|
|
d6e8d8 |
|
|
|
d6e8d8 |
# Mantis - a php based bugtracking system
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
# Copyright (C) 2000 - 2002 Kenzaburo Ito - kenito@300baud.org
|
|
|
d6e8d8 |
# Copyright (C) 2002 - 2007 Mantis Team - mantisbt-dev@lists.sourceforge.net
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
# Mantis is free software: you can redistribute it and/or modify
|
|
|
d6e8d8 |
# it under the terms of the GNU General Public License as published by
|
|
|
d6e8d8 |
# the Free Software Foundation, either version 2 of the License, or
|
|
|
d6e8d8 |
# (at your option) any later version.
|
|
|
d6e8d8 |
#
|
|
|
d6e8d8 |
# Mantis is distributed in the hope that it will be useful,
|
|
|
d6e8d8 |
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
d6e8d8 |
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
d6e8d8 |
# GNU General Public License for more details.
|
|
|
d6e8d8 |
#
|
|
|
d6e8d8 |
# You should have received a copy of the GNU General Public License
|
|
|
d6e8d8 |
# along with Mantis. If not, see <http://www.gnu.org/licenses/>.
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
#------------------------------
|
|
|
d6e8d8 |
# $Revision: 2643 $
|
|
|
d6e8d8 |
# $Author: al $
|
|
|
d6e8d8 |
# $Date: 2009-06-18 19:06:27 -0400 (Thu, 18 Jun 2009) $
|
|
|
d6e8d8 |
#------------------------------
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
require_once( 'core.php' );
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
$t_core_path = config_get( 'core_path' );
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
require_once( $t_core_path.'email_api.php' );
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
auth_reauthenticate();
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
form_security_validate('manage_user_update');
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
access_ensure_global_level( config_get( 'manage_user_threshold' ) );
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
$f_protected = gpc_get_bool( 'protected' );
|
|
|
d6e8d8 |
$f_enabled = gpc_get_bool( 'enabled' );
|
|
|
d6e8d8 |
$f_email = gpc_get_string( 'email', '' );
|
|
|
d6e8d8 |
$f_username = gpc_get_string( 'username', '' );
|
|
|
d6e8d8 |
$f_realname = gpc_get_string( 'realname', '' );
|
|
|
d6e8d8 |
$f_access_level = gpc_get_int( 'access_level' );
|
|
|
d6e8d8 |
$f_user_id = gpc_get_int( 'user_id' );
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
$f_email = trim( $f_email );
|
|
|
d6e8d8 |
$f_username = trim( $f_username );
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
$t_old_username = user_get_field( $f_user_id, 'username' );
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
# check that the username is unique
|
|
|
d6e8d8 |
if ( 0 != strcasecmp( $t_old_username, $f_username )
|
|
|
d6e8d8 |
&& false == user_is_name_unique( $f_username ) ) {
|
|
|
d6e8d8 |
trigger_error( ERROR_USER_NAME_NOT_UNIQUE, ERROR );
|
|
|
d6e8d8 |
}
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
user_ensure_name_valid( $f_username );
|
|
|
d6e8d8 |
user_ensure_realname_valid( $f_realname );
|
|
|
d6e8d8 |
user_ensure_realname_unique( $f_username, $f_realname );
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
$f_email = email_append_domain( $f_email );
|
|
|
d6e8d8 |
email_ensure_valid( $f_email );
|
|
|
d6e8d8 |
email_ensure_not_disposable( $f_email );
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
$c_email = db_prepare_string( $f_email );
|
|
|
d6e8d8 |
$c_username = db_prepare_string( $f_username );
|
|
|
d6e8d8 |
$c_realname = db_prepare_string( $f_realname );
|
|
|
d6e8d8 |
$c_protected = db_prepare_bool( $f_protected );
|
|
|
d6e8d8 |
$c_enabled = db_prepare_bool( $f_enabled );
|
|
|
d6e8d8 |
$c_user_id = db_prepare_int( $f_user_id );
|
|
|
d6e8d8 |
$c_access_level = db_prepare_int( $f_access_level );
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
$t_user_table = config_get( 'mantis_user_table' );
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
$t_old_protected = user_get_field( $f_user_id, 'protected' );
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
# check that we are not downgrading the last administrator
|
|
|
d6e8d8 |
$t_old_access = user_get_field( $f_user_id, 'access_level' );
|
|
|
d6e8d8 |
if ( ( ADMINISTRATOR == $t_old_access ) && ( $t_old_access <> $f_access_level ) && ( 1 >= user_count_level( ADMINISTRATOR ) ) ) {
|
|
|
d6e8d8 |
trigger_error( ERROR_USER_CHANGE_LAST_ADMIN, ERROR );
|
|
|
d6e8d8 |
}
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
# Project specific access rights override global levels, hence, for users who are changed
|
|
|
d6e8d8 |
# to be administrators, we have to remove project specific rights.
|
|
|
d6e8d8 |
if ( ( $c_access_level >= ADMINISTRATOR ) && ( !user_is_administrator( $c_user_id ) ) ) {
|
|
|
d6e8d8 |
user_delete_project_specific_access_levels( $c_user_id );
|
|
|
d6e8d8 |
}
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
# if the user is already protected and the admin is not removing the
|
|
|
d6e8d8 |
# protected flag then don't update the access level and enabled flag.
|
|
|
d6e8d8 |
# If the user was unprotected or the protected flag is being turned off
|
|
|
d6e8d8 |
# then proceed with a full update.
|
|
|
d6e8d8 |
if ( $f_protected && $t_old_protected ) {
|
|
|
d6e8d8 |
$query = "UPDATE $t_user_table
|
|
|
d6e8d8 |
SET username='$c_username', email='$c_email',
|
|
|
d6e8d8 |
protected='$c_protected', realname='$c_realname'
|
|
|
d6e8d8 |
WHERE id='$c_user_id'";
|
|
|
d6e8d8 |
} else {
|
|
|
d6e8d8 |
$query = "UPDATE $t_user_table
|
|
|
d6e8d8 |
SET username='$c_username', email='$c_email',
|
|
|
d6e8d8 |
access_level='$c_access_level', enabled='$c_enabled',
|
|
|
d6e8d8 |
protected='$c_protected', realname='$c_realname'
|
|
|
d6e8d8 |
WHERE id='$c_user_id'";
|
|
|
d6e8d8 |
}
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
$result = db_query( $query );
|
|
|
d6e8d8 |
$t_redirect_url = 'manage_user_edit_page.php?user_id=' . $c_user_id;
|
|
|
d6e8d8 |
?>
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
if ( $result ) {
|
|
|
d6e8d8 |
html_meta_redirect( $t_redirect_url );
|
|
|
d6e8d8 |
}
|
|
|
d6e8d8 |
?>
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
if ( $f_protected && $t_old_protected ) { # PROTECTED
|
|
|
d6e8d8 |
echo '' . lang_get( 'manage_user_protected_msg' ) . ' ';
|
|
|
d6e8d8 |
} else if ( $result ) { # SUCCESS
|
|
|
d6e8d8 |
echo '' . lang_get( 'operation_successful' ) . ' ';
|
|
|
d6e8d8 |
} else { # FAILURE
|
|
|
d6e8d8 |
echo '' . print_sql_error( $query ) . ' ';
|
|
|
d6e8d8 |
}
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
print_bracket_link( $t_redirect_url, lang_get( 'proceed' ) );
|
|
|
d6e8d8 |
?>
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
|
|
|
d6e8d8 |
|