execute(array($value, $id2)); $value=WT_DB::prepare( "SELECT INET_NTOA({$id1}) FROM `##site_access_rule` WHERE site_access_rule_id=?" )->execute(array($id2))->fetchOne(); ok(); break; case 'user_agent_pattern': case 'rule': case 'comment': WT_DB::prepare("UPDATE `##site_access_rule` SET {$id1}=? WHERE site_access_rule_id=?") ->execute(array($value, $id2)); ok(); } fail(); case 'user': ////////////////////////////////////////////////////////////////////////////// // Table name: WT_USER // ID format: user-{column_name}-{user_id} ////////////////////////////////////////////////////////////////////////////// // Authorisation if (!(WT_USER_IS_ADMIN || WT_USER_ID && WT_USER==$id2)) { fail(); } // Validation switch ($id1) { case 'password': // The password will be displayed as "click to edit" on screen. // Accept the update, but pretend to fail. This will leave the "click to edit" on screen if ($value) { set_user_password($id2, $value); } fail(); case 'user_name': case 'real_name': case 'email': break; default: // An unrecognised setting fail(); } // Authorised and valid - make update try { WT_DB::prepare("UPDATE `##user` SET {$id1}=? WHERE user_id=?") ->execute(array($value, $id2)); AddToLog('User ID: '.$id2. ' changed '.$id1.' to '.$value, 'auth'); ok(); } catch (PDOException $ex) { // Duplicate email or username? fail(); } case 'user_gedcom_setting': ////////////////////////////////////////////////////////////////////////////// // Table name: WT_USER_GEDCOM_SETTING // ID format: user_gedcom_setting-{user_id}-{gedcom_id}-{setting_name} ////////////////////////////////////////////////////////////////////////////// // Authorisation if (!(WT_USER_IS_ADMIN || userGedcomAdmin($id2, $id3))) { fail(); } // Validation switch($id3) { case 'rootid': case 'gedcomid': case 'canedit': case 'RELATIONSHIP_PATH_LENGTH': break; default: // An unrecognised setting fail(); } // Authorised and valid - make update WT_Tree::get($id2)->userPreference($id1, $id3, $value); ok(); case 'user_setting': ////////////////////////////////////////////////////////////////////////////// // Table name: WT_USER_SETTING // ID format: user_setting-{user_id}-{setting_name} ////////////////////////////////////////////////////////////////////////////// // Authorisation if (!(WT_USER_IS_ADMIN || WT_USER_ID && get_user_setting($id1, 'editaccount') && _array($id2, array('language','visible_online','contact_method')))) { fail(); } // Validation switch ($id2) { case 'canadmin': // Cannot change our own admin status - either to add it or remove it if (WT_USER_ID==$id1) { fail(); } break; case 'verified_by_admin': // Approving for the first time? Send a confirmation email if ($value && get_user_setting($id1, $id2)!=$value && get_user_setting($id1, 'sessiontime')==0) { require_once WT_ROOT.'includes/functions/functions_mail.php'; WT_I18N::init(get_user_setting($id1, 'language')); webtreesMail( getUserEmail($id1), $WEBTREES_EMAIL, WT_I18N::translate('Approval of account at %s', WT_SERVER_NAME.WT_SCRIPT_PATH), WT_I18N::translate('The administrator at the webtrees site %s has approved your application for an account. You may now login by accessing the following link: %s', WT_SERVER_NAME.WT_SCRIPT_PATH, WT_SERVER_NAME.WT_SCRIPT_PATH) ); } break; case 'auto_accept': case 'editaccount': case 'verified': case 'visibleonline': case 'max_relation_path': $value=(int)$value; break; case 'contactmethod': case 'comment': case 'language': case 'theme': break; default: // An unrecognised setting fail(); } // Authorised and valid - make update set_user_setting($id1, $id2, $value); ok(); case 'module': ////////////////////////////////////////////////////////////////////////////// // Table name: WT_MODULE // ID format: module-{column}-{module_name} ////////////////////////////////////////////////////////////////////////////// // Authorisation if (!WT_USER_IS_ADMIN) { fail(); } switch($id1) { case 'status': case 'tab_order': case 'menu_order': case 'sidebar_order': WT_DB::prepare("UPDATE `##module` SET {$id1}=? WHERE module_name=?") ->execute(array($value, $id2)); ok(); default: fail(); } default: // An unrecognised table fail(); }