "<form name=\"emailform\" id=\"emailform\" action=\"".$this->adminPath."updateauthusers\" method=\"post\">\n";
727	730	echo "<h3>"._("Add Address")."</h3>\n";
728	731	echo "<input type=\"text\" name=\"name\" id=\"name\" />\n";
…	…
734	737	echo "</div>\n";
735	738	}
736		~~//got here, need to check for valid email address and such before hitting the db~~
737	739	//udates the list of authorised users.
738	740	function updateAuthorisedUsers($quiet=FALSE) {
	741	//hack so we get error returned from validEmail
	742	global $error;
	743	//if we have a delete action
739	744	if(isset($_POST['delete'])) {
740	745	if (count($_POST['emaillist'])==0) {
…	…
743	748	$del = "(";
744	749	foreach($_POST['emaillist'] as $addr) {
745		$del .= "email='$addr' OR ";
	750	if(validEmail($addr)) {
	751	$del .= "email='$addr' OR ";
	752	} else {
	753	error(2,_("Invalid email address : ".$error));
	754	return;
	755	}
746	756	}
747	757	$del = substr($del, 0, -4).")";
…	…
754	764	}
755	765	}
756		} elseif(isset($_POST['addnew'])) {
757		if(trim($_POST['name'])=="") {
758		$error = _("Check name");
	766	}
	767	//if we have a add action
	768	elseif(isset($_POST['addnew'])) {
	769	if(trim($_POST['name'])=="" or !eregi("^([a-z0-9]+([:space:][a-z0-9]*))$",trim($_POST['name']))) {
	770	$this->error = _("Check name");
759	771	}
760	772	if(!validEmail($_POST['email'])) {
761		$~~error = _("Check e-mail address"~~);
762		}
763		if($error==""){
	773	$this->error = _("Invalid e-mail address : ".$error);
	774	}
	775	if($this->error==""){
764	776	$name = addslashes(trim($_POST['name']));
765	777	$email = addslashes(trim($_POST['email']));
…	…
770	782	echo "<div class=\"updateinfo\">"._("Address added")."</div>\n";
771	783	}
	784	}
	785	else {
	786	error(3,$this->error);
772	787	}
773	788	}
…	…
825	840	error(4, _("No entries marked for deletion."));
826	841	} else {
827		~~//Need to check the entries exist first~~
828	842	if ($_REQUEST[submit]==_("Yes")) {
829	843	$sql = "DELETE FROM entries WHERE (";
…	…
834	848	$sql .= ") AND user_id = {$this->id};";
835	849	db_query($sql);
836		echo ~~count($_POST['entry']~~)._(" post(s) deleted");
	850	echo db_affected_rows($sql)._(" post(s) deleted");
837	851	} else {
838	852	error(4, _("Entries not deleted."));
…	…
859	873	$description = '';
860	874	//sanitise username
861		if (~~isset($_POST['username']) && trim($_POST['username']) != "" && (int)$_POST['username'] == 0~~) {
	875	if (trim($_POST['username']) != "") {
862	876	if (safeuname($_POST['username'])) {
863		$username = ~~addslashes(trim(strip_tags($_POST['username'])))~~;
	877	$username = $_POST['username'];
864	878	} else {
865		$this->inputError = _("Invalid Username Provided");
866		}
867		} else {
868		$this->inputError = _("No Username Provided");
869		}
870		//sanitise name
871		if (isset($_POST['name']) && trim($_POST['name']) != "" && (int)$_POST['name'] == 0) {
872		$name = addslashes(trim(strip_tags($_POST['name'])));
873		} else {
874		$this->inputError = _("No Real Name Provided");
875		}
876		//sanitise title
877		if (isset($_POST['title']) && trim($_POST['title']) != "" && (int)$_POST['title'] == 0) {
	879	$this->error = _("Invalid Username Provided");
	880	}
	881	} else {
	882	$this->error = _("No Username Provided");
	883	}
	884	//sanitise name, perhaps a bit too strict?
	885	if (trim($_POST['name'])) {
	886	if (eregi("^([a-z]+([:space:][a-z]*))$",trim($_POST['name']))) {
	887	$name = trim($_POST['name']);
	888	}
	889	else {
	890	$this->error = _("Invalid Name Provided");
	891	}
	892	} else {
	893	$this->error = _("No Real Name Provided");
	894	}
	895	//sanitise title, regexp? ^([a-z0-9]+([:space:][a-z0-9]*))$ as a base form and '\', '-', '.', ',', ':', ';', '?', '!'
	896	if (isset($_POST['title']) && trim($_POST['title']) != "") {
878	897	$title = addslashes(trim(strip_tags($_POST['title'])));
879	898	} else {
880		$this->~~inputE~~rror = _("No Title Provided");
881		}
882		//sanitise description
883		if (isset($_POST['description']) && trim($_POST['description']) != "" ~~&& (int)$_POST['description'] == 0~~) {
	899	$this->error = _("No Title Provided");
	900	}
