liquid_feedback_frontend: 0ee1e0c42d4c app/main/admin/_action/member

liquid_feedback_frontend

view app/main/admin/_action/member_update.lua @ 9:0ee1e0c42d4c

Version beta5

Minor security fix: Added missing security filter for admin section. Reading of member listing including login names was possible for all users. Write access has not been possible though.

Changing of name and login is possible while a history of these changes is written and accessible by all users.

Statistics shown in area list

Trimming of user input also converts multiple whitespaces to single space character.

author	bsw
date	Mon Jan 04 12:00:00 2010 +0100 (2010-01-04)
parents	768faea1096d
children	46351752814f

line source

1 if not app.session.member.admin then

2 error('access denied')

3 end

5 local id = param.get_id()

7 local member

9 if id then

10 member = Member:new_selector():add_where{"id = ?", id}:single_object_mode():exec()

11 else

12 member = Member:new()

13 end

15 param.update(member, "login", "admin", "name", "active")

17 local password = param.get("password")

18 if password == "********" or #password == 0 then

19 password = nil

20 end

22 if password then

23 member:set_password(password)

24 end

26 local err = member:try_save()

28 if err then

29 slot.put_into("error", (_("Error while updating member, database reported:<br /><br /> (#{errormessage})"):gsub("#{errormessage}", tostring(err.message))))

30 return false

31 else

32 if id then

33 slot.put_into("notice", _"Member successfully updated")

34 else

35 slot.put_into("notice", _"Member successfully registered")

36 end

37 end