<?php // $Id$
- require_once("../config.php");
-
- $newuser = optional_param('newuser', "");
- $delete = optional_param('delete', "");
- $confirm = optional_param('confirm', "");
- $confirmuser = optional_param('confirmuser', "");
- $sort = optional_param('sort', "name", PARAM_ALPHA);
- $dir = optional_param('dir', "ASC");
- $page = optional_param('page', 0);
- $search = optional_param('search', "");
- if (!empty($search)) {
- $search=trim($search);
- }
- $lastinitial = optional_param('lastinitial', ""); // only show students with this last initial
- $firstinitial = optional_param('firstinitial', ""); // only show students with this first initial
- $perpage = optional_param('perpage', 30, PARAM_INT); // how many per page
-
- unset($user);
- unset($admin);
- unset($teacher);
+ require_once('../config.php');
+
+ $newuser = optional_param('newuser', 0, PARAM_BOOL);
+ $delete = optional_param('delete', 0, PARAM_INT);
+ $confirm = optional_param('confirm', '', PARAM_ALPHANUM); //md5 confirmation hash
+ $confirmuser = optional_param('confirmuser', 0, PARAM_INT);
+ $sort = optional_param('sort', 'name', PARAM_ALPHA);
+ $dir = optional_param('dir', 'ASC', PARAM_ALPHA);
+ $page = optional_param('page', 0, PARAM_INT);
+ $perpage = optional_param('perpage', 30, PARAM_INT); // how many per page
+ $search = optional_param('search', '', PARAM_RAW);
+ $lastinitial = optional_param('lastinitial', '', PARAM_CLEAN); // only show students with this last initial
+ $firstinitial = optional_param('firstinitial', '', PARAM_CLEAN); // only show students with this first initial
$search = trim($search);
+ $user = new object();
+ $admin = new object();
+ $teacher = new object();
+
if (! record_exists("user_admins")) { // No admin user yet
- $user->firstname = get_string("admin");
- $user->lastname = get_string("user");
- $user->username = "admin";
- $user->password = md5("admin");
- $user->email = "root@localhost";
- $user->confirmed = 1;
- $user->lang = $CFG->lang;
- $user->maildisplay = 1;
+ $user->firstname = get_string("admin");
+ $user->lastname = get_string("user");
+ $user->username = "admin";
+ $user->password = md5("admin");
+ $user->email = "root@localhost";
+ $user->confirmed = 1;
+ $user->lang = $CFG->lang;
+ $user->maildisplay = 1;
$user->timemodified = time();
if (! $user->id = insert_record("user", $user)) {
}
if ($newuser and confirm_sesskey()) { // Create a new user
- $user->auth = "manual";
- $user->firstname = "";
- $user->lastname = "";
- $user->username = "changeme";
- $user->password = "";
- $user->email = "";
- $user->lang = $CFG->lang;
- $user->confirmed = 1;
+ $user->auth = "manual";
+ $user->firstname = "";
+ $user->lastname = "";
+ $user->username = "changeme";
+ $user->password = "";
+ $user->email = "";
+ $user->lang = $CFG->lang;
+ $user->confirmed = 1;
$user->timemodified = time();
if (! $user->id = insert_record("user", $user)) {
error("No such user!");
}
- unset($confirmeduser);
+ $confirmeduser = new object();
$confirmeduser->id = $confirmuser;
$confirmeduser->confirmed = 1;
$confirmeduser->timemodified = time();
exit;
} else if (!$user->deleted) {
- unset($updateuser);
+ $updateuser = new object();
$updateuser->id = $user->id;
$updateuser->deleted = "1";
$updateuser->username = "$user->email.".time(); // Remember it just in case
$columnicon = " <img src=\"$CFG->pixpath/t/$columnicon.gif\" alt=\"\" />";
}
- $$column = "<a href=\"user.php?sort=$column&dir=$columndir&search=$search&firstinitial=$firstinitial&lastinitial=$lastinitial\">".$string[$column]."</a>$columnicon";
+ $$column = "<a href=\"user.php?sort=$column&dir=$columndir&search=".urlencode(stripslashes($search))."&firstinitial=$firstinitial&lastinitial=$lastinitial\">".$string[$column]."</a>$columnicon";
}
if ($sort == "name") {
echo "</center>";
print_paging_bar($usercount, $page, $perpage,
- "user.php?sort=$sort&dir=$dir&perpage=$perpage&firstinitial=$firstinitial&lastinitial=$lastinitial&search=$search&");
+ "user.php?sort=$sort&dir=$dir&perpage=$perpage&firstinitial=$firstinitial&lastinitial=$lastinitial&search=".urlencode(stripslashes($search))."&");
flush();
if (!$users) {
$match = array();
- if ($search) {
- $match[] = $search;
+ if ($search !== '') {
+ $match[] = s($search);
}
if ($firstinitial) {
$match[] = get_string("firstname").": $firstinitial"."___";
echo "<table class=\"searchbox\" align=\"center\" cellpadding=\"10\"><tr><td>";
echo "<form action=\"user.php\" method=\"get\">";
- echo "<input type=\"text\" name=\"search\" value=\"$search\" size=\"20\" />";
+ echo "<input type=\"text\" name=\"search\" value=\"".s($search)."\" size=\"20\" />";
echo "<input type=\"submit\" value=\"$strsearch\" />";
if ($search) {
echo "<input type=\"button\" onclick=\"document.location='user.php';\" value=\"$strshowallusers\" />";
print_table($table);
print_paging_bar($usercount, $page, $perpage,
"user.php?sort=$sort&dir=$dir&perpage=$perpage".
- "&firstinitial=$firstinitial&lastinitial=$lastinitial&search=$search&");
+ "&firstinitial=$firstinitial&lastinitial=$lastinitial&search=".urlencode(stripslashes($search))."&");
print_heading("<a href=\"user.php?newuser=true&sesskey=$USER->sesskey\">".get_string("addnewuser")."</a>");
}
-<?php
+<?php //$Id$
///dummy field names are used to help adding and dropping indexes. There's only 1 case now, in scorm_scoes_track
require_once('../config.php');
- require_once($CFG->dirroot.'/lib/adminlib.php');
+ require_once($CFG->libdir.'/adminlib.php');
require_once($CFG->libdir.'/environmentlib.php');
require_login();
error ('unicode db migration has already been performed!');
}
- $migrate = optional_param('migrate');
- $confirm = optional_param('confirm');
+ $migrate = optional_param('migrate', 0, PARAM_BOOL);
+ $confirm = optional_param('confirm', 0, PARAM_BOOL);
$textlib = textlib_get_instance();
@ob_implicit_flush(true);
@ob_end_flush();
- $maxrecords = optional_param('maxrecords',0, PARAM_INT);
- $globallang = optional_param('globallang');
+ $maxrecords = optional_param('maxrecords', 0, PARAM_INT);
+ $globallang = optional_param('globallang', '', PARAM_FILE);
$processedrecords = 0;
$ignoretables = array(); //list of tables to ignore, optional
break;
- case 'PHP_FUNCTION'; //use the default php function to execute
+ case 'PHP_FUNCTION': //use the default php function to execute
if ($debug) {
$db->debug=999;
}
projects / moodle.git / commitdiff