mirror/php-e107
1
0
Fork 0
mirror of https://github.com/e107inc/e107.git synced 2025-07-25 17:01:43 +02:00
Code Issues Releases Wiki Activity

FIX #364 - Admin > users > edit: SEF issue when enabled

Browse Source 
Admin > users > edit: SEF issue when enabled #364
This commit is contained in:
Luca Filosofi
2014-03-13 00:21:34 +01:00
parent 86a2269f89
commit 8374ed1a6f
3 changed files with 225 additions and 179 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
e107_handlers/e107_class.php
View File

@@ -3178,6 +3178,7 @@ class e107
(!$isPluginDir && strpos($e107Path, $ADMIN_DIRECTORY) === 0 ) // Core admin directory
|| ($isPluginDir && (strpos(e_PAGE,'_admin.php') !== false || strpos(e_PAGE,'admin_') === 0 || strpos($e107Path, 'admin/') !== FALSE)) // Plugin admin file or directory
|| (varsettrue($eplug_admin) || defsettrue('ADMIN_AREA')) // Admin forced
|| (preg_match('/^\/(.*?)\/user(settings\.php|\/edit)(\?|\/)(\d+)$/i', $_SERVER['REQUEST_URI']) && ADMIN)
)
{
$inAdminDir = TRUE;
@@ -3197,12 +3198,8 @@ class e107
define('e_PLUGIN_DIR_ABS', '');
}
// This should avoid further checks - NOTE: used in js_manager.php
if(!defined('e_ADMIN_AREA'))
{
define('e_ADMIN_AREA', ($inAdminDir && !deftrue('USER_AREA'))); //Force USER_AREA added
}
define('e_ADMIN_AREA', $inAdminDir);
define('ADMINDIR', $ADMIN_DIRECTORY);
define('SITEURLBASE', $this->HTTP_SCHEME.'://'.$_SERVER['HTTP_HOST']);

72
e107_handlers/sitelinks_class.php
View File

@@ -792,46 +792,46 @@ i.e-cat_users-32{ background-position: -555px 0; width: 32px; height: 32px; }
//XXX DO NOT EDIT without first checking perms in user_handler.php !!!!
$array_functions = array(
0 => array(e_ADMIN.'administrator.php', ADLAN_8, ADLAN_9, '3', 2, E_16_ADMIN, E_32_ADMIN),
1 => array(e_ADMIN.'updateadmin.php', ADLAN_10, ADLAN_11, '', 2, E_16_ADPASS, E_32_ADPASS),
2 => array(e_ADMIN.'banlist.php', ADLAN_34, ADLAN_35, '4', 2, E_16_BANLIST, E_32_BANLIST),
4 => array(e_ADMIN.'cache.php', ADLAN_74, ADLAN_75, 'C', 1, E_16_CACHE, E_32_CACHE),
5 => array(e_ADMIN.'cpage.php', ADLAN_42, ADLAN_43, '5|J', 3, E_16_CUST, E_32_CUST),
6 => array(e_ADMIN.'db.php', ADLAN_44, ADLAN_45, '0', 4, E_16_DATAB, E_32_DATAB),
0 => array(e_ADMIN_ABS.'administrator.php', ADLAN_8, ADLAN_9, '3', 2, E_16_ADMIN, E_32_ADMIN),
1 => array(e_ADMIN_ABS.'updateadmin.php', ADLAN_10, ADLAN_11, '', 2, E_16_ADPASS, E_32_ADPASS),
2 => array(e_ADMIN_ABS.'banlist.php', ADLAN_34, ADLAN_35, '4', 2, E_16_BANLIST, E_32_BANLIST),
4 => array(e_ADMIN_ABS.'cache.php', ADLAN_74, ADLAN_75, 'C', 1, E_16_CACHE, E_32_CACHE),
5 => array(e_ADMIN_ABS.'cpage.php', ADLAN_42, ADLAN_43, '5|J', 3, E_16_CUST, E_32_CUST),
6 => array(e_ADMIN_ABS.'db.php', ADLAN_44, ADLAN_45, '0', 4, E_16_DATAB, E_32_DATAB),
// 7 => array(e_ADMIN.'download.php', ADLAN_24, ADLAN_25, 'R', 3, E_16_DOWNL, E_32_DOWNL),
8 => array(e_ADMIN.'emoticon.php', ADLAN_58, ADLAN_59, 'F', 1, E_16_EMOTE, E_32_EMOTE),
8 => array(e_ADMIN_ABS.'emoticon.php', ADLAN_58, ADLAN_59, 'F', 1, E_16_EMOTE, E_32_EMOTE),
// 9 => array(e_ADMIN.'filemanager.php', ADLAN_30, ADLAN_31, '6', 5, E_16_FILE, E_32_FILE), // replaced by media-manager
10 => array(e_ADMIN.'frontpage.php', ADLAN_60, ADLAN_61, 'G', 1, E_16_FRONT, E_32_FRONT),
11 => array(e_ADMIN.'image.php', LAN_MEDIAMANAGER, LAN_MEDIAMANAGER, 'A', 5, E_16_IMAGES, E_32_IMAGES),
12 => array(e_ADMIN.'links.php', ADLAN_138, ADLAN_139, 'I', 1, E_16_LINKS, E_32_LINKS),
13 => array(e_ADMIN.'wmessage.php', ADLAN_28, ADLAN_29, 'M', 3, E_16_WELCOME, E_32_WELCOME),
14 => array(e_ADMIN.'ugflag.php', ADLAN_40, ADLAN_41, '9', 4, E_16_MAINTAIN, E_32_MAINTAIN),
15 => array(e_ADMIN.'menus.php', ADLAN_6, ADLAN_7, '2', 5, E_16_MENUS, E_32_MENUS),
16 => array(e_ADMIN.'meta.php', ADLAN_66, ADLAN_67, 'T', 1, E_16_META, E_32_META),
17 => array(e_ADMIN.'newspost.php', ADLAN_0, ADLAN_1, 'H|N|7', 3, E_16_NEWS, E_32_NEWS),
18 => array(e_ADMIN.'phpinfo.php', ADLAN_68, ADLAN_69, '0', 20, E_16_PHP, E_32_PHP),
19 => array(e_ADMIN.'prefs.php', ADLAN_4, ADLAN_5, '1', 1, E_16_PREFS, E_32_PREFS),
20 => array(e_ADMIN.'search.php', ADLAN_142, ADLAN_143, 'X', 1, E_16_SEARCH, E_32_SEARCH),
21 => array(e_ADMIN.'admin_log.php', ADLAN_155, ADLAN_156, 'S', 4, E_16_ADMINLOG, E_32_ADMINLOG),
22 => array(e_ADMIN.'theme.php', ADLAN_140, ADLAN_141, '1', 5, E_16_THEMEMANAGER, E_32_THEMEMANAGER),
23 => array(e_ADMIN.'upload.php', ADLAN_72, ADLAN_73, 'V', 3, E_16_UPLOADS, E_32_UPLOADS),
24 => array(e_ADMIN.'users.php', ADLAN_36, ADLAN_37, '4|U0|U1|U2|U3', 2, E_16_USER, E_32_USER),
25 => array(e_ADMIN.'userclass2.php', ADLAN_38, ADLAN_39, '4', 2, E_16_USERCLASS, E_32_USERCLASS),
26 => array(e_ADMIN.'language.php', ADLAN_132, ADLAN_133, 'L', 1, E_16_LANGUAGE, E_32_LANGUAGE),
27 => array(e_ADMIN.'mailout.php', ADLAN_136, ADLAN_137, 'W', 2, E_16_MAIL, E_32_MAIL),
28 => array(e_ADMIN.'users_extended.php', ADLAN_78, ADLAN_79, '4', 2, E_16_USER_EXTENDED, E_32_USER_EXTENDED),
29 => array(e_ADMIN.'fileinspector.php', ADLAN_147, ADLAN_148, 'Y', 4, E_16_INSPECT, E_32_INSPECT),
30 => array(e_ADMIN.'notify.php', ADLAN_149, ADLAN_150, 'O', 4, E_16_NOTIFY, E_32_NOTIFY),
31 => array(e_ADMIN.'cron.php', ADLAN_157, ADLAN_158, 'U', 4, E_16_CRON, E_32_CRON),
10 => array(e_ADMIN_ABS.'frontpage.php', ADLAN_60, ADLAN_61, 'G', 1, E_16_FRONT, E_32_FRONT),
11 => array(e_ADMIN_ABS.'image.php', LAN_MEDIAMANAGER, LAN_MEDIAMANAGER, 'A', 5, E_16_IMAGES, E_32_IMAGES),
12 => array(e_ADMIN_ABS.'links.php', ADLAN_138, ADLAN_139, 'I', 1, E_16_LINKS, E_32_LINKS),
13 => array(e_ADMIN_ABS.'wmessage.php', ADLAN_28, ADLAN_29, 'M', 3, E_16_WELCOME, E_32_WELCOME),
14 => array(e_ADMIN_ABS.'ugflag.php', ADLAN_40, ADLAN_41, '9', 4, E_16_MAINTAIN, E_32_MAINTAIN),
15 => array(e_ADMIN_ABS.'menus.php', ADLAN_6, ADLAN_7, '2', 5, E_16_MENUS, E_32_MENUS),
16 => array(e_ADMIN_ABS.'meta.php', ADLAN_66, ADLAN_67, 'T', 1, E_16_META, E_32_META),
17 => array(e_ADMIN_ABS.'newspost.php', ADLAN_0, ADLAN_1, 'H|N|7', 3, E_16_NEWS, E_32_NEWS),
18 => array(e_ADMIN_ABS.'phpinfo.php', ADLAN_68, ADLAN_69, '0', 20, E_16_PHP, E_32_PHP),
19 => array(e_ADMIN_ABS.'prefs.php', ADLAN_4, ADLAN_5, '1', 1, E_16_PREFS, E_32_PREFS),
20 => array(e_ADMIN_ABS.'search.php', ADLAN_142, ADLAN_143, 'X', 1, E_16_SEARCH, E_32_SEARCH),
21 => array(e_ADMIN_ABS.'admin_log.php', ADLAN_155, ADLAN_156, 'S', 4, E_16_ADMINLOG, E_32_ADMINLOG),
22 => array(e_ADMIN_ABS.'theme.php', ADLAN_140, ADLAN_141, '1', 5, E_16_THEMEMANAGER, E_32_THEMEMANAGER),
23 => array(e_ADMIN_ABS.'upload.php', ADLAN_72, ADLAN_73, 'V', 3, E_16_UPLOADS, E_32_UPLOADS),
24 => array(e_ADMIN_ABS.'users.php', ADLAN_36, ADLAN_37, '4|U0|U1|U2|U3', 2, E_16_USER, E_32_USER),
25 => array(e_ADMIN_ABS.'userclass2.php', ADLAN_38, ADLAN_39, '4', 2, E_16_USERCLASS, E_32_USERCLASS),
26 => array(e_ADMIN_ABS.'language.php', ADLAN_132, ADLAN_133, 'L', 1, E_16_LANGUAGE, E_32_LANGUAGE),
27 => array(e_ADMIN_ABS.'mailout.php', ADLAN_136, ADLAN_137, 'W', 2, E_16_MAIL, E_32_MAIL),
28 => array(e_ADMIN_ABS.'users_extended.php', ADLAN_78, ADLAN_79, '4', 2, E_16_USER_EXTENDED, E_32_USER_EXTENDED),
29 => array(e_ADMIN_ABS.'fileinspector.php', ADLAN_147, ADLAN_148, 'Y', 4, E_16_INSPECT, E_32_INSPECT),
30 => array(e_ADMIN_ABS.'notify.php', ADLAN_149, ADLAN_150, 'O', 4, E_16_NOTIFY, E_32_NOTIFY),
31 => array(e_ADMIN_ABS.'cron.php', ADLAN_157, ADLAN_158, 'U', 4, E_16_CRON, E_32_CRON),
32 => array(e_ADMIN.'eurl.php', ADLAN_159, ADLAN_160, 'K', 1, E_16_EURL, E_32_EURL),
33 => array(e_ADMIN.'plugin.php', ADLAN_98, ADLAN_99, 'Z', 5 , E_16_PLUGMANAGER, E_32_PLUGMANAGER),
34 => array(e_ADMIN.'docs.php', ADLAN_12, ADLAN_13, '', 20, E_16_DOCS, E_32_DOCS),
32 => array(e_ADMIN_ABS.'eurl.php', ADLAN_159, ADLAN_160, 'K', 1, E_16_EURL, E_32_EURL),
33 => array(e_ADMIN_ABS.'plugin.php', ADLAN_98, ADLAN_99, 'Z', 5 , E_16_PLUGMANAGER, E_32_PLUGMANAGER),
34 => array(e_ADMIN_ABS.'docs.php', ADLAN_12, ADLAN_13, '', 20, E_16_DOCS, E_32_DOCS),
// TODO System Info.
// 35 => array('#TODO', 'System Info', 'System Information', '', 20, '', ''),
36 => array(e_ADMIN.'credits.php', LAN_CREDITS, LAN_CREDITS, '', 20, E_16_E107, E_32_E107),
36 => array(e_ADMIN_ABS.'credits.php', LAN_CREDITS, LAN_CREDITS, '', 20, E_16_E107, E_32_E107),
// 37 => array(e_ADMIN.'custom_field.php', ADLAN_161, ADLAN_162, 'U', 4, E_16_CUSTOMFIELD, E_32_CUSTOMFIELD),
38 => array(e_ADMIN.'comment.php', LAN_COMMENTMAN, LAN_COMMENTMAN, 'B', 5, E_16_COMMENT, E_32_COMMENT)
38 => array(e_ADMIN_ABS.'comment.php', LAN_COMMENTMAN, LAN_COMMENTMAN, 'B', 5, E_16_COMMENT, E_32_COMMENT)
);
if($mode == 'legacy')
@@ -983,8 +983,8 @@ i.e-cat_users-32{ background-position: -555px 0; width: 32px; height: 32px; }
if (varset($eplug_conffile))
{
$eplug_name = $tp->toHTML($eplug_name,FALSE,"defs, emotes_off");
$plugin_icon = $eplug_icon_small ? "<img class='icon S16' src='".e_PLUGIN.$eplug_icon_small."' alt='' />" : E_16_PLUGIN;
$plugin_icon_32 = $eplug_icon ? "<img class='icon S32' src='".e_PLUGIN.$eplug_icon."' alt='' />" : E_32_PLUGIN;
$plugin_icon = $eplug_icon_small ? "<img class='icon S16' src='".e_PLUGIN_ABS.$eplug_icon_small."' alt='' />" : E_16_PLUGIN;
$plugin_icon_32 = $eplug_icon ? "<img class='icon S32' src='".e_PLUGIN_ABS.$eplug_icon."' alt='' />" : E_32_PLUGIN;
$plugin_array['p-'.$plugin_path] = array(
'key' => 'p-'.$plugin_path,
'link' => e_PLUGIN.$plugin_path."/".$eplug_conffile,

117
usersettings.php
View File

@@ -21,11 +21,71 @@ Admin log events:
USET_01 - admin changed user data
*/
if(is_numeric($_SERVER["QUERY_STRING"]))
if(preg_match('/^\/(.*?)\/(usersettings\.php|user\/edit)(\?|\/)(\d+)$/i', $_SERVER['REQUEST_URI'], $_usersettings_matches))
{
$eplug_admin = TRUE;
}
require_once ('class2.php');
class usersetting_admin extends e_admin_dispatcher
{
protected $modes = array(
'main' => array(
'controller' => 'usersettings_admin_ui',
'path' => null,
'ui' => null,
'uipath' => null,
//'perm' => '0',
)
);
protected $adminMenu = array(
'main/list' => array('caption'=> LAN_MANAGE, 'perm' => '0', 'url' => '{e_ADMIN}users.php'),
'main/add' => array('caption'=> LAN_USER_QUICKADD, 'perm' => '4|U0|U1', 'url' => '{e_ADMIN}users.php'),
'main/prefs' => array('caption'=> LAN_OPTIONS, 'perm' => '4|U2', 'url' => '{e_ADMIN}users.php'),
'main/ranks' => array('caption'=> LAN_USER_RANKS, 'perm' => '4|U3', 'url' => '{e_ADMIN}users.php')
);
protected $adminMenuAliases = array(
'main/edit' => 'main/list',
'main/admin' => 'main/list',
'main/userclass'=> 'main/list',
'main/test' => 'main/list',
);
protected $menuTitle = 'users';
public function runObservers($run_header = true)
{
// Catch useraction
if (isset($_POST['updatesettings']))
{
}
return parent::runObservers($run_header);
}
}
class usersettings_admin_ui extends e_admin_ui
{
public function EditPage()
{
}
}
include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/lan_'.e_PAGE);
define("US_DEBUG",FALSE);
@@ -107,11 +167,25 @@ $savePassword = '';
$inp = USERID; // Initially assume that user is modifying their own data.
$_uid = false; // FALSE if user modifying their own data; otherwise ID of data being modified
$adminEdit = FALSE; // FALSE if editing own data. TRUE if admin edit
if(is_numeric(e_QUERY))
{ // Trying to edit specific user record
if (ADMIN)
{ // Admin edit of specific record
$inp = (int)e_QUERY;
/*
$_usersettings_matches = Array
(
[0] => /e107/usersettings.php?# OR /e107/edit/user/#
[1] => e107
[2] => usersettings.php OR edit/user
[3] => ? OR /
[4] => #
)
*/
$inp = intval(e_QUERY);
$usersettings_form_action = strstr('?', $_usersettings_matches[3]) ? e_SELF.'?'.e_QUERY : e_SELF;
$_uid = $inp;
$info = get_user_data($inp);
//Only site admin is able to change setting for other admins
@@ -199,7 +273,9 @@ if($adminEdit) // try to stay in Admin when admin is editing.
$USERSETTINGS_EDIT = $ADMIN_USERSETTINGS_EDIT;
include_lan(e_LANGUAGEDIR.e_LANGUAGE."/admin/lan_admin.php");
new usersetting_admin();
require_once (e_ADMIN."auth.php");
//e107::getAdminUI()->runPage();
}
else
{
@@ -798,10 +874,12 @@ if (vartrue($_POST))
}
}
require_once (e_HANDLER."form_handler.php");
$rs = new form;
//require_once (e_HANDLER."form_handler.php");
//$rs = new form;
$text = (e_QUERY ? $rs->form_open("post", e_SELF."?".e_QUERY, "dataform", "", " class='form-horizontal' role='form' enctype='multipart/form-data'") : $rs->form_open("post", e_SELF, "dataform", "", " class='form-horizontal' role='form' enctype='multipart/form-data'"));
$text = '<form method="post" action="'.$usersettings_form_action.'" id="dataform" class="form-horizontal" role="form" enctype="multipart/form-data">';
//$text = (is_numeric($_uid) ? $rs->form_open("post", e_SELF."?".e_QUERY, "dataform", "", " class='form-horizontal' role='form' enctype='multipart/form-data'") : $rs->form_open("post", e_SELF, "dataform", "", " class='form-horizontal' role='form' enctype='multipart/form-data'"));
if (e_QUERY == "update")
{
@@ -867,33 +945,4 @@ function delete_file($fname, $dir = 'avatars/')
return false;
}
function usersettings_adminmenu()
{
include_lan(e_LANGUAGEDIR.e_LANGUAGE.'/admin/lan_admin.php');
if ($action == '')
{
$action = 'main';
}
// ##### Display options
$var = array();
$var ['main']['text'] = LAN_USER_LIST;
$var ['main']['link'] = e_ADMIN.'users.php';
$var ['main']['perm'] = '4';
$var ['create']['text'] = LAN_USER_QUICKADD;
$var ['create']['link'] = e_ADMIN.'users.php?create';
$var ['create']['perm'] = '4|U1';
$var ['prune']['text'] = LAN_USER_PRUNE;
$var ['prune']['link'] = e_ADMIN.'users.php?prune';// Will be moved to "Schedule tasks"
$var ['prune']['perm'] = '4';
$var ['options']['text'] = LAN_OPTIONS;
$var ['options']['link'] = e_ADMIN.'users.php?options';
$var ['options']['perm'] = '4|U2';
$var ['ranks']['text'] = LAN_USER_RANKS;
$var ['ranks']['link'] = e_ADMIN.'users.php?ranks';
$var ['ranks']['perm'] = '4|U3';
// $var['mailing']['text']= USRLAN_121;
// $var['mailing']['link']="mailout.php";
show_admin_menu(LAN_USER_OPTIONS, $action,$var);
}
?>