diff options
| author | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2008-06-19 06:32:23 +0000 |
|---|---|---|
| committer | Karl 'vollmerk' Vollmer <vollmer@ampache.org> | 2008-06-19 06:32:23 +0000 |
| commit | cef43c3602c38fe4b49e74bdfa429c66929ada0e (patch) | |
| tree | 0eaf81ca59c5c52ff023254105afb9f43b67cfc5 /admin | |
| parent | cabbf907970a6d514a4b9288abcfec3c0c6b2d55 (diff) | |
| download | ampache-cef43c3602c38fe4b49e74bdfa429c66929ada0e.tar.gz ampache-cef43c3602c38fe4b49e74bdfa429c66929ada0e.tar.bz2 ampache-cef43c3602c38fe4b49e74bdfa429c66929ada0e.zip | |
reorganize the menu a whole bunch and add a confirmation page to the catalog deletion
Diffstat (limited to 'admin')
| -rw-r--r-- | admin/catalog.php | 13 | ||||
| -rw-r--r-- | admin/users.php | 30 |
2 files changed, 27 insertions, 16 deletions
diff --git a/admin/catalog.php b/admin/catalog.php index c9b470ff..fb23f7cf 100644 --- a/admin/catalog.php +++ b/admin/catalog.php @@ -103,12 +103,23 @@ switch ($_REQUEST['action']) { case 'delete_catalog': /* Make sure they aren't in demo mode */ if (Config::get('demo_mode')) { break; } + + if (!Core::form_verify('delete_catalog')) { + access_denied(); + exit; + } /* Delete the sucker, we don't need to check perms as thats done above */ - Catalog::delete($_REQUEST['catalog_id']); + Catalog::delete($_GET['catalog_id']); $next_url = Config::get('web_path') . '/admin/index.php'; show_confirmation(_('Catalog Deleted'),_('The Catalog and all associated records have been deleted'),$nexturl); break; + case 'show_delete_catalog': + $catalog_id = scrub_in($_GET['catalog_id']); + + $next_url = Config::get('web_path') . '/admin/catalog.php?action=delete_catalog'; + show_confirmation(_('Catalog Delete'),_('Confirm Deletion Request'),$nexturl,1,'delete_catalog'); + break; case 'remove_disabled': if (conf('demo_mode')) { break; } diff --git a/admin/users.php b/admin/users.php index a9a5039d..ea717bdb 100644 --- a/admin/users.php +++ b/admin/users.php @@ -33,19 +33,19 @@ switch ($_REQUEST['action']) { case 'update_user': if (Config::get('demo_mode')) { break; } - if (!$_SESSION['forms']['adminuser'] || $_SESSION['forms']['adminuser'] != $_POST['formkey']) { + if (!Core::form_verify('edit_user','post')) { access_denied(); exit; } /* Clean up the variables */ - $user_id = scrub_in($_REQUEST['user_id']); - $username = scrub_in($_REQUEST['username']); - $fullname = scrub_in($_REQUEST['fullname']); - $email = scrub_in($_REQUEST['email']); - $access = scrub_in($_REQUEST['access']); - $pass1 = scrub_in($_REQUEST['password_1']); - $pass2 = scrub_in($_REQUEST['password_2']); + $user_id = scrub_in($_POST['user_id']); + $username = scrub_in($_POST['username']); + $fullname = scrub_in($_POST['fullname']); + $email = scrub_in($_POST['email']); + $access = scrub_in($_POST['access']); + $pass1 = scrub_in($_POST['password_1']); + $pass2 = scrub_in($_POST['password_2']); /* Setup the temp user */ $client = new User($user_id); @@ -85,17 +85,17 @@ switch ($_REQUEST['action']) { case 'add_user': if (Config::get('demo_mode')) { break; } - if (!$_SESSION['forms']['adminuser'] || $_SESSION['forms']['adminuser'] != $_POST['formkey']) { + if (!Core::form_verify('add_user','post')) { access_denied(); exit; } - $username = scrub_in($_REQUEST['username']); - $fullname = scrub_in($_REQUEST['fullname']); - $email = scrub_in($_REQUEST['email']); - $access = scrub_in($_REQUEST['access']); - $pass1 = scrub_in($_REQUEST['password_1']); - $pass2 = scrub_in($_REQUEST['password_2']); + $username = scrub_in($_POST['username']); + $fullname = scrub_in($_POST['fullname']); + $email = scrub_in($_POST['email']); + $access = scrub_in($_POST['access']); + $pass1 = scrub_in($_POST['password_1']); + $pass2 = scrub_in($_POST['password_2']); if ($pass1 !== $pass2 || !strlen($pass1)) { Error::add('password',_("Error Passwords don't match")); |