Fix #22 - disable user button added

This commit is contained in:
Vojtěch Sajdl 2018-03-10 00:07:40 +01:00
parent 2f51eb4227
commit 5afda409c1
No known key found for this signature in database
GPG Key ID: 5D4EB1361A272390
5 changed files with 28 additions and 14 deletions

View File

@ -13,7 +13,7 @@ Template::render_header(_("Lost password"));
$user->change_password($_POST['token']); $user->change_password($_POST['token']);
if (isset($message)){?> if (isset($message)){?>
<p class="alert alert-danger"><?php echo $message?></p> <p class="alert alert-danger"><?php echo $message?></p>
<a href="<?php echo WEB_URL;?>/admin/?do=lost-password<?php echo "&amp;id=".$_POST['id']."&amp;token=".$_POST['token'];?>"><?php echo _("Go back");?> </a> <a href="<?php echo WEB_URL;?>/admin/?do=lost-password<?php echo "&id=".$_POST['id']."&token=".$_POST['token'];?>"><?php echo _("Go back");?> </a>
<?php <?php
} }
else{?> else{?>

View File

@ -9,7 +9,7 @@ Template::render_header(_("New user"), true); ?>
<h2>Add new user</h2> <h2>Add new user</h2>
</div> </div>
<form action="<?php echo WEB_URL;?>/admin/?do=new-user&amp;new=user" method="POST" class="form-horizontal"> <form action="<?php echo WEB_URL;?>/admin/?do=new-use&new=user" method="POST" class="form-horizontal">
<?php if (isset($message)) <?php if (isset($message))
{?> {?>
<p class="alert alert-danger"><?php echo $message?></p> <p class="alert alert-danger"><?php echo $message?></p>

View File

@ -22,7 +22,7 @@ if (isset($message)){
<section> <section>
<h3 class="pull-left"><?php echo _("Services");?></h3> <h3 class="pull-left"><?php echo _("Services");?></h3>
<?php if ($user->get_rank() <= 1){?> <?php if ($user->get_rank() <= 1){?>
<form action="?do=settings&amp;new=service" method="post"> <form action="?do=settings&new=service" method="post">
<div class="input-group pull-right new-service"> <div class="input-group pull-right new-service">
<input class="form-control" name="service" placeholder="Name" type="text" value="<?php echo ((isset($_POST['service']))?htmlspecialchars($_POST['service']):''); ?>" maxlength="50" required> <input class="form-control" name="service" placeholder="Name" type="text" value="<?php echo ((isset($_POST['service']))?htmlspecialchars($_POST['service']):''); ?>" maxlength="50" required>
<span class="input-group-btn"> <span class="input-group-btn">
@ -52,7 +52,7 @@ while($result = $query->fetch_assoc())
echo "<td>".$result['name']."</td>"; echo "<td>".$result['name']."</td>";
if ($user->get_rank()<=1) if ($user->get_rank()<=1)
{ {
echo '<td><a href="'.WEB_URL.'/admin/?do=settings&amp;delete='.$result['id'].'" class="pull-right delete-service"><i class="fa fa-trash"></i></a></td>'; echo '<td><a href="'.WEB_URL.'/admin/?do=settings&delete='.$result['id'].'" class="pull-right delete-service"><i class="fa fa-trash"></i></a></td>';
} }
echo "</tr>"; echo "</tr>";
}?> }?>
@ -74,7 +74,7 @@ while($result = $query->fetch_assoc())
{ {
echo "<tr>"; echo "<tr>";
echo "<td>".$result['id']."</td>"; echo "<td>".$result['id']."</td>";
echo "<td><a href='".WEB_URL."/admin/?do=user&amp;id=".$result['id']."'>".$result['username']."</a></td>"; echo "<td><a href='".WEB_URL."/admin/?do=user&id=".$result['id']."'>".$result['username']."</a></td>";
echo "<td>".$result['name']."</td>"; echo "<td>".$result['name']."</td>";
echo "<td>".$result['surname']."</td>"; echo "<td>".$result['surname']."</td>";
echo "<td><a href=\"mailto:".$result['email']."\">".$result['email']."</a></td>"; echo "<td><a href=\"mailto:".$result['email']."\">".$result['email']."</a></td>";

View File

@ -39,7 +39,7 @@ class Constellation
{ {
if ($offset) if ($offset)
{ {
echo '<noscript><div class="centered"><a href="'.WEB_URL.'/?offset='.($offset-$limit+1).'&amp;timestamp='.$timestamp.'" class="btn btn-default">'._("Back").'</a></div></noscript>'; echo '<noscript><div class="centered"><a href="'.WEB_URL.'/?offset='.($offset-$limit+1).'&timestamp='.$timestamp.'" class="btn btn-default">'._("Back").'</a></div></noscript>';
} }
echo "<h3>"._("Past incidents")."</h3>"; echo "<h3>"._("Past incidents")."</h3>";
} }
@ -59,7 +59,7 @@ class Constellation
} }
if ($show) if ($show)
{ {
echo '<div class="centered"><a href="'.WEB_URL.'/?offset='.($offset).'&amp;timestamp='.$timestamp.'" id="loadmore" class="btn btn-default">'._("Load more").'</a></div>'; echo '<div class="centered"><a href="'.WEB_URL.'/?offset='.($offset).'&timestamp='.$timestamp.'" id="loadmore" class="btn btn-default">'._("Load more").'</a></div>';
} }
} }
} }

