usermgmt fix

This commit is contained in:
mad 2018-08-16 16:00:08 +02:00
parent a0e227e703
commit 2add658700
2 changed files with 11 additions and 5 deletions

View File

@ -144,14 +144,20 @@ if (isset($_SESSION['username'])){
if($_SESSION['isadmin']!=1){ if($_SESSION['isadmin']!=1){
echo "you are not allowed to change usernames!"; echo "you are not allowed to change usernames!";
} else { } else {
$userchange=clean($_POST['userchange']);
$username=clean($_POST['changeusername']); $username=clean($_POST['changeusername']);
if($_POST['passwordchange']==""){
$passwd ="";
} else {
$pass=password_hash(clean($_POST['passwordchange']), PASSWORD_DEFAULT); $pass=password_hash(clean($_POST['passwordchange']), PASSWORD_DEFAULT);
$passwd="password='$pass',";
}
if ($_POST['isadmin']=="on"){ if ($_POST['isadmin']=="on"){
$isadmin = "1"; $isadmin = "1";
} else { } else {
$isadmin = "0"; $isadmin = "0";
} }
$sql="UPDATE users SET username='$username', password='$pass', admin='$isadmin'"; $sql="UPDATE users SET username='$username', $passwd admin='$isadmin' where id='$userchange'";
if($db_handle->query($sql)){ if($db_handle->query($sql)){
echo "success"; echo "success";
exit; exit;
@ -182,7 +188,7 @@ if (isset($_SESSION['username'])){
} else { } else {
$checked=""; $checked="";
} }
echo "<div class=col-ms><input data-onstyle=\"danger\" data-offstyle=success name=isadmin id=\"isadmin\" type=\"checkbox\" data-toggle=\"toggle\" data-on=\"user is Admin\" data-off=\"user is no Admin\" $checked></div>"; echo "<div class=col-ms><input data-onstyle=\"danger\" data-offstyle=success name=isadmin id=\"isadmin$row[id]\" type=\"checkbox\" data-toggle=\"toggle\" data-on=\"user is Admin\" data-off=\"user is no Admin\" $checked></div>";
echo "<input type=hidden name=userchange value=$row[id]>"; echo "<input type=hidden name=userchange value=$row[id]>";
echo "<div class=col><input class=form-control type=password name=passwordchange placeholder=newpassword></div><div class=col><a href=# class=\"btn btn-success\" onclick=\"javascript:submitbutton('uform$row[id]');\">save user</a></div></div></form>"; echo "<div class=col><input class=form-control type=password name=passwordchange placeholder=newpassword></div><div class=col><a href=# class=\"btn btn-success\" onclick=\"javascript:submitbutton('uform$row[id]');\">save user</a></div></div></form>";
} }

View File

@ -48,9 +48,9 @@ $('#confirm-delete').on('show.bs.modal', function(e) {
}); });
function submitbutton(formid){ function submitbutton(formid){
console.log(formid); //console.log(formid);
data = $('#'+ formid).serialize(); data = $('#'+ formid).serialize();
console.log(data); //console.log(data);
$.ajax({ $.ajax({
type: 'POST', type: 'POST',
url: "?rand="+ makeid(), url: "?rand="+ makeid(),