"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "mrbs-1.9.4/web/edit_users.php" between
mrbs-1.9.4.tar.gz and mrbs-1.10.0.tar.gz

About: MRBS is a web application for booking meeting rooms or other resources (using PHP and MySQL/pgsql).

[ To the main mrbs source changes report ]

edit_users.php  (mrbs-1.9.4):edit_users.php  (mrbs-1.10.0)
skipping to change at line 63 skipping to change at line 63
$action = get_form_var('action', 'string'); $action = get_form_var('action', 'string');
$id = get_form_var('id', 'int'); $id = get_form_var('id', 'int');
$password0 = get_form_var('password0', 'string', null, INPUT_POST); $password0 = get_form_var('password0', 'string', null, INPUT_POST);
$password1 = get_form_var('password1', 'string', null, INPUT_POST); $password1 = get_form_var('password1', 'string', null, INPUT_POST);
$invalid_email = get_form_var('invalid_email', 'int'); $invalid_email = get_form_var('invalid_email', 'int');
$name_empty = get_form_var('name_empty', 'int'); $name_empty = get_form_var('name_empty', 'int');
$name_not_unique = get_form_var('name_not_unique', 'int'); $name_not_unique = get_form_var('name_not_unique', 'int');
$taken_name = get_form_var('taken_name', 'string'); $taken_name = get_form_var('taken_name', 'string');
$pwd_not_match = get_form_var('pwd_not_match', 'string'); $pwd_not_match = get_form_var('pwd_not_match', 'string');
$pwd_invalid = get_form_var('pwd_invalid', 'string'); $pwd_invalid = get_form_var('pwd_invalid', 'string');
$invalid_dates = get_form_var('invalid_dates', 'array');
$datatable = get_form_var('datatable', 'int'); // Will only be set if we're usi ng DataTables $datatable = get_form_var('datatable', 'int'); // Will only be set if we're usi ng DataTables
$back_button = get_form_var('back_button', 'string'); $back_button = get_form_var('back_button', 'string');
$delete_button = get_form_var('delete_button', 'string'); $delete_button = get_form_var('delete_button', 'string');
$edit_button = get_form_var('edit_button', 'string'); $edit_button = get_form_var('edit_button', 'string');
$update_button = get_form_var('update_button', 'string'); $update_button = get_form_var('update_button', 'string');
if (isset($back_button)) if (isset($back_button))
{ {
unset($action); unset($action);
} }
skipping to change at line 216 skipping to change at line 217
case 'email': case 'email':
// we don't want to truncate the email address // we don't want to truncate the email address
$escaped_email = htmlspecialchars($col_value); $escaped_email = htmlspecialchars($col_value);
$values[] = "<div class=\"string\">\n" . $values[] = "<div class=\"string\">\n" .
"<a href=\"mailto:$escaped_email\">$escaped_email</a>\n" . "<a href=\"mailto:$escaped_email\">$escaped_email</a>\n" .
"</div>\n"; "</div>\n";
break; break;
case 'timestamp': case 'timestamp':
// Convert the SQL timestamp into a time value and back into a localis ed string and // Convert the SQL timestamp into a time value and back into a localis ed string and
// put the UNIX timestamp in a span so that the JavaScript can sort it properly. // put the UNIX timestamp in a span so that the JavaScript can sort it properly.
$unix_timestamp = strtotime($col_value); $unix_timestamp = (isset($col_value)) ? strtotime($col_value) : 0;
if (($unix_timestamp === false) || ($unix_timestamp < 0)) if (($unix_timestamp === false) || ($unix_timestamp < 0))
{ {
// To cater for timestamps before the start of the Unix Epoch // To cater for timestamps before the start of the Unix Epoch
$unix_timestamp = 0; $unix_timestamp = 0;
} }
$values[] = "<span title=\"$unix_timestamp\"></span>" . $values[] = "<span title=\"$unix_timestamp\"></span>" .
