WebGUI 1.2.0 release
This commit is contained in:
parent
b2cd674d4d
commit
677366069a
31 changed files with 459 additions and 881 deletions
|
|
@ -37,7 +37,7 @@ sub _hasBadPassword {
|
|||
#-------------------------------------------------------------------
|
||||
sub _hasBadUsername {
|
||||
my ($otherUser);
|
||||
($otherUser) = WebGUI::SQL->quickArray("select username from user where lcase(username)=lcase('$_[0]')",$session{dbh});
|
||||
($otherUser) = WebGUI::SQL->quickArray("select username from users where lcase(username)=lcase('$_[0]')",$session{dbh});
|
||||
if (($otherUser ne "" && $otherUser ne $session{user}{username}) || $_[0] eq "") {
|
||||
return 1;
|
||||
} else {
|
||||
|
|
@ -104,7 +104,7 @@ sub www_deactivateAccount {
|
|||
#-------------------------------------------------------------------
|
||||
sub www_deactivateAccountConfirm {
|
||||
if ($session{user}{userId} != 1) {
|
||||
WebGUI::SQL->write("delete from user where userId=$session{user}{userId}",$session{dbh});
|
||||
WebGUI::SQL->write("delete from users where userId=$session{user}{userId}",$session{dbh});
|
||||
WebGUI::SQL->write("delete from groupings where userId=$session{user}{userId}",$session{dbh});
|
||||
WebGUI::Session::end($session{var}{sessionId});
|
||||
_login(1,"null");
|
||||
|
|
@ -169,7 +169,7 @@ sub www_displayLogin {
|
|||
#-------------------------------------------------------------------
|
||||
sub www_login {
|
||||
my ($uri, $port, $ldap, %args, $auth, $error, $uid,$pass,$authMethod, $ldapURL, $connectDN, $success);
|
||||
($uid,$pass,$authMethod, $ldapURL, $connectDN) = WebGUI::SQL->quickArray("select userId,identifier,authMethod,ldapURL,connectDN from user where username=".quote($session{form}{username}),$session{dbh});
|
||||
($uid,$pass,$authMethod, $ldapURL, $connectDN) = WebGUI::SQL->quickArray("select userId,identifier,authMethod,ldapURL,connectDN from users where username=".quote($session{form}{username}),$session{dbh});
|
||||
if ($authMethod eq "LDAP") {
|
||||
$uri = URI->new($ldapURL);
|
||||
if ($uri->port < 1) {
|
||||
|
|
@ -232,13 +232,13 @@ sub www_recoverPassword {
|
|||
#-------------------------------------------------------------------
|
||||
sub www_recoverPasswordFinish {
|
||||
my ($sth, $username, $encryptedPassword, $userId, $password, $flag, $message, $output);
|
||||
$sth = WebGUI::SQL->read("select username, userId from user where email=".quote($session{form}{email}),$session{dbh});
|
||||
$sth = WebGUI::SQL->read("select username, userId from users where email=".quote($session{form}{email}),$session{dbh});
|
||||
while (($username,$userId) = $sth->array) {
|
||||
foreach (0,1,2,3,4,5) {
|
||||
$password .= chr(ord('A') + randint(32));
|
||||
}
|
||||
$encryptedPassword = Digest::MD5::md5_base64($password);
|
||||
WebGUI::SQL->write("update user set identifier='$encryptedPassword' where userId='$userId'",$session{dbh});
|
||||
WebGUI::SQL->write("update users set identifier='$encryptedPassword' where userId='$userId'",$session{dbh});
|
||||
$flag = 1;
|
||||
$message = 'Someone (probably you) requested your account information be sent. Your password has been reset. The following information represents your new account information:\nUser: '.$username.'\nPass: '.$password.'\n';
|
||||
WebGUI::Mail::send($session{form}{email},"Account Information",$message);
|
||||
|
|
@ -288,8 +288,8 @@ sub www_saveAccount {
|
|||
if ($error eq "") {
|
