Skip to content

Commit

Permalink
Browse files Browse the repository at this point in the history
Fix #hunterb812ea22-0c02-46fe-b89f-04519dfb1ebd
  • Loading branch information
eldy committed Feb 24, 2022
1 parent 43c3869 commit 4973019
Showing 1 changed file with 8 additions and 6 deletions.
14 changes: 8 additions & 6 deletions htdocs/user/card.php
Expand Up @@ -402,12 +402,14 @@
$object->civility_code = GETPOST("civility_code", 'aZ09');
$object->lastname = GETPOST("lastname", 'alphanohtml');
$object->firstname = GETPOST("firstname", 'alphanohtml');
$object->login = GETPOST("login", 'alphanohtml');
$object->gender = GETPOST("gender", 'aZ09');
$object->pass = GETPOST("password", 'none'); // We can keep 'none' for password fields
$object->api_key = (GETPOST("api_key", 'alphanohtml')) ? GETPOST("api_key", 'alphanohtml') : $object->api_key;
if (!empty($user->admin)) {
$object->admin = GETPOST("admin", "int"); // admin flag can only be set/unset by an admin user. A test is also done later when forging sql request
if (!empty($user->admin)) { // admin flag can only be set/unset by an admin user. A test is also done later when forging sql request
$object->admin = GETPOST("admin", "int");
}
if ($user->admin && !$object->ldap_sid) { // same test than on edit page
$object->login = GETPOST("login", 'alphanohtml');
}
$object->address = GETPOST('address', 'alphanohtml');
$object->zip = GETPOST('zipcode', 'alphanohtml');
Expand Down Expand Up @@ -1856,15 +1858,15 @@
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("UserDisabled")).'">'.$langs->trans("ReinitPassword").'</a></div>';
} elseif ($caneditpassword && $object->login && !$object->ldap_sid &&
((empty($conf->multicompany->enabled) && $object->entity == $user->entity) || !$user->entity || ($object->entity == $conf->entity) || ($conf->global->MULTICOMPANY_TRANSVERSE_MODE && $conf->entity == 1))) {
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&amp;action=password">'.$langs->trans("ReinitPassword").'</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=password&token='.newToken().'">'.$langs->trans("ReinitPassword").'</a></div>';
}

if ($object->statut == 0) {
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("UserDisabled")).'">'.$langs->trans("SendNewPassword").'</a></div>';
} elseif ($caneditpassword && $object->login && !$object->ldap_sid &&
((empty($conf->multicompany->enabled) && $object->entity == $user->entity) || !$user->entity || ($object->entity == $conf->entity) || ($conf->global->MULTICOMPANY_TRANSVERSE_MODE && $conf->entity == 1))) {
if ($object->email) {
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&amp;action=passwordsend">'.$langs->trans("SendNewPassword").'</a></div>';
print '<div class="inline-block divButAction"><a class="butAction" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=passwordsend&token='.newToken().'">'.$langs->trans("SendNewPassword").'</a></div>';
} else {
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.dol_escape_htmltag($langs->trans("NoEMail")).'">'.$langs->trans("SendNewPassword").'</a></div>';
}
Expand All @@ -1879,7 +1881,7 @@
// Disable user
if ($user->id <> $id && $candisableuser && $object->statut == 1 &&
((empty($conf->multicompany->enabled) && $object->entity == $user->entity) || !$user->entity || ($object->entity == $conf->entity) || ($conf->global->MULTICOMPANY_TRANSVERSE_MODE && $conf->entity == 1))) {
print '<div class="inline-block divButAction"><a class="butActionDelete" href="'.$_SERVER['PHP_SELF'].'?action=disable&id='.$object->id.'&token='.newToken().'">'.$langs->trans("DisableUser").'</a></div>';
print '<div class="inline-block divButAction"><a class="butActionDelete" href="'.$_SERVER['PHP_SELF'].'?id='.$object->id.'&action=disable&token='.newToken().'">'.$langs->trans("DisableUser").'</a></div>';
} else {
if ($user->id == $id) {
print '<div class="inline-block divButAction"><a class="butActionRefused classfortooltip" href="#" title="'.$langs->trans("CantDisableYourself").'">'.$langs->trans("DisableUser").'</a></div>';
Expand Down

0 comments on commit 4973019

Please sign in to comment.