|
35 | 35 | if ($conf->ldap->enabled) require_once(DOL_DOCUMENT_ROOT."/lib/ldap.class.php"); |
36 | 36 | if ($conf->adherent->enabled) require_once(DOL_DOCUMENT_ROOT."/adherents/class/adherent.class.php"); |
37 | 37 |
|
| 38 | +$id=GETPOST('id','int'); |
| 39 | +$action=GETPOST("action"); |
| 40 | +$group=GETPOST("group","int",3); |
| 41 | +$confirm=GETPOST("confirm"); |
| 42 | + |
38 | 43 | // Define value to know what current user can do on users |
39 | 44 | $canadduser=($user->admin || $user->rights->user->user->creer); |
40 | 45 | $canreaduser=($user->admin || $user->rights->user->user->lire); |
|
48 | 53 | $caneditgroup=($user->admin || $user->rights->user->group_advance->write); |
49 | 54 | } |
50 | 55 | // Define value to know what current user can do on properties of edited user |
51 | | -if ($_GET["id"]) |
| 56 | +if ($id) |
52 | 57 | { |
53 | | - // $user est le user qui edite, $_GET["id"] est l'id de l'utilisateur edite |
54 | | - $caneditfield=( (($user->id == $_GET["id"]) && $user->rights->user->self->creer) |
55 | | - || (($user->id != $_GET["id"]) && $user->rights->user->user->creer) ); |
56 | | - $caneditpassword=( (($user->id == $_GET["id"]) && $user->rights->user->self->password) |
57 | | - || (($user->id != $_GET["id"]) && $user->rights->user->user->password) ); |
| 58 | + // $user est le user qui edite, $id est l'id de l'utilisateur edite |
| 59 | + $caneditfield=( (($user->id == $id) && $user->rights->user->self->creer) |
| 60 | + || (($user->id != $id) && $user->rights->user->user->creer) ); |
| 61 | + $caneditpassword=( (($user->id == $id) && $user->rights->user->self->password) |
| 62 | + || (($user->id != $id) && $user->rights->user->user->password) ); |
58 | 63 | } |
59 | 64 |
|
60 | | -$action=GETPOST("action"); |
61 | | -$group=GETPOST("group","int",3); |
62 | | -$confirm=GETPOST("confirm"); |
63 | | - |
64 | 65 | // Security check |
65 | 66 | $socid=0; |
66 | 67 | if ($user->societe_id > 0) $socid = $user->societe_id; |
67 | 68 | $feature2='user'; |
68 | | -if ($user->id == $_GET["id"]) { $feature2=''; $canreaduser=1; } // A user can always read its own card |
69 | | -$result = restrictedArea($user, 'user', $_GET["id"], '', $feature2); |
70 | | -if ($user->id <> $_GET["id"] && ! $canreaduser) accessforbidden(); |
| 69 | +if ($user->id == $id) { $feature2=''; $canreaduser=1; } // A user can always read its own card |
| 70 | +$result = restrictedArea($user, 'user', $id, '', $feature2); |
| 71 | +if ($user->id <> $id && ! $canreaduser) accessforbidden(); |
71 | 72 |
|
72 | 73 | $langs->load("users"); |
73 | 74 | $langs->load("companies"); |
|
82 | 83 | if ($_GET["subaction"] == 'addrights' && $canedituser) |
83 | 84 | { |
84 | 85 | $edituser = new User($db); |
85 | | - $edituser->fetch($_GET["id"]); |
| 86 | + $edituser->fetch($id); |
86 | 87 | $edituser->addrights($_GET["rights"]); |
87 | 88 | } |
88 | 89 |
|
89 | 90 | if ($_GET["subaction"] == 'delrights' && $canedituser) |
90 | 91 | { |
91 | 92 | $edituser = new User($db); |
92 | | - $edituser->fetch($_GET["id"]); |
| 93 | + $edituser->fetch($id); |
93 | 94 | $edituser->delrights($_GET["rights"]); |
94 | 95 | } |
95 | 96 |
|
96 | 97 | if ($action == 'confirm_disable' && $confirm == "yes" && $candisableuser) |
97 | 98 | { |
98 | | - if ($_GET["id"] <> $user->id) |
| 99 | + if ($id <> $user->id) |
99 | 100 | { |
100 | 101 | $edituser = new User($db); |
101 | | - $edituser->fetch($_GET["id"]); |
| 102 | + $edituser->fetch($id); |
102 | 103 | $edituser->setstatus(0); |
103 | | - Header("Location: ".DOL_URL_ROOT.'/user/fiche.php?id='.$_GET["id"]); |
| 104 | + Header("Location: ".DOL_URL_ROOT.'/user/fiche.php?id='.$id); |
104 | 105 | exit; |
105 | 106 | } |
106 | 107 | } |
107 | 108 | if ($action == 'confirm_enable' && $confirm == "yes" && $candisableuser) |
108 | 109 | { |
109 | | - if ($_GET["id"] <> $user->id) |
| 110 | + if ($id <> $user->id) |
110 | 111 | { |
111 | 112 | $message=''; |
112 | 113 |
|
113 | 114 | $edituser = new User($db); |
114 | | - $edituser->fetch($_GET["id"]); |
| 115 | + $edituser->fetch($id); |
115 | 116 |
|
116 | 117 | if (!empty($conf->file->main_limit_users)) |
117 | 118 | { |
|
125 | 126 | if (! $message) |
126 | 127 | { |
127 | 128 | $edituser->setstatus(1); |
128 | | - Header("Location: ".DOL_URL_ROOT.'/user/fiche.php?id='.$_GET["id"]); |
| 129 | + Header("Location: ".DOL_URL_ROOT.'/user/fiche.php?id='.$id); |
129 | 130 | exit; |
130 | 131 | } |
131 | 132 | } |
132 | 133 | } |
133 | 134 |
|
134 | 135 | if ($action == 'confirm_delete' && $confirm == "yes" && $candisableuser) |
135 | 136 | { |
136 | | - if ($_GET["id"] <> $user->id) |
| 137 | + if ($id <> $user->id) |
137 | 138 | { |
138 | 139 | $edituser = new User($db); |
139 | | - $edituser->id=$_GET["id"]; |
| 140 | + $edituser->id=$id; |
140 | 141 | $result = $edituser->delete(); |
141 | 142 | if ($result < 0) |
142 | 143 | { |
|
232 | 233 | $editgroup->oldcopy=dol_clone($editgroup); |
233 | 234 |
|
234 | 235 | $edituser = new User($db); |
235 | | - $edituser->fetch($_GET["id"]); |
| 236 | + $edituser->fetch($id); |
236 | 237 | if ($action == 'addgroup') $edituser->SetInGroup($group,GETPOST('entity')); |
237 | 238 | if ($action == 'removegroup') $edituser->RemoveFromGroup($group,GETPOST('entity')); |
238 | 239 |
|
239 | 240 | if ($result > 0) |
240 | 241 | { |
241 | | - header("Location: fiche.php?id=".$_GET["id"]); |
| 242 | + header("Location: fiche.php?id=".$id); |
242 | 243 | exit; |
243 | 244 | } |
244 | 245 | else |
|
271 | 272 | { |
272 | 273 | $db->begin(); |
273 | 274 | $edituser = new User($db); |
274 | | - $edituser->fetch($_GET["id"]); |
| 275 | + $edituser->fetch($id); |
275 | 276 |
|
276 | 277 | $edituser->oldcopy=dol_clone($edituser); |
277 | 278 |
|
|
360 | 361 | else if ($caneditpassword) // Case we can edit only password |
361 | 362 | { |
362 | 363 | $edituser = new User($db); |
363 | | - $edituser->fetch($_GET["id"]); |
| 364 | + $edituser->fetch($id); |
364 | 365 |
|
365 | 366 | $edituser->oldcopy=dol_clone($edituser); |
366 | 367 |
|
|
377 | 378 | || ($action == 'confirm_passwordsend' && $confirm == 'yes')) && $caneditpassword) |
378 | 379 | { |
379 | 380 | $edituser = new User($db); |
380 | | - $edituser->fetch($_GET["id"]); |
| 381 | + $edituser->fetch($id); |
381 | 382 |
|
382 | 383 | $newpassword=$edituser->setPassword($user,''); |
383 | 384 | if ($newpassword < 0) |
|
800 | 801 | /* */ |
801 | 802 | /* ************************************************************************** */ |
802 | 803 |
|
803 | | - if ($_GET["id"]) |
| 804 | + if ($id) |
804 | 805 | { |
805 | 806 | $fuser = new User($db); |
806 | | - $fuser->fetch($_GET["id"]); |
| 807 | + $fuser->fetch($id); |
807 | 808 |
|
808 | 809 | // Connexion ldap |
809 | 810 | // pour recuperer passDoNotExpire et userChangePassNextLogon |
|
1169 | 1170 | // Si on a un gestionnaire de generation de mot de passe actif |
1170 | 1171 | if ($conf->global->USER_PASSWORD_GENERATED != 'none') |
1171 | 1172 | { |
1172 | | - if (($user->id != $_GET["id"] && $caneditpassword) && $fuser->login && !$fuser->ldap_sid && |
| 1173 | + if (($user->id != $id && $caneditpassword) && $fuser->login && !$fuser->ldap_sid && |
1173 | 1174 | (empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity))) |
1174 | 1175 | { |
1175 | 1176 | print '<a class="butAction" href="fiche.php?id='.$fuser->id.'&action=password">'.$langs->trans("ReinitPassword").'</a>'; |
1176 | 1177 | } |
1177 | 1178 |
|
1178 | | - if (($user->id != $_GET["id"] && $caneditpassword) && $fuser->login && !$fuser->ldap_sid && |
| 1179 | + if (($user->id != $id && $caneditpassword) && $fuser->login && !$fuser->ldap_sid && |
1179 | 1180 | (empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity)) ) |
1180 | 1181 | { |
1181 | 1182 | if ($fuser->email) print '<a class="butAction" href="fiche.php?id='.$fuser->id.'&action=passwordsend">'.$langs->trans("SendNewPassword").'</a>'; |
|
1184 | 1185 | } |
1185 | 1186 |
|
1186 | 1187 | // Activer |
1187 | | - if ($user->id <> $_GET["id"] && $candisableuser && $fuser->statut == 0 && |
| 1188 | + if ($user->id <> $id && $candisableuser && $fuser->statut == 0 && |
1188 | 1189 | (empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity)) ) |
1189 | 1190 | { |
1190 | 1191 | print '<a class="butAction" href="fiche.php?id='.$fuser->id.'&action=enable">'.$langs->trans("Reactivate").'</a>'; |
1191 | 1192 | } |
1192 | 1193 | // Desactiver |
1193 | | - if ($user->id <> $_GET["id"] && $candisableuser && $fuser->statut == 1 && |
| 1194 | + if ($user->id <> $id && $candisableuser && $fuser->statut == 1 && |
1194 | 1195 | (empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity)) ) |
1195 | 1196 | { |
1196 | 1197 | print '<a class="butActionDelete" href="fiche.php?action=disable&id='.$fuser->id.'">'.$langs->trans("DisableUser").'</a>'; |
1197 | 1198 | } |
1198 | 1199 | // Delete |
1199 | | - if ($user->id <> $_GET["id"] && $candisableuser && |
| 1200 | + if ($user->id <> $id && $candisableuser && |
1200 | 1201 | (empty($conf->multicompany->enabled) || ($fuser->entity == $conf->entity)) ) |
1201 | 1202 | { |
1202 | 1203 | print '<a class="butActionDelete" href="fiche.php?action=delete&id='.$fuser->id.'">'.$langs->trans("DeleteUser").'</a>'; |
|
1232 | 1233 | if ($caneditgroup) |
1233 | 1234 | { |
1234 | 1235 | $form = new Form($db); |
1235 | | - print '<form action="fiche.php?id='.$_GET["id"].'" method="post">'."\n"; |
| 1236 | + print '<form action="fiche.php?id='.$id.'" method="post">'."\n"; |
1236 | 1237 | print '<input type="hidden" name="token" value="'.$_SESSION['newtoken'].'">'; |
1237 | 1238 | print '<input type="hidden" name="action" value="addgroup">'; |
1238 | 1239 | print '<input type="hidden" name="entity" value="'.$conf->entity.'">'; |
|
0 commit comments