||||
$encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier1});
|
||||
$uid = getNextId("userId");
|
||||
WebGUI::SQL->write("insert into user set userId=$uid, username=".quote($session{form}{username}).", identifier=".quote($encryptedPassword).", authMethod=".quote($session{setting}{authMethod}).", ldapURL=".quote($session{setting}{ldapURL}).", connectDN=".quote($connectDN).", email=".quote($session{form}{email}).", icq=".quote($session{form}{icq}),$session{dbh});
|
||||
WebGUI::SQL->write("insert into groupings set groupId=2,userId=$uid",$session{dbh});
|
||||
WebGUI::SQL->write("insert into users values ($uid, ".quote($session{form}{username}).", ".quote($encryptedPassword).", ".quote($session{form}{email}).", ".quote($session{form}{icq}).", ".quote($session{setting}{authMethod}).", ".quote($session{setting}{ldapURL}).", ".quote($connectDN).")",$session{dbh});
|
||||
WebGUI::SQL->write("insert into groupings values (2,$uid)",$session{dbh});
|
||||
_login($uid,$encryptedPassword);
|
||||
$output .= 'Account created successfully!<p>';
|
||||
$output .= www_displayAccount();
|
||||
|
|
@ -315,7 +315,7 @@ sub www_updateAccount {
|
|||
}
|
||||
if ($error eq "") {
|
||||
$encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier1});
|
||||
WebGUI::SQL->write("update user set username=".quote($session{form}{username}).$passwordStatement.", email=".quote($session{form}{email}).", icq=".quote($session{form}{icq})." where userId=".$session{user}{userId},$session{dbh});
|
||||
WebGUI::SQL->write("update users set username=".quote($session{form}{username}).$passwordStatement.", email=".quote($session{form}{email}).", icq=".quote($session{form}{icq})." where userId=".$session{user}{userId},$session{dbh});
|
||||
if ($passwordStatement ne "") {
|
||||
_login($session{user}{userId},$encryptedPassword);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -43,7 +43,7 @@ sub www_addGroup {
|
|||
sub www_addGroupSave {
|
||||
my ($output);
|
||||
if ($session{var}{sessionId}) {
|
||||
WebGUI::SQL->write("insert into groups set groupId=".getNextId("groupId").", groupName=".quote($session{form}{groupName}).", description=".quote($session{form}{description}),$session{dbh});
|
||||
WebGUI::SQL->write("insert into groups values (".getNextId("groupId").", ".quote($session{form}{groupName}).", ".quote($session{form}{description}).")",$session{dbh});
|
||||
$output = www_listGroups();
|
||||
} else {
|
||||
$output = WebGUI::Privilege::insufficient();
|
||||
|
|
@ -89,7 +89,7 @@ sub www_editGroup {
|
|||
$output .= '<tr><td class="formDescription" valign="top">Description</td><td>'.WebGUI::Form::textArea("description",$group{description}).'</td></tr>';
|
||||
$output .= '<tr><td></td><td>'.WebGUI::Form::submit("save").'</td></tr>';
|
||||
$output .= '<tr><td class="formDescription" valign="top">Users In Group</td><td valign="top">';
|
||||
$sth = WebGUI::SQL->read("select user.username from user,groupings where groupings.groupId=$session{form}{gid} and groupings.userId=user.userId order by user.username",$session{dbh});
|
||||
$sth = WebGUI::SQL->read("select users.username from users,groupings where groupings.groupId=$session{form}{gid} and groupings.userId=users.userId order by users.username",$session{dbh});
|
||||
while (($user) = $sth->array) {
|
||||
$output .= $user."<br>";
|
||||
}
|
||||
|
|
|
|||
|
|
@ -80,7 +80,7 @@ sub www_addPageSave {
|
|||