(($unix_timestamp) ? time_date_string($unix_timestamp) : ' '); (($unix_timestamp) ? time_date_string($unix_timestamp) : ' ');
break; break;
case 'last_login': case 'last_login':
$values[] = "<span title=\"$col_value\"></span>" . $values[] = "<span title=\"$col_value\"></span>" .
skipping to change at line 259 skipping to change at line 260
$values[] = (!empty($col_value)) ? "<img src=\"images/check.png\" al t=\"check mark\" width=\"16\" height=\"16\">" : "&nbsp;"; $values[] = (!empty($col_value)) ? "<img src=\"images/check.png\" al t=\"check mark\" width=\"16\" height=\"16\">" : "&nbsp;";
} }
elseif (($field['nature'] == 'integer') && isset($field['length']) && ($field['length'] > 2)) elseif (($field['nature'] == 'integer') && isset($field['length']) && ($field['length'] > 2))
{ {
// integer values // integer values
$values[] = $col_value; $values[] = $col_value;
} }
else else
{ {
// strings // strings
if (!isset($col_value))
{
$col_value = '';
}
$values[] = "<div class=\"string\" title=\"" . htmlspecialchars($col _value) . "\">" . $values[] = "<div class=\"string\" title=\"" . htmlspecialchars($col _value) . "\">" .
htmlspecialchars($col_value) . "</div>"; htmlspecialchars($col_value) . "</div>";
} }
break; break;
} // end switch } // end switch
} }
} // end foreach } // end foreach
if ($is_ajax) if ($is_ajax)
{ {
skipping to change at line 374 skipping to change at line 379
if (null !== ($maxlength = maxlength('users.email'))) if (null !== ($maxlength = maxlength('users.email')))
{ {
$field->setControlAttribute('maxlength', $maxlength); $field->setControlAttribute('maxlength', $maxlength);
} }
return $field; return $field;
} }
function get_field_custom($custom_field, $params, $disabled=false) function get_field_custom($custom_field, $params, $disabled=false)
{ {
global $select_options, $datalist_options, $is_mandatory_field; global $select_options, $datalist_options, $is_mandatory_field, $pattern;
global $text_input_max; global $text_input_max;
// Output a checkbox if it's a boolean or integer <= 2 bytes (which we will // Output a checkbox if it's a boolean or integer <= 2 bytes (which we will
// assume are intended to be booleans) // assume are intended to be booleans)
if (($custom_field['nature'] == 'boolean') || if (($custom_field['nature'] == 'boolean') ||
(($custom_field['nature'] == 'integer') && isset($custom_field['length']) && ($custom_field['length'] <= 2)) ) (($custom_field['nature'] == 'integer') && isset($custom_field['length']) && ($custom_field['length'] <= 2)) )
{ {
$class = 'FieldInputCheckbox'; $class = 'FieldInputCheckbox';
} }
// Output a textarea if it's a character string longer than the limit for a // Output a textarea if it's a character string longer than the limit for a
// text input // text input
elseif (($custom_field['nature'] == 'character') && isset($custom_field['lengt h']) && ($custom_field['length'] > $text_input_max)) elseif (($custom_field['nature'] == 'character') && isset($custom_field['lengt h']) && ($custom_field['length'] > $text_input_max))
{ {
$class = 'FieldTextarea'; $class = 'FieldTextarea';
} }
elseif ($custom_field['type'] == 'date')
{
$class = 'FieldInputDate';
}
elseif (!empty($select_options[$params['field']])) elseif (!empty($select_options[$params['field']]))
{ {
$class = 'FieldSelect'; $class = 'FieldSelect';
} }
elseif (!empty($datalist_options[$params['field']])) elseif (!empty($datalist_options[$params['field']]))
{ {
$class = 'FieldInputDatalist'; $class = 'FieldInputDatalist';
} }
else else
{ {
skipping to change at line 412 skipping to change at line 421
$full_class = __NAMESPACE__ . "\\Form\\$class"; $full_class = __NAMESPACE__ . "\\Form\\$class";
$field = new $full_class(); $field = new $full_class();
$field->setLabel($params['label']) $field->setLabel($params['label'])
->setControlAttribute('name', $params['name']); ->setControlAttribute('name', $params['name']);
if (!empty($is_mandatory_field[$params['field']])) if (!empty($is_mandatory_field[$params['field']]))
{ {
$field->setControlAttribute('required', true); $field->setControlAttribute('required', true);
} }
if ($disabled) if ($disabled)
{ {
$field->setControlAttribute('disabled', true); $field->setControlAttribute('disabled', true);
