aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLibravatar TOW 2019-04-03 09:52:12 -0300
committerLibravatar TOW 2019-04-03 09:52:12 -0300
commit429446611f1fe8739530fb78ef4fa501a57cb676 (patch)
tree00f7f62adf587f8b27ecdb8788c8fb23692dea05
parentaff11a70cb8e969801f2ea59505753d14abcd233 (diff)
downloadweabot-429446611f1fe8739530fb78ef4fa501a57cb676.tar.gz
weabot-429446611f1fe8739530fb78ef4fa501a57cb676.tar.xz
weabot-429446611f1fe8739530fb78ef4fa501a57cb676.zip
Bugfix: Crear miembro staff
-rw-r--r--cgi/manage.py22
-rw-r--r--cgi/templates/manage/staff.html4
2 files changed, 12 insertions, 14 deletions
diff --git a/cgi/manage.py b/cgi/manage.py
index 0badbd3..95a9010 100644
--- a/cgi/manage.py
+++ b/cgi/manage.py
@@ -178,31 +178,29 @@ def manage(self, path_split):
action = 'edit/' + member['id']
try:
- if self.formdata['username'] != '':
+ if self.formdata.get('user'):
if self.formdata['rights'] in ['0', '1', '2', '3']:
action_taken = True
- if not ':' in self.formdata['username']:
- UpdateDb("UPDATE `staff` SET `username` = '" + _mysql.escape_string(self.formdata['username']) + "', `rights` = " + self.formdata['rights'] + " WHERE `id` = " + member['id'] + " LIMIT 1")
- message = _('Staff member updated.')
- logAction(staff_account['username'], _('Updated staff account for %s') % self.formdata['username'])
- else:
- message = _('The character : can not be used in usernames.')
+
+ UpdateDb("UPDATE `staff` SET `username` = '" + _mysql.escape_string(self.formdata['user']) + "', `rights` = " + self.formdata['rights'] + " WHERE `id` = " + member['id'] + " LIMIT 1")
+ message = _('Staff member updated.')
+ logAction(staff_account['username'], _('Updated staff account for %s') % self.formdata['user'])
template_filename = "message.html"
except:
pass
else:
action = 'add'
try:
- if self.formdata['username'] != '' and self.formdata['password'] != '':
- username_taken = FetchOne('SELECT * FROM `staff` WHERE `username` = \'' + _mysql.escape_string(self.formdata['username']) + '\' LIMIT 1')
+ if self.formdata.get('user') and self.formdata.get('pass'):
+ username_taken = FetchOne('SELECT * FROM `staff` WHERE `username` = \'' + _mysql.escape_string(self.formdata['user']) + '\' LIMIT 1')
if not username_taken:
if self.formdata['rights'] in ['0', '1', '2', '3']:
action_taken = True
- password = genPasswdHash(self.formdata['password'])
+ pass_hash = genPasswdHash(self.formdata['pass'])
- InsertDb("INSERT INTO `staff` (`username`, `password`, `added`, `rights`) VALUES ('" + _mysql.escape_string(self.formdata['username']) + "', '" + _mysql.escape_string(password) + "', " + str(timestamp()) + ", " + self.formdata['rights'] + ")")
+ InsertDb("INSERT INTO `staff` (`username`, `password`, `added`, `rights`) VALUES ('" + _mysql.escape_string(self.formdata['user']) + "', '" + _mysql.escape_string(pass_hash) + "', " + str(timestamp()) + ", " + self.formdata['rights'] + ")")
message = _('Staff member added.')
- logAction(staff_account['username'], 'Added staff account for ' + self.formdata['username'])
+ logAction(staff_account['username'], 'Added staff account for ' + self.formdata['user'])
template_filename = "message.html"
else:
diff --git a/cgi/templates/manage/staff.html b/cgi/templates/manage/staff.html
index 787a843..b0d2e9e 100644
--- a/cgi/templates/manage/staff.html
+++ b/cgi/templates/manage/staff.html
@@ -33,12 +33,12 @@
<table>
<tr>
<td class="postblock">Nombre</td>
- <td><input type="text" name="username" value="${member_username}" style="width:100%;" /></td>
+ <td><input type="text" name="user" value="${member_username}" style="width:100%;" /></td>
</tr>
<?py if not member: ?>
<tr>
<td class="postblock">ContraseƱa</td>
- <td><input type="password" name="password" style="width:100%;"/></td>
+ <td><input type="password" name="pass" style="width:100%;"/></td>
</tr>
<?py #endif ?>
<tr>