2019-01-04 22:26:34 +08:00
|
|
|
<?php
|
|
|
|
|
//
|
|
|
|
|
// ZoneMinder web action file
|
|
|
|
|
// Copyright (C) 2019 ZoneMinder LLC
|
|
|
|
|
//
|
|
|
|
|
// This program is free software; you can redistribute it and/or
|
|
|
|
|
// modify it under the terms of the GNU General Public License
|
|
|
|
|
// as published by the Free Software Foundation; either version 2
|
|
|
|
|
// of the License, or (at your option) any later version.
|
|
|
|
|
//
|
|
|
|
|
// This program is distributed in the hope that it will be useful,
|
|
|
|
|
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
|
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
|
// GNU General Public License for more details.
|
|
|
|
|
//
|
|
|
|
|
// You should have received a copy of the GNU General Public License
|
|
|
|
|
// along with this program; if not, write to the Free Software
|
|
|
|
|
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
|
|
|
//
|
|
|
|
|
|
2020-06-24 10:18:45 +08:00
|
|
|
if ( $action == 'Save' ) {
|
2019-01-04 22:26:34 +08:00
|
|
|
if ( canEdit('System') ) {
|
2020-06-24 10:18:45 +08:00
|
|
|
if ( !empty($_REQUEST['uid']) ) {
|
2019-01-04 22:26:34 +08:00
|
|
|
$dbUser = dbFetchOne('SELECT * FROM Users WHERE Id=?', NULL, array($_REQUEST['uid']));
|
2020-06-24 10:18:45 +08:00
|
|
|
} else {
|
2019-01-04 22:26:34 +08:00
|
|
|
$dbUser = array();
|
2020-06-24 10:18:45 +08:00
|
|
|
}
|
2019-01-04 22:26:34 +08:00
|
|
|
|
|
|
|
|
$types = array();
|
2020-06-24 10:18:45 +08:00
|
|
|
if ( isset($_REQUEST['newUser']['MonitorIds']) and is_array($_REQUEST['newUser']['MonitorIds']) )
|
|
|
|
|
$_REQUEST['newUser']['MonitorIds'] = implode(',', $_REQUEST['newUser']['MonitorIds']);
|
|
|
|
|
if ( !$_REQUEST['newUser']['Password'] )
|
|
|
|
|
unset($_REQUEST['newUser']['Password']);
|
|
|
|
|
|
2019-01-04 22:26:34 +08:00
|
|
|
$changes = getFormChanges($dbUser, $_REQUEST['newUser'], $types);
|
|
|
|
|
|
2020-06-24 10:18:45 +08:00
|
|
|
if ( isset($_REQUEST['newUser']['Password']) ) {
|
|
|
|
|
if ( function_exists('password_hash') ) {
|
|
|
|
|
$pass_hash = '"'.password_hash($_REQUEST['newUser']['Password'], PASSWORD_BCRYPT).'"';
|
|
|
|
|
} else {
|
|
|
|
|
$pass_hash = ' PASSWORD('.dbEscape($_REQUEST['newUser']['Password']).') ';
|
|
|
|
|
ZM\Info('Cannot use bcrypt as you are using PHP < 5.3');
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( $_REQUEST['newUser']['Password'] ) {
|
|
|
|
|
$changes['Password'] = 'Password = '.$pass_hash;
|
|
|
|
|
} else {
|
|
|
|
|
unset($changes['Password']);
|
|
|
|
|
}
|
2019-05-29 22:29:03 +08:00
|
|
|
}
|
2019-01-04 22:26:34 +08:00
|
|
|
|
|
|
|
|
if ( count($changes) ) {
|
|
|
|
|
if ( !empty($_REQUEST['uid']) ) {
|
|
|
|
|
dbQuery('UPDATE Users SET '.implode(', ', $changes).' WHERE Id = ?', array($_REQUEST['uid']));
|
|
|
|
|
# If we are updating the logged in user, then update our session user data.
|
2020-02-20 05:55:38 +08:00
|
|
|
if ( $user and ( $dbUser['Username'] == $user['Username'] ) ) {
|
|
|
|
|
# We are the logged in user, need to update the $user object and generate a new auth_hash
|
|
|
|
|
$sql = 'SELECT * FROM Users WHERE Enabled=1 AND Id=?';
|
|
|
|
|
$user = dbFetchOne($sql, NULL, array($_REQUEST['uid']));
|
|
|
|
|
|
|
|
|
|
# Have to update auth hash in session
|
|
|
|
|
zm_session_start();
|
|
|
|
|
generateAuthHash(ZM_AUTH_HASH_IPS, true);
|
|
|
|
|
session_write_close();
|
|
|
|
|
}
|
2019-01-04 22:26:34 +08:00
|
|
|
} else {
|
|
|
|
|
dbQuery('INSERT INTO Users SET '.implode(', ', $changes));
|
|
|
|
|
}
|
2020-10-10 21:48:09 +08:00
|
|
|
} # end if changes
|
2019-01-04 22:26:34 +08:00
|
|
|
} else if ( ZM_USER_SELF_EDIT and ( $_REQUEST['uid'] == $user['Id'] ) ) {
|
|
|
|
|
$uid = $user['Id'];
|
|
|
|
|
|
|
|
|
|
$dbUser = dbFetchOne('SELECT Id, Password, Language FROM Users WHERE Id = ?', NULL, array($uid));
|
|
|
|
|
|
|
|
|
|
$types = array();
|
|
|
|
|
$changes = getFormChanges($dbUser, $_REQUEST['newUser'], $types);
|
|
|
|
|
|
2020-02-20 05:55:38 +08:00
|
|
|
if ( function_exists('password_hash') ) {
|
|
|
|
|
$pass_hash = '"'.password_hash($_REQUEST['newUser']['Password'], PASSWORD_BCRYPT).'"';
|
2019-05-13 01:01:29 +08:00
|
|
|
} else {
|
|
|
|
|
$pass_hash = ' PASSWORD('.dbEscape($_REQUEST['newUser']['Password']).') ';
|
2019-05-13 01:57:25 +08:00
|
|
|
ZM\Info ('Cannot use bcrypt as you are using PHP < 5.3');
|
2019-05-13 01:01:29 +08:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ( !empty($_REQUEST['newUser']['Password']) ) {
|
|
|
|
|
$changes['Password'] = 'Password = '.$pass_hash;
|
2019-09-16 00:19:35 +08:00
|
|
|
} else {
|
2019-01-04 22:26:34 +08:00
|
|
|
unset($changes['Password']);
|
2019-09-16 00:19:35 +08:00
|
|
|
}
|
2019-01-04 22:26:34 +08:00
|
|
|
if ( count($changes) ) {
|
|
|
|
|
dbQuery('UPDATE Users SET '.implode(', ', $changes).' WHERE Id=?', array($uid));
|
2020-02-20 05:55:38 +08:00
|
|
|
|
|
|
|
|
# We are the logged in user, need to update the $user object and generate a new auth_hash
|
|
|
|
|
$sql = 'SELECT * FROM Users WHERE Enabled=1 AND Id=?';
|
|
|
|
|
$user = dbFetchOne($sql, NULL, array($uid));
|
|
|
|
|
|
|
|
|
|
zm_session_start();
|
|
|
|
|
generateAuthHash(ZM_AUTH_HASH_IPS, true);
|
|
|
|
|
session_write_close();
|
2019-01-04 22:26:34 +08:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
} // end if $action == user
|
|
|
|
|
?>
|
