summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorMarcel Korpel <marcel.korpel@gmail.com>2015-07-19 22:32:04 +0200
committerLukas Fleischer <lfleischer@archlinux.org>2015-08-08 12:59:24 +0200
commit7927a6decd07bb80223ea22bf1db395aa7c12cc4 (patch)
treeb99d78408ac5a256e7190c6b55f9e13a6af08fea
parentf2ff9782a5508a9208c297d0b46f9dfb7910f062 (diff)
downloadaurweb-7927a6decd07bb80223ea22bf1db395aa7c12cc4.tar.xz
Use username from the database if one is provided by the user
This fixes a bug where the new user name input by the user was invalid, causing the account deletion link and the form action to be wrong. Signed-off-by: Marcel Korpel <marcel.korpel@gmail.com> Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-rw-r--r--web/html/account.php4
-rw-r--r--web/lib/acctfuncs.inc.php8
-rw-r--r--web/template/account_edit_form.php4
3 files changed, 9 insertions, 7 deletions
diff --git a/web/html/account.php b/web/html/account.php
index c447de3..f5e6c19 100644
--- a/web/html/account.php
+++ b/web/html/account.php
@@ -61,7 +61,7 @@ if (isset($_COOKIE["AURSID"])) {
$row["AccountTypeID"], $row["Suspended"], $row["Email"],
"", "", $row["RealName"], $row["LangPreference"],
$row["IRCNick"], $row["PGPKey"], $PK,
- $row["InactivityTS"] ? 1 : 0, $row["ID"]);
+ $row["InactivityTS"] ? 1 : 0, $row["ID"], $row["Username"]);
} else {
print __("You do not have permission to edit this account.");
}
@@ -100,7 +100,7 @@ if (isset($_COOKIE["AURSID"])) {
in_request("E"), in_request("P"), in_request("C"),
in_request("R"), in_request("L"), in_request("I"),
in_request("K"), in_request("PK"), in_request("J"),
- in_request("ID"));
+ in_request("ID"), $row["Username"]);
}
} else {
if (has_credential(CRED_ACCOUNT_SEARCH)) {
diff --git a/web/lib/acctfuncs.inc.php b/web/lib/acctfuncs.inc.php
index 2b57b2d..9d6f5ee 100644
--- a/web/lib/acctfuncs.inc.php
+++ b/web/lib/acctfuncs.inc.php
@@ -56,11 +56,12 @@ function html_format_pgp_fingerprint($fingerprint) {
* @param string $PK The list of SSH public keys
* @param string $J The inactivity status of the displayed user
* @param string $UID The user ID of the displayed user
+ * @param string $N The username as present in the database
*
* @return void
*/
function display_account_form($A,$U="",$T="",$S="",$E="",$P="",$C="",$R="",
- $L="",$I="",$K="",$PK="",$J="", $UID=0) {
+ $L="",$I="",$K="",$PK="",$J="",$UID=0,$N="") {
global $SUPPORTED_LANGS;
include("account_edit_form.php");
@@ -86,11 +87,12 @@ function display_account_form($A,$U="",$T="",$S="",$E="",$P="",$C="",$R="",
* @param string $PK The list of public SSH keys
* @param string $J The inactivity status of the user
* @param string $UID The user ID of the modified account
+ * @param string $N The username as present in the database
*
* @return string|void Return void if successful, otherwise return error
*/
function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$P="",$C="",
- $R="",$L="",$I="",$K="",$PK="",$J="",$UID=0) {
+ $R="",$L="",$I="",$K="",$PK="",$J="",$UID=0,$N="") {
global $SUPPORTED_LANGS;
$error = '';
@@ -247,7 +249,7 @@ function process_account_form($TYPE,$A,$U="",$T="",$S="",$E="",$P="",$C="",
if ($error) {
print "<ul class='errorlist'><li>".$error."</li></ul>\n";
display_account_form($A, $U, $T, $S, $E, "", "",
- $R, $L, $I, $K, $PK, $J, $UID);
+ $R, $L, $I, $K, $PK, $J, $UID, $N);
return;
}
diff --git a/web/template/account_edit_form.php b/web/template/account_edit_form.php
index 56bdd45..0aadb9d 100644
--- a/web/template/account_edit_form.php
+++ b/web/template/account_edit_form.php
@@ -1,9 +1,9 @@
<?php if ($A == "UpdateAccount"): ?>
<p>
- <?= __('Click %shere%s if you want to permanently delete this account.', '<a href="' . get_user_uri($U) . 'delete/' . '">', '</a>') ?>
+ <?= __('Click %shere%s if you want to permanently delete this account.', '<a href="' . get_user_uri($N) . 'delete/' . '">', '</a>') ?>
</p>
-<form id="edit-profile-form" action="<?= get_user_uri($U) . 'update/'; ?>" method="post">
+<form id="edit-profile-form" action="<?= get_user_uri($N) . 'update/'; ?>" method="post">
<?php else: ?>
<form id="edit-profile-form" action="<?= get_uri('/register/'); ?>" method="post">
<?php endif; ?>