Remove the session->loginid

This commit is contained in:
jengo 2000-09-05 02:45:44 +00:00
parent 6716ab839c
commit 3f51405cce
4 changed files with 31 additions and 36 deletions

View File

@ -26,9 +26,7 @@ if (! $submit) {
$phpgw->common->navbar(); $phpgw->common->navbar();
?> ?>
<form method="POST" acion="changepassword.php"> <form method="POST" acion="<?php echo $phpgw->link("changepassword.php"); ?>">
<?php echo $phpgw->form_sessionid(); ?>
<table border="0"> <table border="0">
<tr> <tr>
<td> <td>
@ -74,12 +72,12 @@ if (! $submit) {
$phpgw->db->query("update accounts set passwd='" . md5($n_passwd) . "', " $phpgw->db->query("update accounts set passwd='" . md5($n_passwd) . "', "
. "lastpasswd_change='" . time() . "' where loginid='" . "lastpasswd_change='" . time() . "' where loginid='"
. $phpgw->session->loginid . "'"); . $phpgw_info["user"]["userid"] . "'");
// Since they are logged in, we need to change the password in sessions // Since they are logged in, we need to change the password in sessions
// in case they decied to check there mail. // in case they decied to check there mail.
$phpgw->db->query("update sessions set passwd='" . addslashes($n_passwd) $phpgw->db->query("update sessions set passwd='" . addslashes($n_passwd)
. "' where loginid='" . $phpgw->session->loginid . "'"); . "' where loginid='" . $phpgw_info["user"]["userid"] . "'");
Header("Location: " . $phpgw->link($phpgw_info["server"]["webserver_url"] Header("Location: " . $phpgw->link($phpgw_info["server"]["webserver_url"]
. "/preferences/","cd=18")); . "/preferences/","cd=18"));

View File

@ -39,10 +39,10 @@
$picture_raw = base64_encode($picture_raw); $picture_raw = base64_encode($picture_raw);
} }
$phpgw->db->query("delete from profiles where owner='" .$phpgw->session->loginid . "'"); $phpgw->db->query("delete from profiles where owner='" . $phpgw_info["user"]["userid"] . "'");
$phpgw->db->query("insert into profiles (owner,title,phone_number,comments," $phpgw->db->query("insert into profiles (owner,title,phone_number,comments,"
. "picture_format,picture) values ('" . $phpgw->session->loginid . "','" . "picture_format,picture) values ('" . $phpgw_info["user"]["userid"] . "','"
. "$title','$phone_number','$comments','$picture_type','$picture_raw')"); . "$title','$phone_number','$comments','$picture_type','$picture_raw')");
} else { } else {
$phone_number = addslashes($phone_number); $phone_number = addslashes($phone_number);
@ -51,21 +51,19 @@
$title = addslashes($title); $title = addslashes($title);
$phpgw->db->query("update profiles set title='$title',phone_number='$phone_number'," $phpgw->db->query("update profiles set title='$title',phone_number='$phone_number',"
. "comments='$comments' where owner='" . $phpgw->session->loginid. "'"); . "comments='$comments' where owner='" . $phpgw_info["user"]["userid"] . "'");
} }
echo "<center>Your profile has been updated</center>"; echo "<center>Your profile has been updated</center>";
} }
$phpgw->db->query("select * from profiles where owner='" . $phpgw->session->loginid . "'"); $phpgw->db->query("select * from profiles where owner='" . $phpgw_info["user"]["userid"] . "'");
$phpgw->db->next_record(); $phpgw->db->next_record();
?> ?>
<form method="POST" ENCTYPE="multipart/form-data" action="changeprofile.php"> <form method="POST" ENCTYPE="multipart/form-data" action="<?php echo $phpgw->link("changeprofile.php"); ?>">
<?php echo $phpgw->form_sessionid(); ?>
<table border="0"> <table border="0">
<tr> <tr>
<td colspan="2"><?php echo $phpgw->common->display_fullname($phpgw->session->loginid,$phpgw->session->firstname,$phpgw->session->lastname); ?></td> <td colspan="2"><?php echo $phpgw->common->display_fullname($phpgw_info["user"]["userid"],$phpgw_info["user"]["firstname"],$phpgw_info["user"]["lastname"]); ?></td>
<td>&nbsp;</td> <td>&nbsp;</td>
</tr> </tr>
<tr> <tr>

View File

@ -24,7 +24,7 @@
if ($ntheme) { if ($ntheme) {
$theme = $ntheme; $theme = $ntheme;
$phpgw->common->preferences_update($phpgw->session->loginid,"theme"); $phpgw->common->preferences_update($phpgw_info["user"]["userid"],"theme");
Header("location: " . $phpgw->link("changetheme.php")); Header("location: " . $phpgw->link("changetheme.php"));
exit; exit;
} }