while (($test) = WebGUI::SQL->quickArray("select urlizedTitle from page where urlizedTitle='$urlizedTitle'",$session{dbh})) {
|
||||
$urlizedTitle .= 2;
|
||||
}
|
||||
WebGUI::SQL->write("insert into page set pageId=".getNextId("pageId").", parentId=$session{page}{pageId}, title=".quote($session{form}{title}).", styleId=$session{page}{styleId}, sequenceNumber='$nextSeq', ownerId=$session{user}{userId}, ownerView=$session{page}{ownerView}, ownerEdit=$session{page}{ownerEdit}, groupId='$session{page}{groupId}', groupView=$session{page}{groupView}, groupEdit=$session{page}{groupEdit}, worldView=$session{page}{worldView}, worldEdit=$session{page}{worldEdit}, metaTags=".quote($session{form}{metaTags}).", urlizedTitle='$urlizedTitle'",$session{dbh});
|
||||
WebGUI::SQL->write("insert into page values (".getNextId("pageId").", $session{page}{pageId}, ".quote($session{form}{title}).", $session{page}{styleId}, $session{user}{userId}, $session{page}{ownerView}, $session{page}{ownerEdit}, $session{page}{groupId}, $session{page}{groupView}, $session{page}{groupEdit}, $session{page}{worldView}, $session{page}{worldEdit}, '$nextSeq', ".quote($session{form}{metaTags}).", '$urlizedTitle')",$session{dbh});
|
||||
return "";
|
||||
} else {
|
||||
return WebGUI::Privilege::insufficient();
|
||||
|
|
@ -140,7 +140,7 @@ sub www_editPage {
|
|||
$array[0] = $session{page}{styleId};
|
||||
$output .= '<tr><td class="formDescription">Style</td><td>'.WebGUI::Form::selectList("styleId",\%hash,\@array).' '.WebGUI::Form::checkbox("recurseStyle","yes").' <span class="formSubtext">Check to give this style to all sub-pages.</span></td></tr>';
|
||||
$output .= '<tr><td class="formDescription">Page URL</td><td>'.WebGUI::Form::text("urlizedTitle",20,30,$session{page}{urlizedTitle}).'</td></tr>';
|
||||
%hash = WebGUI::SQL->buildHash("select user.userId,user.username from user,groupings where groupings.groupId=4 and groupings.userId=user.userId order by user.username",$session{dbh});
|
||||
%hash = WebGUI::SQL->buildHash("select users.userId,users.username from users,groupings where groupings.groupId=4 and groupings.userId=users.userId order by users.username",$session{dbh});
|
||||
$array[0] = $session{page}{ownerId};
|
||||
$output .= '<tr><td class="formDescription">Owner</td><td>'.WebGUI::Form::selectList("ownerId",\%hash,\@array).' '.WebGUI::Form::checkbox("recursePrivs","yes").' <span class="formSubtext">Check to give these privileges to all sub-pages.</span></td></tr>';
|
||||
$array[0] = $session{page}{ownerView};
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ sub www_addStyle {
|
|||
sub www_addStyleSave {
|
||||
my ($output);
|
||||
if (WebGUI::Privilege::isInGroup(3)) {
|
||||
WebGUI::SQL->write("insert into style set styleId=".getNextId("styleId").", name=".quote($session{form}{name}).", header=".quote($session{form}{header}).", footer=".quote($session{form}{footer}).", styleSheet=".quote($session{form}{styleSheet}),$session{dbh});
|
||||
WebGUI::SQL->write("insert into style values (".getNextId("styleId").", ".quote($session{form}{name}).", ".quote($session{form}{header}).", ".quote($session{form}{footer}).", ".quote($session{form}{styleSheet}).")",$session{dbh});
|
||||
$output = www_listStyles();
|
||||
} else {
|
||||
$output = WebGUI::Privilege::insufficient();
|
||||
|
|
|
|||
|
|
@ -12,6 +12,7 @@ package WebGUI::Operation::Submission;
|
|||
|
||||
use Exporter;
|
||||
use strict;
|
||||
