liquid_feedback_frontend

annotate app/main/admin/_action/member_update.lua @ 9:0ee1e0c42d4c

find changesets by author, revision, files, or words in the commit message
Version beta5

Minor security fix: Added missing security filter for admin section. Reading of member listing including login names was possible for all users. Write access has not been possible though.

Changing of name and login is possible while a history of these changes is written and accessible by all users.

Statistics shown in area list

Trimming of user input also converts multiple whitespaces to single space character.
author bsw
date Mon Jan 04 12:00:00 2010 +0100 (2010-01-04)
parents 768faea1096d
children 46351752814f
rev   line source
bsw/jbe@0 1 if not app.session.member.admin then
bsw/jbe@0 2 error('access denied')
bsw/jbe@0 3 end
bsw/jbe@0 4
bsw/jbe@0 5 local id = param.get_id()
bsw/jbe@0 6
bsw/jbe@0 7 local member
bsw/jbe@0 8
bsw/jbe@0 9 if id then
bsw/jbe@0 10 member = Member:new_selector():add_where{"id = ?", id}:single_object_mode():exec()
bsw/jbe@0 11 else
bsw/jbe@0 12 member = Member:new()
bsw/jbe@0 13 end
bsw/jbe@0 14
bsw@3 15 param.update(member, "login", "admin", "name", "active")
bsw/jbe@0 16
bsw/jbe@0 17 local password = param.get("password")
bsw/jbe@0 18 if password == "********" or #password == 0 then
bsw/jbe@0 19 password = nil
bsw/jbe@0 20 end
bsw/jbe@0 21
bsw/jbe@0 22 if password then
bsw/jbe@0 23 member:set_password(password)
bsw/jbe@0 24 end
bsw/jbe@0 25
bsw/jbe@0 26 local err = member:try_save()
bsw/jbe@0 27
bsw/jbe@0 28 if err then
bsw/jbe@0 29 slot.put_into("error", (_("Error while updating member, database reported:<br /><br /> (#{errormessage})"):gsub("#{errormessage}", tostring(err.message))))
bsw/jbe@0 30 return false
bsw/jbe@0 31 else
bsw/jbe@0 32 if id then
bsw/jbe@0 33 slot.put_into("notice", _"Member successfully updated")
bsw/jbe@0 34 else
bsw/jbe@0 35 slot.put_into("notice", _"Member successfully registered")
bsw/jbe@0 36 end
bsw/jbe@0 37 end

Impressum / About Us