chamilo
/
chamilo-lms
mirror of https://github.com/chamilo/chamilo-lms/tree/1.11.x
2
0
Fork 0
Code Issues Projects Releases Wiki Activity

[svn r9981] replace $_uid with $_user['user_id']

Browse Source
skala
Patrick Cool 19 years ago
parent 52c04c17c6
commit 8a5e4ab91a
1 changed files with 16 additions and 15 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 19
      main/admin/user_list.php

19
main/admin/user_list.php
Unescape View File

@ -1,6 +1,6 @@
<?php <?php
// $Id: user_list.php 9555 2006-10-18 10:05:15Z elixir_inter $ // $Id: user_list.php 9981 2006-11-15 00:05:16Z pcool $
/* /*
============================================================================== ==============================================================================
Dokeos - elearning and course management software Dokeos - elearning and course management software
@ -49,7 +49,7 @@ api_protect_admin_script();
function login_user($user_id) function login_user($user_id)
{ {
//init --------------------------------------------------------------------- //init ---------------------------------------------------------------------
global $_uid, $uidReset, $loginFailed, $uidReset, $is_trackingEnabled, $_user; global $uidReset, $loginFailed, $uidReset, $is_trackingEnabled, $_user;
global $is_platformAdmin, $is_allowedCreateCourse; global $is_platformAdmin, $is_allowedCreateCourse;
$main_user_table = Database :: get_main_table(MAIN_USER_TABLE); $main_user_table = Database :: get_main_table(MAIN_USER_TABLE);
@ -57,7 +57,7 @@ function login_user($user_id)
$track_e_login_table = Database :: get_statistic_table(STATISTIC_TRACK_E_LOGIN_TABLE); $track_e_login_table = Database :: get_statistic_table(STATISTIC_TRACK_E_LOGIN_TABLE);
//logic -------------------------------------------------------------------- //logic --------------------------------------------------------------------
//unset($_uid); // uid not in session ? prevent any hacking //unset($_user['user_id']); // uid not in session ? prevent any hacking
if (!isset ($user_id)) if (!isset ($user_id))
{ {
@ -93,7 +93,7 @@ function login_user($user_id)
ON user.user_id = a.user_id ON user.user_id = a.user_id
LEFT JOIN $track_e_login_table login LEFT JOIN $track_e_login_table login
ON user.user_id = login.login_user_id ON user.user_id = login.login_user_id
WHERE user.user_id = '$_uid' WHERE user.user_id = '".$_user['user_id']."'
ORDER BY login.login_date DESC LIMIT 1"; ORDER BY login.login_date DESC LIMIT 1";
} }
else else
@ -102,7 +102,7 @@ function login_user($user_id)
FROM $main_user_table FROM $main_user_table
LEFT JOIN $main_admin_table a LEFT JOIN $main_admin_table a
ON user.user_id = a.user_id ON user.user_id = a.user_id
WHERE user.user_id = '$_uid'"; WHERE user.user_id = '".$_user['user_id']."'";
} }
$sql_result = api_sql_query($sql_query, __FILE__, __LINE__); $sql_result = api_sql_query($sql_query, __FILE__, __LINE__);
@ -119,6 +119,7 @@ function login_user($user_id)
$_user['lastLogin'] = $user_data['login_date']; $_user['lastLogin'] = $user_data['login_date'];
$_user['official_code'] = $user_data['official_code']; $_user['official_code'] = $user_data['official_code'];
$_user['picture_uri'] = $user_data['picture_uri']; $_user['picture_uri'] = $user_data['picture_uri'];
$_user['user_id'] = $user_data['user_id'];
$is_platformAdmin = (bool) (!is_null($user_data['is_admin'])); $is_platformAdmin = (bool) (!is_null($user_data['is_admin']));
$is_allowedCreateCourse = (bool) ($user_data['status'] == 1); $is_allowedCreateCourse = (bool) ($user_data['status'] == 1);
@ -269,7 +270,7 @@ function modify_filter($user_id,$url_params)
*/ */
function active_filter($active, $url_params, $row) function active_filter($active, $url_params, $row)
{ {
global $_uid; global $_user;
if ($active=='1') if ($active=='1')
{ {
@ -282,7 +283,7 @@ function active_filter($active, $url_params, $row)
$image='wrong'; $image='wrong';
} }
if ($row['0']<>$_uid) // you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore. if ($row['0']<>$_user['user_id']) // you cannot lock yourself out otherwise you could disable all the accounts including your own => everybody is locked out and nobody can change it anymore.
{ {
$result = '<a href="user_list.php?action='.$action.'&amp;user_id='.$row['0'].'&amp;'.$url_params.'"><img src="../img/'.$image.'.gif" border="0" style="vertical-align: middle;" alt="'.get_lang($action).'" title="'.get_lang($action).'"/></a>'; $result = '<a href="user_list.php?action='.$action.'&amp;user_id='.$row['0'].'&amp;'.$url_params.'"><img src="../img/'.$image.'.gif" border="0" style="vertical-align: middle;" alt="'.get_lang($action).'" title="'.get_lang($action).'"/></a>';
} }
@ -381,7 +382,7 @@ else
Display :: display_normal_message(stripslashes($_GET['message'])); Display :: display_normal_message(stripslashes($_GET['message']));
break; break;
case 'delete_user' : case 'delete_user' :
if ($user_id != $_uid && UserManager :: delete_user($_GET['user_id'])) if ($user_id != $_user['user_id'] && UserManager :: delete_user($_GET['user_id']))
{ {
Display :: display_normal_message(get_lang('UserDeleted')); Display :: display_normal_message(get_lang('UserDeleted'));
} }
@ -410,7 +411,7 @@ else
$number_of_deleted_users = 0; $number_of_deleted_users = 0;
foreach ($_POST['id'] as $index => $user_id) foreach ($_POST['id'] as $index => $user_id)
{ {
if($user_id != $_uid) if($user_id != $_user['user_id'])
{ {
if(UserManager :: delete_user($user_id)) if(UserManager :: delete_user($user_id))
{ {

Write Preview
Loading…
Cancel
Save