1 files changed, 10 insertions, 12 deletions

diff --git a/cgi/manage.py b/cgi/manage.py
index 0badbd3..95a9010 100644
--- a/cgi/manage.py
+++ b/cgi/manage.py
@@ -178,31 +178,29 @@ def manage(self, path_split):
                   action = 'edit/' + member['id']
                   
                   try:
-                    if self.formdata['username'] != '':
+                    if self.formdata.get('user'):
                       if self.formdata['rights'] in ['0', '1', '2', '3']:
                         action_taken = True
-                        if not ':' in self.formdata['username']:
-                          UpdateDb("UPDATE `staff` SET `username` = '" + _mysql.escape_string(self.formdata['username']) + "', `rights` = " + self.formdata['rights'] + " WHERE `id` = " + member['id'] + " LIMIT 1")
-                          message = _('Staff member updated.')
-                          logAction(staff_account['username'], _('Updated staff account for %s') % self.formdata['username'])
-                        else:
-                          message = _('The character : can not be used in usernames.')
+                        
+                        UpdateDb("UPDATE `staff` SET `username` = '" + _mysql.escape_string(self.formdata['user']) + "', `rights` = " + self.formdata['rights'] + " WHERE `id` = " + member['id'] + " LIMIT 1")
+                        message = _('Staff member updated.')
+                        logAction(staff_account['username'], _('Updated staff account for %s') % self.formdata['user'])
                         template_filename = "message.html"
                   except:
                     pass
             else:
               action = 'add'
               try:
-                if self.formdata['username'] != '' and self.formdata['password'] != '':
-                  username_taken = FetchOne('SELECT * FROM `staff` WHERE `username` = \'' + _mysql.escape_string(self.formdata['username']) + '\' LIMIT 1')
+                if self.formdata.get('user') and self.formdata.get('pass'):
+                  username_taken = FetchOne('SELECT * FROM `staff` WHERE `username` = \'' + _mysql.escape_string(self.formdata['user']) + '\' LIMIT 1')
                   if not username_taken:
                     if self.formdata['rights'] in ['0', '1', '2', '3']:
                       action_taken = True
-                      password = genPasswdHash(self.formdata['password'])
+                      pass_hash = genPasswdHash(self.formdata['pass'])
 
-                      InsertDb("INSERT INTO `staff` (`username`, `password`, `added`, `rights`) VALUES ('" + _mysql.escape_string(self.formdata['username']) + "', '" + _mysql.escape_string(password) + "', " + str(timestamp()) + ", " + self.formdata['rights'] + ")")
+                      InsertDb("INSERT INTO `staff` (`username`, `password`, `added`, `rights`) VALUES ('" + _mysql.escape_string(self.formdata['user']) + "', '" + _mysql.escape_string(pass_hash) + "', " + str(timestamp()) + ", " + self.formdata['rights'] + ")")
                       message = _('Staff member added.')
-                      logAction(staff_account['username'], 'Added staff account for ' + self.formdata['username'])
+                      logAction(staff_account['username'], 'Added staff account for ' + self.formdata['user'])
                       
                       template_filename = "message.html"
                   else: