You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
139 lines
5.2 KiB
139 lines
5.2 KiB
<?php
|
|
/*********************************************************************************
|
|
* The contents of this file are subject to the SugarCRM Public License Version 1.1.2
|
|
* ("License"); You may not use this file except in compliance with the
|
|
* License. You may obtain a copy of the License at http://www.sugarcrm.com/SPL
|
|
* Software distributed under the License is distributed on an "AS IS" basis,
|
|
* WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License for
|
|
* the specific language governing rights and limitations under the License.
|
|
* The Original Code is: SugarCRM Open Source
|
|
* The Initial Developer of the Original Code is SugarCRM, Inc.
|
|
* Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.;
|
|
* All Rights Reserved.
|
|
* Contributor(s): ______________________________________.
|
|
********************************************************************************/
|
|
/*********************************************************************************
|
|
* $Header: /advent/projects/wesat/vtiger_crm/sugarcrm/modules/Users/Save.php,v 1.14 2005/03/17 06:37:39 rank Exp $
|
|
* Description: TODO: To be written.
|
|
* Portions created by SugarCRM are Copyright (C) SugarCRM, Inc.
|
|
* All Rights Reserved.
|
|
* Contributor(s): ______________________________________..
|
|
********************************************************************************/
|
|
|
|
require_once('modules/Users/User.php');
|
|
require_once('include/logging.php');
|
|
require_once('modules/Users/UserInfoUtil.php');
|
|
$log =& LoggerManager::getLogger('index');
|
|
|
|
|
|
if (isset($_POST['record']) && !is_admin($current_user) && $_POST['record'] != $current_user->id) echo ("Unauthorized access to user administration.");
|
|
elseif (!isset($_POST['record']) && !is_admin($current_user)) echo ("Unauthorized access to user administration.");
|
|
|
|
$focus = new User();
|
|
$focus->retrieve($_POST['record']);
|
|
if(strtolower($current_user->is_admin) == 'off' && $current_user->id != $focus->id){
|
|
$log->fatal("SECURITY:Non-Admin ". $current_user->id . " attempted to change settings for user:". $focus->id);
|
|
header("Location: index.php?module=Users&action=Logout");
|
|
exit;
|
|
}
|
|
if(strtolower($current_user->is_admin) == 'off' && isset($_POST['is_admin']) && strtolower($_POST['is_admin']) == 'on'){
|
|
$log->fatal("SECURITY:Non-Admin ". $current_user->id . " attempted to change is_admin settings for user:". $focus->id);
|
|
header("Location: index.php?module=Users&action=Logout");
|
|
exit;
|
|
}
|
|
|
|
if (isset($_POST['user_name']) && isset($_POST['old_password']) && isset($_POST['new_password'])) {
|
|
/*
|
|
//changing fourm password
|
|
define('IN_PHPBB', 1);
|
|
|
|
$phpbb_root_path = "modules/MessageBoard/";
|
|
require($phpbb_root_path . 'extension.inc');
|
|
include($phpbb_root_path . 'common.php');
|
|
*/
|
|
$new_pass = $_POST['new_password'];
|
|
$new_passwd = $_POST['new_password'];
|
|
$new_pass = md5($new_pass);
|
|
$uname = $_POST['user_name'];
|
|
//$sql = "UPDATE " . USERS_TABLE . " SET user_password = '$new_pass' WHERE username = '$uname'";
|
|
/*
|
|
if (!($result = $db->sql_query($sql)) )
|
|
{
|
|
message_die(GENERAL_ERROR, 'Could not update user password', '', __LINE__, __FILE__, $sql);
|
|
}
|
|
*/
|
|
if (!$focus->change_password($_POST['old_password'], $_POST['new_password'])) {
|
|
|
|
header("Location: index.php?action=Error&module=Users&error_string=".urlencode($focus->error_string));
|
|
exit;
|
|
}
|
|
}
|
|
else {
|
|
foreach($focus->column_fields as $field)
|
|
{
|
|
if(isset($_POST[$field]))
|
|
{
|
|
$value = $_POST[$field];
|
|
$focus->$field = $value;
|
|
|
|
}
|
|
}
|
|
|
|
foreach($focus->additional_column_fields as $field)
|
|
{
|
|
if(isset($_POST[$field]))
|
|
{
|
|
$value = $_POST[$field];
|
|
$focus->$field = $value;
|
|
|
|
}
|
|
}
|
|
|
|
if (!isset($_POST['is_admin'])) $focus->is_admin = 'off';
|
|
|
|
|
|
if (!$focus->verify_data()) {
|
|
header("Location: index.php?action=Error&module=Users&error_string=".urlencode($focus->error_string));
|
|
exit;
|
|
}
|
|
else {
|
|
$focus->save("Users");
|
|
// include('modules/Calendar/user_ins.php');
|
|
// include("modules/Users/forum_register.php");
|
|
$return_id = $focus->id;
|
|
}
|
|
}
|
|
if(isset($focus->id) && $focus->id != '')
|
|
{
|
|
|
|
if(isset($_POST['user_role']))
|
|
{
|
|
updateUser2RoleMapping($_POST['user_role'],$focus->id);
|
|
}
|
|
if(isset($_POST['group_name']) && $_POST['group_name'] != '')
|
|
{
|
|
updateUsers2GroupMapping($_POST['group_name'],$focus->id);
|
|
}
|
|
}
|
|
else
|
|
{
|
|
if(isset($_POST['user_role']))
|
|
{
|
|
insertUser2RoleMapping($_POST['user_role'],$focus->id);
|
|
}
|
|
if(isset($_POST['group_name']))
|
|
{
|
|
insertUsers2GroupMapping($_POST['group_name'],$focus->id);
|
|
}
|
|
}
|
|
|
|
if(isset($_POST['return_module']) && $_POST['return_module'] != "") $return_module = $_POST['return_module'];
|
|
else $return_module = "Users";
|
|
if(isset($_POST['return_action']) && $_POST['return_action'] != "") $return_action = $_POST['return_action'];
|
|
else $return_action = "DetailView";
|
|
if(isset($_POST['return_id']) && $_POST['return_id'] != "") $return_id = $_POST['return_id'];
|
|
if(isset($_REQUEST['activity_mode'])) $activitymode = '&activity_mode='.$_REQUEST['activity_mode'];
|
|
|
|
$log->debug("Saved record with id of ".$return_id);
|
|
header("Location: index.php?action=$return_action&module=$return_module&record=$return_id$activitymode");
|
|
?>
|
|
|