use WebGUI::DateTime;
|
||||
use WebGUI::Privilege;
|
||||
use WebGUI::Session;
|
||||
use WebGUI::SQL;
|
||||
|
|
@ -46,9 +47,9 @@ sub www_viewPendingSubmissions {
|
|||
my (@submission, $output, $sth, @row, $i, $pn);
|
||||
if (WebGUI::Privilege::isInGroup(4,$session{user}{userId}) || WebGUI::Privilege::isInGroup(3,$session{user}{userId})) {
|
||||
$output = '<h1>Pending Sumissions</h1>';
|
||||
$sth = WebGUI::SQL->read("select title,submissionId,date_format(dateSubmitted,'%c/%e %l:%i%p'),username,userId,widgetId from submission where status='Pending' order by dateSubmitted",$session{dbh});
|
||||
$sth = WebGUI::SQL->read("select title,submissionId,dateSubmitted,username,userId,widgetId from submission where status='Pending' order by dateSubmitted",$session{dbh});
|
||||
while (@submission = $sth->array) {
|
||||
$row[$i] = '<tr><td class="tableData"><a href="'.$session{page}{url}.'?wid='.$submission[5].'&func=viewSubmission&sid='.$submission[1].'">'.$submission[0].'</a></td><td class="tableData">'.$submission[2].'</td><td class="tableData">'.$submission[3].'</td></tr>';
|
||||
$row[$i] = '<tr><td class="tableData"><a href="'.$session{page}{url}.'?wid='.$submission[5].'&func=viewSubmission&sid='.$submission[1].'">'.$submission[0].'</a></td><td class="tableData">'.epochToHuman($submission[2],"%m/%d/%Y").'</td><td class="tableData">'.$submission[3].'</td></tr>';
|
||||
$i++;
|
||||
}
|
||||
$sth->finish;
|
||||
|
|
|
|||
|
|
@ -53,15 +53,14 @@ sub www_addUser {
|
|||
|
||||
#-------------------------------------------------------------------
|
||||
sub www_addUserSave {
|
||||
my ($output, @groups, $uid, $gid, $encryptedPassword, $passwordStatement);
|
||||
my ($output, @groups, $uid, $gid, $encryptedPassword);
|
||||
if (WebGUI::Privilege::isInGroup(3)) {
|
||||
$encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier});
|
||||
$passwordStatement = ', identifier='.quote($encryptedPassword);
|
||||
$uid = getNextId("userId");
|
||||
WebGUI::SQL->write("insert into user set userId=$uid, username=".quote($session{form}{username}).$passwordStatement.", authMethod=".quote($session{form}{authMethod}).", ldapURL=".quote($session{form}{ldapURL}).", connectDN=".quote($session{form}{connectDN}).", email=".quote($session{form}{email}).", icq=".quote($session{form}{icq}),$session{dbh});
|
||||
WebGUI::SQL->write("insert into users values ($uid, ".quote($session{form}{username}).", ".quote($encryptedPassword).", ".quote($session{form}{email}).", ".quote($session{form}{icq}).", ".quote($session{form}{authMethod}).", ".quote($session{form}{ldapURL}).", ".quote($session{form}{connectDN}).")",$session{dbh});
|
||||
@groups = $session{cgi}->param('groups');
|
||||
foreach $gid (@groups) {
|
||||
WebGUI::SQL->write("insert into groupings set groupId=$gid, userId=$uid",$session{dbh});
|
||||
WebGUI::SQL->write("insert into groupings values ($gid, $uid)",$session{dbh});
|
||||
}
|
||||
$output = www_listUsers();
|
||||
} else {
|
||||
|
|
@ -87,7 +86,7 @@ sub www_deleteUser {
|
|||
#-------------------------------------------------------------------
|
||||
sub www_deleteUserConfirm {
|
||||
if (WebGUI::Privilege::isInGroup(3) && $session{form}{uid} > 25) {
|
||||
WebGUI::SQL->write("delete from user where userId=$session{form}{uid}",$session{dbh});
|
||||
WebGUI::SQL->write("delete from users where userId=$session{form}{uid}",$session{dbh});
|
||||
