zoneminder/web/includes/actions/user.php

<?php
//
// ZoneMinder web action file
// Copyright (C) 2019 ZoneMinder LLC
//
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program; if not, write to the Free Software
// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
//

if ( $action == 'user' ) {
  if ( canEdit('System') ) {
    if ( !empty($_REQUEST['uid']) )
      $dbUser = dbFetchOne('SELECT * FROM Users WHERE Id=?', NULL, array($_REQUEST['uid']));
    else
      $dbUser = array();

    $types = array();
    $changes = getFormChanges($dbUser, $_REQUEST['newUser'], $types);

    if ( $_REQUEST['newUser']['Password'] )
      $changes['Password'] = 'Password = password('.dbEscape($_REQUEST['newUser']['Password']).')';
    else
      unset($changes['Password']);

    if ( count($changes) ) {
      if ( !empty($_REQUEST['uid']) ) {
        dbQuery('UPDATE Users SET '.implode(', ', $changes).' WHERE Id = ?', array($_REQUEST['uid']));
        # If we are updating the logged in user, then update our session user data.
        if ( $user and ( $dbUser['Username'] == $user['Username'] ) )
          userLogin($dbUser['Username'], $dbUser['Password']);
      } else {
        dbQuery('INSERT INTO Users SET '.implode(', ', $changes));
      }
      $refreshParent = true;
    }
    $view = 'none';
  } else if ( ZM_USER_SELF_EDIT and ( $_REQUEST['uid'] == $user['Id'] ) ) {
    $uid = $user['Id'];

    $dbUser = dbFetchOne('SELECT Id, Password, Language FROM Users WHERE Id = ?', NULL, array($uid));

    $types = array();
    $changes = getFormChanges($dbUser, $_REQUEST['newUser'], $types);

    if ( !empty($_REQUEST['newUser']['Password']) )
      $changes['Password'] = 'Password = password('.dbEscape($_REQUEST['newUser']['Password']).')';
    else
      unset($changes['Password']);
    if ( count($changes) ) {
      dbQuery('UPDATE Users SET '.implode(', ', $changes).' WHERE Id=?', array($uid));
      $refreshParent = true;
    }
    $view = 'none';
  }
} // end if $action == user
?>
Split actions.php into individual files per view 2019-01-04 22:26:34 +08:00			`<?php`
			`//`
			`// ZoneMinder web action file`
			`// Copyright (C) 2019 ZoneMinder LLC`
			`//`
			`// This program is free software; you can redistribute it and/or`
			`// modify it under the terms of the GNU General Public License`
			`// as published by the Free Software Foundation; either version 2`
			`// of the License, or (at your option) any later version.`
			`//`
			`// This program is distributed in the hope that it will be useful,`
			`// but WITHOUT ANY WARRANTY; without even the implied warranty of`
			`// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the`
			`// GNU General Public License for more details.`
			`//`
			`// You should have received a copy of the GNU General Public License`
			`// along with this program; if not, write to the Free Software`
			`// Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.`
			`//`

			`if ( $action == 'user' ) {`
			`if ( canEdit('System') ) {`
			`if ( !empty($_REQUEST['uid']) )`
			`$dbUser = dbFetchOne('SELECT * FROM Users WHERE Id=?', NULL, array($_REQUEST['uid']));`
			`else`
			`$dbUser = array();`

			`$types = array();`
			`$changes = getFormChanges($dbUser, $_REQUEST['newUser'], $types);`

			`if ( $_REQUEST['newUser']['Password'] )`
			`$changes['Password'] = 'Password = password('.dbEscape($_REQUEST['newUser']['Password']).')';`
			`else`
			`unset($changes['Password']);`

			`if ( count($changes) ) {`
			`if ( !empty($_REQUEST['uid']) ) {`
			`dbQuery('UPDATE Users SET '.implode(', ', $changes).' WHERE Id = ?', array($_REQUEST['uid']));`
			`# If we are updating the logged in user, then update our session user data.`
			`if ( $user and ( $dbUser['Username'] == $user['Username'] ) )`
			`userLogin($dbUser['Username'], $dbUser['Password']);`
			`} else {`
			`dbQuery('INSERT INTO Users SET '.implode(', ', $changes));`
			`}`
			`$refreshParent = true;`
			`}`
			`$view = 'none';`
			`} else if ( ZM_USER_SELF_EDIT and ( $_REQUEST['uid'] == $user['Id'] ) ) {`
			`$uid = $user['Id'];`

			`$dbUser = dbFetchOne('SELECT Id, Password, Language FROM Users WHERE Id = ?', NULL, array($uid));`

			`$types = array();`
			`$changes = getFormChanges($dbUser, $_REQUEST['newUser'], $types);`

			`if ( !empty($_REQUEST['newUser']['Password']) )`
			`$changes['Password'] = 'Password = password('.dbEscape($_REQUEST['newUser']['Password']).')';`
			`else`
			`unset($changes['Password']);`
			`if ( count($changes) ) {`
			`dbQuery('UPDATE Users SET '.implode(', ', $changes).' WHERE Id=?', array($uid));`
			`$refreshParent = true;`
			`}`
			`$view = 'none';`
			`}`
			`} // end if $action == user`
			`?>`