mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-11-07 04:05:49 +00:00
d3da767e77
- adapted existing user manip page/routines to allow non-admin users to access their own profile information - broke Litmus::Auth::expireSessions and Litmus::Auth::checkPassword out into their own subroutines - add emptyOK checking to comparePasswords js function Misc. - whitespace fixes in testgroup files
171 lines
5.3 KiB
Perl
Executable File
171 lines
5.3 KiB
Perl
Executable File
#!/usr/bin/perl -w
|
|
# -*- Mode: perl; indent-tabs-mode: nil -*-
|
|
|
|
# ***** BEGIN LICENSE BLOCK *****
|
|
# Version: MPL 1.1
|
|
#
|
|
# The contents of this file are subject to the Mozilla Public License Version
|
|
# 1.1 (the "License"); you may not use this file except in compliance with
|
|
# the License. You may obtain a copy of the License at
|
|
# http://www.mozilla.org/MPL/
|
|
#
|
|
# Software distributed under the License is distributed on an "AS IS" basis,
|
|
# WITHOUT WARRANTY OF ANY KIND, either express or implied. See the License
|
|
# for the specific language governing rights and limitations under the
|
|
# License.
|
|
#
|
|
# The Original Code is Litmus.
|
|
#
|
|
# The Initial Developer of the Original Code is
|
|
# the Mozilla Corporation.
|
|
# Portions created by the Initial Developer are Copyright (C) 2006
|
|
# the Initial Developer. All Rights Reserved.
|
|
#
|
|
# Contributor(s):
|
|
# Chris Cooper <ccooper@deadsquid.com>
|
|
# Zach Lipton <zach@zachlipton.com>
|
|
#
|
|
# ***** END LICENSE BLOCK *****
|
|
|
|
use strict;
|
|
|
|
use Litmus;
|
|
use Litmus::Error;
|
|
use Litmus::DB::Product;
|
|
use Litmus::Auth;
|
|
use Litmus::Utils;
|
|
|
|
use CGI;
|
|
use Time::Piece::MySQL;
|
|
|
|
Litmus->init();
|
|
my $c = Litmus->cgi();
|
|
|
|
Litmus::Auth::requireLogin("edit_users.cgi");
|
|
|
|
# Only trusted users can edit other users.
|
|
my $cookie = Litmus::Auth::getCookie();
|
|
if (Litmus::Auth::istrusted($cookie)) {
|
|
|
|
if ($c->param('search_string')) {
|
|
# search for users:
|
|
my $users = Litmus::DB::User->search_FullTextMatches(
|
|
$c->param('search_string'),
|
|
$c->param('search_string'),
|
|
$c->param('search_string'));
|
|
my $vars = {
|
|
users => $users,
|
|
};
|
|
print $c->header();
|
|
Litmus->template()->process("admin/edit_users/search_results.html.tmpl", $vars) ||
|
|
internalError(Litmus->template()->error());
|
|
} elsif ($c->param('id')) {
|
|
# lookup a given user
|
|
my $uid = $c->param('id');
|
|
my $user = Litmus::DB::User->retrieve($uid);
|
|
print $c->header();
|
|
if (! $user) {
|
|
invalidInputError("Invalid user ID: $uid");
|
|
}
|
|
my $vars = {
|
|
user => $user,
|
|
};
|
|
Litmus->template()->process("admin/edit_users/edit_user.html.tmpl", $vars) ||
|
|
internalError(Litmus->template()->error());
|
|
} elsif ($c->param('user_id')) {
|
|
# process changes to a user:
|
|
my $user = Litmus::DB::User->retrieve($c->param('user_id'));
|
|
print $c->header();
|
|
if (! $user) {
|
|
invalidInputError("Invalid user ID: " . $c->param('user_id'));
|
|
}
|
|
$user->bugzilla_uid($c->param('bugzilla_uid'));
|
|
$user->email($c->param('edit_email'));
|
|
|
|
if ($c->param('edit_password') ne '' and
|
|
$c->param('edit_password') eq $c->param('edit_confirm_password')) {
|
|
# they changed the password, so let the auth folks know:
|
|
Litmus::Auth::changePassword($user, $c->param('edit_password'));
|
|
}
|
|
$user->realname($c->param('realname'));
|
|
$user->irc_nickname($c->param('irc_nickname'));
|
|
if ($c->param('enabled')) {
|
|
$user->enabled(1);
|
|
}
|
|
if ($c->param('is_admin')) {
|
|
$user->is_admin(1);
|
|
}
|
|
$user->authtoken($c->param('authtoken'));
|
|
$user->update();
|
|
my $vars = {
|
|
user => $user,
|
|
onload => "toggleMessage('success','User information updated successfully.');"
|
|
};
|
|
Litmus->template()->process("admin/edit_users/search_users.html.tmpl", $vars) ||
|
|
internalError(Litmus->template()->error());
|
|
} else {
|
|
# we're here for the first time, so display the search form
|
|
my $vars = {
|
|
};
|
|
print $c->header();
|
|
Litmus->template()->process("admin/edit_users/search_users.html.tmpl", $vars) ||
|
|
internalError(Litmus->template()->error());
|
|
}
|
|
|
|
} else {
|
|
my $uid = $cookie->user_id;
|
|
|
|
# Process user-submited changes.
|
|
if ($c->param('user_id')) {
|
|
# Check for the user_id param, but don't trust its contents.
|
|
my $user = Litmus::DB::User->retrieve($uid);
|
|
|
|
print $c->header();
|
|
|
|
if (! $user) {
|
|
invalidInputError("Invalid user ID: $uid");
|
|
}
|
|
|
|
if (!Litmus::Auth::checkPassword($user,$c->param('current_password'))) {
|
|
invalidInputError("The current password you supplied was invalid.");
|
|
}
|
|
|
|
$user->email($c->param('edit_email'));
|
|
$user->realname($c->param('realname'));
|
|
$user->irc_nickname($c->param('irc_nickname'));
|
|
$user->update();
|
|
|
|
my $template_file = "admin/edit_users/edit_user.html.tmpl";
|
|
if ($c->param('edit_password') ne '' and
|
|
$c->param('edit_password') eq $c->param('edit_confirm_password')) {
|
|
# they changed the password, so let the auth folks know:
|
|
Litmus::Auth::changePassword($user, $c->param('edit_password'));
|
|
$template_file = "auth/login.html.tmpl";
|
|
}
|
|
|
|
my $vars = {
|
|
user => $user,
|
|
onload => "toggleMessage('success','User information updated successfully.');"
|
|
};
|
|
Litmus->template()->process($template_file, $vars) ||
|
|
internalError(Litmus->template()->error());
|
|
|
|
} else {
|
|
# Lookup details for non-admin user.
|
|
my $user = Litmus::DB::User->retrieve($uid);
|
|
print $c->header();
|
|
if (! $user) {
|
|
invalidInputError("Invalid user ID: $uid");
|
|
}
|
|
my $vars = {
|
|
user => $user,
|
|
};
|
|
Litmus->template()->process("admin/edit_users/edit_user.html.tmpl", $vars) ||
|
|
internalError(Litmus->template()->error());
|
|
}
|
|
}
|
|
|
|
|
|
|
|
|