From 429446611f1fe8739530fb78ef4fa501a57cb676 Mon Sep 17 00:00:00 2001 From: TOW Date: Wed, 3 Apr 2019 09:52:12 -0300 Subject: Bugfix: Crear miembro staff --- cgi/manage.py | 22 ++++++++++------------ cgi/templates/manage/staff.html | 4 ++-- 2 files changed, 12 insertions(+), 14 deletions(-) (limited to 'cgi') diff --git a/cgi/manage.py b/cgi/manage.py index 0badbd3..95a9010 100644 --- a/cgi/manage.py +++ b/cgi/manage.py @@ -178,31 +178,29 @@ def manage(self, path_split): action = 'edit/' + member['id'] try: - if self.formdata['username'] != '': + if self.formdata.get('user'): if self.formdata['rights'] in ['0', '1', '2', '3']: action_taken = True - if not ':' in self.formdata['username']: - UpdateDb("UPDATE `staff` SET `username` = '" + _mysql.escape_string(self.formdata['username']) + "', `rights` = " + self.formdata['rights'] + " WHERE `id` = " + member['id'] + " LIMIT 1") - message = _('Staff member updated.') - logAction(staff_account['username'], _('Updated staff account for %s') % self.formdata['username']) - else: - message = _('The character : can not be used in usernames.') + + UpdateDb("UPDATE `staff` SET `username` = '" + _mysql.escape_string(self.formdata['user']) + "', `rights` = " + self.formdata['rights'] + " WHERE `id` = " + member['id'] + " LIMIT 1") + message = _('Staff member updated.') + logAction(staff_account['username'], _('Updated staff account for %s') % self.formdata['user']) template_filename = "message.html" except: pass else: action = 'add' try: - if self.formdata['username'] != '' and self.formdata['password'] != '': - username_taken = FetchOne('SELECT * FROM `staff` WHERE `username` = \'' + _mysql.escape_string(self.formdata['username']) + '\' LIMIT 1') + if self.formdata.get('user') and self.formdata.get('pass'): + username_taken = FetchOne('SELECT * FROM `staff` WHERE `username` = \'' + _mysql.escape_string(self.formdata['user']) + '\' LIMIT 1') if not username_taken: if self.formdata['rights'] in ['0', '1', '2', '3']: action_taken = True - password = genPasswdHash(self.formdata['password']) + pass_hash = genPasswdHash(self.formdata['pass']) - InsertDb("INSERT INTO `staff` (`username`, `password`, `added`, `rights`) VALUES ('" + _mysql.escape_string(self.formdata['username']) + "', '" + _mysql.escape_string(password) + "', " + str(timestamp()) + ", " + self.formdata['rights'] + ")") + InsertDb("INSERT INTO `staff` (`username`, `password`, `added`, `rights`) VALUES ('" + _mysql.escape_string(self.formdata['user']) + "', '" + _mysql.escape_string(pass_hash) + "', " + str(timestamp()) + ", " + self.formdata['rights'] + ")") message = _('Staff member added.') - logAction(staff_account['username'], 'Added staff account for ' + self.formdata['username']) + logAction(staff_account['username'], 'Added staff account for ' + self.formdata['user']) template_filename = "message.html" else: diff --git a/cgi/templates/manage/staff.html b/cgi/templates/manage/staff.html index 787a843..b0d2e9e 100644 --- a/cgi/templates/manage/staff.html +++ b/cgi/templates/manage/staff.html @@ -33,12 +33,12 @@ - + - + -- cgit v1.2.1-18-gbd029
Nombre
ContraseƱa