execute(array($value, $id2)); $value=WT_DB::prepare( "SELECT INET_NTOA({$id1}) FROM `##site_access_rule` WHERE site_access_rule_id=?" )->execute(array($id2))->fetchOne(); ok(); break; case 'user_agent_pattern': case 'rule': case 'comment': WT_DB::prepare("UPDATE `##site_access_rule` SET {$id1}=? WHERE site_access_rule_id=?") ->execute(array($value, $id2)); ok(); } fail(); case 'user': ////////////////////////////////////////////////////////////////////////////// // Table name: WT_USER // ID format: user-{column_name}-{user_id} ////////////////////////////////////////////////////////////////////////////// $user = User::find($id2); // Authorisation if (!Auth::isAdmin() && WT::currentUser() != $user) { fail(); } // Validation switch ($id1) { case 'password': $user->setPassword($value); // The password will be displayed as "click to edit" on screen. // Accept the update, but pretend to fail. This will leave the "click to edit" on screen fail(); break; case 'user_name': $user->setUserName($value); break; case 'real_name': $user->setRealName($value); break; case 'email': $user->setEmail($value); break; default: // An unrecognized setting fail(); break; } ok(); break; case 'user_gedcom_setting': ////////////////////////////////////////////////////////////////////////////// // Table name: WT_USER_GEDCOM_SETTING // ID format: user_gedcom_setting-{user_id}-{gedcom_id}-{setting_name} ////////////////////////////////////////////////////////////////////////////// switch($id3) { case 'rootid': case 'gedcomid': case 'canedit': case 'RELATIONSHIP_PATH_LENGTH': $user = User::find($id1); $tree = WT_Tree::get($id2); if (Auth::isManager($tree)) { $tree->setUserPreference($user, $id3, $value); ok(); break; } } fail(); break; case 'user_setting': ////////////////////////////////////////////////////////////////////////////// // Table name: WT_USER_SETTING // ID format: user_setting-{user_id}-{setting_name} ////////////////////////////////////////////////////////////////////////////// $user = User::find($id1); // Authorisation if (!(Auth::isAdmin() || $user && $user->getPreference('editaccount') && in_array($id2, array('language','visible_online','contact_method')))) { fail(); } // Validation switch ($id2) { case 'canadmin': // Cannot change our own admin status - either to add it or remove it if (Auth::user() == $user) { fail(); } break; case 'verified_by_admin': // Approving for the first time? Send a confirmation email if ($value && !$user->getPreference('verified_by_admin') && $user->getPreference('sessiontime')==0) { WT_I18N::init($user->getPreference('language')); WT_Mail::systemMessage( $WT_TREE, $user, WT_I18N::translate('Approval of account at %s', WT_SERVER_NAME.WT_SCRIPT_PATH), WT_I18N::translate('The administrator at the webtrees site %s has approved your application for an account. You may now login by accessing the following link: %s', WT_SERVER_NAME.WT_SCRIPT_PATH, WT_SERVER_NAME.WT_SCRIPT_PATH) ); } break; case 'auto_accept': case 'editaccount': case 'verified': case 'visibleonline': case 'max_relation_path': $value=(int)$value; break; case 'contactmethod': case 'comment': case 'language': case 'theme': break; default: // An unrecognized setting fail(); } // Authorised and valid - make update $user->setPreference($id2, $value); ok(); case 'module': ////////////////////////////////////////////////////////////////////////////// // Table name: WT_MODULE // ID format: module-{column}-{module_name} ////////////////////////////////////////////////////////////////////////////// // Authorisation if (!Auth::isAdmin()) { fail(); } switch($id1) { case 'status': case 'tab_order': case 'menu_order': case 'sidebar_order': WT_DB::prepare("UPDATE `##module` SET {$id1}=? WHERE module_name=?") ->execute(array($value, $id2)); ok(); default: fail(); } default: // An unrecognized table fail(); }