$field->addHiddenInput($params['name'], $params['value']); $field->addHiddenInput($params['name'], $params['value']);
} }
// Pattern attribute, if any
if (!empty($pattern[$params['field']]))
{
$field->setControlAttribute('pattern', $pattern[$params['field']]);
// And any custom error messages
$tag = $params['field'] . '.oninvalid';
$oninvalid_text = get_vocab($tag);
if (isset($oninvalid_text) && ($oninvalid_text !== $tag))
{
$field->setControlAttribute('oninvalid', "this.setCustomValidity('". escap
e_js($oninvalid_text) . "')");
// Need to clear the invalid message
$field->setControlAttribute('onchange', "this.setCustomValidity('')");
}
}
switch ($class) switch ($class)
{ {
case 'FieldInputCheckbox': case 'FieldInputCheckbox':
$field->setChecked($params['value']); $field->setChecked($params['value']);
break; break;
case 'FieldSelect': case 'FieldSelect':
$options = $select_options[$params['field']]; $options = $select_options[$params['field']];
$field->addSelectOptions($options, $params['value']); $field->addSelectOptions($options, $params['value']);
break; break;
case 'FieldInputDate':
$field->setControlAttribute('value', $params['value']);
break;
case 'FieldInputDatalist': case 'FieldInputDatalist':
$options = $datalist_options[$params['field']]; $options = $datalist_options[$params['field']];
$field->addDatalistOptions($options); $field->addDatalistOptions($options);
// Drop through // Drop through
case 'FieldInputText': case 'FieldInputText':
if (!empty($is_mandatory_field[$params['field']])) if (!empty($is_mandatory_field[$params['field']]))
{ {
// Set a pattern as well as required to prevent a string of whitespace // Set a pattern as well as required to prevent a string of whitespace
$field->setControlAttribute('pattern', REGEX_TEXT_POS); $field->setControlAttribute('pattern', REGEX_TEXT_POS);
skipping to change at line 702 skipping to change at line 731
echo "<p class=\"error\">" . get_vocab('invalid_email') . "</p>\n"; echo "<p class=\"error\">" . get_vocab('invalid_email') . "</p>\n";
} }
if (!empty($name_not_unique)) if (!empty($name_not_unique))
{ {
echo "<p class=\"error\">'" . htmlspecialchars($taken_name) . "' " . get_voc ab('name_not_unique') . "<p>\n"; echo "<p class=\"error\">'" . htmlspecialchars($taken_name) . "' " . get_voc ab('name_not_unique') . "<p>\n";
} }
if (!empty($name_empty)) if (!empty($name_empty))
{ {
echo "<p class=\"error\">" . get_vocab('name_empty') . "<p>\n"; echo "<p class=\"error\">" . get_vocab('name_empty') . "<p>\n";
} }
if (!empty($invalid_dates))
{
foreach ($invalid_dates as $field)
{
echo "<p class=\"error\">" . get_vocab('invalid_date', get_loc_field_name(
_tbl('users'), $field)) . "<p>\n";
}
}
// Now do any password error messages // Now do any password error messages
if (!empty($pwd_not_match)) if (!empty($pwd_not_match))
{ {
echo "<p class=\"error\">" . get_vocab("passwords_not_eq") . "</p>\n"; echo "<p class=\"error\">" . get_vocab("passwords_not_eq") . "</p>\n";
} }
if (!empty($pwd_invalid)) if (!empty($pwd_invalid))
{ {
echo "<p class=\"error\">" . get_vocab("password_invalid") . "</p>\n"; echo "<p class=\"error\">" . get_vocab("password_invalid") . "</p>\n";
if (isset($pwd_policy)) if (isset($pwd_policy))
skipping to change at line 890 skipping to change at line 926
{ {
$values[$fieldname] = get_form_var(VAR_PREFIX. $fieldname, $type); $values[$fieldname] = get_form_var(VAR_PREFIX. $fieldname, $type);
// Turn checkboxes into booleans // Turn checkboxes into booleans
if (($fieldname !== 'level') && if (($fieldname !== 'level') &&
($field['nature'] == 'integer') && ($field['nature'] == 'integer') &&
isset($field['length']) && isset($field['length']) &&
($field['length'] <= 2)) ($field['length'] <= 2))
{ {
$values[$fieldname] = (empty($values[$fieldname])) ? 0 : 1; $values[$fieldname] = (empty($values[$fieldname])) ? 0 : 1;
} }
// Trim the field to remove accidental whitespace
$values[$fieldname] = trim($values[$fieldname]); if (isset($values[$fieldname]))
// Truncate the field to the maximum length as a precaution.
if (null !== ($maxlength = maxlength("users.$fieldname")))
{ {
$values[$fieldname] = utf8_substr($values[$fieldname], 0, $maxlength); // Trim the field to remove accidental whitespace
$values[$fieldname] = trim($values[$fieldname]);
// Truncate the field to the maximum length as a precaution.
