300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
|
*/
static int isValidPwString(const char *zPw){
if( zPw==0 ) return 0;
if( zPw[0]==0 ) return 1;
while( zPw[0]=='*' ){ zPw++; }
return zPw[0]!=0;
}
/*
** WEBPAGE: setup_uedit
**
** Edit information about a user or create a new user.
** Requires Admin privileges.
*/
void user_edit(void){
const char *zId, *zLogin, *zInfo, *zCap, *zPw;
const char *zGroup;
const char *zOldLogin;
int uid, i;
char *zDeleteVerify = 0; /* Delete user verification text */
int higherUser = 0; /* True if user being edited is SETUP and the */
/* user doing the editing is ADMIN. Disallow editing */
const char *inherit[128];
int a[128];
const char *oa[128];
/* Must have ADMIN privileges to access this page
*/
login_check_credentials();
if( !g.perm.Admin ){ login_needed(0); return; }
/* Check to see if an ADMIN user is trying to edit a SETUP account.
** Don't allow that.
*/
zId = PD("id", "0");
uid = atoi(zId);
if( zId && !g.perm.Setup && uid>0 ){
char *zOldCaps;
zOldCaps = db_text(0, "SELECT cap FROM user WHERE uid=%d",uid);
higherUser = zOldCaps && strchr(zOldCaps,'s');
}
if( P("can") ){
/* User pressed the cancel button */
cgi_redirect(cgi_referer("setup_ulist"));
return;
}
|
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
>
|
<
>
|
>
|
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
|
*/
static int isValidPwString(const char *zPw){
if( zPw==0 ) return 0;
if( zPw[0]==0 ) return 1;
while( zPw[0]=='*' ){ zPw++; }
return zPw[0]!=0;
}
/*
** Return 1 if user capability string zCaps contains the given
** capability letter, else 0.
*/
static int userCapsContain(const char *zCaps, const char letter){
for( ; zCaps && *zCaps; ++zCaps ){
if( letter==*zCaps ) return 1;
}
return 0;
}
/*
** Return 1 if user capability string zNew contains any capability
** letter which is not in user capability string zOrig, else 0.
*/
static int userCapsAreElevated(const char *zOrig, const char *zNew){
for( ; zNew && *zNew; ++zNew ){
if( !userCapsContain(zOrig, *zNew) ){
return 1;
}
}
return 0;
}
/*
** WEBPAGE: setup_uedit
**
** Edit information about a user or create a new user.
** Requires Admin privileges.
*/
void user_edit(void){
const char *zId, *zLogin, *zInfo, *zCap, *zPw;
const char *zGroup;
const char *zOldLogin;
int uid, i;
char *zOldCaps = 0; /* Capabilities before edit */
char *zDeleteVerify = 0; /* Delete user verification text */
int higherUser = 0; /* True if user being edited is SETUP and the */
/* user doing the editing is ADMIN. Disallow editing */
const char *inherit[128];
int a[128];
const char *oa[128];
/* Must have ADMIN privileges to access this page
*/
login_check_credentials();
if( !g.perm.Admin ){ login_needed(0); return; }
/* Check to see if an ADMIN user is trying to edit a SETUP account.
** Don't allow that.
*/
zId = PD("id", "0");
uid = atoi(zId);
if( uid>0 ){
zOldCaps = db_text(0, "SELECT cap FROM user WHERE uid=%d",uid);
if( zId && !g.perm.Setup ){
higherUser = zOldCaps && strchr(zOldCaps,'s');
}
}
if( P("can") ){
/* User pressed the cancel button */
cgi_redirect(cgi_referer("setup_ulist"));
return;
}
|
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
|
db_multi_exec("UPDATE subscriber SET suname=%Q WHERE suname=%Q",
zLogin, zOldLogin);
}
admin_log( "Renamed user [%q] to [%q].", zOldLogin, zLogin );
}
db_protect_pop();
setup_incr_cfgcnt();
admin_log( "Updated user [%q] with capabilities [%q].",
zLogin, &aCap[0] );
if( atoi(PD("all","0"))>0 ){
Blob sql;
char *zErr = 0;
blob_zero(&sql);
if( zOldLogin==0 ){
blob_appendf(&sql,
"INSERT INTO user(login)"
|
|
|
>
>
>
|
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
|
db_multi_exec("UPDATE subscriber SET suname=%Q WHERE suname=%Q",
zLogin, zOldLogin);
}
admin_log( "Renamed user [%q] to [%q].", zOldLogin, zLogin );
}
db_protect_pop();
setup_incr_cfgcnt();
admin_log( "Updated user [%q] with%s capabilities [%q].",
zLogin,
userCapsAreElevated(zOldCaps, &aCap[0])
? " elevated" : "",
&aCap[0] );
if( atoi(PD("all","0"))>0 ){
Blob sql;
char *zErr = 0;
blob_zero(&sql);
if( zOldLogin==0 ){
blob_appendf(&sql,
"INSERT INTO user(login)"
|
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
|
return;
}
/* Load the existing information about the user, if any
*/
zLogin = "";
zInfo = "";
zCap = "";
zPw = "";
for(i='a'; i<='z'; i++) oa[i] = "";
for(i='0'; i<='9'; i++) oa[i] = "";
for(i='A'; i<='Z'; i++) oa[i] = "";
if( uid ){
zLogin = db_text("", "SELECT login FROM user WHERE uid=%d", uid);
zInfo = db_text("", "SELECT info FROM user WHERE uid=%d", uid);
|
|
|
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
|
return;
}
/* Load the existing information about the user, if any
*/
zLogin = "";
zInfo = "";
zCap = zOldCaps;
zPw = "";
for(i='a'; i<='z'; i++) oa[i] = "";
for(i='0'; i<='9'; i++) oa[i] = "";
for(i='A'; i<='Z'; i++) oa[i] = "";
if( uid ){
zLogin = db_text("", "SELECT login FROM user WHERE uid=%d", uid);
zInfo = db_text("", "SELECT info FROM user WHERE uid=%d", uid);
|