diff options
| author | cassiopc <cassiopc@gmail.com> | 2013-08-29 14:54:32 +0000 |
|---|---|---|
| committer | cassiopc <cassiopc@gmail.com> | 2013-08-29 14:54:32 +0000 |
| commit | bc3df342f06c6f61e0daf9ae29d435f9299b8733 (patch) | |
| tree | a2188e5ddfa0d6564598c6b8b5a1bc63b9e38d94 /src | |
| parent | 0923c7df2ac33b451b1a64983fb1f77f0b16db43 (diff) | |
| download | boca-bc3df342f06c6f61e0daf9ae29d435f9299b8733.tar.gz boca-bc3df342f06c6f61e0daf9ae29d435f9299b8733.zip | |
changed jar command-line to include the name of main class; users by default now cant change password
Diffstat (limited to 'src')
| -rw-r--r-- | src/admin/user.php | 4 | ||||
| -rw-r--r-- | src/fcontest.php | 7 |
2 files changed, 8 insertions, 3 deletions
diff --git a/src/admin/user.php b/src/admin/user.php index 4bcb264..b517bad 100644 --- a/src/admin/user.php +++ b/src/admin/user.php @@ -114,7 +114,7 @@ else if (isset($_FILES["importfile"]) && isset($_POST["Submit"]) && $_FILES["imp $param['multilogin']='f'; $userlist[$param['site'] . '-' . $param['usernumber']] = randstr(6,'0123456789'); $param['pass']=myhash($userlist[$param['site'] . '-' . $param['usernumber']]); - + $param['changepass']='t'; $param['contest']=$_SESSION["usertable"]["contestnumber"]; if($_SESSION["usertable"]["usersitenumber"] == $param['site'] || $main) if($param['usernumber'] != 1000 && DBNewUser($param)) { @@ -146,6 +146,7 @@ else if (isset($_FILES["importfile"]) && isset($_POST["Submit"]) && $_FILES["imp $param['multilogin']='f'; $userlist[$param['site'] . '-' . $param['usernumber']] = randstr(6,'0123456789'); $param['pass']=myhash($userlist[$param['site'] . '-' . $param['usernumber']]); + $param['changepass']='t'; $param['contest']=$_SESSION["usertable"]["contestnumber"]; if($_SESSION["usertable"]["usersitenumber"] == $param['site'] || $main) if($param['usernumber'] != 1000 && DBNewUser($param)) { @@ -177,6 +178,7 @@ else if (isset($_FILES["importfile"]) && isset($_POST["Submit"]) && $_FILES["imp case "userenabled": $param['enabled']=trim($tmp[1]); break; case "usermultilogin": $param['multilogin']=trim($tmp[1]); break; case "userpassword": $param['pass']=myhash(trim($tmp[1])); break; + case "userchangepassword": $param['changepass']=trim($tmp[1]); break; case "userip": $param['permitip']=trim($tmp[1]); break; } $i++; diff --git a/src/fcontest.php b/src/fcontest.php index 7733111..313cf82 100644 --- a/src/fcontest.php +++ b/src/fcontest.php @@ -1128,7 +1128,7 @@ function DBNewUser($param, $c=null) { if(isset($param['number']) && !isset($param['user'])) $param['user']=$param['number']; $ac=array('contest','site','user'); - $ac1=array('updatetime','username','usericpcid','userfull','userdesc','type','enabled','multilogin','pass','permitip', + $ac1=array('updatetime','username','usericpcid','userfull','userdesc','type','enabled','multilogin','pass','permitip','changepass', 'userip','userlastlogin','userlastlogout','usersession','usersessionextra'); $typei['contest']=1; @@ -1154,6 +1154,7 @@ function DBNewUser($param, $c=null) { $userdesc=''; $type='team'; $enabled='f'; + $changepass='f'; $multilogin='f'; $permitip=''; $usersession=null; @@ -1177,8 +1178,10 @@ function DBNewUser($param, $c=null) { if ($type != "chief" && $type != "judge" && $type != "admin" && $type != "score" && $type != "staff" && $type != "site") $type = "team"; + if ($type == "admin") $changepass = "t"; if ($enabled != "f") $enabled = "t"; if ($multilogin != "t") $multilogin = "f"; + if ($changepass != "t") $changepass = "f"; $cw = false; if($c == null) { @@ -1194,6 +1197,7 @@ function DBNewUser($param, $c=null) { MSGError("DBNewUser param error: site $site does not exist"); return false; } + if($pass != myhash("") && $type != "admin" && $changepass != "t") $pass='!'.$pass; $r = DBExec($c, "select * from usertable where username='$username' and usernumber!=$user and ". "usersitenumber=$site and contestnumber=$contest", "DBNewUser(get user)"); $n = DBnlines ($r); @@ -1211,7 +1215,6 @@ function DBNewUser($param, $c=null) { MSGError("Site $site does not exist"); return false; } - if($type=='team' && $pass != myhash("")) $pass='!'.$pass; $sql = "insert into usertable (contestnumber, usersitenumber, usernumber, username, usericpcid, userfullname, " . "userdesc, usertype, userenabled, usermultilogin, userpassword, userpermitip) values " . "($contest, $site, $user, '$username', '$usericpcid', '$userfull', '$userdesc', '$type', '$enabled', " . |