execute(array($value, $id2)); $value = WT_DB::prepare( "SELECT INET_NTOA({$id1}) FROM `##site_access_rule` WHERE site_access_rule_id=?" )->execute(array($id2))->fetchOne(); ok(); break; case 'user_agent_pattern': case 'rule': case 'comment': WT_DB::prepare("UPDATE `##site_access_rule` SET {$id1}=? WHERE site_access_rule_id=?") ->execute(array($value, $id2)); ok(); } fail(); case 'user': ////////////////////////////////////////////////////////////////////////////// // Table name: WT_USER // ID format: user-{column_name}-{user_id} ////////////////////////////////////////////////////////////////////////////// $user = User::find($id2); // Authorisation if (!Auth::isAdmin() && Auth::id() != $user) { fail(); } // Validation switch ($id1) { case 'password': $user->setPassword($value); // The password will be displayed as "click to edit" on screen. // Accept the update, but pretend to fail. This will leave the "click to edit" on screen fail(); break; case 'user_name': $user->setUserName($value); break; case 'real_name': $user->setRealName($value); break; case 'email': $user->setEmail($value); break; default: // An unrecognized setting fail(); break; } ok(); break; case 'user_gedcom_setting': ////////////////////////////////////////////////////////////////////////////// // Table name: WT_USER_GEDCOM_SETTING // ID format: user_gedcom_setting-{user_id}-{gedcom_id}-{setting_name} ////////////////////////////////////////////////////////////////////////////// switch ($id3) { case 'rootid': case 'gedcomid': case 'canedit': case 'RELATIONSHIP_PATH_LENGTH': $user = User::find($id1); $tree = WT_Tree::get($id2); if (Auth::isManager($tree)) { $tree->setUserPreference($user, $id3, $value); ok(); break; } } fail(); break; case 'user_setting': ////////////////////////////////////////////////////////////////////////////// // Table name: WT_USER_SETTING // ID format: user_setting-{user_id}-{setting_name} ////////////////////////////////////////////////////////////////////////////// $user = User::find($id1); // Authorisation if (!(Auth::isAdmin() || $user && $user->getPreference('editaccount') && in_array($id2, array('language', 'visible_online', 'contact_method')))) { fail(); } // Validation switch ($id2) { case 'canadmin': // Cannot change our own admin status - either to add it or remove it if (Auth::user() == $user) { fail(); } break; case 'verified_by_admin': // Approving for the first time? Send a confirmation email if ($value && !$user->getPreference('verified_by_admin') && $user->getPreference('sessiontime') == 0) { WT_I18N::init($user->getPreference('language')); WT_Mail::systemMessage( $WT_TREE, $user, WT_I18N::translate('Approval of account at %s', WT_SERVER_NAME . WT_SCRIPT_PATH), WT_I18N::translate('The administrator at the webtrees site %s has approved your application for an account. You may now login by accessing the following link: %s', WT_SERVER_NAME . WT_SCRIPT_PATH, WT_SERVER_NAME . WT_SCRIPT_PATH) ); } break; case 'auto_accept': case 'editaccount': case 'verified': case 'visibleonline': case 'max_relation_path': $value = (int) $value; break; case 'contactmethod': case 'comment': case 'language': case 'theme': break; default: // An unrecognized setting fail(); } // Authorised and valid - make update $user->setPreference($id2, $value); ok(); default: // An unrecognized table fail(); }