get_string("adminhelpauthentication")."</font><br />";
$userdata .= "<font size=+1> </font><a href=\"user.php\">".get_string("edituser")."</a> - <font size=\"1\">".
get_string("adminhelpedituser")."</font><br />";
- $userdata .= "<font size=+1> </font><a href=\"$CFG->wwwroot/$CFG->admin/user.php?newuser=true\">".
+ $userdata .= "<font size=+1> </font><a href=\"$CFG->wwwroot/$CFG->admin/user.php?newuser=true&sesskey=$USER->sesskey\">".
get_string("addnewuser")."</a> - <font size=\"1\">".
get_string("adminhelpaddnewuser")."</font><br />";
$userdata .= "<font size=+1> </font><a href=\"$CFG->wwwroot/$CFG->admin/uploaduser.php?sesskey=$USER->sesskey\">".
-<?PHP // $Id$
+<?php // $Id$
require_once("../config.php");
error("You must be an administrator to edit users this way.");
}
- if ($newuser) { // Create a new user
+ if ($newuser and confirm_sesskey()) { // Create a new user
$user->auth = "manual";
$user->firstname = "";
$user->lastname = "";
notify(get_string("usernotconfirmed", "", fullname($user, true)));
}
- } else if ($delete) { // Delete a selected user, after confirmation
+ } else if ($delete and confirm_sesskey()) { // Delete a selected user, after confirmation
if (!$user = get_record("user", "id", "$delete")) {
error("No such user!");
}
if ($confirm != md5($delete)) {
$fullname = fullname($user, true);
notice_yesno(get_string("deletecheckfull", "", "'$fullname'"),
- "user.php?delete=$delete&confirm=".md5($delete), "user.php");
+ "user.php?delete=$delete&confirm=".md5($delete)."&sesskey=$USER->sesskey", "user.php");
exit;
} else if (!$user->deleted) {
if ($user->id == $USER->id or $user->username == "changeme") {
$deletebutton = "";
} else {
- $deletebutton = "<a href=\"user.php?delete=$user->id\">$strdelete</a>";
+ $deletebutton = "<a href=\"user.php?delete=$user->id&sesskey=$USER->sesskey\">$strdelete</a>";
}
if ($user->lastaccess) {
$strlastaccess = format_time(time() - $user->lastaccess);
}
echo "</form>";
echo "</td></tr></table>";
- print_heading("<a href=\"user.php?newuser=true\">".get_string("addnewuser")."</a>");
-
+ print_heading("<a href=\"user.php?newuser=true&sesskey=$USER->sesskey\">".get_string("addnewuser")."</a>");
print_table($table);
}
- print_heading("<a href=\"user.php?newuser=true\">".get_string("addnewuser")."</a>");
-
+ print_heading("<a href=\"user.php?newuser=true&sesskey=$USER->sesskey\">".get_string("addnewuser")."</a>");
print_footer();
}
$table->data[] = array("<b><a href=\"user.php\">".get_string("edituser")."</a></b>",
get_string("adminhelpedituser"));
if (is_internal_auth()) {
- $table->data[] = array("<b><a href=\"$CFG->wwwroot/$CFG->admin/user.php?newuser=true\">".get_string("addnewuser")."</a></b>",
+ $table->data[] = array("<b><a href=\"$CFG->wwwroot/$CFG->admin/user.php?newuser=true&sesskey=$USER->sesskey\">".get_string("addnewuser")."</a></b>",
get_string("adminhelpaddnewuser"));
$table->data[] = array("<b><a href=\"$CFG->wwwroot/$CFG->admin/uploaduser.php?sesskey=$USER->sesskey\">".get_string("uploadusers")."</a></b>",
get_string("adminhelpuploadusers"));
projects / moodle.git / commitdiff