View File

@ -54,8 +54,7 @@
if (! $submit) { if (! $submit) {
?> ?>
<form method="POST" action="settings.php"> <form method="POST" action="<?php echo $phpgw->link("settings.php"); ?>">
<?php echo $phpgw->form_sessionid(); ?>
<table border=0> <table border=0>
<tr> <tr>
<td><?php echo lang_pref("max matchs per page"); ?>: </td> <td><?php echo lang_pref("max matchs per page"); ?>: </td>
@ -236,7 +235,7 @@
echo "<td><select name=\"headlines[]\" multiple size=5>\n"; echo "<td><select name=\"headlines[]\" multiple size=5>\n";
$phpgw->db->query("select * from users_headlines where owner='" $phpgw->db->query("select * from users_headlines where owner='"
. $phpgw->session->loginid . "'"); . $phpgw_info["user"]["userid"] . "'");
while ($phpgw->db->next_record()) while ($phpgw->db->next_record())
$users_headlines[$phpgw->db->f("site")] = " selected"; $users_headlines[$phpgw->db->f("site")] = " selected";
@ -264,7 +263,7 @@
<?php <?php
} else { } else {
$phpgw->db->query("delete from preferences where owner='" . $phpgw->session->loginid $phpgw->db->query("delete from preferences where owner='" . $phpgw_info["user"]["userid"]
. "' AND name != 'theme'"); . "' AND name != 'theme'");
// If they don't have permissions to the headlines, // If they don't have permissions to the headlines,
@ -275,49 +274,49 @@
$phpgw->db->lock("preferences"); $phpgw->db->lock("preferences");
} }
$phpgw->common->preferences_add($phpgw->session->loginid,"maxmatchs"); $phpgw->common->preferences_add($phpgw_info["user"]["userid"],"maxmatchs");
$phpgw->common->preferences_add($phpgw->session->loginid,"tz_offset"); $phpgw->common->preferences_add($phpgw_info["user"]["userid"],"tz_offset");
$phpgw->common->preferences_add($phpgw->session->loginid,"dateformat"); $phpgw->common->preferences_add($phpgw_info["user"]["userid"],"dateformat");
$phpgw->common->preferences_add($phpgw->session->loginid,"timeformat"); $phpgw->common->preferences_add($phpgw_info["user"]["userid"],"timeformat");
$phpgw->common->preferences_add($phpgw->session->loginid,"lang"); $phpgw->common->preferences_add($phpgw_info["user"]["userid"],"lang");
$phpgw->common->preferences_add($phpgw->session->loginid,"default_sorting"); $phpgw->common->preferences_add($phpgw_info["user"]["userid"],"default_sorting");
$phpgw->common->preferences_add($phpgw->session->loginid,"default_app"); $phpgw->common->preferences_add($phpgw_info["user"]["userid"],"default_app");
if ($navbar_text) { if ($navbar_text) {
$phpgw->common->preferences_add($phpgw->session->loginid,"navbar_text"); $phpgw->common->preferences_add($phpgw_info["user"]["userid"],"navbar_text");
} }
if ($phpgw_info["user"]["permissions"]["admin"]) { if ($phpgw_info["user"]["permissions"]["admin"]) {
if ($show_currentusers) { if ($show_currentusers) {
$phpgw->common->preferences_add($phpgw->session->loginid,"show_currentusers"); $phpgw->common->preferences_add($phpgw_info["user"]["userid"],"show_currentusers");
} }
} }
if ($phpgw_info["user"]["permissions"]["email"]) { if ($phpgw_info["user"]["permissions"]["email"]) {
if ($mainscreen_showmail) { if ($mainscreen_showmail) {
$phpgw->common->preferences_add($phpgw->session->loginid,"mainscreen_showmail"); $phpgw->common->preferences_add($phpgw_info["user"]["userid"],"mainscreen_showmail");
} }
$phpgw->common->preferences_add($phpgw->session->loginid,"email_sig"); $phpgw->common->preferences_add($phpgw_info["user"]["userid"],"email_sig");
} }
if ($phpgw_info["user"]["permissions"]["addressbook"]) { if ($phpgw_info["user"]["permissions"]["addressbook"]) {
if ($mainscreen_showbirthdays) { if ($mainscreen_showbirthdays) {
$phpgw->common->preferences_add($phpgw->session->loginid,"mainscreen_showbirthdays"); $phpgw->common->preferences_add($phpgw_info["user"]["userid"],"mainscreen_showbirthdays");
} }
} }
if ($phpgw_info["user"]["permissions"]["calendar"]) { if ($phpgw_info["user"]["permissions"]["calendar"]) {
$phpgw->common->preferences_add($phpgw->session->loginid,"weekdaystarts"); $phpgw->common->preferences_add($phpgw_info["user"]["userid"],"weekdaystarts");
$phpgw->common->preferences_add($phpgw->session->loginid,"workdaystarts"); $phpgw->common->preferences_add($phpgw_info["user"]["userid"],"workdaystarts");
$phpgw->common->preferences_add($phpgw->session->loginid,"workdayends"); $phpgw->common->preferences_add($phpgw_info["user"]["userid"],"workdayends");
if ($mainscreen_showevents) { if ($mainscreen_showevents) {
$phpgw->common->preferences_add($phpgw->session->loginid,"mainscreen_showevents"); $phpgw->common->preferences_add($phpgw_info["user"]["userid"],"mainscreen_showevents");
} }
} }
if ($phpgw_info["user"]["permissions"]["headlines"]) { if ($phpgw_info["user"]["permissions"]["headlines"]) {
include($phpgw_info["server"]["server_root"] . "/headlines/inc/functions.inc.php"); include($phpgw_info["server"]["server_root"] . "/headlines/inc/functions.inc.php");
headlines_update($phpgw->session->loginid,$headlines); headlines_update($phpgw_info["user"]["userid"],$headlines);
} }
$phpgw->db->unlock(); $phpgw->db->unlock();