diff options
| author | vincent-peugnet <v.peugnet@free.fr> | 2019-01-08 02:50:43 +0100 |
|---|---|---|
| committer | vincent-peugnet <v.peugnet@free.fr> | 2019-01-08 02:50:43 +0100 |
| commit | efab4af451c4759d4ea860741c6a27a997137fb6 (patch) | |
| tree | 0fbc9b9a065cec3e678b379b9105e631fa96d649 /app/class | |
| parent | e7747bf975a8523be7756a71d1b5166f5229363b (diff) | |
| download | wcms-efab4af451c4759d4ea860741c6a27a997137fb6.tar.gz wcms-efab4af451c4759d4ea860741c6a27a997137fb6.zip | |
fix user update admin
Diffstat (limited to 'app/class')
| -rw-r--r-- | app/class/application.php | 7 | ||||
| -rw-r--r-- | app/class/controlleruser.php | 13 |
2 files changed, 11 insertions, 9 deletions
diff --git a/app/class/application.php b/app/class/application.php index 926db20..07db776 100644 --- a/app/class/application.php +++ b/app/class/application.php @@ -29,10 +29,9 @@ class Application header('Location: ./'); exit; } - } elseif(isset($_POST['userinit'])) { + } elseif(isset($_POST['userinit']) && !empty($_POST['userinit']['id']) && !empty($_POST['userinit']['password'])) { $userdata = $_POST['userinit']; $userdata['level'] = 10; - //$userdata['id'] = idclean($userdata['id']); $user = new User($userdata); $this->usermanager->add($user); header('Location: ./'); @@ -108,14 +107,14 @@ class Application <h2> <label for="id">Your identifiant</label> </h2> - <input type="text" name="userinit[id]" value="<?= Config::admin() ?>" id="admin" maxlength="64"> + <input type="text" name="userinit[id]" id="admin" maxlength="64" required> <p><i>Your user id as the first administrator.</i></p> </div> <div> <h2> <label for="password">Your password</label> </h2> - <input type="password" name="userinit[password]" value="<?= Config::admin() ?>" id="admin" minlength="4" maxlength="64"> + <input type="password" name="userinit[password]" id="password" minlength="4" maxlength="64" required> <p><i>Your user passworder as first administrator.</i></p> </div> <input type="submit" value="set"> diff --git a/app/class/controlleruser.php b/app/class/controlleruser.php index 7863956..495fab5 100644 --- a/app/class/controlleruser.php +++ b/app/class/controlleruser.php @@ -58,15 +58,18 @@ class Controlleruser extends Controller case 'update': $user = $this->usermanager->get($_POST['id']); - $user->hydrate($_POST); - if(empty($user->id())) { + $userupdate = clone $user; + $userupdate->hydrate($_POST); + if(empty($userupdate->id())) { $this->routedirectget('user', ['error' => 'wrong_id']); - } elseif (!empty($_POST['password']) && (empty($user->password()) || $this->usermanager->passwordexist($user->password()))) { + } elseif (!empty($_POST['password']) && (empty($userupdate->password()) || $this->usermanager->passwordexist($userupdate->password()))) { $this->routedirectget('user', ['error' => 'change_password']); - } elseif (empty($user->level())) { + } elseif (empty($userupdate->level())) { $this->routedirectget('user', ['error' => 'wrong_level']); + } elseif ($user->level() === 10 && $userupdate->level() !== 10) { + $this->routedirectget('user', ['error' => 'cant_edit_yourself']); } else { - $this->usermanager->add($user); + $this->usermanager->add($userupdate); $this->routedirect('user'); } } |