$msg->addError('EMAIL_EXISTS');\r
}\r
\r
+ $priv = 0;\r
+ if (isset($_POST['priv_admin'])) {\r
+ // overrides all above.\r
+ $priv = AT_ADMIN_PRIV_ADMIN;\r
+ } else if (isset($_POST['privs'])) {\r
+ foreach ($_POST['privs'] as $value) {\r
+ $priv += intval($value);\r
+ }\r
+ }\r
+ $_POST['privs'] = $priv;\r
+\r
if (!$msg->containsErrors()) {\r
$_POST['login'] = $addslashes($_POST['login']);\r
$_POST['password'] = $addslashes($_POST['password']);\r
$_POST['real_name'] = $addslashes($_POST['real_name']);\r
$_POST['email'] = $addslashes($_POST['email']);\r
\r
- $priv = 0;\r
- if (isset($_POST['priv_admin'])) {\r
- // overrides all above.\r
- $priv = AT_ADMIN_PRIV_ADMIN;\r
- } else if (isset($_POST['privs'])) {\r
- foreach ($_POST['privs'] as $value) {\r
- $priv += intval($value);\r
- }\r
- }\r
-\r
$admin_lang = $_config['default_language']; \r
\r
$sql = "INSERT INTO ".TABLE_PREFIX."admins VALUES ('$_POST[login]', '$_POST[password]', '$_POST[real_name]', '$_POST[email]', '$admin_lang', $priv, 0)";\r
header('Location: index.php');\r
exit;\r
}\r
+ $_POST['login'] = $stripslashes($_POST['login']);\r
+ $_POST['password'] = $stripslashes($_POST['password']);\r
+ $_POST['confirm_password'] = $stripslashes($_POST['confirm_password']);\r
+ $_POST['real_name'] = $stripslashes($_POST['real_name']);\r
+ $_POST['email'] = $stripslashes($_POST['email']);\r
} \r
\r
require(AT_INCLUDE_PATH.'header.inc.php'); \r
<div class="input-form">\r
<div class="row">\r
<div class="required" title="<?php echo _AT('required_field'); ?>">*</div><label for="login"><?php echo _AT('login_name'); ?></label><br />\r
- <input type="text" name="login" id="login" size="25" value="<?php echo $_POST['login']; ?>" />\r
+ <input type="text" name="login" id="login" size="25" value="<?php echo htmlspecialchars($_POST['login']); ?>" />\r
</div>\r
\r
<div class="row">\r
<div class="required" title="<?php echo _AT('required_field'); ?>">*</div><label for="password"><?php echo _AT('password'); ?></label><br />\r
- <input type="password" name="password" id="password" size="25" />\r
+ <input type="password" name="password" id="password" size="25" value="<?php echo htmlspecialchars($_POST['password']); ?>" />\r
</div>\r
\r
<div class="row">\r
<div class="required" title="<?php echo _AT('required_field'); ?>">*</div><label for="password2"><?php echo _AT('confirm_password'); ?></label><br />\r
- <input type="password" name="confirm_password" id="password2" size="25" />\r
+ <input type="password" name="confirm_password" id="password2" size="25" value="<?php echo htmlspecialchars($_POST['confirm_password']); ?>" />\r
</div>\r
\r
<div class="row">\r
<label for="real_name"><?php echo _AT('real_name'); ?></label><br />\r
- <input type="text" name="real_name" id="real_name" size="30" value="<?php echo $_POST['real_name']; ?>" />\r
+ <input type="text" name="real_name" id="real_name" size="30" value="<?php echo htmlspecialchars($_POST['real_name']); ?>" />\r
</div>\r
\r
<div class="row">\r
<div class="required" title="<?php echo _AT('required_field'); ?>">*</div><label for="email"><?php echo _AT('email'); ?></label><br />\r
- <input type="text" name="email" id="email" size="30" value="<?php echo $_POST['email']; ?>" />\r
+ <input type="text" name="email" id="email" size="30" value="<?php echo htmlspecialchars($_POST['email']); ?>" />\r
</div>\r
\r
<div class="row">\r
$msg->addError('EMAIL_EXISTS');\r
}\r
\r
+ $priv = 0;\r
+\r
+ if (isset($_POST['priv_admin'])) {\r
+ // overrides all above.\r
+ $priv = AT_ADMIN_PRIV_ADMIN;\r
+ } else if (isset($_POST['privs'])) {\r
+ foreach ($_POST['privs'] as $value) {\r
+ $priv += intval($value);\r
+ }\r
+ }\r
+ $_POST['privs'] = $priv;\r
+\r
if (!$msg->containsErrors()) {\r
$_POST['login'] = $addslashes($_POST['login']);\r
$_POST['password'] = $addslashes($_POST['password']);\r
$_POST['real_name'] = $addslashes($_POST['real_name']);\r
$_POST['email'] = $addslashes($_POST['email']);\r
\r
- $priv = 0;\r
\r
- if (isset($_POST['priv_admin'])) {\r
- // overrides all above.\r
- $priv = AT_ADMIN_PRIV_ADMIN;\r
- } else if (isset($_POST['privs'])) {\r
- foreach ($_POST['privs'] as $value) {\r
- $priv += intval($value);\r
- }\r
- }\r
\r
$sql = "UPDATE ".TABLE_PREFIX."admins SET password='$_POST[password]', real_name='$_POST[real_name]', email='$_POST[email]', `privileges`=$priv WHERE login='$_POST[login]'";\r
$result = mysql_query($sql, $db);\r
header('Location: index.php');\r
exit;\r
}\r
+ $_POST['login'] = $stripslashes($_POST['login']);\r
+ $_POST['password'] = $stripslashes($_POST['password']);\r
+ $_POST['confirm_password'] = $stripslashes($_POST['confirm_password']);\r
+ $_POST['real_name'] = $stripslashes($_POST['real_name']);\r
+ $_POST['email'] = $stripslashes($_POST['email']);\r
} \r
\r
require(AT_INCLUDE_PATH.'header.inc.php'); \r
\r
<div class="row">\r
