$userdata .= "<font size=+1> </font><a href=\"$CFG->wwwroot/$CFG->admin/user.php?newuser=true\">".
get_string("addnewuser")."</a> - <font size=\"1\">".
get_string("adminhelpaddnewuser")."</font><br />";
- $userdata .= "<font size=+1> </font><a href=\"$CFG->wwwroot/$CFG->admin/uploaduser.php\">".
+ $userdata .= "<font size=+1> </font><a href=\"$CFG->wwwroot/$CFG->admin/uploaduser.php?sesskey=$USER->sesskey\">".
get_string("uploadusers")."</a> - <font size=\"1\">".
get_string("adminhelpuploadusers")."</font><br />";
-<?PHP // $Id$
+<?php // $Id$
/// Bulk user registration script from a comma separated file
/// Returns list of users with their user ids
error("Could not find site-level course");
}
+ if (!confirm_sesskey()) {
+ error(get_string('confirmsesskeybad', 'error'));
+ }
+
if (!$adminuser = get_admin()) {
error("Could not find site admin");
}
foreach ($header as $i => $h) {
$h = trim($h); $header[$i] = $h; // remove whitespace
if (!($required[$h] or $optionalDefaults[$h] or $optional[$h])) {
- error(get_string('invalidfieldname', 'error', $h), 'uploaduser.php');
+ error(get_string('invalidfieldname', 'error', $h), 'uploaduser.php?sesskey='.$USER->sesskey);
}
if ($required[$h]) {
$required[$h] = 2;
// check for required fields
foreach ($required as $key => $value) {
if ($value < 2) {
- error(get_string('fieldrequired', 'error', $key), 'uploaduser.php');
+ error(get_string('fieldrequired', 'error', $key), 'uploaduser.php?sesskey='.$USER->sesskey);
}
}
$linenum = 2; // since header is line 1
if ($required[$name] and !$value) {
error(get_string('missingfield', 'error', $name). " ".
get_string('erroronline', 'error', $linenum),
- 'uploaduser.php');
+ 'uploaduser.php?sesskey='.$USER->sesskey);
}
// password needs to be encrypted
else if ($name == "password") {
echo '<center>';
echo '<form method="post" enctype="multipart/form-data" action="uploaduser.php">'.
$strchoose.':<input type="hidden" name="MAX_FILE_SIZE" value="'.$maxuploadsize.'">'.
+ '<input type="hidden" name="sesskey" value="'.$USER->sesskey.'">'.
'<input type="file" name="userfile" size="30">'.
'<input type="submit" value="'.$struploadusers.'">'.
'</form></br>';
-<?PHP // $Id$
+<?php // $Id$
require_once("../config.php");
if (is_internal_auth()) {
$table->data[] = array("<b><a href=\"$CFG->wwwroot/$CFG->admin/user.php?newuser=true\">".get_string("addnewuser")."</a></b>",
get_string("adminhelpaddnewuser"));
- $table->data[] = array("<b><a href=\"$CFG->wwwroot/$CFG->admin/uploaduser.php\">".get_string("uploadusers")."</a></b>",
+ $table->data[] = array("<b><a href=\"$CFG->wwwroot/$CFG->admin/uploaduser.php?sesskey=$USER->sesskey\">".get_string("uploadusers")."</a></b>",
get_string("adminhelpuploadusers"));
}
$table->data[] = array('', '<hr />');
projects / moodle.git / commitdiff