Permalink
Browse files

admin/user.php is now using sesskey.

  • Loading branch information...
1 parent c6ad74f commit b0fbbd20f624a932c28b0cb400d1b4cb7124ac8c stronk7 committed Oct 3, 2004
Showing with 8 additions and 8 deletions.
  1. +1 −1 admin/index.php
  2. +6 −6 admin/user.php
  3. +1 −1 admin/users.php
View
2 admin/index.php
@@ -299,7 +299,7 @@
get_string("adminhelpauthentication")."</font><br />";
$userdata .= "<font size=+1>&nbsp;</font><a href=\"user.php\">".get_string("edituser")."</a> - <font size=1>".
get_string("adminhelpedituser")."</font><br />";
- $userdata .= "<font size=+1>&nbsp;</font><a href=\"$CFG->wwwroot/$CFG->admin/user.php?newuser=true\">".
+ $userdata .= "<font size=+1>&nbsp;</font><a href=\"$CFG->wwwroot/$CFG->admin/user.php?newuser=true&sesskey=$USER->sesskey\">".
get_string("addnewuser")."</a> - <font size=1>".
get_string("adminhelpaddnewuser")."</font><br />";
$userdata .= "<font size=+1>&nbsp;</font><a href=\"$CFG->wwwroot/$CFG->admin/uploaduser.php?sesskey=$USER->sesskey\">".
View
12 admin/user.php
@@ -78,7 +78,7 @@
error("You must be an administrator to edit users this way.");
}
- if ($newuser) { // Create a new user
+ if ($newuser and confirm_sesskey()) { // Create a new user
$user->auth = "manual";
$user->firstname = "";
$user->lastname = "";
@@ -135,7 +135,7 @@
notify(get_string("usernotconfirmed", "", fullname($user, true)));
}
- } else if ($delete) { // Delete a selected user, after confirmation
+ } else if ($delete and confirm_sesskey()) { // Delete a selected user, after confirmation
if (!$user = get_record("user", "id", "$delete")) {
error("No such user!");
}
@@ -148,7 +148,7 @@
if ($confirm != md5($delete)) {
$fullname = fullname($user, true);
notice_yesno(get_string("deletecheckfull", "", "'$fullname'"),
- "user.php?delete=$delete&confirm=".md5($delete), "user.php");
+ "user.php?delete=$delete&confirm=".md5($delete)."&sesskey=$USER->sesskey", "user.php");
exit;
} else if (!$user->deleted) {
@@ -301,7 +301,7 @@
if ($user->id == $USER->id or $user->username == "changeme") {
$deletebutton = "";
} else {
- $deletebutton = "<a href=\"user.php?delete=$user->id\">$strdelete</a>";
+ $deletebutton = "<a href=\"user.php?delete=$user->id&sesskey=$USER->sesskey\">$strdelete</a>";
}
if ($user->lastaccess) {
$strlastaccess = format_time(time() - $user->lastaccess);
@@ -334,7 +334,7 @@
echo "</form>";
echo "</td></tr></table>";
if (is_internal_auth()){
- print_heading("<a href=\"user.php?newuser=true\">".get_string("addnewuser")."</a>");
+ print_heading("<a href=\"user.php?newuser=true&sesskey=$USER->sesskey\">".get_string("addnewuser")."</a>");
}
print_table($table);
@@ -346,7 +346,7 @@
}
if (is_internal_auth()){
- print_heading("<a href=\"user.php?newuser=true\">".get_string("addnewuser")."</a>");
+ print_heading("<a href=\"user.php?newuser=true&sesskey=$USER->sesskey\">".get_string("addnewuser")."</a>");
}
print_footer();
View
2 admin/users.php
@@ -28,7 +28,7 @@
$table->data[] = array("<b><a href=\"user.php\">".get_string("edituser")."</a></b>",
get_string("adminhelpedituser"));
if (is_internal_auth()) {
- $table->data[] = array("<b><a href=\"$CFG->wwwroot/$CFG->admin/user.php?newuser=true\">".get_string("addnewuser")."</a></b>",
+ $table->data[] = array("<b><a href=\"$CFG->wwwroot/$CFG->admin/user.php?newuser=true&sesskey=$USER->sesskey\">".get_string("addnewuser")."</a></b>",
get_string("adminhelpaddnewuser"));
$table->data[] = array("<b><a href=\"$CFG->wwwroot/$CFG->admin/uploaduser.php?sesskey=$USER->sesskey\">".get_string("uploadusers")."</a></b>",
get_string("adminhelpuploadusers"));

0 comments on commit b0fbbd2

Please sign in to comment.