git.shiar.nl / minimedit.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 56252c8)
login/edit: admins can access other users
authorMischa POSLAWSKY <perl@shiar.org>
Sat, 9 Jun 2018 00:48:01 +0000 (02:48 +0200)
committerMischa POSLAWSKY <perl@shiar.org>
Sat, 9 Jun 2018 21:23:43 +0000 (23:23 +0200)
login/edit.php patch | blob | history
login/edit/index.html [new file with mode: 0644] patch | blob
login/edit/index.php [new file with mode: 0644] patch | blob
login/visits.php patch | blob | history

diff --git a/login/edit.php b/login/edit.php
index f99c999c12396cd1b47b4071af6806e8c55789f4..ba7e7853d0727975fa0f03d321e926b140e3c57b 100644 (file)
--- a/login/edit.php
+++ b/login/edit.php
@@ -5,6 +5,14 @@ if (empty($User)) {
 }
 
 $userdir = $User['dir'];
+if (!empty($User['admin']) and $Page == 'login/edit' and $Args) {
+       $user = ltrim($Args, '/');
+       $userdir = "profile/$user";
+       if (!is_writable($userdir)) {
+               print "<p class=warn>Het is niet mogelijk om de gebruiker <em>$user</em> aan te passen.</p>\n\n";
+               return;
+       }
+}
 
 $cols = [
        'email' => ['label' => 'e-mailadres', 'type' => 'email'],
diff --git a/login/edit/index.html b/login/edit/index.html
new file mode 100644 (file)
index 0000000..7db7019
--- /dev/null
+++ b/login/edit/index.html
@@ -0,0 +1,3 @@
+<h2>Profielinstellingen</h2>
+
+[[login/edit]]
diff --git a/login/edit/index.php b/login/edit/index.php
new file mode 100644 (file)
index 0000000..b92104c
--- /dev/null
+++ b/login/edit/index.php
@@ -0,0 +1,5 @@
+<?php
+if ($Args) {
+       ob_clean();
+       include 'login/edit/index.html';
+}
diff --git a/login/visits.php b/login/visits.php
index fdcb5fbc6fcfe0d93532234b1c1237ea25bfa9d4..1cecc8af64ccb714990afd0a42e82d2da366ae09 100644 (file)
--- a/login/visits.php
+++ b/login/visits.php
@@ -14,9 +14,9 @@ if (@$_GET['order'] == 'seen') {
 
 print "<ul>\n";
 foreach ($logins as $profile) {
-       printf('<li>%s <a href="/login/%s">%s</a></li>'."\n",
+       printf('<li>%s <a href="%s">%s</a></li>'."\n",
                $profile['seen'] ? strftime('%F %H:%M', $profile['seen']) : '✘',
-               $profile['login'],
+               '/login/edit/'.$profile['login'],
                $profile['name'] ?: $profile['login']
        );
 }
MinimEdit - databaseless cms with only a bit of php