	901	//sanitise description, same check as title gets
	902	if (isset($_POST['description']) && trim($_POST['description']) != "") {
884	903	$description = addslashes(trim(strip_tags($_POST['description'])));
885	904	} else {
886		$this->~~inputE~~rror = _("No Description Provided");
	905	$this->error = _("No Description Provided");
887	906	}
888	907	//check the user doesn't already exist
…	…
890	909	$sqlNum = db_num_rows($sql);
891	910	if ($sqlNum != 0) {
892		$this->~~inputE~~rror = _("Username already in use!");
	911	$this->error = _("Username already in use!");
893	912	}
894	913	//check there is a system user with this name (ie if they are a sucs member)
895	914	if(!posix_getpwnam($username)) {
896		$this->~~inputE~~rror = _("You need to be a SUCS member to sign up for a blog here!");
	915	$this->error = _("You need to be a SUCS member to sign up for a blog here!");
897	916	} else {
898	917	//check the user is a member of the users, staff or socieys groups
899	918	$posixInfo = posix_getpwnam($username);
900	919	if ($posixInfo[gid] != 100 && $posixInfo[gid] != 106 && $posixInfo[gid] != 113) {
901		$this->~~inputE~~rror = _("Err, No, Your not realy a system user now are you?");
	920	$this->error = _("Err, No, Your not realy a system user now are you?");
902	921	}
903	922	}
904	923	//if we dont have any errors
905		if (!$this->~~inputE~~rror) {
	924	if (!$this->error) {
906	925	//encrypt the password
907	926	$cryptPassword = crypt($password);
…	…
933	952	function addUserForm() {
934	953	echo "<div class=\"entry\">\n";
935		if ($this->~~inputE~~rror != "") {
936		echo "<div class=\"errorinfo\">"._("Error")." : " . $this->~~inputE~~rror . "</div>\n";
	954	if ($this->error != "") {
	955	echo "<div class=\"errorinfo\">"._("Error")." : " . $this->error . "</div>\n";
937	956	}
938	957	echo "<h2>"._("Register for a Blog")."</h2>\n";
…	…
940	959	echo "<form action=\"".$this->adminPath."adduser\" method=\"post\" id=\"adduserform\">\n";
941	960	echo "<p>\n";
942		echo "<input type=\"text\" name=\"username\" id=\"username\" value=\"" . (($this->~~inputE~~rror != "") ? strip_tags(trim($_POST['username'])) : "") . "\" size=\"30\" maxlength=\"60\" tabindex=\"1\" />\n";
	961	echo "<input type=\"text\" name=\"username\" id=\"username\" value=\"" . (($this->error != "") ? strip_tags(trim($_POST['username'])) : "") . "\" size=\"30\" maxlength=\"60\" tabindex=\"1\" />\n";
943	962	echo "<label for=\"username\">"._("Username")."</label>\n";
944	963	echo "</p>\n";
945	964	echo "<p>\n";
946		echo "<input type=\"text\" name=\"name\" id=\"name\" value=\"" . (($this->~~inputE~~rror != "") ? strip_tags(trim($_POST['name'])) : "") . "\" size=\"30\" maxlength=\"60\" tabindex=\"2\" />\n";
	965	echo "<input type=\"text\" name=\"name\" id=\"name\" value=\"" . (($this->error != "") ? strip_tags(trim($_POST['name'])) : "") . "\" size=\"30\" maxlength=\"60\" tabindex=\"2\" />\n";
947	966	echo "<label for=\"name\">"._("Real name")."</label>\n";
948	967	echo "</p>\n";
949	968	echo "<p>\n";
950		echo "<input type=\"text\" name=\"title\" id=\"title\" value=\"" . (($this->~~inputE~~rror != "") ? strip_tags(trim($_POST['title'])) : "") . "\" size=\"30\" maxlength=\"60\" tabindex=\"3\" />\n";
	969	echo "<input type=\"text\" name=\"title\" id=\"title\" value=\"" . (($this->error != "") ? strip_tags(trim($_POST['title'])) : "") . "\" size=\"30\" maxlength=\"60\" tabindex=\"3\" />\n";
951	970	echo "<label for=\"title\">"._("Title")."</label>\n";
952	971	echo "</p>\n";
953	972	echo "<p>\n";
954		echo "<input type=\"text\" name=\"description\" id=\"description\" value=\"" . (($this->~~inputE~~rror != "") ? strip_tags(trim($_POST['description'])) : "") . "\" size=\"30\" maxlength=\"60\" tabindex=\"4\" />\n";
	973	echo "<input type=\"text\" name=\"description\" id=\"description\" value=\"" . (($this->error != "") ? strip_tags(trim($_POST['description'])) : "") . "\" size=\"30\" maxlength=\"60\" tabindex=\"4\" />\n";
955	974	echo "<label for=\"title\">"._("Description")."</label>\n";
956	975	echo "</p>\n";

Navigation

Changeset 192

Legend:

admin.lib.php

Download in other formats: