Commit: 84cf6a833169a943760f494ed55a577ee1293532
Author: Hannes Magnusson <bj...@mongodb.com> Tue, 10 Dec 2013
20:32:02 -0800
Parents: f4e4f1eac662b46585ebeff020b52988191a600b
Branches: master
Link:
http://git.php.net/?p=web/master.git;a=commitdiff;h=84cf6a833169a943760f494ed55a577ee1293532
Log:
Use the username from the SESSION, not the (possibly)currently-viewing
Changed paths:
M include/login.inc
M manage/mirrors.php
M manage/users.php
diff --git a/include/login.inc b/include/login.inc
index ef5a487..6e0d26b 100644
--- a/include/login.inc
+++ b/include/login.inc
@@ -77,6 +77,7 @@ if (!isset($_SERVER["HTTPS"]) || $_SERVER["HTTPS"] != "on") {
}
$_SESSION["credentials"] = array($cuser, $cpw);
+$_SESSION["username"] = $cuser;
// Killing magic cookie
setcookie("MAGIC_COOKIE","",$ts-3600,'/','.php.net');
diff --git a/manage/mirrors.php b/manage/mirrors.php
index 1f43707..717a2e9 100644
--- a/manage/mirrors.php
+++ b/manage/mirrors.php
@@ -48,7 +48,7 @@ if (isset($_REQUEST['id'])) $id = (int)$_REQUEST['id'];
if (isset($id) && isset($hostname)) {
// Allow everyone to disable a mirror, but only elite few to make other
changes
- if (is_mirror_site_admin($user) || ($mode == "update" && !$active)) {
+ if (is_mirror_site_admin($_SESSION["user"]) || ($mode == "update" &&
!$active)) {
// No query need to be made
$query = FALSE;
@@ -57,7 +57,7 @@ if (isset($id) && isset($hostname)) {
// Perform a full data update on a mirror
case "update":
- $mod_by_time = '<b>'.strtoupper(date('d-M-Y H:i:s T')).'</b>
['.$user.'] Mirror updated';
+ $mod_by_time = '<b>'.strtoupper(date('d-M-Y H:i:s T')).'</b>
['.$_SESSION["user"].'] Mirror updated';
$query = "UPDATE mirrors SET hostname='$hostname',
active=$active, " .
"mirrortype=$mirrortype, cname='$cname',
maintainer='".unmangle($maintainer)."', " .
"providername='".unmangle($providername)."',
providerurl='$providerurl', " .
@@ -107,7 +107,7 @@ if (isset($id) && isset($hostname)) {
}
@mail(
"network-sta...@lists.php.net",
- "[mirrors] Update by $user.",
+ "[mirrors] Update by " . $_SESSION["username"],
$body,
"From: mirr...@php.net",
"-fmirr...@php.net"
@@ -116,7 +116,7 @@ if (isset($id) && isset($hostname)) {
// If a mirror has been modified, send information safe for public
eyes to the
// list: active status, hostname.
} elseif ($mode == 'update') {
- $body = 'The mirror '.$hostname.' has been modified by
'.$user.'. It\'s status is ';
+ $body = 'The mirror '.$hostname.' has been modified by
'.$_SERVER["username"].'. It\'s status is ';
$body .= isset($active) && $active == true ? 'active.' :
'inactive, and DNS will be disabled.';
$body .= isset($acmt) && !empty($acmt) ? ' Notes were added to
the mirror\'s file.' : '';
@mail('network-sta...@lists.php.net','[mirrors] Status change
for '.$hostname,$body,"From: mirr...@php.net\r\n", "-fmirr...@php.net");
diff --git a/manage/users.php b/manage/users.php
index 26ca199..e0e9a3b 100644
--- a/manage/users.php
+++ b/manage/users.php
@@ -55,7 +55,7 @@ if ($username && !$id) {
if ($id && $action) {
- if (!is_admin($user)) {
+ if (!is_admin($_SESSION["username"])) {
warn("you're not allowed to take actions on users.");
exit;
}
@@ -84,7 +84,7 @@ with your VCS account, feel free to send us a note at
$mailtext.
";
mail($userinfo['email'],"VCS Account Request:
$userinfo[username]",$message,"From: PHP Group <gr...@php.net>",
"-fnore...@php.net");
- mail($mailto . ($cc ? ",$cc" : ""),"Re: VCS Account Request:
$userinfo[username]","VCS Account Approved: $userinfo[username] approved by
$user \o/","From: PHP Group <gr...@php.net>\nIn-Reply-To:
<cvs-account-$i...@php.net>", "-fnore...@php.net");
+ mail($mailto . ($cc ? ",$cc" : ""),"Re: VCS Account Request:
$userinfo[username]","VCS Account Approved: $userinfo[username] approved by
{$_SESSION["username"]} \o/","From: PHP Group <gr...@php.net>\nIn-Reply-To:
<cvs-account-$i...@php.net>", "-fnore...@php.net");
if (!$noclose) {
echo '<script language="javascript">window.close();</script>';
exit;
@@ -132,7 +132,7 @@ of existing PHP developers through patches, and have
demonstrated
the ability to work with others.
";
mail($userinfo['email'],"VCS Account Request:
$userinfo[username]",$message,"From: PHP Group <gr...@php.net>",
"-fnore...@php.net");
- mail($mailto . ($cc ? ",$cc" : ""),"Re: VCS Account Request:
$userinfo[username]",$userinfo['cvsaccess'] ? "VCS Account Deleted:
$userinfo[username] deleted by $user /o\\" : "VCS Account Rejected:
$userinfo[username] rejected by $user /o\\","From: PHP Group
<gr...@php.net>\nIn-Reply-To: <cvs-account-$i...@php.net>",
"-fnore...@php.net");
+ mail($mailto . ($cc ? ",$cc" : ""),"Re: VCS Account Request:
$userinfo[username]",$userinfo['cvsaccess'] ? "VCS Account Deleted:
$userinfo[username] deleted by {$_SESSION["username"]} /o\\" : "VCS Account
Rejected: $userinfo[username] rejected by {$_SESSION["username"]} /o\\","From:
PHP Group <gr...@php.net>\nIn-Reply-To: <cvs-account-$i...@php.net>",
"-fnore...@php.net");
db_query("DELETE FROM users_note WHERE userid=$id");
db_query("DELETE FROM users_profile WHERE userid=$id");
if (!$noclose) {
@@ -151,7 +151,7 @@ the ability to work with others.
}
if ($id && $in) {
- if (!can_modify($user,$id)) {
+ if (!can_modify($_SESSION["username"],$id)) {
warn("you're not allowed to modify this user.");
}
else {
@@ -181,8 +181,8 @@ if ($id && $in) {
. (!empty($in['svnpasswd']) ? ",svnpasswd='$in[svnpasswd]'" :
"")
. (!empty($in['md5passwd']) ? ",md5passwd='$in[md5passwd]'" :
"")
. (!empty($in['sshkey']) ?
",ssh_keys='".escape(html_entity_decode($in[sshkey],ENT_QUOTES))."'" :
",ssh_keys=''")
- . ((is_admin($user) && !empty($in['username'])) ?
",username='$in[username]'" : "")
- . (is_admin($user) ? ",cvsaccess=$cvsaccess" : "")
+ . ((is_admin($_SESSION["username"]) &&
!empty($in['username'])) ? ",username='$in[username]'" : "")
+ . (is_admin($_SESSION["username"]) ? ",cvsaccess=$cvsaccess"
: "")
. ",spamprotect=$spamprotect"
. ",verified=$verified"
. ",enable=$enable"
@@ -268,7 +268,7 @@ table.useredit tr {
<input type="checkbox" name="in[enable]"<?php echo $row['enable'] ? "
checked" : "";?> /> Enable email for my account.
</td>
</tr>
-<?php if (!is_admin($user)) {?>
+<?php if (!is_admin($_SESSION["username"])) {?>
<tr>
<th align="right">VCS username:</th>
<td><?php echo hscr($row['username']);?></td>
@@ -285,7 +285,7 @@ table.useredit tr {
<th align="right">Password (again):</th>
<td><input type="password" name="in[rawpasswd2]" value="" size="20"
maxlength="120" /></td>
</tr>
-<?php if (is_admin($user)) {?>
+<?php if (is_admin($_SESSION["username"])) {?>
<tr>
<th align="right">Password (crypted):</th>
<td><input type="text" name="in[passwd]" value="<?php echo
hscr($row['passwd']);?>" size="20" maxlength="20" /></td>
@@ -295,7 +295,7 @@ table.useredit tr {
<td><input type="text" name="in[username]" value="<?php echo
hscr($row['username']);?>" size="16" maxlength="16" /></td>
</tr>
<?php }?>
-<?php if (is_admin($user)) {?>
+<?php if (is_admin($_SESSION["username"])) {?>
<tr>
<th align="right">VCS access?</th>
<td><input type="checkbox" name="in[cvsaccess]"<?php echo $row['cvsaccess'] ?
" checked" : "";?> /></td>
@@ -309,7 +309,7 @@ table.useredit tr {
<tr>
<th align="right">Use Challenge/Response spam protection?</th>
<td><input type="checkbox" name="in[spamprotect]"<?php echo
$row['spamprotect'] ? " checked" : "";?> />
- <?php if ($row['username'] == $user) { ?>
+ <?php if ($row['username'] == $_SESSION["username"]) { ?>
<br/>
<a href="challenge-response.php">Show people on my quarantine list</a>
<?php } ?>
@@ -363,7 +363,7 @@ table.useredit tr {
<td><input type="submit" value="<?php echo $id ? "Update" : "Add";?>" />
</tr>
</form>
-<?php if (is_admin($user) && !$row['cvsaccess']) {?>
+<?php if (is_admin($_SESSION["username"]) && !$row['cvsaccess']) {?>
<tr>
<form method="get" action="<?php echo PHP_SELF;?>">
<input type="hidden" name="action" value="remove" />
@@ -401,7 +401,7 @@ table.useredit tr {
</form>
</div>
<div>
- <a href="<?php echo PHP_SELF . "?username=$user";?>">edit your entry</a>
+ <a href="<?php echo PHP_SELF .
"?username={$_SESSION["username"]}";?>">edit your entry</a>
| <a href="<?php echo PHP_SELF . "?unapproved=1";?>">see outstanding
requests</a>
</div>
</div>--
PHP Webmaster List Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