WebGUI::SQL->write("delete from groupings where userId=$session{form}{uid}",$session{dbh});
|
||||
return www_listUsers();
|
||||
} else {
|
||||
|
|
@ -99,7 +98,7 @@ sub www_deleteUserConfirm {
|
|||
sub www_editUser {
|
||||
my ($output, %user, %hash, @array);
|
||||
if (WebGUI::Privilege::isInGroup(3)) {
|
||||
%user = WebGUI::SQL->quickHash("select * from user where userId=$session{form}{uid}",$session{dbh});
|
||||
%user = WebGUI::SQL->quickHash("select * from users where userId=$session{form}{uid}",$session{dbh});
|
||||
$output .= '<a href="'.$session{page}{url}.'?op=viewHelp&hid=6"><img src="'.$session{setting}{lib}.'/help.gif" border="0" align="right"></a><h1>Edit User</h1> <form method="post" action="'.$session{page}{url}.'"> ';
|
||||
$output .= WebGUI::Form::hidden("op","editUserSave");
|
||||
$output .= WebGUI::Form::hidden("uid",$session{form}{uid});
|
||||
|
|
@ -134,11 +133,11 @@ sub www_editUserSave {
|
|||
$passwordStatement = ', identifier='.quote($encryptedPassword);
|
||||
}
|
||||
$encryptedPassword = Digest::MD5::md5_base64($session{form}{identifier1});
|
||||
WebGUI::SQL->write("update user set username=".quote($session{form}{username}).$passwordStatement.", authMethod=".quote($session{form}{authMethod}).", ldapURL=".quote($session{form}{ldapURL}).", connectDN=".quote($session{form}{connectDN}).", email=".quote($session{form}{email}).", icq=".quote($session{form}{icq})." where userId=".$session{form}{uid},$session{dbh});
|
||||
WebGUI::SQL->write("update users set username=".quote($session{form}{username}).$passwordStatement.", authMethod=".quote($session{form}{authMethod}).", ldapURL=".quote($session{form}{ldapURL}).", connectDN=".quote($session{form}{connectDN}).", email=".quote($session{form}{email}).", icq=".quote($session{form}{icq})." where userId=".$session{form}{uid},$session{dbh});
|
||||
WebGUI::SQL->write("delete from groupings where userId=$session{form}{uid}",$session{dbh});
|
||||
@groups = $session{cgi}->param('groups');
|
||||
foreach $gid (@groups) {
|
||||
WebGUI::SQL->write("insert into groupings set groupId=$gid, userId=$session{form}{uid}",$session{dbh});
|
||||
WebGUI::SQL->write("insert into groupings values ($gid, $session{form}{uid})",$session{dbh});
|
||||
}
|
||||
return www_listUsers();
|
||||
} else {
|
||||
|
|
@ -154,7 +153,7 @@ sub www_listUsers {
|
|||
$output = '<a href="'.$session{page}{url}.'?op=viewHelp&hid=8"><img src="'.$session{setting}{lib}.'/help.gif" border="0" align="right"></a><h1>Users</h1>';
|
||||
$output .= '<div align="center"><a href="'.$session{page}{url}.'?op=addUser">Add a new user.</a></div>';
|
||||
$output .= '<table border=1 cellpadding=5 cellspacing=0 align="center">';
|
||||
$sth = WebGUI::SQL->read("select userId,username,email from user where username<>'Reserved' order by username",$session{dbh});
|
||||
$sth = WebGUI::SQL->read("select userId,username,email from users where username<>'Reserved' order by username",$session{dbh});
|
||||
while (@data = $sth->array) {
|
||||
$row[$i] = '<tr><td><a href="'.$session{page}{url}.'?op=deleteUser&uid='.$data[0].'"><img src="'.$session{setting}{lib}.'/delete.gif" border=0></a><a href="'.$session{page}{url}.'?op=editUser&uid='.$data[0].'"><img src="'.$session{setting}{lib}.'/edit.gif" border=0></a></td>';
|
||||
#$row[$i] .= '<td><a href="'.$session{page}{url}.'?op=viewUserProfile&uid='.$data[0].'">'.$data[1].'</a></td>';
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue