← Back to branch summary

~ubuntu-dev/ubuntu/lucid/zabbix/lucid-201002110857

« back to all changes in this revision

Viewing changes to frontends/php/profile.php

  • Committer: Bazaar Package Importer
  • Author(s): Michael Ablassmeier
  • Date: 2007-07-02 09:06:51 UTC
  • mfrom: (1.1.4 upstream)
  • Revision ID: james.westby@ubuntu.com-20070702090651-8l6fl3fjw9rh6l2u
Tags: 1:1.4.1-2
Add patch from SVN in order to fix Incorrect processing of character '%'
in user parameters and remote commands.

Show diffs side-by-side

added added

removed removed

Lines of Context:
frontends/php/profile.php
19
19
**/
20
20
?>
21
21
<?php
22
 
        include "include/config.inc.php";
23
 
        include "include/forms.inc.php";
 
22
        require_once "include/config.inc.php";
 
23
        require_once "include/users.inc.php";
 
24
        require_once "include/forms.inc.php";
24
25
 
25
26
        $page["title"] = "S_USER_PROFILE";
26
27
        $page["file"] = "profile.php";
27
28
 
28
 
        show_header($page["title"],0,0);
29
 
//      insert_confirm_javascript();
 
29
include_once "include/page_header.php";
 
30
 
30
31
?>
31
 
 
32
32
<?php
33
33
        if($USER_DETAILS["alias"]=="guest")
34
34
        {
35
 
                show_table_header("<font color=\"AA0000\">".S_NO_PERMISSIONS."</font>");
36
 
                show_page_footer();
37
 
                exit;
38
 
        }
39
 
?>
40
 
 
41
 
<?php
42
 
        if(isset($_REQUEST["save"]))
43
 
        {
44
 
                if($_REQUEST["password1"]==$_REQUEST["password2"])
45
 
                {
46
 
                        $result=update_user_profile($_REQUEST["userid"],$_REQUEST["password1"],$_REQUEST["url"],$_REQUEST["autologout"],$_REQUEST["lang"],$_REQUEST["refresh"]);
 
35
                access_deny();
 
36
        }
 
37
?>
 
38
<?php
 
39
//              VAR                     TYPE    OPTIONAL FLAGS  VALIDATION      EXCEPTION
 
40
        $fields=array(
 
41
                "password1"=>   array(T_ZBX_STR, O_OPT, null,   null,           'isset({save})&&{form}!="update"&&isset({change_password})'),
 
42
                "password2"=>   array(T_ZBX_STR, O_OPT, null,   null,           'isset({save})&&{form}!="update"&&isset({change_password})'),
 
43
                "lang"=>        array(T_ZBX_STR, O_OPT, null,   NOT_EMPTY,      'isset({save})'),
 
44
                "autologout"=>  array(T_ZBX_INT, O_OPT, null,   BETWEEN(0,3600),'isset({save})'),
 
45
                "url"=>         array(T_ZBX_STR, O_OPT, null,   null,           'isset({save})'),
 
46
                "refresh"=>     array(T_ZBX_INT, O_OPT, null,   BETWEEN(0,3600),'isset({save})'),
 
47
                "change_password"=>     array(T_ZBX_STR, O_OPT, null,   null,   null),
 
48
/* actions */
 
49
                "save"=>        array(T_ZBX_STR, O_OPT, P_SYS|P_ACT,    null,   null),
 
50
                "cancel"=>      array(T_ZBX_STR, O_OPT, P_SYS,  null,   null),
 
51
/* other */
 
52
                "form"=>        array(T_ZBX_STR, O_OPT, P_SYS,  null,   null),
 
53
                "form_refresh"=>array(T_ZBX_STR, O_OPT, null,   null,   null)
 
54
        );
 
55
 
 
56
 
 
57
        check_fields($fields);
 
58
?>
 
59
<?php
 
60
        if(isset($_REQUEST["cancel"]))
 
61
        {
 
62
                Redirect('index.php');
 
63
        }
 
64
        elseif(isset($_REQUEST["save"]))
 
65
        {
 
66
                $_REQUEST["password1"] = get_request("password1", null);
 
67
                $_REQUEST["password2"] = get_request("password2", null);
 
68
 
 
69
                if(isset($_REQUEST["password1"]) && $_REQUEST["password1"] == "")
 
70
                {
 
71
                        show_error_message(S_ONLY_FOR_GUEST_ALLOWED_EMPTY_PASSWORD);
 
72
                }
 
73
                elseif($_REQUEST["password1"]==$_REQUEST["password2"])
 
74
                {
 
75
                        $result=update_user_profile($USER_DETAILS["userid"],$_REQUEST["password1"],$_REQUEST["url"],$_REQUEST["autologout"],$_REQUEST["lang"],$_REQUEST["refresh"]);
47
76
                        show_messages($result, S_USER_UPDATED, S_CANNOT_UPDATE_USER);
48
77
                        if($result)
49
 
                                add_audit(AUDIT_ACTION_UPDATE,AUDIT_RESOURCE_USER,"User ID [".$_REQUEST["userid"]."]");
 
78
                                add_audit(AUDIT_ACTION_UPDATE,AUDIT_RESOURCE_USER,
 
79
                                        "User alias [".$USER_DETAILS["alias"].
 
80
                                        "] name [".$USER_DETAILS["name"]."] surname [".
 
81
                                        $USER_DETAILS["surname"]."] profile id [".$USER_DETAILS["userid"]."]");
50
82
                }
51
83
                else
52
84
                {
53
85
                        show_error_message(S_CANNOT_UPDATE_USER_BOTH_PASSWORDS);
54
86
                }
55
87
        }
56
 
        if(isset($_REQUEST["save"]))
57
 
        {
58
 
                unset($_REQUEST["userid"]);
59
 
        }
60
88
?>
61
 
 
62
89
<?php
63
90
        show_table_header(S_USER_PROFILE_BIG." : ".$USER_DETAILS["name"]." ".$USER_DETAILS["surname"]);
64
91
        echo "<br>";
65
 
?>
66
 
 
67
 
<?php
68
 
        @insert_user_form($USER_DETAILS["userid"],1);
69
 
?>
70
 
 
71
 
<?php
72
 
        show_page_footer();
 
92
        insert_user_form($USER_DETAILS["userid"],1);
 
93
?>
 
94
<?php
 
95
 
 
96
include_once "include/page_footer.php";
 
97
 
73
98
?>