View File

@ -97,7 +97,7 @@ class User
$stmt->bind_param("i", $this->id); $stmt->bind_param("i", $this->id);
$stmt->execute(); $stmt->execute();
$stmt->close(); $stmt->close();
header("Location: ".WEB_URL."/admin/?do=user&amp;id=".$id); header("Location: ".WEB_URL."/admin/?do=user&id=".$id);
}else{ }else{
$message = _("You don't have the permission to do that!"); $message = _("You don't have the permission to do that!");
} }
@ -317,14 +317,14 @@ class User
<div class="col-md-2 col-md-offset-2"><strong><?php echo _("Username");?></strong></div> <div class="col-md-2 col-md-offset-2"><strong><?php echo _("Username");?></strong></div>
<div class="col-md-6"><?php echo $this->username." "; if ($this->id!=$_SESSION['user'] && $user->get_rank()<=1 && ($user->get_rank()<$this->rank)) <div class="col-md-6"><?php echo $this->username." "; if ($this->id!=$_SESSION['user'] && $user->get_rank()<=1 && ($user->get_rank()<$this->rank))
{ {
echo "<a href='".WEB_URL."/admin/?do=user&amp;id=".$this->id."&amp;what=toggle'>"; echo "<a href='".WEB_URL."/admin/?do=user&id=".$this->id."&what=toggle'>";
echo "<i class='fa fa-".($this->active?"check success":"times danger")."'></i></a>"; echo "<i class='fa fa-".($this->active?"check success":"times danger")."'></i></a>";
}else{ }else{
echo "<i class='fa fa-".($this->active?"check success":"times danger")."'></i>"; echo "<i class='fa fa-".($this->active?"check success":"times danger")."'></i>";
}?></div> }?></div>
</div> </div>
<form action="<?php echo WEB_URL;?>/admin/?do=user&amp;id=<?php echo $this->id; ?>" method="POST"> <form action="<?php echo WEB_URL;?>/admin/?do=user&id=<?php echo $this->id; ?>" method="POST">
<div class="row"> <div class="row">
<div class="col-md-2 col-md-offset-2"><strong><?php echo _("Role");?></strong></div> <div class="col-md-2 col-md-offset-2"><strong><?php echo _("Role");?></strong></div>
<div class="col-md-6"><?php if ($user->get_rank() == 0 && $this->id != $_SESSION['user']){?> <div class="input-group"><select class="form-control" name="permission"><?php foreach ($permissions as $key => $value) { <div class="col-md-6"><?php if ($user->get_rank() == 0 && $this->id != $_SESSION['user']){?> <div class="input-group"><select class="form-control" name="permission"><?php foreach ($permissions as $key => $value) {
@ -379,7 +379,21 @@ class User
</div> </div>
<?php <?php
} }
if ($this->id!=$_SESSION['user'] && $user->get_rank()<=1 && ($user->get_rank()<$this->rank))
{?>
<div class="row">
<div class="col-md-2 col-md-offset-2"></div>
<div class="col-md-6">
<?php
if ($this->active){
echo '<a href="'.WEB_URL.'/admin/?do=user&id='.$this->id.'&what=toggle" class="btn btn-danger">'._("Deactivate user")."</a>";
}else{
echo '<a href="'.WEB_URL.'/admin/?do=user&id='.$this->id.'&what=toggle" class="btn btn-success">'._("Activate user")."</a>";
}
?>
</div>
</div>
<?php }
} }
/** /**
@ -484,7 +498,7 @@ class User
$token = Token::add($id, 'passwd', $time); $token = Token::add($id, 'passwd', $time);
$link = WEB_URL."/admin/?do=lost-password&amp;id=$id&amp;token=$token"; $link = WEB_URL."/admin/?do=lost-password&id=$id&token=$token";
$to = $email; $to = $email;
$user = new User($id); $user = new User($id);
$subject = _('Reset password') . ' - '.NAME; $subject = _('Reset password') . ' - '.NAME;
@ -510,7 +524,7 @@ class User
$token = Token::add($id, 'email;$email', $time); $token = Token::add($id, 'email;$email', $time);
$link = WEB_URL."/admin/?do=change-email&amp;id=$id&amp;token=$token"; $link = WEB_URL."/admin/?do=change-email&id=$id&token=$token";
$to = $email; $to = $email;
$subject = _('Email change').' - '.NAME; $subject = _('Email change').' - '.NAME;
$msg = sprintf(_( "Hi %s!<br>Below you will find link to change your email. The link is valid for 24hrs. If you didn't request this, feel free to ignore it. <br><br><a href=\"%s\">CHANGE EMAIL</a><br><br>If the link doesn't work, copy &amp; paste it into your browser: <br>%s"), $user->get_name(), $link, $link); $msg = sprintf(_( "Hi %s!<br>Below you will find link to change your email. The link is valid for 24hrs. If you didn't request this, feel free to ignore it. <br><br><a href=\"%s\">CHANGE EMAIL</a><br><br>If the link doesn't work, copy &amp; paste it into your browser: <br>%s"), $user->get_name(), $link, $link);
@ -588,7 +602,7 @@ class User
$stmt = $mysqli->prepare("UPDATE users SET permission=? WHERE id=?"); $stmt = $mysqli->prepare("UPDATE users SET permission=? WHERE id=?");
$stmt->bind_param("si", $permission, $id); $stmt->bind_param("si", $permission, $id);
$stmt->execute(); $stmt->execute();
header("Location: ".WEB_URL."/admin/?do=user&amp;id=".$id); header("Location: ".WEB_URL."/admin/?do=user&id=".$id);
} }
else{ else{
$message = _("You don't have permission to do that!"); $message = _("You don't have permission to do that!");