diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php b/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php index 4e0e25df8..c94d6386e 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/autoload/webusers.php @@ -123,4 +123,10 @@ class WebUsers extends Users{ return $reply; } + public function getUsers(){ + global $cfg; + $dbl = new DBLayer($cfg['db']['web']); + $data = $dbl->executeWithoutParams("SELECT * FROM ams_user"); + return $data; + } } \ No newline at end of file diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_info.php b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_info.php index 45ee8f929..4bbe9ea24 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/func/change_info.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/func/change_info.php @@ -32,13 +32,17 @@ function change_info(){ $values['fName'] = $_POST['FirstName']; } if(($_POST['LastName'] != "") && ($_POST['LastName'] != $current_info['LastName'])){ - $query = $query . "LastName = :lName "; + if($updated){ + $query = $query . ", LastName = :lName "; + }else{ + $query = $query . "LastName = :lName "; + } $updated = true; $values['lName'] = $_POST['LastName']; } //TODO: add the other fields too $query = $query . "WHERE Login = :user"; - + //if some field is update then: if($updated){ global $cfg; diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php index 7fd264aa2..9a4cc1ad6 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php +++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/settings.php @@ -4,12 +4,17 @@ function settings(){ if(WebUsers::isLoggedIn()){ //in case id-GET param set it's value as target_id, if no id-param is given, ue the session id. if(isset($_GET['id'])){ - $result = WebUsers::getInfo($_GET['id']); - if(WebUsers::isAdmin() && ($_GET['id']!= $_SESSION['id'])){ - $result['isAdmin'] = "TRUE"; + if(($_GET['id'] != $_SESSION['id']) && (!WebUsers::isAdmin()) ){ + print('No permission to see this page!'); + exit; + }else{ + $result = WebUsers::getInfo($_GET['id']); + if(WebUsers::isAdmin() && ($_GET['id']!= $_SESSION['id'])){ + $result['isAdmin'] = "TRUE"; + } + $result['target_id'] = $_GET['id']; + $result['current_mail'] = WebUsers::getEmail($_GET['id']); } - $result['target_id'] = $_GET['id']; - $result['current_mail'] = WebUsers::getEmail($_GET['id']); }else{ $result = WebUsers::getInfo($_SESSION['id']); $result['target_id'] = $_SESSION['id']; diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/inc/userlist.php b/code/ryzom/tools/server/ryzom_ams/www/html/inc/userlist.php new file mode 100644 index 000000000..c065c6985 --- /dev/null +++ b/code/ryzom/tools/server/ryzom_ams/www/html/inc/userlist.php @@ -0,0 +1,20 @@ +fetch(PDO::FETCH_ASSOC)){ + $pageResult['userlist'][$i]['id'] = $row['UId']; + $pageResult['userlist'][$i]['username'] = $row['Login']; + $pageResult['userlist'][$i]['permission'] = $row['Permission']; + $pageResult['userlist'][$i]['email'] = $row['Email']; + $i++; + } + return $pageResult; + }else{ + print('no permission'); + exit; + } +} \ No newline at end of file diff --git a/code/ryzom/tools/server/ryzom_ams/www/html/templates/layout_admin.tpl b/code/ryzom/tools/server/ryzom_ams/www/html/templates/layout_admin.tpl index b2c79ba00..aaa625a7d 100644 --- a/code/ryzom/tools/server/ryzom_ams/www/html/templates/layout_admin.tpl +++ b/code/ryzom/tools/server/ryzom_ams/www/html/templates/layout_admin.tpl @@ -5,6 +5,7 @@
The shard/lib/web db user list You are about to see it here!
- - -Id | +Username | +Permission | +Action | +||
---|---|---|---|---|---|
{$element.id} | +{$element.username} | +{$element.email} | + {if $element.permission eq 1}User | {/if} + {if $element.permission eq 2}Admin | {/if} ++ Edit User + | + +