From: moodler Date: Sun, 27 Apr 2003 14:50:03 +0000 (+0000) Subject: Don't process $usernew->username if it doesn't exist (prevents normal users from... X-Git-Url: http://git.mjollnir.org/gw?a=commitdiff_plain;h=dc2590e58725c79a1be839827403d5118c7d1ee4;p=moodle.git Don't process $usernew->username if it doesn't exist (prevents normal users from editing profile). --- diff --git a/user/edit.php b/user/edit.php index 53efbecf98..1e69a60fb9 100644 --- a/user/edit.php +++ b/user/edit.php @@ -1,8 +1,8 @@ id); + require_login($course->id); } if ($USER->id <> $user->id and !isadmin()) { @@ -42,9 +42,13 @@ /// If data submitted, then process and store. - if ($usernew = data_submitted()) { + if ($usernew = data_submitted()) { $usernew->firstname = strip_tags($usernew->firstname); $usernew->lastname = strip_tags($usernew->lastname); + if (isset($usernew->username)) { + $usernew->username = trim(moodle_strtolower($usernew->username)); + } + $usernew->username = trim(moodle_strtolower($usernew->username)); if (empty($_FILES['imagefile'])) { $_FILES['imagefile'] = NULL; // To avoid using uninitialised variable later @@ -58,7 +62,7 @@ $user = $usernew; } else { - $timenow = time(); + $timenow = time(); if ($filename = valid_uploaded_file($_FILES['imagefile'])) { $usernew->picture = save_user_image($user->id, $filename); @@ -90,14 +94,14 @@ foreach ($usernew as $variable => $value) { $USER->$variable = $value; } - redirect("view.php?id=$user->id&course=$course->id", get_string("changessaved")); + redirect("view.php?id=$user->id&course=$course->id", get_string("changessaved")); } else { - redirect("../admin/user.php", get_string("changessaved")); + redirect("../admin/user.php", get_string("changessaved")); } } else { error("Could not update the user record ($user->id)"); } - } + } } /// Otherwise fill and print the form. @@ -113,13 +117,13 @@ $userfullname = "$user->firstname $user->lastname"; } if ($course->category) { - print_header("$course->shortname: $streditmyprofile", "$course->fullname: $streditmyprofile", + print_header("$course->shortname: $streditmyprofile", "$course->fullname: $streditmyprofile", "wwwroot/course/view.php?id=$course->id\">$course->shortname -> id\">$strparticipants -> id&course=$course->id\">$userfullname -> $streditmyprofile", ""); } else { - print_header("$course->shortname: $streditmyprofile", "$course->fullname", + print_header("$course->shortname: $streditmyprofile", "$course->fullname", "id&course=$course->id\">$userfullname -> $streditmyprofile", ""); } @@ -128,7 +132,7 @@ $straddnewuser = get_string("addnewuser"); $stradministration = get_string("administration"); - print_header("$course->shortname: $streditmyprofile", "$course->fullname", + print_header("$course->shortname: $streditmyprofile", "$course->fullname", "wwwroot/admin\">$stradministration -> $straddnewuser", ""); } @@ -147,7 +151,7 @@ notify(get_string("someerrorswerefound")); echo ""; } - include("edit.html"); + include("edit.html"); print_simple_box_end(); print_footer($course);