diff options
-rw-r--r-- | cgi/manage.py | 22 | ||||
-rw-r--r-- | cgi/templates/manage/staff.html | 4 |
2 files changed, 12 insertions, 14 deletions
diff --git a/cgi/manage.py b/cgi/manage.py index 0badbd3..95a9010 100644 --- a/cgi/manage.py +++ b/cgi/manage.py @@ -178,31 +178,29 @@ def manage(self, path_split): action = 'edit/' + member['id'] try: - if self.formdata['username'] != '': + if self.formdata.get('user'): if self.formdata['rights'] in ['0', '1', '2', '3']: action_taken = True - if not ':' in self.formdata['username']: - UpdateDb("UPDATE `staff` SET `username` = '" + _mysql.escape_string(self.formdata['username']) + "', `rights` = " + self.formdata['rights'] + " WHERE `id` = " + member['id'] + " LIMIT 1") - message = _('Staff member updated.') - logAction(staff_account['username'], _('Updated staff account for %s') % self.formdata['username']) - else: - message = _('The character : can not be used in usernames.') + + UpdateDb("UPDATE `staff` SET `username` = '" + _mysql.escape_string(self.formdata['user']) + "', `rights` = " + self.formdata['rights'] + " WHERE `id` = " + member['id'] + " LIMIT 1") + message = _('Staff member updated.') + logAction(staff_account['username'], _('Updated staff account for %s') % self.formdata['user']) template_filename = "message.html" except: pass else: action = 'add' try: - if self.formdata['username'] != '' and self.formdata['password'] != '': - username_taken = FetchOne('SELECT * FROM `staff` WHERE `username` = \'' + _mysql.escape_string(self.formdata['username']) + '\' LIMIT 1') + if self.formdata.get('user') and self.formdata.get('pass'): + username_taken = FetchOne('SELECT * FROM `staff` WHERE `username` = \'' + _mysql.escape_string(self.formdata['user']) + '\' LIMIT 1') if not username_taken: if self.formdata['rights'] in ['0', '1', '2', '3']: action_taken = True - password = genPasswdHash(self.formdata['password']) + pass_hash = genPasswdHash(self.formdata['pass']) - InsertDb("INSERT INTO `staff` (`username`, `password`, `added`, `rights`) VALUES ('" + _mysql.escape_string(self.formdata['username']) + "', '" + _mysql.escape_string(password) + "', " + str(timestamp()) + ", " + self.formdata['rights'] + ")") + InsertDb("INSERT INTO `staff` (`username`, `password`, `added`, `rights`) VALUES ('" + _mysql.escape_string(self.formdata['user']) + "', '" + _mysql.escape_string(pass_hash) + "', " + str(timestamp()) + ", " + self.formdata['rights'] + ")") message = _('Staff member added.') - logAction(staff_account['username'], 'Added staff account for ' + self.formdata['username']) + logAction(staff_account['username'], 'Added staff account for ' + self.formdata['user']) template_filename = "message.html" else: diff --git a/cgi/templates/manage/staff.html b/cgi/templates/manage/staff.html index 787a843..b0d2e9e 100644 --- a/cgi/templates/manage/staff.html +++ b/cgi/templates/manage/staff.html @@ -33,12 +33,12 @@ <table> <tr> <td class="postblock">Nombre</td> - <td><input type="text" name="username" value="${member_username}" style="width:100%;" /></td> + <td><input type="text" name="user" value="${member_username}" style="width:100%;" /></td> </tr> <?py if not member: ?> <tr> <td class="postblock">ContraseƱa</td> - <td><input type="password" name="password" style="width:100%;"/></td> + <td><input type="password" name="pass" style="width:100%;"/></td> </tr> <?py #endif ?> <tr> |