if (null !== ($maxlength = maxlength("users.$fieldname")))
{
$values[$fieldname] = utf8_substr($values[$fieldname], 0, $maxlength);
}
} }
} }
// we will also put the data into a query string which we will use for passi ng // we will also put the data into a query string which we will use for passi ng
// back to this page if we fail validation. This will enable us to reload the // back to this page if we fail validation. This will enable us to reload the
// form with the original data so that the user doesn't have to // form with the original data so that the user doesn't have to
// re-enter it. (Instead of passing the data in a query string we // re-enter it. (Instead of passing the data in a query string we
// could pass them as session variables, but at the moment MRBS does // could pass them as session variables, but at the moment MRBS does
// not rely on PHP sessions). // not rely on PHP sessions).
switch ($fieldname) switch ($fieldname)
skipping to change at line 1019 skipping to change at line 1059
// check that the email address is valid // check that the email address is valid
if (isset($value) && ($value !== '') && !validate_email_list($value)) if (isset($value) && ($value !== '') && !validate_email_list($value))
{ {
$valid_data = false; $valid_data = false;
$q_string .= "&invalid_email=1"; $q_string .= "&invalid_email=1";
} }
break; break;
} }
} }
// Now check some specific data types
foreach ($fields as $field)
{
// If this a Date type check that we've got a valid date format before
// we get an SQL error. If the field is nullable and the string is empty
// we assume that the user is trying to nullify the value.
if ($field['type'] == 'date')
{
if (!validate_iso_date($values[$field['name']]))
{
if ($field['is_nullable'] && ($values[$field['name']] === ''))
{
$values[$field['name']] = null;
}
else
{
$valid_data = false;
$q_string .= "&invalid_dates[]=" . urlencode($field['name']);
}
}
}
}
// if validation failed, go back to this page with the query // if validation failed, go back to this page with the query
// string, which by now has both the error codes and the original // string, which by now has both the error codes and the original
// form values // form values
if (!$valid_data) if (!$valid_data)
{ {
location_header("edit_users.php?$q_string"); location_header("edit_users.php?$q_string");
} }
// If we got here, then we've passed validation and we need to // If we got here, then we've passed validation and we need to
// enter the data into the database // enter the data into the database
skipping to change at line 1054 skipping to change at line 1117
} }
// If the password field is blank then we are not changing it // If the password field is blank then we are not changing it
if (($fieldname == 'password_hash') && (!isset($values[$fieldname]))) if (($fieldname == 'password_hash') && (!isset($values[$fieldname])))
{ {
continue; continue;
} }
if ($fieldname != 'id') if ($fieldname != 'id')
{ {
// pre-process the field value for SQL
$value = $values[$fieldname]; $value = $values[$fieldname];
// pre-process the field value for SQL
switch ($field['nature']) switch ($field['nature'])
{ {
case 'integer': case 'integer':
if (!isset($value) || ($value === '')) if (!isset($value) || ($value === ''))
{ {
// Try and set it to NULL when we can because there will be cases wh en we // Try and set it to NULL when we can because there will be cases wh en we
// want to distinguish between NULL and 0 - especially when the fiel d // want to distinguish between NULL and 0 - especially when the fiel d
// is a genuine integer. // is a genuine integer.
$value = ($field['is_nullable']) ? null : 0; $value = ($field['is_nullable']) ? null : 0;
} }
skipping to change at line 1212 skipping to change at line 1276
// We don't display these columns or they get special treatment // We don't display these columns or they get special treatment
$ignore_columns = array( $ignore_columns = array(
'id', 'id',
'password_hash', 'password_hash',
'name', 'name',
'display_name', 'display_name',
'reset_key_hash', 'reset_key_hash',
'reset_key_expiry' 'reset_key_expiry'
); );
// Add in the private fields to the list of columns to be ignored
if (!is_user_admin())
{
foreach ($is_private_field as $fieldname => $is_private)
{
if ($is_private)
{
list($table, $column) = explode('.', $fieldname, 2);
if ($table == 'users')
{
$ignore_columns[] = $column;
}
}
}
}
if (!$is_ajax) if (!$is_ajax)
{ {
echo "<div id=\"user_list\" class=\"datatable_container\">\n"; echo "<div id=\"user_list\" class=\"datatable_container\">\n";
echo "<table class=\"admin_table display\" id=\"users_table\">\n"; echo "<table class=\"admin_table display\" id=\"users_table\">\n";
// The table header // The table header
echo "<thead>\n"; echo "<thead>\n";
echo "<tr>"; echo "<tr>";
// First two columns which are the name and display name // First two columns which are the name and display name
 End of changes. 15 change blocks. 
8 lines changed or deleted 90 lines changed or added
To the PHP Programs (all 610): section of the mrbs source changes report or the top of this page
Mainly generated by pkgdiff using rfcdiff
Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)