<div class="required" title="<?php echo _AT('required_field'); ?>">*</div><label for="password"><?php echo _AT('password'); ?></label><br />\r
- <input type="password" name="password" id="password" size="25" value="<?php echo $_POST['password']; ?>" />\r
+ <input type="password" name="password" id="password" size="25" value="<?php echo htmlspecialchars($_POST['password']); ?>" />\r
</div>\r
\r
<div class="row">\r
<div class="required" title="<?php echo _AT('required_field'); ?>">*</div><label for="password2"><?php echo _AT('confirm_password'); ?></label><br />\r
- <input type="password" name="confirm_password" id="password2" size="25" value="<?php echo $_POST['confirm_password']; ?>" />\r
+ <input type="password" name="confirm_password" id="password2" size="25" value="<?php echo htmlspecialchars($_POST['confirm_password']); ?>" />\r
</div>\r
\r
<div class="row">\r
<label for="real_name"><?php echo _AT('real_name'); ?></label><br />\r
- <input type="text" name="real_name" id="real_name" size="30" value="<?php echo $_POST['real_name']; ?>" />\r
+ <input type="text" name="real_name" id="real_name" size="30" value="<?php echo htmlspecialchars($_POST['real_name']); ?>" />\r
</div>\r
\r
<div class="row">\r
<div class="required" title="<?php echo _AT('required_field'); ?>">*</div><label for="email"><?php echo _AT('email'); ?></label><br />\r
- <input type="text" name="email" id="email" size="30" value="<?php echo $_POST['email']; ?>" />\r
+ <input type="text" name="email" id="email" size="30" value="<?php echo htmlspecialchars($_POST['email']); ?>" />\r
</div>\r
\r
<div class="row">\r
</div>\r
\r
<div class="row buttons">\r
- <input type="submit" name="submit" value="<?php echo _AT('save'); ?>" accesskey="s" <?php if ($_POST['priv_admin'] != 1) { echo 'onClick="return checkAdmin();"'; } ?> />\r
+ <input type="submit" name="submit" value="<?php echo _AT('save'); ?>" accesskey="s" <?php if ($_POST['priv_admin'] != 1) { echo 'onclick="return checkAdmin();"'; } ?> />\r
<input type="submit" name="cancel" value="<?php echo _AT('cancel'); ?>" />\r
</div>\r
</div>\r
</form>\r
\r
-<script language="javascript">\r
-\r
+<script language="javascript" type="text/javascript">\r
+// <!--\r
function checkAdmin() {\r
if (document.form.priv_admin.checked == true) {\r
return confirm('<?php echo _AT('confirm_admin_create'); ?>');\r
return true;\r
}\r
}\r
-\r
+// -->\r
</script>\r
\r
<?php require(AT_INCLUDE_PATH.'footer.inc.php'); ?>
\ No newline at end of file
header('Location: '.$_base_href.'admin/index.php');\r
exit;\r
}\r
+ $_POST['password'] = $stripslashes($_POST['password']);\r
+ $_POST['confirm_password'] = $stripslashes($_POST['confirm_password']);\r
+ $_POST['real_name'] = $stripslashes($_POST['real_name']);\r
+ $_POST['email'] = $stripslashes($_POST['email']);\r
} \r
\r
require(AT_INCLUDE_PATH.'header.inc.php'); \r
<div class="input-form">\r
<div class="row">\r
<div class="required" title="<?php echo _AT('required_field'); ?>">*</div><label for="password"><?php echo _AT('password'); ?></label><br />\r
- <input type="password" name="password" id="password" size="25" value="<?php echo $_POST['password']; ?>" />\r
+ <input type="password" name="password" id="password" size="25" value="<?php echo htmlspecialchars($_POST['password']); ?>" />\r
</div>\r
\r
<div class="row">\r
<div class="required" title="<?php echo _AT('required_field'); ?>">*</div><label for="password2"><?php echo _AT('confirm_password'); ?></label><br />\r
- <input type="password" name="confirm_password" id="password2" size="25" value="<?php echo $_POST['confirm_password']; ?>" />\r
+ <input type="password" name="confirm_password" id="password2" size="25" value="<?php echo htmlspecialchars($_POST['confirm_password']); ?>" />\r
</div>\r
\r
<div class="row">\r
<label for="real_name"><?php echo _AT('real_name'); ?></label><br />\r
- <input type="text" name="real_name" id="real_name" size="30" value="<?php echo $_POST['real_name']; ?>" />\r
+ <input type="text" name="real_name" id="real_name" size="30" value="<?php echo htmlspecialchars($_POST['real_name']); ?>" />\r
</div>\r
\r
<div class="row">\r
<div class="required" title="<?php echo _AT('required_field'); ?>">*</div><label for="email"><?php echo _AT('email'); ?></label><br />\r
- <input type="text" name="email" id="email" size="30" value="<?php echo $_POST['email']; ?>" />\r
+ <input type="text" name="email" id="email" size="30" value="<?php echo htmlspecialchars($_POST['email']); ?>" />\r
</div>\r
\r
<div class="row buttons">\r
- <input type="submit" name="submit" value="<?php echo _AT('save'); ?>" />\r
+ <input type="submit" name="submit" value="<?php echo _AT('save'); ?>" accesskey="s" />\r
<input type="submit" name="cancel" value="<?php echo _AT('cancel'); ?>" />\r
</div>\r
</div>\r
projects / atutor.git / commitdiff